From 7d30101dd3f4b6e1191e37ea6a81c1c33fa535de Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 13:57:55 +0100 Subject: Revert "ma hw/stk1160: rip" This reverts commit 1cbc2e5aa359e7e9b4b32c9ef75902576347a6d0. --- makefu/1systems/x/config.nix | 6 ++---- makefu/2configs/hw/stk1160.nix | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 makefu/2configs/hw/stk1160.nix (limited to 'makefu') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 3686acb6e..a32db91e1 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -61,7 +61,7 @@ with import ; - # + # # Filesystem @@ -86,6 +86,7 @@ with import ; nixpkgs.config.allowUnfree = true; + environment.systemPackages = [ pkgs.passwdqc-utils ]; # configure pulseAudio to provide a HDMI sink as well @@ -103,7 +104,4 @@ with import ; ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; - - nix.package = pkgs.nixUnstable; - environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; } diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix new file mode 100644 index 000000000..b3a9e1a5a --- /dev/null +++ b/makefu/2configs/hw/stk1160.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + # TODO: un-pin linuxPackages somehow + boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages; + nixpkgs.config.packageOverrides = pkgs: { + linux_4_9 = pkgs.linux_4_9.override { + extraConfig = '' + MEDIA_ANALOG_TV_SUPPORT y + VIDEO_STK1160_COMMON m + VIDEO_STK1160_AC97 y + VIDEO_STK1160 m + ''; + }; + }; +} -- cgit v1.2.3 From a645fb4b9acd5103bcb1b33ada8ba93f120834fa Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 14:15:02 +0100 Subject: ma photostore.krebsco.de: enable ssl --- makefu/2configs/deployment/photostore.krebsco.de.nix | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix index 9e16a384a..ecbca9ea3 100644 --- a/makefu/2configs/deployment/photostore.krebsco.de.nix +++ b/makefu/2configs/deployment/photostore.krebsco.de.nix @@ -26,14 +26,16 @@ in { services.nginx = { enable = mkDefault true; virtualHosts."photostore.krebsco.de" = { - locations = { - "/".extraConfig = '' - uwsgi_pass unix://${wsgi-sock}; - uwsgi_param UWSGI_CHDIR ${workdir}; - uwsgi_param UWSGI_MODULE cuserver.main; - uwsgi_param UWSGI_CALLABLE app; - include ${pkgs.nginx}/conf/uwsgi_params; - ''; + enableACME = true; + forceSSL = true; + locations = { + "/".extraConfig = '' + uwsgi_pass unix://${wsgi-sock}; + uwsgi_param UWSGI_CHDIR ${workdir}; + uwsgi_param UWSGI_MODULE cuserver.main; + uwsgi_param UWSGI_CALLABLE app; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; }; }; }; -- cgit v1.2.3 From 0c8071080121deb593be0899bc20ec3eb3169688 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 14:15:48 +0100 Subject: ma gum.r: add vpn pubkeys for work router --- makefu/1systems/gum/config.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'makefu') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index f473d9e4c..a656fdce3 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -109,6 +109,8 @@ in { #} { # wireguard server + # opkg install wireguard luci-proto-wireguard + # TODO: networking.nat # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; @@ -136,9 +138,23 @@ in { allowedIPs = [ "10.244.0.3/32" ]; publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } ]; }; } + { # iperf3 + networking.firewall.allowedUDPPorts = [ 5201 ]; + networking.firewall.allowedTCPPorts = [ 5201 ]; + } ]; makefu.dl-dir = "/var/download"; -- cgit v1.2.3 From 79ac162a9e967993252d910f5a6bb74c810fd0a1 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 14:16:11 +0100 Subject: ma hw/stk1160: bump linux kernel --- makefu/2configs/hw/stk1160.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix index b3a9e1a5a..bdd146365 100644 --- a/makefu/2configs/hw/stk1160.nix +++ b/makefu/2configs/hw/stk1160.nix @@ -1,9 +1,8 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: { # TODO: un-pin linuxPackages somehow - boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages; nixpkgs.config.packageOverrides = pkgs: { - linux_4_9 = pkgs.linux_4_9.override { + linux_4_14 = pkgs.linux_4_14.override { extraConfig = '' MEDIA_ANALOG_TV_SUPPORT y VIDEO_STK1160_COMMON m -- cgit v1.2.3 From 1f8ad80695e93687999b8151ddd2e7f2c40b085b Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 15:12:37 +0100 Subject: ma cgit: disable irc hook --- makefu/2configs/git/cgit-retiolum.nix | 9 --------- 1 file changed, 9 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index da246f66a..eacbd99cf 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -53,15 +53,6 @@ let make-krebs-repo = with git; name: { cgit ? {}, ... }: { inherit cgit name; public = true; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - nick = config.networking.hostName; - verbose = config.krebs.build.host.name == "gum"; - channel = "#xxx"; - # TODO remove the hardcoded hostname - server = "irc.r"; - }; - }; }; -- cgit v1.2.3 From 32c800ec3fc508c6c8d025a31c9b922d9fdbe04d Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 15:19:26 +0100 Subject: ma hw/stk1160: fix invalid kernel option --- makefu/2configs/hw/stk1160.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix index bdd146365..4ac639a25 100644 --- a/makefu/2configs/hw/stk1160.nix +++ b/makefu/2configs/hw/stk1160.nix @@ -6,7 +6,6 @@ extraConfig = '' MEDIA_ANALOG_TV_SUPPORT y VIDEO_STK1160_COMMON m - VIDEO_STK1160_AC97 y VIDEO_STK1160 m ''; }; -- cgit v1.2.3 From 3ba905f2b0cff91cdeaa46c3eaed34d4bfc01215 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 29 Jan 2018 14:45:26 +0100 Subject: ma wbob-kiosk: provide chromium --- makefu/2configs/gui/wbob-kiosk.