Merge remote-tracking branch 'orange/master'
This commit is contained in:
commit
7be9bfdc55
|
@ -233,29 +233,6 @@ in {
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
|
||||||
syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR";
|
syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR";
|
||||||
};
|
};
|
||||||
arcadeomat = {
|
|
||||||
ci = true;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.77.67";
|
|
||||||
aliases = [
|
|
||||||
"arcadeomat.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb
|
|
||||||
HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7
|
|
||||||
apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg
|
|
||||||
4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk
|
|
||||||
7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH
|
|
||||||
8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
Ed25519PublicKey = n/HMlgTTyLa0fcXqSBO/G6sVOUYh2yZ5PfU4vLI9CJO
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOu6EVN3928qWiWszqBUzOjeQJRvFozTBl4xAhBP/Ymc";
|
|
||||||
};
|
|
||||||
wolf = {
|
wolf = {
|
||||||
ci = true;
|
ci = true;
|
||||||
nets = {
|
nets = {
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{ r6, w6, ... }:
|
{ r6, w6, ... }:
|
||||||
{
|
{
|
||||||
|
ci = false;
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.0.77";
|
ip4.addr = "10.243.0.77";
|
||||||
|
|
|
@ -9,6 +9,7 @@
|
||||||
|
|
||||||
hostDefaults = hostName: host: foldl' recursiveUpdate {} [
|
hostDefaults = hostName: host: foldl' recursiveUpdate {} [
|
||||||
{
|
{
|
||||||
|
ci = false;
|
||||||
owner = config.krebs.users.makefu;
|
owner = config.krebs.users.makefu;
|
||||||
}
|
}
|
||||||
# Retiolum defaults
|
# Retiolum defaults
|
||||||
|
@ -60,13 +61,11 @@
|
||||||
in {
|
in {
|
||||||
hosts = mapAttrs hostDefaults {
|
hosts = mapAttrs hostDefaults {
|
||||||
cake = rec {
|
cake = rec {
|
||||||
ci = false;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.136.236";
|
retiolum.ip4.addr = "10.243.136.236";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
crapi = rec { # raspi1
|
crapi = rec { # raspi1
|
||||||
ci = false;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.136.237";
|
retiolum.ip4.addr = "10.243.136.237";
|
||||||
};
|
};
|
||||||
|
@ -83,25 +82,21 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
studio = rec {
|
studio = rec {
|
||||||
ci = false;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.227.163";
|
retiolum.ip4.addr = "10.243.227.163";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
fileleech = rec {
|
fileleech = rec {
|
||||||
ci = false;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.113.98";
|
retiolum.ip4.addr = "10.243.113.98";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
tsp = {
|
tsp = {
|
||||||
ci = true;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.0.212";
|
retiolum.ip4.addr = "10.243.0.212";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
x = {
|
x = {
|
||||||
ci = true;
|
|
||||||
syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5";
|
syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5";
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.0.91";
|
retiolum.ip4.addr = "10.243.0.91";
|
||||||
|
@ -113,14 +108,12 @@ in {
|
||||||
|
|
||||||
};
|
};
|
||||||
filepimp = rec {
|
filepimp = rec {
|
||||||
ci = false;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.153.102";
|
retiolum.ip4.addr = "10.243.153.102";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
omo = rec {
|
omo = rec {
|
||||||
ci = true;
|
|
||||||
syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
|
syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
|
||||||
nets = {
|
nets = {
|
||||||
wiregrill = {
|
wiregrill = {
|
||||||
|
@ -143,7 +136,6 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
wbob = rec {
|
wbob = rec {
|
||||||
ci = true;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.214.15";
|
ip4.addr = "10.243.214.15";
|
||||||
|
@ -163,7 +155,6 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
latte = rec {
|
latte = rec {
|
||||||
ci = true;
|
|
||||||
extraZones = {
|
extraZones = {
|
||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
latte.euer IN A ${nets.internet.ip4.addr}
|
latte.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
@ -201,7 +192,6 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
gum = rec {
|
gum = rec {
|
||||||
ci = true;
|
|
||||||
extraZones = {
|
extraZones = {
|
||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
rss.euer IN A ${nets.internet.ip4.addr}
|
rss.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
@ -305,7 +295,6 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
sdev = rec {
|
sdev = rec {
|
||||||
ci = true;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.83.237";
|
retiolum.ip4.addr = "10.243.83.237";
|
||||||
};
|
};
|
||||||
|
|
|
@ -92,7 +92,7 @@ in
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.161.1";
|
ip4.addr = "10.243.161.1";
|
||||||
aliases = [ "sicily.xkey.r" "mukke.r" ];
|
aliases = [ "sicily.xkey.r" "mukke.r" "bie.r" ];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg
|
MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg
|
||||||
|
|
|
@ -1,82 +0,0 @@
|
||||||
{ config,lib, pkgs, ... }:
|
|
||||||
let
|
|
||||||
shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
|
|
||||||
ext-if = "et0";
|
|
||||||
external-mac = "52:54:b0:0b:af:fe";
|
|
||||||
mainUser = "krebs";
|
|
||||||
|
|
||||||
in
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./hw.nix
|
|
||||||
../../../krebs
|
|
||||||
../../../krebs/2configs
|
|
||||||
|
|
||||||
#../../../krebs/2configs/binary-cache/nixos.nix
|
|
||||||
#../../../krebs/2configs/binary-cache/prism.nix
|
|
||||||
|
|
||||||
../../../krebs/2configs/shack/ssh-keys.nix
|
|
||||||
../../../krebs/2configs/save-diskspace.nix
|
|
||||||
../../../krebs/2configs/shack/prometheus/node.nix
|
|
||||||
|
|
||||||
];
|
|
||||||
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
|
||||||
# apt-cacher-ng in first place)
|
|
||||||
|
|
||||||
# local discovery in shackspace
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
|
||||||
krebs.tinc.retiolum.extraConfig = "TCPOnly = yes";
|
|
||||||
|
|
||||||
|
|
||||||
#networking = {
|
|
||||||
# firewall.enable = false;
|
|
||||||
# firewall.allowedTCPPorts = [ 8088 8086 8083 ];
|
|
||||||
# interfaces."${ext-if}".ipv4.addresses = [
|
|
||||||
# {
|
|
||||||
# address = shack-ip;
|
|
||||||
# prefixLength = 20;
|
|
||||||
# }
|
|
||||||
# ];
|
|
||||||
|
|
||||||
# defaultGateway = "10.42.0.1";
|
|
||||||
# nameservers = [ "10.42.0.100" "10.42.0.200" ];
|
|
||||||
#};
|
|
||||||
|
|
||||||
#####################
|
|
||||||
# uninteresting stuff
|
|
||||||
#####################
|
|
||||||
krebs.build.host = config.krebs.hosts.arcadeomat;
|
|
||||||
users.users."${mainUser}" = {
|
|
||||||
uid = 9001;
|
|
||||||
extraGroups = [ "audio" "video" ];
|
|
||||||
isNormalUser = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
|
|
||||||
# avahi
|
|
||||||
services.avahi = {
|
|
||||||
enable = true;
|
|
||||||
wideArea = false;
|
|
||||||
};
|
|
||||||
environment.systemPackages = with pkgs;[ glxinfo sdlmame ];
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_340;
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_5_4;
|
|
||||||
|
|
||||||
services.xserver = {
|
|
||||||
videoDrivers = [ "nvidia" ];
|
|
||||||
enable = true;
|
|
||||||
windowManager = {
|
|
||||||
awesome.enable = true;
|
|
||||||
awesome.noArgb = true;
|
|
||||||
awesome.luaModules = [ pkgs.luaPackages.vicious ];
|
|
||||||
};
|
|
||||||
displayManager.defaultSession = lib.mkDefault "none+awesome";
|
|
||||||
displayManager.autoLogin = {
|
|
||||||
enable = true;
|
|
||||||
user = mainUser;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,25 +0,0 @@
|
||||||
|
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usbhid" "sd_mod" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "/dev/disk/by-uuid/0aae456e-0548-4917-a282-11d5d4e403cf";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
boot.loader.grub.enable = true;
|
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.device = "/dev/sda";
|
|
||||||
boot.loader.grub.copyKernels = true;
|
|
||||||
|
|
||||||
}
|
|
91
krebs/2configs/agenda.html
Normal file
91
krebs/2configs/agenda.html
Normal file
|
@ -0,0 +1,91 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Agenda</title>
|
||||||
|
<meta charset="utf-8" />
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||||
|
<style>
|
||||||
|
html {
|
||||||
|
font-family: monospace;
|
||||||
|
}
|
||||||
|
|
||||||
|
dt {
|
||||||
|
float: left;
|
||||||
|
clear: left;
|
||||||
|
width: 30px;
|
||||||
|
text-align: right;
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
|
||||||
|
dd {
|
||||||
|
margin: 0 0 0 40px;
|
||||||
|
padding: 0 0 0.5em 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.date {
|
||||||
|
color: grey;
|
||||||
|
font-style: italic;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<dl id="agenda"></dl>
