makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse source
This commit is contained in:
tv 2016-11-11 08:49:37 +01:00
parent b837dec290 e6c7b13f59
commit 0e13a4e237
30 changed files with 343 additions and 161 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
krebs/3modules/exim-smarthost.nix
View file

@ -246,12 +246,12 @@ let
remote_smtp:
driver = smtp
${optionalString (cfg.dkim != []) ''
${optionalString (cfg.dkim != []) (indent ''
dkim_canon = relaxed
dkim_domain = $sender_address_domain
dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}}
dkim_selector = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_selector}}}
''}
'')}
helo_data = ''${if eq{$acl_m_special_dom}{} \
{$primary_hostname} \
{$acl_m_special_dom} }

4
krebs/3modules/go.nix
View file

@ -44,7 +44,7 @@ let
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
go
go-shortener
];
environment = {
@ -57,7 +57,7 @@ let
serviceConfig = {
User = "go";
Restart = "always";
ExecStart = "${pkgs.go}/bin/go";
ExecStart = "${pkgs.go-shortener}/bin/go";
};
};
};

2
krebs/5pkgs/go/default.nix → krebs/5pkgs/go-shortener/default.nix
View file

@ -19,7 +19,7 @@ let
};
in np.buildNodePackage {
name = "go";
name = "go-shortener";
src = fetchgit {
url = "http://cgit.lassul.us/go/";

0
krebs/5pkgs/go/packages.nix → krebs/5pkgs/go-shortener/packages.nix
View file

2
lass/1systems/mors.nix
View file

@ -54,7 +54,7 @@ with import <stockholm/lib>;
enable = true;
package = pkgs.postgresql;
};
#virtualisation.docker.enable = true;
virtualisation.docker.enable = true;
#users.users.mainUser.extraGroups = [ "docker" ];
}
{

8
lass/1systems/prism.nix
View file

@ -224,6 +224,14 @@ in {
OnCalendar = "*:0/5";
};
}
{
lass.usershadow = {
enable = true;
};
}
{
virtualisation.libvirtd.enable = true;
}
];
krebs.build.host = config.krebs.hosts.prism;

4
lass/1systems/shodan.nix
View file

@ -75,6 +75,10 @@ with import <stockholm/lib>;
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
"/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
};
services.udev.extraRules = ''

51
lass/2configs/buildbot-standalone.nix
View file

@ -25,20 +25,6 @@ in {
pollinterval=120))
'';
scheduler = {
force-scheduler = ''
sched.append(schedulers.ForceScheduler(
name="force",
builderNames=["fast-tests"]))
'';
fast-tests-scheduler = ''
# test everything real quick
sched.append(schedulers.SingleBranchScheduler(
## all branches
change_filter=util.ChangeFilter(branch_re=".*"),
treeStableTimer=10,
name="fast-all-branches",
builderNames=["fast-tests"]))
'';
build-scheduler = ''
# build all hosts
sched.append(schedulers.SingleBranchScheduler(
@ -113,43 +99,6 @@ in {
'';
fast-tests = ''
f = util.BuildFactory()
f.addStep(grab_repo)
for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
addShell(f,name="build-{}".format(i),env=env_lass,
command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
make \
test \
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
method=eval \
system={}".format(i)])
for i in [ "x", "wry", "vbob", "wbob", "shoney" ]:
addShell(f,name="build-{}".format(i),env=env_makefu,
command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
make \
test \
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
method=eval \
system={}".format(i)])
for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf" ]:
addShell(f,name="build-{}".format(i),env=env_shared,
command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
make \
test \
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
method=eval \
system={}".format(i)])
bu.append(util.BuilderConfig(name="fast-tests",
slavenames=slavenames,
factory=f))
'';
build-pkgs = ''
f = util.BuildFactory()
f.addStep(grab_repo)

7
lass/2configs/default.nix
View file

@ -46,6 +46,13 @@ with import <stockholm/lib>;
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
};
}
(let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
environment.variables = {
CURL_CA_BUNDLE = ca-bundle;
GIT_SSL_CAINFO = ca-bundle;
SSL_CERT_FILE = ca-bundle;
};
})
];
networking.hostName = config.krebs.build.host.name;

