Merge branch 'master' of gum:stockholm

1systems/darth.nix

@@ -14,11 +14,23 @@ in {
       ../2configs/fs/single-partition-ext4.nix
       ../2configs/zsh-user.nix
       ../2configs/smart-monitor.nix
+      ../2configs/exim-retiolum.nix
+      ../2configs/virtualization.nix
   ];
 
+  networking.firewall.allowedUDPPorts = [ 80 655 67 ];
+  networking.firewall.allowedTCPPorts = [ 80 655 ];
+  networking.firewall.checkReversePath = false;
+  #networking.firewall.enable = false;
   # virtualisation.nova.enableSingleNode = true;
   krebs.retiolum.enable = true;
 
+  boot.kernelModules = [ "coretemp" "f71882fg" ];
+
+  hardware.enableAllFirmware = true;
+  nixpkgs.config.allowUnfree = true;
+  networking.wireless.enable = true;
+
   # TODO smartd omo darth gum all-in-one
   services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
   zramSwap.enable = true;

1systems/gum.nix

@@ -41,6 +41,8 @@ in {
     ];
   };
 
+  makefu.taskserver.enable = true;
+
   krebs.nginx.servers.cgit = {
     server-names = [ "cgit.euer.krebsco.de" ];
     listen = [ "${external-ip}:80" "${internal-ip}:80" ];
@@ -86,6 +88,8 @@ in {
           21032
           # tinc-retiolum
           21031
+          # taskserver
+          53589
         ];
         allowedUDPPorts = [
           # tinc

1systems/omo.nix

@@ -44,16 +44,21 @@ in {
       ../2configs/smart-monitor.nix
       ../2configs/mail-client.nix
       ../2configs/share-user-sftp.nix
+      ../2configs/graphite-standalone.nix
       ../2configs/omo-share.nix
     ];
+
   krebs.retiolum.enable = true;
   networking.firewall.trustedInterfaces = [ "enp3s0" ];
   # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
   # tcp:80          - nginx for sharing files
   # tcp:655 udp:655 - tinc
-  # tcp:8080        - sabnzbd
+  # tcp:8111        - graphite
+  # tcp:9090        - sabnzbd
+  # tcp:9200        - elasticsearch
+  # tcp:5601        - kibana
   networking.firewall.allowedUDPPorts = [ 655 ];
-  networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
+  networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
 
   # services.openssh.allowSFTP = false;
 

2configs/base-gui.nix

@@ -10,16 +10,6 @@
 #
 # if this is not enough, check out main-laptop.nix
 
-## TODO: .Xdefaults:
-# URxvt*termName:         rxvt
-# URxvt.scrollBar : false
-# URxvt*scrollBar_right:  false
-# URxvt*borderLess:       false
-# URxvt.foreground: white
-# URxvt.background: black
-# URxvt.urgentOnBell: true
-# URxvt.visualBell: false
-# URxvt.font : xft:Terminus
 
 with config.krebs.lib;
 let
@@ -83,7 +73,9 @@ in
       XTerm*FaceName  : Terminus:pixelsize=14
 
       URxvt*termName:         rxvt
-      URxvt.scrollBar : False
+      URxvt*saveLines:            10000
+      URxvt*loginShell:           false
+      URxvt.scrollBar : false
       URxvt*scrollBar_right:  false
       URxvt*borderLess:       false
       URxvt.foreground: white

2configs/fs/sda-crypto-root-home.nix

@@ -19,7 +19,7 @@ with config.krebs.lib;
     "/home" = {
       device = "/dev/mapper/main-home";
       fsType = "ext4";
-      options="defaults,discard";
+      options = [ "defaults" "discard" ];
     };
   };
 }

2configs/fs/sda-crypto-root.nix

@@ -18,12 +18,12 @@ with config.krebs.lib;
     "/" = {
       device = "/dev/mapper/luksroot";
       fsType = "ext4";
-      options="defaults,discard";
+      options = [ "defaults" "discard" ];
     };
     "/boot" = {
       device = "/dev/disk/by-label/nixboot";
       fsType = "ext4";
-      options="defaults,discard";
+      options = [ "defaults" "discard" ];
     };
   };
 }

2configs/hw/tp-x2x0.nix

@@ -23,6 +23,7 @@ with config.krebs.lib;
   services.tlp.enable = true;
   services.tlp.extraConfig = ''
     START_CHARGE_THRESH_BAT0=80
+    STOP_CHARGE_THRESH_BAT0=95
 
     CPU_SCALING_GOVERNOR_ON_AC=performance
     CPU_SCALING_GOVERNOR_ON_BAT=ondemand

2configs/mail-client.nix

@@ -7,7 +7,7 @@ with config.krebs.lib;
     gnupg
     imapfilter
     msmtp
-    mutt-kz
+    mutt
     notmuch
     offlineimap
     openssl

2configs/nginx/public_html.nix

@@ -0,0 +1,15 @@
+{ config, lib, ... }:
+
+with config.krebs.lib;
+
+{
+  krebs.nginx = {
+    enable = true;
+    servers.default.locations = [
+      (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
+        alias /home/$1/public_html$2;
+        autoindex on;
+      '')
+    ];
+  };
+}

2configs/omo-share.nix

@@ -48,6 +48,13 @@ in {
         browseable = "yes";
         "guest ok" = "yes";
       };
+
+      emu = {
+        path = "/media/crypt1/emu";
+        "read only" = "yes";
+        browseable = "yes";
+        "guest ok" = "yes";
+      };
       usenet = {
         path = "/media/crypt0/usenet/dst";
         "read only" = "yes";