|
||||||
|
<script>
|
||||||
|
const urlSearchParams = new URLSearchParams(window.location.search);
|
||||||
|
const params = Object.fromEntries(urlSearchParams.entries());
|
||||||
|
|
||||||
|
if (params.hasOwnProperty("style")) {
|
||||||
|
const cssUrls = params["style"].split(" ").filter((x) => x.length > 0);
|
||||||
|
for (const cssUrl of cssUrls)
|
||||||
|
fetch(cssUrl)
|
||||||
|
.then((response) =>
|
||||||
|
response.text().then((css) => {
|
||||||
|
const title = document.getElementsByTagName("head")[0];
|
||||||
|
const style = document.createElement("style");
|
||||||
|
style.appendChild(document.createTextNode(css));
|
||||||
|
title.appendChild(style);
|
||||||
|
})
|
||||||
|
)
|
||||||
|
.catch(console.log);
|
||||||
|
}
|
||||||
|
|
||||||
|
fetch("/agenda.json")
|
||||||
|
.then((response) => {
|
||||||
|
response.json().then((agenda) => {
|
||||||
|
const dl = document.getElementById("agenda");
|
||||||
|
for (const agendaItem of agenda) {
|
||||||
|
if (agendaItem.status !== "pending") continue;
|
||||||
|
// task warrior date format to ISO
|
||||||
|
const entryDate = agendaItem.entry.replace(
|
||||||
|
/(\d{4})(\d{2})(\d{2})T(\d{2})(\d{2})(\d{2})Z/,
|
||||||
|
"$1-$2-$3T$4:$5:$6Z"
|
||||||
|
);
|
||||||
|
|
||||||
|
const dt = document.createElement("dt");
|
||||||
|
dt.className = "id";
|
||||||
|
dt.appendChild(document.createTextNode(agendaItem.id.toString()));
|
||||||
|
dl.appendChild(dt);
|
||||||
|
|
||||||
|
const spanDate = document.createElement("span");
|
||||||
|
spanDate.className = "date";
|
||||||
|
spanDate.title = new Date(entryDate).toString();
|
||||||
|
spanDate.appendChild(document.createTextNode(entryDate));
|
||||||
|
|
||||||
|
const link = document.createElement("a");
|
||||||
|
link.href = "http://wiki.r/agenda/" + encodeURIComponent(agendaItem.description.replaceAll("/", "\u29F8")); // we use big solidus instead of slash because gollum will create directories
|
||||||
|
link.appendChild(document.createTextNode(agendaItem.description));
|
||||||
|
|
||||||
|
const dd = document.createElement("dd");
|
||||||
|
dd.className = "description";
|
||||||
|
dd.appendChild(link);
|
||||||
|
dd.appendChild(document.createTextNode(" "));
|
||||||
|
dd.appendChild(spanDate);
|
||||||
|
|
||||||
|
dl.appendChild(dd);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
})
|
||||||
|
.then((data) => console.log(data));
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -28,7 +28,7 @@ let
|
||||||
amt=$2
|
amt=$2
|
||||||
unit=$3
|
unit=$3
|
||||||
printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
|
printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
|
||||||
${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
|
${pkgs.hledger}/bin/hledger -f "$state_file" bal -N -O csv \
|
||||||
| ${pkgs.coreutils}/bin/tail +2 \
|
| ${pkgs.coreutils}/bin/tail +2 \
|
||||||
| ${pkgs.miller}/bin/mlr --icsv --opprint cat \
|
| ${pkgs.miller}/bin/mlr --icsv --opprint cat \
|
||||||
| ${pkgs.gnugrep}/bin/grep "$_from"
|
| ${pkgs.gnugrep}/bin/grep "$_from"
|
||||||
|
@ -483,113 +483,49 @@ in {
|
||||||
''}'';
|
''}'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx.virtualHosts."agenda.r" = {
|
||||||
virtualHosts."agenda.r" = {
|
serverAliases = [ "kri.r" ];
|
||||||
serverAliases = [ "kri.r" ];
|
locations."= /index.html".extraConfig = ''
|
||||||
locations."= /index.html".extraConfig = ''
|
alias ./agenda.html;
|
||||||
alias ${pkgs.writeText "agenda.html" ''
|
'';
|
||||||
<!DOCTYPE html>
|
locations."/agenda.json".extraConfig = ''
|
||||||
<html>
|
proxy_set_header Host $host;
|
||||||
<head>
|
proxy_pass http://localhost:8009;
|
||||||
<title>Agenda</title>
|
'';
|
||||||
<meta charset="utf-8" />
|
extraConfig = ''
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
<style>
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||||
html {
|
'';
|
||||||
font-family: monospace;
|
};
|
||||||
}
|
|
||||||
|
|
||||||
dt {
|
krebs.htgen.bedger = {
|
||||||
float: left;
|
port = 8011;
|
||||||
clear: left;
|
user = {
|
||||||
width: 30px;
|
name = "reaktor2";
|
||||||
text-align: right;
|
home = stateDir;
|
||||||
font-weight: bold;
|
|
||||||
}
|
|
||||||
|
|
||||||
dd {
|
|
||||||
margin: 0 0 0 40px;
|
|
||||||
padding: 0 0 0.5em 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
.date {
|
|
||||||
color: grey;
|
|
||||||
font-style: italic;
|
|
||||||
}
|
|
||||||
</style>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<dl id="agenda"></dl>
|
|
||||||
<script>
|
|
||||||
const urlSearchParams = new URLSearchParams(window.location.search);
|
|
||||||
const params = Object.fromEntries(urlSearchParams.entries());
|
|
||||||
|
|
||||||
if (params.hasOwnProperty("style")) {
|
|
||||||
const cssUrls = params["style"].split(" ").filter((x) => x.length > 0);
|
|
||||||
for (const cssUrl of cssUrls)
|
|
||||||
fetch(cssUrl)
|
|
||||||
.then((response) =>
|
|
||||||
response.text().then((css) => {
|
|
||||||
const title = document.getElementsByTagName("head")[0];
|
|
||||||
const style = document.createElement("style");
|
|
||||||
style.appendChild(document.createTextNode(css));
|
|
||||||
title.appendChild(style);
|
|
||||||
})
|
|
||||||
)
|
|
||||||
.catch(console.log);
|
|
||||||
}
|
|
||||||
|
|
||||||
fetch("/agenda.json")
|
|
||||||
.then((response) => {
|
|
||||||
response.json().then((agenda) => {
|
|
||||||
const dl = document.getElementById("agenda");
|
|
||||||
for (const agendaItem of agenda) {
|
|
||||||
if (agendaItem.status !== "pending") continue;
|
|
||||||
// task warrior date format to ISO
|
|
||||||
const entryDate = agendaItem.entry.replace(
|
|
||||||
/(\d{4})(\d{2})(\d{2})T(\d{2})(\d{2})(\d{2})Z/,
|
|
||||||
"$1-$2-$3T$4:$5:$6Z"
|
|
||||||
);
|
|
||||||
|
|
||||||
const dt = document.createElement("dt");
|
|
||||||
dt.className = "id";
|
|
||||||
dt.appendChild(document.createTextNode(agendaItem.id.toString()));
|
|
||||||
dl.appendChild(dt);
|
|
||||||
|
|
||||||
const spanDate = document.createElement("span");
|
|
||||||
spanDate.className = "date";
|
|
||||||
spanDate.title = new Date(entryDate).toString();
|
|
||||||
spanDate.appendChild(document.createTextNode(entryDate));
|
|
||||||
|
|
||||||
const link = document.createElement("a");
|
|
||||||
link.href = "http://wiki.r/agenda/" + encodeURIComponent(agendaItem.description.replaceAll("/", "\u29F8")); // we use big solidus instead of slash because gollum will create directories
|
|
||||||
link.appendChild(document.createTextNode(agendaItem.description));
|
|
||||||
|
|
||||||
const dd = document.createElement("dd");
|
|
||||||
dd.className = "description";
|
|
||||||
dd.appendChild(link);
|
|
||||||
dd.appendChild(document.createTextNode(" "));
|
|
||||||
dd.appendChild(spanDate);
|
|
||||||
|
|
||||||
dl.appendChild(dd);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
})
|
|
||||||
.then((data) => console.log(data));
|
|
||||||
</script>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
||||||
''};
|
|
||||||
'';
|
|
||||||
locations."/agenda.json".extraConfig = ''
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://localhost:8009;
|
|
||||||
'';
|
|
||||||
extraConfig = ''
|
|
||||||
add_header 'Access-Control-Allow-Origin' '*';
|
|
||||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
script = ''. ${pkgs.writers.writeDash "bedger" ''
|
||||||
|
case "$Method" in
|
||||||
|
"GET")
|
||||||
|
printf 'HTTP/1.1 200 OK\r\n'
|
||||||
|
printf 'Connection: close\r\n'
|
||||||
|
printf '\r\n'
|
||||||
|
${pkgs.hledger}/bin/hledger -f ${stateDir}/ledger bal -N -O json
|
||||||
|
exit
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
''}'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."hotdog.r" = {
|
||||||
|
locations."/bedger.json".extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://localhost:8011;
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.reaktor2-r.serviceConfig.DynamicUser = mkForce false;
|
systemd.services.reaktor2-r.serviceConfig.DynamicUser = mkForce false;
|
||||||
|
@ -597,7 +533,7 @@ in {
|
||||||
krebs.reaktor2 = {
|
krebs.reaktor2 = {
|
||||||
hackint = {
|
hackint = {
|
||||||
hostname = "irc.hackint.org";
|
hostname = "irc.hackint.org";
|
||||||
nick = "reaktor2|krebs";
|
nick = "reaktor";
|
||||||
plugins = [
|
plugins = [
|
||||||
{
|
{
|
||||||
plugin = "register";
|
plugin = "register";
|
||||||
|
@ -617,7 +553,7 @@ in {
|
||||||
port = "6697";
|
port = "6697";
|
||||||
};
|
};
|
||||||
r = {
|
r = {
|
||||||
nick = "reaktor2|krebs";
|
nick = "reaktor";
|
||||||
sendDelaySec = null;
|
sendDelaySec = null;
|
||||||
plugins = [
|
plugins = [
|
||||||
{
|
{
|
||||||
|
|
|
@ -22,7 +22,17 @@ case "$Method $abs_path" in
|
||||||
printf 'Connection: close\r\n'
|
printf 'Connection: close\r\n'
|
||||||
printf 'Content-Length: %d\r\n' $(wc -c < $item)
|
printf 'Content-Length: %d\r\n' $(wc -c < $item)
|
||||||
printf '\r\n'
|
printf '\r\n'
|
||||||
cat $item
|
