From 991687f7428440356403b6c63d695397b33078a6 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 9 May 2017 22:52:53 +0200
Subject: [PATCH 01/21] m studio: init
---
krebs/3modules/makefu/default.nix | 25 +++++++++++
makefu/1systems/studio.nix | 70 +++++++++++++++++++++++++++++++
2 files changed, 95 insertions(+)
create mode 100644 makefu/1systems/studio.nix
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 650344981..7e098eea1 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -26,6 +26,31 @@ with import <stockholm/lib>;
};
};
};
+ studio = rec {
+ cores = 4;
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.227.163";
+ ip6.addr = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6";
+ aliases = [
+ "studio.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti
+ cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk
+ GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI
+ jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1
+ 78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu
+ 8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
fileleech = rec {
cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
diff --git a/makefu/1systems/studio.nix b/makefu/1systems/studio.nix
new file mode 100644
index 000000000..f80dfc09a
--- /dev/null
+++ b/makefu/1systems/studio.nix
@@ -0,0 +1,70 @@
+{ config, pkgs, ... }:
+{
+ imports = [
+ ../.
+
+ ];
+ krebs = {
+ enable = true;
+ tinc.retiolum.enable = true;
+ build.host = config.krebs.hosts.studio;
+ };
+
+ users.users.user = {
+ isNormalUser = true;
+ extraGroups = [ "wheel" "audio" ];
+ uid = 1000;
+ };
+
+ environment.systemPackages = with pkgs;[
+ pavucontrol
+ firefox
+ chromium
+ ];
+
+ sound.enable = true;
+ hardware.pulseaudio = {
+ enable = true;
+ systemWide = true;
+ };
+
+ fonts = {
+ enableCoreFonts = true;
+ enableFontDir = true;
+ enableGhostscriptFonts = true;
+ fonts = [ ];
+ };
+ # ingos favorite display manager
+ services.xserver.displayManager.sddm = {
+ enable = true;
+ autoLogin.enable = true;
+ autoLogin.user = "user";
+ };
+ services.xserver.desktopManager.plasma5.enable = true;
+ services.xserver.layout = "us";
+ services.xserver.xkbVariant = "altgr-intl";
+ services.xserver.xkbOptions = "ctrl:nocaps";
+
+ i18n = {
+ consoleKeyMap = "us-int";
+ defaultLocale = "en_US.UTF-8";
+ };
+
+
+
+ # hardware
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.device = "/dev/sda";
+
+ boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/0aeda516-230e-4c54-9e27-13515c2f3f21";
+ fsType = "ext4";
+ };
+
+ swapDevices = [ { device = "/dev/disk/by-uuid/1914af67-5a8f-41d3-a1c2-211c39605da9"; } ];
+}
From 669a7936fc75e377e840472d2b941fef382413b3 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 10 May 2017 16:47:58 +0200
Subject: [PATCH 02/21] m 2 vncserver: init
---
makefu/2configs/vncserver.nix | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
create mode 100644 makefu/2configs/vncserver.nix
diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix
new file mode 100644
index 000000000..2e8e50feb
--- /dev/null
+++ b/makefu/2configs/vncserver.nix
@@ -0,0 +1,30 @@
+{config,lib,pkgs, ...}:
+with lib;
+let
+ pwfile = (toString <secrets>)+ "/vnc-password"; # create with `vncpasswd`
+ pwtmp = "/tmp/vnc-password";
+ # nixos-unstable tigervnc is currently broken :\
+ package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc;
+ User = "makefu";
+ port = 5900;
+in {
+ networking.firewall.allowedTCPPorts = [ port ];
+ networking.firewall.allowedUDPPorts = [ port ];
+
+ systemd.services."terminal-server" = {
+ description = "Terminal Server";
+ after = [ "display-manager.service" ];
+ wantedBy = [ "graphical.target" ];
+ serviceConfig = {
+ inherit User;
+ ExecStartPre = pkgs.writeDash "terminal-pre" ''
+
+ set -eufx
+ install -m0700 -o ${User} ${pwfile} ${pwtmp}
+ '';
+ ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString port} -passwordfile ${pwtmp}";
+ PermissionsStartOnly = true;
+ PrivateTmp = true;
+ };
+ };
+}
From 52329b41431de750131c3180b8ab72acfff5152c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 11 May 2017 12:07:03 +0200
Subject: [PATCH 03/21] m 2 led-fader: init
---
.../2configs/deployment/led-fader/default.nix | 27 +++++++
makefu/2configs/deployment/led-fader/fade.py | 78 +++++++++++++++++++
2 files changed, 105 insertions(+)
create mode 100644 makefu/2configs/deployment/led-fader/default.nix
create mode 100755 makefu/2configs/deployment/led-fader/fade.py
diff --git a/makefu/2configs/deployment/led-fader/default.nix b/makefu/2configs/deployment/led-fader/default.nix
new file mode 100644
index 000000000..fee741997