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix index 4b7a0c333..7db749227 100644 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -1,11 +1,13 @@ -{ lib, ... }: +{ pkgs, lib, ... }: { imports = [ ./base.nix ]; + users.users.makefu.packages = [ pkgs.chromium ]; services.xserver = { layout = lib.mkForce "de"; + xkbVariant = lib.mkForce ""; windowManager = lib.mkForce { awesome.enable = false; @@ -16,7 +18,7 @@ # xrandrHeads = [ "HDMI1" "HDMI2" ]; # prevent screen from turning off, disable dpms displayManager.sessionCommands = '' - xset s off -dpms + xset -display :0 s off -dpms xrandr --output HDMI2 --right-of HDMI1 ''; }; -- cgit v1.2.3 From 71397b0aa5f27b0b6dbe22101287f60b237e32f0 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 29 Jan 2018 14:47:00 +0100 Subject: ma wbob.r: enable mpd via bluetooth --- makefu/1systems/wbob/config.nix | 126 ++++++++++++++++++++-------------------- 1 file changed, 62 insertions(+), 64 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index f44211b93..6434ba273 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -18,7 +18,7 @@ in { - # + @@ -31,6 +31,63 @@ in { # Services + (let + musicDirectory = "/data/music"; + in { + services.mpd = { + enable = true; + inherit musicDirectory; + # dataDir = "/home/anders/.mpd"; + network.listenAddress = "any"; + extraConfig = '' + audio_output { + type "pulse" + name "Local MPD" + server "127.0.0.1" + } + ''; + }; + # open because of truestedInterfaces + # networking.firewall.allowedTCPPorts = [ 6600 4713 ]; + services.samba.shares.music = { + path = musicDirectory; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + + sound.enable = true; + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + # systemWide = true; + support32Bit = true; + zeroconf.discovery.enable = true; + zeroconf.publish.enable = true; + tcp = { + enable = true; + anonymousClients.allowAll = true; + anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ]; + }; + configFile = pkgs.writeText "default.pa" '' + load-module module-udev-detect + load-module module-bluetooth-policy + load-module module-bluetooth-discover + load-module module-native-protocol-unix + load-module module-always-sink + load-module module-console-kit + load-module module-systemd-login + load-module module-intended-roles + load-module module-position-event-sounds + load-module module-filter-heuristics + load-module module-filter-apply + load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 + load-module module-switch-on-connect + ''; + }; + # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + hardware.bluetooth.enable = true; + }) # Sensors @@ -147,7 +204,10 @@ in { boot.loader.grub.device = rootdisk; hardware.cpu.intel.updateMicrocode = true; boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; + + boot.kernelModules = [ "kvm-intel" + "snd-seq" "snd-rawmidi" + ]; fileSystems = { "/" = { device = rootdisk + "-part1"; @@ -174,66 +234,4 @@ in { serverAddress = "x.r"; }; }; - security.wrappers.fping = { - source = "${pkgs.fping}/bin/fping"; - setuid = true; - }; - services.smokeping = { - enable = true; - targetConfig = '' - probe = FPing - menu = Top - title = Network Latency Grapher - remark = Welcome to this SmokePing website. - - + network - menu = Net latency - title = Network latency (ICMP pings) - - ++ google - probe = FPing - host = google.de - ++ webde - probe = FPing - host = web.de - - + services - menu = Service latency - title = Service latency (DNS, HTTP) - - ++ HTTP - menu = HTTP latency - title = Service latency (HTTP) - - +++ webdeping - probe = EchoPingHttp - host = web.de - - +++ googwebping - probe = EchoPingHttp - host = google.de - - #+++ webwww - #probe = Curl - #host = web.de - - #+++ googwebwww - #probe = Curl - #host = google.de - ''; - probeConfig = '' - + FPing - binary = /run/wrappers/bin/fping - + EchoPingHttp - pings = 5 - url = / - - #+ Curl - ## probe-specific variables - #binary = ${pkgs.curl}/bin/curl - #step = 60 - ## a default for this target-specific variable - #urlformat = http://%host%/ - ''; - }; } -- cgit v1.2.3 From b31a37799eff274215d4cd9d435a9c16d496a88c Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 30 Jan 2018 08:11:00 +0100 Subject: ma pkgs.pfsshell: init --- makefu/5pkgs/pfsshell/default.nix | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 makefu/5pkgs/pfsshell/default.nix (limited to 'makefu') diff --git a/makefu/5pkgs/pfsshell/default.nix b/makefu/5pkgs/pfsshell/default.nix new file mode 100644 index 000000000..fc6b37069 --- /dev/null +++ b/makefu/5pkgs/pfsshell/default.nix @@ -0,0 +1,27 @@ +{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }: +stdenv.mkDerivation rec { + pname = "pfsshell"; + version = "64f8c2"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "makefu"; + repo = "pfsshell"; + rev = version; + sha256 = "01lbqf8s91p8id58xa16fp555i03vfycqvhv7qzpnrjy6yvp9dm8"; + }; + + buildInputs = [ ]; + + makeFlags = [ ]; + + installPhase = '' + mkdir -p $out/bin + cp pfsshell $out/bin + ''; + + meta = { + homepage = https://github.com/uyjulian/pfsshell ; + description = "browse and transfer files to/from PFS filesystems"; + }; +} -- cgit v1.2.3 From ef3a0dcff538c850c25b46165ed70c899873bece Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 6 Feb 2018 11:55:12 +0100 Subject: ma