diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index c5404f96d..9630d7a7f 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -336,7 +336,6 @@ with import <stockholm/lib>;
"krebsco.de" = ''
euer IN MX 1 aspmx.l.google.com.
nixos.unstable IN CNAME krebscode.github.io.
- gold IN A ${nets.internet.ip4.addr}
boot IN A ${nets.internet.ip4.addr}
'';
};
@@ -522,6 +521,13 @@ with import <stockholm/lib>;
};
nextgum = rec {
ci = true;
+ extraZones = {
+ "krebsco.de" = ''
+ cache.euer IN A ${nets.internet.ip4.addr}
+ cache.gum IN A ${nets.internet.ip4.addr}
+ gold IN A ${nets.internet.ip4.addr}
+ '';
+ };
cores = 8;
nets = rec {
internet = {
@@ -537,6 +543,7 @@ with import <stockholm/lib>;
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
aliases = [
"nextgum.r"
+ "cache.gum.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix
index b7ef824b5..09e552010 100644
--- a/krebs/3modules/rtorrent.nix
+++ b/krebs/3modules/rtorrent.nix
@@ -29,7 +29,7 @@ let
''}
${optionalString (cfg.watchDir != null) ''
- schedule = watch_directory,5,5,load_start=${cfg.watchDir}/*.torrent
+ directory.watch.added = "${cfg.watchDir}", load.start_verbose
''}
directory = ${cfg.downloadDir}
diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix
index 93171d23a..9761546e7 100644
--- a/makefu/1systems/nextgum/config.nix
+++ b/makefu/1systems/nextgum/config.nix
@@ -49,6 +49,7 @@ in {
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix>
+ <stockholm/makefu/2configs/binary-cache/server.nix>
<stockholm/makefu/2configs/iodined.nix>
## buildbot
@@ -69,6 +70,8 @@ in {
#<stockholm/makefu/2configs/nginx/public_html.nix>
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
#<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
+ <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
+ <stockholm/makefu/2configs/deployment/events-publisher>
#<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
#<stockholm/makefu/2configs/deployment/graphs.nix>
diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix
index 36fea6544..944210701 100644
--- a/makefu/1systems/nextgum/hardware-config.nix
+++ b/makefu/1systems/nextgum/hardware-config.nix
@@ -45,12 +45,20 @@ in {
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
- boot.kernelModules = [ "kvm-intel" ];
+ boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
device = "/dev/mapper/nixos-root";
fsType = "ext4";
};
+ fileSystems."/var/lib" = {
+ device = "/dev/mapper/nixos-lib";
+ fsType = "ext4";
+ };
+ fileSystems."/var/download" = {
+ device = "/dev/mapper/nixos-download";
+ fsType = "ext4";
+ };
fileSystems."/boot" = {
device = "/dev/sda2";
fsType = "vfat";
@@ -69,7 +77,9 @@ in {
#pvcreate /dev/sda3
#pvcreate /dev/sdb1
#vgcreate nixos /dev/sda3 /dev/sdb1
- #lvcreate -L 120G -n root nixos
+ #lvcreate -L 120G -m 1 -n root nixos
+ #lvcreate -L 50G -m 1 -n lib nixos
+ #lvcreate -L 50G -n download nixos
#mkfs.ext4 /dev/mapper/nixos-root
#mount /dev/mapper/nixos-root /mnt
#mkdir /mnt/boot
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index 7c81a2015..c7301e52b 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -39,11 +39,15 @@ in {
# Sensors
<stockholm/makefu/2configs/stats/telegraf>
- <stockholm/makefu/2configs/deployment/led-fader.nix>
- <stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
- # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
+ <stockholm/makefu/2configs/stats/telegraf/europastats.nix>
+ <stockholm/makefu/2configs/stats/external/aralast.nix>
+ <stockholm/makefu/2configs/stats/arafetch.nix>
+ <stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
+ # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
+
+
<stockholm/makefu/2configs/deployment/bureautomation>
