From 3bead2641e037e1d5a020bfe1a6567c178a1cdf0 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 17 Mar 2016 12:03:15 +0100
Subject: [PATCH 01/23] {nukular,darth}: fix addrs6
---
krebs/3modules/makefu/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index d6ae9f12f..50419f037 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -32,7 +32,7 @@ with config.krebs.lib;
nets = {
retiolum = {
addrs4 = ["10.243.0.84"];
- addrs6 = ["42:ff6b:5f0b:460d:2cee:4d05:73f7:5566/128"];
+ addrs6 = ["42:ff6b:5f0b:460d:2cee:4d05:73f7:5566"];
aliases = [
"darth.retiolum"
"darth.r"
@@ -388,7 +388,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
nets = {
retiolum = {
addrs4 = ["10.243.231.219"];
- addrs6 = ["42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72/128"];
+ addrs6 = ["42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72"];
aliases = [
"nukular.r"
];
From 3883a9fce762306ad65fd869b628f3491cf8860e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 19 Mar 2016 21:59:32 +0100
Subject: [PATCH 02/23] k 3 l: add fastpoke pubkey
---
krebs/3modules/lass/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index eb54ba095..3d54900e4 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -133,6 +133,7 @@ with config.krebs.lib;
'';
};
};
+ ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b";
};
cloudkrebs = {
cores = 1;
From 369c21ca594cae6d0b15d0a6ea71953d57da7683 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 19 Mar 2016 22:01:16 +0100
Subject: [PATCH 03/23] l 5: add yt-next
---
lass/5pkgs/default.nix | 1 +
lass/5pkgs/yt-next/default.nix | 13 +++++++++++++
2 files changed, 14 insertions(+)
create mode 100644 lass/5pkgs/yt-next/default.nix
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 8b15fca23..37b61a4bf 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -11,5 +11,6 @@
xmonad-lass =
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
pkgs.haskellPackages.callPackage src {};
+ yt-next = pkgs.callPackage ./yt-next/default.nix {};
};
}
diff --git a/lass/5pkgs/yt-next/default.nix b/lass/5pkgs/yt-next/default.nix
new file mode 100644
index 000000000..8132b4f05
--- /dev/null
+++ b/lass/5pkgs/yt-next/default.nix
@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+
+pkgs.writeScriptBin "yt-next" ''
+ #! ${pkgs.bash}/bin/bash
+
+ vid=$1
+ num=''${NUM:-1}
+
+ curl -Ls $1 \
+ | grep 'href="/watch?v=' \
+ | head -n$num \
+ | sed 's,.*href="\([^"]*\)".*,https://youtube.com\1,'
+''
From 429a013aa7d9a737b6bb32bf20c34a0ea469869f Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 19 Mar 2016 22:01:34 +0100
Subject: [PATCH 04/23] l 5: add mpv-poll
---
lass/5pkgs/default.nix | 1 +
lass/5pkgs/mpv-poll/default.nix | 40 +++++++++++++++++++++++++++++++++
2 files changed, 41 insertions(+)
create mode 100644 lass/5pkgs/mpv-poll/default.nix
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 37b61a4bf..0c9dd94ca 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -8,6 +8,7 @@
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
};
+ mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
xmonad-lass =
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
pkgs.haskellPackages.callPackage src {};
diff --git a/lass/5pkgs/mpv-poll/default.nix b/lass/5pkgs/mpv-poll/default.nix
new file mode 100644
index 000000000..ee191843e
--- /dev/null
+++ b/lass/5pkgs/mpv-poll/default.nix
@@ -0,0 +1,40 @@
+{ pkgs, ... }:
+
+pkgs.writeScriptBin "mpv-poll" ''
+ #! ${pkgs.bash}/bin/bash
+
+ pl=$1
+ hist=''${HISTORY:-"./mpv_history"}
