makefu: move out to own repo, add vacation-note
This commit is contained in:
parent
cbfcc890e3
commit
060a8f28fa
|
@ -1,3 +0,0 @@
|
||||||
{
|
|
||||||
user = "password";
|
|
||||||
}
|
|
|
@ -1 +0,0 @@
|
||||||
"derp"
|
|
|
@ -1 +0,0 @@
|
||||||
dickbutt2342.onion
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
MATRIX_TOKEN="a";
|
|
||||||
MATRIX_ID="b";
|
|
||||||
}
|
|
|
@ -1 +0,0 @@
|
||||||
""
|
|
|
@ -1 +0,0 @@
|
||||||
{}
|
|
|
@ -1,2 +0,0 @@
|
||||||
{
|
|
||||||
}
|
|
|
@ -1 +0,0 @@
|
||||||
""
|
|
|
@ -1,5 +0,0 @@
|
||||||
{
|
|
||||||
adminUser = "dick";
|
|
||||||
adminPassword = "butt";
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
{
|
|
||||||
username = "bob";
|
|
||||||
password = "rob";
|
|
||||||
}
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
{}
|
|
|
@ -1 +0,0 @@
|
||||||
{}
|
|
|
@ -1 +0,0 @@
|
||||||
""
|
|
|
@ -1,5 +0,0 @@
|
||||||
{
|
|
||||||
"platform": "polling",
|
|
||||||
"api_key": "1:A",
|
|
||||||
"allowed_chat_ids": [ 0, 1 ]
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
username = "lol";
|
|
||||||
password = "wut";
|
|
||||||
}
|
|
|
@ -1 +0,0 @@
|
||||||
"derp"
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
"dick" = "butt";
|
|
||||||
}
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
{}
|
|
|
@ -1 +0,0 @@
|
||||||
"derp"
|
|
|
@ -1 +0,0 @@
|
||||||
{ "lol" = "wut"; }
|
|
|
@ -1 +0,0 @@
|
||||||
{ "lol" = "wut"; }
|
|
|
@ -1,3 +0,0 @@
|
||||||
{
|
|
||||||
"dick.nsupdate.info" = "butt";
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
db.username = "photoprism";
|
|
||||||
db.password = "photoprism";
|
|
||||||
}
|
|
|
@ -1 +0,0 @@
|
||||||
"lol"
|
|
|
@ -1,6 +0,0 @@
|
||||||
{
|
|
||||||
number = "+1dotdotdot";
|
|
||||||
home = "group.ABCDE";
|
|
||||||
felix = "group.ABCDE";
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,2 +0,0 @@
|
||||||
TONIE_AUDIO_MATCH_USER=
|
|
||||||
TONIE_AUDIO_MATCH_PASS=
|
|
|
@ -1 +0,0 @@
|
||||||
"$6$lol"
|
|
|
@ -1,6 +0,0 @@
|
||||||
{
|
|
||||||
mqtt.password = "hass";
|
|
||||||
mqtt.username = "hass";
|
|
||||||
zigbee.network_key = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ];
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
let
|
|
||||||
primaryInterface = "eth0";
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
./hardware-config.nix
|
|
||||||
<stockholm/makefu/2configs/home-manager>
|
|
||||||
<stockholm/makefu/2configs/home/3dprint.nix>
|
|
||||||
#./hardware-config.nix
|
|
||||||
{ environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];}
|
|
||||||
# <stockholm/makefu/2configs/tools/core.nix>
|
|
||||||
<stockholm/makefu/2configs/binary-cache/nixos.nix>
|
|
||||||
#<stockholm/makefu/2configs/support-nixos.nix>
|
|
||||||
# <stockholm/makefu/2configs/homeautomation/default.nix>
|
|
||||||
# <stockholm/makefu/2configs/homeautomation/google-muell.nix>
|
|
||||||
# <stockholm/makefu/2configs/hw/pseyecam.nix>
|
|
||||||
# configure your hw:
|
|
||||||
# <stockholm/makefu/2configs/save-diskspace.nix>
|
|
||||||
|
|
||||||
# directly use the alsa device instead of attaching to pulse
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/audio/respeaker.nix>
|
|
||||||
<stockholm/makefu/2configs/home/rhasspy/default.nix>
|
|
||||||
<stockholm/makefu/2configs/home/rhasspy/led-control.nix>
|
|
||||||
];
|
|
||||||
krebs = {
|
|
||||||
enable = true;
|
|
||||||
tinc.retiolum.enable = true;
|
|
||||||
build.host = config.krebs.hosts.cake;
|
|
||||||
};
|
|
||||||
# ensure disk usage is limited
|
|
||||||
services.journald.extraConfig = "Storage=volatile";
|
|
||||||
networking.firewall.trustedInterfaces = [ primaryInterface ];
|
|
||||||
documentation.info.enable = false;
|
|
||||||
documentation.man.enable = false;
|
|
||||||
documentation.nixos.enable = false;
|
|
||||||
}
|
|
|
@ -1,15 +0,0 @@
|
||||||
{ pkgs, lib, ... }:
|
|
||||||
{
|
|
||||||
environment.systemPackages = [ pkgs.libraspberrypi ];
|
|
||||||
imports = [ <nixos-hardware/raspberry-pi/4> ];
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_rpi4;
|
|
||||||
fileSystems = {
|
|
||||||
"/" = {
|
|
||||||
device = "/dev/disk/by-label/NIXOS_SD";
|
|
||||||
fsType = "ext4";
|
|
||||||
options = [ "noatime" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
hardware.raspberry-pi."4".fkms-3d.enable = true;
|
|
||||||
hardware.raspberry-pi."4".audio.enable = true;
|
|
||||||
}
|
|
|
@ -1,6 +0,0 @@
|
||||||
{
|
|
||||||
name="cake";
|
|
||||||
full = true;
|
|
||||||
home-manager = true;
|
|
||||||
hw = true;
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
1. flash arm6 image from https://www.cs.helsinki.fi/u/tmtynkky/nixos-arm/installer/ to sdcard
|
|
||||||
2. passwd; systemctl start sshd; mkdir /var/src ; touch /var/src/.populate
|
|
||||||
3. "environment.systemPackages = [ pkgs.rsync pkgs.git ];" in /etc/nixos/configuration.nix
|
|
||||||
5. nixos-rebuild switch --fast --option binary-caches http://nixos-arm.dezgeg.me/channel --option binary-cache-public-keys nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%
|
|
|
@ -1,15 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
./hardware-config.nix
|
|
||||||
<stockholm/makefu/2configs>
|
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
|
||||||
<stockholm/makefu/2configs/save-diskspace.nix>
|
|
||||||
|
|
||||||
];
|
|
||||||
krebs.build.host = config.krebs.hosts.crapi;
|
|
||||||
|
|
||||||
services.openssh.enable = true;
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,39 +0,0 @@
|
||||||
{ pkgs, lib, ... }:
|
|
||||||
{
|
|
||||||
#raspi1
|
|
||||||
boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ];
|
|
||||||
|
|
||||||
boot.loader.grub.enable = false;
|
|
||||||
boot.loader.raspberryPi.enable = true;
|
|
||||||
boot.loader.raspberryPi.version = 1;
|
|
||||||
boot.loader.raspberryPi.uboot.enable = true;
|
|
||||||
boot.loader.raspberryPi.uboot.configurationLimit = 1;
|
|
||||||
boot.loader.generationsDir.enable = lib.mkDefault false;
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
boot.cleanTmpDir = true;
|
|
||||||
environment.systemPackages = [ pkgs.raspberrypi-tools ];
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_rpi;
|
|
||||||
|
|
||||||
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
|
|
||||||
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
|
|
||||||
|
|
||||||
fileSystems = {
|
|
||||||
"/boot" = {
|
|
||||||
device = "/dev/disk/by-label/NIXOS_BOOT";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
