Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2018-09-18 15:47:03 +02:00
commit 245994cc7a
53 changed files with 965 additions and 272 deletions

View file

@ -129,6 +129,8 @@ in {
"graphite.shack" "graphite.shack"
"acng.shack" "acng.shack"
"drivedroid.shack" "drivedroid.shack"
"mobile.lounge.mpd.shack"
"lounge.mpd.wolf.shack"
]; ];
}; };
retiolum = { retiolum = {
@ -138,6 +140,7 @@ in {
"wolf.r" "wolf.r"
"build.wolf.r" "build.wolf.r"
"cgit.wolf.r" "cgit.wolf.r"
"lounge.mpd.wolf.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----

View file

@ -1,7 +1,9 @@
{ config, ... }: { config, ... }:
with import <stockholm/lib>; with import <stockholm/lib>;
## generate keys with:
# tinc generate-keys
# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
{ {
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
cake = rec { cake = rec {
@ -29,6 +31,32 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake";
}; };
crapi = rec { # raspi1
cores = 1;
ci = false;
nets = {
retiolum = {
ip4.addr = "10.243.136.237";
ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee2";
aliases = [
"crapi.r"
];
tinc.pubkey = ''
Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66
OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L
R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk
OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME
di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl
bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi";
};
drop = rec { drop = rec {
ci = true; ci = true;
cores = 1; cores = 1;
@ -298,6 +326,13 @@ with import <stockholm/lib>;
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
#wiregrill = {
# ip6.addr = "42:4200:0000:0000:0000:0000:0000:a4db";
# aliases = [
# "x.w"
# ];
# wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
#};
}; };
ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x";
@ -457,8 +492,6 @@ with import <stockholm/lib>;
ip6.addr = "42:f9f0::10"; ip6.addr = "42:f9f0::10";
aliases = [ aliases = [
"omo.r" "omo.r"
"logs.makefu.r"
"stats.makefu.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -525,7 +558,9 @@ with import <stockholm/lib>;
"krebsco.de" = '' "krebsco.de" = ''
cache.euer IN A ${nets.internet.ip4.addr} cache.euer IN A ${nets.internet.ip4.addr}
cache.gum IN A ${nets.internet.ip4.addr} cache.gum IN A ${nets.internet.ip4.addr}
graph IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr}
iso.euer IN A ${nets.internet.ip4.addr}
''; '';
}; };
cores = 8; cores = 8;
@ -537,13 +572,24 @@ with import <stockholm/lib>;
"nextgum.i" "nextgum.i"
]; ];
}; };
#wiregrill = {
# via = internet;
# ip6.addr = "42:4200:0000:0000:0000:0000:0000:70d3";
# aliases = [
# "gum.w"
# ];
# wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
#};
retiolum = { retiolum = {
via = internet; via = internet;
ip4.addr = "10.243.0.213"; ip4.addr = "10.243.0.213";
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3"; ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
aliases = [ aliases = [
"nextgum.r" "nextgum.r"
"graph.r"
"cache.gum.r" "cache.gum.r"
"logs.makefu.r"
"stats.makefu.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -579,7 +625,6 @@ with import <stockholm/lib>;
boot.euer IN A ${nets.internet.ip4.addr} boot.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr}
mon.euer IN A ${nets.internet.ip4.addr} mon.euer IN A ${nets.internet.ip4.addr}
graph IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr}
photostore IN A ${nets.internet.ip4.addr} photostore IN A ${nets.internet.ip4.addr}
@ -604,7 +649,6 @@ with import <stockholm/lib>;
"o.gum.r" "o.gum.r"
"tracker.makefu.r" "tracker.makefu.r"
"graph.r"
"search.makefu.r" "search.makefu.r"
"wiki.makefu.r" "wiki.makefu.r"
"wiki.gum.r" "wiki.gum.r"

View file

View file

View file

View file

@ -0,0 +1,4 @@
1. flash arm6 image from https://www.cs.helsinki.fi/u/tmtynkky/nixos-arm/installer/ to sdcard
2. passwd; systemctl start sshd; mkdir /var/src ; touch /var/src/.populate
3. "environment.systemPackages = [ pkgs.rsync pkgs.git ];" in /etc/nixos/configuration.nix
5. nixos-rebuild switch --fast --option binary-caches http://nixos-arm.dezgeg.me/channel --option binary-cache-public-keys nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%

View file

@ -0,0 +1,46 @@
{ config, pkgs, lib, ... }:
{
# :l <nixpkgs>
# builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
imports = [
<stockholm/makefu>
<stockholm/makefu/2configs>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/save-diskspace.nix>
];
krebs.build.host = config.krebs.hosts.crapi;
# NixOS wants to enable GRUB by default
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
boot.kernelPackages = pkgs.linuxPackages_rpi;
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
system.activationScripts.create-swap = ''
if [ ! -e /swapfile ]; then
fallocate -l 2G /swapfile
mkswap /swapfile
fi
'';
swapDevices = [ { device = "/swapfile"; size = 2048; } ];
nix.package = lib.mkForce pkgs.nixStable;
services.openssh.enable = true;
}

View file

@ -0,0 +1,3 @@
{
arm6 = true;
}

View file

@ -17,7 +17,10 @@ in {
# <stockholm/makefu/2configs/smart-monitor.nix> # <stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/mail-client.nix> <stockholm/makefu/2configs/mail-client.nix>
<stockholm/makefu/2configs/mosh.nix> <stockholm/makefu/2configs/mosh.nix>
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/tools/desktop.nix>
<stockholm/makefu/2configs/tools/mobility.nix> <stockholm/makefu/2configs/tools/mobility.nix>
{ environment.systemPackages = [ pkgs.esniper ]; }
# <stockholm/makefu/2configs/disable_v6.nix> # <stockholm/makefu/2configs/disable_v6.nix>
#<stockholm/makefu/2configs/graphite-standalone.nix> #<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix> #<stockholm/makefu/2configs/share-user-sftp.nix>
@ -33,12 +36,12 @@ in {
# logs to influx # logs to influx
<stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf> <stockholm/makefu/2configs/stats/telegraf>
<stockholm/makefu/2configs/stats/telegraf/europastats.nix> # <stockholm/makefu/2configs/stats/telegraf/europastats.nix>
<stockholm/makefu/2configs/stats/telegraf/hamstats.nix>
<stockholm/makefu/2configs/stats/arafetch.nix> <stockholm/makefu/2configs/stats/arafetch.nix>
# services # services
<stockholm/makefu/2configs/syncthing.nix> <stockholm/makefu/2configs/syncthing.nix>
<stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/deployment/google-muell.nix> <stockholm/makefu/2configs/deployment/google-muell.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix> <stockholm/makefu/2configs/virtualisation/docker.nix>
@ -67,8 +70,8 @@ in {
# <stockholm/makefu/2configs/temp/rst-issue.nix> # <stockholm/makefu/2configs/temp/rst-issue.nix>
]; ];
makefu.full-populate = true; makefu.full-populate = true;
krebs.rtorrent = { krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) {
downloadDir = lib.mkForce "/media/cryptX/torrent"; downloadDir = lib.mkForce "/media/cryptX/torrent";
extraConfig = '' extraConfig = ''
upload_rate = 200 upload_rate = 200