--- /dev/null
+++ b/makefu/2configs/deployment/led-fader/default.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ mq = "192.168.8.11";
+in {
+ systemd.services.led-fader = {
+ description = "Send led change to message queue";
+ environment = {
+ NIX_PATH = "/var/src";
+ };
+ wantedBy = [ "multi-user.target" ];
+ path = with pkgs; [
+ nix # nix-shell
+ mosquitto #mosquitto_pub
+ bash # nix-shell
+ ];
+ serviceConfig = {
+ # User = "nobody"; # need a user with permissions to run nix-shell
+ ExecStart = pkgs.writeDash "run-fader" ''
+ ${./fade.py} --add-empty --mode chain 3 loop --skip-unchanged 0.002 0.1 \
+ | mosquitto_pub -h ${mq} -p 1883 -l -t '/leds/nodemcu-switcher/set'
+ '';
+ PrivateTmp = true;
+ };
+ };
+}
diff --git a/makefu/2configs/deployment/led-fader/fade.py b/makefu/2configs/deployment/led-fader/fade.py
new file mode 100755
index 000000000..8178ad6e8
--- /dev/null
+++ b/makefu/2configs/deployment/led-fader/fade.py
@@ -0,0 +1,78 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -i python3 -p python3 python35Packages.docopt
+""" usage: run [options] NUMLEDS (loop [--skip-unchanged] [STEP] [DELAY]|single STARTVAL)
+
+ --add-empty essentially add a single empty led in front, does not count into NUMLEDS
+
+ --mode=TYPE mode of fading (Default: chain)
+ --output=TYPE output type, either json or raw (Default: json)
+ --skip-unchanged if the value in the loop is unchanged, skip the output
+
+running with loop this script essentially becomes a generator which outputs the
+next value each "DELAY"
+single returns a single output with STARTVAL as starting point for the first led
+
+NUMLEDS is the number of leds to output data for (--add-empty does not count in here)
+STEP defaults to 0.01
+DELAY defaults to 1 second
+
+"""
+from docopt import docopt
+import time
+from colorsys import hsv_to_rgb
+import json
+import sys
+
+def calc_chain(numleds,val):
+ divisor = 1.0 / numleds
+ ret = []
+ for i in range(numleds):
+ v = float(divisor * i + val) % 1
+ r,g,b = hsv_to_rgb(v,0.9,1)
+ ret.append([int(r*255),
+ int(g*255),
+ int(b*255)])
+ return ret
+
+def calc_single(numleds,val):
+ ret = []
+ for i in range(numleds):
+ r,g,b = hsv_to_rgb(val,1,1)
+ ret.append([int(r*255),
+ int(g*255),
+ int(b*255)])
+ return ret
+
+def main():
+ args = docopt(__doc__)
+ numleds = int(args['NUMLEDS'])
+ mode = args['--mode']
+ step = float(args['STEP'] or 0.01)
+ delay = float(args['DELAY'] or 1)
+ val = float(args['STARTVAL'] or 0)
+ last = []
+ while True:
+ if mode == "chain":
+ ret = calc_chain(numleds,val)
+ elif mode == "single":
+ ret = calc_single(numleds,val)
+
+ if args['--add-empty']:
+ ret.insert(0,[0,0,0])
+
+ # early serialization makes comparsion easy
+ ret = json.dumps(ret)
+ if not (args['--skip-unchanged'] and last == ret):
+ last = ret
+ print(ret)
+ sys.stdout.flush()
+ if args['single']:
+ break
+ else:
+ val += step % 1
+ time.sleep(delay)
+
+
+
+if __name__ == "__main__":
+ main()
From d2f896842e59f2e8bdce44926b1bf49672c9c91f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 11 May 2017 16:06:41 +0200
Subject: [PATCH 04/21] m 2 led-fader: rm ad-hoc script
---
makefu/1systems/wbob.nix | 3 +
.../{led-fader/default.nix => led-fader.nix} | 0
makefu/2configs/deployment/led-fader/fade.py | 78 -------------------
3 files changed, 3 insertions(+), 78 deletions(-)
rename makefu/2configs/deployment/{led-fader/default.nix => led-fader.nix} (100%)
delete mode 100755 makefu/2configs/deployment/led-fader/fade.py
diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix
index 43fbd6d2b..f2c42692c 100644
--- a/makefu/1systems/wbob.nix
+++ b/makefu/1systems/wbob.nix
@@ -15,6 +15,8 @@ in {
../2configs/tools/media.nix
../2configs/virtualization.nix
../2configs/tinc/retiolum.nix
+ ../2configs/mqtt.nix
+ ../2configs/deployment/led-fader.nix
];
krebs = {
@@ -43,6 +45,7 @@ in {
networking.firewall.allowedUDPPorts = [ 655 ];
networking.firewall.allowedTCPPorts = [ 655 49152 ];
+ networking.firewall.trustedInterfaces = [ "enp0s25" ];
#services.tinc.networks.siem = {
# name = "display";
# extraConfig = ''
diff --git a/makefu/2configs/deployment/led-fader/default.nix b/makefu/2configs/deployment/led-fader.nix
similarity index 100%
rename from makefu/2configs/deployment/led-fader/default.nix
rename to makefu/2configs/deployment/led-fader.nix
diff --git a/makefu/2configs/deployment/led-fader/fade.py b/makefu/2configs/deployment/led-fader/fade.py
deleted file mode 100755
index 8178ad6e8..000000000
--- a/makefu/2configs/deployment/led-fader/fade.py
+++ /dev/null
@@ -1,78 +0,0 @@
-#! /usr/bin/env nix-shell
-#! nix-shell -i python3 -p python3 python35Packages.docopt
