From 3be10ef41a1f72ad39a11576df180f44b435d8c5 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 10 Sep 2018 13:56:24 +0200 Subject: ma iso.euer.krebsco.de: init --- makefu/1systems/iso/config.nix | 1 + makefu/2configs/nginx/iso.euer.nix | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 makefu/2configs/nginx/iso.euer.nix (limited to 'makefu') diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix index f863321bd..34a75dbd3 100644 --- a/makefu/1systems/iso/config.nix +++ b/makefu/1systems/iso/config.nix @@ -11,6 +11,7 @@ with import ; # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos krebs.build.host = config.krebs.hosts.iso; + isoImage.isoBaseName = lib.mkForce "stockholm"; krebs.hidden-ssh.enable = true; environment.systemPackages = with pkgs; [ aria2 diff --git a/makefu/2configs/nginx/iso.euer.nix b/makefu/2configs/nginx/iso.euer.nix new file mode 100644 index 000000000..63ef380fa --- /dev/null +++ b/makefu/2configs/nginx/iso.euer.nix @@ -0,0 +1,25 @@ +{config, pkgs, ... }: +let + system = builtins.currentSystem; #we can also build for other platforms + iso = (import + { inherit system; + modules = [ ../../1systems/iso/config.nix ]; } + + ); + image = iso.config.system.build.isoImage; + name = iso.config.isoImage.isoName; +in +{ + services.nginx = { + virtualHosts = { + "iso.euer.krebsco.de" = { + enableACME = true; + forceSSL = true; + locations."/" = { + root = "${image}/iso"; + index = name; + }; + }; + }; + }; +} -- cgit v1.2.3 From 9d2749e5caa4b3c8e3208c821199d9c2484c349b Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 10 Sep 2018 14:56:24 +0200 Subject: ma iso.euer.krebsco.de: expose iso as drivedroid repo --- makefu/2configs/nginx/iso.euer.nix | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/nginx/iso.euer.nix b/makefu/2configs/nginx/iso.euer.nix index 63ef380fa..522b7f6f8 100644 --- a/makefu/2configs/nginx/iso.euer.nix +++ b/makefu/2configs/nginx/iso.euer.nix @@ -1,4 +1,4 @@ -{config, pkgs, ... }: +{ config, pkgs, ... }: let system = builtins.currentSystem; #we can also build for other platforms iso = (import @@ -8,6 +8,25 @@ let ); image = iso.config.system.build.isoImage; name = iso.config.isoImage.isoName; + + drivedroid-cfg = builtins.toJSON [{ + id = "stockholm"; + name = "stockholm"; + tags = [ "hybrid" ]; + url = http://krebsco.de; + releases = [ + { version = iso.config.system.nixos.label; + url = "/stockholm.iso"; + arch = system; } + ]; + # size = TODO; + }]; + web = pkgs.linkFarm "web" [{ + name = "drivedroid.json"; + path = pkgs.writeText "drivedroid.json" drivedroid-cfg; } + { name = "stockholm.iso"; + path = "${image}/iso/${name}"; } + ]; in { services.nginx = { @@ -15,10 +34,8 @@ in "iso.euer.krebsco.de" = { enableACME = true; forceSSL = true; - locations."/" = { - root = "${image}/iso"; - index = name; - }; + root = web; + locations."/".index = "drivedroid.json"; }; }; }; -- cgit v1.2.3 From b2a3bd38ea70307c8b136eba42de7cc882afd441 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 10 Sep 2018 17:13:24 +0200 Subject: ma iso.euer: add imageUrl --- makefu/2configs/nginx/iso.euer.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/2configs/nginx/iso.euer.nix b/makefu/2configs/nginx/iso.euer.nix index 522b7f6f8..701609d4b 100644 --- a/makefu/2configs/nginx/iso.euer.nix +++ b/makefu/2configs/nginx/iso.euer.nix @@ -11,6 +11,7 @@ let drivedroid-cfg = builtins.toJSON [{ id = "stockholm"; + imageUrl = http://krebsco.de/krebs-v2.png; name = "stockholm"; tags = [ "hybrid" ]; url = http://krebsco.de; -- cgit v1.2.3 From ea9fcce6944eb71ebb03862ced66cf280dad55a2 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Sep 2018 18:49:19 +0200 Subject: shell.nix: RIP --- makefu/2configs/tools/dev.nix | 1 - makefu/source.nix | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index b652241bd..0de65cceb 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -20,7 +20,6 @@ brain gen-oath-safe cdrtools - stockholm # nix related nix-repl nix-index diff --git a/makefu/source.nix b/makefu/source.nix index 82a41886b..c350fe72c 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -57,7 +57,7 @@ in stockholm.file = toString ; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; + stockholm-version.pipe = "${pkgs.coreutils}/bin/echo derp"; } (mkIf ( musnix ) { musnix.git = { -- cgit v1.2.3 From b658de054d724064a3531de2d4a53a7a28cdc6ac Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Sep 2018 16:17:39 +0200 Subject: ma omo.r: split hardware config, use disko for tsp hardware --- makefu/1systems/hardware/tsp-disk.json | 23 ++++ makefu/1systems/omo/config.nix | 226 +++------------------------------ makefu/1systems/omo/hw/omo.nix | 117 +++++++++++++++++ makefu/1systems/omo/hw/tsp-tools.nix | 11 ++ makefu/1systems/omo/hw/tsp.nix | 32 +++++ makefu/2configs/dcpp/hub.nix | 102 +++++++++++++++ makefu/2configs/hub.nix | 102 --------------- 7 files changed, 303 insertions(+), 310 deletions(-) create mode 100644 makefu/1systems/hardware/tsp-disk.json create mode 100644 makefu/1systems/omo/hw/omo.nix create mode 100644 makefu/1systems/omo/hw/tsp-tools.nix create mode 100644 makefu/1systems/omo/hw/tsp.nix create mode 100644 makefu/2configs/dcpp/hub.nix delete mode 100644 makefu/2configs/hub.nix (limited to 'makefu') diff --git a/makefu/1systems/hardware/tsp-disk.json b/makefu/1systems/hardware/tsp-disk.json new file mode 100644 index 000000000..5a4bd26ab --- /dev/null +++ b/makefu/1systems/hardware/tsp-disk.json @@ -0,0 +1,23 @@ +{ + "type": "devices", + "content": { + "sda": { + "type": "table", + "format": "msdos", + "partitions": [ + { "type": "partition", + "part-type": "primary", + "start": "1M", + "end": "100%", + "bootable": true, + "content": { + "type": "filesystem", + "format": "ext4", + "mountpoint": "/" + } + } + ] + } + } +} + diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 109877bf1..47e815e77 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -4,52 +4,17 @@ { config, pkgs, lib, ... }: let - toMapper = id: "/media/crypt${builtins.toString id}"; - byid = dev: "/dev/disk/by-id/" + dev; - keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; - rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; - rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; - primaryInterface = "enp2s0"; - firetv = "192.168.1.238"; - # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 - # cryptsetup luksAddKey $dev tmpkey - # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 - # mkfs.xfs /dev/mapper/crypt0 -L