View file

@ -6,7 +6,8 @@ let
rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe"; rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe";
}); });
cfg = fromJSON (readFile ../../hardware/tsp-disk.json); cfg = fromJSON (readFile ../../hardware/tsp-disk.json);
primaryInterface = "enp1s0"; # primaryInterface = "enp1s0";
primaryInterface = "wlp2s0";
rootDisk = "/dev/sda"; # TODO same as disko uses rootDisk = "/dev/sda"; # TODO same as disko uses
in { in {
imports = [ imports = [
@ -28,5 +29,13 @@ in {
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
}; };
networking.wireless.enable = true;
hardware.enableRedistributableFirmware = true;
hardware.cpu.intel.updateMicrocode = true;
services.logind.lidSwitch = "ignore";
services.logind.lidSwitchDocked = "ignore";
services.logind.extraConfig = ''
HandleSuspendKey = ignore
'';
powerManagement.enable = false;
} }

View file

@ -6,13 +6,13 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
<stockholm/makefu> <stockholm/makefu>
# <stockholm/makefu/2configs/hw/vbox-guest.nix> <stockholm/makefu/2configs/hw/vbox-guest.nix>
{ # until virtualbox-image is fixed #{ # until virtualbox-image is fixed
imports = [ # imports = [
<stockholm/makefu/2configs/fs/single-partition-ext4.nix> # <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
]; # ];
boot.loader.grub.device = "/dev/sda"; # boot.loader.grub.device = lib.mkForce "/dev/sda";
} #}
<stockholm/makefu/2configs/main-laptop.nix> <stockholm/makefu/2configs/main-laptop.nix>
# <secrets/extra-hosts.nix> # <secrets/extra-hosts.nix>

View file

@ -0,0 +1,49 @@
{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
let
disk = "/dev/sda";
in {
imports = [
<stockholm/makefu>
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
<stockholm/makefu/2configs/tools/core.nix>
];
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
krebs.build.host = config.krebs.hosts.iso;
krebs.hidden-ssh.enable = true;
environment.extraInit = ''
EDITOR=vim
'';
# iso-specific
boot.kernelParams = [ "copytoram" ];
environment.systemPackages = [
pkgs.parted
( pkgs.writeScriptBin "shack-install" ''
#! /bin/sh
echo "go ahead and try NIX_PATH=/root/.nix-defexpr/channels/ nixos-install"
'')
];
systemd.services.wpa_supplicant.wantedBy = lib.mkForce [ "multi-user.target" ];
networking.wireless = {
enable = true;
networks.shack.psk = "welcome2shack";
};
services.openssh = {
enable = true;
hostKeys = [
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
# enable ssh in the iso boot process
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
}

View file

@ -0,0 +1,5 @@
#!/bin/sh
set -euf
parted -s ${disk} mklabel msdos
parted -s ${disk} -- mkpart primary linux-swap 1M 4096M
parted -s ${disk} -- mkpart primary ext2 4096M 100%

View file

@ -0,0 +1,231 @@
{ config, pkgs, lib, ... }:
{
imports = [
./hardware-configuration.nix
# TODO:
];
# shacks-specific
networking.wireless = {
enable = true;
networks.shack.psk = "181471eb97eb23f12c6871227bc4a7b13c8f6af56dcc0d0e8b71f4d7a510cb4e";
};
networking.hostName = "shackbook";
boot.tmpOnTmpfs = true;
users.users.shack = {
createHome = true;
useDefaultShell = true;
home = "/home/shack";
uid = 9001;
packages = with pkgs;[
chromium
firefox
];
extraGroups = [ "audio" "wheel" ];
hashedPassword = "$6$KIxlQTLEnKl7cwC$LrmbwZ64Mlm7zqUUZ0EObPJMES3C0mQ6Sw7ynTuXzUo7d9EWg/k5XCGkDHMFvL/Pz19Awcv0knHB1j3dHT6fh/" ;
};
environment.variables = let
ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
in {
EDITOR = lib.mkForce "vim";
CURL_CA_BUNDLE = ca-bundle;
GIT_SSL_CAINFO = ca-bundle;
SSL_CERT_FILE = ca-bundle;
};
services.printing = {
enable = true;
# TODO: shack-printer
};
environment.systemPackages = with pkgs;[
parted
ddrescue
tmux
jq git gnumake htop rxvt_unicode.terminfo
(pkgs.vim_configurable.customize {
name = "vim";
vimrcConfig.customRC = ''
set nocompatible
syntax on
set list
set listchars=tab:\
"set list listchars=tab:>-,trail:.,extends:>
filetype off
filetype plugin indent on
colorscheme darkblue
set background=dark
set number
set relativenumber
set mouse=a
set ignorecase
set incsearch
set wildignore=*.o,*.obj,*.bak,*.exe,*.os
set textwidth=79
set shiftwidth=2
set expandtab
set softtabstop=2
set shiftround
set smarttab
set tabstop=2
set et
set autoindent
set backspace=indent,eol,start
inoremap <F1> <ESC>
nnoremap <F1> <ESC>
vnoremap <F1> <ESC>
nnoremap <F5> :UndotreeToggle<CR>
set undodir =~/.vim/undo
set undofile
"maximum number of changes that can be undone
set undolevels=1000000
"maximum number lines to save for undo on a buffer reload
set undoreload=10000000
nnoremap <F2> :set invpaste paste?<CR>
set pastetoggle=<F2>
set showmode
set showmatch
set matchtime=3
set hlsearch
autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red
" save on focus lost
au FocusLost * :wa
autocmd BufRead *.json set filetype=json
au BufNewFile,BufRead *.mustache set syntax=mustache
cnoremap SudoWrite w !sudo tee > /dev/null %
" create Backup/tmp/undo dirs
set backupdir=~/.vim/backup
set directory=~/.vim/tmp
function! InitBackupDir()
let l:parent = $HOME . '/.vim/'
let l:backup = l:parent . 'backup/'
let l:tmpdir = l:parent . 'tmp/'
let l:undodir= l:parent . 'undo/'
if !isdirectory(l:parent)
call mkdir(l:parent)
endif
if !isdirectory(l:backup)
call mkdir(l:backup)
endif
if !isdirectory(l:tmpdir)
call mkdir(l:tmpdir)
endif
if !isdirectory(l:undodir)
call mkdir(l:undodir)
endif
endfunction
call InitBackupDir()
augroup Binary
" edit binaries in xxd-output, xxd is part of vim
au!
au BufReadPre *.bin let &bin=1
au BufReadPost *.bin if &bin | %!xxd
au BufReadPost *.bin set ft=xxd | endif
au BufWritePre *.bin if &bin | %!xxd -r
au BufWritePre *.bin endif
au BufWritePost *.bin if &bin | %!xxd
au BufWritePost *.bin set nomod | endif
augroup END
'';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins;
vimrcConfig.vam.pluginDictionaries = [
{ names = [ "undotree" ]; }
# vim-nix handles indentation better but does not perform sanity
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
];
})
];
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
HISTSIZE=900001
HISTFILESIZE=$HISTSIZE
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
PS1='\[\e[1;32m\]\w\[\e[0m\] '
'';
};
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
nix = {
package = pkgs.nixUnstable;
optimise.automatic = true;
useSandbox = true;
gc.automatic = true;
};
system.autoUpgrade.enable = true;
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
# gui and stuff
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
};
fonts = {
enableFontDir = true;
enableGhostscriptFonts = true;
fonts = [ pkgs.terminus_font ];
};
time.timeZone = "Europe/Berlin";
services.timesyncd.enable = true;
# GUI
hardware.pulseaudio.enable = true;
services.xserver = {
enable = true;
displayManager.auto.enable = true;
displayManager.auto.user = "shack";
desktopManager.xfce.enable = true;
layout = "us";
xkbVariant = "altgr-intl";
xkbOptions = "ctrl:nocaps, eurosign:e";
};
services.openssh = {
enable = true;
hostKeys = [
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
}

View file

@ -0,0 +1,24 @@
#!/bin/sh
set -euf
p(){
parted -s ${disk} -- $@
}
p mklabel gpt
p mkpart primary fat32 1M 551M
p set 1 boot on
p mkpart primary linux-swap 51M 4647M
p mkpart primary ext2 4647M 100%
udevadm settle
mkfs.fat -nboot -F32 /dev/sda1
udevadm settle
mkswap ${disk}2 -L swap
swapon -L swap
mkfs.ext4 -L nixos ${disk}3
mount LABEL=nixos /mnt
mkdir /mnt/boot
mount LABEL=boot /mnt/boot
mkdir -p /mnt/etc/nixos
cp ${./shack-config.nix} /mnt/etc/nixos/configuration.nix
nixos-generate-config --root /mnt

View file

@ -8,57 +8,32 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
<stockholm/makefu> <stockholm/makefu>
<stockholm/makefu/2configs/main-laptop.nix> <stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/tools/all.nix> # <stockholm/makefu/2configs/tools/all.nix>
<stockholm/makefu/2configs/fs/sda-crypto-root.nix> <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
# hardware specifics are in here # hardware specifics are in here
# imports tp-x2x0.nix # imports tp-x2x0.nix
# <stockholm/makefu/2configs/hw/tp-x200.nix> <stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/bluetooth.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
# <stockholm/makefu/2configs/rad1o.nix> # <stockholm/makefu/2configs/rad1o.nix>
<stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/exim-retiolum.nix> <stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/sshd-totp.nix>
{
programs.adb.enable = true;
}
]; ];
# not working in vm
krebs.build.host = config.krebs.hosts.tsp; krebs.build.host = config.krebs.hosts.tsp;
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; boot.loader.grub.device = "/dev/sda";
boot.loader.grub.copyKernels = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
25 25
]; ];
# acer aspire
networking.wireless.enable = lib.mkDefault true;
services.xserver.synaptics.enable = true;
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
hardware.cpu.intel.updateMicrocode = true;
zramSwap.enable = true;
zramSwap.numDevices = 2;
services.tlp.enable = true;
services.tlp.extraConfig = ''
# BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
START_CHARGE_THRESH_BAT0=67
STOP_CHARGE_THRESH_BAT0=100
CPU_SCALING_GOVERNOR_ON_AC=performance
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
CPU_MIN_PERF_ON_AC=0
CPU_MAX_PERF_ON_AC=100
CPU_MIN_PERF_ON_BAT=0
CPU_MAX_PERF_ON_BAT=30
'';
powerManagement.resumeCommands = ''
${pkgs.rfkill}/bin/rfkill unblock all
'';
} }

View file

@ -1,9 +1,7 @@
# #
# #
# #
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
with import <stockholm/lib>;
{ {
imports = imports =
[ # base [ # base
@ -43,6 +41,7 @@ with import <stockholm/lib>;
<stockholm/makefu/2configs/mail-client.nix> <stockholm/makefu/2configs/mail-client.nix>
<stockholm/makefu/2configs/printer.nix> <stockholm/makefu/2configs/printer.nix>
<stockholm/makefu/2configs/task-client.nix> <stockholm/makefu/2configs/task-client.nix>
# <stockholm/makefu/2configs/syncthing.nix>
# Virtualization # Virtualization
<stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/virtualisation/libvirt.nix>
@ -149,4 +148,6 @@ with import <stockholm/lib>;
"/home/makefu/backup/borgun" "/home/makefu/backup/borgun"
"/home/makefu/.mail/" "/home/makefu/.mail/"
]; ];
services.syncthing.user = lib.mkForce "makefu";
services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
} }