"/" = {
|
|
||||||
device = "/dev/disk/by-label/NIXOS_SD";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
system.activationScripts.create-swap = ''
|
|
||||||
if [ ! -e /swapfile ]; then
|
|
||||||
fallocate -l 2G /swapfile
|
|
||||||
mkswap /swapfile
|
|
||||||
chmod 600 /swapfile
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
swapDevices = [ { device = "/swapfile"; size = 4096; } ];
|
|
||||||
}
|
|
|
@ -1,3 +0,0 @@
|
||||||
{
|
|
||||||
arm6 = true;
|
|
||||||
}
|
|
|
@ -1,76 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
let
|
|
||||||
# all the good stuff resides in /data
|
|
||||||
|
|
||||||
byid = dev: "/dev/disk/by-id/" + dev;
|
|
||||||
rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN";
|
|
||||||
bootPart = rootDisk + "-part1";
|
|
||||||
rootPart = rootDisk + "-part2";
|
|
||||||
|
|
||||||
allDisks = [ rootDisk ]; # auxDisk
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
|
|
||||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
|
||||||
<stockholm/makefu/2configs/zsh-user.nix>
|
|
||||||
<stockholm/makefu/2configs/smart-monitor.nix>
|
|
||||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
|
||||||
# <stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
|
||||||
<stockholm/makefu/2configs/tools/core.nix>
|
|
||||||
<stockholm/makefu/2configs/stats/client.nix>
|
|
||||||
# <stockholm/makefu/2configs/nsupdate-data.nix>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/share/anon-ftp.nix>
|
|
||||||
|
|
||||||
# lan party
|
|
||||||
<stockholm/makefu/2configs/lanparty/lancache.nix>
|
|
||||||
<stockholm/makefu/2configs/lanparty/lancache-dns.nix>
|
|
||||||
<stockholm/makefu/2configs/lanparty/samba.nix>
|
|
||||||
<stockholm/makefu/2configs/lanparty/mumble-server.nix>
|
|
||||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#networking.firewall.enable = false;
|
|
||||||
makefu.server.primary-itf = "enp0s25";
|
|
||||||
# krebs.hidden-ssh.enable = true;
|
|
||||||
boot.kernelModules = [ "coretemp" "f71882fg" ];
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
networking = {
|
|
||||||
wireless.enable = true;
|
|
||||||
firewall = {
|
|
||||||
allowPing = true;
|
|
||||||
logRefusedConnections = false;
|
|
||||||
# trustedInterfaces = [ "eno1" ];
|
|
||||||
allowedUDPPorts = [ 80 655 1655 67 ];
|
|
||||||
allowedTCPPorts = [ 80 655 1655 ];
|
|
||||||
};
|
|
||||||
# fallback connection to the internal virtual network
|
|
||||||
# interfaces.virbr3.ip4 = [{
|
|
||||||
# address = "10.8.8.2";
|
|
||||||
# prefixLength = 24;
|
|
||||||
# }];
|
|
||||||
};
|
|
||||||
|
|
||||||
# TODO smartd omo darth gum all-in-one
|
|
||||||
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
|
||||||
|
|
||||||
boot.loader.grub.device = rootDisk;
|
|
||||||
boot.initrd.luks.devices = [
|
|
||||||
{ name = "luksroot";
|
|
||||||
device = rootPart;
|
|
||||||
allowDiscards = true;
|
|
||||||
keyFileSize = 4096;
|
|
||||||
keyFile = "/dev/sdb";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.darth;
|
|
||||||
}
|
|
|
@ -1,3 +0,0 @@
|
||||||
{
|
|
||||||
name="darth";
|
|
||||||
}
|
|
|
@ -1,40 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
let
|
|
||||||
external-ip = "45.55.145.62";
|
|
||||||
default-gw = "45.55.128.1";
|
|
||||||
prefixLength = 18;
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
<stockholm/makefu/2configs/hw/CAC.nix>
|
|
||||||
<stockholm/makefu/2configs/save-diskspace.nix>
|
|
||||||
<stockholm/makefu/2configs/torrent.nix>
|
|
||||||
];
|
|
||||||
krebs = {
|
|
||||||
enable = true;
|
|
||||||
tinc.retiolum.enable = true;
|
|
||||||
build.host = config.krebs.hosts.drop;
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.loader.grub.device = "/dev/vda";
|
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ];
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/vda1";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
firewall = {
|
|
||||||
allowPing = true;
|
|
||||||
logRefusedConnections = false;
|
|
||||||
allowedTCPPorts = [ ];
|
|
||||||
allowedUDPPorts = [ 655 ];
|
|
||||||
};
|
|
||||||
interfaces.enp0s3.ipv4.addresses = [{
|
|
||||||
address = external-ip;
|
|
||||||
inherit prefixLength;
|
|
||||||
}];
|
|
||||||
defaultGateway = default-gw;
|
|
||||||
nameservers = [ "8.8.8.8" ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
name="drop";
|
|
||||||
torrent = true;
|
|
||||||
}
|
|
|
@ -1,174 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
let
|
|
||||||
toMapper = id: "/media/crypt${builtins.toString id}";
|
|
||||||
byid = dev: "/dev/disk/by-id/" + dev;
|
|
||||||
keyFile = byid "usb-Intuix_DiskOnKey_09A07360336198F8-0:0";
|
|
||||||
rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
|
|
||||||
rootPartition = rootDisk + "-part3";
|
|
||||||
|
|
||||||
dataDisks = let
|
|
||||||
idpart = dev: byid dev + "-part1";
|
|
||||||
in [
|
|
||||||
{ name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";}
|
|
||||||
{ name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";}
|
|
||||||
{ name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";}
|
|
||||||
{ name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";}
|
|
||||||
{ name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";}
|
|
||||||
{ name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";}
|
|
||||||
{ name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";}
|
|
||||||
{ name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity
|
|
||||||
];
|
|
||||||
|
|
||||||
disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks;
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
|
||||||
<stockholm/makefu/2configs/disable_v6.nix>
|
|
||||||
<stockholm/makefu/2configs/torrent.nix>
|
|
||||||
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
|
|
||||||
|
|
||||||
#<stockholm/makefu/2configs/elchos/irc-token.nix>
|
|
||||||
# <stockholm/makefu/2configs/elchos/log.nix>
|
|
||||||
# <stockholm/makefu/2configs/elchos/search.nix>
|
|
||||||
# <stockholm/makefu/2configs/elchos/stats.nix>
|
|
||||||
|
|
||||||
];
|
|
||||||
systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
|
|
||||||
systemd.services.graphiteApi.serviceConfig.LimitNOFILE=10032;
|
|
||||||
systemd.services.carbonCache.serviceConfig.LimitNOFILE=10032;
|
|
||||||
makefu.server.primary-itf = "enp8s0f0";
|
|
||||||
krebs = {
|
|
||||||
enable = true;
|
|
||||||
build.host = config.krebs.hosts.fileleech;
|
|
||||||
};