cat "$item"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
"DELETE /"[0-9a-z]*)
|
||||||
|
if item=$(find_item ${abs_path#/}); then
|
||||||
|
printf 'HTTP/1.1 200 OK\r\n'
|
||||||
|
printf 'Server: %s\r\n' "$Server"
|
||||||
|
printf 'Connection: close\r\n'
|
||||||
|
printf '\r\n'
|
||||||
|
rm "$item"
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
|
@ -275,7 +275,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
|
||||||
} ./get_constellations.py} ${pkgs.fetchurl {
|
} ./get_constellations.py} ${pkgs.fetchurl {
|
||||||
url = "https://raw.githubusercontent.com/ofrohn/d3-celestial/d2e20e104b86429d90ac8227a5b021262b45d75a/data/constellations.lines.json";
|
url = "https://raw.githubusercontent.com/ofrohn/d3-celestial/d2e20e104b86429d90ac8227a5b021262b45d75a/data/constellations.lines.json";
|
||||||
sha256 = "0g71fdrnxvxd6pcqvihj2q9iaynrl7px45kzw6qm1kymynz6ckr9";
|
sha256 = "0g71fdrnxvxd6pcqvihj2q9iaynrl7px45kzw6qm1kymynz6ckr9";
|
||||||
}} > constellations.arcs
|
}} > constellations.arcs || : # seems like astropy doesn't want to convert from icrs to itrs anymore
|
||||||
|
|
||||||
xplanet --num_times 1 --geometry $xplanet_out_size \
|
xplanet --num_times 1 --geometry $xplanet_out_size \
|
||||||
--output xplanet-krebs-stars-output.png --projection merc \
|
--output xplanet-krebs-stars-output.png --projection merc \
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs",
|
"url": "https://github.com/NixOS/nixpkgs",
|
||||||
"rev": "b12803b6d90e2e583429bb79b859ca53c348b39a",
|
"rev": "2a9d660ff0f7ffde9d73be328ee6e6f10ef66b28",
|
||||||
"date": "2023-07-24T08:16:24+02:00",
|
"date": "2023-07-28T14:55:37+02:00",
|
||||||
"path": "/nix/store/786lhas0jmp3nihbb28pbp7sm1sjzsy7-nixpkgs",
|
"path": "/nix/store/38nmp3rkbjic5dm6g9qp4ldwi7pr602p-nixpkgs",
|
||||||
"sha256": "1l9sa8hd242xrb2j18mj4f62f3cw0bf5pafp58gdl0jkl61dpapr",
|
"sha256": "0c2x3bcal4kyxgf6i408622zqvxamz986h11z8zjvd7gc8y4wxn7",
|
||||||
|
"hash": "sha256-x3ZOPGLvtC0/+iFAg9Kvqm/8hTAIkGjc634SqtgaXTA=",
|
||||||
"fetchLFS": false,
|
"fetchLFS": false,
|
||||||
"fetchSubmodules": false,
|
"fetchSubmodules": false,
|
||||||
"deepClone": false,
|
"deepClone": false,
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs",
|
"url": "https://github.com/NixOS/nixpkgs",
|
||||||
"rev": "98da3dd0de6660d4abed7bb74e748694bd803413",
|
"rev": "48e82fe1b1c863ee26a33ce9bd39621d2ada0a33",
|
||||||
"date": "2023-07-12T12:54:32+08:00",
|
"date": "2023-07-28T18:34:19+03:00",
|
||||||
"path": "/nix/store/h9ncvz7aq1aqhjmxngnnhwaw359prh2g-nixpkgs",
|
"path": "/nix/store/pgqfg8ip3lv0lr6mpwh558npz3c1wwcr-nixpkgs",
|
||||||
"sha256": "0qzflsmxfgqz07jlx7njfsq752n1la8a6007mmx7rvqspp30g6j1",
|
"sha256": "0d7na9ygda2r7gs3gbixd9gvcxgdv84993cilkj86bcwbpbg4vp5",
|
||||||
|
"hash": "sha256-5W7y1l2cLYPkpJGNlAja7XW2X2o9rjf0O1mo9nxS9jQ=",
|
||||||
"fetchLFS": false,
|
"fetchLFS": false,
|
||||||
"fetchSubmodules": false,
|
"fetchSubmodules": false,
|
||||||
"deepClone": false,
|
"deepClone": false,
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{ config, lib, pkgs, ... }: let
|
{ config, lib, pkgs, ... }: let
|
||||||
vpnIp = "85.202.81.161";
|
vpnPort = 1637;
|
||||||
|
torrentport = 56709; # port forwarded in airvpn webinterface
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass>
|
<stockholm/lass>
|
||||||
|
@ -18,99 +19,22 @@ in {
|
||||||
networking.useHostResolvConf = false;
|
networking.useHostResolvConf = false;
|
||||||
networking.useNetworkd = true;
|
networking.useNetworkd = true;
|
||||||
|
|
||||||
services.openvpn.servers.nordvpn.config = ''
|
networking.wg-quick.interfaces.airvpn.configFile = "/var/src/secrets/airvpn.conf";
|
||||||
client
|
services.transmission.settings.peer-port = torrentport;
|
||||||
dev tun
|
|
||||||
proto udp
|
|
||||||
remote ${vpnIp} 1194
|
|
||||||
resolv-retry infinite
|
|
||||||
remote-random
|
|
||||||
nobind
|
|
||||||
tun-mtu 1500
|
|
||||||
tun-mtu-extra 32
|
|
||||||
mssfix 1450
|
|
||||||
persist-key
|
|
||||||
persist-tun
|
|
||||||
ping 15
|
|
||||||
ping-restart 15
|
|
||||||
ping-timer-rem
|
|
||||||
reneg-sec 0
|
|
||||||
comp-lzo no
|
|
||||||
|
|
||||||
remote-cert-tls server
|
|
||||||
|
|
||||||
auth-user-pass ${toString <secrets/nordvpn.txt>}
|
|
||||||
verb 3
|
|
||||||
pull
|
|
||||||
fast-io
|
|
||||||
cipher AES-256-CBC
|
|
||||||
auth SHA512
|
|
||||||
|
|
||||||
<ca>
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
|
|
||||||
MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
|
|
||||||
MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
|
|
||||||
BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
|
|
||||||
hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
|
|
||||||
kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
|
|
||||||
XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
|
|
||||||
eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
|
|
||||||
skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
|
|
||||||
MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
|
|
||||||
37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
|
|
||||||
hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
|
|
||||||
Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
|
|
||||||
WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
|
|
||||||
MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
|
|
||||||
LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
|
|
||||||
SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
|
|
||||||
nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
|
|
||||||
k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
|
|
||||||
DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
|
|
||||||
pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
|
|
||||||
k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
|
|
||||||
+RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
|
|
||||||
NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
|
|
||||||
wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
|
|
||||||
VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
|
|
||||||
PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
</ca>
|
|
||||||
key-direction 1
|
|
||||||
<tls-auth>
|
|
||||||
#
|
|
||||||
# 2048 bit OpenVPN static key
|
|
||||||
#
|
|
||||||
-----BEGIN OpenVPN Static key V1-----
|
|
||||||
e685bdaf659a25a200e2b9e39e51ff03
|
|
||||||
0fc72cf1ce07232bd8b2be5e6c670143
|
|
||||||
f51e937e670eee09d4f2ea5a6e4e6996
|
|
||||||
5db852c275351b86fc4ca892d78ae002
|
|
||||||
d6f70d029bd79c4d1c26cf14e9588033
|
|
||||||
cf639f8a74809f29f72b9d58f9b8f5fe
|
|
||||||
fc7938eade40e9fed6cb92184abb2cc1
|
|
||||||
0eb1a296df243b251df0643d53724cdb
|
|
||||||
5a92a1d6cb817804c4a9319b57d53be5
|
|
||||||
80815bcfcb2df55018cc83fc43bc7ff8
|
|
||||||
2d51f9b88364776ee9d12fc85cc7ea5b
|
|
||||||
9741c4f598c485316db066d52db4540e
|
|
||||||
212e1518a9bd4828219e24b20d88f598
|
|
||||||
a196c9de96012090e333519ae18d3509
|
|
||||||
9427e7b372d348d352dc4c85e18cd4b9
|
|
||||||
3f8a56ddb2e64eb67adfc9b337157ff4
|
|
||||||
-----END OpenVPN Static key V1-----
|
|
||||||
</tls-auth>
|
|
||||||
'';
|
|
||||||
|
|
||||||
|
# only allow traffic through openvpn
|
||||||
krebs.iptables = {
|
krebs.iptables = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-i airvpn -p tcp --dport ${toString torrentport}"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i airvpn -p udp --dport ${toString torrentport}"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
tables.filter.OUTPUT = {
|
tables.filter.OUTPUT = {
|
||||||
policy = "DROP";
|
policy = "DROP";
|
||||||
rules = [
|
rules = [
|
||||||
{ predicate = "-o lo"; target = "ACCEPT"; }
|
{ predicate = "-o lo"; target = "ACCEPT"; }
|
||||||
{ v6 = false; predicate = "-d ${vpnIp}/32"; target = "ACCEPT"; }
|
{ predicate = "-p udp --dport ${toString vpnPort}"; target = "ACCEPT"; }
|
||||||
{ predicate = "-o tun0"; target = "ACCEPT"; }
|
{ predicate = "-o airvpn"; target = "ACCEPT"; }
|
||||||
{ predicate = "-o retiolum"; target = "ACCEPT"; }
|
{ predicate = "-o retiolum"; target = "ACCEPT"; }
|
||||||
{ v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; }
|
||||||
{ v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; }
|
||||||
|
|
|
@ -51,6 +51,18 @@
|
||||||
#enable automatic rehashing of $PATH
|
#enable automatic rehashing of $PATH
|
||||||
zstyle ':completion:*' rehash true
|
zstyle ':completion:*' rehash true
|
||||||
|
|
||||||
|
# fancy mv which interactively gets the second argument if not given
|
||||||
|
function mv() {
|
||||||
|
if [[ "$#" -ne 1 ]] || [[ ! -e "$1" ]]; then
|
||||||
|
command mv -v "$@"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
newfilename="$1"
|
||||||
|
vared newfilename
|
||||||
|
command mv -v -- "$1" "$newfilename"
|
||||||
|
}
|
||||||
|
|
||||||
#beautiful colors
|
#beautiful colors
|
||||||
eval $(dircolors -b ${pkgs.fetchFromGitHub {
|
eval $(dircolors -b ${pkgs.fetchFromGitHub {
|
||||||
owner = "trapd00r";
|
owner = "trapd00r";
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