View file

@ -1,48 +1,43 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
let let
tasmota_plug = name: topic: { tasmota_plug = name: topic:
platform = "mqtt"; { platform = "mqtt";
inherit name; inherit name;
state_topic = "/bam/${topic}/stat/POWER"; state_topic = "/bam/${topic}/stat/POWER1";
command_topic = "/bam/${topic}/cmnd/POWER"; command_topic = "/bam/${topic}/cmnd/POWER1";
availability_topic = "/bam/${topic}/tele/LWT"; availability_topic = "/bam/${topic}/tele/LWT";
qos = 1; payload_on= "ON";
payload_on= "ON"; payload_off= "OFF";
payload_off= "OFF"; payload_available= "Online";
payload_available= "Online"; payload_not_available= "Offline";
payload_not_available= "Offline"; };
retain= false;
};
espeasy_dht22 = name: [ espeasy_dht22 = name: [
{ { platform = "mqtt";
platform = "mqtt"; name = "${name} DHT22 Temperature";
device_class = "temperature"; device_class = "temperature";
state_topic = "/bam/${name}/dht22/Temperature"; state_topic = "/bam/${name}/dht22/Temperature";
availability_topic = "/bam/${name}/status/LWT"; availability_topic = "/bam/${name}/tele/LWT";
payload_available = "Connected"; payload_available = "Online";
payload_not_available = "Connection Lost"; payload_not_available = "Offline";
} }
{ { platform = "mqtt";
platform = "mqtt"; device_class = "humidity";
device_class = "humidity"; name = "${name} DHT22 Humidity";
state_topic = "/bam/${name}/dht22/Temperature"; state_topic = "/bam/${name}/dht22/Humidity";
unit_of_measurement = "C"; availability_topic = "/bam/${name}/tele/LWT";
availability_topic = "/bam/${name}/status/LWT"; payload_available = "Online";
payload_available = "Connected"; payload_not_available = "Offline";
payload_not_available = "Connection Lost"; }];
}]; espeasy_ds18 = name:
espeasy_ds18 = name: [ { platform = "mqtt";
{ name = "${name} DS18 Temperature";
platform = "mqtt"; state_topic = "/bam/${name}/ds18/Temperature";
device_class = "temperature"; availability_topic = "/bam/${name}/tele/LWT";
state_topic = "/bam/${name}/ds18/Temperature"; payload_available = "Online";
availability_topic = "/bam/${name}/status/LWT"; payload_not_available = "Offline";
payload_available = "Connected"; };
payload_not_available = "Connection Lost";
}
];
in { in {
networking.firewall.allowedTCPPorts = [ 8123 ];
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"homeassistant-0.65.5" "homeassistant-0.65.5"
]; ];
@ -81,18 +76,19 @@ in {
(tasmota_plug "Pluggy" "plug4") (tasmota_plug "Pluggy" "plug4")
]; ];
binary_sensor = [ binary_sensor = [
{ # esp_easy { platform = "mqtt";
platform = "mqtt";
device_class = "motion"; device_class = "motion";
name = "Motion";
state_topic = "/bam/easy2/movement/Switch"; state_topic = "/bam/easy2/movement/Switch";
payload_on = "1"; payload_on = "1";
payload_off = "0"; payload_off = "0";
availability_topic = "/bam/easy2/status/LWT"; availability_topic = "/bam/easy2/tele/LWT";
payload_available = "Connected"; payload_available = "Online";
payload_not_available = "Connection Lost"; payload_not_available = "Offline";
} }
]; ];
sensor = sensor =
(espeasy_dht22 "easy1") ++
(espeasy_dht22 "easy2") ++ (espeasy_dht22 "easy2") ++
[ (espeasy_ds18 "easy3" ) [ (espeasy_ds18 "easy3" )
{ platform = "luftdaten"; { platform = "luftdaten";

View file

@ -5,7 +5,10 @@ let
home = "/var/lib/ampel"; home = "/var/lib/ampel";
sec = "${toString <secrets>}/google-muell.json"; sec = "${toString <secrets>}/google-muell.json";
ampelsec = "${home}/google-muell.json"; ampelsec = "${home}/google-muell.json";
esp = "192.168.1.23"; cred = "${toString <secrets>}/google-muell-creds.json";
# TODO: generate this credential file locally
ampelcred = "${home}/google-muell-creds.json";
esp = "192.168.8.204";
sleepval = "1800"; sleepval = "1800";
in { in {
users.users.ampel = { users.users.ampel = {
@ -21,10 +24,10 @@ in {
serviceConfig = { serviceConfig = {
User = "ampel"; User = "ampel";
ExecStartPre = pkgs.writeDash "copy-ampel-secrets" '' ExecStartPre = pkgs.writeDash "copy-ampel-secrets" ''
cp ${sec} ${ampelsec} install -m600 -o ampel ${sec} ${ampelsec}
chown ampel ${ampelsec} install -m600 -o ampel ${cred} ${ampelcred}
''; '';
ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}"; ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}";
PermissionsStartOnly = true; PermissionsStartOnly = true;
Restart = "always"; Restart = "always";
RestartSec = 10; RestartSec = 10;

View file

@ -1,7 +1,45 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
# Ideas:
## wake-on-lan server
##
let let
firetv = "192.168.1.238"; firetv = "192.168.1.238";
tasmota_plug = name: topic:
{ platform = "mqtt";
inherit name;
state_topic = "/ham/${topic}/stat/POWER1";
command_topic = "/ham/${topic}/cmnd/POWER1";
availability_topic = "/ham/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
};
tasmota_bme = name: topic:
[ { platform = "mqtt";
name = "${name} Temperatur";
state_topic = "/ham/${topic}/tele/SENSOR";
value_template = "{{ value_json.BME280.Temperature }}";
unit_of_measurement = "°C";
}
{ platform = "mqtt";
name = "${name} Luftfeuchtigkeit";
state_topic = "/ham/${topic}/tele/SENSOR";
value_template = "{{ value_json.BME280.Humidity }}";
unit_of_measurement = "%";
}
{ platform = "mqtt";
name = "${name} Luftdruck";
state_topic = "/ham/${topic}/tele/SENSOR";
value_template = "{{ value_json.BME280.Pressure }}";
unit_of_measurement = "hPa";
}
];
in { in {
imports = [
./mqtt.nix
];
systemd.services.firetv = { systemd.services.firetv = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
@ -18,7 +56,17 @@ in {
name = "Home"; time_zone = "Europe/Berlin"; name = "Home"; time_zone = "Europe/Berlin";
latitude = "48.7687"; latitude = "48.7687";
longitude = "9.2478"; longitude = "9.2478";
elevation = 247;
}; };
discovery = {};
conversation = {};
history = {};
logbook = {};
tts = [
{ platform = "google";}
];
sun.elevation = 247;
recorder = {};
media_player = [ media_player = [
{ platform = "kodi"; { platform = "kodi";
host = firetv; host = firetv;
@ -27,7 +75,31 @@ in {
# assumes python-firetv running # assumes python-firetv running
} }
]; ];
mqtt = {
broker = "localhost";
port = 1883;
client_id = "home-assistant";
username = "hass";
password = builtins.readFile <secrets/mqtt/hass>;
keepalive = 60;
protocol = 3.1;
birth_message = {
topic = "/ham/hass/tele/LWT";
payload = "Online";
qos = 1;
retain = true;
};
will_message = {
topic = "/ham/hass/tele/LWT";
payload = "Offline";
qos = 1;
retain = true;
};
};
sensor = [ sensor = [
{ platform = "speedtest";
monitored_conditions = [ "ping" "download" "upload" ];
}
{ platform = "luftdaten"; { platform = "luftdaten";
name = "Ditzingen"; name = "Ditzingen";
sensorid = "663"; sensorid = "663";
@ -51,9 +123,17 @@ in {
seconds = 0; seconds = 0;
}; };
} }
]; ] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer");
frontend = { }; frontend = { };
#group = [
# { default_view = { view = "yes"; entities = [
# "sensor.luftdaten"
# ]}
#];
http = { }; http = { };
switch = [
(tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer")
];
}; };
enable = true; enable = true;
#configDir = "/var/lib/hass"; #configDir = "/var/lib/hass";

View file

@ -0,0 +1,24 @@
{ pkgs, config, ... }:
{
services.mosquitto = {
enable = true;
host = "0.0.0.0";
allowAnonymous = false;
checkPasswords = true;
# see <host>/mosquitto
users.sensor = {
hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg==";
acl = [ "topic readwrite #" ];
};
users.hass = {
hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA==";
acl = [ "topic readwrite #" ];
};
users.stats = {
hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA==";
acl = [ "topic read #" ];
};
};
environment.systemPackages = [ pkgs.mosquitto ];
# port open via trusted interface
}

View file

@ -1,5 +1,7 @@
{config, ...}: {config, ...}:
{ {
# fdisk /dev/sda
# mkfs.ext4 -L nixos /dev/sda1
boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true; boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true;
boot.loader.grub.version = 2; boot.loader.grub.version = 2;

View file

@ -31,6 +31,7 @@ let
ampel = { }; ampel = { };
europastats = { }; europastats = { };
arafetch = { }; arafetch = { };
disko = { };
init-stockholm = { init-stockholm = {
cgit.desc = "Init stuff for stockholm"; cgit.desc = "Init stuff for stockholm";
}; };

View file

@ -29,11 +29,14 @@
# presumably a2dp Sink # presumably a2dp Sink
# Enable profile: # Enable profile:
## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink
hardware.bluetooth.extraConfig = '';
[general]
Enable=Source,Sink,Media,Socket
'';
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true; hardware.bluetooth = {
enable = true;
powerOnBoot = false;
extraConfig = ''
[general]
Enable=Source,Sink,Media,Socket
'';
};
} }

View file

@ -0,0 +1,47 @@
{ config, pkgs, ... }:
{
imports = [
(builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.1.4/nixos-mailserver-v2.1.4.tar.gz")
];
mailserver = {
enable = true;
fqdn = "euer.eloop.org";
domains = [ "euer.eloop.org" ];
loginAccounts = {
"makefu@euer.eloop.org" = {
hashedPassword = "$6$5gFFAPnI/c/EHIx$3aHj64p5SX./C.MPb.eBmyLDRdWS1yaoV0s9r3Yexw4UO9URdUkBDgqT7F0Mjgt6.gyYaJ5E50h0Yg7iHtLWI/";
aliases = [ "root@euer.eloop.org" ];
catchAll = [ "euer.eloop.org" ];
};
};
certificateScheme = 3;
# Enable IMAP and POP3
enableImap = true;
enablePop3 = false;
enableImapSsl = true;
enablePop3Ssl = false;
# Enable the ManageSieve protocol
enableManageSieve = true;
virusScanning = false;
};
services.dovecot2.extraConfig = ''
ssl_dh = </var/lib/dhparams/dovecot.pem
'';
# workaround for DH creation
# security.dhparams = {
# enable = true;
# params = {
# dovecot = 2048;
# };
# };
# systemd.services.dovecot2.requires = [ "dhparams-gen-dovecot.service" ];
# systemd.services.dovecot2.after = [ "dhparams-gen-dovecot.service" ];
}

View file

@ -4,6 +4,7 @@
enable = true; enable = true;
host = "0.0.0.0"; host = "0.0.0.0";
users = {}; users = {};
# TODO: secure that shit
allowAnonymous = true; allowAnonymous = true;
}; };
} }

View file

@ -10,7 +10,12 @@ let
in { in {
services.nginx = { services.nginx = {
enable = mkDefault true; enable = mkDefault true;
virtualHosts."mon.euer.krebsco.de" = { virtualHosts."mon.euer.krebsco.de" = let
# flesh_wrap
authFile = pkgs.writeText "influx.conf" ''
user:$apr1$ZG9oQCum$FhtIe/cl3jf8Sa4zq/BWd1
'';
in {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
@ -21,6 +26,17 @@ in {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
''; '';
}; };
locations."/influxdb/" = {
proxyPass = "http://wbob.r:8086/";
extraConfig = ''
auth_basic "Needs Autherization to visit";
auth_basic_user_file ${authFile};
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
'';
};
}; };
}; };
} }

View file

@ -3,7 +3,7 @@
services.nginx = { services.nginx = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
virtualHosts."misa-felix-hochzeit.ml" = { virtualHosts."misa-felix-hochzeit.ml" = {
serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ]; serverAliases = [ "misa-felix.ml" "www.misa-felix.ml" ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = { locations = {

View file

@ -1,11 +1,10 @@
{ {config,...}:{
nix.trustedUsers = [ "nixBuild" ]; nix.trustedUsers = [ "nixBuild" ];
users.users.nixBuild = { users.users.nixBuild = {
name = "nixBuild"; name = "nixBuild";
useDefaultShell = true; useDefaultShell = true;
# TODO: put this somewhere else
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild" config.krebs.users.buildbotSlave.pubkey
]; ];
}; };
} }

View file

@ -0,0 +1,10 @@
{ pkgs, ... }:
let
port = 9024;
in {
users.users.makefu.packages = [
pkgs.retroshare
];
networking.firewall.allowedTCPPorts = [ port ];
networking.firewall.allowedUDPPorts = [ port ];
}

View file

@ -17,6 +17,7 @@ in {
"file_mode=0775" "file_mode=0775"
"dir_mode=0775" "dir_mode=0775"
"uid=9001" "uid=9001"
"vers=3"
]; ];
}; };

View file

@ -0,0 +1,19 @@
{ pkgs, ... }:
{
services.samba = {
# support for timemachine in git
package = pkgs.sambaFull;
shares = {
time_machine = {
path = "/media/crypt3/backup/time_machine";
"valid users" = "misa";
public = "no";
writeable = "yes";
"force user" = "misa";
"fruit:aapl" = "yes";
"fruit:time machine" = "yes";
"vfs objects" = "catia fruit streams_xattr";
};
};
};
}

View file

@ -0,0 +1,38 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
pkg = pkgs.stdenv.mkDerivation {
name = "aralast-master";
src = pkgs.fetchFromGitHub {
owner = "makefu";
repo = "aralast";
rev = "7121598";
sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m";
};
installPhase = ''
install -m755 -D aralast.sh $out/bin/aralast
'';
};
in {
systemd.services.aralast = {
description = "periodically fetch aramark";
path = [
pkgs.curl
pkgs.gnugrep
pkgs.gnused
];
wantedBy = [ "multi-user.target" ];
environment = {
INFLUX_HOST = "localhost";
INFLUX_PORT = "8086";
};
# every 10 seconds when the cantina is open
startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0,15,30,45";
serviceConfig = {
User = "nobody";
ExecStart = "${pkg}/bin/aralast";
PrivateTmp = true;
};
};
}

View file

@ -2,11 +2,11 @@
with import <stockholm/lib>; with import <stockholm/lib>;
let let
irc-server = "rc.r"; irc-server = "irc.r";
irc-nick = "m-alarm"; irc-nick = "m-alarm";
collectd-port = 25826; collectd-port = 25826;
influx-port = 8086; influx-port = 8086;
grafana-port = 3000; # TODO nginx forward grafana-port = 3000;
db = "collectd_db"; db = "collectd_db";
logging-interface = config.makefu.server.primary-itf; logging-interface = config.makefu.server.primary-itf;
in { in {
@ -72,15 +72,16 @@ in {
iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT #iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT #ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
''; '';
state = [ "/var/lib/grafana/data/grafana.db" ];
} }

View file

@ -0,0 +1,28 @@
{ pkgs, ...}:
let
genTopic = name: topic: tags: {
servers = [ "tcp://localhost:1883" ];
username = "stats";
password = builtins.readFile <secrets/mqtt/stats>;
qos = 0;
connection_timeout = "30s";
topics = [ topic ];
tags = tags;
persistent_session = false;
name_override = name;
data_format = "json";
# json_query = tags.sensor; #TODO?
};
hamStat = host:
sensor:
(genTopic sensor
"/ham/${host}/${sensor}/tele/SENSOR"
{"host" = host;
"scope" = "ham";
"sensor" = sensor;
} );
bme = host: [(hamStat host "BME280")];
in {
services.telegraf.extraConfig.inputs.mqtt_consumer = (bme "schlafzimmer");
}

View file

@ -1,11 +1,17 @@
{...}: { config, ... }:
with import <stockholm/lib>; { with import <stockholm/lib>; {
services.syncthing = { services.syncthing = {
enable = true; enable = true;
openDefaultPorts = true; openDefaultPorts = true;
useInotify = true;
group = "download"; group = "download";
}; };
users.extraGroups.download.gid = genid "download"; users.extraGroups.download.gid = genid "download";
state = map (x: config.services.syncthing.dataDir + "/" + x) [
"key.pem"
"cert.pem"
"config.xml"
"https-cert.pem"
"https-key.pem"
];
} }

View file

@ -1,7 +1,8 @@
_: { pkgs, ... }:
{ {
imports = [ imports = [
../binary-cache/lass.nix ../binary-cache/lass.nix
]; ];
krebs.tinc.retiolum.enable = true; krebs.tinc.retiolum.enable = true;
environment.systemPackages = [ pkgs.tinc ];
} }

View file

@ -3,9 +3,11 @@
# tools i use when actually working with the host. # tools i use when actually working with the host.
# package version will now be maintained by nix-rebuild # package version will now be maintained by nix-rebuild
# #
# essentially `nix-env -q` of the main user
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
( pkgs.writeScriptBin "unknow" ''#!/bin/sh
${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts
'')
at_spi2_core at_spi2_core
acpi acpi
bc bc

View file

@ -21,7 +21,6 @@
gen-oath-safe gen-oath-safe
cdrtools cdrtools
# nix related # nix related
nix-repl
nix-index nix-index
# git-related # git-related
tig tig

View file

@ -6,6 +6,7 @@
gimp gimp
inkscape inkscape
libreoffice libreoffice
quodlibet
# skype # skype
synergy synergy
tdesktop tdesktop

View file

@ -3,11 +3,14 @@
{ {
users.users.makefu.packages = with pkgs; [ users.users.makefu.packages = with pkgs; [
kodi kodi
streamripper
youtube-dl
calibre calibre
vlc vlc
mumble mumble
mplayer mplayer
quodlibet
plowshare
streamripper
youtube-dl
]; ];
} }

View file

@ -3,7 +3,11 @@
users.users.makefu.packages = with pkgs;[ users.users.makefu.packages = with pkgs;[
go-mtpfs go-mtpfs
mosh mosh
sshfs
rclone
exfat
(pkgs.callPackage ./secrets.nix {})
]; ];
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
} }

View file

@ -0,0 +1,12 @@
{ pass, write, writeDash, ... }:
write "secrets" {
"/bin/secrets".link = writeDash "brain" ''
PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \
exec ${pass}/bin/pass $@
'';
"/bin/secretsmenu".link = writeDash "secretsmenu" ''
PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \
exec ${pass}/bin/passmenu $@
'';
}

View file

@ -68,6 +68,8 @@ in
compdef _pass brain compdef _pass brain
zstyle ':completion::complete:brain::' prefix "$HOME/brain" zstyle ':completion::complete:brain::' prefix "$HOME/brain"
compdef _pass secrets
zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
# ctrl-x ctrl-e # ctrl-x ctrl-e
autoload -U edit-command-line autoload -U edit-command-line

View file

@ -1,5 +1,4 @@
{ stdenv, fetchFromGitHub { stdenv, fetchFromGitHub
, pkgconfig
, cmake , cmake
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -13,7 +12,7 @@ stdenv.mkDerivation rec {
sha256 = "1cq6vhrq3n3lc1n454slbc66qdyqam2srxgdhfpyfxbq5c4y06nf"; sha256 = "1cq6vhrq3n3lc1n454slbc66qdyqam2srxgdhfpyfxbq5c4y06nf";
}; };
nativeBuildInputs = [ cmake pkgconfig ]; nativeBuildInputs = [ cmake ];
installPhase = '' installPhase = ''
mkdir -p $out/{lib,bin} mkdir -p $out/{lib,bin}
find -iname '*.so' -exec mv --target-directory="$out/lib" {} \; find -iname '*.so' -exec mv --target-directory="$out/lib" {} \;

View file

@ -85,13 +85,9 @@ stdenv.mkDerivation rec {
ninja test ninja test
''; '';
#preInstall = ''
# export MESON_INSTALL_PREFIX=$out
#'';
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = '' description = ''
Eval nix code from python. A modern audio book player for Linux using GTK+ 3
''; '';
maintainers = [ maintainers.makefu ]; maintainers = [ maintainers.makefu ];
license = licenses.mit; license = licenses.mit;

View file

@ -0,0 +1,54 @@
diff --git a/quodlibet/qltk/edittags.py b/quodlibet/quodlibet/qltk/edittags.py
index 148866ef7..e741b9c3d 100644
--- a/quodlibet/qltk/edittags.py
+++ b/quodlibet/qltk/edittags.py
@@ -740,13 +740,6 @@ class EditTags(Gtk.VBox):
win.show()
all_done = False
for song in songs:
- if not song.valid():
- win.hide()
- dialog = OverwriteWarning(self, song)
- resp = dialog.run()
- win.show()
- if resp != OverwriteWarning.RESPONSE_SAVE:
- break
changed = False
for key, values in iteritems(updated):
diff --git a/quodlibet/qltk/tagsfrompath.py b/quodlibet/quodlibet/qltk/tagsfrompath.py
index fd3f0709c..cb5b44f20 100644
--- a/quodlibet/qltk/tagsfrompath.py
+++ b/quodlibet/qltk/tagsfrompath.py
@@ -284,13 +284,6 @@ class TagsFromPath(Gtk.VBox):
for entry in ((model and itervalues(model)) or []):
song = entry.song
changed = False
- if not song.valid():
- win.hide()
- dialog = OverwriteWarning(self, song)
- resp = dialog.run()
- win.show()
- if resp != OverwriteWarning.RESPONSE_SAVE:
- break
for i, h in enumerate(pattern.headers):
text = entry.get_match(h)
diff --git a/quodlibet/qltk/tracknumbers.py b/quodlibet/quodlibet/qltk/tracknumbers.py
index 1ab4d0b9a..52f087db4 100644
--- a/quodlibet/qltk/tracknumbers.py
+++ b/quodlibet/qltk/tracknumbers.py
@@ -160,13 +160,6 @@ class TrackNumbers(Gtk.VBox):
if song.get("tracknumber") == track:
win.step()
continue
- if not song.valid():
- win.hide()
- dialog = OverwriteWarning(self, song)
- resp = dialog.run()
- win.show()
- if resp != OverwriteWarning.RESPONSE_SAVE:
- break
song["tracknumber"] = track
try:
song.write()

View file

@ -0,0 +1,13 @@
diff --git a/quodlibet/pattern/_pattern.py b/quodlibet/pattern/_pattern.py
index fc056d07a..8fb559c6e 100644
--- a/quodlibet/pattern/_pattern.py
+++ b/quodlibet/pattern/_pattern.py
@@ -387,7 +387,7 @@ def _number(key, value):
elif key == "discnumber":
parts = value.split("/")
try:
- return "%02d" % int(parts[0])
+ return "%d" % int(parts[0])
except (TypeError, ValueError):
return value
else:

View file

@ -20,6 +20,10 @@ with super.lib; with builtins; let
(filterAttrs (_: eq "directory") (readDir path)); (filterAttrs (_: eq "directory") (readDir path));
in { in {
quodlibet = super.pkgs.stdenv.lib.overrideDerivation super.quodlibet (old: {
patches = [ ./custom/quodlibet/single-digit-discnumber.patch
./custom/quodlibet/remove-override-warning.patch ];
});
alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";};
@ -29,15 +33,6 @@ in {
inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: { inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: {
patches = [ ./custom/inkscape/dxf_fix.patch ]; patches = [ ./custom/inkscape/dxf_fix.patch ];
}); });
pwqgen-ger = callPackage <stockholm/krebs/5pkgs/simple/passwdqc-utils> {
wordset-file = super.pkgs.fetchurl {
urls = [
https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c
https://archive.org/download/nixos-stockholm-tarballs/pviar5j1gxiqcf3l34b4n2pil06xc8zf-wordset_4k.c
];
sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";
};
};
} }
// (mapAttrs (_: flip callPackage {}) // (mapAttrs (_: flip callPackage {})