|
|
||||||
# git clone https://github.com/makefu/docker-pyload
|
|
||||||
# docker build .
|
|
||||||
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload
|
|
||||||
|
|
||||||
virtualisation.docker.enable = true; # for pyload
|
|
||||||
networking.firewall.allowPing = true;
|
|
||||||
networking.firewall.logRefusedConnections = false;
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
|
||||||
51412 # torrent
|
|
||||||
8112 # rutorrent-web
|
|
||||||
8113 # pyload
|
|
||||||
8080 # sabnzbd
|
|
||||||
9090 # sabnzbd-ssl
|
|
||||||
655 # tinc
|
|
||||||
21 # ftp
|
|
||||||
];
|
|
||||||
services.nginx.virtualHosts._download = {
|
|
||||||
default = true;
|
|
||||||
root = config.makefu.dl-dir;
|
|
||||||
extraConfig = ''
|
|
||||||
autoindex on;
|
|
||||||
'';
|
|
||||||
basicAuth = import <secrets/kibana-auth.nix>;
|
|
||||||
};
|
|
||||||
networking.firewall.allowedUDPPorts = [
|
|
||||||
655 # tinc
|
|
||||||
51412 # torrent
|
|
||||||
];
|
|
||||||
|
|
||||||
services.vsftpd.enable = true;
|
|
||||||
services.vsftpd.localUsers = true;
|
|
||||||
services.vsftpd.userlist = [ "download" ];
|
|
||||||
services.vsftpd.userlistEnable = true;
|
|
||||||
# services.vsftpd.chrootlocalUser = true;
|
|
||||||
|
|
||||||
services.sabnzbd.enable = true;
|
|
||||||
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
|
||||||
|
|
||||||
# TODO use users.motd and pam.services.sshd.showMotd
|
|
||||||
services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" ''
|
|
||||||
Services:
|
|
||||||
ssh://download@fileleech - ssh via filebitch
|
|
||||||
ftp://download@fileleech - access to ${config.makefu.dl-dir}
|
|
||||||
http://fileleech:8112 - rutorrent
|
|
||||||
http://fileleech:8113 - pyload
|
|
||||||
https://fileleech:9090 - sabnzb
|
|
||||||
''; in "Banner ${banner}";
|
|
||||||
|
|
||||||
boot.initrd.luks = {
|
|
||||||
devices = let
|
|
||||||
usbkey = name: device: {
|
|
||||||
inherit name device keyFile;
|
|
||||||
keyFileSize = 4096;
|
|
||||||
allowDiscards = true;
|
|
||||||
};
|
|
||||||
in builtins.map (x: usbkey x.name x.device) disks;
|
|
||||||
};
|
|
||||||
environment.systemPackages = with pkgs;[ mergerfs ];
|
|
||||||
|
|
||||||
fileSystems = let
|
|
||||||
cryptMount = name:
|
|
||||||
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
|
|
||||||
in cryptMount "crypt0"
|
|
||||||
// cryptMount "crypt1"
|
|
||||||
// cryptMount "crypt2"
|
|
||||||
// cryptMount "crypt3"
|
|
||||||
// cryptMount "crypt4"
|
|
||||||
// cryptMount "crypt5"
|
|
||||||
// cryptMount "crypt6"
|
|
||||||
// cryptMount "crypt7"
|
|
||||||
|
|
||||||
# this entry sometimes creates issues
|
|
||||||
// { "/media/cryptX" = {
|
|
||||||
device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 4 5 6 ]);
|
|
||||||
fsType = "mergerfs";
|
|
||||||
noCheck = true;
|
|
||||||
options = [ "defaults" "nofail" "allow_other" "nonempty" ]; };
|
|
||||||
}
|
|
||||||
|
|
||||||
;
|
|
||||||
makefu.dl-dir = "/media/cryptX";
|
|
||||||
users.users.download = {
|
|
||||||
useDefaultShell = true;
|
|
||||||
# name = "download";
|
|
||||||
# createHome = true;
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
config.krebs.users.makefu.pubkey
|
|
||||||
config.krebs.users.lass.pubkey
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClaVl9Fwp4wdGLeTZdfy5MpJf+hM6fpL1k6UmtYXWgVYU7tgmStdlpLlbyMQspoFRtT7/76n4kPwCmM0c82xNXaJJMuWa98pwMp+bAwSSdOGAP/vjfzL/TUAX+Xtrw6ehF7r1O+zqw/E/bWt6UezKj08wDLWjByzdDQwslJV6lrGek4mmYRdgmHHeZ1oG89ePEZJZOM6jcZqv0AfIj0NID3ir9Z0kz9uSSXb1279Qt4953mfjs5xwhtc1B7vrxJ3qtTZUsBoAkUkLeulUEIjkfn60wvDGu/66GP5ZClXyk2gck/ZNmtFYrQoqx9EtF1KK02cC17A0nfRySQy5BnfWn root@filebitch"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
makefu.snapraid = {
|
|
||||||
enable = true;
|
|
||||||
disks = map toMapper [ 0 1 2 3 4 5 6 ];
|
|
||||||
parity = toMapper 7;
|
|
||||||
};
|
|
||||||
networking.nameservers = [ "8.8.8.8" ];
|
|
||||||
# SPF
|
|
||||||
networking.defaultGateway = "151.217.176.1";
|
|
||||||
networking.interfaces.enp6s0f0.ipv4.addresses = [{
|
|
||||||
address = "151.217.178.63";
|
|
||||||
prefixLength = 22;
|
|
||||||
}];
|
|
||||||
|
|
||||||
# Gigabit
|
|
||||||
networking.interfaces.enp8s0f1.ipv4.addresses = [{
|
|
||||||
address = "192.168.126.1";
|
|
||||||
prefixLength = 24;
|
|
||||||
}];
|
|
||||||
|
|
||||||
#interfaces.enp6s0f1.ip4 = [{
|
|
||||||
# address = external-ip;
|
|
||||||
# prefixLength = 22;
|
|
||||||
#}];
|
|
||||||
|
|
||||||
boot.loader.grub.device = rootDisk;
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "aacraid" "usb_storage" "usbhid" ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
# http://blog.hackathon.de/using-unsupported-sfp-modules-with-linux.html
|
|
||||||
boot.extraModprobeConfig = ''
|
|
||||||
options ixgbe allow_unsupported_sfp=1
|
|
||||||
'';
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
name = "fileleech";
|
|
||||||
torrent = true;
|
|
||||||
}
|
|
|
@ -1,22 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
# nix-shell -p wol --run 'wol C8:CB:B8:CF:E4:DC --passwd=CA-FE-BA-BE-13-37'
|
|
||||||
let
|
|
||||||
itf = config.makefu.server.primary-itf;
|
|
||||||
in {
|
|
||||||
imports =
|
|
||||||
[ # Include the results of the hardware scan.
|
|
||||||
./hw.nix
|
|
||||||
<stockholm/makefu>
|
|
||||||
<stockholm/makefu/2configs/home-manager>
|
|
||||||
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
|
||||||
<stockholm/makefu/2configs/smart-monitor.nix>
|
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
|
||||||
<stockholm/makefu/2configs/filepimp-share.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.filepimp;
|
|
||||||
|
|
||||||
networking.firewall.trustedInterfaces = [ itf ];
|
|
||||||
networking.interfaces.${itf}.wakeOnLan.enable = true;
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,83 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
byid = dev: "/dev/disk/by-id/" + dev;
|
|
||||||
part1 = disk: disk + "-part1";
|
|
||||||
rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890";
|
|
||||||
primary-interface = "enp3s0"; # c8:cb:b8:cf:e4:dc
|
|
||||||
# N54L Chassis:
|
|
||||||
# ____________________
|
|
||||||
# |______FRONT_______|
|
|
||||||
# | [ ]|
|
|
||||||
# | [ d1 d0 d3 d4 ]|
|
|
||||||
# |___[_____________]|
|
|
||||||
jDisk1 = byid "ata-ST4000DM000-1F2168_Z3040NEA";
|
|
||||||
|
|
||||||
# transfer to omo
|
|
||||||
jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
|
|
||||||
jDisk2 = byid "ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E0621363";
|
|
||||||
jDisk3 = byid "ata-TOSHIBA_MD04ACA400_156GK89OFSBA";
|
|
||||||
allDisks = [ rootDisk jDisk0 jDisk1 jDisk2 jDisk3 ];
|
|
||||||
in {
|
|
||||||
boot = {
|
|
||||||
loader.grub.device = rootDisk;
|
|
||||||
|
|
||||||
initrd.availableKernelModules = [
|
|
||||||
"ahci"
|
|
||||||
"ohci_pci"
|
|
||||||
"ehci_pci"
|
|
||||||
"pata_atiixp"
|
|
||||||
"usb_storage"
|
|
||||||
"usbhid"
|
|
||||||
];
|
|
||||||
|
|
||||||
kernelModules = [ "kvm-amd" ];
|
|
||||||
extraModulePackages = [ ];
|
|
||||||
};
|
|
||||||
makefu.server.primary-itf = primary-interface;
|
|
||||||
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
hardware.cpu.amd.updateMicrocode = true;
|
|
||||||
|
|
||||||
zramSwap.enable = true;
|
|
||||||
|
|
||||||
makefu.snapraid = let
|
|
||||||
toMedia = name: "/media/" + name;
|
|
||||||
in {
|
|
||||||