{
|
|
||||||
user = "password";
|
|
||||||
}
|
|
|
@ -1 +0,0 @@
|
||||||
"derp"
|
|
|
@ -1 +0,0 @@
|
||||||
dickbutt2342.onion
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
MATRIX_TOKEN="a";
|
|
||||||
MATRIX_ID="b";
|
|
||||||
}
|
|
|
@ -1 +0,0 @@
|
||||||
""
|
|
|
@ -1 +0,0 @@
|
||||||
{}
|
|
|
@ -1,2 +0,0 @@
|
||||||
{
|
|
||||||
}
|
|
|
@ -1 +0,0 @@
|
||||||
""
|
|
|
@ -1,5 +0,0 @@
|
||||||
{
|
|
||||||
adminUser = "dick";
|
|
||||||
adminPassword = "butt";
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
{
|
|
||||||
username = "bob";
|
|
||||||
password = "rob";
|
|
||||||
}
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
{}
|
|
|
@ -1 +0,0 @@
|
||||||
{}
|
|
|
@ -1 +0,0 @@
|
||||||
""
|
|
|
@ -1,5 +0,0 @@
|
||||||
{
|
|
||||||
"platform": "polling",
|
|
||||||
"api_key": "1:A",
|
|
||||||
"allowed_chat_ids": [ 0, 1 ]
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
username = "lol";
|
|
||||||
password = "wut";
|
|
||||||
}
|
|
|
@ -1 +0,0 @@
|
||||||
"derp"
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
"dick" = "butt";
|
|
||||||
}
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
{}
|
|
|
@ -1 +0,0 @@
|
||||||
"derp"
|
|
|
@ -1 +0,0 @@
|
||||||
{ "lol" = "wut"; }
|
|
|
@ -1 +0,0 @@
|
||||||
{ "lol" = "wut"; }
|
|
|
@ -1,3 +0,0 @@
|
||||||
{
|
|
||||||
"dick.nsupdate.info" = "butt";
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
db.username = "photoprism";
|
|
||||||
db.password = "photoprism";
|
|
||||||
}
|
|
|
@ -1 +0,0 @@
|
||||||
"lol"
|
|
|
@ -1,6 +0,0 @@
|
||||||
{
|
|
||||||
number = "+1dotdotdot";
|
|
||||||
home = "group.ABCDE";
|
|
||||||
felix = "group.ABCDE";
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,2 +0,0 @@
|
||||||
TONIE_AUDIO_MATCH_USER=
|
|
||||||
TONIE_AUDIO_MATCH_PASS=
|
|
|
@ -1 +0,0 @@
|
||||||
"$6$lol"
|
|
|
@ -1,6 +0,0 @@
|
||||||
{
|
|
||||||
mqtt.password = "hass";
|
|
||||||
mqtt.username = "hass";
|
|
||||||
zigbee.network_key = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ];
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
let
|
|
||||||
primaryInterface = "eth0";
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
./hardware-config.nix
|
|
||||||
<stockholm/makefu/2configs/home-manager>
|
|
||||||
<stockholm/makefu/2configs/home/3dprint.nix>
|
|
||||||
#./hardware-config.nix
|
|
||||||
{ environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];}
|
|
||||||
# <stockholm/makefu/2configs/tools/core.nix>
|
|
||||||
<stockholm/makefu/2configs/binary-cache/nixos.nix>
|
|
||||||
#<stockholm/makefu/2configs/support-nixos.nix>
|
|
||||||
# <stockholm/makefu/2configs/homeautomation/default.nix>
|
|
||||||
# <stockholm/makefu/2configs/homeautomation/google-muell.nix>
|
|
||||||
# <stockholm/makefu/2configs/hw/pseyecam.nix>
|
|
||||||
# configure your hw:
|
|
||||||
# <stockholm/makefu/2configs/save-diskspace.nix>
|
|
||||||
|
|
||||||
# directly use the alsa device instead of attaching to pulse
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/audio/respeaker.nix>
|
|
||||||
<stockholm/makefu/2configs/home/rhasspy/default.nix>
|
|
||||||
<stockholm/makefu/2configs/home/rhasspy/led-control.nix>
|
|
||||||
];
|
|
||||||
krebs = {
|
|
||||||
enable = true;
|
|
||||||
tinc.retiolum.enable = true;
|
|
||||||
build.host = config.krebs.hosts.cake;
|
|
||||||
};
|
|
||||||
# ensure disk usage is limited
|
|
||||||
services.journald.extraConfig = "Storage=volatile";
|
|
||||||
networking.firewall.trustedInterfaces = [ primaryInterface ];
|
|
||||||
documentation.info.enable = false;
|
|
||||||
documentation.man.enable = false;
|
|
||||||
documentation.nixos.enable = false;
|
|
||||||
}
|
|
|
@ -1,15 +0,0 @@
|
||||||
{ pkgs, lib, ... }:
|
|
||||||
{
|
|
||||||
environment.systemPackages = [ pkgs.libraspberrypi ];
|
|
||||||
imports = [ <nixos-hardware/raspberry-pi/4> ];
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_rpi4;
|
|
||||||
fileSystems = {
|
|
||||||
"/" = {
|
|
||||||
device = "/dev/disk/by-label/NIXOS_SD";
|
|
||||||
fsType = "ext4";
|
|
||||||
options = [ "noatime" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
hardware.raspberry-pi."4".fkms-3d.enable = true;
|
|
||||||
hardware.raspberry-pi."4".audio.enable = true;
|
|
||||||
}
|
|
|
@ -1,6 +0,0 @@
|
||||||
{
|
|
||||||
name="cake";
|
|
||||||
full = true;
|
|
||||||
home-manager = true;
|
|
||||||
hw = true;
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
1. flash arm6 image from https://www.cs.helsinki.fi/u/tmtynkky/nixos-arm/installer/ to sdcard
|
|
||||||
2. passwd; systemctl start sshd; mkdir /var/src ; touch /var/src/.populate
|
|
||||||
3. "environment.systemPackages = [ pkgs.rsync pkgs.git ];" in /etc/nixos/configuration.nix
|
|
||||||
5. nixos-rebuild switch --fast --option binary-caches http://nixos-arm.dezgeg.me/channel --option binary-cache-public-keys nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%
|
|
|
@ -1,15 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
./hardware-config.nix
|
|
||||||
<stockholm/makefu/2configs>
|
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
|
||||||
<stockholm/makefu/2configs/save-diskspace.nix>
|
|
||||||
|
|
||||||
];
|
|
||||||
krebs.build.host = config.krebs.hosts.crapi;
|
|
||||||
|
|
||||||
services.openssh.enable = true;
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,39 +0,0 @@
|
||||||
{ pkgs, lib, ... }:
|
|
||||||
{
|
|
||||||
#raspi1
|
|
||||||
boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ];
|
|
||||||
|
|
||||||
boot.loader.grub.enable = false;
|
|
||||||
boot.loader.raspberryPi.enable = true;
|
|
||||||
boot.loader.raspberryPi.version = 1;
|
|
||||||
boot.loader.raspberryPi.uboot.enable = true;
|
|
||||||
boot.loader.raspberryPi.uboot.configurationLimit = 1;
|
|
||||||
boot.loader.generationsDir.enable = lib.mkDefault false;
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
boot.cleanTmpDir = true;
|
|
||||||
environment.systemPackages = [ pkgs.raspberrypi-tools ];
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_rpi;
|
|
||||||
|
|
||||||
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
|
|
||||||
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
|
|
||||||
|
|
||||||
fileSystems = {
|
|
||||||
"/boot" = {
|
|
||||||
device = "/dev/disk/by-label/NIXOS_BOOT";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
"/" = {
|
|
||||||
device = "/dev/disk/by-label/NIXOS_SD";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
system.activationScripts.create-swap = ''
|
|
||||||
if [ ! -e /swapfile ]; then
|
|
||||||
fallocate -l 2G /swapfile
|
|
||||||
mkswap /swapfile
|
|
||||||
chmod 600 /swapfile
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
swapDevices = [ { device = "/swapfile"; size = 4096; } ];
|
|
||||||
}
|
|
|
@ -1,3 +0,0 @@
|
||||||
{
|
|
||||||
arm6 = true;
|
|
||||||
}
|
|
|
@ -1,76 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
let
|
|
||||||
# all the good stuff resides in /data
|
|
||||||
|
|
||||||
byid = dev: "/dev/disk/by-id/" + dev;
|
|
||||||
rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN";
|
|
||||||
bootPart = rootDisk + "-part1";
|
|
||||||
rootPart = rootDisk + "-part2";
|
|
||||||
|
|
||||||
allDisks = [ rootDisk ]; # auxDisk
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
|
|
||||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
|
||||||
<stockholm/makefu/2configs/zsh-user.nix>
|
|
||||||
<stockholm/makefu/2configs/smart-monitor.nix>
|
|
||||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
|
||||||
# <stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
|
||||||
<stockholm/makefu/2configs/tools/core.nix>
|
|
||||||
<stockholm/makefu/2configs/stats/client.nix>
|
|
||||||
# <stockholm/makefu/2configs/nsupdate-data.nix>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/share/anon-ftp.nix>
|
|
||||||
|
|
||||||
# lan party
|
|
||||||
<stockholm/makefu/2configs/lanparty/lancache.nix>
|
|
||||||
<stockholm/makefu/2configs/lanparty/lancache-dns.nix>
|
|
||||||
<stockholm/makefu/2configs/lanparty/samba.nix>
|
|
||||||
<stockholm/makefu/2configs/lanparty/mumble-server.nix>
|
|
||||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#networking.firewall.enable = false;
|
|
||||||
makefu.server.primary-itf = "enp0s25";
|
|
||||||
# krebs.hidden-ssh.enable = true;
|
|
||||||
boot.kernelModules = [ "coretemp" "f71882fg" ];
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
networking = {
|
|
||||||
wireless.enable = true;
|
|
||||||
firewall = {
|
|
||||||
allowPing = true;
|
|
||||||
logRefusedConnections = false;
|
|
||||||
# trustedInterfaces = [ "eno1" ];
|
|
||||||
allowedUDPPorts = [ 80 655 1655 67 ];
|
|
||||||
allowedTCPPorts = [ 80 655 1655 ];
|
|
||||||
};
|
|
||||||
# fallback connection to the internal virtual network
|
|
||||||
# interfaces.virbr3.ip4 = [{
|
|
||||||
# address = "10.8.8.2";
|
|
||||||
# prefixLength = 24;
|
|
||||||
# }];
|
|
||||||
};
|
|
||||||
|
|
||||||
# TODO smartd omo darth gum all-in-one
|
|
||||||
