diff options
| author | tv <tv@krebsco.de> | 2017-06-04 06:20:54 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2017-06-04 06:20:54 +0200 |
| commit | 811ceaa243bf5241ca1189871c4426240962f04d (patch) | |
| tree | f46006567b5f9279ebd9cb23de3eadb508f83c54 | |
| parent | 4f58b884dda57db8106768a22a206d6605d6e3e5 (diff) | |
| parent | e50bc4f3eb3dac13bba4ae6158e839a52455c3c3 (diff) | |
Merge remote-tracking branch 'prism/master'
45 files changed, 415 insertions, 376 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0e1cbd876..05b7b5078 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -224,32 +224,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; }; - helios = { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.0.3"; - ip6.addr = "42:0:0:0:0:0:0:7105"; - aliases = [ - "helios.r" - "cgit.helios.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA9SItL2mhQpTl95gjSWRstrDajUnI5YbrVCuaDKfw9gRwMyPNiO/y - Xwv/w4Ri8NCJZLZGkj2vG3X0EfJFBEPTJPTCbF9fP7PqqVs38BD41txLp+NrFxEq - 5fmFk65/eg8ujrNQoOSUGmky/BKqQhWjvxdAWuwjN933wJCcNCxyaUwljHLYEK/I - oIJX+spnFmPwmhW9hsOj8K06eHixT13+0W48GG/ZNcV3x5vWxcKUvZ4Qtzz2iMNB - hud5kae7xMUfFAzCeKF/zsjuyt2d/xQg1WgR8MXGNgYhNJFSXz94r/bivNO6H4vP - Pfjndnh8cD46ADo8woS1nQ19WId+sMbipwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7"; - }; shodan = { cores = 2; nets = { @@ -339,10 +313,6 @@ with import <stockholm/lib>; mail = "lass@uriel.r"; pubkey = builtins.readFile ./ssh/uriel.rsa; }; - lass-helios = { - mail = "lass@helios.r"; - pubkey = builtins.readFile ./ssh/helios.rsa; - }; lass-shodan = { mail = "lass@shodan.r"; pubkey = builtins.readFile ./ssh/shodan.rsa; diff --git a/krebs/3modules/lass/ssh/helios.rsa b/krebs/3modules/lass/ssh/helios.rsa deleted file mode 100644 index c2a54b621..000000000 --- a/krebs/3modules/lass/ssh/helios.rsa +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 33202d0ab..c95e1761c 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -459,6 +459,7 @@ with import <stockholm/lib>; share.euer IN A ${nets.internet.ip4.addr} mattermost.euer IN A ${nets.internet.ip4.addr} gum IN A ${nets.internet.ip4.addr} + wikisearch IN A ${nets.internet.ip4.addr} pigstarter IN A ${nets.internet.ip4.addr} cgit.euer IN A ${nets.internet.ip4.addr} euer IN A ${nets.internet.ip4.addr} @@ -490,6 +491,7 @@ with import <stockholm/lib>; "tracker.makefu.r" "graph.r" + "search.makefu.r" "wiki.makefu.r" "wiki.gum.r" "blog.makefu.r" diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index 9c77f909d..e12367aca 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -70,7 +70,6 @@ relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ config.krebs.hosts.mors config.krebs.hosts.uriel - config.krebs.hosts.helios ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix deleted file mode 100644 index 99760dfdb..000000000 --- a/lass/1systems/helios.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ config, pkgs, ... }: - -with builtins; -with import <stockholm/lib>; - -{ - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/exim-retiolum.nix - ../2configs/browsers.nix - ../2configs/programs.nix - ../2configs/git.nix - ../2configs/pass.nix - ../2configs/fetchWallpaper.nix - ../2configs/backups.nix - - #{ - # # conflicting stuff with gnome setup - # # TODO: fix this - # imports = [ - # ../2configs/baseX.nix - # ]; - #} - { - # gnome3 for suja - time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; - services.xserver.desktopManager.xfce.enable = true; - networking.wireless.enable = true; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - users.users.ferret = { - uid = genid "ferret"; - home = "/home/ferret"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - hashedPassword = "$6$SaneLuyep90p8BPn$0IDbvLgNbRGZL96obWavanTmY6IkBG84vs2b/2oqlpbmTZH3retOYbQKF1uVqu6dD0ZGF4eBq9tqPbwUjRyY00"; - }; - environment.systemPackages = with pkgs; [ - firefox - chromium - maven - arandr - libreoffice - mpv - ]; - } - #{ - # users.extraUsers = { - # root = { - # openssh.authorizedKeys.keys = map readFile [ - # ../../krebs/Zpubkeys/uriel.ssh.pub - # ]; - # }; - # }; - #} - #{ - # services.elasticsearch = { - # enable = true; - # }; - #} - { - krebs.power-action.battery = "BAT1"; - } - ]; - - krebs.build.host = config.krebs.hosts.helios; - - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/pool/nix"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - - "/home" = { - device = "/dev/pool/home"; - fsType = "ext4"; - }; - - "/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" - # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" - #''; - - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - additionalOptions = '' - Option "FingerHigh" "60" - Option "FingerLow" "60" - ''; - }; -} diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 01cfe5414..02054a8e5 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: - with import <stockholm/lib>; let @@ -46,6 +45,7 @@ in { ../2configs/monitoring/monit-alarms.nix ../2configs/paste.nix ../2configs/syncthing.nix + ../2configs/coders-irc.nix { imports = [ ../2configs/bepasty.nix @@ -254,103 +254,6 @@ in { ]; } { - krebs.Reaktor.coders = { - nickname = "Reaktor|lass"; - channels = [ "#coders" "#germany" ]; - extraEnviron = { - REAKTOR_HOST = "irc.hackint.org"; - }; - plugins = with pkgs.ReaktorPlugins; let - - lambdabot = (import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs"; - rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; - sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; - }) {}).lambdabot; - - lambdabotflags = '' - -XStandaloneDeriving -XGADTs -XFlexibleContexts \ - -XFlexibleInstances -XMultiParamTypeClasses \ - -XOverloadedStrings -XFunctionalDependencies \''; - in [ - url-title - (buildSimpleReaktorPlugin "lambdabot-pl" { - pattern = "^@pl (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-pl" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@pl $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-type" { - pattern = "^@type (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-type" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@type $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-let" { - pattern = "^@let (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-let" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@let $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-run" { - pattern = "^@run (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-run" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@run $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-kind" { - pattern = "^@kind (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-kind" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@kind $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-kind" { - pattern = "^@kind (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-kind" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@kind $1" - ''; - }) - (buildSimpleReaktorPlugin "random-unicorn-porn" { - pattern = "^!rup$$"; - script = pkgs.writePython2 "rup" '' - #!${pkgs.python2}/bin/python - t1 = """ - _. - ;=',_ () - 8===D~~ S" .--`|| - sS \__ || - __.' ( \-->|| - _=/ _./-\/ || - 8===D~~ ((\( /-' -'l || - ) |/ \\ (_)) - \\ \\ - '~ '~ - """ - print(t1) - ''; - }) - (buildSimpleReaktorPlugin "ping" { - pattern = "^!ping (?P<args>.*)$$"; - script = pkgs.writeDash "ping" '' - exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1 - ''; - }) - ]; - }; - } - { krebs.Reaktor.prism = { nickname = "Reaktor|lass"; channels = [ "#retiolum" ]; diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix index 22b48f6e8..b20e15dd9 100644 --- a/lass/2configs/backups.nix +++ b/lass/2configs/backups.nix @@ -107,29 +107,5 @@ with import <stockholm/lib>; dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; }; startAt = "05:00"; }; - dishfire-http-helios = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-http"; }; - startAt = "12:00"; - }; - dishfire-sql-helios = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-sql"; }; - startAt = "12:15"; - }; - prism-sql-helios = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.helios; path = "/bku/prism-sql_dumps"; }; - startAt = "12:30"; - }; - prism-http-helios = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.helios; path = "/bku/prism-http"; }; - startAt = "12:45"; - }; }; } diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 62b823c3f..227152482 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -113,7 +113,7 @@ in { ] ) - for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: + for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: addShell(f,name="build-{}".format(i),env=env_lass, command=nixshell + \ ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ diff --git a/lass/2configs/coders-irc.nix b/lass/2configs/coders-irc.nix new file mode 100644 index 000000000..61cc7cfe0 --- /dev/null +++ b/lass/2configs/coders-irc.nix @@ -0,0 +1,92 @@ +{ config, lib, pkgs, ... }: +with import <stockholm/lib>; + +{ + krebs.Reaktor.coders = { + nickname = "Reaktor|lass"; + channels = [ "#coders" "#germany" ]; + extraEnviron = { + REAKTOR_HOST = "irc.hackint.org"; + }; + plugins = with pkgs.ReaktorPlugins; let + + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + + lambdabotflags = '' + -XStandaloneDeriving -XGADTs -XFlexibleContexts \ + -XFlexibleInstances -XMultiParamTypeClasses \ + -XOverloadedStrings -XFunctionalDependencies \''; + in [ + url-title + (buildSimpleReaktorPlugin "lambdabot-pl" { + pattern = "^@pl (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-pl" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@pl $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-type" { + pattern = "^@type (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-type" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@type $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-let" { + pattern = "^@let (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-let" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@let $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-run" { + pattern = "^@run (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-run" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@run $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-kind" { + pattern = "^@kind (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-kind" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@kind $1" + ''; + }) + (buildSimpleReaktorPlugin "random-unicorn-porn" { + pattern = "^!rup$$"; + script = pkgs.writePython2 "rup" '' + #!${pkgs.python2}/bin/python + t1 = """ + _. + ;=',_ () + 8===D~~ S" .--`|| + sS \__ || + __.' ( \-->|| + _=/ _./-\/ || + 8===D~~ ((\( /-' -'l || + ) |/ \\ (_)) + \\ \\ + '~ '~ + """ + print(t1) + ''; + }) + (buildSimpleReaktorPlugin "ping" { + pattern = "^!ping (?P<args>.*)$$"; + script = pkgs.writeDash "ping" '' + exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1 + ''; + }) + ]; + }; +} diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index eb9575018..d32262810 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -15,7 +15,6 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-shodan.pubkey - lass-helios.pubkey lass-icarus.pubkey makefu.pubkey ]; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 3353cdac0..b8d00e7d4 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -16,7 +16,6 @@ with import <stockholm/lib>; relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors config.krebs.hosts.uriel - config.krebs.hosts.helios ]; internet-aliases = with config.krebs.users; [ { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822 diff --git a/lass/2configs/logf.nix b/lass/2configs/logf.nix index 3c4948db1..03414a745 100644 --- a/lass/2configs/logf.nix +++ b/lass/2configs/logf.nix @@ -8,7 +8,6 @@ let shodan = "51"; icarus = "53"; echelon = "197"; - helios = "199"; cloudkrebs = "119"; }; in { diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index c6620afaa..a3916a2ea 