enable = true;
|
|
||||||
# todo combine creation when enabling the mount point
|
|
||||||
disks = map toMedia [
|
|
||||||
"j0"
|
|
||||||
"j1"
|
|
||||||
"j2"
|
|
||||||
];
|
|
||||||
parity = toMedia "par0";
|
|
||||||
};
|
|
||||||
# TODO: refactor, copy-paste from omo
|
|
||||||
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
|
||||||
powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
|
|
||||||
${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
|
|
||||||
${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
|
|
||||||
${pkgs.hdparm}/sbin/hdparm -y ${disk}
|
|
||||||
'') allDisks);
|
|
||||||
fileSystems = let
|
|
||||||
xfsmount = name: dev:
|
|
||||||
{ "/media/${name}" = {
|
|
||||||
device = dev; fsType = "xfs";
|
|
||||||
options = [ "nofail" ];
|
|
||||||
}; };
|
|
||||||
tomedia = id: "/media/${id}";
|
|
||||||
in
|
|
||||||
(xfsmount "j0" (part1 jDisk0)) //
|
|
||||||
(xfsmount "j1" (part1 jDisk1)) //
|
|
||||||
(xfsmount "j2" (part1 jDisk2)) //
|
|
||||||
(xfsmount "par0" (part1 jDisk3)) //
|
|
||||||
{ "/media/jX" = {
|
|
||||||
device = (lib.concatMapStringsSep ":" (d: (tomedia d)) ["j0" "j1" "j2" ]);
|
|
||||||
fsType = "mergerfs";
|
|
||||||
noCheck = true;
|
|
||||||
options = [ "defaults" "allow_other" "nofail" "nonempty" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
environment.systemPackages = [ pkgs.mergerfs ];
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
name="filepimp";
|
|
||||||
home-manager = true;
|
|
||||||
}
|
|
|
@ -1,25 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
let
|
|
||||||
primaryInterface = "eth0";
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
./hardware-config.nix
|
|
||||||
# <stockholm/makefu/2configs/tools/core.nix>
|
|
||||||
{ environment.systemPackages = with pkgs;[ rsync screen curl git ];}
|
|
||||||
<stockholm/makefu/2configs/binary-cache/nixos.nix>
|
|
||||||
#<stockholm/makefu/2configs/support-nixos.nix>
|
|
||||||
# configure your hw:
|
|
||||||
# <stockholm/makefu/2configs/save-diskspace.nix>
|
|
||||||
];
|
|
||||||
krebs = {
|
|
||||||
enable = true;
|
|
||||||
tinc.retiolum.enable = true;
|
|
||||||
build.host = config.krebs.hosts.firecracker;
|
|
||||||
};
|
|
||||||
networking.firewall.trustedInterfaces = [ primaryInterface ];
|
|
||||||
documentation.info.enable = false;
|
|
||||||
documentation.man.enable = false;
|
|
||||||
services.nixosManual.enable = false;
|
|
||||||
sound.enable = false;
|
|
||||||
}
|
|
|
@ -1,30 +0,0 @@
|
||||||
{ pkgs, lib, ... }:
|
|
||||||
{
|
|
||||||
boot.kernelParams = lib.mkForce ["console=ttyS2,1500000n8" "earlycon=uart8250,mmio32,0xff1a0000" "earlyprintk"];
|
|
||||||
boot.loader.grub.enable = false;
|
|
||||||
boot.loader.generic-extlinux-compatible.enable = true;
|
|
||||||
boot.loader.generic-extlinux-compatible.configurationLimit = 1;
|
|
||||||
boot.loader.generationsDir.enable = lib.mkDefault false;
|
|
||||||
boot.supportedFilesystems = lib.mkForce [ "vfat" ];
|
|
||||||
|
|
||||||
boot.tmpOnTmpfs = lib.mkForce false;
|
|
||||||
boot.cleanTmpDir = true;
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
|
|
||||||
## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
||||||
networking.wireless.enable = true;
|
|
||||||
# File systems configuration for using the installer's partition layout
|
|
||||||
swapDevices = [ { device = "/var/swap"; size = 4096; } ];
|
|
||||||
fileSystems = {
|
|
||||||
"/boot" = {
|
|
||||||
device = "/dev/disk/by-label/NIXOS_BOOT";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
"/" = {
|
|
||||||
device = "/dev/disk/by-label/NIXOS_SD";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
name="cake";
|
|
||||||
full = true;
|
|
||||||
}
|
|
|
@ -1,261 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
let
|
|
||||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
|
||||||
ext-if = config.makefu.server.primary-itf;
|
|
||||||
allDisks = [ "/dev/sda" "/dev/sdb" ];
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
./hetznercloud
|
|
||||||
{
|
|
||||||
# wait for mount
|
|
||||||
systemd.services.rtorrent.wantedBy = lib.mkForce [];
|
|
||||||
systemd.services.phpfpm-nextcloud.wantedBy = lib.mkForce [];
|
|
||||||
systemd.services.samba-smbd.wantedBy = lib.mkForce [];
|
|
||||||
}
|
|
||||||
{
|
|
||||||
users.users.lass = {
|
|
||||||
uid = 19002;
|
|
||||||
isNormalUser = true;
|
|
||||||
createHome = true;
|
|
||||||
useDefaultShell = true;
|
|
||||||
openssh.authorizedKeys.keys = with config.krebs.users; [
|
|
||||||
lass.pubkey
|
|
||||||
makefu.pubkey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
<stockholm/makefu/2configs/nur.nix>
|
|
||||||
<stockholm/makefu/2configs/support-nixos.nix>
|
|
||||||
<stockholm/makefu/2configs/nix-community/supervision.nix>
|
|
||||||
<stockholm/makefu/2configs/home-manager>
|
|
||||||
<stockholm/makefu/2configs/home-manager/cli.nix>
|
|
||||||
# <stockholm/makefu/2configs/stats/client.nix>
|
|
||||||
<stockholm/makefu/2configs/share>
|
|
||||||
<stockholm/makefu/2configs/share/hetzner-client.nix>
|
|
||||||
# <stockholm/makefu/2configs/stats/netdata-server.nix>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/headless.nix>
|
|
||||||
|
|
||||||
# Security
|
|
||||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
|
||||||
|
|
||||||
# Tools
|
|
||||||
<stockholm/makefu/2configs/tools/core.nix>
|
|
||||||
<stockholm/makefu/2configs/tools/dev.nix>
|
|
||||||
<stockholm/makefu/2configs/tools/sec.nix>
|
|
||||||
#<stockholm/makefu/2configs/tools/desktop.nix>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/zsh-user.nix>
|
|
||||||
<stockholm/makefu/2configs/mosh.nix>
|
|
||||||
<stockholm/makefu/2configs/storj/forward-port.nix>
|
|
||||||
# <stockholm/makefu/2configs/gui/xpra.nix>
|
|
||||||
|
|
||||||
# networking
|
|
||||||
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
|
||||||
#<stockholm/makefu/2configs/dnscrypt/server.nix>
|
|
||||||
# <stockholm/makefu/2configs/iodined.nix>
|
|
||||||
# <stockholm/makefu/2configs/backup.nix>
|
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
|
||||||
{ # bonus retiolum config for connecting more hosts
|
|
||||||
krebs.tinc.retiolum = {
|
|
||||||
#extraConfig = lib.mkForce ''
|
|
||||||
# ListenAddress = ${external-ip} 53
|
|
||||||
# ListenAddress = ${external-ip} 655
|
|
||||||
# ListenAddress = ${external-ip} 21031
|
|
||||||
# StrictSubnets = yes
|
|
||||||
# LocalDiscovery = no
|
|
||||||
#'';
|
|
||||||
connectTo = [
|
|
||||||
"prism" "ni" "enklave" "eve" "dishfire"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
networking.firewall = {
|
|
||||||
allowedTCPPorts =
|
|
||||||
[
|
|
||||||
53
|
|
||||||
655
|
|
||||||
21031
|
|
||||||
];
|
|
||||||
allowedUDPPorts =
|
|
||||||
[
|
|
||||||
53
|
|
||||||
655
|
|
||||||
21031
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
# ci
|
|
||||||
# <stockholm/makefu/2configs/exim-retiolum.nix>
|
|
||||||
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
|
||||||
|
|
||||||
### systemdUltras ###
|
|
||||||
<stockholm/makefu/2configs/systemdultras/ircbot.nix>
|
|
||||||
|
|
||||||
###### Shack #####
|
|
||||||
# <stockholm/makefu/2configs/shack/events-publisher>
|
|
||||||
# <stockholm/makefu/2configs/shack/gitlab-runner>
|
|
||||||
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
|
||||||
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
|