+ mpv_options=''${MPV_OPTIONS:-""}
+
+ lastYT=""
+
+ play_video () {
+ toPlay=$1
+ echo $toPlay >> $hist
+ mpv $mpv_options $toPlay
+ }
+
+ if ! [ -e $hist ]; then
+ touch $hist
+ fi
+
+ while :
+ do
+ if [ -s $pl ]; then
+ toPlay=$(head -1 $pl)
+ sed -i '1d' $pl
+ if $(echo $toPlay | grep -Eq 'https?://(www.)?youtube.com/watch'); then
+ lastYT=$toPlay
+ fi
+ play_video $toPlay
+ else
+ if [ -n "$lastYT" ]; then
+ next=$(yt-next $lastYT)
+ lastYT=$next
+ play_video $next
+ fi
+ sleep 1
+ fi
+ done
+''
From 658594cae25fd7ac078c80934f203e736aa10c64 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 19 Mar 2016 22:02:09 +0100
Subject: [PATCH 05/23] l 2 baseX: add mpv-poll + deps
---
lass/2configs/baseX.nix | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index bb32be086..6c52240af 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -33,7 +33,6 @@ in {
dmenu
gitAndTools.qgit
- mpv
much
pavucontrol
powertop
@@ -44,6 +43,9 @@ in {
xsel
zathura
+ mpv
+ mpv-poll
+ yt-next
#window manager stuff
#haskellPackages.xmobar
#haskellPackages.yeganesh
From 9494b7233e95751cb23e667935c9cc9327d0d5f6 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 19 Mar 2016 22:03:40 +0100
Subject: [PATCH 06/23] l 3 *_nginx: remove obsolete ssl option
---
lass/3modules/owncloud_nginx.nix | 29 +----------------------------
lass/3modules/static_nginx.nix | 15 +--------------
2 files changed, 2 insertions(+), 42 deletions(-)
diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix
index a10df779e..35d8d04a5 100644
--- a/lass/3modules/owncloud_nginx.nix
+++ b/lass/3modules/owncloud_nginx.nix
@@ -45,24 +45,6 @@ let
instanceid = mkOption {
type = str;
};
- ssl = mkOption {
- type = with types; submodule ({
- options = {
- enable = mkEnableOption "ssl";
- certificate = mkOption {
- type = str;
- };
- certificate_key = mkOption {
- type = str;
- };
- ciphers = mkOption {
- type = str;
- default = "AES128+EECDH:AES128+EDH";
- };
- };
- });
- default = {};
- };
};
}));
default = {};
@@ -72,7 +54,7 @@ let
group = config.services.nginx.group;
imp = {
- krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {
+ krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: {
server-names = [
"${domain}"
"www.${domain}"
@@ -116,16 +98,7 @@ let
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
- ${if ssl.enable then ''
- ssl_certificate ${ssl.certificate};
- ssl_certificate_key ${ssl.certificate_key};
- '' else ""}
'';
- listen = (if ssl.enable then
- [ "80" "443 ssl" ]
- else
- "80"
- );
});
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
listen = ${folder}/phpfpm.pool
diff --git a/lass/3modules/static_nginx.nix b/lass/3modules/static_nginx.nix
index 93441cf0d..6e87e9853 100644
--- a/lass/3modules/static_nginx.nix
+++ b/lass/3modules/static_nginx.nix
@@ -42,10 +42,6 @@ let
certificate_key = mkOption {
type = str;
};
- ciphers = mkOption {
- type = str;
- default = "AES128+EECDH:AES128+EDH";
- };
};
});
default = {};
@@ -74,16 +70,7 @@ let
deny all;
'')
];
-
- listen = (if ssl.enable then
- [ "80" "443 ssl" ]
- else
- "80"
- );
- extraConfig = (if ssl.enable then ''
- ssl_certificate ${ssl.certificate};
- ssl_certificate_key ${ssl.certificate_key};
- '' else "");
+ inherit ssl;
});
};
From e1cd9fa013f34236db1ceebd84badd4315e92701 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 31 Mar 2016 03:48:43 +0200
Subject: [PATCH 07/23] tv: import mu
---
krebs/3modules/tv/default.nix | 9 +-
tv/1systems/mu.nix | 169 ++++++++++++++++++++++++++++++++++
