makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions1 Packages Projects Releases Wiki Activity

Merge branch 'master' of gum:stockholm

Browse source
This commit is contained in:
makefu 2016-01-16 02:01:48 +01:00
parent 3bb965c3f0 0c1c54e728
commit 7cf54a1d79
13 changed files with 175 additions and 40 deletions

18
makefu/1systems/omo.nix
View file

@ -27,10 +27,20 @@ in {
../2configs/exim-retiolum.nix
../2configs/smart-monitor.nix
../2configs/mail-client.nix
../2configs/share-user-sftp.nix
../2configs/nginx/omo-share.nix
../3modules
];
# services.openssh.allowSFTP = false;
krebs.build.host = config.krebs.hosts.omo;
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
# HDD Array stuff
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
makefu.snapraid = let
toMapper = id: "/media/crypt${builtins.toString id}";
in {
@ -38,7 +48,6 @@ in {
disks = map toMapper [ 0 1 ];
parity = toMapper 2;
};
# AMD E350
fileSystems = let
cryptMount = name:
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
@ -56,6 +65,7 @@ in {
${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
${pkgs.hdparm}/sbin/hdparm -y ${disk}
'') allDisks);
boot = {
initrd.luks = {
devices = let
@ -87,10 +97,14 @@ in {
};
networking.firewall.allowedUDPPorts = [ 655 ];
# 8080: sabnzbd
networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
#zramSwap.enable = true;
zramSwap.enable = true;
zramSwap.numDevices = 2;
}

5
makefu/1systems/pornocauster.nix
View file

@ -35,12 +35,14 @@
# ../2configs/mediawiki.nix
#../2configs/wordpress.nix
];
hardware.sane.enable = true;
hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ];
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
krebs.Reaktor = {
enable = true;
enable = false;
nickname = "makefu|r";
plugins = with pkgs.ReaktorPlugins; [ nixos-version random-emoji ];
};
@ -59,6 +61,7 @@
hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"}
load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"'';
networking.firewall.enable = false;
networking.firewall.allowedTCPPorts = [
25
];

7
makefu/2configs/default.nix
View file

@ -65,7 +65,12 @@ with lib;
time.timeZone = "Europe/Berlin";
#nix.maxJobs = 1;
programs.ssh.startAgent = false;
programs.ssh = {
startAgent = false;
extraConfig = ''
UseRoaming no
'';
};
services.openssh.enable = true;
nix.useChroot = true;

7
makefu/2configs/hw/tp-x2x0.nix
View file

@ -24,5 +24,12 @@ with lib;
services.tlp.enable = true;
services.tlp.extraConfig = ''
START_CHARGE_THRESH_BAT0=80
CPU_SCALING_GOVERNOR_ON_AC=performance
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
CPU_MIN_PERF_ON_AC=0
CPU_MAX_PERF_ON_AC=100
CPU_MIN_PERF_ON_BAT=0
CPU_MAX_PERF_ON_BAT=30
'';
}

34
makefu/2configs/nginx/omo-share.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, lib, pkgs, ... }:
with lib;
let
hostname = config.krebs.build.host.name;
# TODO local-ip from the nets config
local-ip = "192.168.1.11";
# local-ip = head config.krebs.build.host.nets.retiolum.addrs4;
in {
krebs.nginx = {
enable = mkDefault true;
servers = {
omo-share = {
listen = [ "${local-ip}:80" ];
locations = singleton (nameValuePair "/" ''
autoindex on;
root /media;
limit_rate_after 100m;
limit_rate 5m;
mp4_buffer_size 4M;
mp4_max_buffer_size 10M;
allow all;
access_log off;
keepalive_timeout 65;
keepalive_requests 200;
reset_timedout_connection on;
sendfile on;
tcp_nopush on;
gzip off;
'');
};
};
};
}

21
makefu/2configs/share-user-sftp.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, ... }:
{
users.users = {
share = {
uid = 9002;
home = "/var/empty";
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
};
};
# we will use internal-sftp to make uncomplicated Chroot work
services.openssh.extraConfig = ''
Match User share
ChrootDirectory /media
ForceCommand internal-sftp
AllowTcpForwarding no
PermitTunnel no
X11Forwarding no
Match All
'';
}