|
||||||
<stockholm/makefu/2configs/taskd.nix>
|
|
||||||
|
|
||||||
# services
|
|
||||||
<stockholm/makefu/2configs/bitlbee.nix> # postgres backend
|
|
||||||
# <stockholm/makefu/2configs/sabnzbd.nix>
|
|
||||||
# <stockholm/makefu/2configs/mail/mail.euer.nix>
|
|
||||||
{ krebs.exim.enable = mkDefault true; }
|
|
||||||
<stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
|
|
||||||
|
|
||||||
# sharing
|
|
||||||
<stockholm/makefu/2configs/share/gum.nix> # samba sahre
|
|
||||||
<stockholm/makefu/2configs/torrent/rtorrent.nix>
|
|
||||||
# <stockholm/makefu/2configs/sickbeard>
|
|
||||||
|
|
||||||
{ nixpkgs.config.allowUnfree = true; }
|
|
||||||
#<stockholm/makefu/2configs/retroshare.nix>
|
|
||||||
## <stockholm/makefu/2configs/ipfs.nix>
|
|
||||||
#<stockholm/makefu/2configs/syncthing.nix>
|
|
||||||
# <stockholm/makefu/2configs/sync>
|
|
||||||
# <stockholm/makefu/2configs/opentracker.nix>
|
|
||||||
|
|
||||||
|
|
||||||
## network
|
|
||||||
# <stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
|
||||||
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
|
||||||
<stockholm/makefu/2configs/binary-cache/server.nix>
|
|
||||||
{ makefu.backup.server.repo = "/var/backup/borg"; }
|
|
||||||
<stockholm/makefu/2configs/backup/server.nix>
|
|
||||||
<stockholm/makefu/2configs/backup/state.nix>
|
|
||||||
<stockholm/makefu/2configs/wireguard/server.nix>
|
|
||||||
<stockholm/makefu/2configs/wireguard/wiregrill.nix>
|
|
||||||
|
|
||||||
{ # recent changes mediawiki bot
|
|
||||||
networking.firewall.allowedUDPPorts = [ 5005 5006 ];
|
|
||||||
}
|
|
||||||
# Removed until move: no extra mails
|
|
||||||
# <stockholm/makefu/2configs/urlwatch>
|
|
||||||
# Removed until move: avoid letsencrypt ban
|
|
||||||
### Web
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/bitwarden.nix> # postgres backend
|
|
||||||
<stockholm/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix> # postgres backend
|
|
||||||
<stockholm/makefu/2configs/deployment/rss/ratt.nix>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/deployment/ntfysh.nix>
|
|
||||||
<stockholm/makefu/2configs/deployment/owncloud.nix> #postgres backend
|
|
||||||
### Moving owncloud data dir to /media/cloud/nextcloud-data
|
|
||||||
{
|
|
||||||
users.users.nextcloud.extraGroups = [ "download" ];
|
|
||||||
# nextcloud-setup fails as it cannot set permissions for nextcloud
|
|
||||||
systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1";
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"L /var/lib/nextcloud/data - - - - /media/cloud/nextcloud-data"
|
|
||||||
"L /var/backup - - - - /media/cloud/gum-backup"
|
|
||||||
];
|
|
||||||
#fileSystems."/var/lib/nextcloud/data" = {
|
|
||||||
# device = "/media/cloud/nextcloud-data";
|
|
||||||
# options = [ "bind" ];
|
|
||||||
#};
|
|
||||||
#fileSystems."/var/backup" = {
|
|
||||||
# device = "/media/cloud/gum-backup";
|
|
||||||
# options = [ "bind" ];
|
|
||||||
#};
|
|
||||||
}
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/nginx/dl.euer.krebsco.de.nix>
|
|
||||||
#<stockholm/makefu/2configs/nginx/euer.test.nix>
|
|
||||||
<stockholm/makefu/2configs/nginx/euer.mon.nix>
|
|
||||||
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
|
|
||||||
<stockholm/makefu/2configs/nginx/euer.blog.nix>
|
|
||||||
<stockholm/makefu/2configs/nginx/music.euer.nix>
|
|
||||||
## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
|
|
||||||
#<stockholm/makefu/2configs/nginx/public_html.nix>
|
|
||||||
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
|
||||||
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
|
|
||||||
# <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
|
|
||||||
# <stockholm/makefu/2configs/nginx/iso.euer.nix>
|
|
||||||
|
|
||||||
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
|
||||||
# <stockholm/makefu/2configs/deployment/graphs.nix>
|
|
||||||
#<stockholm/makefu/2configs/deployment/owncloud.nix>
|
|
||||||
# <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix>
|
|
||||||
#<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de>
|
|
||||||
<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
|
||||||
<stockholm/makefu/2configs/deployment/gecloudpad>
|
|
||||||
#<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
|
|
||||||
<stockholm/makefu/2configs/deployment/mediengewitter.de.nix>
|
|
||||||
<stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix>
|
|
||||||
# <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/shiori.nix>
|
|
||||||
#<stockholm/makefu/2configs/workadventure>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
|
|
||||||
<stockholm/makefu/2configs/bgt/hidden_service.nix>
|
|
||||||
<stockholm/makefu/2configs/bgt/backup.nix>
|
|
||||||
# <stockholm/makefu/2configs/bgt/social-to-irc.nix>
|
|
||||||
|
|
||||||
# <stockholm/makefu/2configs/logging/client.nix>
|
|
||||||
|
|
||||||
# sharing
|
|
||||||
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
|
||||||
{ krebs.airdcpp.dcpp.shares = {
|
|
||||||
download.path = config.makefu.dl-dir + "/finished";
|
|
||||||
sorted.path = config.makefu.dl-dir + "/sorted";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
<stockholm/makefu/2configs/dcpp/hub.nix>
|
|
||||||
|
|
||||||
## Temporary:
|
|
||||||
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
|
||||||
# <stockholm/makefu/2configs/virtualisation/docker.nix>
|
|
||||||
#<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
|
||||||
|
|
||||||
# krebs infrastructure services
|
|
||||||
# <stockholm/makefu/2configs/stats/server.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
# makefu.dl-dir = "/var/download";
|
|
||||||
makefu.dl-dir = "/media/cloud/download/finished";
|
|
||||||
|
|
||||||
services.openssh.hostKeys = lib.mkForce [
|
|
||||||
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
|
|
||||||
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
|
|
||||||
###### stable
|
|
||||||
security.acme.certs."cgit.euer.krebsco.de" = {
|
|
||||||
email = "letsencrypt@syntax-fehler.de";
|
|
||||||
webroot = "/var/lib/acme/acme-challenge";
|
|
||||||
group = "nginx";
|
|
||||||
};
|
|
||||||
services.nginx.virtualHosts."cgit" = {
|
|
||||||
serverAliases = [ "cgit.euer.krebsco.de" ];
|
|
||||||
addSSL = true;
|
|
||||||
sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem";
|
|
||||||
sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem";
|
|
||||||
locations."/.well-known/acme-challenge".extraConfig = ''
|
|
||||||
root /var/lib/acme/acme-challenge;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.gum;
|
|
||||||
|
|
||||||
# Network
|
|
||||||
networking = {
|
|
||||||
firewall = {
|
|
||||||
allowedTCPPorts = [
|
|
||||||
80 443
|
|
||||||
28967 # storj
|
|
||||||
];
|
|
||||||
allowPing = true;
|
|
||||||
logRefusedConnections = false;
|
|
||||||
};
|
|
||||||
nameservers = [ "8.8.8.8" ];
|
|
||||||
};
|
|
||||||
users.users.makefu.extraGroups = [ "download" "nginx" ];
|
|
||||||
state = [ "/home/makefu/.weechat" ];
|
|
||||||
}
|
|
|
@ -1,116 +0,0 @@
|
||||||
{ config, ... }:
|
|
||||||
let
|
|
||||||
external-mac = "50:46:5d:9f:63:6b";
|
|
||||||
main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
|
|
||||||
sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
|
|
||||||
external-gw = "144.76.26.225";
|
|
||||||
# single partition, label "nixos"
|
|
||||||
