Merge remote-tracking branch 'gum/master'

1systems/filepimp.nix

@@ -1,10 +1,14 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
+{ config, pkgs, lib, ... }:
+let
+  byid = dev: "/dev/disk/by-id/" + dev;
+  part1 = disk: disk + "-part1";
+  rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890";
+  jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
+  jDisk1 = byid "ata-ST4000DM000-1F2168_Z3040NEA";
+  jDisk2 = byid "ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E0621363";
+  jDisk3 = byid "ata-TOSHIBA_MD04ACA400_156GK89OFSBA";
+  allDisks = [ rootDisk jDisk0 jDisk1 jDisk2 jDisk3 ];
+in {
   imports =
     [ # Include the results of the hardware scan.
       ../2configs/fs/single-partition-ext4.nix
@@ -12,16 +16,9 @@
       ../2configs/smart-monitor.nix
     ];
   krebs.build.host = config.krebs.hosts.filepimp;
-  services.smartd.devices = [
-    { device = "/dev/sda"; }
-    { device = "/dev/sdb"; }
-    { device = "/dev/sdc"; }
-    { device = "/dev/sdd"; }
-    { device = "/dev/sde"; }
-  ];
   # AMD N54L
   boot = {
-    loader.grub.device = "/dev/sde";
+    loader.grub.device = rootDisk;
 
     initrd.availableKernelModules = [
       "ahci"
@@ -40,4 +37,28 @@
 
   zramSwap.enable = true;
   zramSwap.numDevices = 2;
+
+  makefu.snapraid = let
+    toMedia = name: "/media/" + name;
+  in {
+    enable = true;
+    # todo combine creation when enabling the mount point
+    disks = map toMedia [ "j0" "j1" "j2" ];
+    parity = toMedia "par0";
+  };
+  # TODO: refactor, copy-paste from omo
+  services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
+  powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
+      ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
+      ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
+      ${pkgs.hdparm}/sbin/hdparm -y ${disk}
+    '') allDisks);
+  fileSystems = let
+    xfsmount = name: dev:
+      { "/media/${name}" = { device = dev; fsType = "xfs"; }; };
+  in
+        (xfsmount "j0" (part1 jDisk0))
+    //  (xfsmount "j1" (part1 jDisk1))
+    //  (xfsmount "j2" (part1 jDisk2))
+    //  (xfsmount "par0" (part1 jDisk3));
 }

1systems/gum.nix

@@ -15,6 +15,7 @@ in {
       ../2configs/git/cgit-retiolum.nix
       ../2configs/mattermost-docker.nix
       ../2configs/nginx/euer.test.nix
+      ../2configs/nginx/update.connector.one.nix
 
       ../2configs/exim-retiolum.nix
       ../2configs/urlwatch.nix

1systems/omo.nix

@@ -28,8 +28,7 @@ in {
       ../2configs/smart-monitor.nix
       ../2configs/mail-client.nix
       ../2configs/share-user-sftp.nix
-      ../2configs/nginx/omo-share.nix
-      ../3modules
+      ../2configs/omo-share.nix
     ];
   networking.firewall.trustedInterfaces = [ "enp3s0" ];
   # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
@@ -40,35 +39,7 @@ in {
   networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
 
   # services.openssh.allowSFTP = false;
-  krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
-
-  # samba share /media/crypt1/share
-  users.users.smbguest = {
-    name = "smbguest";
-    uid = config.ids.uids.smbguest;
-    description = "smb guest user";
-    home = "/var/empty";
-  };
-  services.samba = {
-    enable = true;
-    shares = {
-      winshare = {
-        path = "/media/crypt1/share";
-        "read only" = "no";
-        browseable = "yes";
-        "guest ok" = "yes";
-      };
-    };
-    extraConfig = ''
-      guest account = smbguest
-      map to guest = bad user
-      # disable printing
-      load printers = no
-      printing = bsd
-      printcap name = /dev/null
-      disable spoolss = yes
-    '';
-  };
+  krebs.build.source.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
 
   # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
   services.sabnzbd.enable = true;

1systems/vbob.nix

@@ -18,27 +18,8 @@
     tinc = pkgs.tinc_pre;
   };
 
-  makefu.buildbot.master = {
-    enable = false;
-    irc = {
-      enable = true;
-      server = "cd.retiolum";
-      channel = "retiolum";
-      allowForce = true;
-    };
-  };
-  # services.logstash.enable = true;
-  makefu.buildbot.slave = {
-    enable = false;
-    masterhost = "localhost";
-    username = "testslave";
-    password = "krebspass";
-    packages = with pkgs;[ git nix ];
-    extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
-  };
-
-  krebs.build.source.git.nixpkgs = {
-    #url = https://github.com/nixos/nixpkgs;
+  krebs.build.source.nixpkgs = {
+    # url = https://github.com/nixos/nixpkgs;
     # HTTP Everywhere + libredir
     rev = "8239ac6";
   };