crypt0 - - # omo Chassis: - # __FRONT_ - # |* d0 | - # | | - # |* d1 | - # | | - # |* d3 | - # | | - # |* | - # |* d2 | - # | * | - # | * | - # |_______| - # cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; - cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV"; - cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; - cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; - cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4"; - # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; - # all physical disks - - # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } - dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ]; - allDisks = [ rootDisk ] ++ dataDisks; + primaryInterface = config.makefu.server.primary-itf; in { imports = [ + #./hw/omo.nix + ./hw/tsp.nix - # TODO: unlock home partition via ssh - - + # @@ -78,6 +43,7 @@ in { + { hardware.pulseaudio.systemWide = true; makefu.mpd.musicDirectory = "/media/cryptX/music"; @@ -99,74 +65,9 @@ in { # Temporary: # - { # ncdc - environment.systemPackages = [ pkgs.ncdc ]; - networking.firewall = { - allowedUDPPorts = [ 51411 ]; - allowedTCPPorts = [ 51411 ]; - }; - } - { - systemd.services.firetv = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; - }; - }; - nixpkgs.config.permittedInsecurePackages = [ - "homeassistant-0.65.5" - ]; - services.home-assistant = { - config = { - homeassistant = { - name = "Home"; time_zone = "Europe/Berlin"; - latitude = "48.7687"; - longitude = "9.2478"; - }; - media_player = [ - { platform = "kodi"; - host = firetv; - } - { platform = "firetv"; - # assumes python-firetv running - } - ]; - sensor = [ - { platform = "luftdaten"; - name = "Ditzingen"; - sensorid = "663"; - monitored_conditions = [ "P1" "P2" ]; - } - # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ - { platform = "darksky"; - api_key = "c73619e6ea79e553a585be06aacf3679"; - language = "de"; - monitored_conditions = [ "summary" "icon" - "nearest_storm_distance" "precip_probability" - "precip_intensity" - "temperature" # "temperature_high" "temperature_low" - "hourly_summary" - "uv_index" ]; - units = "si" ; - update_interval = { - days = 0; - hours = 0; - minutes = 10; - seconds = 0; - }; - } - ]; - frontend = { }; - http = { }; - }; - enable = true; - #configDir = "/var/lib/hass"; - }; - } + ]; makefu.full-populate = true; - makefu.server.primary-itf = primaryInterface; krebs.rtorrent = { downloadDir = lib.mkForce "/media/cryptX/torrent"; extraConfig = '' @@ -178,18 +79,6 @@ in { members = [ "makefu" "misa" ]; }; networking.firewall.trustedInterfaces = [ primaryInterface ]; - # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net - # tcp:80 - nginx for sharing files - # tcp:655 udp:655 - tinc - # tcp:8111 - graphite - # tcp:8112 - pyload - # tcp:9090 - sabnzbd - # tcp:9200 - elasticsearch - # tcp:5601 - kibana - networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 8112 9200 9090 ]; - - # services.openssh.allowSFTP = false; # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; @@ -199,90 +88,11 @@ in { enable = true; servedir = "/media/cryptX/emu/ps3"; }; - # HDD Array stuff - services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - - makefu.snapraid = { - enable = true; - # TODO: 3 is not protected - disks = map toMapper [ 0 1 ]; - parity = toMapper 2; - }; - - # TODO create folders in /media - system.activationScripts.createCryptFolders = '' - ${lib.concatMapStringsSep "\n" - (d: "install -m 755 -d " + (toMapper d) ) - [ 0 1 2 "X" ]} - ''; - environment.systemPackages = with pkgs;[ - mergerfs # hard requirement for mount - wol # wake up filepimp - f3 - ]; - fileSystems = let - cryptMount = name: - { "/media/${name}" = { - device = "/dev/mapper/${name}"; fsType = "xfs"; - options = [ "nofail" ]; - };}; - in cryptMount "crypt0" - // cryptMount "crypt1" - // cryptMount "crypt2" - // cryptMount "crypt3" - // { "/media/cryptX" = { - device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]); - fsType = "mergerfs"; - noCheck = true; - options = [ "defaults" "allow_other" "nofail" "nonempty" ]; - }; - }; - - powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' - ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} - ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} - ${pkgs.hdparm}/sbin/hdparm -y ${disk} - '') allDisks); - # crypto unlocking - boot = { - initrd.luks = { - devices = let - usbkey = name: device: { - inherit name device keyFile; - keyFileSize = 4096; - allowDiscards = true; - }; - in [ - (usbkey "luksroot" rootPartition) - (usbkey "crypt0" cryptDisk0) - (usbkey "crypt1" cryptDisk1) - (usbkey "crypt2" cryptDisk2) - (usbkey "crypt3" cryptDisk3) - ]; - }; - loader.grub.device = lib.mkForce rootDisk; - - initrd.availableKernelModules = [ - "ahci" - "ohci_pci" - "ehci_pci" - "pata_atiixp" - "firewire_ohci" - "usb_storage" - "usbhid" - ]; - - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; users.users.misa = { uid = 9002; name = "misa"; }; - # hardware.enableAllFirmware = true; - hardware.enableRedistributableFirmware = true; - hardware.cpu.intel.updateMicrocode = true; zramSwap.enable = true; @@ -290,23 +100,23 @@ in { nickname = "Reaktor|shack"; workdir = "/var/lib/Reaktor/shack"; channels = [ "#shackspace" ]; - plugins = with pkgs.ReaktorPlugins;[ - shack-correct - # stockholm-issue - sed-plugin - random-emoji ]; + plugins = with pkgs.ReaktorPlugins; + [ shack-correct + # stockholm-issue + sed-plugin + random-emoji ]; }; krebs.Reaktor.reaktor-bgt = { nickname = "Reaktor|bgt"; workdir = "/var/lib/Reaktor/bgt"; channels = [ "#binaergewitter" ]; - plugins = with pkgs.ReaktorPlugins;[ - titlebot - # stockholm-issue - nixos-version - shack-correct - sed-plugin - random-emoji ]; + plugins = with pkgs.ReaktorPlugins; + [ titlebot + # stockholm-issue + nixos-version + shack-correct + sed-plugin + random-emoji ]; }; krebs.build.host = config.krebs.hosts.omo; diff --git a/makefu/1systems/omo/hw/omo.nix b/makefu/1systems/omo/hw/omo.nix new file mode 100644 index 000000000..1b618a486 --- /dev/null +++ b/makefu/1systems/omo/hw/omo.nix @@ -0,0 +1,117 @@ +{ config, pkgs, lib, ... }: +let + toMapper = id: "/media/crypt${builtins.toString id}"; + byid = dev: "/dev/disk/by-id/" + dev; + keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; + rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; + rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; + primaryInterface = "enp2s0"; + # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 + # cryptsetup luksAddKey $dev tmpkey + # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 + # mkfs.xfs /dev/mapper/crypt0 -L crypt0 + + # omo Chassis: + # __FRONT_ + # |* d0 | + # | | + # |* d1 | + # | | + # |* d3 | + # | | + # |* | + # |* d2 | + # | * | + # | * | + # |_______| + # cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; + cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV"; + cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; + cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; + cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4"; + # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; + # all physical disks + + # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } + dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ]; + allDisks = [ rootDisk ] ++ dataDisks; +in { + imports = + [ # TODO: unlock home partition via ssh + ]; + makefu.server.primary-itf = primaryInterface; + system.activationScripts.createCryptFolders = '' + ${lib.concatMapStringsSep "\n" + (d: "install -m 755 -d " + (toMapper d) ) + [ 0 1 2 "X" ]} + ''; + + makefu.snapraid = { + enable = true; + # TODO: 3 is not protected + disks = map toMapper [ 0 1 ]; + parity = toMapper 2; + }; + fileSystems = let + cryptMount = name: + { "/media/${name}" = { + device = "/dev/mapper/${name}"; fsType = "xfs"; + options = [ "nofail" ]; + };}; + in cryptMount "crypt0" + // cryptMount "crypt1" + // cryptMount "crypt2" + // cryptMount "crypt3" + // { "/media/cryptX" = { + device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]); + fsType = "mergerfs"; + noCheck = true; + options = [ "defaults" "allow_other" "nofail" "nonempty" ]; + }; + }; + + powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' + ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} + ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} + ${pkgs.hdparm}/sbin/hdparm -y ${disk} + '') allDisks); + + # crypto unlocking + boot = { + initrd.luks = { + devices = let + usbkey = name: device: { + inherit name device keyFile; + keyFileSize = 4096; + allowDiscards = true; + }; + in [ + (usbkey "luksroot" rootPartition) + (usbkey "crypt0" cryptDisk0) + (usbkey "crypt1" cryptDisk1) + (usbkey "crypt2" cryptDisk2) + (usbkey "crypt3" cryptDisk3) + ]; + }; + loader.grub.device = lib.mkForce rootDisk; + + initrd.availableKernelModules = [ + "ahci" + "ohci_pci" + "ehci_pci" + "pata_atiixp" + "firewire_ohci" + "usb_storage" + "usbhid" + ]; + + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + environment.systemPackages = with pkgs;[ + mergerfs # hard requirement for mount + ]; + hardware.enableRedistributableFirmware = true; + hardware.cpu.intel.updateMicrocode = true; +} + diff --git a/makefu/1systems/omo/hw/tsp-tools.nix b/makefu/1systems/omo/hw/tsp-tools.nix new file mode 100644 index 000000000..6579edd9d --- /dev/null +++ b/makefu/1systems/omo/hw/tsp-tools.nix @@ -0,0 +1,11 @@ +let + disko = import (builtins.fetchGit { + url = https://cgit.lassul.us/disko/; + rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe"; + }); + + cfg = builtins.fromJSON (builtins.readFile ../../hardware/tsp-disk.json); +in '' +${disko.create cfg} +${disko.mount cfg} +'' diff --git a/makefu/1systems/omo/hw/tsp.nix b/makefu/1systems/omo/hw/tsp.nix new file mode 100644 index 000000000..4af0d73fc --- /dev/null +++ b/makefu/1systems/omo/hw/tsp.nix @@ -0,0 +1,32 @@ +{ pkgs, ... }: +with builtins; +let + disko = import (builtins.fetchGit { + url = https://cgit.lassul.us/disko/; + rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe"; + }); + cfg = fromJSON (readFile ../../hardware/tsp-disk.json); + primaryInterface = "enp1s0"; + rootDisk = "/dev/sda"; # TODO same as disko uses +in { + imports = [ + (disko.config cfg) + ]; + makefu.server.primary-itf = primaryInterface; + boot = { + loader.grub.device = rootDisk; + + initrd.availableKernelModules = [ + "ahci" + "ohci_pci" + "ehci_pci" + "pata_atiixp" + "firewire_ohci" + "usb_storage" + "usbhid" + ]; + + kernelModules = [ "kvm-intel" ]; + }; + +} diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix new file mode 100644 index 000000000..a121157d4 --- /dev/null +++ b/makefu/2configs/dcpp/hub.nix @@ -0,0 +1,102 @@ +{ config, lib, pkgs, ... }: + +# search also generates ddclient entries for all other logs + +with import ; +let + ddclientUser = "ddclient"; + sec = toString ; + nsupdate = import "${sec}/nsupdate-hub.nix"; + stateDir = "/var/spool/ddclient"; + cfg = "${stateDir}/cfg"; + ext-if = config.makefu.server.primary-itf; + ddclientPIDFile = "${stateDir}/ddclient.pid"; + + # TODO: correct cert generation requires a `real` internet ip address + + gen-cfg = dict: '' + ssl=yes + cache=${stateDir}/ddclient.cache + pid=${ddclientPIDFile} + ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' + + protocol=dyndns2 + use=web, web=http://ipv4.nsupdate.info/myip + ssl=yes + server=ipv4.nsupdate.info + login=${user} + password='${pass}' + ${user} + + '') dict)} + ''; + +in { + users.extraUsers = singleton { + name = ddclientUser; + uid = genid "ddclient"; + description = "ddclient daemon user"; + home = stateDir; + createHome = true; + }; + + systemd.services = { + redis.serviceConfig.LimitNOFILE=10032; + ddclient-nsupdate-uhub = { + wantedBy = [ "multi-user.target" ]; + after = [ "ip-up.target" ]; + serviceConfig = { + Type = "forking"; + User = ddclientUser; + PIDFile = ddclientPIDFile; + ExecStartPre = pkgs.writeDash "init-nsupdate" '' + cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} + chmod 700 ${cfg} + ''; + ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; + }; + }; + }; + + networking.firewall.extraCommands = '' + iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511 + ''; + systemd.services.uhub.serviceConfig = { + PrivateTmp = true; + PermissionsStartOnly = true; + ExecStartPre = pkgs.writeDash "uhub-pre" '' + cp ${toString } /tmp/uhub.crt + cp ${toString } /tmp/uhub.key + cp ${toString } /tmp/uhub.sql + chown uhub /tmp/* + ''; + + }; + services.uhub = { + enable = true; + port = 1511; + enableTLS = true; + hubConfig = '' + hub_name = "krebshub" + tls_certificate = /tmp/uhub.crt + tls_private_key = /tmp/uhub.key + registered_users_only = true + ''; + plugins = { + welcome = { + enable = true; + motd = "shareit"; + rules = "1. Don't be an asshole"; + }; + history = { + enable = true; + }; + authSqlite = { + enable = true; + file = "/tmp/uhub.sql"; + }; + + }; + }; + networking.firewall.allowedTCPPorts = [ 411 1511 ]; +} diff --git a/makefu/2configs/hub.nix b/makefu/2configs/hub.nix deleted file mode 100644 index a121157d4..000000000 --- a/makefu/2configs/hub.