2
lass/2configs/go.nix
View file

@ -3,7 +3,7 @@
with import <stockholm/lib>;
{
environment.systemPackages = [
pkgs.go
pkgs.go-shortener
];
krebs.go = {
enable = true;

2
lass/2configs/nixpkgs.nix
View file

@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "686bc9c5ccafbec2b6d2db61bd0803c2b7bc2b7d";
ref = "0195ab84607ac3a3aa07a79d2d6c2781b1bb6731";
};
}

3
lass/2configs/repo-sync.nix
View file

@ -41,7 +41,7 @@ let
mirror.url = "${mirror}${name}";
};
tv = {
origin.url = "http://cgit.ni.r/${name}";
origin.url = "http://cgit.ni.i/${name}";
mirror.url = "${mirror}${name}";
};
lassulus = {
@ -93,6 +93,7 @@ in {
(sync-remote "xintmap" "https://github.com/4z3/xintmap")
(sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
(sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog")
(sync-remote "painload" "https://github.com/krebscode/painload")
(sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
(sync-retiolum "go")
(sync-retiolum "much")

35
lass/2configs/websites/domsen.nix
View file

@ -103,27 +103,6 @@ in {
"o_ubikmedia_de"
];
krebs.backup.plans = {
prism-sql-domsen = {
method = "push";
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-sql"; };
startAt = "00:01";
};
prism-http-domsen = {
method = "push";
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-http"; };
startAt = "00:10";
};
prism-o-ubikmedia-domsen = {
method = "push";
src = { host = config.krebs.hosts.prism; path = "/srv/o.ubikmedia.de-data"; };
dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-owncloud"; };
startAt = "00:30";
};
};
services.phpfpm.phpOptions = ''
sendmail_path = ${sendmail} -t
upload_max_filesize = 100M
@ -142,28 +121,26 @@ in {
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport pop3s"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport imaps"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 465"; target = "ACCEPT"; }
];
krebs.exim-smarthost = {
authenticators.PLAIN = ''
driver = plaintext
server_prompts = :
server_condition = "''${if pam{$auth2:$auth3}{yes}{no}}"
server_set_id = $auth2
public_name = PLAIN
server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
'';
authenticators.LOGIN = ''
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "''${if pam{$auth1:$auth2}{yes}{no}}"
server_set_id = $auth1
server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
'';
internet-aliases = [
{ from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
];
system-aliases = [
sender_domains = [
"jla-trading.com"
];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem";

10
lass/2configs/websites/fritz.nix
View file

@ -88,13 +88,7 @@ in {
];
};
services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
options = ''
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
sendmail_path = "${sendmail} -t -i"
'';
} ''
cat ${pkgs.php}/etc/php-recommended.ini > $out
echo "$options" >> $out
services.phpfpm.phpOptions = ''
sendmail_path = ${sendmail} -t
'';
}

47
lass/2configs/websites/lassulus.nix
View file

@ -37,6 +37,31 @@ in {
};
};
krebs.tinc_graphs.enable = true;
users.users.lass-stuff = {
uid = genid "lass-stuff";
description = "lassul.us blog cgi stuff";
home = "/var/empty";
};
services.phpfpm.poolConfigs."lass-stuff" = ''
listen = /var/run/lass-stuff.socket
user = lass-stuff
group = nginx
pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 1
listen.owner = lass-stuff
listen.group = nginx
php_admin_value[error_log] = 'stderr'
php_admin_flag[log_errors] = on
catch_workers_output = yes
security.limit_extensions =
'';
users.groups.lasscert.members = [
"dovecot2"
"ejabberd"
@ -53,6 +78,28 @@ in {
(nameValuePair "/.well-known/acme-challenge" ''
root /var/lib/acme/challenges/lassul.us/;
'')
(nameValuePair "= /retiolum-hosts.tar.bz2" ''
alias ${config.krebs.tinc.retiolum.hostsArchive};
'')
(nameValuePair "/tinc" ''
alias ${config.krebs.tinc_graphs.workingDir}/external;
'')
(let
script = pkgs.writeBash "test" ''
echo "hello world"
'';
#script = pkgs.execve "ddate-wrapper" {
# filename = "${pkgs.ddate}/bin/ddate";
# argv = [];
#};
in nameValuePair "= /ddate" ''
gzip off;
fastcgi_pass unix:/var/run/lass-stuff.socket;
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param DOCUMENT_ROOT /var/empty;
fastcgi_param SCRIPT_FILENAME ${script};
fastcgi_param SCRIPT_NAME ${script};
'')
];
ssl = {
enable = true;

