2017-04-17 15:45:32 +02:00
{ config , pkgs , . . . }:
2015-11-17 22:15:07 +01:00
let
2016-04-08 03:53:34 +02:00
shack-ip = config . krebs . build . host . nets . shack . ip4 . addr ;
2017-09-10 01:32:53 +02:00
influx-host = " 1 2 7 . 0 . 0 . 1 " ;
2018-01-28 15:09:18 +01:00
ext-if = " e t 0 " ;
external-mac = " 5 2 : 5 4 : b 0 : 0 b : a f : f e " ;
2015-11-17 22:15:07 +01:00
in
2015-10-25 14:07:51 +01:00
{
imports = [
2017-07-14 00:17:58 +02:00
<stockholm/krebs>
<stockholm/krebs/2configs>
2015-10-25 14:07:51 +01:00
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
2017-06-01 09:21:20 +02:00
2017-08-05 12:02:08 +02:00
<stockholm/krebs/2configs/binary-cache/nixos.nix>
2017-07-29 19:41:59 +02:00
<stockholm/krebs/2configs/binary-cache/prism.nix>
2017-06-01 09:21:20 +02:00
2019-06-12 20:53:02 +02:00
# handle the worlddomination map via coap
2017-07-14 00:17:58 +02:00
<stockholm/krebs/2configs/shack/worlddomination.nix>
2019-06-12 20:53:02 +02:00
# drivedroid.shack for shackphone
2017-07-14 00:17:58 +02:00
<stockholm/krebs/2configs/shack/drivedroid.nix>
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
2019-06-12 20:53:02 +02:00
# Say if muell will be collected
2017-07-14 00:17:58 +02:00
<stockholm/krebs/2configs/shack/muell_caller.nix>
2019-06-12 20:53:02 +02:00
# create samba share for anonymous usage with the laser and 3d printer pc
2017-07-14 00:17:58 +02:00
<stockholm/krebs/2configs/shack/share.nix>
2019-06-12 20:53:02 +02:00
# mobile.lounge.mpd.shack
2018-09-03 00:37:13 +02:00
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
2019-06-12 20:53:02 +02:00
# connect to git.shackspace.de as group runner for rz
2019-06-12 09:56:07 +02:00
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
2017-06-01 09:21:20 +02:00
2019-06-12 20:53:02 +02:00
# Statistics collection and visualization
<stockholm/krebs/2configs/graphite.nix>
## Collect data from mqtt.shack and store in graphite database
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
## Collect radioactive data and put into graphite
<stockholm/krebs/2configs/shack/radioactive.nix>
## Collect local statistics via collectd and send to collectd
<stockholm/krebs/2configs/stats/wolf-client.nix>
## write collectd statistics to wolf.shack
<stockholm/krebs/2configs/collectd-base.nix>
{ services . influxdb . enable = true ; }
2015-10-25 14:07:51 +01:00
] ;
2015-11-17 23:13:09 +01:00
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
2016-01-23 00:27:33 +01:00
2017-05-24 10:51:58 +02:00
2016-03-11 02:23:04 +01:00
# local discovery in shackspace
nixpkgs . config . packageOverrides = pkgs : { tinc = pkgs . tinc_pre ; } ;
2016-07-20 17:20:47 +02:00
krebs . tinc . retiolum . extraConfig = " T C P O n l y = y e s " ;
2016-01-23 00:27:33 +01:00
services . grafana = {
enable = true ;
addr = " 0 . 0 . 0 . 0 " ;
users . allowSignUp = true ;
users . allowOrgCreate = true ;
users . autoAssignOrg = true ;