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
|
|
||||||
|
|
||||||
|
|
||||||
# static
|
|
||||||
external-ip = "144.76.26.247";
|
|
||||||
external-ip6 = "2a01:4f8:191:12f6::2";
|
|
||||||
external-gw6 = "fe80::1";
|
|
||||||
external-netmask = 27;
|
|
||||||
external-netmask6 = 64;
|
|
||||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
|
||||||
ext-if = "et0"; # gets renamed on the fly
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu/2configs/smart-monitor.nix>
|
|
||||||
{ services.smartd.devices = builtins.map (x: { device = x; }) allDisks; }
|
|
||||||
|
|
||||||
];
|
|
||||||
makefu.server.primary-itf = ext-if;
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
|
|
||||||
'';
|
|
||||||
networking = {
|
|
||||||
interfaces."${ext-if}" = {
|
|
||||||
ipv4.addresses = [{
|
|
||||||
address = external-ip;
|
|
||||||
prefixLength = external-netmask;
|
|
||||||
}];
|
|
||||||
ipv6.addresses = [{
|
|
||||||
address = external-ip6;
|
|
||||||
prefixLength = external-netmask6;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
defaultGateway6 = { address = external-gw6; interface = ext-if; };
|
|
||||||
defaultGateway = external-gw;
|
|
||||||
};
|
|
||||||
boot.kernelParams = [ ];
|
|
||||||
boot.loader.grub.enable = true;
|
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.devices = [ main-disk ];
|
|
||||||
boot.initrd.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" ];
|
|
||||||
boot.initrd.availableKernelModules = [
|
|
||||||
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
|
|
||||||
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
|
|
||||||
];
|
|
||||||
boot.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" "kvm-intel" ];
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/nixos/root";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/var/lib" = {
|
|
||||||
device = "/dev/nixos/lib";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/var/log" = {
|
|
||||||
device = "/dev/nixos/log";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/var/download" = {
|
|
||||||
device = "/dev/nixos/download";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/var/www/binaergewitter" = {
|
|
||||||
device = "/dev/nixos/binaergewitter";
|
|
||||||
fsType = "ext4";
|
|
||||||
options = [ "nofail" ];
|
|
||||||
};
|
|
||||||
fileSystems."/var/lib/nextcloud/data" = {
|
|
||||||
device = "/dev/nixos/nextcloud";
|
|
||||||
fsType = "ext4";
|
|
||||||
options = [ "nofail" ];
|
|
||||||
};
|
|
||||||
fileSystems."/var/lib/borgbackup" = {
|
|
||||||
device = "/dev/nixos/backup";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/boot" = {
|
|
||||||
device = "/dev/sda2";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
# parted -s -a optimal "$disk" \
|
|
||||||
# mklabel gpt \
|
|
||||||
# mkpart no-fs 0 1024KiB \
|
|
||||||
# set 1 bios_grub on \
|
|
||||||
# mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
|
|
||||||
# mkpart primary 1025MiB 100%
|
|
||||||
# parted -s -a optimal "/dev/sdb" \
|
|
||||||
# mklabel gpt \
|
|
||||||
# mkpart primary 1M 100%
|
|
||||||
|
|
||||||
#mkfs.vfat /dev/sda2
|
|
||||||
#pvcreate /dev/sda3
|
|
||||||
#pvcreate /dev/sdb1
|
|
||||||
#vgcreate nixos /dev/sda3 /dev/sdb1
|
|
||||||
#lvcreate -L 120G -m 1 -n root nixos
|
|
||||||
#lvcreate -L 50G -m 1 -n lib nixos
|
|
||||||
#lvcreate -L 100G -n download nixos
|
|
||||||
#lvcreate -L 100G -n backup nixos
|
|
||||||
#mkfs.ext4 /dev/mapper/nixos-root
|
|
||||||
#mkfs.ext4 /dev/mapper/nixos-lib
|
|
||||||
#mkfs.ext4 /dev/mapper/nixos-download
|
|
||||||
#mkfs.ext4 /dev/mapper/nixos-borgbackup
|
|
||||||
#mount /dev/mapper/nixos-root /mnt
|
|
||||||
#mkdir /mnt/boot
|
|
||||||
#mount /dev/sda2 /mnt/boot
|
|
||||||
#mkdir -p /mnt/var/src
|
|
||||||
#touch /mnt/var/src/.populate
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,50 +0,0 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
{
|
|
||||||
|
|
||||||
imports =
|
|
||||||
[ ./network.nix
|
|
||||||
(modulesPath + "/profiles/qemu-guest.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
# Disk
|
|
||||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "rpool/root";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/home" =
|
|
||||||
{ device = "rpool/home";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nix" =
|
|
||||||
{ device = "rpool/nix";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/sda1";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
boot.loader.grub.device = "/dev/sda";
|
|
||||||
|
|
||||||
networking.hostId = "3150697b"; # required for zfs use
|
|
||||||
boot.tmpOnTmpfs = true;
|
|
||||||
boot.supportedFilesystems = [ "zfs" ];
|
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.copyKernels = true;
|
|
||||||
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
|
|
||||||
boot.kernelParams = [
|
|
||||||
"boot.shell_on_fail"
|
|
||||||
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,13 +0,0 @@
|
||||||
ROOT_DEVICE=/dev/sda2
|
|
||||||
NIXOS_BOOT=/dev/sda1
|
|
||||||
|
|
||||||
zpool create -o ashift=12 -o altroot=/mnt rpool $ROOT_DEVICE
|
|
||||||
zfs create -o mountpoint=legacy rpool/root
|
|
||||||
zfs create -o mountpoint=legacy rpool/home
|
|
||||||
zfs create -o mountpoint=legacy rpool/nix
|
|
||||||
mount -t zfs rpool/root /mnt
|
|
||||||
mkdir /mnt/{home,nix,boot}
|
|
||||||
mount -t zfs rpool/home /mnt/home
|
|
||||||
mount -t zfs rpool/nix /mnt/nix
|
|
||||||
mount $NIXOS_BOOT /mnt/boot/
|
|
||||||
|
|
|
@ -1,36 +0,0 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
let
|
|
||||||
external-mac = "96:00:01:24:33:f4";
|
|
||||||
external-gw = "172.31.1.1";
|
|
||||||
external-ip = "142.132.189.140";
|
|
||||||
external-ip6 = "2a01:4f8:1c17:5cdf::2";
|
|
||||||
external-gw6 = "fe80::1";
|
|
||||||
external-netmask = 32;
|
|
||||||
external-netmask6 = 64;
|
|
||||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
|
||||||
ext-if = "et0"; # gets renamed on the fly
|
|
||||||
in
|
|
||||||
{
|
|
||||||
makefu.server.primary-itf = ext-if;
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
|
|
||||||
'';
|
|
||||||
networking = {
|
|
||||||
enableIPv6 = true;
|
|
||||||
nat.enableIPv6 = true;
|
|
||||||
interfaces."${ext-if}" = {
|
|
||||||
useDHCP = true;
|
|
||||||
ipv6.addresses = [{
|
|
||||||
address = external-ip6;
|
|
||||||
prefixLength = external-netmask6;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
#ipv4.addresses = [{
|
|
||||||
# address = external-ip;
|
|
||||||
# prefixLength = external-netmask;
|
|
||||||
#}];
|
|
||||||
defaultGateway6 = { address = external-gw6; interface = ext-if; };
|
|
||||||
#defaultGateway = external-gw;
|
|
||||||
nameservers = [ "1.1.1.1" ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,6 +0,0 @@
|
||||||
label: gpt
|
|
||||||
device: /dev/sda
|
|
||||||
unit: sectors
|
|
||||||
1 : size=524288 type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
|
|
||||||
4 : size=4096 type=21686148-6449-6E6F-744E-656564454649
|
|
||||||
2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
|
|
|
@ -1,15 +0,0 @@
|
||||||
ssh gum.i -o StrictHostKeyChecking=no
|
|
||||||
|
|
||||||
mount /dev/mapper/nixos-root /mnt
|
|
||||||
mount /dev/sda2 /mnt/boot
|
|
||||||
|
|
||||||
chroot-prepare /mnt
|
|
||||||
chroot /mnt /bin/sh
|
|
||||||
|
|
||||||
|
|
||||||
journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub)