-""" usage: run [options] NUMLEDS (loop [--skip-unchanged] [STEP] [DELAY]|single STARTVAL)
-
- --add-empty essentially add a single empty led in front, does not count into NUMLEDS
-
- --mode=TYPE mode of fading (Default: chain)
- --output=TYPE output type, either json or raw (Default: json)
- --skip-unchanged if the value in the loop is unchanged, skip the output
-
-running with loop this script essentially becomes a generator which outputs the
-next value each "DELAY"
-single returns a single output with STARTVAL as starting point for the first led
-
-NUMLEDS is the number of leds to output data for (--add-empty does not count in here)
-STEP defaults to 0.01
-DELAY defaults to 1 second
-
-"""
-from docopt import docopt
-import time
-from colorsys import hsv_to_rgb
-import json
-import sys
-
-def calc_chain(numleds,val):
- divisor = 1.0 / numleds
- ret = []
- for i in range(numleds):
- v = float(divisor * i + val) % 1
- r,g,b = hsv_to_rgb(v,0.9,1)
- ret.append([int(r*255),
- int(g*255),
- int(b*255)])
- return ret
-
-def calc_single(numleds,val):
- ret = []
- for i in range(numleds):
- r,g,b = hsv_to_rgb(val,1,1)
- ret.append([int(r*255),
- int(g*255),
- int(b*255)])
- return ret
-
-def main():
- args = docopt(__doc__)
- numleds = int(args['NUMLEDS'])
- mode = args['--mode']
- step = float(args['STEP'] or 0.01)
- delay = float(args['DELAY'] or 1)
- val = float(args['STARTVAL'] or 0)
- last = []
- while True:
- if mode == "chain":
- ret = calc_chain(numleds,val)
- elif mode == "single":
- ret = calc_single(numleds,val)
-
- if args['--add-empty']:
- ret.insert(0,[0,0,0])
-
- # early serialization makes comparsion easy
- ret = json.dumps(ret)
- if not (args['--skip-unchanged'] and last == ret):
- last = ret
- print(ret)
- sys.stdout.flush()
- if args['single']:
- break
- else:
- val += step % 1
- time.sleep(delay)
-
-
-
-if __name__ == "__main__":
- main()
From d92281cf4dc8244076a9826f1586d287db5be9ef Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 11 May 2017 16:40:51 +0200
Subject: [PATCH 05/21] m 2 led-fader: use ampel
---
makefu/2configs/deployment/led-fader.nix | 30 +++++++++++++++++-------
1 file changed, 21 insertions(+), 9 deletions(-)
diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix
index fee741997..a18416497 100644
--- a/makefu/2configs/deployment/led-fader.nix
+++ b/makefu/2configs/deployment/led-fader.nix
@@ -3,6 +3,26 @@
with import <stockholm/lib>;
let
mq = "192.168.8.11";
+
+ pkg = pkgs.stdenv.mkDerivation {
+ name = "ampel-master";
+ src = pkgs.fetchgit {
+ url = "http://cgit.euer.krebsco.de/ampel";
+ rev = "07a6791de368e16cc0864d2676fd255eba522cee";
+ sha256 = "1jxjapvkfglvgapy7gjbr1nra3ay418nvz70bvypcmv7wc8d4h8q";
+ };
+ buildInputs = [
+ (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [
+ docopt
+ paho-mqtt
+ ]))
+ ];
+ installPhase = ''
+ install -m755 -D fade.py $out/bin/fade.py
+ install -m755 -D ampel.py $out/bin/ampel
+ install -m755 -D times.json $out/share/times.json
+ '';
+ };
in {
systemd.services.led-fader = {
description = "Send led change to message queue";
@@ -10,17 +30,9 @@ in {
NIX_PATH = "/var/src";
};
wantedBy = [ "multi-user.target" ];
- path = with pkgs; [
- nix # nix-shell
- mosquitto #mosquitto_pub
- bash # nix-shell
- ];
serviceConfig = {
# User = "nobody"; # need a user with permissions to run nix-shell
- ExecStart = pkgs.writeDash "run-fader" ''
- ${./fade.py} --add-empty --mode chain 3 loop --skip-unchanged 0.002 0.1 \
- | mosquitto_pub -h ${mq} -p 1883 -l -t '/leds/nodemcu-switcher/set'
- '';
+ ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json";
PrivateTmp = true;
};
};
From 1ec9f84c651e048705b0201c3dcc9547f63611d0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:29:46 +0200
Subject: [PATCH 06/21] m 2: mv base-gui gui/base
---
makefu/1systems/tsp.nix | 2 +-
makefu/1systems/wbob.nix | 26 +++++--------------
.../2configs/{base-gui.nix => gui/base.nix} | 4 +--
makefu/2configs/gui/studio.nix | 22 ++++++++++++++++
makefu/2configs/{ => gui}/urxvtd.nix | 0
makefu/2configs/gui/wbob-kiosk.nix | 23 ++++++++++++++++
makefu/2configs/main-laptop.nix | 2 +-
7 files changed, 56 insertions(+), 23 deletions(-)
rename makefu/2configs/{base-gui.nix => gui/base.nix} (95%)
create mode 100644 makefu/2configs/gui/studio.nix
rename makefu/2configs/{ => gui}/urxvtd.nix (100%)
create mode 100644 makefu/2configs/gui/wbob-kiosk.nix
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
index 9809abf4c..25fc2b49b 100644
--- a/makefu/1systems/tsp.nix
+++ b/makefu/1systems/tsp.nix
@@ -7,7 +7,7 @@
imports =
[ # Include the results of the hardware scan.
../.