4
makefu/2configs/smart-monitor.nix
View file

@ -12,8 +12,6 @@
# short daily, long weekly, check on boot
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
devices = lib.mkDefault [{
device = "/dev/sda";
}];
devices = lib.mkDefault [ ];
};
}

1
makefu/2configs/virtualization.nix
View file

@ -5,4 +5,5 @@ let
in {
virtualisation.libvirtd.enable = true;
users.extraUsers.${mainUser.name}.extraGroups = [ "libvirtd" ];
networking.firewall.checkReversePath = false; # TODO: unsolved issue in nixpkgs:#9067 [bug]
}

36
makefu/2configs/wwan.nix
View file

@ -1,33 +1,9 @@
{ config, lib, pkgs, ... }:
_:
#usage: $ wvdial
let
mainUser = config.krebs.build.user;
in {
environment.systemPackages = with pkgs;[
wvdial
];
environment.shellAliases = {
umts = "sudo wvdial netzclub";
{
imports = [ ../3modules ];
makefu.umts = {
enable = true;
modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
};
# configure for NETZCLUB
environment.wvdial.dialerDefaults = ''
Phone = *99***1#
Dial Command = ATDT
Modem = /dev/ttyACM0
Baud = 460800
Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
Init2 = ATZ
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ISDN = 0
Modem Type = Analog Modem
Username = netzclub
Password = netzclub
Stupid Mode = 1
Idle Seconds = 0'';
users.extraUsers.${mainUser.name}.extraGroups = [ "dialout" ];
}

3
makefu/2configs/zsh-user.nix
View file

@ -19,8 +19,7 @@ in
bindkey -e
# shift-tab
bindkey '^[[Z' reverse-menu-complete
autoload -U compinit && compinit
bindkey "\e[3~" delete-char
zstyle ':completion:*' menu select
# load gpg-agent

1
makefu/3modules/default.nix
View file

@ -3,6 +3,7 @@ _:
{
imports = [
./snapraid.nix
./umts.nix
];
}

76
makefu/3modules/umts.nix Normal file
View file

@ -0,0 +1,76 @@
{ config, lib, pkgs, ... }:
with lib;
let
# TODO: currently it is only netzclub
umts-bin = pkgs.writeScriptBin "umts" ''
#!/bin/sh
set -euf
systemctl start umts
trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
journalctl -xfu umts
'';
wvdial-defaults = ''
Phone = *99***1#
Dial Command = ATDT
Modem = ${cfg.modem-device}
Baud = 460800
Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
Init2 = ATZ
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ISDN = 0
Modem Type = Analog Modem
Username = netzclub
Password = netzclub
Stupid Mode = 1
Idle Seconds = 0'';
cfg = config.makefu.umts;
out = {
options.makefu.umts = api;
config = mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "umts";
modem-device = mkOption {
default = "/dev/ttyUSB0";
type = types.str;
description = ''
path to modem device, use <filename>/dev/serial/by-id/...</filename>
to avoid race conditions.
'';
};
};
imp = {
environment.shellAliases = {
umts = "sudo ${umts-bin}/bin/umts";
};
environment.systemPackages = [ ];
environment.wvdial.dialerDefaults = wvdial-defaults;
systemd.targets.network-umts = {
description = "System is running on UMTS";
unitConfig.StopWhenUnneeded = true;
};
systemd.services.umts = {
description = "UMTS wvdial Service";
before = [ "network-umts.target" ];
serviceConfig = {
Type = "simple";
Restart = "always";
RestartSec = "4s";
ExecStart = "${pkgs.wvdial}/bin/wvdial -n";
};
};
};
in out

2
shared/1systems/test-minimal-deploy.nix
View file

@ -5,7 +5,7 @@
build.user = config.krebs.users.shared;
build.host = config.krebs.hosts.test-all-krebs-modules;
};
# just get the system running
# just get the system to eval in nixos without errors
boot.loader.grub.devices = ["/dev/sda"];
fileSystems."/" = {
device = "/dev/lol";