wvdial: rip --- makefu/1systems/x/config.nix | 3 +- makefu/2configs/hw/network-manager.nix | 37 ++++++++++++++++++ makefu/2configs/hw/wwan.nix | 8 ---- makefu/3modules/wvdial.nix | 71 ---------------------------------- 4 files changed, 39 insertions(+), 80 deletions(-) create mode 100644 makefu/2configs/hw/network-manager.nix delete mode 100644 makefu/2configs/hw/wwan.nix delete mode 100644 makefu/3modules/wvdial.nix (limited to 'makefu') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index a32db91e1..f3a1d488c 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -59,8 +59,9 @@ with import ; # Hardware + # - + # diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix new file mode 100644 index 000000000..7e29849b1 --- /dev/null +++ b/makefu/2configs/hw/network-manager.nix @@ -0,0 +1,37 @@ +{ pkgs, lib, ... }: +{ + users.users.makefu = { + extraGroups = [ "networkmanager" ]; + packages = with pkgs;[ + networkmanagerapplet + gnome3.gnome_keyring gnome3.dconf + ]; + }; + networking.wireless.enable = lib.mkForce false; + + systemd.services.modemmanager = { + description = "ModemManager"; + after = [ "network-manager.service" ]; + bindsTo = [ "network-manager.service" ]; + wantedBy = [ "network-manager.service" ]; + serviceConfig = { + ExecStart = "${pkgs.modemmanager}/bin/ModemManager"; + PrivateTmp = true; + Restart = "always"; + RestartSec = "5"; + }; + }; + networking.networkmanager.enable = true; + + # TODO: put somewhere else + services.xserver.displayManager.sessionCommands = '' + ${pkgs.clipit}/bin/clipit & + ${pkgs.networkmanagerapplet}/bin/nm-applet & + ''; + +# nixOSUnstable +# networking.networkmanager.wifi = { +# powersave = true; +# scanRandMacAddress = true; +# }; +} diff --git a/makefu/2configs/hw/wwan.nix b/makefu/2configs/hw/wwan.nix deleted file mode 100644 index 0eb0c97d7..000000000 --- a/makefu/2configs/hw/wwan.nix +++ /dev/null @@ -1,8 +0,0 @@ -_: - -{ - makefu.umts = { - enable = true; - modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01"; - }; -} diff --git a/makefu/3modules/wvdial.nix b/makefu/3modules/wvdial.nix deleted file mode 100644 index 1ed929ed4..000000000 --- a/makefu/3modules/wvdial.nix +++ /dev/null @@ -1,71 +0,0 @@ -# Global configuration for wvdial. - -{ config, lib, pkgs, ... }: - -with lib; - -let - - configFile = '' - [Dialer Defaults] - PPPD PATH = ${pkgs.ppp}/sbin/pppd - ${config.environment.wvdial.dialerDefaults} - ''; - - cfg = config.environment.wvdial; - -in -{ - ###### interface - - options = { - - environment.wvdial = { - - dialerDefaults = mkOption { - default = ""; - type = types.str; - example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"''; - description = '' - Contents of the "Dialer Defaults" section of - /etc/wvdial.conf. - ''; - }; - - pppDefaults = mkOption { - default = '' - noipdefault - usepeerdns - defaultroute - persist - noauth - ''; - type = types.str; - description = "Default ppp settings for wvdial."; - }; - - }; - - }; - - ###### implementation - - config = mkIf (cfg.dialerDefaults != "") { - - environment = { - - etc = - [ - { source = pkgs.writeText "wvdial.conf" configFile; - target = "wvdial.conf"; - } - { source = pkgs.writeText "wvdial" cfg.pppDefaults; - target = "ppp/peers/wvdial"; - } - ]; - - }; - - }; - -} -- cgit v1.2.3 From 72f440fdb567b8000ec72aefa6d3e74734c11c9e Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 6 Feb 2018 11:56:36 +0100 Subject: ma omo.r: init google-muell --- makefu/1systems/omo/config.nix | 3 ++- makefu/2configs/deployment/google-muell.nix | 34 +++++++++++++++++++++++++++++ makefu/2configs/deployment/led-fader.nix | 20 +---------------- makefu/5pkgs/ampel/default.nix | 27 +++++++++++++++++++++++ 4 files changed, 64 insertions(+), 20 deletions(-) create mode 100644 makefu/2configs/deployment/google-muell.nix create mode 100644 makefu/5pkgs/ampel/default.nix (limited to 'makefu') diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index ce3ffbcf3..1e087fef4 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -19,7 +19,7 @@ let # __FRONT_ # |* d0 | # | | - # |* d3 | + # |* d1 | # | | # |* d3 | # | | @@ -68,6 +68,7 @@ in { + # security diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix new file mode 100644 index 000000000..f23789ee5 --- /dev/null +++ b/makefu/2configs/deployment/google-muell.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, buildPythonPackage, ... }: +with import ; +let + pkg = pkgs.ampel; + home = "/var/lib/ampel"; + sec = "${toString }/google-muell.json"; + ampelsec = "${home}/google-muell.json"; + esp = "192.168.1.23"; + sleepval = "1800"; +in { + users.users.ampel = { + uid = genid "ampel"; + createHome = true; + isSystemUser = true; + inherit home; + }; + systemd.services.google-muell-ampel = { + description = "Send led change to rgb cubes"; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "ampel"; + ExecStartPre = pkgs.writeDash "copy-ampel-secrets" '' + cp ${sec} ${ampelsec} + chown ampel ${ampelsec} + ''; + ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}"; + PermissionsStartOnly = true; + Restart = "always"; + RestartSec = 10; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index 292b6679d..d34b66125 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -2,25 +2,7 @@ let mq = "192.168.8.11"; - - pkg = pkgs.python3Packages.buildPythonPackage { - name = "ampel-master"; - - src = pkgs.fetchgit { - url = "http://cgit.euer.krebsco.de/ampel"; - rev = "531741b"; - sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c"; - }; - propagatedBuildInputs = with pkgs.python3Packages; [ - docopt - paho-mqtt - requests - pytz - influxdb - httplib2 - google_api_python_client - ]; - }; + pkg = pkgs.ampel; in { systemd.services.led-fader = { description = "Send led change to message queue"; diff --git a/makefu/5pkgs/ampel/default.nix b/makefu/5pkgs/ampel/default.nix new file mode 100644 index 000000000..86518b9b8 --- /dev/null +++ b/makefu/5pkgs/ampel/default.nix @@ -0,0 +1,27 @@ +{ lib, pkgs, fetchFromGitHub, ... }: + +with pkgs.python3Packages;buildPythonPackage rec { + name = "ampel-${version}"; + version = "0.2"; + + propagatedBuildInputs = [ + docopt + paho-mqtt + requests + pytz + influxdb + httplib2 + google_api_python_client + ]; + + src = pkgs.fetchgit { + url = "http://cgit.euer.krebsco.de/ampel"; + rev = "d8a0250"; + sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f"; + }; + meta = { + homepage = http://cgit.euer.krebsco.de/ampel; + description = "change colors of rgb cubes"; + license = lib.licenses.asl20; + }; +} -- cgit v1.2.3 From 083941f7dba4347084779b65cefa9b8cc9713939 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 6 Feb 2018 11:57:58 +0100 Subject: ma gui/base: set packages only for mainuser --- makefu/2configs/gui/base.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index daa0282b8..861a9327e 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -48,13 +48,14 @@ in fonts = [ pkgs.terminus_font ]; }; - environment.systemPackages = with pkgs;[ - pavucontrol - xlockmore - rxvt_unicode-with-plugins - firefox - ]; - users.extraUsers.${mainUser}.extraGroups = [ "audio" ]; + users.users.${mainUser} = { + extraGroups = [ "audio" ]; + packages = with pkgs;[ + pavucontrol + xlockmore + rxvt_unicode-with-plugins + ]; + }; hardware.pulseaudio = { enable = true; -- cgit v1.2.3 From c1b2f919572a485cafdc56af5d9e3240ac74469c Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 6 Feb 2018 11:59:08 +0100 Subject: ma x.r: disable makefu.umts, cleanup --- makefu/1systems/x/config.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index f3a1d488c..d5a9bdcfb 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -83,13 +83,9 @@ with import ; makefu.server.primary-itf = "wlp3s0"; makefu.full-populate = true; - makefu.umts.apn = "web.vodafone.de"; nixpkgs.config.allowUnfree = true; - environment.systemPackages = [ pkgs.passwdqc-utils ]; - - # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ]; @@ -101,8 +97,15 @@ with import ; krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; networking.extraHosts = '' - 192.168.1.11 omo.local + 192.168.1.11 omo.local ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; + + nix.package = pkgs.nixUnstable; + environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; + nixpkgs.overlays = [ (import ) ]; + + # environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; }; + } -- cgit v1.2.3 From 4dfb5faaab57a69a5940e97feb4c8ed488d931f4 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 6 Feb 2018 12:39:44 +0100 Subject: ma 3/umts: rip --- makefu/3modules/default.nix | 2 -- makefu/3modules/umts.nix | 84 --------------------------------------------- 2 files changed, 86 deletions(-) delete mode 100644 makefu/3modules/umts.nix (limited to 'makefu') diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index af0e81df5..fa4eb827c 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -14,8 +14,6 @@ _: ./snapraid.nix ./torrent.nix ./udpt.nix - ./umts.nix - ./wvdial.nix ]; } diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix deleted file mode 100644 index 86669945a..000000000 --- a/makefu/3modules/umts.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -let - nixpkgs-1509 = import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs-channels"; - rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; - sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; - }) {}; - - wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113 - - # TODO: currently it is only netzclub - umts-bin = pkgs.writeScriptBin "umts" '' - #!/bin/sh - set -euf - systemctl start umts - trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT - echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf - journalctl -xfu umts - ''; - - wvdial-defaults = '' - Phone = *99***1# - Dial Command = ATDT - Modem = ${cfg.modem-device} - Baud = 460800 - Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0 - Init2 = ATZ - Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 - ISDN = 0 - Modem Type = Analog Modem - Username = netzclub - Password = netzclub - Stupid Mode = 1 - Idle Seconds = 0''; - - cfg = config.makefu.umts; - - out = { - options.makefu.umts = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "umts"; - - modem-device = mkOption { - default = "/dev/ttyUSB0"; - type = types.str; - description = '' - path to modem device, use /dev/serial/by-id/... - to avoid race conditions. - ''; - }; - apn = mkOption { - default = "pinternet.interkom.de"; - type = types.str; - description = '' - apn to use for dailing - ''; - }; - }; - - imp = { - environment.shellAliases = { - umts = "sudo ${umts-bin}/bin/umts"; - }; - environment.systemPackages = [ ]; - - environment.wvdial.dialerDefaults = wvdial-defaults; - - systemd.services.umts = { - description = "UMTS wvdial Service"; - serviceConfig = { - Type = "simple"; - Restart = "always"; - RestartSec = "10s"; - ExecStart = "${wvdial}/bin/wvdial -n"; - }; - }; - }; -in out -- cgit v1.2.3 From e7418fbdf1bdddeeabe123c04bbd858fc70fe031 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 6 Feb 2018 13:20:53 +0100 Subject: ma source: bump to 2018-02-06 --- makefu/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/source.nix b/makefu/source.nix index c22c82f32..f06c9454f 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,7 +13,7 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "0f19bee"; # nixos-17.09 @ 2018-01-05 + ref = "cd36b3d"; # nixos-17.09 @ 2018-02-06 # + do_sqlite3 ruby: 55a952be5b5 # + signal: 0f19beef3 -- cgit v1.2.3 From 397a1c89319cce2c0f37ef5eb308e40954727108 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:32:22 +0100 Subject: ma {vbob,sdev}.r: disable vbox guest extensions for now --- makefu/1systems/sdev/config.nix | 6 ++++-- makefu/1systems/vbob/config.nix | 6 +++++- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 38c044be4..3e9548aa1 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -6,7 +6,9 @@ [ # Include the results of the hardware scan. (toString ) - (toString ) + { ## Guest Extensions are currently broken + # virtualisation.virtualbox.guest.enable = true; + } # @@ -50,7 +52,7 @@ fileSystems."/media/share" = { fsType = "vboxsf"; device = "share"; - options = [ "rw" "uid=9001" "gid=9001" ]; + options = [ "rw" "uid=9001" "gid=9001" "nofail" ]; }; } diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index ffd9deaee..24d42a69b 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -8,8 +8,12 @@ { imports = [ ]; boot.loader.grub.device = "/dev/sda"; - virtualisation.virtualbox.guest.enable = true; } + + { ## Virtualbox guest is broken on newer kernel + # virtualisation.virtualbox.guest.enable = true; + } + # { # imports = [ # -- cgit v1.2.3 From ac824ebe74912dc8cc3224a10f0d10973f6449c5 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:33:29 +0100 Subject: ma gum.r: add workr --- makefu/1systems/gum/config.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'makefu') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index a656fdce3..b859efc94 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -148,6 +148,11 @@ in { allowedIPs = [ "10.244.0.5/32" ]; publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; } + { + # workr + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } ]; }; } -- cgit v1.2.3 From f2eedeff52caa97245db1e47d2e2413d1c991d09 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:33:51 +0100 Subject: ma omo.r: add cryptDisk3 --- makefu/1systems/omo/config.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 1e087fef4..4e0d2a05f 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -25,16 +25,18 @@ let # | | # |* | # |* d2 | - # | * r0 | + # | * | + # | * | # |_______| cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; + cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4"; # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; # all physical disks # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } - dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ]; + dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ]; allDisks = [ rootDisk ] ++ dataDisks; in { imports = @@ -127,6 +129,7 @@ in { makefu.snapraid = { enable = true; + # TODO: 3 is not protected disks = map toMapper [ 0 1 ]; parity = toMapper 2; }; @@ -139,7 +142,7 @@ in { ''; environment.systemPackages = with pkgs;[ mergerfs # hard requirement for mount - wol # wake up filepimp + wol # wake up filepimp f3 ]; fileSystems = let @@ -151,6 +154,7 @@ in { in cryptMount "crypt0" // cryptMount "crypt1" // cryptMount "crypt2" + // cryptMount "crypt3" // { "/media/cryptX" = { device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]); fsType = "mergerfs"; @@ -179,6 +183,7 @@ in { (usbkey "crypt0" cryptDisk0) (usbkey "crypt1" cryptDisk1) (usbkey "crypt2" cryptDisk2) + (usbkey "crypt3" cryptDisk3) ]; }; loader.grub.device = lib.mkForce rootDisk; -- cgit v1.2.3 From ed60f4e68c5d0422dcf702d35a3be9d9ef2503bf Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:34:17 +0100 Subject: ma tools/mobility: re-introduce working exfat-nofuse --- makefu/2configs/tools/mobility.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index f2676f11c..1993a5212 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -5,5 +5,5 @@ mosh ]; - # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } -- cgit v1.2.3 From 43c2a68a956a9630d0f1841310934065b429ecfd Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:34:40 +0100 Subject: ma tools/studio: remove latency_msec --- makefu/2configs/tools/studio.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/tools/studio.nix b/makefu/2configs/tools/studio.nix index 0356ba391..e0c68167f 100644 --- a/makefu/2configs/tools/studio.nix +++ b/makefu/2configs/tools/studio.nix @@ -9,8 +9,8 @@ # owncloudclient (pkgs.writeScriptBin "prepare-pulseaudio" '' pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming" - pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream latency_msec=1 - pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream latency_msec=1 + pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream + pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream darkice -c ~/lol.conf '') ]; -- cgit v1.2.3 From b02b939e7ce78a7d66844a751551f7b0a56532d3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:35:06 +0100 Subject: ma source: cd36b3d -> 51810e0 --- makefu/source.