2016-11-27 15:25:53 +01:00
auth . anonymous . enable = true ;
2016-01-23 00:27:33 +01:00
security = import <secrets/grafana_security.nix> ;
} ;
2017-03-08 17:12:26 +01:00
nix = {
2017-07-11 11:26:24 +02:00
# use the up to date prism cache
2017-03-08 17:12:26 +01:00
binaryCaches = [
" h t t p s : / / c a c h e . n i x o s . o r g / "
] ;
binaryCachePublicKeys = [
" h y d r a . n i x o s . o r g - 1 : C N H J Z B h 9 K 4 t P 3 E K F 6 F k k g e V Y s S 3 o h T l + o S 0 Q a 8 b e z V s = "
] ;
} ;
2015-10-25 14:07:51 +01:00
2015-11-17 22:15:07 +01:00
networking = {
2015-11-17 23:13:09 +01:00
firewall . enable = false ;
2017-05-24 10:51:58 +02:00
firewall . allowedTCPPorts = [ 8088 8086 8083 ] ;
2018-09-03 00:37:13 +02:00
interfaces . " ${ ext-if } " . ipv4 . addresses = [ {
2015-11-17 22:15:07 +01:00
address = shack-ip ;
prefixLength = 20 ;
} ] ;
defaultGateway = " 1 0 . 4 2 . 0 . 1 " ;
2015-12-14 19:36:06 +01:00
nameservers = [ " 1 0 . 4 2 . 0 . 1 0 0 " " 1 0 . 4 2 . 0 . 2 0 0 " ] ;
2015-11-17 22:15:07 +01:00
} ;
#####################
# uninteresting stuff
#####################
2015-10-25 14:07:51 +01:00
krebs . build . host = config . krebs . hosts . wolf ;
boot . kernel . sysctl = {
# Enable IPv6 Privacy Extensions
" n e t . i p v 6 . c o n f . a l l . u s e _ t e m p a d d r " = 2 ;
" n e t . i p v 6 . c o n f . d e f a u l t . u s e _ t e m p a d d r " = 2 ;
} ;
boot . initrd . availableKernelModules = [
" a t a _ p i i x " " u h c i _ h c d " " e h c i _ p c i " " v i r t i o _ p c i " " v i r t i o _ b l k "
] ;
boot . kernelModules = [ ] ;
boot . extraModulePackages = [ ] ;
boot . loader . grub . enable = true ;
boot . loader . grub . version = 2 ;
boot . loader . grub . device = " / d e v / v d a " ;
2017-09-11 23:01:24 +02:00
# without it `/nix/store` is not added grub paths
boot . loader . grub . copyKernels = true ;
2015-10-25 14:07:51 +01:00
fileSystems . " / " = { device = " / d e v / d i s k / b y - l a b e l / n i x o s " ; fsType = " e x t 4 " ; } ;
swapDevices = [
2015-11-17 22:15:07 +01:00
{ device = " / d e v / d i s k / b y - l a b e l / s w a p " ; }
2015-10-25 14:07:51 +01:00
] ;
2017-06-18 14:09:02 +02:00
# fallout of ipv6calypse
networking . extraHosts = ''
hass . shack 10 .42 .2 .191
'' ;
users . extraUsers . root . openssh . authorizedKeys . keys = [
2019-06-12 20:53:02 +02:00
config . krebs . users . " 0 x 4 a 6 f " . pubkey
2017-06-18 14:09:02 +02:00
config . krebs . users . ulrich . pubkey
2018-12-31 10:15:22 +01:00
config . krebs . users . raute . pubkey
2017-07-21 09:06:30 +02:00
config . krebs . users . makefu-omo . pubkey
2017-09-09 16:27:30 +02:00