2 files changed, 177 insertions(+), 1 deletion(-)
create mode 100644 tv/1systems/mu.nix
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 262f508c3..13d3163c0 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -169,6 +169,7 @@ with config.krebs.lib;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
};
mu = {
+ cores = 2;
nets = {
retiolum = {
addrs4 = ["10.243.20.1"];
@@ -189,6 +190,8 @@ with config.krebs.lib;
'';
};
};
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu";
};
nomic = {
cores = 2;
@@ -387,7 +390,7 @@ with config.krebs.lib;
-----END PGP PUBLIC KEY BLOCK-----
'';
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
- uid = 1337; # TODO use default
+ uid = 1337; # TODO use default and document what has to be done (for vv)
};
tv-nomic = {
inherit (tv) mail;
@@ -397,5 +400,9 @@ with config.krebs.lib;
inherit (tv) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
};
+ vv = {
+ mail = "vv@mu.r";
+ uid = 2000; # TODO use default
+ };
};
}
diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix
new file mode 100644
index 000000000..06da15ecc
--- /dev/null
+++ b/tv/1systems/mu.nix
@@ -0,0 +1,169 @@
+{ config, pkgs, ... }:
+
+with config.krebs.lib;
+
+{
+ imports = [
+ ../../krebs
+ ../2configs
+ ../3modules
+ ../2configs/exim-retiolum.nix
+ ../2configs/retiolum.nix
+ ];
+
+ krebs.build.host = config.krebs.hosts.mu;
+ krebs.build.user = mkForce config.krebs.users.vv;
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0"
+ SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0"
+
+ # for jack
+ KERNEL=="rtc0", GROUP="audio"
+ KERNEL=="hpet", GROUP="audio"
+ '';
+
+
+ # hardware configuration
+ boot.initrd.luks.devices = [
+ { name = "vgmu1"; device = "/dev/sda2"; }
+ ];
+ boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ];
+ boot.initrd.availableKernelModules = [ "ahci" ];
+ boot.kernelModules = [ "fbcon" "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ boot.extraModprobeConfig = ''
+ options kvm_intel nested=1
+ '';
+
+ fileSystems = {
+ "/" = {
+ device = "/dev/vgmu1/nixroot";
+ fsType = "ext4";
+ options = [ "defaults" "noatime" ];
+ };
+ "/home" = {
+ device = "/dev/vgmu1/home";
+ options = [ "defaults" "noatime" ];
+ };
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+ "/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = [ "nosuid" "nodev" "noatime" ];
+ };
+ };
+
+ swapDevices =[ ];
+
+ nixpkgs.config.firefox.enableAdobeFlash = true;
+ nixpkgs.config.chromium.enablePepperFlash = true;
+
+ nixpkgs.config.allowUnfree = true;
+ hardware.opengl.driSupport32Bit = true;
+
+ hardware.pulseaudio.enable = true;
+
+ hardware.enableAllFirmware = true;
+
+ boot.loader.gummiboot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ networking.networkmanager.enable = true;
+
+ environment.systemPackages = with pkgs; [
+ slock
+ tinc
+ iptables
+ vim
+ gimp
+ xsane
+ firefoxWrapper
+ chromiumDev
+ skype
+ libreoffice
+ kde4.l10n.de
+ kde4.plasma-nm
+ pidgin-with-plugins
+ pidginotr
+
+ kde4.print_manager
+ #foomatic_filters
+ #gutenprint
+ #cups_pdf_filter
+ #ghostscript
+ ];
+
+
+ i18n.defaultLocale = "de_DE.UTF-8";
+
+ programs.ssh.startAgent = false;
+
+ security.setuidPrograms = [
+ "sendmail" # for cron
+ "slock"
+ ];
+
+ security.pam.loginLimits = [
+ # for jack
+ { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
+ { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
+ ];
+
+ fonts.fonts = [
+ pkgs.xlibs.fontschumachermisc
+ ];
+
+ # Enable CUPS to print documents.