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ config, lib, pkgs, ... }: - -# search also generates ddclient entries for all other logs - -with import ; -let - ddclientUser = "ddclient"; - sec = toString ; - nsupdate = import "${sec}/nsupdate-hub.nix"; - stateDir = "/var/spool/ddclient"; - cfg = "${stateDir}/cfg"; - ext-if = config.makefu.server.primary-itf; - ddclientPIDFile = "${stateDir}/ddclient.pid"; - - # TODO: correct cert generation requires a `real` internet ip address - - gen-cfg = dict: '' - ssl=yes - cache=${stateDir}/ddclient.cache - pid=${ddclientPIDFile} - ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' - - protocol=dyndns2 - use=web, web=http://ipv4.nsupdate.info/myip - ssl=yes - server=ipv4.nsupdate.info - login=${user} - password='${pass}' - ${user} - - '') dict)} - ''; - -in { - users.extraUsers = singleton { - name = ddclientUser; - uid = genid "ddclient"; - description = "ddclient daemon user"; - home = stateDir; - createHome = true; - }; - - systemd.services = { - redis.serviceConfig.LimitNOFILE=10032; - ddclient-nsupdate-uhub = { - wantedBy = [ "multi-user.target" ]; - after = [ "ip-up.target" ]; - serviceConfig = { - Type = "forking"; - User = ddclientUser; - PIDFile = ddclientPIDFile; - ExecStartPre = pkgs.writeDash "init-nsupdate" '' - cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} - chmod 700 ${cfg} - ''; - ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; - }; - }; - }; - - networking.firewall.extraCommands = '' - iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511 - ''; - systemd.services.uhub.serviceConfig = { - PrivateTmp = true; - PermissionsStartOnly = true; - ExecStartPre = pkgs.writeDash "uhub-pre" '' - cp ${toString } /tmp/uhub.crt - cp ${toString } /tmp/uhub.key - cp ${toString } /tmp/uhub.sql - chown uhub /tmp/* - ''; - - }; - services.uhub = { - enable = true; - port = 1511; - enableTLS = true; - hubConfig = '' - hub_name = "krebshub" - tls_certificate = /tmp/uhub.crt - tls_private_key = /tmp/uhub.key - registered_users_only = true - ''; - plugins = { - welcome = { - enable = true; - motd = "shareit"; - rules = "1. Don't be an asshole"; - }; - history = { - enable = true; - }; - authSqlite = { - enable = true; - file = "/tmp/uhub.sql"; - }; - - }; - }; - networking.firewall.allowedTCPPorts = [ 411 1511 ]; -} -- cgit v1.2.3 From babf8b1377c5d4551365ecc707b07c036da7550d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Sep 2018 22:29:29 +0200 Subject: ma deployment/homeautomation: init --- .../2configs/deployment/homeautomation/default.nix | 61 ++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 makefu/2configs/deployment/homeautomation/default.nix (limited to 'makefu') diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix new file mode 100644 index 000000000..1f935e2f8 --- /dev/null +++ b/makefu/2configs/deployment/homeautomation/default.nix @@ -0,0 +1,61 @@ +{ pkgs, config, ... }: +let + firetv = "192.168.1.238"; +in { + systemd.services.firetv = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; + }; + }; + nixpkgs.config.permittedInsecurePackages = [ + "homeassistant-0.65.5" + ]; + services.home-assistant = { + config = { + homeassistant = { + name = "Home"; time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + }; + media_player = [ + { platform = "kodi"; + host = firetv; + } + { platform = "firetv"; + # assumes python-firetv running + } + ]; + sensor = [ + { platform = "luftdaten"; + name = "Ditzingen"; + sensorid = "663"; + monitored_conditions = [ "P1" "P2" ]; + } + # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ + { platform = "darksky"; + api_key = "c73619e6ea79e553a585be06aacf3679"; + language = "de"; + monitored_conditions = [ "summary" "icon" + "nearest_storm_distance" "precip_probability" + "precip_intensity" + "temperature" # "temperature_high" "temperature_low" + "hourly_summary" + "uv_index" ]; + units = "si" ; + update_interval = { + days = 0; + hours = 0; + minutes = 10; + seconds = 0; + }; + } + ]; + frontend = { }; + http = { }; + }; + enable = true; + #configDir = "/var/lib/hass"; + }; +} -- cgit v1.2.3 From 9cdcf9b7ebb36f78f20263ec02089bfd427d7e81 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Sep 2018 22:30:34 +0200 Subject: ma gum.r: clean up dangling code --- makefu/1systems/gum/config.nix | 60 ++---------------------------------- makefu/2configs/wireguard/server.nix | 52 +++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 57 deletions(-) create mode 100644 makefu/2configs/wireguard/server.nix (limited to 'makefu') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 351844482..36af23bb5 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -74,14 +74,8 @@ in { # - - { # ncdc - environment.systemPackages = [ pkgs.ncdc ]; - networking.firewall = { - allowedUDPPorts = [ 51411 ]; - allowedTCPPorts = [ 51411 ]; - }; - } + + # @@ -103,55 +97,7 @@ in { # locations."/".proxyPass = "http://localhost:5000"; # }; #} - { # wireguard server - - # opkg install wireguard luci-proto-wireguard - - # TODO: networking.nat - - # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - # conf.all.proxy_arp =1 - networking.firewall = { - allowedUDPPorts = [ 51820 ]; - extraCommands = '' - iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE - ''; - }; - - networking.wireguard.interfaces.wg0 = { - ips = [ "10.244.0.1/24" ]; - listenPort = 51820; - privateKeyFile = (toString ) + "/wireguard.key"; - allowedIPsAsRoutes = true; - peers = [ - { - # x - allowedIPs = [ "10.244.0.2/32" ]; - publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - } - { - # vbob - allowedIPs = [ "10.244.0.3/32" ]; - publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; - } - { - # x-test - allowedIPs = [ "10.244.0.4/32" ]; - publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; - } - { - # work-router - allowedIPs = [ "10.244.0.5/32" ]; - publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; - } - { - # workr - allowedIPs = [ "10.244.0.6/32" ]; - publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; - } - ]; - }; - } + { # iperf3 networking.firewall.allowedUDPPorts = [ 5201 ]; networking.firewall.allowedTCPPorts = [ 5201 ]; diff --git a/makefu/2configs/wireguard/server.nix b/makefu/2configs/wireguard/server.nix new file mode 100644 index 000000000..e38fa05cb --- /dev/null +++ b/makefu/2configs/wireguard/server.nix @@ -0,0 +1,52 @@ +{ config, ... }: +let + ext-if = config.makefu.server.primary-itf; +in { # wireguard server + + # opkg install wireguard luci-proto-wireguard + + # TODO: networking.nat + + # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + # conf.all.proxy_arp =1 + networking.firewall = { + allowedUDPPorts = [ 51820 ]; + extraCommands = '' + iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE + ''; + }; + + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.1/24" ]; + listenPort = 51820; + privateKeyFile = (toString ) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # x + allowedIPs = [ "10.244.0.2/32" ]; + publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + } + { + # vbob + allowedIPs = [ "10.244.0.3/32" ]; + publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } + { + # workr + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } + ]; + }; +} -- cgit v1.2.3 From bdf8d7a94d71e82a980392633f84842eb4084291 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Sep 2018 22:54:55 +0200 Subject: ma dcpp: add client --- makefu/2configs/dcpp/client.nix | 9 +++++++++ makefu/2configs/dcpp/hub.nix | 26 ++++++++++++++++++-------- 2 files changed, 27 insertions(+), 8 deletions(-) create mode 100644 makefu/2configs/dcpp/client.nix (limited to 'makefu') diff --git a/makefu/2configs/dcpp/client.nix b/makefu/2configs/dcpp/client.nix new file mode 100644 index 000000000..3b27778e5 --- /dev/null +++ b/makefu/2configs/dcpp/client.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; +} + diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index a121157d4..92977b4c8 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -30,6 +30,7 @@ let '') dict)} ''; + uhubDir = "/var/lib/uhub"; in { users.extraUsers = singleton { @@ -65,22 +66,31 @@ in { PrivateTmp = true; PermissionsStartOnly = true; ExecStartPre = pkgs.writeDash "uhub-pre" '' - cp ${toString } /tmp/uhub.crt - cp ${toString } /tmp/uhub.key - cp ${toString } /tmp/uhub.sql - chown uhub /tmp/* + cp -f ${toString } ${uhubDir}/uhub.crt + cp -f ${toString } ${uhubDir}/uhub.key + if test -d ${uhubDir};then + echo "Directory ${uhubDir} already exists, skipping db init" + else + echo "Copying sql user db" + cp ${toString } ${uhubDir}/uhub.sql + fi + chown -R uhub ${uhubDir} ''; }; + users.users.uhub = { + home = uhubDir; + createHome = true; + }; services.uhub = { enable = true; port = 1511; enableTLS = true; hubConfig = '' hub_name = "krebshub" - tls_certificate = /tmp/uhub.crt - tls_private_key = /tmp/uhub.key - registered_users_only = true + tls_certificate = ${uhubDir}/uhub.crt + tls_private_key = ${uhubDir}/uhub.key + registered_users_only = true ''; plugins = { welcome = { @@ -93,7 +103,7 @@ in { }; authSqlite = { enable = true; - file = "/tmp/uhub.sql"; + file = "${uhubDir}/uhub.sql"; }; }; -- cgit v1.2.3 From 905684e02b3e5eb1c4e5fe6200a0e89776bbdf4b Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 14 Sep 2018 15:11:21 +0200 Subject: ma pkgs.esniper: update to 2.35.0 --- makefu/5pkgs/esniper/default.nix | 32 +++++++++++++++++++++++++++++++ makefu/5pkgs/esniper/find-ca-bundle.patch | 26 +++++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 makefu/5pkgs/esniper/default.nix create mode 100644 makefu/5pkgs/esniper/find-ca-bundle.patch (limited to 'makefu') diff --git a/makefu/5pkgs/esniper/default.nix b/makefu/5pkgs/esniper/default.nix new file mode 100644 index 000000000..a6aac5748 --- /dev/null +++ b/makefu/5pkgs/esniper/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchurl , openssl, curl, coreutils, gawk, bash, which }: + +stdenv.mkDerivation rec { + name = "${pname}-2-35-0"; + pname = "esniper"; + version = "2.35.0"; + src = fetchurl { + url = "mirror://sourceforge/${pname}/${name}.tgz"; + sha256 = "04iwjb42lw90c03125bjdpnm0fp78dmwf2j35r7mah0nwcrlagd9"; + }; + + + buildInputs = [ openssl curl ]; + + # Add support for CURL_CA_BUNDLE variable. + # Fix . + patches = [ ./find-ca-bundle.patch ]; + + postInstall = '' + sed <"frontends/snipe" >"$out/bin/snipe" \ + -e "2i export PATH=\"$out/bin:${stdenv.lib.makeBinPath [ coreutils gawk bash which ]}:\$PATH\"" + chmod 555 "$out/bin/snipe" + ''; + + meta = with stdenv.lib; { + description = "Simple, lightweight tool for sniping eBay auctions"; + homepage = http://esniper.sourceforge.net; + license = licenses.gpl2; + maintainers = with maintainers; [ lovek323 peti ]; + platforms = platforms.all; + }; +} diff --git a/makefu/5pkgs/esniper/find-ca-bundle.patch b/makefu/5pkgs/esniper/find-ca-bundle.patch new file mode 100644 index 000000000..e4df272a0 --- /dev/null +++ b/makefu/5pkgs/esniper/find-ca-bundle.patch @@ -0,0 +1,26 @@ +diff -ubr '--exclude=*.o' esniper-2-27-0-orig/http.c esniper-2-27-0-patched/http.c +--- esniper-2-27-0-orig/http.c 2012-02-06 22:04:06.000000000 +0100 ++++ esniper-2-27-0-patched/http.c 2012-07-27 10:54:20.893054646 +0200 +@@ -200,6 +200,9 @@ + int + initCurlStuff(void) + { ++ /* Path to OpenSSL bundle file. */ ++ const char *ssl_capath=NULL; ++ + /* list for custom headers */ + struct curl_slist *slist=NULL; + +@@ -241,6 +244,12 @@ + if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_COOKIEFILE, ""))) + return initCurlStuffFailed(); + ++ /* If the environment variable CURL_CA_BUNDLE is set, pass through its ++ * contents to curl. */ ++ if ((ssl_capath = getenv("CURL_CA_BUNDLE"))) ++ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_CAINFO, ssl_capath))) ++ return initCurlStuffFailed(); ++ + slist = curl_slist_append(slist, "Accept: text/*"); + slist = curl_slist_append(slist, "Accept-Language: en"); + slist = curl_slist_append(slist, "Accept-Charset: iso-8859-1,*,utf-8"); -- cgit v1.2.3 From a881fe45f18194a32f737703181cdd11c422ec63 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 16 Sep 2018 00:26:42 +0200 Subject: ma secrets: add completion --- makefu/2configs/tools/mobility.nix | 6 +++++- makefu/2configs/tools/secrets.nix | 12 ++++++++++++ makefu/2configs/zsh-user.nix | 2 ++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/tools/secrets.nix (limited to 'makefu') diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 1993a5212..8a559dbbd 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -3,7 +3,11 @@ users.users.makefu.packages = with pkgs;[ go-mtpfs mosh + sshfs + rclone + exfat + (pkgs.callPackage ./secrets.nix {}) ]; - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } diff --git a/makefu/2configs/tools/secrets.nix b/makefu/2configs/tools/secrets.nix new file mode 100644 index 