From 3b3b372091b8c5a8015feba2801ba395bf513f2c Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Mar 2016 08:39:58 +0100 Subject: ma 2 default: really do use tinc_pre --- makefu/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 313ccbec7..20faf7896 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -125,6 +125,7 @@ with config.krebs.lib; nixpkgs.config.packageOverrides = pkgs: { nano = pkgs.runCommand "empty" {} "mkdir -p $out"; + tinc = pkgs.tinc_pre; }; services.cron.enable = false; -- cgit v1.2.3 From 6cb6c96255427580d35fc6b6d545c016f882dcde Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Mar 2016 08:41:13 +0100 Subject: ma 1 darth: configure aux disk --- makefu/1systems/darth.nix | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index a33744f0b..ad3ac4f22 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -1,17 +1,39 @@ { config, pkgs, lib, ... }: with config.krebs.lib; -{ +let + byid = dev: "/dev/disk/by-id/" + dev; + rootDisk = byid "ata-ADATA_SSD_S599_64GB_10460000000000000039"; + auxDisk = byid "ata-HGST_HTS721010A9E630_JR10006PH3A02F"; + dataPartition = auxDisk + "-part1"; + + allDisks = [ rootDisk auxDisk ]; +in { imports = [ + ../. ../2configs/fs/single-partition-ext4.nix ../2configs/zsh-user.nix - ../. + ../2configs/smart-monitor.nix ]; + # virtualisation.nova.enableSingleNode = true; krebs.retiolum.enable = true; - boot.loader.grub.device = "/dev/disk/by-id/ata-ADATA_SSD_S599_64GB_10460000000000000039"; + # TODO smartd omo darth gum all-in-one + services.smartd.devices = builtins.map (x: { device = x; }) allDisks; + zramSwap.enable = true; + + fileSystems."/data" = { + device = dataPartition; + fsType = "ext4"; + }; + + boot.loader.grub.device = rootDisk; + users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey + config.krebs.users.makefu-vbob.pubkey ]; + + krebs.build.host = config.krebs.hosts.darth; } -- cgit v1.2.3 From 6f7801509fd13c09161f9f1e28caa4cb89db1bfb Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Mar 2016 08:42:19 +0100 Subject: ma 1 gum: allow vbob and omo users --- makefu/1systems/gum.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'makefu') diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index e784fdc12..2ddd2dccc 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -45,6 +45,12 @@ in { "cgit.euer.krebsco.de" ]; + # access + users.users = { + root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; + makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; + }; + # Chat environment.systemPackages = with pkgs;[ weechat -- cgit v1.2.3 From 04ba4784ae0918fe9e79af5c95bace3cf8605792 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Mar 2016 08:43:20 +0100 Subject: ma 1 omo: fix misleading comment --- makefu/1systems/omo.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index bfcd2298a..f0f1d3088 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -11,7 +11,7 @@ let # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 # cryptsetup luksAddKey $dev tmpkey # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 - # mkfs.ext4 /dev/mapper/crypt0 -L crypt0 -T largefile + # mkfs.xfs /dev/mapper/crypt0 -L crypt0 # omo Chassis: # __FRONT_ @@ -30,6 +30,8 @@ let cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; # all physical disks + + # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ]; in { imports = -- cgit v1.2.3 From d6958d32c0a32aeea2f7d0b774bcba00da061149 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 19 Mar 2016 23:37:27 +0100 Subject: ma 1 add more nginx --- makefu/1systems/gum.nix | 7 ++++--- makefu/1systems/pornocauster.nix | 6 +++++- 2 files changed, 9 insertions(+), 4 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 2ddd2dccc..710421659 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -41,9 +41,10 @@ in { ]; }; - krebs.nginx.servers.cgit.server-names = [ - "cgit.euer.krebsco.de" - ]; + krebs.nginx.servers.cgit = { + server-names = [ "cgit.euer.krebsco.de" ]; + listen = [ "${external-ip}:80" "${internal-ip}:80" ]; + }; # access users.users = { diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 119f0e5e4..88c187758 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -36,7 +36,11 @@ #../2configs/wordpress.nix ../2configs/nginx/public_html.nix ]; - + krebs.nginx = { + default404 = false; + servers.default.listen = [ "80 default_server" ]; + servers.default.server-names = [ "_" ]; + }; krebs.retiolum.enable = true; # steam hardware.opengl.driSupport32Bit = true; -- cgit v1.2.3 From b297544847b71cd8759bc6d1feeb4c80e7094270 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 1 Apr 2016 14:28:16 +0200 Subject: ma 2 fs: use list of strings for options --- makefu/2configs/fs/sda-crypto-root-home.nix | 2 +- makefu/2configs/fs/sda-crypto-root.