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "f469354"; + ref = "f8dfdd7"; }; } diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 92c446212..519313f57 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -32,7 +32,7 @@ in { ../2configs/tools/sec.nix # services - ../2configs/gum-share.nix + ../2configs/share/gum.nix ../2configs/sabnzbd.nix ../2configs/torrent.nix ../2configs/iodined.nix @@ -48,14 +48,25 @@ in { ../2configs/deployment/mycube.connector.one.nix ../2configs/deployment/graphs.nix ../2configs/deployment/owncloud.nix - ../2configs/deployment/wiki-irc.nix + ../2configs/deployment/wiki-irc-bot ../2configs/deployment/boot-euer.nix + ../2configs/deployment/hound + { + services.taskserver.enable = true; + services.taskserver.fqdn = config.krebs.build.host.name; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.home.users = [ "makefu" ]; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ''; + } # ../2configs/ipfs.nix ../2configs/syncthing.nix # ../2configs/opentracker.nix - ../2configs/logging/central-stats-client.nix - # ../2configs/logging/central-logging-client.nix + ../2configs/stats/client.nix + # ../2configs/logging/client.nix ]; makefu.dl-dir = "/var/download"; @@ -78,7 +89,6 @@ in { ]; }; - makefu.taskserver.enable = true; # access @@ -122,6 +132,8 @@ in { 21031 # taskserver 53589 + # temp vnc + 18001 ]; allowedUDPPorts = [ # tinc diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 91785a078..0f1b8e0da 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -50,11 +50,13 @@ in { # ../2configs/disable_v6.nix #../2configs/graphite-standalone.nix #../2configs/share-user-sftp.nix - ../2configs/omo-share.nix + ../2configs/share/omo.nix ../2configs/tinc/retiolum.nix - ../2configs/logging/central-stats-server.nix - # ../2configs/logging/central-logging-server.nix - ../2configs/logging/central-stats-client.nix + + # Logging + ../2configs/stats/server.nix #influx + grafana + ../2configs/stats/client.nix + ../2configs/stats/external/aralast.nix # logs to influx # services ../2configs/syncthing.nix @@ -180,7 +182,8 @@ in { uid = 9002; name = "misa"; }; - hardware.enableAllFirmware = true; + # hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; hardware.cpu.intel.updateMicrocode = true; zramSwap.enable = true; diff --git a/makefu/1systems/studio.nix b/makefu/1systems/studio.nix index 400d9f883..f7d49cac6 100644 --- a/makefu/1systems/studio.nix +++ b/makefu/1systems/studio.nix @@ -5,8 +5,10 @@ ../2configs/vncserver.nix ../2configs/vim.nix ../2configs/disable_v6.nix - ../2configs/jack-on-pulse.nix + ../2configs/audio/jack-on-pulse.nix + ../2configs/audio/realtime-audio.nix ../2configs/gui/studio.nix + ../2configs/binary-cache/lass.nix ]; makefu.gui.user = "user"; # we use an extra user diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix index 7f465ec72..5d0dd4a79 100644 --- a/makefu/1systems/wbob.nix +++ b/makefu/1systems/wbob.nix @@ -18,6 +18,7 @@ in { ../2configs/mqtt.nix ../2configs/deployment/led-fader.nix # ../2configs/gui/wbob-kiosk.nix + ../2configs/stats/client.nix ../2configs/gui/studio.nix ../2configs/audio/jack-on-pulse.nix diff --git a/makefu/2configs/audio/jack-on-pulse.nix b/makefu/2configs/audio/jack-on-pulse.nix index 09d03ea9f..49b61d5a2 100644 --- a/makefu/2configs/audio/jack-on-pulse.nix +++ b/makefu/2configs/audio/jack-on-pulse.nix @@ -2,6 +2,7 @@ let pulse = pkgs.pulseaudioFull; user = config.makefu.gui.user; + wait_time = 30; in { sound.enable = true; @@ -13,16 +14,17 @@ in environment.systemPackages = with pkgs; [ jack2Full ]; # from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html - systemd.services = { + systemd.user.services = { jackdbus = { description = "Runs jack, and points pulseaudio at it"; serviceConfig = { - User = user; Type = "oneshot"; ExecStart = pkgs.writeScript "start_jack.sh" '' #! ${pkgs.bash}/bin/bash . ${config.system.build.setEnvironment} - sleep 5 # wait for the gui to load + + # TODO: correctly wait for pulseaudio, cannot use pulseaudio.service + sleep ${toString wait_time} # wait for the gui to load ${pkgs.jack2Full}/bin/jack_control start sleep 3 # give some time for sources/sinks to be created @@ -37,9 +39,11 @@ in ${pkgs.jack2Full}/bin/jack_control stop ''; RemainAfterExit = true; + Restart = "always"; + RestartSec = "5"; }; - after = [ "display-manager.service" "sound.target" ]; - wantedBy = [ "multi-user.target" ]; + # after = [ "display-manager.service" "sound.target" ]; + wantedBy = [ "default.target" ]; }; }; } diff --git a/makefu/2configs/deployment/hound/default.nix b/makefu/2configs/deployment/hound/default.nix new file mode 100644 index 000000000..0cfb5cdeb --- /dev/null +++ b/makefu/2configs/deployment/hound/default.nix @@ -0,0 +1,28 @@ +{ config, pkgs, ... }: +{ + services.nginx.virtualHosts."wikisearch.krebsco.de" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:6080"; + }; + services.hound = { + enable = true; + listen = "127.0.0.1:6080"; + # package = pkgs.hound.overrideDerivation(oldAttrs: { + # patches = [ ./keep-repo.patch ]; + # }); + config = ''{ + "max-concurrent-indexers" : 2, + "dbpath" : "${config.services.hound.home}/data", + "repos" : { + "nixos-users-wiki": { + "url" : "https://github.com/nixos-users/wiki.wiki.git", + "url-pattern" : { + "base-url" : "{url}/{path}" + } + } + } + }''; + }; + +} diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index a18416497..e4d62ae77 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -29,7 +29,8 @@ in { environment = { NIX_PATH = "/var/src"; }; - wantedBy = [ "multi-user.target" ]; + after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; + wantedBy = [ "multi-user.target" ]; serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; diff --git a/makefu/2configs/deployment/wiki-irc.nix b/makefu/2configs/deployment/wiki-irc-bot/default.nix index dc7c8afe8..7ab31e698 100644 --- a/makefu/2configs/deployment/wiki-irc.nix +++ b/makefu/2configs/deployment/wiki-irc-bot/default.nix @@ -4,6 +4,10 @@ with lib; let port = 18872; in { + nixpkgs.config.packageOverrides = pkgs: with pkgs; { + logstash = pkgs.stdenv.lib.overrideDerivation pkgs.logstash (old: { + patches = [ ./irc-out-notice.patch ]; }); + }; services.logstash = { enable = true; inputConfig = '' @@ -40,10 +44,11 @@ in { file { path => "/tmp/logs.json" codec => "json_lines" } if [output] { irc { - channels => [ "#nixos" , "#krebs" ] + channels => [ "#krebs", "#nixos" ] host => "irc.freenode.net" nick => "nixos-users-wiki" format => "%{output}" + notice => true } } ''; diff --git a/makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch b/makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch new file mode 100644 index 000000000..040643f81 --- /dev/null +++ b/makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch @@ -0,0 +1,26 @@ +index b63339d..8c8c747 100644 +--- a/vendor/bundle/jruby/1.9/gems/logstash-output-irc-2.0.4/lib/logstash/outputs/irc.rb ++++ b/vendor/bundle/jruby/1.9/gems/logstash-output-irc-2.0.4/lib/logstash/outputs/irc.rb +@@ -48,6 +48,9 @@ class LogStash::Outputs::Irc < LogStash::Outputs::Base + # Static string after event + config :post_string, :validate => :string, :required => false + ++ # Set this to true to send messages as notice ++ config :notice, :validate => :boolean, :default => false ++ + public + + def inject_bot(bot) +@@ -90,9 +93,9 @@ class LogStash::Outputs::Irc < LogStash::Outputs::Base + + @bot.channels.each do |channel| + @logger.debug("Sending to...", :channel => channel, :text => text) +- channel.msg(pre_string) if !@pre_string.nil? +- channel.msg(text) +- channel.msg(post_string) if !@post_string.nil? ++ channel.send(pre_string, :notice => @notice) if !@pre_string.nil? ++ channel.send(text, :notice => @notice) ++ channel.send(post_string, :notice => @notice) if !