|
|
||||||
# ... activating ...
|
|
||||||
|
|
||||||
export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin
|
|
||||||
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate
|
|
||||||
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild
|
|
|
@ -1,6 +0,0 @@
|
||||||
{
|
|
||||||
name="gum";
|
|
||||||
torrent = true;
|
|
||||||
clever_kexec = true;
|
|
||||||
home-manager = true;
|
|
||||||
}
|
|
|
@ -1,23 +0,0 @@
|
||||||
{
|
|
||||||
"type": "devices",
|
|
||||||
"content": {
|
|
||||||
"sda": {
|
|
||||||
"type": "table",
|
|
||||||
"format": "msdos",
|
|
||||||
"partitions": [
|
|
||||||
{ "type": "partition",
|
|
||||||
"part-type": "primary",
|
|
||||||
"start": "1M",
|
|
||||||
"end": "100%",
|
|
||||||
"bootable": true,
|
|
||||||
"content": {
|
|
||||||
"type": "filesystem",
|
|
||||||
"format": "ext4",
|
|
||||||
"mountpoint": "/"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,72 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
#<stockholm/makefu>
|
|
||||||
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
|
|
||||||
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
|
|
||||||
# <stockholm/makefu/2configs/tools/core.nix>
|
|
||||||
./justdoit.nix
|
|
||||||
{
|
|
||||||
environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" ''
|
|
||||||
#!/bin/sh
|
|
||||||
ip addr add 178.254.30.202/255.255.252.0 dev ens3
|
|
||||||
ip route add default via 178.254.28.1
|
|
||||||
echo nameserver 1.1.1.1 > /etc/resolv.conf
|
|
||||||
'')];
|
|
||||||
kexec.justdoit = {
|
|
||||||
bootSize = 512;
|
|
||||||
rootDevice = "/dev/vda";
|
|
||||||
bootType = "vfat";
|
|
||||||
luksEncrypt = false;
|
|
||||||
uefi = false;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
# boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
|
||||||
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
|
|
||||||
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
|
|
||||||
#krebs.build.host = { cores = 0; };
|
|
||||||
isoImage.isoBaseName = lib.mkForce "stockholm";
|
|
||||||
#krebs.hidden-ssh.enable = true;
|
|
||||||
# environment.systemPackages = with pkgs; [
|
|
||||||
# aria2
|
|
||||||
# ddrescue
|
|
||||||
# ];
|
|
||||||
environment.extraInit = ''
|
|
||||||
EDITOR=vim
|
|
||||||
'';
|
|
||||||
# iso-specific
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
hostKeys = [
|
|
||||||
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
# enable ssh in the iso boot process
|
|
||||||
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
|
|
||||||
# hack `tee` behavior
|
|
||||||
nixpkgs.config.packageOverrides = super: {
|
|
||||||
irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> {
|
|
||||||
pkgs = pkgs // {
|
|
||||||
coreutils = pkgs.symlinkJoin {
|
|
||||||
name = "coreutils-hack";
|
|
||||||
paths = [
|
|
||||||
pkgs.coreutils
|
|
||||||
(pkgs.writeDashBin "tee" ''
|
|
||||||
if test "$1" = /dev/stderr; then
|
|
||||||
while read -r line; do
|
|
||||||
echo "$line"
|
|
||||||
echo "$line" >&2
|
|
||||||
done
|
|
||||||
else
|
|
||||||
${super.coreutils}/bin/tee "$@"
|
|
||||||
fi
|
|
||||||
'')
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,120 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
cfg = config.kexec.justdoit;
|
|
||||||
x = if cfg.nvme then "p" else "";
|
|
||||||
in {
|
|
||||||
options = {
|
|
||||||
kexec.justdoit = {
|
|
||||||
rootDevice = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "/dev/sda";
|
|
||||||
description = "the root block device that justdoit will nuke from orbit and force nixos onto";
|
|
||||||
};
|
|
||||||
bootSize = mkOption {
|
|
||||||
type = types.int;
|
|
||||||
default = 256;
|
|
||||||
description = "size of /boot in mb";
|
|
||||||
};
|
|
||||||
bootType = mkOption {
|
|
||||||
type = types.enum [ "ext4" "vfat" "zfs" ];
|
|
||||||
default = "ext4";
|
|
||||||
};
|
|
||||||
swapSize = mkOption {
|
|
||||||
type = types.int;
|
|
||||||
default = 1024;
|
|
||||||
description = "size of swap in mb";
|
|
||||||
};
|
|
||||||
poolName = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "tank";
|
|
||||||
description = "zfs pool name";
|
|
||||||
};
|
|
||||||
luksEncrypt = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = "encrypt all of zfs and swap";
|
|
||||||
};
|
|
||||||
uefi = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = "create a uefi install";
|
|
||||||
};
|
|
||||||
nvme = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = "rootDevice is nvme";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
config = let
|
|
||||||
mkBootTable = {
|
|
||||||
ext4 = "mkfs.ext4 $NIXOS_BOOT -L NIXOS_BOOT";
|
|
||||||
vfat = "mkfs.vfat $NIXOS_BOOT -n NIXOS_BOOT";
|
|
||||||
zfs = "";
|
|
||||||
};
|
|
||||||
in lib.mkIf true {
|
|
||||||
system.build.justdoit = pkgs.writeScriptBin "justdoit" ''
|
|
||||||
#!${pkgs.stdenv.shell}
|
|
||||||
set -e
|
|
||||||
vgchange -a n
|
|
||||||
wipefs -a ${cfg.rootDevice}
|
|
||||||
dd if=/dev/zero of=${cfg.rootDevice} bs=512 count=10000
|
|
||||||
sfdisk ${cfg.rootDevice} <<EOF
|
|
||||||
label: gpt
|
|
||||||
device: ${cfg.rootDevice}
|
|
||||||
unit: sectors
|
|
||||||
${lib.optionalString (cfg.bootType != "zfs") "1 : size=${toString (2048 * cfg.bootSize)}, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4"}
|
|
||||||
${lib.optionalString (! cfg.uefi) "4 : size=4096, type=21686148-6449-6E6F-744E-656564454649"}
|
|
||||||
2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
|
|
||||||
EOF
|
|
||||||
${if cfg.luksEncrypt then ''
|
|
||||||
cryptsetup luksFormat ${cfg.rootDevice}${x}2
|
|
||||||
cryptsetup open --type luks ${cfg.rootDevice}${x}2 root
|
|
||||||
export ROOT_DEVICE=/dev/mapper/root
|
|
||||||
'' else ''
|
|
||||||
export ROOT_DEVICE=${cfg.rootDevice}${x}2
|
|
||||||
''}
|
|
||||||
${lib.optionalString (cfg.bootType != "zfs") "export NIXOS_BOOT=${cfg.rootDevice}${x}1"}
|
|
||||||
mkdir -p /mnt
|
|
||||||
${mkBootTable.${cfg.bootType}}
|
|
||||||
zpool create -o ashift=12 -o altroot=/mnt ${cfg.poolName} $ROOT_DEVICE
|
|
||||||
zfs create -o mountpoint=legacy ${cfg.poolName}/root
|
|
||||||
zfs create -o mountpoint=legacy ${cfg.poolName}/home
|
|
||||||
zfs create -o mountpoint=legacy ${cfg.poolName}/nix
|
|
||||||
mount -t zfs ${cfg.poolName}/root /mnt/
|
|
||||||
mkdir /mnt/{home,nix,boot}
|
|
||||||
mount -t zfs ${cfg.poolName}/home /mnt/home/
|
|
||||||
mount -t zfs ${cfg.poolName}/nix /mnt/nix/
|
|
||||||
${lib.optionalString (cfg.bootType != "zfs") "mount $NIXOS_BOOT /mnt/boot/"}
|
|
||||||
nixos-generate-config --root /mnt/
|
|
||||||
hostId=$(echo $(head -c4 /dev/urandom | od -A none -t x4))
|
|
||||||
cp ${./target-config.nix} /mnt/etc/nixos/configuration.nix
|
|
||||||
cat > /mnt/etc/nixos/generated.nix <<EOF
|
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
${if cfg.uefi then ''
|
|
||||||
boot.loader.grub.efiInstallAsRemovable = true;
|
|
||||||
boot.loader.grub.efiSupport = true;
|
|
||||||
boot.loader.grub.device = "nodev";
|
|
||||||
'' else ''
|
|
||||||
boot.loader.grub.device = "${cfg.rootDevice}";
|
|
||||||
''}
|
|
||||||
networking.hostId = "$hostId"; # required for zfs use
|
|
||||||
${lib.optionalString cfg.luksEncrypt ''
|
|
||||||
boot.initrd.luks.devices = [
|
|
||||||
{ name = "root"; device = "${cfg.rootDevice}${x}2"; preLVM = true; }
|
|
||||||
];
|
|
||||||
''}
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
nixos-install
|
|
||||||
umount /mnt/home /mnt/nix ${lib.optionalString (cfg.bootType != "zfs") "/mnt/boot"} /mnt
|
|
||||||
zpool export ${cfg.poolName}
|
|
||||||
'';
|
|
||||||
environment.systemPackages = [ config.system.build.justdoit ];
|
|
||||||
boot.supportedFilesystems = [ "zfs" ];
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,3 +0,0 @@
|
||||||
{
|
|
||||||
name="iso";
|
|
||||||
}
|
|
|
@ -1,46 +0,0 @@
|
||||||
{ pkgs, lib, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [ ./hardware-configuration.nix ./generated.nix ];
|
|
||||||
boot.loader.grub.enable = true;
|
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
|
|
||||||
#boot.zfs.forceImportRoot = false;
|
|
||||||
#boot.zfs.forceImportAll = false;
|
|
||||||
boot.kernelParams = [
|
|
||||||
"boot.shell_on_fail"
|
|
||||||
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
|
|
||||||
];
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ];
|
|
||||||
boot.tmpOnTmpfs = true;
|
|
||||||
programs.bash.enableCompletion = true;
|
|
||||||
services.journald.extraConfig = ''
|
|
||||||
SystemMaxUse=1G
|
|
||||||
RuntimeMaxUse=128M
|
|
||||||
'';
|
|
||||||
environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" ''
|
|
||||||
#!/bin/sh
|
|
||||||
ip addr add 178.254.30.202/255.255.252.0 dev ens3
|
|
||||||
ip route add default via 178.254.28.1
|
|
||||||
echo nameserver 1.1.1.1 > /etc/resolv.conf
|
|
||||||
'')];
|
|
||||||
|
|
||||||
# minimal
|
|
||||||
boot.supportedFilesystems = [ "zfs" ];
|
|
||||||
programs.command-not-found.enable = false;
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
programs.ssh.startAgent = false;
|
|
||||||
nix.useSandbox = true;
|
|
||||||
users.mutableUsers = false;
|
|
||||||
networking.firewall.rejectPackets = true;
|
|
||||||
networking.firewall.allowPing = true;
|
|
||||||
services.openssh.enable = true;
|
|
||||||
i18n = {
|
|
||||||
consoleKeyMap = "us";
|
|
||||||
defaultLocale = "en_US.UTF-8";
|
|
||||||
};
|
|
||||||
boot.kernel.sysctl = {
|
|
||||||
"net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2";
|
|
||||||
"net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,25 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
# <stockholm/makefu/2configs/tools/core.nix>
|
|
||||||
<nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix>
|
|
||||||
<clever_kexec/kexec/kexec.nix>
|
|
||||||
];
|
|
||||||
# cd ~/stockholm ; nix-build '<nixpkgs/nixos>' -A config.system.build.kexec_tarball -j 4 -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.iso;
|
|
||||||
krebs.hidden-ssh.enable = true;
|
|
||||||
environment.extraInit = ''
|
|
||||||
EDITOR=vim
|
|
||||||
'';
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
hostKeys = [
|
|
||||||
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
|
|
||||||
}
|
|
|
@ -1,3 +0,0 @@
|
||||||
{
|
|
||||||
name="iso";
|
|
||||||
}
|
|
|
@ -1,50 +0,0 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
{
|
|
||||||
|
|
||||||
imports =
|
|
||||||
[ ./network.nix
|
|
||||||
(modulesPath + "/profiles/qemu-guest.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
# Disk
|
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "tank/root";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/home" =
|
|
||||||
{ device = "tank/home";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nix" =
|
|
||||||
{ device = "tank/nix";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/disk/by-uuid/AEF3-A486";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
boot.loader.grub.device = "/dev/vda";
|
|
||||||
|
|
||||||
networking.hostId = "3150697c"; # required for zfs use
|
|
||||||
boot.tmpOnTmpfs = true;
|
|
||||||
boot.supportedFilesystems = [ "zfs" ];
|
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.copyKernels = true;
|
|
||||||
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
|
|
||||||
boot.kernelParams = [
|
|
||||||
"boot.shell_on_fail"
|
|
||||||
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,32 +0,0 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
let
|
|
||||||
external-mac = "c4:37:72:55:4e:1c";
|
|
||||||
external-gw = "178.254.28.1";
|
|
||||||
external-ip = "178.254.30.202";
|
|
||||||
external-ip6 = "2a00:6800:3:18c::2";
|
|
||||||
external-gw6 = "2a00:6800:3::1";
|
|
||||||
external-netmask = 22;
|
|
||||||
external-netmask6 = 64;
|
|
||||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
|
||||||
ext-if = "et0"; # gets renamed on the fly
|
|
||||||
in
|
|
||||||
{
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
|
|
||||||
'';
|
|
||||||
networking = {
|
|
||||||
interfaces."${ext-if}" = {
|
|
||||||
ipv4.addresses = [{
|
|
||||||
address = external-ip;
|
|
||||||
prefixLength = external-netmask;
|
|
||||||
}];
|
|
||||||
ipv6.addresses = [{
|
|
||||||
address = external-ip6;
|
|
||||||
prefixLength = external-netmask6;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
defaultGateway6 = { address = external-gw6; interface = ext-if; };
|
|
||||||
defaultGateway = external-gw;
|
|
||||||
nameservers = [ "1.1.1.1" ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,67 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
let
|
|
||||||
|
|
||||||
# external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
|
||||||
# internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
|
||||||
# default-gw = "185.215.224.1";
|
|
||||||
# prefixLength = 24;
|
|
||||||
# external-mac = "46:5b:fc:f4:44:c9";
|
|
||||||
# ext-if = "et0";
|
|
||||||
in {
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
./1blu
|
|
||||||
<stockholm/makefu>
|
|
||||||
|
|
||||||
# common
|
|
||||||
<stockholm/makefu/2configs/nur.nix>
|
|
||||||
<stockholm/makefu/2configs/home-manager>
|
|
||||||
<stockholm/makefu/2configs/home-manager/cli.nix>
|
|
||||||
|
|
||||||
# Security
|
|
||||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
|
||||||
|
|
||||||
# Tools
|
|
||||||
<stockholm/makefu/2configs/tools/core.nix>
|
|
||||||
<stockholm/makefu/2configs/zsh-user.nix>
|
|
||||||
|
|
||||||
# NixOS Build
|
|
||||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
|
||||||
|
|
||||||
# Storage
|
|
||||||
<stockholm/makefu/2configs/share>
|
|
||||||
# <stockholm/makefu/2configs/share/hetzner-client.nix>
|
|
||||||
|
|
||||||
|
|
||||||
# torrent is managed by gum
|
|
||||||
# <stockholm/makefu/2configs/torrent/rtorrent.nix>
|
|
||||||
|
|
||||||
## Web
|
|
||||||
|
|
||||||
# local usage:
|
|
||||||
<stockholm/makefu/2configs/mosh.nix>
|
|
||||||
|
|
||||||
|
|
||||||
# Supervision
|
|
||||||
<stockholm/makefu/2configs/nix-community/supervision.nix>
|
|
||||||
|
|
||||||
# Krebs
|
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
|
||||||
|
|
||||||
# backup
|
|
||||||
<stockholm/makefu/2configs/backup/state.nix>
|
|
||||||
|
|
||||||
# migrated:
|
|
||||||
# <stockholm/makefu/2configs/bitlbee.nix>
|
|
||||||
|
|
||||||
|
|
||||||
];
|
|
||||||
krebs = {
|
|
||||||
enable = true;
|
|
||||||
build.host = config.krebs.hosts.latte;
|
|
||||||
};
|
|
||||||
|
|
||||||
makefu.dl-dir = "/media/cloud/download";
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,5 +0,0 @@
|
||||||
{
|
|
||||||
name = "latte";
|
|
||||||
torrent = true;
|
|
||||||
home-manager = true;
|
|
||||||
}
|
|
|
@ -1,27 +0,0 @@
|
||||||
{ config,nixpkgsPath, pkgs, lib, ... }:
|
|
||||||
{
|
|
||||||
krebs = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
dns.providers.lan = "hosts";
|
|
||||||
build.user = config.krebs.users.makefu;
|
|
||||||
};
|
|
||||||
imports = [
|
|
||||||
(nixpkgsPath + "/nixos/modules/profiles/minimal.nix")
|
|
||||||
(nixpkgsPath + "/nixos/modules/profiles/installation-device.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
# cifs-utils fails to cross-compile
|
|
||||||
# Let's simplify this by removing all unneeded filesystems from the image.
|
|
||||||
boot.supportedFilesystems = lib.mkForce [ "vfat" ];
|
|
||||||
|
|
||||||
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
|
||||||
|
|
||||||
|
|
||||||
users.users = {
|
|
||||||
root = {
|
|
||||||
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.openssh.enable = true;
|
|
||||||
}
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue