Merge remote-tracking branch 'prism/master'

1systems/gum.nix

@@ -24,6 +24,7 @@ in {
       ../2configs/torrent.nix
       ../2configs/graphite-standalone.nix
       ../2configs/sabnzbd.nix
+      ../2configs/gum-share.nix
 
       ../2configs/opentracker.nix
 

1systems/x.nix

@@ -32,7 +32,7 @@
       # ../2configs/buildbot-standalone.nix
 
       # hardware specifics are in here
-      ../2configs/hw/tp-x220.nix
+      ../2configs/hw/tp-x230.nix
       ../2configs/hw/rtl8812au.nix
       ../2configs/hw/bcm4352.nix
       # mount points
@@ -46,7 +46,7 @@
       # temporary modules
       ../2configs/temp/share-samba.nix
       ../2configs/laptop-backup.nix
-      ../2configs/temp/elkstack.nix
+      #../2configs/temp/elkstack.nix
       # ../2configs/temp/sabnzbd.nix
       ../2configs/tinc/siem.nix
       #../2configs/torrent.nix
@@ -62,7 +62,7 @@
 
   environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ];
 
-  # virtualisation.docker.enable = true;
+  virtualisation.docker.enable = true;
 
   # configure pulseAudio to provide a HDMI sink as well
   networking.firewall.enable = true;

2configs/default.nix

@@ -10,7 +10,6 @@ with import <stockholm/lib>;
     }
     ./vim.nix
     ./binary-cache/nixos.nix
-    ./binary-cache/lass.nix
   ];
 
   nixpkgs.config.allowUnfreePredicate =  (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
@@ -90,9 +89,14 @@ with import <stockholm/lib>;
     "d /tmp 1777 root root - -"
   ];
   nix.nixPath = [ "/var/src" ];
-  environment.variables = {
+  environment.variables = let
+    ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+  in {
     NIX_PATH = mkForce "/var/src";
     EDITOR = mkForce "vim";
+    CURL_CA_BUNDLE = ca-bundle;
+    GIT_SSL_CAINFO = ca-bundle;
+    SSL_CERT_FILE  = ca-bundle;
   };
 
   environment.systemPackages = with pkgs; [

2configs/deployment/mycube.connector.one.nix

@@ -6,7 +6,11 @@ let
   external-ip = config.krebs.build.host.nets.internet.ip4.addr;
   wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock";
 in {
-  services.redis.enable = true;
+  services.redis = {
+    enable = true;
+  };
+  systemd.services.redis.serviceConfig.LimitNOFILE=10032;
+
   services.uwsgi = {
     enable = true;
     user = "nginx";

2configs/gum-share.nix

@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+  hostname = config.krebs.build.host.name;
+in {
+  # users.users.smbguest = {
+  #   name = "smbguest";
+  #   uid = config.ids.uids.smbguest;
+  #   description = "smb guest user";
+  #   home = "/var/empty";
+  # };
+
+  users.users.download = { };
+  services.samba = {
+    enable = true;
+    shares = {
+      download = {
+        path = "/var/download";
+        "read only" = "no";
+        browseable = "yes";
+        "guest ok" = "no";
+        "valid users" = "download";
+      };
+    };
+    extraConfig = ''
+      # guest account = smbguest
+      # map to guest = bad user
+      # disable printing
+      load printers = no
+      printing = bsd
+      printcap name = /dev/null
+      disable spoolss = yes
+    '';
+  };
+  networking.firewall.extraCommands = ''
+      iptables -A INPUT -i retiolum -p tcp --dport 445 -j ACCEPT
+  '';
+}

2configs/hw/bcm4352.nix

@@ -1,6 +1,7 @@
 {config, ...}:
 {
   networking.enableB43Firmware = true;
+  boot.kernelModules = [ "wl" ];
   boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
 }
 

2configs/hw/tp-x230.nix

@@ -5,9 +5,19 @@ with import <stockholm/lib>;
 
   imports = [ ./tp-x2x0.nix ];
   boot = {
-    kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" "tp_smapi" ];
+    # tp-smapi is not supported bt x230 anymore
-    extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+    kernelModules = [
+      "kvm-intel"
+      "thinkpad_ec"
+   #   "acpi_call"
+   #   "thinkpad_acpi"
+   #   "tpm-rng"
+    ];
+    extraModulePackages = [
+    #  config.boot.kernelPackages.acpi_call
+    ];
   };
+  services.acpid.enable = true;
   hardware.opengl.extraPackages =  [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
   services.xserver = {
     videoDriver = "intel";
@@ -15,8 +25,8 @@ with import <stockholm/lib>;
       Option "AccelMethod" "sna"
     '';
   };
-
+  # no entropy source working
-  security.rngd.enable = true;
+  # security.rngd.enable = true;
 
   services.xserver.displayManager.sessionCommands =''
     xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1

2configs/hw/tp-x2x0.nix

@@ -28,8 +28,9 @@ with import <stockholm/lib>;
   services.tlp.enable = true;
   services.tlp.extraConfig = ''
     # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
-    #START_CHARGE_THRESH_BAT0=80
+    START_CHARGE_THRESH_BAT0=67
-    STOP_CHARGE_THRESH_BAT0=95
+    STOP_CHARGE_THRESH_BAT0=100
+
 
     CPU_SCALING_GOVERNOR_ON_AC=performance
     CPU_SCALING_GOVERNOR_ON_BAT=ondemand
@@ -40,6 +41,6 @@ with import <stockholm/lib>;
   '';
 
   powerManagement.resumeCommands = ''
-    {pkgs.rfkill}/bin/rfkill unblock all
+    ${pkgs.rfkill}/bin/rfkill unblock all
   '';
 }

2configs/nginx/euer.wiki.nix

@@ -44,7 +44,6 @@ in {
         pm.min_spare_servers = 1
         pm.max_spare_servers = 3
         chdir = /
-        # errors to journal
         php_admin_value[error_log] = 'stderr'
         php_admin_flag[log_errors] = on
         catch_workers_output = yes

2configs/tinc/retiolum.nix

@@ -1,4 +1,7 @@
 _:
 {
+  imports = [
+    ../binary-cache/lass.nix
+  ];
   krebs.tinc.retiolum.enable = true;
 }

2configs/urlwatch.nix

@@ -15,7 +15,7 @@
       http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
       http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
       https://github.com/amadvance/snapraid/releases.atom
-      https://erdgeist.org/gitweb/opentracker/commit/
+      https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
     ];
   };
 }