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/fs/sda-crypto-root-home.nix b/makefu/2configs/fs/sda-crypto-root-home.nix index 5214cf872..1ef0d69e9 100644 --- a/makefu/2configs/fs/sda-crypto-root-home.nix +++ b/makefu/2configs/fs/sda-crypto-root-home.nix @@ -19,7 +19,7 @@ with config.krebs.lib; "/home" = { device = "/dev/mapper/main-home"; fsType = "ext4"; - options="defaults,discard"; + options = [ "defaults" "discard" ]; }; }; } diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index e9d7b755a..b82c0e44e 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -18,12 +18,12 @@ with config.krebs.lib; "/" = { device = "/dev/mapper/luksroot"; fsType = "ext4"; - options="defaults,discard"; + options = [ "defaults" "discard" ]; }; "/boot" = { device = "/dev/disk/by-label/nixboot"; fsType = "ext4"; - options="defaults,discard"; + options = [ "defaults" "discard" ]; }; }; } -- cgit v1.2.3 From f47212c2ce09b22bad37670b2d434eeb9badf49d Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:39:28 +0200 Subject: ma 2 omo: share emu --- makefu/2configs/omo-share.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'makefu') diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix index a9640b38b..3a4dd456f 100644 --- a/makefu/2configs/omo-share.nix +++ b/makefu/2configs/omo-share.nix @@ -48,6 +48,13 @@ in { browseable = "yes"; "guest ok" = "yes"; }; + + emu = { + path = "/media/crypt1/emu"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; usenet = { path = "/media/crypt0/usenet/dst"; "read only" = "yes"; -- cgit v1.2.3 From 3435e02dadf0a13515a5d387e7a99d5c1a383fe4 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:39:53 +0200 Subject: ma 5 mycube: use new version --- makefu/5pkgs/mycube-flask/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/5pkgs/mycube-flask/default.nix b/makefu/5pkgs/mycube-flask/default.nix index 5bf85a66a..1b1672f08 100644 --- a/makefu/5pkgs/mycube-flask/default.nix +++ b/makefu/5pkgs/mycube-flask/default.nix @@ -10,8 +10,8 @@ with pkgs.pythonPackages;buildPythonPackage rec { src = fetchFromGitHub { owner = "makefu"; repo = "mycube-flask"; - rev = "5f5260a"; - sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh"; + rev = "48dc6857"; + sha256 = "1ax1vz6m5982l1mmp9vmywn9nw9p9h4m3ss74zazyspxq1wjim0v"; }; meta = { homepage = https://github.com/makefu/mycube-flask; -- cgit v1.2.3 From 4f55e3862c942d8d05591873f587cc767aef3a0d Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:42:13 +0200 Subject: ma 1 darth: add virtualization --- makefu/1systems/darth.nix | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index ad3ac4f22..2f2358ddc 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -10,15 +10,27 @@ let allDisks = [ rootDisk auxDisk ]; in { imports = [ - ../. - ../2configs/fs/single-partition-ext4.nix - ../2configs/zsh-user.nix - ../2configs/smart-monitor.nix + ../. + ../2configs/fs/single-partition-ext4.nix + ../2configs/zsh-user.nix + ../2configs/smart-monitor.nix + ../2configs/exim-retiolum.nix + ../2configs/virtualization.nix ]; + networking.firewall.allowedUDPPorts = [ 80 655 67 ]; + networking.firewall.allowedTCPPorts = [ 80 655 ]; + networking.firewall.checkReversePath = false; + #networking.firewall.enable = false; # virtualisation.nova.enableSingleNode = true; krebs.retiolum.enable = true; + boot.kernelModules = [ "coretemp" "f71882fg" ]; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + networking.wireless.enable = true; + # TODO smartd omo darth gum all-in-one services.smartd.devices = builtins.map (x: { device = x; }) allDisks; zramSwap.enable = true; -- cgit v1.2.3 From 540d629e0daa74dd37d8c6d5b462c6888a498c58 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:42:46 +0200 Subject: ma 2 tp-x220: start charging at 95 my thinkpad never fills 100% --- makefu/2configs/hw/tp-x2x0.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index d5ce34bd4..7f9dc67a5 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -23,6 +23,7 @@ with config.krebs.lib; services.tlp.enable = true; services.tlp.extraConfig = '' START_CHARGE_THRESH_BAT0=80 + STOP_CHARGE_THRESH_BAT0=95 CPU_SCALING_GOVERNOR_ON_AC=performance CPU_SCALING_GOVERNOR_ON_BAT=ondemand -- cgit v1.2.3 From 315bb8e67ef1a2c5fbf4b6ed4debdc8d2ce0f15e Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:43:02 +0200 Subject: ma 2 base-gui: save more lines --- makefu/2configs/base-gui.nix | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 341a2ab20..b807957ba 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -10,16 +10,6 @@ # # if this is not enough, check out main-laptop.nix -## TODO: .Xdefaults: -# URxvt*termName: rxvt -# URxvt.scrollBar : false -# URxvt*scrollBar_right: false -# URxvt*borderLess: false -# URxvt.foreground: white -# URxvt.background: black -# URxvt.urgentOnBell: true -# URxvt.visualBell: false -# URxvt.font : xft:Terminus with config.krebs.lib; let @@ -83,7 +73,9 @@ in XTerm*FaceName : Terminus:pixelsize=14 URxvt*termName: rxvt - URxvt.scrollBar : False + URxvt*saveLines: 10000 + URxvt*loginShell: false + URxvt.scrollBar : false URxvt*scrollBar_right: false URxvt*borderLess: false URxvt.foreground: white -- cgit v1.2.3 From bc72bad6e22eeae9fa138be1583e742eec1e162f Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:43:31 +0200 Subject: ma 1 vbob: remove obsolete source --- makefu/1systems/vbob.nix | 5 ----- 1 file changed, 5 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 748b08ef1..5e2382f37 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -15,11 +15,6 @@ ]; nixpkgs.config.allowUnfree = true; - krebs.build.source.upstream-nixpkgs = { - url = https://github.com/makefu/nixpkgs; - # HTTP Everywhere + libredir - rev = "8239ac6"; - }; fileSystems."/nix" = { device ="/dev/disk/by-label/nixstore"; fsType = "ext4"; -- cgit v1.2.3 From c8b8dac1dbcba9a8ca5da5ee2ee27af0da9d8f97 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:44:11 +0200 Subject: ma 2 nginx/public_html: publish home --- makefu/2configs/nginx/public_html.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 makefu/2configs/nginx/public_html.nix (limited to 'makefu') diff --git a/makefu/2configs/nginx/public_html.nix b/makefu/2configs/nginx/public_html.nix new file mode 100644 index 000000000..9df8351ca --- /dev/null +++ b/makefu/2configs/nginx/public_html.nix @@ -0,0 +1,15 @@ +{ config, lib, ... }: + +with config.krebs.lib; + +{ + krebs.nginx = { + enable = true; + servers.default.locations = [ + (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' + alias /home/$1/public_html$2; + autoindex on; + '') + ]; + }; +} -- cgit v1.2.3 From ac7cece1d27422ce6b17540618cacc90ac4bfdb0 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:52:16 +0200 Subject: ma 1 omo: cleanup --- makefu/1systems/omo.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index f0f1d3088..fbd06a9c7 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -44,16 +44,21 @@ in { ../2configs/smart-monitor.nix ../2configs/mail-client.nix ../2configs/share-user-sftp.nix + ../2configs/graphite-standalone.nix ../2configs/omo-share.nix ]; + krebs.retiolum.enable = true; networking.firewall.trustedInterfaces = [ "enp3s0" ]; # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net # tcp:80 - nginx for sharing files # tcp:655 udp:655 - tinc - # tcp:8080 - sabnzbd + # tcp:8111 - graphite + # tcp:9090 - sabnzbd + # tcp:9200 - elasticsearch + # tcp:5601 - kibana networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; + networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ]; # services.openssh.allowSFTP = false; -- cgit v1.2.3 From ef74e1f71338bba1eb558b63e100c4803c33cd8c Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:52:50 +0200 Subject: ma 2 mail: use mutt, not mutt-kz --- makefu/2configs/mail-client.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/mail-client.nix b/makefu/2configs/mail-client.nix index 793daa6f8..eeade94e8 100644 --- a/makefu/2configs/mail-client.nix +++ b/makefu/2configs/mail-client.nix @@ -7,7 +7,7 @@ with config.krebs.lib; gnupg imapfilter msmtp - mutt-kz + mutt notmuch offlineimap openssl -- cgit v1.2.3 From 3d5c085f100d91543cb0f786337c4f4a1756f216 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:55:01 +0200 Subject: ma 4 default: prepare backups --- makefu/4lib/default.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 makefu/4lib/default.nix (limited to 'makefu') diff --git a/makefu/4lib/default.nix b/makefu/4lib/default.nix new file mode 100644 index 000000000..5e9ab2087 --- /dev/null +++ b/makefu/4lib/default.nix @@ -0,0 +1,30 @@ +{ config, lib, ... }: + +with lib; +let + addDefaultTime = bku-entry: recursiveUpdate { + snapshots = { + daily = { format = "%Y-%m-%d"; retain = 7; }; + weekly = { format = "%YW%W"; retain = 4; }; + monthly = { format = "%Y-%m"; retain = 12; }; + yearly = { format = "%Y"; }; + }; + startAt = "5:23"; + } bku-entry; + + backup-host = config.krebs.hosts.omo; + backup-path = "/media/backup"; +in { + bku = { + inherit addDefaultTime; + simplePath = addDefaultTime (path: { + method = "pull"; + src = { host = config.krebs.build.host; inherit path; }; + dst = { + host = backup-host; + path = backup-path ++ config.krebs.build.host.name + ++ builtins.replaceStrings ["/"] ["-"] path; + }; + }); + }; +} -- cgit v1.2.3