+ services.printing = {
+ enable = true;
+ #drivers = [
+ # #pkgs.foomatic_filters
+ # #pkgs.gutenprint
+ # #pkgs.cups_pdf_filter
+ # #pkgs.ghostscript
+ #];
+ #cupsdConf = ''
+ # LogLevel debug2
+ #'';
+ };
+
+ services.xserver.enable = true;
+ services.xserver.layout = "de";
+ services.xserver.xkbOptions = "eurosign:e";
+
+ # TODO this is host specific
+ services.xserver.synaptics = {
+ enable = true;
+ twoFingerScroll = true;
+ };
+
+ services.xserver.desktopManager.kde4.enable = true;
+ services.xserver.displayManager.auto = {
+ enable = true;
+ user = "vv";
+ };
+
+ users.users.vv = {
+ inherit (config.krebs.users.vv) home uid;
+ isNormalUser = true;
+ extraGroups = [
+ "audio"
+ "video"
+ "networkmanager"
+ ];
+ };
+
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+
+ # see tmpfiles.d(5)
+ systemd.tmpfiles.rules = [
+ "d /tmp 1777 root root - -" # does this work with mounted /tmp?
+ ];
+}
From b297544847b71cd8759bc6d1feeb4c80e7094270 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 1 Apr 2016 14:28:16 +0200
Subject: [PATCH 08/23] ma 2 fs: use list of strings for options
---
makefu/2configs/fs/sda-crypto-root-home.nix | 2 +-
makefu/2configs/fs/sda-crypto-root.nix | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/makefu/2configs/fs/sda-crypto-root-home.nix b/makefu/2configs/fs/sda-crypto-root-home.nix
index 5214cf872..1ef0d69e9 100644
--- a/makefu/2configs/fs/sda-crypto-root-home.nix
+++ b/makefu/2configs/fs/sda-crypto-root-home.nix
@@ -19,7 +19,7 @@ with config.krebs.lib;
"/home" = {
device = "/dev/mapper/main-home";
fsType = "ext4";
- options="defaults,discard";
+ options = [ "defaults" "discard" ];
};
};
}
diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix
index e9d7b755a..b82c0e44e 100644
--- a/makefu/2configs/fs/sda-crypto-root.nix
+++ b/makefu/2configs/fs/sda-crypto-root.nix
@@ -18,12 +18,12 @@ with config.krebs.lib;
"/" = {
device = "/dev/mapper/luksroot";
fsType = "ext4";
- options="defaults,discard";
+ options = [ "defaults" "discard" ];
};
"/boot" = {
device = "/dev/disk/by-label/nixboot";
fsType = "ext4";
- options="defaults,discard";
+ options = [ "defaults" "discard" ];
};
};
}
From f47212c2ce09b22bad37670b2d434eeb9badf49d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:39:28 +0200
Subject: [PATCH 09/23] ma 2 omo: share emu
---
makefu/2configs/omo-share.nix | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix
index a9640b38b..3a4dd456f 100644
--- a/makefu/2configs/omo-share.nix
+++ b/makefu/2configs/omo-share.nix
@@ -48,6 +48,13 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
+
+ emu = {
+ path = "/media/crypt1/emu";
+ "read only" = "yes";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
usenet = {
path = "/media/crypt0/usenet/dst";
"read only" = "yes";
From 3435e02dadf0a13515a5d387e7a99d5c1a383fe4 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:39:53 +0200
Subject: [PATCH 10/23] ma 5 mycube: use new version
---
makefu/5pkgs/mycube-flask/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/makefu/5pkgs/mycube-flask/default.nix b/makefu/5pkgs/mycube-flask/default.nix
index 5bf85a66a..1b1672f08 100644
--- a/makefu/5pkgs/mycube-flask/default.nix
+++ b/makefu/5pkgs/mycube-flask/default.nix
@@ -10,8 +10,8 @@ with pkgs.pythonPackages;buildPythonPackage rec {
src = fetchFromGitHub {
owner = "makefu";
repo = "mycube-flask";
- rev = "5f5260a";
- sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh";
+ rev = "48dc6857";
+ sha256 = "1ax1vz6m5982l1mmp9vmywn9nw9p9h4m3ss74zazyspxq1wjim0v";
};
meta = {
homepage = https://github.com/makefu/mycube-flask;
From 4f55e3862c942d8d05591873f587cc767aef3a0d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:42:13 +0200
Subject: [PATCH 11/23] ma 1 darth: add virtualization
---
makefu/1systems/darth.nix | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix
index ad3ac4f22..2f2358ddc 100644
--- a/makefu/1systems/darth.nix
+++ b/makefu/1systems/darth.nix
@@ -10,15 +10,27 @@ let
allDisks = [ rootDisk auxDisk ];
in {
imports = [
- ../.