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/source.nix b/makefu/source.nix index f06c9454f..708f0d20c 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,7 +13,8 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "cd36b3d"; # nixos-17.09 @ 2018-02-06 + # TODO: automate updating of this ref + cherry-picks + ref = "51810e0"; # nixos-17.09 @ 2018-02-14 # + do_sqlite3 ruby: 55a952be5b5 # + signal: 0f19beef3 -- cgit v1.2.3 From 372d965133cfe224d4cd47f63ec1fd2c8475c1ae Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 08:37:59 +0100 Subject: ma sdev.r: force virtualisation.virtualbox.guest.enable = false --- makefu/1systems/sdev/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 3e9548aa1..a60a8db66 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -5,9 +5,10 @@ imports = [ # Include the results of the hardware scan. + (toString ) { ## Guest Extensions are currently broken - # virtualisation.virtualbox.guest.enable = true; + virtualisation.virtualbox.guest.enable = lib.mkForce true; } # -- cgit v1.2.3 From 931e25894dc43f7c7e37026f3cc29427aa07ba80 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 09:41:59 +0100 Subject: ma vbox-guest: init --- makefu/1systems/sdev/config.nix | 19 ++++++------------- makefu/1systems/vbob/config.nix | 40 ++++----------------------------------- makefu/2configs/hw/vbox-guest.nix | 16 ++++++++++++++++ 3 files changed, 26 insertions(+), 49 deletions(-) create mode 100644 makefu/2configs/hw/vbox-guest.nix (limited to 'makefu') diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index a60a8db66..81e8cd4d1 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -6,9 +6,12 @@ [ # Include the results of the hardware scan. - (toString ) - { ## Guest Extensions are currently broken - virtualisation.virtualbox.guest.enable = lib.mkForce true; + + { # until virtualbox-image is fixed + imports = [ + + ]; + boot.loader.grub.device = "/dev/sda"; } # @@ -17,11 +20,6 @@ ]; - # workaround for https://github.com/NixOS/nixpkgs/issues/16641 - services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; - - nixpkgs.config.allowUnfree = true; - # allow sdev to deploy self users.extraUsers = { root = { @@ -50,10 +48,5 @@ 8010 ]; - fileSystems."/media/share" = { - fsType = "vboxsf"; - device = "share"; - options = [ "rw" "uid=9001" "gid=9001" "nofail" ]; - }; } diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index 24d42a69b..c74f6edbe 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -9,33 +9,8 @@ imports = [ ]; boot.loader.grub.device = "/dev/sda"; } - - { ## Virtualbox guest is broken on newer kernel - # virtualisation.virtualbox.guest.enable = true; - } - - # { - # imports = [ - # - # ]; - # virtualbox.baseImageSize = 35 * 1024; - # fileSystems."/media/share" = { - # fsType = "vboxsf"; - # device = "share"; - # options = [ "rw" "uid=9001" "gid=9001" ]; - # }; - # } - - # { - # imports = [ - # - # ]; - # fileSystems."/nix" = { - # device ="/dev/disk/by-label/nixstore"; - # fsType = "ext4"; - # }; - # } - + + # # base gui # @@ -79,14 +54,8 @@ ]; networking.extraHosts = import (toString ); - nixpkgs.config.allowUnfree = true; - # allow vbob to deploy self - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; - }; - }; + users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; environment.shellAliases = { forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; @@ -107,7 +76,6 @@ #devpi-client ansible ]; - # virtualisation.docker.enable = true; networking.firewall.allowedTCPPorts = [ @@ -115,6 +83,6 @@ 80 8010 ]; - + # required for qemu systemd.services."serial-getty@ttyS0".enable = true; } diff --git a/makefu/2configs/hw/vbox-guest.nix b/makefu/2configs/hw/vbox-guest.nix new file mode 100644 index 000000000..3ba8ef902 --- /dev/null +++ b/makefu/2configs/hw/vbox-guest.nix @@ -0,0 +1,16 @@ +{ lib, ...}: +{ + ## Guest Extensions are currently broken + imports = [ + # (toString ) + ]; + # virtualisation.virtualbox.guest.enable = true; + services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; + + fileSystems."/media/share" = { + fsType = "vboxsf"; + device = "share"; + options = [ "rw" "uid=9001" "gid=9001" "nofail" ]; + }; + # virtualbox.baseImageSize = 35 * 1024; +} -- cgit v1.2.3 From cd31fcaefa6349248bd1a437027e83c7e05b22af Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 09:49:57 +0100 Subject: ma docker: use 2configs --- makefu/1systems/omo/config.nix | 2 +- makefu/1systems/sdev/config.nix | 4 +--- makefu/1systems/vbob/config.nix | 1 - 3 files changed, 2 insertions(+), 5 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 4e0d2a05f..01438397e 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -71,6 +71,7 @@ in { + # security @@ -119,7 +120,6 @@ in { services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - virtualisation.docker.enable = true; makefu.ps3netsrv = { enable = true; servedir = "/media/cryptX/emu/ps3"; diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 81e8cd4d1..7a87362d8 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -18,6 +18,7 @@ # environment + ]; # allow sdev to deploy self @@ -31,7 +32,6 @@ ppp xclip get passwdqc-utils - docker gnupg populate (pkgs.writeScriptBin "tor-browser" '' @@ -40,8 +40,6 @@ '') ]; - virtualisation.docker.enable = true; - networking.firewall.allowedTCPPorts = [ 25 80 diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index c74f6edbe..1f68ad9c2 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -71,7 +71,6 @@ fortclientsslvpn