Merge remote-tracking branch 'prism/master'

This commit is contained in:
tv 2017-05-24 01:31:22 +02:00
commit 46d6506916
16 changed files with 121 additions and 28 deletions

View file

@ -3,7 +3,10 @@
with import <stockholm/lib>;
{
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.lass) {
hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.lass;
managed = true;
}) {
dishfire = {
cores = 4;
nets = rec {
@ -124,6 +127,7 @@ with import <stockholm/lib>;
ssh.port = 2223;
};
};
managed = false;
};
cloudkrebs = {
cores = 1;
@ -300,6 +304,7 @@ with import <stockholm/lib>;
};
iso = {
cores = 1;
managed = false;
};
sokrateslaptop = {
nets = {
@ -321,6 +326,7 @@ with import <stockholm/lib>;
'';
};
};
managed = false;
};
};
users = {

View file

@ -32,14 +32,11 @@ with import <stockholm/lib>;
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
];
}
#{
# services.elasticsearch = {
# enable = true;
# plugins = [
# # pkgs.elasticsearchPlugins.elasticsearch_kopf
# ];
# };
#}
{
services.elasticsearch = {
enable = true;
};
}
{
#zalando project
services.postgresql = {

View file

@ -10,6 +10,7 @@ in {
./copyq.nix
./xresources.nix
./livestream.nix
./dns-stuff.nix
{
hardware.pulseaudio = {
enable = true;
@ -33,6 +34,7 @@ in {
time.timeZone = "Europe/Berlin";
programs.ssh.startAgent = false;
services.openssh.forwardX11 = true;
services.printing = {
enable = true;

View file

@ -35,7 +35,7 @@ in {
forceSSL = true;
enableACME = true;
};
defaultPermissions = "read";
defaultPermissions = "read,create";
secretKey = secKey;
});
};

View file

@ -63,15 +63,6 @@ with import <stockholm/lib>;
pkgs.pythonPackages.python
];
}
{
services.dnscrypt-proxy = {
enable = true;
resolverName = "cs-de";
};
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
}
];
networking.hostName = config.krebs.build.host.name;

View file

@ -0,0 +1,31 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
services.dnscrypt-proxy = {
enable = true;
localAddress = "127.1.0.1";
resolverName = "cs-de";
};
services.dnsmasq = {
enable = true;
extraConfig = ''
server=127.1.0.1
server=/dn42/172.23.75.6
#no-resolv
cache-size=1000
min-cache-ttl=3600
bind-dynamic
all-servers
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
address=/blog/127.0.0.1
address=/blog/::1
rebind-domain-ok=/onion/
server=/.onion/127.0.0.1#9053
port=53
'';
};
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
}

View file

@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs;
ref = "2bb9c1c";
ref = "f469354";
};
}

View file

@ -1,4 +1,4 @@
{ ... }:
{ pkgs, ... }:
{
@ -25,4 +25,8 @@
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
environment.systemPackages = [
pkgs.tinc
];
}

View file

@ -25,9 +25,10 @@ in {
imports = [
./sqlBackup.nix
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [ "karlaskop.de" "www.karlaskop.de" ])
(servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
(servePage [ "karlaskop.de" ])
(servePage [ "makeup.apanowicz.de" ])
(servePage [ "pixelpocket.de" ])
(servePage [ "habsys.de" "habsys.eu" ])
(serveOwncloud [ "o.ubikmedia.de" ])
(serveWordpress [
"ubikmedia.de"

View file

@ -40,8 +40,6 @@ in {
(serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
(servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
(serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
];

View file

@ -6,6 +6,7 @@ _:
./hosts.nix
./mysql-backup.nix
./news.nix
./pyload.nix
./umts.nix
./usershadow.nix
./xresources.nix

View file

@ -6,7 +6,7 @@ with import <stockholm/lib>;
options.lass.hosts = mkOption {
type = types.attrsOf types.host;
default =
filterAttrs (_: host: host.owner.name == "lass")
filterAttrs (_: host: host.owner.name == "lass" && host.managed)
config.krebs.hosts;
};
}

55
lass/3modules/pyload.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.lass.pyload;
out = {
options.lass.pyload = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "pyload";
user = mkOption {
type = types.str;
default = "download";
};
};
imp = {
krebs.per-user.${cfg.user}.packages = [
pkgs.pyload
pkgs.spidermonkey
pkgs.tesseract
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 9099"; target = "ACCEPT"; }
];
systemd.services.pyload = {
description = "pyload";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
pyload
spidermonkey
tesseract
dnsmasq
];
restartIfChanged = true;
serviceConfig = {
Restart = "always";
ExecStart = "${pkgs.pyload}/bin/pyLoadCore";
User = cfg.user;
};
};
};
in out

View file

@ -31,6 +31,13 @@ rec {
default = null;
};
managed = mkOption {
description = ''
If true, then the host's configuration is defined in stockholm.
'';
type = bool;
};
owner = mkOption {
type = user;
};

View file

@ -59,7 +59,7 @@ with import <stockholm/lib>;
krebs = {
enable = true;
search-domain = "retiolum";
search-domain = "r";
build = {
user = config.krebs.users.nin;
source = let inherit (config.krebs.build) host; in {

View file

@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "5b0c9d4";
ref = "0afb6d7";
};
}