- ../2configs/fs/single-partition-ext4.nix
- ../2configs/zsh-user.nix
- ../2configs/smart-monitor.nix
+ ../.
+ ../2configs/fs/single-partition-ext4.nix
+ ../2configs/zsh-user.nix
+ ../2configs/smart-monitor.nix
+ ../2configs/exim-retiolum.nix
+ ../2configs/virtualization.nix
];
+ networking.firewall.allowedUDPPorts = [ 80 655 67 ];
+ networking.firewall.allowedTCPPorts = [ 80 655 ];
+ networking.firewall.checkReversePath = false;
+ #networking.firewall.enable = false;
# virtualisation.nova.enableSingleNode = true;
krebs.retiolum.enable = true;
+ boot.kernelModules = [ "coretemp" "f71882fg" ];
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+ networking.wireless.enable = true;
+
# TODO smartd omo darth gum all-in-one
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
zramSwap.enable = true;
From 540d629e0daa74dd37d8c6d5b462c6888a498c58 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:42:46 +0200
Subject: [PATCH 12/23] ma 2 tp-x220: start charging at 95
my thinkpad never fills 100%
---
makefu/2configs/hw/tp-x2x0.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index d5ce34bd4..7f9dc67a5 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -23,6 +23,7 @@ with config.krebs.lib;
services.tlp.enable = true;
services.tlp.extraConfig = ''
START_CHARGE_THRESH_BAT0=80
+ STOP_CHARGE_THRESH_BAT0=95
CPU_SCALING_GOVERNOR_ON_AC=performance
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
From 315bb8e67ef1a2c5fbf4b6ed4debdc8d2ce0f15e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:43:02 +0200
Subject: [PATCH 13/23] ma 2 base-gui: save more lines
---
makefu/2configs/base-gui.nix | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index 341a2ab20..b807957ba 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -10,16 +10,6 @@
#
# if this is not enough, check out main-laptop.nix
-## TODO: .Xdefaults:
-# URxvt*termName: rxvt
-# URxvt.scrollBar : false
-# URxvt*scrollBar_right: false
-# URxvt*borderLess: false
-# URxvt.foreground: white
-# URxvt.background: black
-# URxvt.urgentOnBell: true
-# URxvt.visualBell: false
-# URxvt.font : xft:Terminus
with config.krebs.lib;
let
@@ -83,7 +73,9 @@ in
XTerm*FaceName : Terminus:pixelsize=14
URxvt*termName: rxvt
- URxvt.scrollBar : False
+ URxvt*saveLines: 10000
+ URxvt*loginShell: false
+ URxvt.scrollBar : false
URxvt*scrollBar_right: false
URxvt*borderLess: false
URxvt.foreground: white
From bc72bad6e22eeae9fa138be1583e742eec1e162f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:43:31 +0200
Subject: [PATCH 14/23] ma 1 vbob: remove obsolete source
---
makefu/1systems/vbob.nix | 5 -----
1 file changed, 5 deletions(-)
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 748b08ef1..5e2382f37 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -15,11 +15,6 @@
];
nixpkgs.config.allowUnfree = true;
- krebs.build.source.upstream-nixpkgs = {
- url = https://github.com/makefu/nixpkgs;
- # HTTP Everywhere + libredir
- rev = "8239ac6";
- };
fileSystems."/nix" = {
device ="/dev/disk/by-label/nixstore";
fsType = "ext4";
From c8b8dac1dbcba9a8ca5da5ee2ee27af0da9d8f97 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:44:11 +0200
Subject: [PATCH 15/23] ma 2 nginx/public_html: publish home
---
makefu/2configs/nginx/public_html.nix | 15 +++++++++++++++
1 file changed, 15 insertions(+)
create mode 100644 makefu/2configs/nginx/public_html.nix
diff --git a/makefu/2configs/nginx/public_html.nix b/makefu/2configs/nginx/public_html.nix
new file mode 100644
index 000000000..9df8351ca
--- /dev/null
+++ b/makefu/2configs/nginx/public_html.nix
@@ -0,0 +1,15 @@