000000000..f88618cbc --- /dev/null +++ b/makefu/2configs/tools/secrets.nix @@ -0,0 +1,12 @@ +{ pass, write, writeDash, ... }: + +write "secrets" { + "/bin/secrets".link = writeDash "brain" '' + PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ + exec ${pass}/bin/pass $@ + ''; + "/bin/secretsmenu".link = writeDash "secretsmenu" '' + PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ + exec ${pass}/bin/passmenu $@ + ''; +} diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 6be078f6a..23ae572da 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -68,6 +68,8 @@ in compdef _pass brain zstyle ':completion::complete:brain::' prefix "$HOME/brain" + compdef _pass secrets + zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" # ctrl-x ctrl-e autoload -U edit-command-line -- cgit v1.2.3 From 98ffcd6fd64adc2773bb1fc6f7f838016b5582f8 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:24:05 +0200 Subject: ma source.nix: rip --- makefu/krops.nix | 4 ++ makefu/source.nix | 122 ------------------------------------------------------ 2 files changed, 4 insertions(+), 122 deletions(-) delete mode 100644 makefu/source.nix (limited to 'makefu') diff --git a/makefu/krops.nix b/makefu/krops.nix index 3838db635..f8ea6f7ef 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -18,6 +18,7 @@ unstable = false; #unstable channel checked out mic92 = false; nms = false; + arm6 = false; clever_kexec = false; } // import (./. + "/1systems/${name}/source.nix"); source = { test }: lib.evalSource [ @@ -29,6 +30,9 @@ nixpkgs = if test || host-src.full then { git.ref = nixpkgs-src.rev; git.url = nixpkgs-src.url; + } else if host-src.arm6 then { + # TODO: we want to track the unstable channel + symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/"; } else { file = "/home/makefu/store/${nixpkgs-src.rev}"; }; diff --git a/makefu/source.nix b/makefu/source.nix deleted file mode 100644 index c350fe72c..000000000 --- a/makefu/source.nix +++ /dev/null @@ -1,122 +0,0 @@ -with import ; -host@{ name, - override ? {} -, secure ? false -, full ? false -, torrent ? false -, hw ? false -, musnix ? false -, python ? false -, unstable ? false #unstable channel checked out -, mic92 ? false -, nms ? false -, clever_kexec ?false -}: -let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "makefu"; - _file = + "/makefu/1systems/${name}/source.nix"; - pkgs = import { - overlays = map import [ - - - ]; - }; - # TODO: automate updating of this ref + cherry-picks - ref = "8f991294288"; # nixos-18.03 @ 2018-08-06 - # + do_sqlite3 ruby: 55a952be5b5 - # + exfat-nofuse bump: ee6a5296a35 - # + uhub/sqlite: 5dd7610401747 - -in - evalSource (toString _file) [ - { - nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix"; - # always perform a full populate when buildbot - nixpkgs = if full || (builder == "buildbot" ) then { - git = { - url = https://github.com/makefu/nixpkgs; - inherit ref; - }; - } else { - # right now it is simply extracted revision folder - - ## prepare so we do not have to wait for rsync: - ## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs - file = "/home/makefu/store/${ref}"; - }; - - secrets = getAttr builder { - buildbot.file = toString ; - makefu.pass = { - inherit name; - dir = "${getEnv "HOME"}/.secrets-pass"; - }; - }; - - - stockholm.file = toString ; - stockholm-version.pipe = "${pkgs.coreutils}/bin/echo derp"; - } - (mkIf ( musnix ) { - musnix.git = { - url = https://github.com/musnix/musnix.git; - ref = "master"; # follow the musnix channel, lets see how this works out - }; - }) - - (mkIf ( hw ) { - nixos-hardware.git = { - url = https://github.com/nixos/nixos-hardware.git; - ref = "30fdd53"; - }; - }) - - (mkIf ( python ) { - python.git = { - url = https://github.com/garbas/nixpkgs-python; - ref = "cac319b7"; - }; - }) - - (mkIf ( torrent ) { - torrent-secrets = getAttr builder { - buildbot.file = toString ; - makefu.pass = { - name = "torrent"; - dir = "${getEnv "HOME"}/.secrets-pass"; - }; - }; - }) - - (mkIf ( unstable ) { - nixpkgs-unstable.git = { - url = https://github.com/nixos/nixpkgs-channels; - ref = "nixos-unstable"; - }; - }) - - (mkIf ( mic92 ) { - mic92.git = { - url = https://github.com/Mic92/dotfiles/; - ref = "48a1f49"; - }; - }) - - (mkIf ( nms ) { - nms.git = { - url = https://github.com/r-raymond/nixos-mailserver; - ref = "v2.1.2"; - }; - }) - - (mkIf ( clever_kexec ) { - clever_kexec.git = { - url = https://github.com/cleverca22/nix-tests; - ref = "5a670de7f2decfaafc95c34ffeb0f1896662f3d7"; - }; - }) - - override - ] -- cgit v1.2.3 From 04ab857228a55ae6627df2bf5714d7ab0b12ebe5 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:26:44 +0200 Subject: ma pkgs.cozy-audiobooks: fix description --- makefu/5pkgs/cozy-audiobooks/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'makefu') diff --git a/makefu/5pkgs/cozy-audiobooks/default.nix b/makefu/5pkgs/cozy-audiobooks/default.nix index f1d655a0a..870fa8ce2 100644 --- a/makefu/5pkgs/cozy-audiobooks/default.nix +++ b/makefu/5pkgs/cozy-audiobooks/default.nix @@ -85,13 +85,9 @@ stdenv.mkDerivation rec { ninja test ''; - #preInstall = '' - # export MESON_INSTALL_PREFIX=$out - #''; - meta = with stdenv.lib; { description = '' - Eval nix code from python. + A modern audio book player for Linux using GTK+ 3 ''; maintainers = [ maintainers.makefu ]; license = licenses.mit; -- cgit v1.2.3 From 1424c4cdb66848005d84b153cc98d2047bbd30b2 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:29:03 +0200 Subject: ma pkgs.quodlibet: add private patches --- .../custom/quodlibet/remove-override-warning.patch | 54 ++++++++++++++++++++++ .../custom/quodlibet/single-digit-discnumber.patch | 13 ++++++ makefu/5pkgs/default.nix | 4 ++ 3 files changed, 71 insertions(+) create mode 100644 makefu/5pkgs/custom/quodlibet/remove-override-warning.patch create mode 100644 makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch (limited to 'makefu') diff --git a/makefu/5pkgs/custom/quodlibet/remove-override-warning.patch b/makefu/5pkgs/custom/quodlibet/remove-override-warning.patch new file mode 100644 index 000000000..0f9d41024 --- /dev/null +++ b/makefu/5pkgs/custom/quodlibet/remove-override-warning.patch @@ -0,0 +1,54 @@ +diff --git a/quodlibet/qltk/edittags.py b/quodlibet/quodlibet/qltk/edittags.py +index 148866ef7..e741b9c3d 100644 +--- a/quodlibet/qltk/edittags.py ++++ b/quodlibet/qltk/edittags.py +@@ -740,13 +740,6 @@ class EditTags(Gtk.VBox): + win.show() + all_done = False + for song in songs: +- if not song.valid(): +- win.hide() +- dialog = OverwriteWarning(self, song) +- resp = dialog.run() +- win.show() +- if resp != OverwriteWarning.RESPONSE_SAVE: +- break + + changed = False + for key, values in iteritems(updated): +diff --git a/quodlibet/qltk/tagsfrompath.py b/quodlibet/quodlibet/qltk/tagsfrompath.py +index fd3f0709c..cb5b44f20 100644 +--- a/quodlibet/qltk/tagsfrompath.py ++++ b/quodlibet/qltk/tagsfrompath.py +@@ -284,13 +284,6 @@ class TagsFromPath(Gtk.VBox): + for entry in ((model and itervalues(model)) or []): + song = entry.song + changed = False +- if not song.valid(): +- win.hide() +- dialog = OverwriteWarning(self, song) +- resp = dialog.run() +- win.show() +- if resp != OverwriteWarning.RESPONSE_SAVE: +- break + + for i, h in enumerate(pattern.headers): + text = entry.get_match(h) +diff --git a/quodlibet/qltk/tracknumbers.py b/quodlibet/quodlibet/qltk/tracknumbers.py +index 1ab4d0b9a..52f087db4 100644 +--- a/quodlibet/qltk/tracknumbers.py ++++ b/quodlibet/qltk/tracknumbers.py +@@ -160,13 +160,6 @@ class TrackNumbers(Gtk.VBox): + if song.get("tracknumber") == track: + win.step() + continue +- if not song.valid(): +- win.hide() +- dialog = OverwriteWarning(self, song) +- resp = dialog.run() +- win.show() +- if resp != OverwriteWarning.RESPONSE_SAVE: +- break + song["tracknumber"] = track + try: + song.write() diff --git a/makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch b/makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch new file mode 100644 index 000000000..05778fde7 --- /dev/null +++ b/makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch @@ -0,0 +1,13 @@ +diff --git a/quodlibet/pattern/_pattern.py b/quodlibet/pattern/_pattern.py +index fc056d07a..8fb559c6e 100644 +--- a/quodlibet/pattern/_pattern.py ++++ b/quodlibet/pattern/_pattern.py +@@ -387,7 +387,7 @@ def _number(key, value): + elif key == "discnumber": + parts = value.split("/") + try: +- return "%02d" % int(parts[0]) ++ return "%d" % int(parts[0]) + except (TypeError, ValueError): + return value + else: diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 390c13ffe..d1aec70cb 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -20,6 +20,10 @@ with super.lib; with builtins; let (filterAttrs (_: eq "directory") (readDir path)); in { + quodlibet = super.pkgs.stdenv.lib.overrideDerivation super.quodlibet (old: { + patches = [ ./custom/quodlibet/single-digit-discnumber.patch + ./custom/quodlibet/remove-override-warning.patch ]; + }); alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; -- cgit v1.2.3 From 97012c2e2054e98bf87cb9b480e89317e715f5c7 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:31:21 +0200 Subject: ma retroshare: prepare installation retroshare somewhat sucks though ;) --- makefu/2configs/retroshare.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 makefu/2configs/retroshare.nix (limited to 'makefu') diff --git a/makefu/2configs/retroshare.nix b/makefu/2configs/retroshare.nix new file mode 100644 index 000000000..4d2fc6af9 --- /dev/null +++ b/makefu/2configs/retroshare.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +let + port = 9024; +in { + users.users.makefu.packages = [ + pkgs.retroshare + ]; + networking.firewall.allowedTCPPorts = [ port ]; + networking.firewall.allowedUDPPorts = [ port ]; +} -- cgit v1.2.3 From 6bb1a3318d4951dcb6ed555d816b73bfac368b35 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:32:22 +0200 Subject: ma weather2stats: add WIP --- makefu/2configs/stats/external/weather2stats.nix | 38 ++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 makefu/2configs/stats/external/weather2stats.nix (limited to 'makefu') diff --git a/makefu/2configs/stats/external/weather2stats.nix b/makefu/2configs/stats/external/weather2stats.nix new file mode 100644 index 000000000..870db99a8 --- /dev/null +++ b/makefu/2configs/stats/external/weather2stats.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + pkg = pkgs.stdenv.mkDerivation { + name = "aralast-master"; + src = pkgs.fetchFromGitHub { + owner = "makefu"; + repo = "aralast"; + rev = "7121598"; + sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m"; + }; + installPhase = '' + install -m755 -D aralast.sh $out/bin/aralast + ''; + }; +in { + systemd.services.aralast = { + description = "periodically fetch aramark"; + path = [ + pkgs.curl + pkgs.gnugrep + pkgs.gnused + ]; + wantedBy = [ "multi-user.target" ]; + environment = { + INFLUX_HOST = "localhost"; + INFLUX_PORT = "8086"; + }; + # every 10 seconds when the cantina is open + startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0,15,30,45"; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkg}/bin/aralast"; + PrivateTmp = true; + }; + }; +} -- cgit v1.2.3 From 79ce9eb666182a07a542d9501514093732e5dec5 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:32:44 +0200 Subject: ma share: add time-mashine functionality for omo --- makefu/2configs/share/omo-timemachine.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 makefu/2configs/share/omo-timemachine.nix (limited to 'makefu') diff --git a/makefu/2configs/share/omo-timemachine.nix b/makefu/2configs/share/omo-timemachine.nix new file mode 100644 index 000000000..18cf0328e --- /dev/null +++ b/makefu/2configs/share/omo-timemachine.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: +{ + services.samba = { + # support for timemachine in git + package = pkgs.sambaFull; + shares = { + time_machine = { + path = "/media/crypt3/backup/time_machine"; + "valid users" = "misa"; + public = "no"; + writeable = "yes"; + "force user" = "misa"; + "fruit:aapl" = "yes"; + "fruit:time machine" = "yes"; + "vfs objects" = "catia fruit streams_xattr"; + }; + }; + }; +} -- cgit v1.2.3 From 443b88738aa064dd7f2d88b58d18751f5a2646e7 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:35:36 +0200 Subject: ma mail.euer.krebsco.de: init with SimpleNixosMailServer --- makefu/2configs/mail/mail.euer.nix | 47 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 makefu/2configs/mail/mail.euer.nix (limited to 'makefu') diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix new file mode 100644 index 000000000..f079d7f41 --- /dev/null +++ b/makefu/2configs/mail/mail.euer.nix @@ -0,0 +1,47 @@ +{ config, pkgs, ... }: +{ + imports = [ + (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.1.4/nixos-mailserver-v2.1.4.tar.gz") + ]; + + mailserver = { + enable = true; + fqdn = "euer.eloop.org"; + domains = [ "euer.eloop.org" ]; + loginAccounts = { + "makefu@euer.eloop.org" = { + hashedPassword = "$6$5gFFAPnI/c/EHIx$3aHj64p5SX./C.MPb.eBmyLDRdWS1yaoV0s9r3Yexw4UO9URdUkBDgqT7F0Mjgt6.gyYaJ5E50h0Yg7iHtLWI/"; + aliases = [ "root@euer.eloop.org" ]; + catchAll = [ "euer.eloop.org" ]; + + }; + }; + certificateScheme = 3; + + # Enable IMAP and POP3 + enableImap = true; + enablePop3 = false; + enableImapSsl = true; + enablePop3Ssl = false; + + # Enable the ManageSieve protocol + enableManageSieve = true; + + virusScanning = false; + + }; + + services.dovecot2.extraConfig = '' + ssl_dh = Date: Mon, 17 Sep 2018 00:36:33 +0200 Subject: ma shack-autoinstall: add WIP --- makefu/1systems/shack-autoinstall/config.nix | 49 +++++ .../1systems/shack-autoinstall/grub-partition.sh | 5 + makefu/1systems/shack-autoinstall/shack-config.nix | 231 +++++++++++++++++++++ .../1systems/shack-autoinstall/uefi-partition.sh | 24 +++ 4 files changed, 309 insertions(+) create mode 100644 makefu/1systems/shack-autoinstall/config.nix create mode 100644 makefu/1systems/shack-autoinstall/grub-partition.sh create mode 100644 makefu/1systems/shack-autoinstall/shack-config.nix create mode 100644 makefu/1systems/shack-autoinstall/uefi-partition.sh (limited to 'makefu') diff --git a/makefu/1systems/shack-autoinstall/config.nix b/makefu/1systems/shack-autoinstall/config.nix new file mode 100644 index 000000000..d53c411c0 --- /dev/null +++ b/makefu/1systems/shack-autoinstall/config.nix @@ -0,0 +1,49 @@ +{ config, pkgs, lib, ... }: + +with import ; +let + disk = "/dev/sda"; +in { + imports = [ + + + + + ]; + # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now + # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos + krebs.build.host = config.krebs.hosts.iso; + krebs.hidden-ssh.enable = true; + + environment.extraInit = '' + EDITOR=vim + ''; + # iso-specific + boot.kernelParams = [ "copytoram" ]; + + + environment.systemPackages = [ + pkgs.parted + ( pkgs.writeScriptBin "shack-install" '' + #! /bin/sh + echo "go ahead and try NIX_PATH=/root/.nix-defexpr/channels/ nixos-install" + '') + ]; + + systemd.services.wpa_supplicant.wantedBy = lib.mkForce [ "multi-user.target" ]; + + networking.wireless = { + enable = true; + networks.shack.psk = "welcome2shack"; + }; + + + services.openssh = { + enable = true; + hostKeys = [ + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + # enable ssh in the iso boot process + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; +} diff --git a/makefu/1systems/shack-autoinstall/grub-partition.sh b/makefu/1systems/shack-autoinstall/grub-partition.sh new file mode 100644 index 000000000..c23c89799 --- /dev/null +++ b/makefu/1systems/shack-autoinstall/grub-partition.sh @@ -0,0 +1,5 @@ +#!/bin/sh +set -euf +parted -s ${disk} mklabel msdos +parted -s ${disk} -- mkpart primary linux-swap 1M 4096M +parted -s ${disk} -- mkpart primary ext2 4096M 100% diff --git a/makefu/1systems/shack-autoinstall/shack-config.nix b/makefu/1systems/shack-autoinstall/shack-config.nix new file mode 100644 index 000000000..9fa54ae32 --- /dev/null +++ b/makefu/1systems/shack-autoinstall/shack-config.nix @@ -0,0 +1,231 @@ +{ config, pkgs, lib, ... }: + +{ + imports = [ + ./hardware-configuration.nix + # TODO: + ]; + + # shacks-specific + networking.wireless = { + enable = true; + networks.shack.psk = "181471eb97eb23f12c6871227bc4a7b13c8f6af56dcc0d0e8b71f4d7a510cb4e"; + }; + networking.hostName = "shackbook"; + + boot.tmpOnTmpfs = true; + + users.users.shack = { + createHome = true; + useDefaultShell = true; + home = "/home/shack"; + uid = 9001; + packages = with pkgs;[ + chromium + firefox + ]; + extraGroups = [ "audio" "wheel" ]; + hashedPassword = "$6$KIxlQTLEnKl7cwC$LrmbwZ64Mlm7zqUUZ0EObPJMES3C0mQ6Sw7ynTuXzUo7d9EWg/k5XCGkDHMFvL/Pz19Awcv0knHB1j3dHT6fh/" ; + }; + + environment.variables = let + ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + in { + EDITOR = lib.mkForce "vim"; + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + + services.printing = { + enable = true; + # TODO: shack-printer + }; + + + environment.systemPackages = with pkgs;[ + parted + ddrescue + tmux + jq git gnumake htop rxvt_unicode.terminfo + (pkgs.vim_configurable.customize { + name = "vim"; + vimrcConfig.customRC = '' + set nocompatible + syntax on + set list + set listchars=tab:▸\ + "set list listchars=tab:>-,trail:.,extends:> + + filetype off + filetype plugin indent on + + colorscheme darkblue + set background=dark + + set number + set relativenumber + set mouse=a + set ignorecase + set incsearch + set wildignore=*.o,*.obj,*.bak,*.exe,*.os + set textwidth=79 + set shiftwidth=2 + set expandtab + set softtabstop=2 + set shiftround + set smarttab + set tabstop=2 + set et + set autoindent + set backspace=indent,eol,start + + + inoremap + nnoremap + vnoremap + + nnoremap :UndotreeToggle + set undodir =~/.vim/undo + set undofile + "maximum number of changes that can be undone + set undolevels=1000000 + "maximum number lines to save for undo on a buffer reload + set undoreload=10000000 + + nnoremap :set invpaste paste? + set pastetoggle= + set showmode + + set showmatch + set matchtime=3 + set hlsearch + + autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red + + + " save on focus lost + au FocusLost * :wa + + autocmd BufRead *.json set filetype=json + au BufNewFile,BufRead *.mustache set syntax=mustache + + cnoremap SudoWrite w !sudo tee > /dev/null % + + " create Backup/tmp/undo dirs + set backupdir=~/.vim/backup + set directory=~/.vim/tmp + + function! InitBackupDir() + let l:parent = $HOME . '/.vim/' + let l:backup = l:parent . 'backup/' + let l:tmpdir = l:parent . 'tmp/' + let l:undodir= l:parent . 'undo/' + + + if !isdirectory(l:parent) + call mkdir(l:parent) + endif + if !isdirectory(l:backup) + call mkdir(l:backup) + endif + if !isdirectory(l:tmpdir) + call mkdir(l:tmpdir) + endif + if !isdirectory(l:undodir) + call mkdir(l:undodir) + endif + endfunction + call InitBackupDir() + + augroup Binary + " edit binaries in xxd-output, xxd is part of vim + au! + au BufReadPre *.bin let &bin=1 + au BufReadPost *.bin if &bin | %!xxd + au BufReadPost *.bin set ft=xxd | endif + au BufWritePre *.bin if &bin | %!xxd -r + au BufWritePre *.bin endif + au BufWritePost *.bin if &bin | %!xxd + au BufWritePost *.bin set nomod | endif + augroup END + ''; + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" ]; } + # vim-nix handles indentation better but does not perform sanity + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + ]; + }) + + ]; +