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
|
||||||
|
|
||||||
boot.loader.grub.device = rootDisk;
|
|
||||||
boot.initrd.luks.devices = [
|
|
||||||
{ name = "luksroot";
|
|
||||||
device = rootPart;
|
|
||||||
allowDiscards = true;
|
|
||||||
keyFileSize = 4096;
|
|
||||||
keyFile = "/dev/sdb";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.darth;
|
|
||||||
}
|
|
|
@ -1,3 +0,0 @@
|
||||||
{
|
|
||||||
name="darth";
|
|
||||||
}
|
|
|
@ -1,40 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
let
|
|
||||||
external-ip = "45.55.145.62";
|
|
||||||
default-gw = "45.55.128.1";
|
|
||||||
prefixLength = 18;
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
<stockholm/makefu/2configs/hw/CAC.nix>
|
|
||||||
<stockholm/makefu/2configs/save-diskspace.nix>
|
|
||||||
<stockholm/makefu/2configs/torrent.nix>
|
|
||||||
];
|
|
||||||
krebs = {
|
|
||||||
enable = true;
|
|
||||||
tinc.retiolum.enable = true;
|
|
||||||
build.host = config.krebs.hosts.drop;
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.loader.grub.device = "/dev/vda";
|
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ];
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/vda1";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
firewall = {
|
|
||||||
allowPing = true;
|
|
||||||
logRefusedConnections = false;
|
|
||||||
allowedTCPPorts = [ ];
|
|
||||||
allowedUDPPorts = [ 655 ];
|
|
||||||
};
|
|
||||||
interfaces.enp0s3.ipv4.addresses = [{
|
|
||||||
address = external-ip;
|
|
||||||
inherit prefixLength;
|
|
||||||
}];
|
|
||||||
defaultGateway = default-gw;
|
|
||||||
nameservers = [ "8.8.8.8" ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
name="drop";
|
|
||||||
torrent = true;
|
|
||||||
}
|
|
|
@ -1,174 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
let
|
|
||||||
toMapper = id: "/media/crypt${builtins.toString id}";
|
|
||||||
byid = dev: "/dev/disk/by-id/" + dev;
|
|
||||||
keyFile = byid "usb-Intuix_DiskOnKey_09A07360336198F8-0:0";
|
|
||||||
rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
|
|
||||||
rootPartition = rootDisk + "-part3";
|
|
||||||
|
|
||||||
dataDisks = let
|
|
||||||
idpart = dev: byid dev + "-part1";
|
|
||||||
in [
|
|
||||||
{ name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";}
|
|
||||||
{ name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";}
|
|
||||||
{ name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";}
|
|
||||||
{ name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";}
|
|
||||||
{ name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";}
|
|
||||||
{ name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";}
|
|
||||||
{ name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";}
|
|
||||||
{ name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity
|
|
||||||
];
|
|
||||||
|
|
||||||
disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks;
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
|
||||||
<stockholm/makefu/2configs/disable_v6.nix>
|
|
||||||
<stockholm/makefu/2configs/torrent.nix>
|
|
||||||
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
|
|
||||||
|
|
||||||
#<stockholm/makefu/2configs/elchos/irc-token.nix>
|
|
||||||
# <stockholm/makefu/2configs/elchos/log.nix>
|
|
||||||
# <stockholm/makefu/2configs/elchos/search.nix>
|
|
||||||
# <stockholm/makefu/2configs/elchos/stats.nix>
|
|
||||||
|
|
||||||
];
|
|
||||||
systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
|
|
||||||
systemd.services.graphiteApi.serviceConfig.LimitNOFILE=10032;
|
|
||||||
systemd.services.carbonCache.serviceConfig.LimitNOFILE=10032;
|
|
||||||
makefu.server.primary-itf = "enp8s0f0";
|
|
||||||
krebs = {
|
|
||||||
enable = true;
|
|
||||||
build.host = config.krebs.hosts.fileleech;
|
|
||||||
};
|
|
||||||
# git clone https://github.com/makefu/docker-pyload
|
|
||||||
# docker build .
|
|
||||||
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload
|
|
||||||
|
|
||||||
virtualisation.docker.enable = true; # for pyload
|
|
||||||
networking.firewall.allowPing = true;
|
|
||||||
networking.firewall.logRefusedConnections = false;
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
|
||||||
51412 # torrent
|
|
||||||
8112 # rutorrent-web
|
|
||||||
8113 # pyload
|
|
||||||
8080 # sabnzbd
|
|
||||||
9090 # sabnzbd-ssl
|
|
||||||
655 # tinc
|
|
||||||
21 # ftp
|
|
||||||
];
|
|
||||||
services.nginx.virtualHosts._download = {
|
|
||||||
default = true;
|
|
||||||
root = config.makefu.dl-dir;
|
|
||||||
extraConfig = ''
|
|
||||||
autoindex on;
|
|
||||||
'';
|
|
||||||
basicAuth = import <secrets/kibana-auth.nix>;
|
|
||||||
};
|
|
||||||
networking.firewall.allowedUDPPorts = [
|
|
||||||
655 # tinc
|
|
||||||
51412 # torrent
|
|
||||||
];
|
|
||||||
|
|
||||||
services.vsftpd.enable = true;
|
|
||||||
services.vsftpd.localUsers = true;
|
|
||||||
services.vsftpd.userlist = [ "download" ];
|
|
||||||
services.vsftpd.userlistEnable = true;
|
|
||||||
# services.vsftpd.chrootlocalUser = true;
|
|
||||||
|
|
||||||
services.sabnzbd.enable = true;
|
|
||||||
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
|
||||||
|
|
||||||
# TODO use users.motd and pam.services.sshd.showMotd
|
|
||||||
services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" ''
|
|
||||||
Services:
|
|
||||||
ssh://download@fileleech - ssh via filebitch
|
|
||||||
ftp://download@fileleech - access to ${config.makefu.dl-dir}
|
|
||||||
http://fileleech:8112 - rutorrent
|
|
||||||
http://fileleech:8113 - pyload
|
|
||||||
https://fileleech:9090 - sabnzb
|
|
||||||
''; in "Banner ${banner}";
|
|
||||||
|
|
||||||
boot.initrd.luks = {
|
|
||||||
devices = let
|
|
||||||
usbkey = name: device: {
|
|
||||||
inherit name device keyFile;
|
|
||||||
keyFileSize = 4096;
|
|
||||||
allowDiscards = true;
|
|
||||||
};
|
|
||||||
in builtins.map (x: usbkey x.name x.device) disks;
|
|
||||||
};
|
|
||||||
environment.systemPackages = with pkgs;[ mergerfs ];
|
|
||||||
|
|
||||||
fileSystems = let
|
|
||||||
cryptMount = name:
|
|
||||||
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
|
|
||||||
in cryptMount "crypt0"
|
|
||||||
// cryptMount "crypt1"
|
|
||||||
// cryptMount "crypt2"
|
|
||||||
// cryptMount "crypt3"
|
|
||||||
// cryptMount "crypt4"
|
|
||||||
// cryptMount "crypt5"
|
|
||||||
// cryptMount "crypt6"
|
|
||||||
// cryptMount "crypt7"
|
|
||||||
|
|
||||||
# this entry sometimes creates issues
|
|
||||||
// { "/media/cryptX" = {
|
|
||||||
device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 4 5 6 ]);
|
|
||||||
fsType = "mergerfs";
|
|
||||||
noCheck = true;
|
|
||||||
options = [ "defaults" "nofail" "allow_other" "nonempty" ]; };
|
|
||||||
}
|
|
||||||
|
|
||||||
;
|
|
||||||
makefu.dl-dir = "/media/cryptX";
|
|
||||||
users.users.download = {
|
|
||||||
useDefaultShell = true;
|
|
||||||
# name = "download";
|
|
||||||
# createHome = true;
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
config.krebs.users.makefu.pubkey
|
|
||||||
config.krebs.users.lass.pubkey
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClaVl9Fwp4wdGLeTZdfy5MpJf+hM6fpL1k6UmtYXWgVYU7tgmStdlpLlbyMQspoFRtT7/76n4kPwCmM0c82xNXaJJMuWa98pwMp+bAwSSdOGAP/vjfzL/TUAX+Xtrw6ehF7r1O+zqw/E/bWt6UezKj08wDLWjByzdDQwslJV6lrGek4mmYRdgmHHeZ1oG89ePEZJZOM6jcZqv0AfIj0NID3ir9Z0kz9uSSXb1279Qt4953mfjs5xwhtc1B7vrxJ3qtTZUsBoAkUkLeulUEIjkfn60wvDGu/66GP5ZClXyk2gck/ZNmtFYrQoqx9EtF1KK02cC17A0nfRySQy5BnfWn root@filebitch"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
makefu.snapraid = {
|
|
||||||
enable = true;
|
|
||||||
disks = map toMapper [ 0 1 2 3 4 5 6 ];
|
|
||||||
parity = toMapper 7;
|
|
||||||
};
|
|
||||||
networking.nameservers = [ "8.8.8.8" ];
|
|
||||||
# SPF
|
|
||||||
networking.defaultGateway = "151.217.176.1";
|
|
||||||
networking.interfaces.enp6s0f0.ipv4.addresses = [{
|
|
||||||
address = "151.217.178.63";
|
|
||||||
prefixLength = 22;
|
|
||||||
}];
|
|
||||||
|
|
||||||
# Gigabit
|
|
||||||
networking.interfaces.enp8s0f1.ipv4.addresses = [{
|
|
||||||
address = "192.168.126.1";
|
|
||||||
prefixLength = 24;
|
|
||||||
}];
|
|
||||||
|
|
||||||
#interfaces.enp6s0f1.ip4 = [{
|
|
||||||
# address = external-ip;
|
|
||||||
# prefixLength = 22;
|
|
||||||
#}];
|
|
||||||
|
|
||||||
boot.loader.grub.device = rootDisk;
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "aacraid" "usb_storage" "usbhid" ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
# http://blog.hackathon.de/using-unsupported-sfp-modules-with-linux.html
|
|
||||||
boot.extraModprobeConfig = ''
|
|
||||||
options ixgbe allow_unsupported_sfp=1
|
|
||||||
'';
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
name = "fileleech";
|
|
||||||
torrent = true;
|
|
||||||
}
|
|
|
@ -1,22 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
# nix-shell -p wol --run 'wol C8:CB:B8:CF:E4:DC --passwd=CA-FE-BA-BE-13-37'
|
|
||||||
let
|
|
||||||
itf = config.makefu.server.primary-itf;
|
|
||||||
in {
|
|
||||||
imports =
|
|
||||||
[ # Include the results of the hardware scan.