+{ config, lib, ... }:
+
+with config.krebs.lib;
+
+{
+ krebs.nginx = {
+ enable = true;
+ servers.default.locations = [
+ (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
+ alias /home/$1/public_html$2;
+ autoindex on;
+ '')
+ ];
+ };
+}
From ac7cece1d27422ce6b17540618cacc90ac4bfdb0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:52:16 +0200
Subject: [PATCH 16/23] ma 1 omo: cleanup
---
makefu/1systems/omo.nix | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index f0f1d3088..fbd06a9c7 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -44,16 +44,21 @@ in {
../2configs/smart-monitor.nix
../2configs/mail-client.nix
../2configs/share-user-sftp.nix
+ ../2configs/graphite-standalone.nix
../2configs/omo-share.nix
];
+
krebs.retiolum.enable = true;
networking.firewall.trustedInterfaces = [ "enp3s0" ];
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
# tcp:80 - nginx for sharing files
# tcp:655 udp:655 - tinc
- # tcp:8080 - sabnzbd
+ # tcp:8111 - graphite
+ # tcp:9090 - sabnzbd
+ # tcp:9200 - elasticsearch
+ # tcp:5601 - kibana
networking.firewall.allowedUDPPorts = [ 655 ];
- networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
+ networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
# services.openssh.allowSFTP = false;
From ef74e1f71338bba1eb558b63e100c4803c33cd8c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:52:50 +0200
Subject: [PATCH 17/23] ma 2 mail: use mutt, not mutt-kz
---
makefu/2configs/mail-client.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/2configs/mail-client.nix b/makefu/2configs/mail-client.nix
index 793daa6f8..eeade94e8 100644
--- a/makefu/2configs/mail-client.nix
+++ b/makefu/2configs/mail-client.nix
@@ -7,7 +7,7 @@ with config.krebs.lib;
gnupg
imapfilter
msmtp
- mutt-kz
+ mutt
notmuch
offlineimap
openssl
From 3d5c085f100d91543cb0f786337c4f4a1756f216 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:55:01 +0200
Subject: [PATCH 18/23] ma 4 default: prepare backups
---
makefu/4lib/default.nix | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
create mode 100644 makefu/4lib/default.nix
diff --git a/makefu/4lib/default.nix b/makefu/4lib/default.nix
new file mode 100644
index 000000000..5e9ab2087
--- /dev/null
+++ b/makefu/4lib/default.nix
@@ -0,0 +1,30 @@
+{ config, lib, ... }:
+
+with lib;
+let
+ addDefaultTime = bku-entry: recursiveUpdate {
+ snapshots = {
+ daily = { format = "%Y-%m-%d"; retain = 7; };
+ weekly = { format = "%YW%W"; retain = 4; };
+ monthly = { format = "%Y-%m"; retain = 12; };
+ yearly = { format = "%Y"; };
+ };
+ startAt = "5:23";
+ } bku-entry;
+
+ backup-host = config.krebs.hosts.omo;
+ backup-path = "/media/backup";
+in {
+ bku = {
+ inherit addDefaultTime;
+ simplePath = addDefaultTime (path: {
+ method = "pull";
+ src = { host = config.krebs.build.host; inherit path; };
+ dst = {
+ host = backup-host;
+ path = backup-path ++ config.krebs.build.host.name
+ ++ builtins.replaceStrings ["/"] ["-"] path;
+ };
+ });
+ };
+}
From bcb395fa76e35e82b68b16a9d4958087da1a0803 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 7 Apr 2016 11:16:57 +0200
Subject: [PATCH 19/23] exim: 4.86.2 -> 4.87
---
krebs/5pkgs/exim/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/5pkgs/exim/default.nix b/krebs/5pkgs/exim/default.nix
index d8d1f0dc3..0918e308d 100644
--- a/krebs/5pkgs/exim/default.nix
+++ b/krebs/5pkgs/exim/default.nix
@@ -1,11 +1,11 @@
{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }:
stdenv.mkDerivation rec {
- name = "exim-4.86.2";
+ name = "exim-4.87";
src = fetchurl {
url = "http://mirror.switch.ch/ftp/mirror/exim/exim/exim4/${name}.tar.bz2";