3modules/default.nix

@@ -4,6 +4,7 @@ _:
   imports = [
     ./snapraid.nix
     ./umts.nix
+    ./taskserver.nix
   ];
 }
 

3modules/taskserver.nix

@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+  cfg = config.makefu.taskserver;
+
+  out = {
+    options.makefu.taskserver = api;
+    config = lib.mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "taskserver";
+
+    workingDir = mkOption {
+      type = types.str;
+      default = "/var/lib/taskserver";
+    };
+
+    package = mkOption {
+      type = types.package;
+      default = pkgs.taskserver;
+    };
+
+
+  };
+
+  imp = {
+    environment.systemPackages = [ cfg.package ];
+    systemd.services.taskserver = {
+      description = "taskd server";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      restartIfChanged = true;
+      unitConfig = {
+        Documentation = "http://taskwarrior.org/docs/#taskd" ;
+        # https://taskwarrior.org/docs/taskserver/configure.html
+        ConditionPathExists = "${cfg.workingDir}/config";
+      };
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}";
+        WorkingDirectory = cfg.workingDir;
+        PrivateTmp = true;
+        InaccessibleDirectories = "/home /boot /opt /mnt /media";
+        User = "taskd";
+      };
+    };
+
+    users.users.taskd = {
+      uid = genid "taskd";
+      home = cfg.workingDir;
+      createHome = true;
+    };
+    users.groups.taskd.gid = genid "taskd";
+  };
+
+in
+out
+

4lib/default.nix

@@ -0,0 +1,30 @@
+{ config, lib, ... }:
+
+with lib;
+let
+  addDefaultTime = bku-entry: recursiveUpdate {
+    snapshots = {
+      daily    = { format = "%Y-%m-%d"; retain =  7; };
+      weekly   = { format = "%YW%W";    retain =  4; };
+      monthly  = { format = "%Y-%m";    retain = 12; };
+      yearly   = { format = "%Y";                    };
+    };
+    startAt = "5:23";
+  } bku-entry;
+
+  backup-host = config.krebs.hosts.omo;
+  backup-path = "/media/backup";
+in {
+  bku = {
+    inherit addDefaultTime;
+    simplePath = addDefaultTime (path: {
+      method = "pull";
+      src = { host = config.krebs.build.host; inherit path; };
+      dst = {
+        host = backup-host;
+        path = backup-path ++ config.krebs.build.host.name
+                           ++ builtins.replaceStrings ["/"] ["-"] path;
+      };
+    });
+  };
+}

5pkgs/default.nix

@@ -9,9 +9,10 @@ in
     alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
     alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
     awesomecfg = callPackage ./awesomecfg {};
-    nodemcu-uploader = callPackage ./nodemcu-uploader {};
     mycube-flask = callPackage ./mycube-flask {};
+    nodemcu-uploader = callPackage ./nodemcu-uploader {};
     tw-upload-plugin = callPackage ./tw-upload-plugin {};
     inherit (callPackage ./devpi {}) devpi-web devpi-server;
+    taskserver = callPackage ./taskserver {};
   };
 }

5pkgs/mycube-flask/default.nix

@@ -10,8 +10,8 @@ with pkgs.pythonPackages;buildPythonPackage rec {
   src = fetchFromGitHub {
     owner = "makefu";
     repo = "mycube-flask";
-    rev = "5f5260a";
+    rev = "48dc6857";
-    sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh";
+    sha256 = "1ax1vz6m5982l1mmp9vmywn9nw9p9h4m3ss74zazyspxq1wjim0v";
   };
   meta = {
     homepage = https://github.com/makefu/mycube-flask;

5pkgs/taskserver/default.nix

@@ -0,0 +1,43 @@
+{ stdenv, fetchurl, cmake, libuuid, gnutls, makeWrapper }:
+
+stdenv.mkDerivation rec {
+  name = "taskserver-${version}";
+  version = "1.1.0";
+
+  enableParallelBuilding = true;
+
+  src = fetchurl {
+    url = "http://www.taskwarrior.org/download/taskd-${version}.tar.gz";
+    sha256 = "1d110q9vw8g5syzihxymik7hd27z1592wkpz55kya6lphzk8i13v";
+  };
+
+  patchPhase = ''
+    pkipath=$out/share/taskd/pki
+    mkdir -p $pkipath
+    cp -r pki/* $pkipath
+    echo "patching paths in pki/generate"
+    sed -i "s#^\.#$pkipath#" $pkipath/generate
+    for f in $pkipath/generate* ;do
+      i=$(basename $f)
+      echo patching $i
+      sed -i \
+          -e 's/which/type -p/g' \
+          -e 's#^\. ./vars#if test -e ./vars;then . ./vars; else echo "cannot find ./vars - copy the template from '$pkipath'/vars into the working directory";exit 1; fi#' $f
+
+      echo wrapping $i
+      makeWrapper  $pkipath/$i $out/bin/taskd-pki-$i \
+        --prefix PATH : ${gnutls}/bin/
+    done
+  '';
+
+  buildInputs = [ makeWrapper ];
+  nativeBuildInputs = [ cmake libuuid gnutls ];
+
+  meta = {
+    description = "Server for synchronising Taskwarrior clients";
+    homepage = http://taskwarrior.org;
+    license = stdenv.lib.licenses.mit;
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [ matthiasbeyer makefu ];
+  };
+}