@post_string.nil? + end # channels.each + end # def receive + end # class LogStash::Outputs::Irc diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index bf6bef29d..0247010b1 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -24,7 +24,7 @@ in enable = true; layout = "us"; xkbVariant = "altgr-intl"; - xkbOptions = "ctrl:nocaps"; + xkbOptions = "ctrl:nocaps, eurosign:e"; windowManager = { awesome.enable = true; diff --git a/makefu/2configs/logging/central-logging-client.nix b/makefu/2configs/logging/client.nix index 04d2de0d0..04d2de0d0 100644 --- a/makefu/2configs/logging/central-logging-client.nix +++ b/makefu/2configs/logging/client.nix diff --git a/makefu/2configs/logging/central-logging-server.nix b/makefu/2configs/logging/server.nix index 90f8e6680..90f8e6680 100644 --- a/makefu/2configs/logging/central-logging-server.nix +++ b/makefu/2configs/logging/server.nix diff --git a/makefu/2configs/gum-share.nix b/makefu/2configs/share/gum.nix index e578f43d3..e578f43d3 100644 --- a/makefu/2configs/gum-share.nix +++ b/makefu/2configs/share/gum.nix diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/share/omo.nix index 7d7a4ec57..7d7a4ec57 100644 --- a/makefu/2configs/omo-share.nix +++ b/makefu/2configs/share/omo.nix diff --git a/makefu/2configs/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix index 0907c2dbf..0907c2dbf 100644 --- a/makefu/2configs/temp-share-samba.nix +++ b/makefu/2configs/share/temp-share-samba.nix diff --git a/makefu/2configs/logging/central-stats-client.nix b/makefu/2configs/stats/client.nix index dd6ddddaf..dd6ddddaf 100644 --- a/makefu/2configs/logging/central-stats-client.nix +++ b/makefu/2configs/stats/client.nix diff --git a/makefu/2configs/stats/external/aralast.nix b/makefu/2configs/stats/external/aralast.nix new file mode 100644 index 000000000..870db99a8 --- /dev/null +++ b/makefu/2configs/stats/external/aralast.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + pkg = pkgs.stdenv.mkDerivation { + name = "aralast-master"; + src = pkgs.fetchFromGitHub { + owner = "makefu"; + repo = "aralast"; + rev = "7121598"; + sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m"; + }; + installPhase = '' + install -m755 -D aralast.sh $out/bin/aralast + ''; + }; +in { + systemd.services.aralast = { + description = "periodically fetch aramark"; + path = [ + pkgs.curl + pkgs.gnugrep + pkgs.gnused + ]; + wantedBy = [ "multi-user.target" ]; + environment = { + INFLUX_HOST = "localhost"; + INFLUX_PORT = "8086"; + }; + # every 10 seconds when the cantina is open + startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0,15,30,45"; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkg}/bin/aralast"; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/logging/central-stats-server.nix b/makefu/2configs/stats/server.nix index 4f7961f32..602fcc6d0 100644 --- a/makefu/2configs/logging/central-stats-server.nix +++ b/makefu/2configs/stats/server.nix @@ -12,7 +12,9 @@ in { services.grafana.addr = "0.0.0.0"; services.influxdb.enable = true; - + # redirect grafana to stats.makefu.r + services.nginx.enable = true; + services.nginx.virtualHosts."stats.makefu.r".locations."/".proxyPass = "http://localhost:3000"; # forward these via nginx services.influxdb.extraConfig = { meta.hostname = config.krebs.build.host.name; diff --git a/makefu/2configs/time-machine.nix b/makefu/2configs/time-machine.nix new file mode 100644 index 000000000..90d44e540 --- /dev/null +++ b/makefu/2configs/time-machine.nix @@ -0,0 +1,31 @@ +let + time-machine-path = "/media/crypt2/backup/time-machine/misa"; +in { + networking.firewall.allowedTCPPorts = [ + 548 # netatalk + ]; + + services = { + netatalk = { + enable = true; + + volumes = { + "misa-time-machine" = { + "time machine" = "yes"; + path = time-machine-path; + "valid users" = "misa"; + }; + }; + }; + + avahi = { + enable = true; + nssmdns = true; + + publish = { + enable = true; + userServices = true; + }; + }; + }; +} diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 34c686451..47f06287b 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -3,5 +3,6 @@ { krebs.per-user.makefu.packages = with pkgs; [ steam + games-user-env ]; } diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 0f904fe3d..453bfbe80 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -44,4 +44,8 @@ in fi ''; }; + + krebs.per-user.