- sha256 = "1cvfcc1hi60lydv8h3a2rxlfc0v2nflwpvzjj7h7cdsqs2pxwmkp";
+ sha256 = "1jbxn13shq90kpn0s73qpjnx5xm8jrpwhcwwgqw5s6sdzw6iwsbl";
};
buildInputs = [ coreutils db openssl pcre perl pkgconfig ];
From 43ea1e5ab36b081c6b4776f2729d100c9f13afcd Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 7 Apr 2016 19:54:17 +0200
Subject: [PATCH 20/23] k 3 makefu: add senderechner
---
krebs/3modules/makefu/default.nix | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index b04280848..bd7c0db48 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -543,6 +543,29 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
+ senderechner = rec {
+ cores = 2;
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.0.163"];
+ addrs6 = ["42:b67b:5752:a730:5f28:d80d:6b37:5bda/128"];
+ aliases = [
+ "senderechner.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
+ lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
+ rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
+ inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
+ BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
+ OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
muhbaasu = rec {
cores = 1;
nets = {
From 033bf438bd2ae39d6a465c475500a24514cc2739 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 7 Apr 2016 20:29:07 +0200
Subject: [PATCH 21/23] addr4: str -> mkOptionType
---
krebs/4lib/types.nix | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 32d1daf9d..7255dc3e1 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -186,10 +186,16 @@ types // rec {
};
});
- # TODO
- addr = str;
- addr4 = str;
- addr6 = str;
+ addr = either addr4 addr6;
+ addr4 = mkOptionType {
+ name = "IPv4 address";
+ check = let
+ IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in
+ concatMapStringsSep "." (const d) (range 1 4);
+ in x: match IPv4address != null;
+ merge = mergeOneOption;
+ };
+ addr6 = str; # TODO
pgp-pubkey = str;
From 45bb05d291402b9f8cf6d7227e96a7d07fac2dec Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 8 Apr 2016 16:08:29 +0200
Subject: [PATCH 22/23] ma 5 taskserver: init
will be removed when #14506 is in upstream
---
makefu/5pkgs/default.nix | 1 +
makefu/5pkgs/taskserver/default.nix | 43 +++++++++++++++++++++++++++++
2 files changed, 44 insertions(+)
create mode 100644 makefu/5pkgs/taskserver/default.nix
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 8caab433e..c64ee036e 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -12,5 +12,6 @@ in
nodemcu-uploader = callPackage ./nodemcu-uploader {};
mycube-flask = callPackage ./mycube-flask {};
tw-upload-plugin = callPackage ./tw-upload-plugin {};
+ taskserver = callPackage ./taskserver {};
};
}
diff --git a/makefu/5pkgs/taskserver/default.nix b/makefu/5pkgs/taskserver/default.nix
new file mode 100644
index 000000000..a1502b4d6
--- /dev/null
+++ b/makefu/5pkgs/taskserver/default.nix
@@ -0,0 +1,43 @@
+{ stdenv, fetchurl, cmake, libuuid, gnutls, makeWrapper }:
+
+stdenv.mkDerivation rec {
+ name = "taskserver-${version}";
+ version = "1.1.0";
+
+ enableParallelBuilding = true;
+
+ src = fetchurl {
+ url = "http://www.taskwarrior.org/download/taskd-${version}.tar.gz";
+ sha256 = "1d110q9vw8g5syzihxymik7hd27z1592wkpz55kya6lphzk8i13v";
+ };
+
+ patchPhase = ''
+ pkipath=$out/share/taskd/pki
+ mkdir -p $pkipath
+ cp -r pki/* $pkipath
+ echo "patching paths in pki/generate"
+ sed -i "s#^\.#$pkipath#" $pkipath/generate
+ for f in $pkipath/generate* ;do
+ i=$(basename $f)
+ echo patching $i
+ sed -i \
+ -e 's/which/type -p/g' \