ppp xclip get logstash - # docker #devpi-web #devpi-client ansible -- cgit v1.2.3 From 1ccef680d2497903a988663e4114487315a99f39 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 15 Feb 2018 10:17:41 +0100 Subject: ma x.r: init wireguard, disable wifi, enable pcmanfm --- makefu/1systems/x/config.nix | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index d5a9bdcfb..8d18b4506 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -60,7 +60,7 @@ with import ; # Hardware # - + # # @@ -78,6 +78,38 @@ with import ; # # # + # + + { + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.2/24" ]; + privateKeyFile = (toString ) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # gum + endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820"; + allowedIPs = [ "10.244.0.0/24" ]; + publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; + } + #{ + # # vbob + # allowedIPs = [ "10.244.0.3/32" ]; + # publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + #} + ]; + }; + } + + { # auto-mounting + services.udisks2.enable = true; + services.devmon.enable = true; + # services.gnome3.gvfs.enable = true; + users.users.makefu.packages = with pkgs;[ + gvfs pcmanfm lxmenu-data + ]; + environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; + } ]; -- cgit v1.2.3 From cdf69ce25896caf40932c0389b33b2fa9c3ab77a Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 16 Feb 2018 20:48:56 +0100 Subject: ma vbox-guest: remove from vhosts, prepare for working upstream --- makefu/1systems/sdev/config.nix | 2 +- makefu/1systems/vbob/config.nix | 2 +- makefu/2configs/hw/vbox-guest.nix | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 7a87362d8..d209a0781 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -6,7 +6,7 @@ [ # Include the results of the hardware scan. - + # { # until virtualbox-image is fixed imports = [ diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index 1f68ad9c2..64709de3c 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -9,7 +9,7 @@ imports = [ ]; boot.loader.grub.device = "/dev/sda"; } - + # # # base gui diff --git a/makefu/2configs/hw/vbox-guest.nix b/makefu/2configs/hw/vbox-guest.nix index 3ba8ef902..65f915a2f 100644 --- a/makefu/2configs/hw/vbox-guest.nix +++ b/makefu/2configs/hw/vbox-guest.nix @@ -2,9 +2,9 @@ { ## Guest Extensions are currently broken imports = [ - # (toString ) + (toString ) ]; - # virtualisation.virtualbox.guest.enable = true; + virtualisation.virtualbox.guest.enable = true; services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; fileSystems."/media/share" = { -- cgit v1.2.3 From 24b8fbc40be4008bb32697309c729df72132454d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 16 Feb 2018 21:56:41 +0100 Subject: ma x.r: vbox+extensionpack does not build --- makefu/1systems/x/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 8d18b4506..b4d4aa66e 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -40,7 +40,7 @@ with import ; # Virtualization - + # { networking.firewall.allowedTCPPorts = [ 8080 ]; networking.nat = { -- cgit v1.2.3 From b28b86580d22e67d9a0552e96841643f77e03927 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 16 Feb 2018 21:57:05 +0100 Subject: ma sdev.,vbob.r: allow unfree --- makefu/1systems/sdev/config.nix | 2 ++ makefu/1systems/vbob/config.nix | 4 ++++ 2 files changed, 6 insertions(+) (limited to 'makefu') diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index d209a0781..c2cd23d1e 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -27,6 +27,8 @@ openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; }; }; + # corefonts + nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs;[ ppp xclip diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index 64709de3c..208dd1ff7 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -67,6 +67,10 @@ ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail ''; + + # for forticlient + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs;[ fortclientsslvpn ppp xclip get -- cgit v1.2.3 From ebb5d67cf320b3fdaf7966f503fff54cfda3b637 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Feb 2018 11:33:25 +0100 Subject: ma urlwatch: taskwarrior is now on github --- makefu/2configs/urlwatch/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 677950f43..d0fb4fe41 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -34,7 +34,7 @@ in { http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack - https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack + http://www.iozone.org/src/current/ { @@ -51,6 +51,8 @@ in { "embray/d2to1" "dorimanx/exfat-nofuse" "rapid7/metasploit-framework" + "GothenburgBitFactory/taskserver" + "GothenburgBitFactory/taskwarrior" ]; }; } -- cgit v1.2.3 From c4fdec7ce910c319c675388c59a65c44d202d5b1 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Feb 2018 16:00:33 +0100 Subject: ma x.r: add bluetooth --- makefu/1systems/x/config.nix | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'makefu') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index b4d4aa66e..ad2ad8779 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -100,7 +100,43 @@ with import ; ]; }; } + { # bluetooth+pulse config + # for blueman-applet + users.users.makefu.packages = [ + pkgs.blueman + ]; + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + # systemWide = true; + support32Bit = true; + configFile = pkgs.writeText "default.pa" '' + load-module module-udev-detect + load-module module-bluetooth-policy + load-module module-bluetooth-discover + load-module module-native-protocol-unix + load-module module-always-sink + load-module module-console-kit + load-module module-systemd-login + load-module module-intended-roles + load-module module-position-event-sounds + load-module module-filter-heuristics + load-module module-filter-apply + load-module module-switch-on-connect + ''; + }; + # presumably a2dp Sink + # Enable profile: + ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink + hardware.bluetooth.extraConfig = ''; + [general] + Enable=Source,Sink,Media,Socket + ''; + + # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + hardware.bluetooth.enable = true; + } { # auto-mounting services.udisks2.enable = true; services.devmon.enable = true; -- cgit v1.2.3 From b5d83996a80c422879dc0be1a1d9d3e0a92c763d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 22 Feb 2018 09:58:45 +0100 Subject: ma 6tests/secrets: add auth.nix dummy --- makefu/6tests/data/secrets/torrent-secrets/auth.nix | 1 + 1 file changed, 1 insertion(+) create mode 100644 makefu/6tests/data/secrets/torrent-secrets/auth.nix (limited to 'makefu') diff --git a/makefu/6tests/data/secrets/torrent-secrets/auth.nix b/makefu/6tests/data/secrets/torrent-secrets/auth.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/makefu/6tests/data/secrets/torrent-secrets/auth.nix @@ -0,0 +1 @@ +{} -- cgit v1.2.3 From c222aadefe4c07a5ebc96b59cd274191e765bd75 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Feb 2018 18:59:43 +0100 Subject: ma hydra.wbob.r: init --- makefu/1systems/wbob/config.nix | 6 +++++- makefu/2configs/hydra/stockholm.nix | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/hydra/stockholm.nix (limited to 'makefu') diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 6434ba273..637d8e2d8 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -29,7 +29,8 @@ in { # # Services - + + (let musicDirectory = "/data/music"; @@ -83,6 +84,9 @@ in { load-module module-filter-apply load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 load-module module-switch-on-connect + # may be required for "system-wide" pulse to connect to bluetooth + #module-bluez5-device + #module-bluez5-discover ''; }; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio diff --git a/makefu/2configs/hydra/stockholm.nix b/makefu/2configs/hydra/stockholm.nix new file mode 100644 index 000000000..4bdb09213 --- /dev/null +++ b/makefu/2configs/hydra/stockholm.nix @@ -0,0 +1,34 @@ +# iterative: +# $ hydra-create-user krebs --password derp --role admin +# curl 'http://hydra.wbob.r/project/.new' -X PUT -H 'Host: hydra.wbob.r' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: redirect_to=%252F; hydra_session=abcdefghijklmnopqrstuvwxyz' -H 'Connection: keep-alive' --data 'enabled=on&visible=on&name=stockholm&displayname=Stockholm&description=make+all+systems+into+1systems&homepage=https%3A%2F%2Fkrebsco.de&owner=krebs&declfile=spec.json&decltype=git&declvalue=http%3A%2F%2Fcgit.euer.krebsco.de%2Fhydra-stockholm' + +{ + + # TODO postgres backup + services.postgresql.enable = true; + + services.hydra = { + enable = true; + hydraURL = "http://hydra.wbob.r"; # externally visible URL + notificationSender = "hydra@wbob.r"; + # you will probably also want, otherwise *everything* will be built from scratch + useSubstitutes = true; + port = 3030; + buildMachinesFiles = []; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + services.nginx = { + enable = true; + virtualHosts."hydra.wbob.r" = { + locations."/" = { + proxyPass = "http://localhost:3030/"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + }; + }; + }; +} -- cgit v1.2.3 From b0edf1be81e463174d9b3a1bd2ff2aff7ef8734e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Feb 2018 19:05:50 +0100 Subject: ma programs-db: rip --- makefu/5pkgs/default.nix | 2 +- makefu/5pkgs/programs-db/default.nix | 12 ------------ 2 files changed, 1 insertion(+), 13 deletions(-) delete mode 100644 makefu/5pkgs/programs-db/default.nix (limited to 'makefu') diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 80a0d33cd..b1d6df67e 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -3,7 +3,7 @@ self: super: let # This callPackage will try to detect obsolete overrides. callPackage = path: args: let - override = super.callPackage path args; + override = super.callPackage path args; upstream = optionalAttrs (override ? "name") (super.${(parseDrvName override.name).name} or {}); in if upstream ? "name" && diff --git a/makefu/5pkgs/programs-db/default.nix b/makefu/5pkgs/programs-db/default.nix deleted file mode 100644 index f40b1b96e..000000000 --- a/makefu/5pkgs/programs-db/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ stdenv }: - -stdenv.mkDerivation rec { - name = "programs-db"; - src = builtins.fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz ; - - phases = [ "unpackPhase" "installPhase" ]; - installPhase = '' - cp programs.sqlite $out - ''; - -} -- cgit v1.2.3 From 99d4464e6ce548b2441dd5d420d4d851b4b1523e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Feb 2018 22:03:59 +0100 Subject: ma git: init hydra-stockholm --- makefu/2configs/git/cgit-retiolum.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index eacbd99cf..1109e2519 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -28,6 +28,7 @@ let init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; + hydra-stockholm = { }; }; priv-repos = mapAttrs make-priv-repo { -- cgit v1.2.3