2
lass/2configs/websites/util.nix
View file

@ -79,6 +79,8 @@ rec {
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /srv/http/${domain}/;

41
lass/3modules/usershadow.nix
View file

@ -13,22 +13,27 @@
type = types.str;
default = "/home/%/.shadow";
};
path = mkOption {
type = types.str;
};
};
imp = {
environment.systemPackages = [ usershadow ];
lass.usershadow.path = "${usershadow}";
security.pam.services.sshd.text = ''
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern}
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
auth required pam_permit.so
account required pam_permit.so
session required pam_permit.so
'';
security.pam.services.exim.text = ''
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern}
security.pam.services.dovecot2.text = ''
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
auth required pam_permit.so
account required pam_permit.so
session required pam_permit.so
session required pam_env.so envfile=${config.system.build.pamEnvironment}
'';
};
@ -38,7 +43,7 @@
"bytestring"
];
body = pkgs.writeHaskell "passwords" {
executables.verify = {
executables.verify_pam = {
extra-depends = deps;
text = ''
import Data.Monoid
@ -61,18 +66,42 @@
if res then exitSuccess else exitFailure
'';
};
executables.verify_arg = {
extra-depends = deps;
text = ''
import Data.Monoid
import System.IO
import Data.Char (chr)
import System.Environment (getEnv, getArgs)
import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
import qualified Data.ByteString.Char8 as BS8
import System.Exit (exitFailure, exitSuccess)
main :: IO ()
main = do
argsList <- getArgs
let shadowFilePattern = argsList !! 0
let user = argsList !! 1
let password = argsList !! 2
let shadowFile = lhs <> user <> tail rhs
(lhs, rhs) = span (/= '%') shadowFilePattern
hash <- readFile shadowFile
let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash)
if res then do (putStr "yes") else exitFailure
'';
};
executables.passwd = {
extra-depends = deps;
text = ''
import System.Environment (getEnv)
import Crypto.PasswordStore (makePasswordWith, pbkdf2)
import qualified Data.ByteString.Char8 as BS8
import System.IO (stdin, hSetEcho, putStr)
import System.IO (stdin, hSetEcho, putStrLn)
main :: IO ()
main = do
home <- getEnv "HOME"
putStr "password:"
putStrLn "password:"
hSetEcho stdin False
password <- BS8.hGetLine stdin
hash <- makePasswordWith pbkdf2 password 10

183
lass/5pkgs/q/default.nix
View file

@ -55,47 +55,143 @@ let
fi
'';
q-power_supply = ''
q-intel_backlight = ''
cd /sys/class/backlight/intel_backlight
</dev/null exec ${pkgs.gawk}/bin/awk '
END {
getline actual_brightness < "actual_brightness"
getline max_brightness < "max_brightness"
getline brightness < "brightness"
printf "intel_backlight %d%% %d/%d\n" \
, actual_brightness / max_brightness * 100 \
, actual_brightness \
, max_brightness
}
'
'';
q-power_supply = let
power_supply = pkgs.writeBash "power_supply" ''
set -efu
uevent=$1
eval "$(${pkgs.gnused}/bin/sed -n '
s/^\([A-Z_]\+=[0-9A-Za-z_-]*\)$/export \1/p
' $uevent)"
case $POWER_SUPPLY_NAME in
AC)
exit # not battery
;;
esac
exec </dev/null
exec ${pkgs.gawk}/bin/awk '
function die(s) {
printf "%s: %s\n", name, s
exit 1
}
function print_hm(h, m) {
m = (h - int(h)) * 60
return sprintf("%dh%dm", h, m)
}
function print_bar(n, r, t1, t2, t_col) {
t1 = int(r * n)
t2 = n - t1
if (r >= .42) t_col = "1;32"
else if (r >= 23) t_col = "1;33"
else if (r >= 11) t_col = "1;31"
else t_col = "5;1;31"
return sgr(t_col) strdup("", t1) sgr(";30") strdup("", t2) sgr()
}
function sgr(p) {
return "\x1b[" p "m"
}
function strdup(s,n,t) {
t = sprintf("%"n"s","")
gsub(/ /,s,t)
return t
}
END {
name = ENVIRON["POWER_SUPPLY_NAME"]
charge_unit = "Ah"
charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6
charge_full = ENVIRON["POWER_SUPPLY_CHARGE_FULL"] / 10^6
current_unit = "A"
current_now = ENVIRON["POWER_SUPPLY_CURRENT_NOW"] / 10^6
energy_unit = "Wh"
energy_now = ENVIRON["POWER_SUPPLY_ENERGY_NOW"] / 10^6
energy_full = ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6
power_unit = "W"
power_now = ENVIRON["POWER_SUPPLY_POWER_NOW"] / 10^6
voltage_unit = "V"
voltage_now = ENVIRON["POWER_SUPPLY_VOLTAGE_NOW"] / 10^6
voltage_min_design = ENVIRON["POWER_SUPPLY_VOLTAGE_MIN_DESIGN"] / 10^6
#printf "charge_now: %s\n", charge_now
#printf "charge_full: %s\n", charge_full
#printf "current_now: %s\n", current_now
#printf "energy_now: %s\n", energy_now
#printf "energy_full: %s\n", energy_full
#printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"]
#printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6
#printf "power_now: %s\n", power_now
#printf "voltage_now: %s\n", voltage_now
if (current_now == 0 && voltage_now != 0) {
current_now = power_now / voltage_now
}
if (power_now == 0) {
power_now = current_now * voltage_now
}
if (charge_now == 0 && voltage_min_design != 0) {
charge_now = energy_now / voltage_min_design
}
if (energy_now == 0) {
energy_now = charge_now * voltage_min_design
}
if (charge_full == 0 && voltage_min_design != 0) {
charge_full = energy_full / voltage_min_design
}
if (energy_full == 0) {
energy_full = charge_full * voltage_min_design
}
if (charge_now == 0 || charge_full == 0) {
die("unknown charge")
}
charge_ratio = charge_now / charge_full
out = out name
out = out sprintf(" %s", print_bar(10, charge_ratio))
out = out sprintf(" %d%", charge_ratio * 100)
out = out sprintf(" %.2f%s", charge_now, charge_unit)
if (current_now != 0) {
out = out sprintf("/%.1f%s", current_now, current_unit)
}
out = out sprintf(" %d%s", energy_full, energy_unit)
if (power_now != 0) {
out = out sprintf("/%.1f%s", power_now, power_unit)
}
if (current_now != 0) {
out = out sprintf(" %s", print_hm(charge_now / current_now))
}
print out
}
'
'';
in ''
for uevent in /sys/class/power_supply/*/uevent; do
if test -f $uevent; then
eval "$(${pkgs.gnused}/bin/sed -n '
s/^\([A-Z_]\+=\)\(.*\)/\1'\'''\2'\'''/p
' $uevent)"
if test "x''${POWER_SUPPLY_CHARGE_NOW-}" = x; then
continue
fi
charge_percentage=$(echo "
scale=2
$POWER_SUPPLY_CHARGE_NOW / $POWER_SUPPLY_CHARGE_FULL
" | ${pkgs.bc}/bin/bc)
lfc=$POWER_SUPPLY_CHARGE_FULL
rc=$POWER_SUPPLY_CHARGE_NOW
#rc=2800
N=78; N=76
N=10
n=$(echo $N-1 | ${pkgs.bc}/bin/bc)
centi=$(echo "$rc*100/$lfc" | ${pkgs.bc}/bin/bc)
deci=$(echo "$rc*$N/$lfc" | ${pkgs.bc}/bin/bc)
energy_evel=$(
echo -n ' ' # TRIGRAM FOR THUNDER
if test $centi -ge 42; then echo -n ''
elif test $centi -ge 23; then echo -n ''
elif test $centi -ge 11; then echo -n ''
else echo -n ''; fi
for i in $(${pkgs.coreutils}/bin/seq 1 $deci); do
echo -n
done
echo -n ''
for i in $(${pkgs.coreutils}/bin/seq $deci $n); do
echo -n
done
echo '' $rc #/ $lfc
)
echo "$energy_evel $charge_percentage"
fi
${power_supply} "$uevent" || :
done
'';
@ -171,15 +267,20 @@ in
pkgs.writeBashBin "q" ''
set -eu
export PATH=/var/empty
(${q-todo}) || :
if [ "$PWD" != "$HOME" ]; then
(HOME=$PWD; ${q-todo}) || :
fi
echo
${q-cal}
echo
${q-isodate}
(${q-gitdir}) &
(${q-intel_backlight}) &
(${q-power_supply}) &
(${q-virtualization}) &
(${q-wireless}) &
(${q-online}) &
(${q-thermal_zone}) &
wait
${q-todo}
''

5
lass/5pkgs/xmonad-lass.nix
View file

@ -112,14 +112,14 @@ displaySomeException = displayException
myKeyMap :: [([Char], X ())]
myKeyMap =
[ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f")
, ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 +4%")
, ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 -4%")
, ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute 0 toggle")
, ("<XF86AudioMicMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-source-mute 1 toggle")
, ("<XF86Launch1>", gridselectWorkspace gridConfig W.view)
, ("<XF86MonBrightnessUp>", spawn "xbacklight -steps 1 -time 1 -inc 10")
, ("<XF86MonBrightnessDown>", spawn "xbacklight -steps 1 -time 1 -dec 10")
, ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill")
, ("M4-a", focusUrgent)
, ("M4-S-r", renameWorkspace def)
@ -129,6 +129,7 @@ myKeyMap =
, ("M4-<Esc>", toggleWS)
, ("M4-S-<Enter>", spawn urxvtcPath)
, ("M4-x", floatNext True >> spawn urxvtcPath)
, ("M4-z", floatNext True >> spawn "${pkgs.termite}/bin/termite")
, ("M4-f", floatNext True)
, ("M4-b", sendMessage ToggleStruts)

1
makefu/1systems/gum.nix
View file

@ -24,6 +24,7 @@ in {
../2configs/torrent.nix
../2configs/graphite-standalone.nix
../2configs/sabnzbd.nix
../2configs/gum-share.nix
../2configs/opentracker.nix

6
makefu/1systems/x.nix
View file

@ -32,7 +32,7 @@
# ../2configs/buildbot-standalone.nix
# hardware specifics are in here
../2configs/hw/tp-x220.nix
../2configs/hw/tp-x230.nix
../2configs/hw/rtl8812au.nix
../2configs/hw/bcm4352.nix
# mount points
@ -46,7 +46,7 @@
# temporary modules
../2configs/temp/share-samba.nix
../2configs/laptop-backup.nix
../2configs/temp/elkstack.nix
#../2configs/temp/elkstack.nix
# ../2configs/temp/sabnzbd.nix
../2configs/tinc/siem.nix
#../2configs/torrent.nix
@ -62,7 +62,7 @@
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ];
# virtualisation.docker.enable = true;
virtualisation.docker.enable = true;
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;

8
makefu/2configs/default.nix
View file

@ -10,7 +10,6 @@ with import <stockholm/lib>;
}
./vim.nix
./binary-cache/nixos.nix
./binary-cache/lass.nix
];
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
@ -90,9 +89,14 @@ with import <stockholm/lib>;
"d /tmp 1777 root root - -"
];
nix.nixPath = [ "/var/src" ];
environment.variables = {
environment.variables = let
ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
in {
NIX_PATH = mkForce "/var/src";
EDITOR = mkForce "vim";
CURL_CA_BUNDLE = ca-bundle;
GIT_SSL_CAINFO = ca-bundle;
SSL_CERT_FILE = ca-bundle;
};
environment.systemPackages = with pkgs; [

6
makefu/2configs/deployment/mycube.connector.one.nix
View file

@ -6,7 +6,11 @@ let
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock";
in {
services.redis.enable = true;
services.redis = {
enable = true;
};
systemd.services.redis.serviceConfig.LimitNOFILE=10032;
services.uwsgi = {
enable = true;
user = "nginx";

39
makefu/2configs/gum-share.nix Normal file
View file

@ -0,0 +1,39 @@
{ config, lib, pkgs, ... }:
with config.krebs.lib;
let
hostname = config.krebs.build.host.name;
in {
# users.users.smbguest = {
# name = "smbguest";
# uid = config.ids.uids.smbguest;
# description = "smb guest user";
# home = "/var/empty";
# };
users.users.download = { };
services.samba = {
enable = true;
shares = {
download = {
path = "/var/download";
"read only" = "no";
browseable = "yes";
"guest ok" = "no";
"valid users" = "download";
};
};
extraConfig = ''
# guest account = smbguest
# map to guest = bad user
# disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
'';
};
networking.firewall.extraCommands = ''
iptables -A INPUT -i retiolum -p tcp --dport 445 -j ACCEPT
'';
}

1
makefu/2configs/hw/bcm4352.nix
View file

@ -1,6 +1,7 @@
{config, ...}:
{
networking.enableB43Firmware = true;
boot.kernelModules = [ "wl" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
}

18
makefu/2configs/hw/tp-x220.nix → makefu/2configs/hw/tp-x230.nix
View file

@ -5,9 +5,19 @@ with import <stockholm/lib>;
imports = [ ./tp-x2x0.nix ];
boot = {
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" "tp_smapi" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
# tp-smapi is not supported bt x230 anymore
kernelModules = [
"kvm-intel"
"thinkpad_ec"
# "acpi_call"
# "thinkpad_acpi"
# "tpm-rng"
];
extraModulePackages = [
# config.boot.kernelPackages.acpi_call
];
};
services.acpid.enable = true;
hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
services.xserver = {
videoDriver = "intel";
@ -15,8 +25,8 @@ with import <stockholm/lib>;
Option "AccelMethod" "sna"
'';
};
security.rngd.enable = true;
# no entropy source working
# security.rngd.enable = true;
services.xserver.displayManager.sessionCommands =''
xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1

7
makefu/2configs/hw/tp-x2x0.nix
View file

@ -28,8 +28,9 @@ with import <stockholm/lib>;
services.tlp.enable = true;
services.tlp.extraConfig = ''
# BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
#START_CHARGE_THRESH_BAT0=80
STOP_CHARGE_THRESH_BAT0=95
START_CHARGE_THRESH_BAT0=67
STOP_CHARGE_THRESH_BAT0=100
CPU_SCALING_GOVERNOR_ON_AC=performance
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
@ -40,6 +41,6 @@ with import <stockholm/lib>;
'';
powerManagement.resumeCommands = ''
{pkgs.rfkill}/bin/rfkill unblock all
${pkgs.rfkill}/bin/rfkill unblock all
'';
}

1
makefu/2configs/nginx/euer.wiki.nix
View file

@ -44,7 +44,6 @@ in {
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /
# errors to journal
php_admin_value[error_log] = 'stderr'
php_admin_flag[log_errors] = on
catch_workers_output = yes

3
makefu/2configs/tinc/retiolum.nix
View file

@ -1,4 +1,7 @@
_:
{
imports = [
../binary-cache/lass.nix
];
krebs.tinc.retiolum.enable = true;
}

2
makefu/2configs/urlwatch.nix
View file

@ -15,7 +15,7 @@
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
https://github.com/amadvance/snapraid/releases.atom
https://erdgeist.org/gitweb/opentracker/commit/
https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
];
};
}