- ../2configs/base-gui.nix
+ ../2configs/gui/base.nix
../2configs/fs/sda-crypto-root.nix
# hardware specifics are in here
../2configs/hw/tp-x200.nix #< imports tp-x2x0.nix
diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix
index f2c42692c..5b9938ffa 100644
--- a/makefu/1systems/wbob.nix
+++ b/makefu/1systems/wbob.nix
@@ -1,14 +1,14 @@
{ config, pkgs, lib, ... }:
-let
+let
rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115";
datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F";
+ user = config.makefu.gui.user;
in {
imports =
[ # Include the results of the hardware scan.
../.
../2configs/zsh-user.nix
- ../2configs/base-gui.nix
../2configs/tools/core.nix
../2configs/tools/core-gui.nix
../2configs/tools/extra-gui.nix
@@ -17,6 +17,10 @@ in {
../2configs/tinc/retiolum.nix
../2configs/mqtt.nix
../2configs/deployment/led-fader.nix
+ # ../2configs/gui/wbob-kiosk.nix
+
+ ../2configs/gui/studio.nix
+ ../2configs/vncserver.nix
];
krebs = {
@@ -26,22 +30,6 @@ in {
swapDevices = [ { device = "/var/swap"; } ];
- services.xserver = {
- layout = lib.mkForce "de";
-
- windowManager = lib.mkForce {
- awesome.enable = false;
- default = "none";
- };
- desktopManager.xfce.enable = true;
-
- # xrandrHeads = [ "HDMI1" "HDMI2" ];
- # prevent screen from turning off, disable dpms
- displayManager.sessionCommands = ''
- xset s off -dpms
- xrandr --output HDMI2 --right-of HDMI1
- '';
- };
networking.firewall.allowedUDPPorts = [ 655 ];
networking.firewall.allowedTCPPorts = [ 655 49152 ];
@@ -88,7 +76,7 @@ in {
# TODO: add crypto layer
systemd.services."synergy-client" = {
environment.DISPLAY = ":0";
- serviceConfig.User = "makefu";
+ serviceConfig.User = user;
};
services.synergy = {
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/gui/base.nix
similarity index 95%
rename from makefu/2configs/base-gui.nix
rename to makefu/2configs/gui/base.nix
index 1a19ab36b..bf6bef29d 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/gui/base.nix
@@ -65,7 +65,7 @@ in
cat |derp <<EOF
XTerm*background: black
XTerm*foreground: white
- XTerm*FaceName : xft:xos4 Terminus:pixelsize=14
+ XTerm*FaceName : xft:xos4 Terminus:pixelsize=11
URxvt*termName: rxvt
URxvt*saveLines: 10000
@@ -77,7 +77,7 @@ in
URxvt.background: black
URxvt.urgentOnBell: true
URxvt.visualBell: false
- URxvt.font : xft:xos4 Terminus:size=12
+ URxvt.font : xft:xos4 Terminus:size=11
! blue
diff --git a/makefu/2configs/gui/studio.nix b/makefu/2configs/gui/studio.nix
new file mode 100644
index 000000000..08157fda4
--- /dev/null
+++ b/makefu/2configs/gui/studio.nix
@@ -0,0 +1,22 @@
+{ config, lib, ... }:
+let
+ user = config.makefu.gui.user;
+in
+{
+ services.xserver.enable = true;
+ services.xserver.displayManager.sddm = {
+ enable = true;
+ autoLogin.enable = true;
+ autoLogin.user = user;
+ };
+ # services.xserver.windowMananger.default = "plasma5";
+ services.xserver.desktopManager = {
+ default = "plasma5";
+ plasma5.enable = true;
+ };
+
+ services.xserver.layout = "us";
+ services.xserver.xkbVariant = "altgr-intl";
+ services.xserver.xkbOptions = "ctrl:nocaps";
+
+}
diff --git a/makefu/2configs/urxvtd.nix b/makefu/2configs/gui/urxvtd.nix
similarity index 100%
rename from makefu/2configs/urxvtd.nix
rename to makefu/2configs/gui/urxvtd.nix
diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix
new file mode 100644
index 000000000..4b7a0c333
--- /dev/null
+++ b/makefu/2configs/gui/wbob-kiosk.nix
@@ -0,0 +1,23 @@
+{ lib, ... }:
+{
+
+ imports = [
+ ./base.nix
+ ];
+ services.xserver = {
+ layout = lib.mkForce "de";
+
+ windowManager = lib.mkForce {
+ awesome.enable = false;
+ default = "none";
+ };
+ desktopManager.xfce.enable = true;
+
+ # xrandrHeads = [ "HDMI1" "HDMI2" ];
+ # prevent screen from turning off, disable dpms
+ displayManager.sessionCommands = ''
+ xset s off -dpms
+ xrandr --output HDMI2 --right-of HDMI1
+ '';
+ };
+}
diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix
index eaf6dec97..827da0c8d 100644
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@@ -11,7 +11,7 @@ let
user = config.krebs.build.user.name;
in {
imports = [
- ./base-gui.nix
+ ./gui/base.nix
./fetchWallpaper.nix
./zsh-user.nix
./tools/core.nix
From f65349a3bcf315a0e89db63772c1a164352c6693 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:30:26 +0200
Subject: [PATCH 07/21] k 3 m: retab
---
krebs/3modules/makefu/default.nix | 49 ++++++++++++++++---------------
1 file changed, 25 insertions(+), 24 deletions(-)
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 7e098eea1..33202d0ab 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -26,30 +26,30 @@ with import <stockholm/lib>;
};
};
};
- studio = rec {
- cores = 4;
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
- nets = {
- retiolum = {
- ip4.addr = "10.243.227.163";