" s s h - r s a A A A A B 3 N z a C 1 y c 2 E A A A A D A Q A B A A A E A Q D b 9 N P a 2 H f 5 1 a f c G 1 H 1 3 U P b E 5 E 0 2 J 8 a C 9 a 1 s G C R l s 5 9 2 w A V l Q b m o j Y R 1 j W D P A 2 m 3 2 B s y v 0 z t q i 8 1 z D y n d W W Z P Q V J V B k 0 0 V j Y B c g k 6 D 5 i f q o A u W L z f u H J P W Z G O v B f / U 7 4 / L N F N U k j 1 y w j n e K 7 H Y T R P X r R B B f B S Q N m Q z k v u e 7 s 5 9 9 L 2 v d u e Z K y j N s M p x 2 m 6 n m 2 S c h a M u D s k S Q u t / 1 6 8 J g U 1 l 4 M 8 B e T 6 8 B o 4 W d e l h B Y n h S I 1 a 5 9 F G k g d u 2 S C j y i g h L Q R y 2 s O H 3 k s n k H W E N P k A + w w Q O l K l 7 R 3 D s E y b r N d 4 N U 9 F S w F D y D m d h f v 5 g J p 8 U G S F d j A w x 4 3 + 8 z M 5 t 5 r u Z 2 5 J 0 L n V b 0 P u T u R A 0 0 U s W 8 3 M k L x F p D Q L r Q V 0 8 t l s Y 6 i G r q x P 6 7 C 3 V J 6 t 4 v 6 o T p 7 / v a R L h E F c 1 P h O L h + s Z 1 8 o 8 M L O + e 2 r G m H G H Q n S K f B O L U v D M G a 4 j b 0 1 X B G j d n I X L O k V o 7 9 Y R 5 j Z n 7 j J b 2 g T Z 9 5 O D 6 b W S D A D o U R S u w u L a 7 k h 4 t i 1 I t A K u h k I v b u k y 3 r R V v Q E c 9 2 k J 6 a N U s w I U X J a 0 K 2 i b b I Y 6 y c K A A 3 L j k s l 3 M m 9 K z O n 6 y c / i / l S F + S O r T G h a b P J i g K k I o q K I w n V 5 I U 3 g k f s x P Q J O B M P q H D G A O e Y Q e 3 W p W e d E P Y u h Q E c z w 4 e x M b 9 T k N E 9 6 F 7 1 P z u Q P J D l 5 s P A W y P L e M K p y 5 X b f R i F 2 b y 4 n x N 3 Z I Q v j t o y V k j N V + q M 0 q 0 y K B z L x u R A E Q O Z 2 y C E a B u d Z Q k Q i w H D 9 7 H 2 v u 4 S R Q / 2 a O i e 1 X i O n m d b Q R D Z S O 3 B s o D K 5 6 9 K 1 w + g D f S n q Y 7 z V U M j 6 t w + u K x 6 G s t c k 5 l b v Y M t d W K s f P v / p D M 8 e y I V F L L 9 3 d K T X + e r t c Q j 6 x D w L f O i N u b E 5 a y F X h Y k j w I m V 6 N g f B u q + 3 h L K 0 U R P 2 r P l O Z b b Z T Q 0 W l K D 6 C C R Z P M S Z C U 9 o D 2 z Y f q p v R A r B U c d k A w G e P e z O R k f J Q L E 6 m Y E J p 6 p d F k J / I e F L b O 6 M 0 l Z V l f n p z A C 9 k j j k M C R o f Z U E T c F S p p y T I m C b g o 3 + o k 5 9 / P k N U 5 o a v B X y W 8 0 u e 2 t W H r 0 8 H X / Q A L N t e 3 U I T m I I l U 6 S F M C P M W J q a d K 1 e D P W f J 4 H 4 i D X R N n 3 D 5 w q N + + i M l o K v p a j 0 w i e q X L Y 4 + Y f v N T N r 1 7 7 O U 4 8 G E W W 8 D n o E k b p w s C b j P x z n G D Q h d D q d Y y M Y / f D g R Q R e K I T v K Y G H R z e s G y s w 5 c K s p 9 L E f X D 0 R 6 W E 2 T e i i E N l a 5 A W z T g X J B 0 A y Z E c O i I f q O g T 9 N r 9 S 8 q 5 g c / B d A 7 P + j h G G J g E H h V 3 d V l f I Z 7 p m Z c 2 7 Y u 7 U T Q 0 l b A K W q c M S T O d n e + Q L 6 I L z b v L r Q w d v a x 4 t Q d m 5 o p f U 1 6 S r O o x 1 A M w A b k d q 8 4 z 6 u J q Y V x 3 c U X f M J g T y D N r V v 3 o r r o o t @ p l a t t e n s c h w e i n " # for backup
2017-06-18 14:09:02 +02:00
] ;
2018-01-28 15:09:18 +01:00
services . udev . extraRules = ''
SUBSYSTEM == " n e t " , ATTR { address } == " ${ external-mac } " , NAME = " ${ ext-if } "
'' ;
2015-10-25 14:07:51 +01:00
time . timeZone = " E u r o p e / B e r l i n " ;
2017-05-25 23:21:20 +02:00
sound . enable = false ;
2015-10-25 14:07:51 +01:00
}