summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
authorlassulus <lass@lassul.us>2017-04-11 21:50:29 +0200
committerlassulus <lass@lassul.us>2017-04-11 21:50:29 +0200
commit1f317b8a1a38e41cb721835ed46b2db1a5318f23 (patch)
tree5f4a6a791c4278a0709362d82ded9b7235d28112 /makefu
parent575a37f00e0ee6866c72a99327921068222fc1b0 (diff)
parent9224e9c4c8432ce8d7788592b9d25cfc29440ee6 (diff)
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu')
-rw-r--r--makefu/1systems/gum.nix3
-rw-r--r--makefu/1systems/wry.nix27
-rw-r--r--makefu/2configs/bepasty-dual.nix6
-rw-r--r--makefu/2configs/default.nix2
-rw-r--r--makefu/2configs/deployment/graphs.nix37
-rw-r--r--makefu/2configs/urlwatch.nix1
-rw-r--r--makefu/5pkgs/awesomecfg/default.nix1
7 files changed, 45 insertions, 32 deletions
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 910493026..c39997ebf 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -29,9 +29,12 @@ in {
../2configs/deployment/owncloud.nix
../2configs/nginx/share-download.nix
../2configs/nginx/euer.test.nix
+ ../2configs/nginx/euer.wiki.nix
+ ../2configs/nginx/euer.blog.nix
../2configs/nginx/public_html.nix
../2configs/nginx/update.connector.one.nix
../2configs/deployment/mycube.connector.one.nix
+ ../2configs/deployment/graphs.nix
# ../2configs/opentracker.nix
../2configs/logging/central-stats-client.nix
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index c403d2352..a5c4d3cca 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -19,8 +19,6 @@ in {
../2configs/backup.nix
# other nginx
- ../2configs/nginx/euer.wiki.nix
- ../2configs/nginx/euer.blog.nix
# ../2configs/nginx/euer.test.nix
# collectd
@@ -36,31 +34,6 @@ in {
# prepare graphs
services.nginx.enable = true;
krebs.retiolum-bootstrap.enable = true;
- krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
- if ( $server_addr = "${external-ip}" ) {
- return 403;
- }
- '';
- krebs.tinc_graphs = {
- enable = true;
- nginx = {
- enable = true;
- # TODO: remove hard-coded hostname
- complete = {
- extraConfig = ''
- if ( $server_addr = "${external-ip}" ) {
- return 403;
- }
- '';
- serverAliases = [ "graphs.r" "graphs.retiolum" "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ];
- };
- anonymous = {
- enableSSL = true;
- forceSSL = true;
- enableACME = true;
- };
- };
- };
networking = {
firewall = {
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
index 936aaf004..ecf5f8a38 100644
--- a/makefu/2configs/bepasty-dual.nix
+++ b/makefu/2configs/bepasty-dual.nix
@@ -14,7 +14,7 @@ with import <stockholm/lib>;
let
sec = toString <secrets>;
# secKey is nothing worth protecting on a local machine
- secKey = import <secrets/bepasty-secret.nix>;
+ secKey = "${secrets}/bepasty-secret";
acmepath = "/var/lib/acme/";
acmechall = acmepath + "/challenges/";
ext-dom = "paste.krebsco.de" ;
@@ -31,7 +31,7 @@ in {
serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
};
defaultPermissions = "admin,list,create,read,delete";
- secretKey = secKey;
+ secretKeyFile = secKey;
};
"${ext-dom}" = {
@@ -41,7 +41,7 @@ in {
enableACME = true;
};
defaultPermissions = "read";
- secretKey = secKey;
+ secretKeyFile = secKey;
};
};
};
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 2f340a678..7b2e6b617 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -22,7 +22,7 @@ with import <stockholm/lib>;
user = config.krebs.users.makefu;
source = let
inherit (config.krebs.build) host user;
- ref = "3ff00fa"; # unstable @ 2017-03-31 + cups-dymo
+ ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1
in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
{
diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix
new file mode 100644
index 000000000..35a724f6a
--- /dev/null
+++ b/makefu/2configs/deployment/graphs.nix
@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ external-ip = config.krebs.build.host.nets.internet.ip4.addr;
+ internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+ hn = config.krebs.build.host.name;
+in {
+ krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
+ if ( $server_addr = "${external-ip}" ) {
+ return 403;
+ }
+ '';
+ krebs.tinc_graphs = {
+ enable = true;
+ nginx = {
+ enable = true;
+ # TODO: remove hard-coded hostname
+ complete = {
+ extraConfig = ''
+ if ( $server_addr = "${external-ip}" ) {
+ return 403;
+ }
+ '';
+ serverAliases = [
+ "graphs.r" "graphs.retiolum"
+ "graphs.${hn}" "graphs.${hn}.retiolum"
+ ];
+ };
+ anonymous = {
+ enableSSL = true;
+ forceSSL = true;
+ enableACME = true;
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix
index 5b82d8107..d1dcec657 100644
--- a/makefu/2configs/urlwatch.nix
+++ b/makefu/2configs/urlwatch.nix
@@ -9,7 +9,6 @@
## nixpkgs maintenance
https://api.github.com/repos/ovh/python-ovh/tags
https://api.github.com/repos/embray/d2to1/tags
- http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release
https://api.github.com/repos/Mic92/vicious/tags
https://pypi.python.org/simple/bepasty/
https://pypi.python.org/simple/xstatic/
diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix
index c2276887e..b94b6fa54 100644
--- a/makefu/5pkgs/awesomecfg/default.nix
+++ b/makefu/5pkgs/awesomecfg/default.nix
@@ -1,6 +1,7 @@
_:
{
+ # TODO: requires in path: amixer, xlock, xbacklight
full = ./full.cfg;
kiosk = ./kiosk.lua;
}