- ip6.addr = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6";
- aliases = [
- "studio.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti
- cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk
- GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI
- jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1
- 78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu
- 8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
+ studio = rec {
+ cores = 4;
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.227.163";
+ ip6.addr = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6";
+ aliases = [
+ "studio.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti
+ cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk
+ GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI
+ jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1
+ 78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu
+ 8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
fileleech = rec {
cores = 4;
@@ -474,6 +474,7 @@ with import <stockholm/lib>;
nets = rec {
internet = {
ip4.addr = "188.68.40.19";
+ ip6.addr = "2a03:4000:17:2df::1";
aliases = [
"gum.i"
];
From 7a7612fb4d32349ba0ad87531845e65a8ee54deb Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:31:46 +0200
Subject: [PATCH 08/21] m 2 audio: init
---
makefu/2configs/audio/jack-on-pulse.nix | 45 ++++++++++++++++++++++++
makefu/2configs/audio/realtime-audio.nix | 12 +++++++
makefu/2configs/sources/default.nix | 7 ++++
makefu/2configs/sources/musnix.nix | 6 ++++
4 files changed, 70 insertions(+)
create mode 100644 makefu/2configs/audio/jack-on-pulse.nix
create mode 100644 makefu/2configs/audio/realtime-audio.nix
create mode 100644 makefu/2configs/sources/default.nix
create mode 100644 makefu/2configs/sources/musnix.nix
diff --git a/makefu/2configs/audio/jack-on-pulse.nix b/makefu/2configs/audio/jack-on-pulse.nix
new file mode 100644
index 000000000..09d03ea9f
--- /dev/null
+++ b/makefu/2configs/audio/jack-on-pulse.nix
@@ -0,0 +1,45 @@
+{ config, pkgs, ... }:
+let
+ pulse = pkgs.pulseaudioFull;
+ user = config.makefu.gui.user;
+in
+{
+ sound.enable = true;
+ hardware.pulseaudio = {
+ enable = true;
+ package = pulse;
+ };
+
+ environment.systemPackages = with pkgs; [ jack2Full ];
+ # from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html
+
+ systemd.services = {
+ jackdbus = {
+ description = "Runs jack, and points pulseaudio at it";
+ serviceConfig = {
+ User = user;
+ Type = "oneshot";
+ ExecStart = pkgs.writeScript "start_jack.sh" ''
+ #! ${pkgs.bash}/bin/bash
+ . ${config.system.build.setEnvironment}
+ sleep 5 # wait for the gui to load
+
+ ${pkgs.jack2Full}/bin/jack_control start
+ sleep 3 # give some time for sources/sinks to be created
+
+ ${pulse}/bin/pacmd set-default-sink jack_out
+ ${pulse}/bin/pacmd set-default-source jack_in
+ '';
+ ExecStop = pkgs.writeScript "stop_jack.sh" ''
+ #! ${pkgs.bash}/bin/bash
+ . ${config.system.build.setEnvironment}
+
+ ${pkgs.jack2Full}/bin/jack_control stop
+ '';
+ RemainAfterExit = true;
+ };
+ after = [ "display-manager.service" "sound.target" ];
+ wantedBy = [ "multi-user.target" ];
+ };
+ };
+}
diff --git a/makefu/2configs/audio/realtime-audio.nix b/makefu/2configs/audio/realtime-audio.nix
new file mode 100644
index 000000000..d9709e4b7
--- /dev/null
+++ b/makefu/2configs/audio/realtime-audio.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+let
+ user = config.makefu.gui.user;
+in
+{
+ imports = [
+ ../sources/musnix.nix # populate musnix
+ <musnix>
+ ];
+ musnix.enable = true;
+ users.users."${user}".extraGroups = [ "audio" ];
+}
diff --git a/makefu/2configs/sources/default.nix b/makefu/2configs/sources/default.nix
new file mode 100644
index 000000000..232117aec
--- /dev/null
+++ b/makefu/2configs/sources/default.nix
@@ -0,0 +1,7 @@
+# the builder pc (my laptop) will also require the sources i use to deploy
+# other boxes
+{
+ imports = [
+ ./musnix.nix
+ ];
+}
diff --git a/makefu/2configs/sources/musnix.nix b/makefu/2configs/sources/musnix.nix
new file mode 100644
index 000000000..d02dd4a48
--- /dev/null
+++ b/makefu/2configs/sources/musnix.nix
@@ -0,0 +1,6 @@
+{
+ krebs.build.source.musnix.git = {
+ url = https://github.com/musnix/musnix.git;
+ ref = "37a8378";
+ };
+}
From 89b254d485c8babbd7c4f329c52681dd9cc1a8e2 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:32:12 +0200
Subject: [PATCH 09/21] m 2 backup: provide borgbackup
---
makefu/2configs/backup.nix | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix
index 9ed890326..1cc78bfc1 100644
--- a/makefu/2configs/backup.nix
+++ b/makefu/2configs/backup.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
# preparation:
@@ -32,4 +32,7 @@ in {
# wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
};
+ environment.systemPackages = [
+ pkgs.borgbackup
+ ];
}
From f87ff0023c32511055695eb4e0dfecc63bc736bc Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:32:29 +0200
Subject: [PATCH 10/21] m 2 wbob: use realtime audio
---
makefu/1systems/wbob.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix
index 5b9938ffa..7f465ec72 100644
--- a/makefu/1systems/wbob.nix
+++ b/makefu/1systems/wbob.nix
@@ -20,6 +20,8 @@ in {
# ../2configs/gui/wbob-kiosk.nix
../2configs/gui/studio.nix
+ ../2configs/audio/jack-on-pulse.nix
+ ../2configs/audio/realtime-audio.nix
../2configs/vncserver.nix
];
From 4e3ca6651ebbfc77b927e7a3694a002c79939776 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:33:12 +0200
Subject: [PATCH 11/21] m 1 x: also deploy sources
---
makefu/1systems/x.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index 65df426e5..d1503c8d7 100644
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@@ -38,6 +38,8 @@ with import <stockholm/lib>;
# ../2configs/temp/sabnzbd.nix
+ # development
+ ../2configs/sources
# Krebs
# ../2configs/disable_v6.nix
From e971a641bd3b9dafaff38821e8c4d741c5f4f900 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:33:35 +0200
Subject: [PATCH 12/21] m 5 alsa-tools: gtk -> gtk3
---
makefu/5pkgs/alsa-tools/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/makefu/5pkgs/alsa-tools/default.nix b/makefu/5pkgs/alsa-tools/default.nix
index 9a672f048..5134c10ec 100644
--- a/makefu/5pkgs/alsa-tools/default.nix
+++ b/makefu/5pkgs/alsa-tools/default.nix
@@ -1,4 +1,4 @@
-{stdenv,alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk}:
+{stdenv,alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk3}:
stdenv.mkDerivation rec {
name = "alsa-${alsaToolTarget}-${version}";
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
sha256 = "1lgvyb81md25s9ciswpdsbibmx9s030kvyylf0673w3kbamz1awl";
};
sourceRoot = "${alsaToolsName}/${alsaToolTarget}/";
- buildInputs = [ alsaLib fltk13 gtk ncurses ];
+ buildInputs = [ alsaLib fltk13 gtk3 ncurses ];
meta = {
homepage = http://www.alsa-project.org/;
From 783ddcf4834a3f374e4c7dbe20ab2bd879bc5d84 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:34:21 +0200
Subject: [PATCH 13/21] m 3 taskserver: make dirs accessible again
otherwise taskserver will not boot up
---
makefu/3modules/taskserver.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/makefu/3modules/taskserver.nix b/makefu/3modules/taskserver.nix
index 808e70425..40a18fe05 100644
--- a/makefu/3modules/taskserver.nix
+++ b/makefu/3modules/taskserver.nix
@@ -41,8 +41,8 @@ let
Type = "simple";
ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}";
WorkingDirectory = cfg.workingDir;
- PrivateTmp = true;
- InaccessibleDirectories = "/home /boot /opt /mnt /media";
+ # PrivateTmp = true;
+ # InaccessibleDirectories = "/home /boot /opt /mnt /media";
User = "taskd";
};
};
From 1f9ddd9c6f8cdd9ce1b5a6bb9dc65475e2a90e62 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:34:41 +0200
Subject: [PATCH 14/21] m 2 avahi: init
---
makefu/2configs/avahi.nix | 8 ++++++++
1 file changed, 8 insertions(+)
create mode 100644 makefu/2configs/avahi.nix
diff --git a/makefu/2configs/avahi.nix b/makefu/2configs/avahi.nix
new file mode 100644
index 000000000..59f59fd80
--- /dev/null
+++ b/makefu/2configs/avahi.nix
@@ -0,0 +1,8 @@
+{ pkgs, ...}:
+{
+ services.avahi = {
+ enable = true;
+ wideArea = false;
+ };
+ environment.systemPackages = [ pkgs.avahi ];
+}
From 4c2408763eec98ec9cecf340dccfffa34a0c3cb0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:35:35 +0200
Subject: [PATCH 15/21] m: init and use 'makefu.gui.user'
---
makefu/2configs/vncserver.nix | 70 ++++++++++++++++++++++---------
makefu/3modules/server-config.nix | 5 +++
makefu/5pkgs/novnc/default.nix | 41 ++++++++++++++++++
3 files changed, 97 insertions(+), 19 deletions(-)
create mode 100644 makefu/5pkgs/novnc/default.nix
diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix
index 2e8e50feb..c56b3e294 100644
--- a/makefu/2configs/vncserver.nix
+++ b/makefu/2configs/vncserver.nix
@@ -5,26 +5,58 @@ let
pwtmp = "/tmp/vnc-password";
# nixos-unstable tigervnc is currently broken :\
package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc;
- User = "makefu";
- port = 5900;
+ user = config.makefu.gui.user;
+ vnc_port = 5900;
+ web_port = 6080;
in {
- networking.firewall.allowedTCPPorts = [ port ];
- networking.firewall.allowedUDPPorts = [ port ];
+ networking.firewall.allowedTCPPorts = [ 80 vnc_port web_port ];
+ systemd.services = {
+ terminal-server = {
+ description = "VNC Terminal Server";
+ after = [ "display-manager.service" "graphical.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = user;
+ Restart = "always";
+ ExecStartPre = pkgs.writeDash "terminal-pre" ''
+ sleep 5
+ install -m0700 -o ${user} ${pwfile} ${pwtmp}
+ '';
+ ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString vnc_port} -passwordfile ${pwtmp}";
+ PermissionsStartOnly = true;
+ PrivateTmp = true;
+ };
+ };
+ terminal-web = {
+ description = "noVNC Web Server";
+ after = [ "terminal-server.service" "graphical.target" "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = "nobody";
+ ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}";
+ PrivateTmp = true;
+ };
+ };
+ };
+ services.nginx.enable = true;
+ services.nginx.virtualHosts._.locations = {
+ "/" = {
+ root = "${pkgs.novnc}";
+ index = "vnc_auto.html";
+ };
+ "/websockify" = {
+ proxyPass = "http://127.0.0.1:6080/";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
- systemd.services."terminal-server" = {
- description = "Terminal Server";
- after = [ "display-manager.service" ];
- wantedBy = [ "graphical.target" ];
- serviceConfig = {
- inherit User;
- ExecStartPre = pkgs.writeDash "terminal-pre" ''
-
- set -eufx
- install -m0700 -o ${User} ${pwfile} ${pwtmp}
+ # VNC connection timeout
+ proxy_read_timeout 61s;
+
+ # Disable cache
+ proxy_buffering off;
'';
- ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString port} -passwordfile ${pwtmp}";
- PermissionsStartOnly = true;
- PrivateTmp = true;
- };
- };
+ };
+ };
}
diff --git a/makefu/3modules/server-config.nix b/makefu/3modules/server-config.nix
index dbd29d748..846642580 100644
--- a/makefu/3modules/server-config.nix
+++ b/makefu/3modules/server-config.nix
@@ -6,5 +6,10 @@ with import <stockholm/lib>;
type = types.str;
description = "Primary interface of the server";
};
+ options.makefu.gui.user = lib.mkOption {
+ type = types.str;
+ description = "GUI user";
+ default = config.krebs.build.user.name;
+ };
}
diff --git a/makefu/5pkgs/novnc/default.nix b/makefu/5pkgs/novnc/default.nix
new file mode 100644
index 000000000..b1d62248d
--- /dev/null
+++ b/makefu/5pkgs/novnc/default.nix
@@ -0,0 +1,41 @@
+{ stdenv, fetchurl, pkgs }:
+# source: https://github.com/hyphon81/Nixtack/blob/master/noVNC/noVNC.nix
+let
+in
+
+stdenv.mkDerivation rec {
+ name = "novnc-${version}";
+ version = "0.6.2";
+
+ src = fetchurl {
+ url = "https://github.com/novnc/noVNC/archive/v${version}.tar.gz";
+ sha256 = "16ygbdzdmnfg9a26d9il4a6fr16qmq0ix9imfbpzl0drfbj7z8kh";
+ };
+ p = stdenv.lib.makeBinPath [ pkgs.nettools pkgs.python27Packages.websockify
+ pkgs.coreutils pkgs.which pkgs.procps ];
+ # TODO: propagatedBuildInputs does not seem to work with shell scripts
+ patchPhase = ''
+ sed -i '1aset -efu\nexport PATH=${p}\n' utils/launch.sh
+ '';
+ installPhase = ''
+ mkdir -p $out/bin
+ cp utils/launch.sh $out/bin/launch-novnc.sh
+ chmod +x $out/bin/launch-novnc.sh
+ mkdir -p $out/images
+ cp -r images/* $out/images/
+ mkdir -p $out/include
+ cp -r include/* $out/include/
+ cp favicon.ico $out
+ cp vnc.html $out
+ cp vnc_auto.html $out
+ '';
+
+ meta = with stdenv.lib; {
+ homepage = http://novnc.com/info.html;
+ repositories.git = git://github.com/novnc/noVNC.git;
+ description = ''
+ A HTML5 VNC Client
+ '';
+ license = licenses.mpl20;
+ };
+}
From 5c7a36ab51fbfe89ddc76f979fbab9cd0f40e664 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:36:11 +0200
Subject: [PATCH 16/21] m 5 shackie: init
---
makefu/5pkgs/shackie/default.nix | 33 ++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
create mode 100644 makefu/5pkgs/shackie/default.nix
diff --git a/makefu/5pkgs/shackie/default.nix b/makefu/5pkgs/shackie/default.nix
new file mode 100644
index 000000000..ce926fcd6
--- /dev/null
+++ b/makefu/5pkgs/shackie/default.nix
@@ -0,0 +1,33 @@
+{ pkgs, fetchFromGitHub, ... }:
+with pkgs.python3Packages;
+let
+ asyncio-irc = buildPythonPackage rec {
+ name = "asyncio-irc-${version}";
+ version = "2016-09-02";
+ src = fetchFromGitHub {
+ owner = "watchtower";
+ repo = "asyncirc";
+ rev = "5384d19";
+ sha256 = "0xgzdvp0ig0im7r3vbqd3a9rzac0lkk2mvf7y4fw56p8k61df8nv";
+ };
+ propagatedBuildInputs = [ blinker ];
+ };
+in
+buildPythonPackage rec {
+ name = "shackie-${version}";
+ version = "2017-04-24";
+ propagatedBuildInputs = [
+ asyncio-irc
+ beautifulsoup4
+ lxml
+ pytz
+ redis
+ requests2
+ ];
+ src = fetchFromGitHub {
+ owner = "shackspace";
+ repo = "shackie";
+ rev = "e717ec7";
+ sha256 = "1ffbjm3x2xcyxl42hfsjs5xg1pm0xsprdi5if9zxa5ycqydmiw3l";
+ };
+}
From d60e92f04b3b04deb2e638ab0f602094578ad71d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:37:00 +0200
Subject: [PATCH 17/21] m 2 git: init ampel
---
makefu/2configs/git/cgit-retiolum.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 81a5cde81..96b6c303d 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -19,6 +19,7 @@ let
cgit.desc = "Build new Stockholm hosts";
};
cac-api = { };
+ ampel = { };
init-stockholm = {
cgit.desc = "Init stuff for stockholm";
};