|
|
||||||
./hw.nix
|
|
||||||
<stockholm/makefu>
|
|
||||||
<stockholm/makefu/2configs/home-manager>
|
|
||||||
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
|
||||||
<stockholm/makefu/2configs/smart-monitor.nix>
|
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
|
||||||
<stockholm/makefu/2configs/filepimp-share.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.filepimp;
|
|
||||||
|
|
||||||
networking.firewall.trustedInterfaces = [ itf ];
|
|
||||||
networking.interfaces.${itf}.wakeOnLan.enable = true;
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,83 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
byid = dev: "/dev/disk/by-id/" + dev;
|
|
||||||
part1 = disk: disk + "-part1";
|
|
||||||
rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890";
|
|
||||||
primary-interface = "enp3s0"; # c8:cb:b8:cf:e4:dc
|
|
||||||
# N54L Chassis:
|
|
||||||
# ____________________
|
|
||||||
# |______FRONT_______|
|
|
||||||
# | [ ]|
|
|
||||||
# | [ d1 d0 d3 d4 ]|
|
|
||||||
# |___[_____________]|
|
|
||||||
jDisk1 = byid "ata-ST4000DM000-1F2168_Z3040NEA";
|
|
||||||
|
|
||||||
# transfer to omo
|
|
||||||
jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
|
|
||||||
jDisk2 = byid "ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E0621363";
|
|
||||||
jDisk3 = byid "ata-TOSHIBA_MD04ACA400_156GK89OFSBA";
|
|
||||||
allDisks = [ rootDisk jDisk0 jDisk1 jDisk2 jDisk3 ];
|
|
||||||
in {
|
|
||||||
boot = {
|
|
||||||
loader.grub.device = rootDisk;
|
|
||||||
|
|
||||||
initrd.availableKernelModules = [
|
|
||||||
"ahci"
|
|
||||||
"ohci_pci"
|
|
||||||
"ehci_pci"
|
|
||||||
"pata_atiixp"
|
|
||||||
"usb_storage"
|
|
||||||
"usbhid"
|
|
||||||
];
|
|
||||||
|
|
||||||
kernelModules = [ "kvm-amd" ];
|
|
||||||
extraModulePackages = [ ];
|
|
||||||
};
|
|
||||||
makefu.server.primary-itf = primary-interface;
|
|
||||||
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
hardware.cpu.amd.updateMicrocode = true;
|
|
||||||
|
|
||||||
zramSwap.enable = true;
|
|
||||||
|
|
||||||
makefu.snapraid = let
|
|
||||||
toMedia = name: "/media/" + name;
|
|
||||||
in {
|
|
||||||
enable = true;
|
|
||||||
# todo combine creation when enabling the mount point
|
|
||||||
disks = map toMedia [
|
|
||||||
"j0"
|
|
||||||
"j1"
|
|
||||||
"j2"
|
|
||||||
];
|
|
||||||
parity = toMedia "par0";
|
|
||||||
};
|
|
||||||
# TODO: refactor, copy-paste from omo
|
|
||||||
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
|
||||||
powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
|
|
||||||
${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
|
|
||||||
${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
|
|
||||||
${pkgs.hdparm}/sbin/hdparm -y ${disk}
|
|
||||||
'') allDisks);
|
|
||||||
fileSystems = let
|
|
||||||
xfsmount = name: dev:
|
|
||||||
{ "/media/${name}" = {
|
|
||||||
device = dev; fsType = "xfs";
|
|
||||||
options = [ "nofail" ];
|
|
||||||
}; };
|
|
||||||
tomedia = id: "/media/${id}";
|
|
||||||
in
|
|
||||||
(xfsmount "j0" (part1 jDisk0)) //
|
|
||||||
(xfsmount "j1" (part1 jDisk1)) //
|
|
||||||
(xfsmount "j2" (part1 jDisk2)) //
|
|
||||||
(xfsmount "par0" (part1 jDisk3)) //
|
|
||||||
{ "/media/jX" = {
|
|
||||||
device = (lib.concatMapStringsSep ":" (d: (tomedia d)) ["j0" "j1" "j2" ]);
|
|
||||||
fsType = "mergerfs";
|
|
||||||
noCheck = true;
|
|
||||||
options = [ "defaults" "allow_other" "nofail" "nonempty" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
environment.systemPackages = [ pkgs.mergerfs ];
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
name="filepimp";
|
|
||||||
home-manager = true;
|
|
||||||
}
|
|
|
@ -1,25 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
let
|
|
||||||
primaryInterface = "eth0";
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
./hardware-config.nix
|
|
||||||
# <stockholm/makefu/2configs/tools/core.nix>
|
|
||||||
{ environment.systemPackages = with pkgs;[ rsync screen curl git ];}
|
|
||||||
<stockholm/makefu/2configs/binary-cache/nixos.nix>
|
|
||||||
#<stockholm/makefu/2configs/support-nixos.nix>
|
|
||||||
# configure your hw:
|
|
||||||
# <stockholm/makefu/2configs/save-diskspace.nix>
|
|
||||||
];
|
|
||||||
krebs = {
|
|
||||||
enable = true;
|
|
||||||
tinc.retiolum.enable = true;
|
|
||||||
build.host = config.krebs.hosts.firecracker;
|
|
||||||
};
|
|
||||||
networking.firewall.trustedInterfaces = [ primaryInterface ];
|
|
||||||
documentation.info.enable = false;
|
|
||||||
documentation.man.enable = false;
|
|
||||||
services.nixosManual.enable = false;
|
|
||||||
sound.enable = false;
|
|
||||||
}
|
|
|
@ -1,30 +0,0 @@
|
||||||
{ pkgs, lib, ... }:
|
|
||||||
{
|
|
||||||
boot.kernelParams = lib.mkForce ["console=ttyS2,1500000n8" "earlycon=uart8250,mmio32,0xff1a0000" "earlyprintk"];
|
|
||||||
boot.loader.grub.enable = false;
|
|
||||||
boot.loader.generic-extlinux-compatible.enable = true;
|
|
||||||
boot.loader.generic-extlinux-compatible.configurationLimit = 1;
|
|
||||||
boot.loader.generationsDir.enable = lib.mkDefault false;
|
|
||||||
boot.supportedFilesystems = lib.mkForce [ "vfat" ];
|
|
||||||
|
|
||||||
boot.tmpOnTmpfs = lib.mkForce false;
|
|
||||||
boot.cleanTmpDir = true;
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
|
|
||||||
## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
||||||
networking.wireless.enable = true;
|
|
||||||
# File systems configuration for using the installer's partition layout
|
|
||||||
swapDevices = [ { device = "/var/swap"; size = 4096; } ];
|
|
||||||
fileSystems = {
|
|
||||||
"/boot" = {
|
|
||||||
device = "/dev/disk/by-label/NIXOS_BOOT";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
"/" = {
|
|
||||||
device = "/dev/disk/by-label/NIXOS_SD";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
name="cake";
|
|
||||||
full = true;
|
|
||||||
}
|
|
|
@ -1,261 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
let
|
|
||||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
|
||||||
ext-if = config.makefu.server.primary-itf;
|
|
||||||
allDisks = [ "/dev/sda" "/dev/sdb" ];
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
./hetznercloud
|
|
||||||
{
|
|
||||||
# wait for mount
|
|
||||||
systemd.services.rtorrent.wantedBy = lib.mkForce [];
|
|
||||||
systemd.services.phpfpm-nextcloud.wantedBy = lib.mkForce [];
|
|
||||||
systemd.services.samba-smbd.wantedBy = lib.mkForce [];
|
|
||||||
}
|
|
||||||
{
|
|
||||||
users.users.lass = {
|
|
||||||
uid = 19002;
|
|
||||||
isNormalUser = true;
|
|
||||||
createHome = true;
|
|
||||||
useDefaultShell = true;
|
|
||||||
openssh.authorizedKeys.keys = with config.krebs.users; [
|
|
||||||
lass.pubkey
|
|
||||||
makefu.pubkey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
<stockholm/makefu/2configs/nur.nix>
|
|
||||||
<stockholm/makefu/2configs/support-nixos.nix>
|
|
||||||
<stockholm/makefu/2configs/nix-community/supervision.nix>
|
|
||||||
<stockholm/makefu/2configs/home-manager>
|
|
||||||
<stockholm/makefu/2configs/home-manager/cli.nix>
|
|
||||||
# <stockholm/makefu/2configs/stats/client.nix>
|
|
||||||
<stockholm/makefu/2configs/share>
|
|
||||||
<stockholm/makefu/2configs/share/hetzner-client.nix>
|
|
||||||
# <stockholm/makefu/2configs/stats/netdata-server.nix>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/headless.nix>
|
|
||||||
|
|
||||||
# Security
|
|
||||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
|
||||||
|
|
||||||
# Tools
|
|
||||||
<stockholm/makefu/2configs/tools/core.nix>
|
|
||||||
<stockholm/makefu/2configs/tools/dev.nix>
|
|
||||||
<stockholm/makefu/2configs/tools/sec.nix>
|
|
||||||
#<stockholm/makefu/2configs/tools/desktop.nix>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/zsh-user.nix>
|
|
||||||
<stockholm/makefu/2configs/mosh.nix>
|
|
||||||
<stockholm/makefu/2configs/storj/forward-port.nix>
|
|
||||||
# <stockholm/makefu/2configs/gui/xpra.nix>
|
|
||||||
|
|
||||||
# networking
|
|
||||||
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