View file

@ -0,0 +1,32 @@
{ stdenv, fetchurl , openssl, curl, coreutils, gawk, bash, which }:
stdenv.mkDerivation rec {
name = "${pname}-2-35-0";
pname = "esniper";
version = "2.35.0";
src = fetchurl {
url = "mirror://sourceforge/${pname}/${name}.tgz";
sha256 = "04iwjb42lw90c03125bjdpnm0fp78dmwf2j35r7mah0nwcrlagd9";
};
buildInputs = [ openssl curl ];
# Add support for CURL_CA_BUNDLE variable.
# Fix <http://sourceforge.net/p/esniper/bugs/648/>.
patches = [ ./find-ca-bundle.patch ];
postInstall = ''
sed <"frontends/snipe" >"$out/bin/snipe" \
-e "2i export PATH=\"$out/bin:${stdenv.lib.makeBinPath [ coreutils gawk bash which ]}:\$PATH\""
chmod 555 "$out/bin/snipe"
'';
meta = with stdenv.lib; {
description = "Simple, lightweight tool for sniping eBay auctions";
homepage = http://esniper.sourceforge.net;
license = licenses.gpl2;
maintainers = with maintainers; [ lovek323 peti ];
platforms = platforms.all;
};
}

View file

@ -0,0 +1,26 @@
diff -ubr '--exclude=*.o' esniper-2-27-0-orig/http.c esniper-2-27-0-patched/http.c
--- esniper-2-27-0-orig/http.c 2012-02-06 22:04:06.000000000 +0100
+++ esniper-2-27-0-patched/http.c 2012-07-27 10:54:20.893054646 +0200
@@ -200,6 +200,9 @@
int
initCurlStuff(void)
{
+ /* Path to OpenSSL bundle file. */
+ const char *ssl_capath=NULL;
+
/* list for custom headers */
struct curl_slist *slist=NULL;
@@ -241,6 +244,12 @@
if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_COOKIEFILE, "")))
return initCurlStuffFailed();
+ /* If the environment variable CURL_CA_BUNDLE is set, pass through its
+ * contents to curl. */
+ if ((ssl_capath = getenv("CURL_CA_BUNDLE")))
+ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_CAINFO, ssl_capath)))
+ return initCurlStuffFailed();
+
slist = curl_slist_append(slist, "Accept: text/*");
slist = curl_slist_append(slist, "Accept-Language: en");
slist = curl_slist_append(slist, "Accept-Charset: iso-8859-1,*,utf-8");

View file

@ -18,6 +18,7 @@
unstable = false; #unstable channel checked out unstable = false; #unstable channel checked out
mic92 = false; mic92 = false;
nms = false; nms = false;
arm6 = false;
clever_kexec = false; clever_kexec = false;
} // import (./. + "/1systems/${name}/source.nix"); } // import (./. + "/1systems/${name}/source.nix");
source = { test }: lib.evalSource [ source = { test }: lib.evalSource [
@ -29,6 +30,9 @@
nixpkgs = if test || host-src.full then { nixpkgs = if test || host-src.full then {
git.ref = nixpkgs-src.rev; git.ref = nixpkgs-src.rev;
git.url = nixpkgs-src.url; git.url = nixpkgs-src.url;
} else if host-src.arm6 then {
# TODO: we want to track the unstable channel
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
} else { } else {
file = "/home/makefu/store/${nixpkgs-src.rev}"; file = "/home/makefu/store/${nixpkgs-src.rev}";
}; };

View file

@ -1,122 +0,0 @@
with import <stockholm/lib>;
host@{ name,
override ? {}
, secure ? false
, full ? false
, torrent ? false
, hw ? false
, musnix ? false
, python ? false
, unstable ? false #unstable channel checked out
, mic92 ? false
, nms ? false
, clever_kexec ?false
}:
let
builder = if getEnv "dummy_secrets" == "true"
then "buildbot"
else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
<stockholm/submodules/nix-writers/pkgs>
];
};
# TODO: automate updating of this ref + cherry-picks
ref = "8f991294288"; # nixos-18.03 @ 2018-08-06
# + do_sqlite3 ruby: 55a952be5b5
# + exfat-nofuse bump: ee6a5296a35
# + uhub/sqlite: 5dd7610401747
in
evalSource (toString _file) [
{
nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix";
# always perform a full populate when buildbot
nixpkgs = if full || (builder == "buildbot" ) then {
git = {
url = https://github.com/makefu/nixpkgs;
inherit ref;
};
} else {
# right now it is simply extracted revision folder
## prepare so we do not have to wait for rsync:
## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs
file = "/home/makefu/store/${ref}";
};
secrets = getAttr builder {
buildbot.file = toString <stockholm/makefu/0tests/data/secrets>;
makefu.pass = {
inherit name;
dir = "${getEnv "HOME"}/.secrets-pass";
};
};
stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.coreutils}/bin/echo derp";
}
(mkIf ( musnix ) {
musnix.git = {
url = https://github.com/musnix/musnix.git;
ref = "master"; # follow the musnix channel, lets see how this works out
};
})
(mkIf ( hw ) {
nixos-hardware.git = {
url = https://github.com/nixos/nixos-hardware.git;
ref = "30fdd53";
};
})
(mkIf ( python ) {
python.git = {
url = https://github.com/garbas/nixpkgs-python;
ref = "cac319b7";
};
})
(mkIf ( torrent ) {
torrent-secrets = getAttr builder {
buildbot.file = toString <stockholm/makefu/0tests/data/secrets>;
makefu.pass = {
name = "torrent";
dir = "${getEnv "HOME"}/.secrets-pass";
};
};
})
(mkIf ( unstable ) {
nixpkgs-unstable.git = {
url = https://github.com/nixos/nixpkgs-channels;
ref = "nixos-unstable";
};
})
(mkIf ( mic92 ) {
mic92.git = {
url = https://github.com/Mic92/dotfiles/;
ref = "48a1f49";
};
})
(mkIf ( nms ) {
nms.git = {
url = https://github.com/r-raymond/nixos-mailserver;
ref = "v2.1.2";
};
})
(mkIf ( clever_kexec ) {
clever_kexec.git = {
url = https://github.com/cleverca22/nix-tests;
ref = "5a670de7f2decfaafc95c34ffeb0f1896662f3d7";
};
})
override
]