+ -e 's#^\. ./vars#if test -e ./vars;then . ./vars; else echo "cannot find ./vars - copy the template from '$pkipath'/vars into the working directory";exit 1; fi#' $f
+
+ echo wrapping $i
+ makeWrapper $pkipath/$i $out/bin/taskd-pki-$i \
+ --prefix PATH : ${gnutls}/bin/
+ done
+ '';
+
+ buildInputs = [ makeWrapper ];
+ nativeBuildInputs = [ cmake libuuid gnutls ];
+
+ meta = {
+ description = "Server for synchronising Taskwarrior clients";
+ homepage = http://taskwarrior.org;
+ license = stdenv.lib.licenses.mit;
+ platforms = stdenv.lib.platforms.linux;
+ maintainers = with stdenv.lib.maintainers; [ matthiasbeyer makefu ];
+ };
+}
From 6f4bc4b34c3cbac56f6a23740dca566980823990 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 10 Apr 2016 23:24:15 +0200
Subject: [PATCH 23/23] makefu: init taskserver, keep an eye on
https://github.com/NixOS/nixpkgs/pull/14476
---
makefu/1systems/gum.nix | 4 +++
makefu/3modules/default.nix | 1 +
makefu/3modules/taskserver.nix | 60 ++++++++++++++++++++++++++++++++++
makefu/5pkgs/default.nix | 2 +-
4 files changed, 66 insertions(+), 1 deletion(-)
create mode 100644 makefu/3modules/taskserver.nix
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 710421659..96a5f4854 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -41,6 +41,8 @@ in {
];
};
+ makefu.taskserver.enable = true;
+
krebs.nginx.servers.cgit = {
server-names = [ "cgit.euer.krebsco.de" ];
listen = [ "${external-ip}:80" "${internal-ip}:80" ];
@@ -86,6 +88,8 @@ in {
21032
# tinc-retiolum
21031
+ # taskserver
+ 53589
];
allowedUDPPorts = [
# tinc
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index f007a8418..0a10b1532 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -4,6 +4,7 @@ _:
imports = [
./snapraid.nix
./umts.nix
+ ./taskserver.nix
];
}
diff --git a/makefu/3modules/taskserver.nix b/makefu/3modules/taskserver.nix
new file mode 100644
index 000000000..41247fff3
--- /dev/null
+++ b/makefu/3modules/taskserver.nix
@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+ cfg = config.makefu.taskserver;
+
+ out = {
+ options.makefu.taskserver = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "taskserver";
+
+ workingDir = mkOption {
+ type = types.str;
+ default = "/var/lib/taskserver";
+ };
+
+ package = mkOption {
+ type = types.package;
+ default = pkgs.taskserver;
+ };
+
+
+ };
+
+ imp = {
+ environment.systemPackages = [ cfg.package ];
+ systemd.services.taskserver = {
+ description = "taskd server";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ restartIfChanged = true;
+ unitConfig = {
+ Documentation = "http://taskwarrior.org/docs/#taskd" ;
+ # https://taskwarrior.org/docs/taskserver/configure.html
+ ConditionPathExists = "${cfg.workingDir}/config";
+ };
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}";
+ WorkingDirectory = cfg.workingDir;
+ PrivateTmp = true;
+ InaccessibleDirectories = "/home /boot /opt /mnt /media";
+ User = "taskd";
+ };
+ };
+
+ users.users.taskd = {
+ uid = genid "taskd";
+ home = cfg.workingDir;
+ createHome = true;
+ };
+ users.groups.taskd.gid = genid "taskd";
+ };
+
+in
+out
+
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index c64ee036e..fff92725e 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -9,8 +9,8 @@ in
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
awesomecfg = callPackage ./awesomecfg {};
- nodemcu-uploader = callPackage ./nodemcu-uploader {};
mycube-flask = callPackage ./mycube-flask {};
+ nodemcu-uploader = callPackage ./nodemcu-uploader {};
tw-upload-plugin = callPackage ./tw-upload-plugin {};
taskserver = callPackage ./taskserver {};
};