|
||||||
#<stockholm/makefu/2configs/dnscrypt/server.nix>
|
|
||||||
# <stockholm/makefu/2configs/iodined.nix>
|
|
||||||
# <stockholm/makefu/2configs/backup.nix>
|
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
|
||||||
{ # bonus retiolum config for connecting more hosts
|
|
||||||
krebs.tinc.retiolum = {
|
|
||||||
#extraConfig = lib.mkForce ''
|
|
||||||
# ListenAddress = ${external-ip} 53
|
|
||||||
# ListenAddress = ${external-ip} 655
|
|
||||||
# ListenAddress = ${external-ip} 21031
|
|
||||||
# StrictSubnets = yes
|
|
||||||
# LocalDiscovery = no
|
|
||||||
#'';
|
|
||||||
connectTo = [
|
|
||||||
"prism" "ni" "enklave" "eve" "dishfire"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
networking.firewall = {
|
|
||||||
allowedTCPPorts =
|
|
||||||
[
|
|
||||||
53
|
|
||||||
655
|
|
||||||
21031
|
|
||||||
];
|
|
||||||
allowedUDPPorts =
|
|
||||||
[
|
|
||||||
53
|
|
||||||
655
|
|
||||||
21031
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
# ci
|
|
||||||
# <stockholm/makefu/2configs/exim-retiolum.nix>
|
|
||||||
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
|
||||||
|
|
||||||
### systemdUltras ###
|
|
||||||
<stockholm/makefu/2configs/systemdultras/ircbot.nix>
|
|
||||||
|
|
||||||
###### Shack #####
|
|
||||||
# <stockholm/makefu/2configs/shack/events-publisher>
|
|
||||||
# <stockholm/makefu/2configs/shack/gitlab-runner>
|
|
||||||
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
|
||||||
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
|
|
||||||
<stockholm/makefu/2configs/taskd.nix>
|
|
||||||
|
|
||||||
# services
|
|
||||||
<stockholm/makefu/2configs/bitlbee.nix> # postgres backend
|
|
||||||
# <stockholm/makefu/2configs/sabnzbd.nix>
|
|
||||||
# <stockholm/makefu/2configs/mail/mail.euer.nix>
|
|
||||||
{ krebs.exim.enable = mkDefault true; }
|
|
||||||
<stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
|
|
||||||
|
|
||||||
# sharing
|
|
||||||
<stockholm/makefu/2configs/share/gum.nix> # samba sahre
|
|
||||||
<stockholm/makefu/2configs/torrent/rtorrent.nix>
|
|
||||||
# <stockholm/makefu/2configs/sickbeard>
|
|
||||||
|
|
||||||
{ nixpkgs.config.allowUnfree = true; }
|
|
||||||
#<stockholm/makefu/2configs/retroshare.nix>
|
|
||||||
## <stockholm/makefu/2configs/ipfs.nix>
|
|
||||||
#<stockholm/makefu/2configs/syncthing.nix>
|
|
||||||
# <stockholm/makefu/2configs/sync>
|
|
||||||
# <stockholm/makefu/2configs/opentracker.nix>
|
|
||||||
|
|
||||||
|
|
||||||
## network
|
|
||||||
# <stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
|
||||||
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
|
||||||
<stockholm/makefu/2configs/binary-cache/server.nix>
|
|
||||||
{ makefu.backup.server.repo = "/var/backup/borg"; }
|
|
||||||
<stockholm/makefu/2configs/backup/server.nix>
|
|
||||||
<stockholm/makefu/2configs/backup/state.nix>
|
|
||||||
<stockholm/makefu/2configs/wireguard/server.nix>
|
|
||||||
<stockholm/makefu/2configs/wireguard/wiregrill.nix>
|
|
||||||
|
|
||||||
{ # recent changes mediawiki bot
|
|
||||||
networking.firewall.allowedUDPPorts = [ 5005 5006 ];
|
|
||||||
}
|
|
||||||
# Removed until move: no extra mails
|
|
||||||
# <stockholm/makefu/2configs/urlwatch>
|
|
||||||
# Removed until move: avoid letsencrypt ban
|
|
||||||
### Web
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/bitwarden.nix> # postgres backend
|
|
||||||
<stockholm/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix> # postgres backend
|
|
||||||
<stockholm/makefu/2configs/deployment/rss/ratt.nix>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/deployment/ntfysh.nix>
|
|
||||||
<stockholm/makefu/2configs/deployment/owncloud.nix> #postgres backend
|
|
||||||
### Moving owncloud data dir to /media/cloud/nextcloud-data
|
|
||||||
{
|
|
||||||
users.users.nextcloud.extraGroups = [ "download" ];
|
|
||||||
# nextcloud-setup fails as it cannot set permissions for nextcloud
|
|
||||||
systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1";
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"L /var/lib/nextcloud/data - - - - /media/cloud/nextcloud-data"
|
|
||||||
"L /var/backup - - - - /media/cloud/gum-backup"
|
|
||||||
];
|
|
||||||
#fileSystems."/var/lib/nextcloud/data" = {
|
|
||||||
# device = "/media/cloud/nextcloud-data";
|
|
||||||
# options = [ "bind" ];
|
|
||||||
#};
|
|
||||||
#fileSystems."/var/backup" = {
|
|
||||||
# device = "/media/cloud/gum-backup";
|
|
||||||
# options = [ "bind" ];
|
|
||||||
#};
|
|
||||||
}
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/nginx/dl.euer.krebsco.de.nix>
|
|
||||||
#<stockholm/makefu/2configs/nginx/euer.test.nix>
|
|
||||||
<stockholm/makefu/2configs/nginx/euer.mon.nix>
|
|
||||||
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
|
|
||||||
<stockholm/makefu/2configs/nginx/euer.blog.nix>
|
|
||||||
<stockholm/makefu/2configs/nginx/music.euer.nix>
|
|
||||||
## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
|
|
||||||
#<stockholm/makefu/2configs/nginx/public_html.nix>
|
|
||||||
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
|
||||||
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
|
|
||||||
# <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
|
|
||||||
# <stockholm/makefu/2configs/nginx/iso.euer.nix>
|
|
||||||
|
|
||||||
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
|
||||||
# <stockholm/makefu/2configs/deployment/graphs.nix>
|
|
||||||
#<stockholm/makefu/2configs/deployment/owncloud.nix>
|
|
||||||
# <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix>
|
|
||||||
#<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de>
|
|
||||||
<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
|
||||||
<stockholm/makefu/2configs/deployment/gecloudpad>
|
|
||||||
#<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
|
|
||||||
<stockholm/makefu/2configs/deployment/mediengewitter.de.nix>
|
|
||||||
<stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix>
|
|
||||||
# <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/shiori.nix>
|
|
||||||
#<stockholm/makefu/2configs/workadventure>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
|
|
||||||
<stockholm/makefu/2configs/bgt/hidden_service.nix>
|
|
||||||
<stockholm/makefu/2configs/bgt/backup.nix>
|
|
||||||
# <stockholm/makefu/2configs/bgt/social-to-irc.nix>
|
|
||||||
|
|
||||||
# <stockholm/makefu/2configs/logging/client.nix>
|
|
||||||
|
|
||||||
# sharing
|
|
||||||
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
|
||||||
{ krebs.airdcpp.dcpp.shares = {
|
|
||||||
download.path = config.makefu.dl-dir + "/finished";
|
|
||||||
sorted.path = config.makefu.dl-dir + "/sorted";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
<stockholm/makefu/2configs/dcpp/hub.nix>
|
|
||||||
|
|
||||||
## Temporary:
|
|
||||||
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
|
||||||
# <stockholm/makefu/2configs/virtualisation/docker.nix>
|
|
||||||
#<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
|
||||||
|
|
||||||
# krebs infrastructure services
|
|
||||||
# <stockholm/makefu/2configs/stats/server.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
# makefu.dl-dir = "/var/download";
|
|
||||||
makefu.dl-dir = "/media/cloud/download/finished";
|
|
||||||
|
|
||||||
services.openssh.hostKeys = lib.mkForce [
|
|
||||||
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
|
|
||||||
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
|
|
||||||
###### stable
|
|
||||||
security.acme.certs."cgit.euer.krebsco.de" = {
|
|
||||||
email = "letsencrypt@syntax-fehler.de";
|
|
||||||
webroot = "/var/lib/acme/acme-challenge";
|
|
||||||
group = "nginx";
|
|
||||||
};
|
|
||||||
services.nginx.virtualHosts."cgit" = {
|
|
||||||
serverAliases = [ "cgit.euer.krebsco.de" ];
|
|
||||||
addSSL = true;
|
|
||||||
sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem";
|
|
||||||
sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem";
|
|
||||||