${mainUser}.packages = [ + pkgs.nix-zsh-completions + ]; } diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 546fed109..2981e0fa3 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -11,7 +11,6 @@ _: ./logging-config.nix ./server-config.nix ./snapraid.nix - ./taskserver.nix ./torrent.nix ./udpt.nix ./umts.nix diff --git a/makefu/3modules/taskserver.nix b/makefu/3modules/taskserver.nix deleted file mode 100644 index 40a18fe05..000000000 --- a/makefu/3modules/taskserver.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - cfg = config.makefu.taskserver; - - out = { - options.makefu.taskserver = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "taskserver"; - - workingDir = mkOption { - type = types.str; - default = "/var/lib/taskserver"; - }; - - package = mkOption { - type = types.package; - default = pkgs.taskserver; - }; - - - }; - - imp = { - environment.systemPackages = [ cfg.package ]; - systemd.services.taskserver = { - description = "taskd server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - restartIfChanged = true; - unitConfig = { - Documentation = "http://taskwarrior.org/docs/#taskd" ; - # https://taskwarrior.org/docs/taskserver/configure.html - ConditionPathExists = "${cfg.workingDir}/config"; - }; - serviceConfig = { - Type = "simple"; - ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}"; - WorkingDirectory = cfg.workingDir; - # PrivateTmp = true; - # InaccessibleDirectories = "/home /boot /opt /mnt /media"; - User = "taskd"; - }; - }; - - users.users.taskd = { - uid = genid "taskd"; - home = cfg.workingDir; - createHome = true; - }; - users.groups.taskd.gid = genid "taskd"; - }; - -in -out - diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 75307be12..9acc5894b 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -6,19 +6,27 @@ in imports = [ ../. <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - ../2configs/cgit-mirror.nix ../2configs/collectd-base.nix + ../2configs/shack/share.nix + ../2configs/central-stats-client.nix + ../2configs/save-diskspace.nix + + ../2configs/cgit-mirror.nix ../2configs/graphite.nix ../2configs/repo-sync.nix - ../2configs/shack-drivedroid.nix - ../2configs/shack-nix-cacher.nix ../2configs/shared-buildbot.nix - ../2configs/share-shack.nix - ../2configs/central-stats-client.nix + ../2configs/shack/drivedroid.nix + ../2configs/shack/nix-cacher.nix + + ../2configs/shack/mqtt_sub.nix + ../2configs/shack/muell_caller.nix + ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) + services.influxdb.enable = true; + # local discovery in shackspace nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; krebs.tinc.retiolum.extraConfig = "TCPOnly = yes"; @@ -46,6 +54,7 @@ in networking = { firewall.enable = false; + firewall.allowedTCPPorts = [ 8088 8086 8083 ]; interfaces.enp0s3.ip4 = [{ address = shack-ip; prefixLength = 20; @@ -83,4 +92,5 @@ in ]; time.timeZone = "Europe/Berlin"; + sound.enable = false; } diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index e7f600cd0..894f8a997 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -11,7 +11,7 @@ with import <stockholm/lib>; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "22da5d02466ffe465735986d705675982f3646a0"; # nixos-17.03 @ 2017-05-13 + ref = "58e227052d40021d82d015f3f8da011ae54ea430"; # nixos-17.03 @ 2017-05-24 }; secrets.file = if getEnv "dummy_secrets" == "true" diff --git a/shared/2configs/graphite.nix b/shared/2configs/graphite.nix index 8a1238466..689aedd04 100644 --- a/shared/2configs/graphite.nix +++ b/shared/2configs/graphite.nix @@ -22,12 +22,50 @@ with import <stockholm/lib>; MAX_CACHE_SIZE = inf MAX_UPDATES_PER_SECOND = 1 MAX_CREATES_PER_MINUTE = 50 + MAX_UPDATES_PER_SECOND_ONSHUTDOWN = 9001 ''; storageSchemas = '' [carbon] pattern = ^carbon\. retentions = 60:90d + + [radiation_sensor] + pattern = ^sensors\.radiation\. + retentions = 1m:30d,5m:180d,10m:3y + + [motion_sensors] + pattern = ^sensors\.motion\. + retentions = 1s:1h,60s:30d,300s:1y + + [motion_sensors] + pattern = ^retiolum\. + retentions = 10s:1h,30s:30d,300s:1y + + [homeassistant] + pattern = ^homeassistant\. + retentions = 10s:24h,30s:30d,300s:1y,3600s:5y + + [ara] + pattern = ^ara\. + retentions = 60s:30d,300s:1y + + [openweathermap] + pattern = ^weather\.openweathermap + retentions = 30m:30d,1h:5y + + [stadtklima] + pattern = ^weather\.stadtklima-stuttgart + retentions = 15m:30d,30m:5y + + [sensebox] + pattern = ^weather\.sensebox + retentions = 1m:90d,30m:5y + + [elchos] + pattern = ^elchos\. + retentions = 10s:14d,1m:90d,10m:5y + [default] pattern = .* retentions = 60s:30d,300s:1y diff --git a/shared/2configs/save-diskspace.nix b/shared/2configs/save-diskspace.nix new file mode 100644 index 000000000..ab074c750 --- /dev/null +++ b/shared/2configs/save-diskspace.nix @@ -0,0 +1,11 @@ +{lib, ... }: +# TODO: do not check out nixpkgs master but fetch revision from github +{ + environment.noXlibs = true; + nix.gc.automatic = true; + nix.gc.dates = lib.mkDefault "03:10"; + programs.info.enable = false; + programs.man.enable = false; + services.journald.extraConfig = "SystemMaxUse=50M"; + services.nixosManual.enable = false; +} diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack/drivedroid.nix index 12e4a39c3..12e4a39c3 100644 --- a/shared/2configs/shack-drivedroid.nix +++ b/shared/2configs/shack/drivedroid.nix diff --git a/shared/2configs/shack/mqtt_sub.nix b/shared/2configs/shack/mqtt_sub.nix new file mode 100644 index 000000000..dafa06ba9 --- /dev/null +++ b/shared/2configs/shack/mqtt_sub.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + pkg = pkgs.stdenv.mkDerivation { + name = "mqtt2graphite-2017-05-29"; + src = pkgs.fetchgit { + url = "https://github.com/shackspace/mqtt2graphite/"; + rev = "8c060e6"; + sha256 = "06x7a1j6sfyvvdxg0366fcslhn478anqh4m5hljyf0z29knvz7pg"; + }; + buildInputs = [ + (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [ + docopt + paho-mqtt + ])) + ]; + installPhase = '' + install -m755 -D sub.py $out/bin/sub + install -m755 -D sub2.py $out/bin/sub-new + ''; + }; +in { + systemd.services.mqtt_sub = { + description = "subscribe to mqtt, send to graphite"; + # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkg}/bin/sub-new"; + PrivateTmp = true; + }; + }; +} diff --git a/shared/2configs/shack/muell_caller.nix b/shared/2configs/shack/muell_caller.nix new file mode 100644 index 000000000..2d8d78e33 --- /dev/null +++ b/shared/2configs/shack/muell_caller.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + pkg = pkgs.stdenv.mkDerivation { + name = "muell_caller-2017-06-01"; + src = pkgs.fetchgit { + url = "https://github.com/shackspace/muell_caller/"; + rev = "bbd4009"; + sha256 = "1bfnfl2vdh0p5wzyz5p48qh04vvsg2445avg86fzhzragx25fqv0"; + }; + buildInputs = [ + (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ + docopt + requests2 + paramiko + python + ])) + ]; + installPhase = '' + install -m755 -D call.py $out/bin/call-muell + ''; + }; + cfg = "${toString <secrets>}/tell.json"; +in { + systemd.services.call_muell = { + description = "call muell"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; # TODO separate user + ExecStartPre = pkgs.writeDash "call-muell-pre" '' + cp ${cfg} /tmp/tell.json + chown nobody /tmp/tell.json + ''; + ExecStart = "${pkg}/bin/call-muell --cfg /tmp/tell.json --mode mpd loop 60"; + Restart = "always"; + PrivateTmp = true; + PermissionsStartOnly = true; + }; + }; +} diff --git a/shared/2configs/shack-nix-cacher.nix b/shared/2configs/shack/nix-cacher.nix index 4fcbf3a4e..4fcbf3a4e 100644 --- a/shared/2configs/shack-nix-cacher.nix +++ b/shared/2configs/shack/nix-cacher.nix diff --git a/shared/2configs/share-shack.nix b/shared/2configs/shack/share.nix index 247b9ee7d..247b9ee7d 100644 --- a/shared/2configs/share-shack.nix +++ b/shared/2configs/shack/share.nix |