From 4519913a656b5aad1a53e012e2622fd9884dd518 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:37:20 +0200
Subject: [PATCH 18/21] m 2 default: bump to c5badb1
---
makefu/2configs/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 6cc891047..07f4a0543 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -22,7 +22,7 @@ with import <stockholm/lib>;
user = config.krebs.users.makefu;
source = let
inherit (config.krebs.build) host user;
- ref = "4fac473"; # unstable @ 2017-03-31 + command-not-found
+ ref = "c5badb1"; # unstable @ 2017-05-09
in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
{
From 43ac35b7494b45050e7c40243d623cca55564702 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:38:02 +0200
Subject: [PATCH 19/21] m 1 gum: enable v6
---
makefu/1systems/gum.nix | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 93ca8f643..92c446212 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -4,8 +4,11 @@ with import <stockholm/lib>;
let
external-mac = "3a:66:48:8e:82:b2";
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
+ external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
external-gw = "188.68.40.1";
+ external-gw6 = "fe80::1";
external-netmask = 22;
+ external-netmask6 = 64;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
in {
@@ -14,7 +17,7 @@ in {
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/headless.nix
../2configs/fs/single-partition-ext4.nix
- ../2configs/smart-monitor.nix
+ # ../2configs/smart-monitor.nix
../2configs/git/cgit-retiolum.nix
../2configs/backup.nix
# ../2configs/mattermost-docker.nix
@@ -55,7 +58,6 @@ in {
# ../2configs/logging/central-logging-client.nix
];
- services.smartd.devices = [ { device = main-disk;} ];
makefu.dl-dir = "/var/download";
@@ -134,6 +136,11 @@ in {
address = external-ip;
prefixLength = external-netmask;
}];
+ interfaces.et0.ip6 = [{
+ address = external-ip6;
+ prefixLength = external-netmask6;
+ }];
+ defaultGateway6 = external-gw6;
defaultGateway = external-gw;
nameservers = [ "8.8.8.8" ];
};
From 1d2bad9d10a09fddeba4e41547949ffd46d60334 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:38:45 +0200
Subject: [PATCH 20/21] m 1 studio: provide vnc and realtime audio
---
makefu/1systems/studio.nix | 55 +++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 25 deletions(-)
diff --git a/makefu/1systems/studio.nix b/makefu/1systems/studio.nix
index f80dfc09a..400d9f883 100644
--- a/makefu/1systems/studio.nix
+++ b/makefu/1systems/studio.nix
@@ -2,32 +2,46 @@
{
imports = [
../.
+ ../2configs/vncserver.nix
+ ../2configs/vim.nix
+ ../2configs/disable_v6.nix
+ ../2configs/jack-on-pulse.nix
+ ../2configs/gui/studio.nix
];
+ makefu.gui.user = "user"; # we use an extra user
krebs = {
enable = true;
tinc.retiolum.enable = true;
build.host = config.krebs.hosts.studio;
};
+ networking.firewall.allowedTCPPorts = [ 655 ];
+ networking.firewall.allowedUDPPorts = [ 655 ];
- users.users.user = {
- isNormalUser = true;
- extraGroups = [ "wheel" "audio" ];
- uid = 1000;
- };
environment.systemPackages = with pkgs;[
+ # audio foo
+ ## pulseaudio
pavucontrol
+ paprefs
+ pamixer
+
+ # extra alsa tools
+ alsa-hdspconf
+ alsa-hdspmixer
+ alsa-hdsploader
+
+ # recording
+ darkice
+ (mumble.override { jackSupport = true; })
+
+ # browsing
firefox
chromium
];
- sound.enable = true;
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
+ nixpkgs.config.allowUnfree = true;
fonts = {
enableCoreFonts = true;
enableFontDir = true;
@@ -35,21 +49,6 @@
fonts = [ ];
};
# ingos favorite display manager
- services.xserver.displayManager.sddm = {
- enable = true;
- autoLogin.enable = true;
- autoLogin.user = "user";
- };
- services.xserver.desktopManager.plasma5.enable = true;
- services.xserver.layout = "us";
- services.xserver.xkbVariant = "altgr-intl";
- services.xserver.xkbOptions = "ctrl:nocaps";
-
- i18n = {
- consoleKeyMap = "us-int";
- defaultLocale = "en_US.UTF-8";
- };
-
# hardware
@@ -67,4 +66,10 @@
};
swapDevices = [ { device = "/dev/disk/by-uuid/1914af67-5a8f-41d3-a1c2-211c39605da9"; } ];
+ users.users.user = {
+ isNormalUser = true;
+ extraGroups = [ "wheel" "audio" ];
+ uid = 1000;
+ openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
+ };
}
From 39c264108329a412446c091852dd5a655da38b27 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 15:37:11 +0200
Subject: [PATCH 21/21] m 2 default: bump to 0afb6d7
fixes virt-manager broken build
---
makefu/2configs/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 07f4a0543..7d0faae94 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -22,7 +22,7 @@ with import <stockholm/lib>;
user = config.krebs.users.makefu;
source = let
inherit (config.krebs.build) host user;
- ref = "c5badb1"; # unstable @ 2017-05-09
+ ref = "0afb6d7"; # unstable @ 2017-05-09
in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
{