(let
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 451689f91..e5b481ab6 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -8,6 +8,7 @@ with import <stockholm/lib>;
imports =
[ # base
<stockholm/makefu>
+ <stockholm/makefu/2configs/nur.nix>
<stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
@@ -54,7 +55,6 @@ with import <stockholm/lib>;
internalInterfaces = [ "vboxnet0" ];
};
}
-
# Services
<stockholm/makefu/2configs/git/brain-retiolum.nix>
<stockholm/makefu/2configs/tor.nix>
@@ -64,6 +64,7 @@ with import <stockholm/lib>;
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
+ <stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/hw/tpm.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
@@ -125,7 +126,7 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.x;
- krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
+ krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" "nextgum" ];
networking.extraHosts = ''
192.168.1.11 omo.local
@@ -133,6 +134,8 @@ with import <stockholm/lib>;
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
+ # avoid full boot dir
+ boot.loader.grub.configurationLimit = 3;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
nixpkgs.overlays = [ (import <python/overlay.nix>) ];
diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix
new file mode 100644
index 000000000..ad6256830
--- /dev/null
+++ b/makefu/2configs/binary-cache/server.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ...}:
+
+{
+ # generate private key with:
+ # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub
+ services.nix-serve = {
+ enable = true;
+ secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+ };
+
+ systemd.services.nix-serve = {
+ requires = ["secret.service"];
+ after = ["secret.service"];
+ };
+ krebs.secret.files.nix-serve-key = {
+ path = "/run/secret/nix-serve.key";
+ owner.name = "nix-serve";
+ source-path = toString <secrets> + "/nix-serve.key";
+ };
+ services.nginx = {
+ enable = true;
+ virtualHosts.nix-serve = {
+ serverAliases = [ "cache.gum.r"
+ "cache.euer.krebsco.de"
+ "cache.gum.krebsco.de"
+ ];
+ locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
+ };
+ };
+}
+
diff --git a/makefu/2configs/deployment/events-publisher/default.nix b/makefu/2configs/deployment/events-publisher/default.nix
new file mode 100644
index 000000000..db8502c6e
--- /dev/null
+++ b/makefu/2configs/deployment/events-publisher/default.nix
@@ -0,0 +1,48 @@
+{ pkgs, ... }:
+with import <stockholm/lib>;
+let
+ shack-announce = pkgs.callPackage (builtins.fetchTarball {
+ url = "https://github.com/makefu/events-publisher/archive/15fbe5cc6ac9617a08a042870795f9e879d9952a.tar.gz";
+ sha256 = "1bqp1qdnwx5q1w468zbm57hmpjz3x8if3j29qrqcia0vzks1s37a";
+ }) {} ;
+ home = "/var/lib/shackannounce";
+ user = "shackannounce";
+ creds = (toString <secrets>) + "/shack-announce.json";
+in
+{
+ users.users.${user}= {
+ uid = genid user;
+ inherit home;
+ createHome = true;
+ };
+ systemd.services.shack-announce = {
+ description = "Announce shack events";
+ startAt = "*:0/30";
+ path = [ shack-announce ];
+ serviceConfig = {
+ WorkingDirectory = home;
+ User = user;
+ PermissionsStartOnly = true;
+ ExecStartPre = pkgs.writeDash "shack-announce-pre" ''
+ set -eu
+ cp ${creds} creds.json
+ chown ${user} creds.json
+ '';
+ ExecStart = pkgs.writeDash "shack-announce" ''
+ if test ! -e announce.state; then
+ echo "initializing state"
+ announce-daemon \
+ --lol INFO \
+ --creds creds.json \
+ --state announce.state \
+ --clean --init
+ fi
+ echo "Running announce"
+ announce-daemon \
+ --lol INFO \
+ --creds creds.json \
+ --state announce.state
+ '';
+ };
+ };
+}
diff --git a/makefu/2configs/hw/mceusb.nix b/makefu/2configs/hw/mceusb.nix
index c1d6f5651..069e6e7eb 100644
--- a/makefu/2configs/hw/mceusb.nix
+++ b/makefu/2configs/hw/mceusb.nix
@@ -1,4 +1,4 @@
-{pkgs,...}:{
+{pkgs, lib, ...}:{
# Disable the MCE remote from acting like a keyboard. (We use lirc instead.)
services.xserver.inputClassSections = [''
Identifier "MCE USB Keyboard mimic blacklist"
@@ -6,13 +6,12 @@
MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)"
Option "Ignore" "on"
''];
- boot.kernelPackages = builtins.trace "Using linux kernel 4.16, not latest" pkgs.linuxPackages_4_16;
- nixpkgs.config.packageOverrides = pkgs: {
- linux_4_16 = pkgs.linux_4_16.override {
- extraConfig = ''
- LIRC y
- '';
- };
+ boot.kernelPatches = lib.singleton {
+ name = "enable-lirc";
+ patch = null;
+ extraConfig = ''
+ LIRC y
+ '';
};
}
diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix
index d322c683d..ffc32e0cb 100644
--- a/makefu/2configs/hw/network-manager.nix
+++ b/makefu/2configs/hw/network-manager.nix
@@ -22,15 +22,9 @@
};
networking.networkmanager.enable = true;
- # TODO: put somewhere else
- services.xserver.displayManager.sessionCommands = ''
- ${pkgs.clipit}/bin/clipit &
- ${pkgs.networkmanagerapplet}/bin/nm-applet &
- '';
-
# nixOSUnstable
-# networking.networkmanager.wifi = {
-# powersave = true;
-# scanRandMacAddress = true;
-# };
+ networking.networkmanager.wifi = {
+ powersave = true;
+ scanRandMacAddress = true;
+ };
}
diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix
index 4ac639a25..735cb4c17 100644
--- a/makefu/2configs/hw/stk1160.nix
+++ b/makefu/2configs/hw/stk1160.nix
@@ -1,13 +1,12 @@
{ pkgs, lib, ... }:
{
- # TODO: un-pin linuxPackages somehow
- nixpkgs.config.packageOverrides = pkgs: {
- linux_4_14 = pkgs.linux_4_14.override {
- extraConfig = ''
- MEDIA_ANALOG_TV_SUPPORT y
- VIDEO_STK1160_COMMON m
- VIDEO_STK1160 m
- '';
- };
+ boot.kernelPatches = lib.singleton {
+ name = "enable-stk1160";
+ patch = null;
+ extraConfig = ''
+ MEDIA_ANALOG_TV_SUPPORT y
+ VIDEO_STK1160_COMMON m
+ VIDEO_STK1160 m
+ '';
};
}
diff --git a/makefu/2configs/nginx/gold.krebsco.de.nix b/makefu/2configs/nginx/gold.krebsco.de.nix
new file mode 100644
index 000000000..083c0f8d7
--- /dev/null
+++ b/makefu/2configs/nginx/gold.krebsco.de.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ gold = pkgs.fetchFromGitHub {
+ owner = "krebs";
+ repo = "krebsgold";
+ rev = "15f7a74";
+ sha256= "1ya9xgg640k3hbl63022sfm44c1si2mxch8jkxindmwg4pa1y4ly";
+ };
+in {
+
+ services.nginx = {
+ enable = mkDefault true;
+ virtualHosts = {
+ "gold.krebsco.de" = {
+ enableACME = true;
+ forceSSL = true;
+ root = toString gold + "/html";
+ };
+ };
+ };
+}
+
diff --git a/makefu/2configs/nur.nix b/makefu/2configs/nur.nix
new file mode 100644
index 000000000..dda00063a
--- /dev/null
+++ b/makefu/2configs/nur.nix
@@ -0,0 +1,7 @@
+{ pkgs, ... }:{
+ nixpkgs.config.packageOverrides = pkgs: {
+ nur = pkgs.callPackage (import (builtins.fetchGit {
+ url = "https://github.com/nix-community/NUR";
+ })) {};
+ };
+}
diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix
index 330616f4a..470193d6c 100644
--- a/makefu/2configs/task-client.nix
+++ b/makefu/2configs/task-client.nix
@@ -1,6 +1,6 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = [
+ users.users.makefu.packages = [
pkgs.taskwarrior
];
diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix
index 898bae10d..1e85da53c 100644
--- a/makefu/2configs/tools/core-gui.nix
+++ b/makefu/2configs/tools/core-gui.nix
@@ -1,10 +1,10 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = with pkgs; [
+ users.users.makefu.packages = with pkgs; [
chromium
- clipit
feh
+ clipit
firefox
keepassx
pcmanfm
diff --git a/makefu/2configs/tools/desktop.nix b/makefu/2configs/tools/desktop.nix
index 1fe03e111..bb14c3eb5 100644
--- a/makefu/2configs/tools/desktop.nix
+++ b/makefu/2configs/tools/desktop.nix
@@ -4,8 +4,10 @@
users.users.makefu.packages = with pkgs; [
taskwarrior
pass
+ gopass
mutt
weechat
tmux
];
+
}
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index e25290297..ae97edd54 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -1,7 +1,7 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = with pkgs;[
+ users.users.makefu.packages = with pkgs;[
# media
gimp
inkscape
diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix
index 4de2b545e..35faaa29f 100644
--- a/makefu/2configs/tools/media.nix
+++ b/makefu/2configs/tools/media.nix
@@ -1,7 +1,7 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = with pkgs; [
+ users.users.makefu.packages = with pkgs; [
kodi
streamripper
youtube-dl
diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix
index 3dc02937d..17a980ef7 100644
--- a/makefu/2configs/tools/sec.nix
+++ b/makefu/2configs/tools/sec.nix
@@ -1,7 +1,7 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = with pkgs; [
+ users.users.makefu.packages = with pkgs; [
aria2
# mitmproxy
pythonPackages.binwalk-full
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
index a076479c2..3df0ddbfe 100644
--- a/makefu/2configs/torrent.nix
+++ b/makefu/2configs/torrent.nix
@@ -8,13 +8,13 @@ let
peer-port = 51412;
web-port = 8112;
daemon-port = 58846;
- torrent-dir = config.makefu.dl-dir;
+ base-dir = config.makefu.dl-dir;
in {
users.users = {
download = {
name = "download";
- home = torrent-dir;
+ home = base-dir;
uid = mkDefault (genid "download");
createHome = true;
useDefaultShell = true;
@@ -25,10 +25,12 @@ in {
# todo: race condition, do this after download user has been created
system.activationScripts."download-dir-chmod" = ''
- for i in finished watch torrents; do
- mkdir -p "${torrent-dir}/$i"
- chown download:download "${torrent-dir}/$i"
- chmod 770 "${torrent-dir}/$i"
+ for i in finished watch; do
+ if test ! -d $i;then
+ mkdir -p "${base-dir}/$i"
+ chown rtorrent:download "${base-dir}/$i"
+ chmod 775 "${base-dir}/$i"
+ fi
done
'';
@@ -42,6 +44,7 @@ in {
"nginx"
];
};
+ rtorrent.members = [ "download" ];
};
krebs.rtorrent = {
@@ -54,7 +57,8 @@ in {
rutorrent.enable = true;
enableXMLRPC = true;
listenPort = peer-port;
- workDir = torrent-dir;
+ downloadDir = base-dir + "/finished";
+ watchDir = base-dir + "/watch";
# dump old torrents into watch folder to have them re-added
};
diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix
index e5f62e910..486c0ddf6 100644
--- a/makefu/5pkgs/awesomecfg/default.nix
+++ b/makefu/5pkgs/awesomecfg/default.nix
@@ -2,7 +2,10 @@
, lib
, alsaUtils
, xbacklight
-, modkey?"Mod4"
+, networkmanagerapplet
+, blueman
+, clipit
+, modkey ? "Mod4"
, locker? "${pkgs.xlock}/bin/xlock -mode blank"
, ... }:
@@ -10,7 +13,7 @@
# replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@
full = lib.makeOverridable pkgs.substituteAll {
name = "awesome_full_config";
- inherit alsaUtils locker xbacklight modkey;
+ inherit alsaUtils locker xbacklight modkey networkmanagerapplet blueman clipit;
isExecutable = false;
src = ./full.cfg;
};
diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg
index e49a88697..12d357913 100644
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@@ -568,6 +568,18 @@ local os = {
-- }}}
+-- {{{ autostart
+do
+ local cmds =
+ {
+ "@networkmanagerapplet@/bin/nm-applet",
+ "@blueman@/bin/blueman-applet",
+ "@clipit@/bin/clipit"
+ }
+ for _,i in pairs(cmds) do
+ awful.util.spawn(i)
+ end
+end
-- }}}