2configs/backup.nix

@@ -0,0 +1,30 @@
+{ config, lib, ... }:
+with lib;
+let
+  startAt = "0,6,12,18:00";
+  defaultBackupServer = config.krebs.hosts.omo;
+  defaultBackupDir = "/home/backup";
+  defaultPull = host: src: {
+    method = "pull";
+    src = {
+      inherit host;
+      path = src;
+    };
+    dst = {
+      host = defaultBackupServer;
+      path = defaultBackupDir + src;
+    };
+    startAt = "0,6,12,18:00";
+    snapshots = {
+      hourly   = { format = "%Y-%m-%dT%H";    retain =  4; };
+      daily    = { format = "%Y-%m-%d";       retain =  7; };
+      weekly   = { format = "%YW%W";          retain =  4; };
+      monthly  = { format = "%Y-%m";          retain = 12; };
+      yearly   = { format = "%Y";                          };
+    };
+  };
+in {
+  krebs.backup.plans = addNames {
+    wry-to-omo_var-www = defaultPull wry "/var/www";
+  };
+}

2configs/default.nix

@@ -20,24 +20,18 @@ with lib;
     build =  {
       target = mkDefault "root@${config.krebs.build.host.name}";
       user = config.krebs.users.makefu;
-      source = {
-        git.nixpkgs = {
-          #url = https://github.com/NixOS/nixpkgs;
-          url = mkDefault https://github.com/nixos/nixpkgs;
-          rev = mkDefault "93d8671e2c6d1d25f126ed30e5e6f16764330119"; # unstable @ 2015-01-03, tested on filepimp
-          target-path = "/var/src/nixpkgs";
+      source =  mapAttrs (_: mkDefault) {
+        upstream-nixpkgs = {
+          url = https://github.com/nixos/nixpkgs;
+          rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119"; # unstable @ 2015-01-03, tested on filepimp
         };
+        secrets = "/home/makefu/secrets/${config.krebs.build.host.name}/";
+        stockholm = "/home/makefu/stockholm";
 
-        dir.secrets = {
-          host = config.krebs.hosts.pornocauster;
-          path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
-        };
-
-        dir.stockholm = {
-          host = config.krebs.hosts.pornocauster;
-          path = "/home/makefu/stockholm" ;
-          target-path = "/var/src/stockholm";
-        };
+        # Defaults for all stockholm users?
+        nixos-config = "symlink:stockholm/${config.krebs.build.user.name}/1systems/${config.krebs.build.host.name}.nix";
+        nixpkgs = symlink:stockholm/nixpkgs;
+        stockholm-user = "symlink:stockholm/${config.krebs.build.user.name}";
       };
     };
   };
@@ -86,11 +80,7 @@ with lib;
   ];
 
   environment.variables = {
-    NIX_PATH = with config.krebs.build.source; with dir; with git;
-      mkForce (concatStringsSep ":" [
-        "nixpkgs=${nixpkgs.target-path}"
-        "${nixpkgs.target-path}"
-      ]);
+    NIX_PATH = mkForce "/var/src";
     EDITOR = mkForce "vim";
   };
 

2configs/nginx/update.connector.one.nix

@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  hostname = config.krebs.build.host.name;
+  external-ip = head config.krebs.build.host.nets.internet.addrs4;
+in {
+  krebs.nginx = {
+    enable = mkDefault true;
+    servers = {
+      omo-share = {
+        listen = [ "${external-ip}:80" ];
+        server-names = [
+          "update.connector.one"
+          "firmware.connector.one"
+        ];
+        locations = singleton (nameValuePair "/" ''
+          autoindex on;
+          root /var/www/update.connector.one;
+          sendfile on;
+          gzip on;
+        '');
+      };
+    };
+  };
+}

2configs/omo-share.nix

@@ -31,4 +31,38 @@ in {
       };
     };
   };
+
+  # samba share /media/crypt1/share
+  users.users.smbguest = {
+    name = "smbguest";
+    uid = config.ids.uids.smbguest;
+    description = "smb guest user";
+    home = "/var/empty";
+  };
+  services.samba = {
+    enable = true;
+    shares = {
+      winshare = {
+        path = "/media/crypt1/share";
+        "read only" = "no";
+        browseable = "yes";
+        "guest ok" = "yes";
+      };
+      usenet = {
+        path = "/media/crypt0/usenet/dst";
+        "read only" = "yes";
+        browseable = "yes";
+        "guest ok" = "yes";
+      };
+    };
+    extraConfig = ''
+      guest account = smbguest
+      map to guest = bad user
+      # disable printing
+      load printers = no
+      printing = bsd
+      printcap name = /dev/null
+      disable spoolss = yes
+    '';
+  };
 }

2configs/unstable-sources.nix

@@ -1,7 +1,7 @@
 _:
 
 {
-  krebs.build.source.git.nixpkgs = {
+  krebs.build.source.nixpkgs = {
       url = https://github.com/makefu/nixpkgs;
       rev = "15b5bbfbd1c8a55e7d9e05dd9058dc102fac04fe"; # cherry-picked collectd
     };

2configs/wwan.nix

@@ -1,7 +1,6 @@
 _:
 
 {
-  imports = [ ../3modules ];
   makefu.umts = {
     enable = true;
     modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";