locations."/.well-known/acme-challenge".extraConfig = ''
|
|
||||||
root /var/lib/acme/acme-challenge;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.gum;
|
|
||||||
|
|
||||||
# Network
|
|
||||||
networking = {
|
|
||||||
firewall = {
|
|
||||||
allowedTCPPorts = [
|
|
||||||
80 443
|
|
||||||
28967 # storj
|
|
||||||
];
|
|
||||||
allowPing = true;
|
|
||||||
logRefusedConnections = false;
|
|
||||||
};
|
|
||||||
nameservers = [ "8.8.8.8" ];
|
|
||||||
};
|
|
||||||
users.users.makefu.extraGroups = [ "download" "nginx" ];
|
|
||||||
state = [ "/home/makefu/.weechat" ];
|
|
||||||
}
|
|
|
@ -1,116 +0,0 @@
|
||||||
{ config, ... }:
|
|
||||||
let
|
|
||||||
external-mac = "50:46:5d:9f:63:6b";
|
|
||||||
main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
|
|
||||||
sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
|
|
||||||
external-gw = "144.76.26.225";
|
|
||||||
# single partition, label "nixos"
|
|
||||||
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
|
|
||||||
|
|
||||||
|
|
||||||
# static
|
|
||||||
external-ip = "144.76.26.247";
|
|
||||||
external-ip6 = "2a01:4f8:191:12f6::2";
|
|
||||||
external-gw6 = "fe80::1";
|
|
||||||
external-netmask = 27;
|
|
||||||
external-netmask6 = 64;
|
|
||||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
|
||||||
ext-if = "et0"; # gets renamed on the fly
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu/2configs/smart-monitor.nix>
|
|
||||||
{ services.smartd.devices = builtins.map (x: { device = x; }) allDisks; }
|
|
||||||
|
|
||||||
];
|
|
||||||
makefu.server.primary-itf = ext-if;
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
|
|
||||||
'';
|
|
||||||
networking = {
|
|
||||||
interfaces."${ext-if}" = {
|
|
||||||
ipv4.addresses = [{
|
|
||||||
address = external-ip;
|
|
||||||
prefixLength = external-netmask;
|
|
||||||
}];
|
|
||||||
ipv6.addresses = [{
|
|
||||||
address = external-ip6;
|
|
||||||
prefixLength = external-netmask6;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
defaultGateway6 = { address = external-gw6; interface = ext-if; };
|
|
||||||
defaultGateway = external-gw;
|
|
||||||
};
|
|
||||||
boot.kernelParams = [ ];
|
|
||||||
boot.loader.grub.enable = true;
|
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.devices = [ main-disk ];
|
|
||||||
boot.initrd.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" ];
|
|
||||||
boot.initrd.availableKernelModules = [
|
|
||||||
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
|
|
||||||
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
|
|
||||||
];
|
|
||||||
boot.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" "kvm-intel" ];
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/nixos/root";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/var/lib" = {
|
|
||||||
device = "/dev/nixos/lib";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/var/log" = {
|
|
||||||
device = "/dev/nixos/log";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/var/download" = {
|
|
||||||
device = "/dev/nixos/download";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/var/www/binaergewitter" = {
|
|
||||||
device = "/dev/nixos/binaergewitter";
|
|
||||||
fsType = "ext4";
|
|
||||||
options = [ "nofail" ];
|
|
||||||
};
|
|
||||||
fileSystems."/var/lib/nextcloud/data" = {
|
|
||||||
device = "/dev/nixos/nextcloud";
|
|
||||||
fsType = "ext4";
|
|
||||||
options = [ "nofail" ];
|
|
||||||
};
|
|
||||||
fileSystems."/var/lib/borgbackup" = {
|
|
||||||
device = "/dev/nixos/backup";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/boot" = {
|
|
||||||
device = "/dev/sda2";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
# parted -s -a optimal "$disk" \
|
|
||||||
# mklabel gpt \
|
|
||||||
# mkpart no-fs 0 1024KiB \
|
|
||||||
# set 1 bios_grub on \
|
|
||||||
# mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
|
|
||||||
# mkpart primary 1025MiB 100%
|
|
||||||
# parted -s -a optimal "/dev/sdb" \
|
|
||||||
# mklabel gpt \
|
|
||||||
# mkpart primary 1M 100%
|
|
||||||
|
|
||||||
#mkfs.vfat /dev/sda2
|
|
||||||
#pvcreate /dev/sda3
|
|
||||||
#pvcreate /dev/sdb1
|
|
||||||
#vgcreate nixos /dev/sda3 /dev/sdb1
|
|
||||||
#lvcreate -L 120G -m 1 -n root nixos
|
|
||||||
#lvcreate -L 50G -m 1 -n lib nixos
|
|
||||||
#lvcreate -L 100G -n download nixos
|
|
||||||
#lvcreate -L 100G -n backup nixos
|
|
||||||
#mkfs.ext4 /dev/mapper/nixos-root
|
|
||||||
#mkfs.ext4 /dev/mapper/nixos-lib
|
|
||||||
#mkfs.ext4 /dev/mapper/nixos-download
|
|
||||||
#mkfs.ext4 /dev/mapper/nixos-borgbackup
|
|
||||||
#mount /dev/mapper/nixos-root /mnt
|
|
||||||
#mkdir /mnt/boot
|
|
||||||
#mount /dev/sda2 /mnt/boot
|
|
||||||
#mkdir -p /mnt/var/src
|
|
||||||
#touch /mnt/var/src/.populate
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,50 +0,0 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
{
|
|
||||||
|
|
||||||
imports =
|
|
||||||
[ ./network.nix
|
|
||||||
(modulesPath + "/profiles/qemu-guest.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
# Disk
|
|
||||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "rpool/root";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/home" =
|
|
||||||
{ device = "rpool/home";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nix" =
|
|
||||||
{ device = "rpool/nix";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/sda1";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
boot.loader.grub.device = "/dev/sda";
|
|
||||||
|
|
||||||
networking.hostId = "3150697b"; # required for zfs use
|
|
||||||
boot.tmpOnTmpfs = true;
|
|
||||||
boot.supportedFilesystems = [ "zfs" ];
|
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.copyKernels = true;
|
|
||||||
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
|
|
||||||
boot.kernelParams = [
|
|
||||||
"boot.shell_on_fail"
|
|
||||||
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,13 +0,0 @@
|
||||||
ROOT_DEVICE=/dev/sda2
|
|
||||||
NIXOS_BOOT=/dev/sda1
|
|
||||||
|
|
||||||
zpool create -o ashift=12 -o altroot=/mnt rpool $ROOT_DEVICE
|
|
||||||
zfs create -o mountpoint=legacy rpool/root
|
|
||||||
zfs create -o mountpoint=legacy rpool/home
|
|
||||||
zfs create -o mountpoint=legacy rpool/nix
|
|
||||||
mount -t zfs rpool/root /mnt
|
|
||||||
mkdir /mnt/{home,nix,boot}
|
|
||||||
mount -t zfs rpool/home /mnt/home
|
|
||||||
mount -t zfs rpool/nix /mnt/nix
|
|
||||||
mount $NIXOS_BOOT /mnt/boot/
|
|
||||||
|
|
|
@ -1,36 +0,0 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
let
|
|
||||||
external-mac = "96:00:01:24:33:f4";
|
|
||||||
external-gw = "172.31.1.1";
|
|
||||||
external-ip = "142.132.189.140";
|
|
||||||
external-ip6 = "2a01:4f8:1c17:5cdf::2";
|
|
||||||
external-gw6 = "fe80::1";
|
|
||||||
external-netmask = 32;
|
|
||||||
external-netmask6 = 64;
|
|
||||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
|
||||||
ext-if = "et0"; # gets renamed on the fly
|
|
||||||
in
|
|
||||||
{
|
|
||||||
makefu.server.primary-itf = ext-if;
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
|
|
||||||
'';
|
|
||||||
networking = {
|
|
||||||
enableIPv6 = true;
|
|
||||||
nat.enableIPv6 = true;
|
|
||||||
interfaces."${ext-if}" = {
|
|
||||||
useDHCP = true;
|
|
||||||
ipv6.addresses = [{
|
|
||||||
address = external-ip6;
|
|
||||||
prefixLength = external-netmask6;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
#ipv4.addresses = [{
|
|
||||||
# address = external-ip;
|
|
||||||
# prefixLength = external-netmask;
|
|
||||||
#}];
|
|
||||||
defaultGateway6 = { address = external-gw6; interface = ext-if; };
|
|
||||||
#defaultGateway = external-gw;
|
|
||||||
nameservers = [ "1.1.1.1" ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,6 +0,0 @@
|
||||||
label: gpt
|
|
||||||
device: /dev/sda
|
|
||||||
unit: sectors
|
|
||||||
1 : size=524288 type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
|
|
||||||
4 : size=4096 type=21686148-6449-6E6F-744E-656564454649
|
|
||||||
2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue