Merge remote-tracking branch 'gum/master' into staging/18.03

This commit is contained in:
lassulus 2018-03-29 11:17:55 +02:00
commit 1589a66802
9 changed files with 123 additions and 69 deletions

View file

@ -2,16 +2,15 @@
python2Packages.buildPythonApplication rec {
name = "buildbot-classic-${version}";
version = "0.8.14";
version = "0.8.15";
namePrefix = "";
patches = [];
src = fetchFromGitHub {
owner = "krebscode";
repo = "buildbot-classic";
# rev = "v${version}";
rev = "843463911";
sha256 = "1ybl52ybjw5p09yik6bck9i1pvnvg94i0d32zqrwy67s77yx1mfd";
rev = version;
sha256 = "0hmmpqxs1i3nvwj9681yi0q3qz0xdcbbm0774lkn1ic5fg3c68fm";
};
postUnpack = "sourceRoot=\${sourceRoot}/master";

View file

@ -52,7 +52,7 @@ in {
# network
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
<stockholm/makefu/2configs/vpn/vpnws/server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix>
<stockholm/makefu/2configs/iodined.nix>

View file

@ -9,7 +9,7 @@ let
keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904";
rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2";
primaryInterface = "enp1s0";
primaryInterface = "enp2s0";
# cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
# cryptsetup luksAddKey $dev tmpkey
# cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
@ -54,6 +54,7 @@ in {
#<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix>
<stockholm/makefu/2configs/share/omo.nix>
# <stockholm/makefu/2configs/share/omo-timemachine.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
@ -65,6 +66,7 @@ in {
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf>
<stockholm/makefu/2configs/stats/telegraf/europastats.nix>
<stockholm/makefu/2configs/stats/arafetch.nix>
# services
<stockholm/makefu/2configs/syncthing.nix>
@ -72,6 +74,11 @@ in {
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/deployment/google-muell.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/bluetooth-mpd.nix>
{
hardware.pulseaudio.systemWide = true;
makefu.mpd.musicDirectory = "/media/cryptX/music";
}
# security

View file

@ -32,66 +32,7 @@ in {
<stockholm/makefu/2configs/hydra/stockholm.nix>
<stockholm/makefu/2configs/share/wbob.nix>
(let
musicDirectory = "/data/music";
in {
services.mpd = {
enable = true;
inherit musicDirectory;
# dataDir = "/home/anders/.mpd";
network.listenAddress = "any";
extraConfig = ''
audio_output {
type "pulse"
name "Local MPD"
server "127.0.0.1"
}
'';
};
# open because of truestedInterfaces
# networking.firewall.allowedTCPPorts = [ 6600 4713 ];
services.samba.shares.music = {
path = musicDirectory;
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
sound.enable = true;
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
# systemWide = true;
support32Bit = true;
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
tcp = {
enable = true;
anonymousClients.allowAll = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ];
};
configFile = pkgs.writeText "default.pa" ''
load-module module-udev-detect
load-module module-bluetooth-policy
load-module module-bluetooth-discover
load-module module-native-protocol-unix
load-module module-always-sink
load-module module-console-kit
load-module module-systemd-login
load-module module-intended-roles
load-module module-position-event-sounds
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
load-module module-switch-on-connect
# may be required for "system-wide" pulse to connect to bluetooth
#module-bluez5-device
#module-bluez5-discover
'';
};
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
})
<stockholm/makefu/2configs/bluetooth-mpd.nix>
# Sensors
<stockholm/makefu/2configs/stats/telegraf>

View file

@ -0,0 +1,68 @@
{ pkgs, config, lib, ... }:
let
cfg = config.makefu.mpd;
in {
options.makefu.mpd.musicDirectory = lib.mkOption {
description = "music Directory";
default = "/data/music";
type = lib.types.str;
};
config = {
services.mpd = {
enable = true;
inherit (cfg) musicDirectory;
network.listenAddress = "0.0.0.0";
extraConfig = ''
audio_output {
type "pulse"
name "Local MPD"
server "127.0.0.1"
}
'';
};
# open because of truestedInterfaces
# networking.firewall.allowedTCPPorts = [ 6600 4713 ];
services.samba.shares.music = {
path = cfg.musicDirectory;
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
sound.enable = true;
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
# systemWide = true;
support32Bit = true;
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
tcp = {
enable = true;
# PULSE_SERVER=192.168.1.11 pavucontrol
anonymousClients.allowAll = true;
};
configFile = pkgs.writeText "default.pa" ''
load-module module-udev-detect
load-module module-bluetooth-policy
load-module module-bluetooth-discover
load-module module-native-protocol-unix
load-module module-always-sink
load-module module-console-kit
load-module module-systemd-login
load-module module-intended-roles
load-module module-position-event-sounds
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-switch-on-connect
'';
};
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
#hardware.bluetooth.extraConfig = ''
# [general]
# Enable=Source,Sink,Media,Socket
#'';
};
}

View file

@ -30,6 +30,7 @@ in {
forceSSL = true;
locations = {
"/".extraConfig = ''
expires -1;
uwsgi_pass unix://${wsgi-sock};
uwsgi_param UWSGI_CHDIR ${workdir};
uwsgi_param UWSGI_MODULE cuserver.main;

View file

@ -17,6 +17,7 @@ let
# contains:
# user1 = pass1
# userN = passN
# afterwards put /var/www/<ext-dom>/user1.html as tiddlywiki
tw-pass-file = "${sec}/tw-pass.ini";
in {
@ -45,7 +46,7 @@ in {
systemd.services.prepare-tw = {
wantedBy = [ "local-fs.target" ];
before = [ "phpfpm.service" ];
before = [ "phpfpm.service" "nginx.service" ];
serviceConfig = {
ExecStart = pkgs.writeScript "prepare-tw-service" ''
#!/bin/sh
@ -92,6 +93,7 @@ in {
locations = {
"/" = {
root = wiki-dir;
index = "makefu.html";
extraConfig = ''
expires -1;
autoindex on;

View file

@ -0,0 +1,36 @@
{ pkgs, lib, ...}:
with import <stockholm/lib>;
let
pkg = with pkgs.python3Packages;buildPythonPackage rec {
rev = "762d747";
name = "europastats-${rev}";
propagatedBuildInputs = [
requests
docopt
influxdb
beautifulsoup4
];
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/arafetch";
inherit rev;
sha256 = "164xiqbrr914lz0nh3i1dxz8iwg6vm2af3i3803cd3242nznw0ws";
};
};
home = "/var/lib/arafetch";
in {
users.users.arafetch = {
uid = genid "arafetch";
inherit home;
createHome = true;
};
systemd.services.arafetch = {
startAt = "Mon 09:15:00";
wantedBy = [ "multi-user.target" ];
environment = {
OUTDIR = home;
};
path = [ pkg pkgs.git pkgs.wget ];
script = "${pkg}/bin/weekrun";
};
}

View file

@ -21,9 +21,9 @@ let
];
};
# TODO: automate updating of this ref + cherry-picks
ref = "6b6e72b"; # nixos-17.09 @ 2018-03-07
ref = "6583793"; # nixos-17.09 @ 2018-03-07
# + do_sqlite3 ruby: 55a952be5b5
# + signal: 0f19beef3
# + signal: 0f19beef3, 50ad913, 9449782, b7046ab2
in
evalSource (toString _file) [