From c47c07d4274dfcf2cfe82bc087e2eace2a4b62b3 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 8 Jan 2016 03:37:38 +0100
Subject: [PATCH 1/7] ma 1 omo: add sabnzbd;
---
makefu/1systems/omo.nix | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index e19205a95..3daa74cf2 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -30,7 +30,14 @@ in {
../3modules
];
krebs.build.host = config.krebs.hosts.omo;
+
+ # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
+ services.sabnzbd.enable = true;
+ systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+
+ # HDD Array stuff
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
+
makefu.snapraid = let
toMapper = id: "/media/crypt${builtins.toString id}";
in {
@@ -38,7 +45,6 @@ in {
disks = map toMapper [ 0 1 ];
parity = toMapper 2;
};
- # AMD E350
fileSystems = let
cryptMount = name:
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
@@ -56,6 +62,7 @@ in {
${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
${pkgs.hdparm}/sbin/hdparm -y ${disk}
'') allDisks);
+
boot = {
initrd.luks = {
devices = let
@@ -87,10 +94,13 @@ in {
};
networking.firewall.allowedUDPPorts = [ 655 ];
+ # 8080: sabnzbd
+ networking.firewall.allowedTCPPorts = [ 655 8080 ];
+
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
- #zramSwap.enable = true;
+ zramSwap.enable = true;
zramSwap.numDevices = 2;
}
From f678d7e083c596e06057b8037dc1c321842ce838 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 13 Jan 2016 23:20:40 +0100
Subject: [PATCH 2/7] ma 2 zsh-user: compinit is being automatically
---
makefu/2configs/hw/tp-x2x0.nix | 7 +++++++
makefu/2configs/zsh-user.nix | 3 +--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index 047895ce6..ebc72a06e 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -24,5 +24,12 @@ with lib;
services.tlp.enable = true;
services.tlp.extraConfig = ''
START_CHARGE_THRESH_BAT0=80
+
+ CPU_SCALING_GOVERNOR_ON_AC=performance
+ CPU_SCALING_GOVERNOR_ON_BAT=ondemand
+ CPU_MIN_PERF_ON_AC=0
+ CPU_MAX_PERF_ON_AC=100
+ CPU_MIN_PERF_ON_BAT=0
+ CPU_MAX_PERF_ON_BAT=30
'';
}
diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix
index 1b1762418..f79f258f3 100644
--- a/makefu/2configs/zsh-user.nix
+++ b/makefu/2configs/zsh-user.nix
@@ -19,8 +19,7 @@ in
bindkey -e
# shift-tab
bindkey '^[[Z' reverse-menu-complete
-
- autoload -U compinit && compinit
+ bindkey "\e[3~" delete-char
zstyle ':completion:*' menu select
# load gpg-agent
From e0b71680b0da8a12d2fcc54cff25a71d5a408075 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 14 Jan 2016 11:15:20 +0100
Subject: [PATCH 3/7] ma 2 virtualization: add firewall exception for
checkReversePath
---
makefu/2configs/virtualization.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/makefu/2configs/virtualization.nix b/makefu/2configs/virtualization.nix
index b3f8c8284..b90467ab8 100644
--- a/makefu/2configs/virtualization.nix
+++ b/makefu/2configs/virtualization.nix
@@ -5,4 +5,5 @@ let
in {
virtualisation.libvirtd.enable = true;
users.extraUsers.${mainUser.name}.extraGroups = [ "libvirtd" ];
+ networking.firewall.checkReversePath = false; # TODO: unsolved issue in nixpkgs:#9067 [bug]
}
From 1e845f7b765c4039f7541fb3542ba2bf76bb323c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 14 Jan 2016 12:42:52 +0100
Subject: [PATCH 4/7] ma 1 omo: use sftp share
---
makefu/1systems/omo.nix | 4 ++++
makefu/2configs/share-user-sftp.nix | 21 +++++++++++++++++++++
makefu/2configs/smart-monitor.nix | 4 +---
3 files changed, 26 insertions(+), 3 deletions(-)
create mode 100644 makefu/2configs/share-user-sftp.nix
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 3daa74cf2..2a657995c 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -27,9 +27,12 @@ in {
../2configs/exim-retiolum.nix
../2configs/smart-monitor.nix
../2configs/mail-client.nix
+ ../2configs/share-user-sftp.nix
../3modules
];
+ # services.openssh.allowSFTP = false;
krebs.build.host = config.krebs.hosts.omo;
+
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
services.sabnzbd.enable = true;
@@ -103,4 +106,5 @@ in {
zramSwap.enable = true;
zramSwap.numDevices = 2;
+
}
diff --git a/makefu/2configs/share-user-sftp.nix b/makefu/2configs/share-user-sftp.nix
new file mode 100644
index 000000000..2c93143ec
--- /dev/null
+++ b/makefu/2configs/share-user-sftp.nix
@@ -0,0 +1,21 @@
+{ config, ... }:
+
+{
+ users.users = {
+ share = {
+ uid = 9002;
+ home = "/var/empty";
+ openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
+ };
+ };
+ # we will use internal-sftp to make uncomplicated Chroot work
+ services.openssh.extraConfig = ''
+ Match User share
+ ChrootDirectory /media
+ ForceCommand internal-sftp
+ AllowTcpForwarding no
+ PermitTunnel no
+ X11Forwarding no
+ Match All
+ '';
+}
diff --git a/makefu/2configs/smart-monitor.nix b/makefu/2configs/smart-monitor.nix
index 9b0290a9b..a37969d3d 100644
--- a/makefu/2configs/smart-monitor.nix
+++ b/makefu/2configs/smart-monitor.nix
@@ -12,8 +12,6 @@
# short daily, long weekly, check on boot
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
- devices = lib.mkDefault [{
- device = "/dev/sda";
- }];
+ devices = lib.mkDefault [ ];
};
}
From 1d18ada0773443fddd22ddce04373da782b034a7 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 14 Jan 2016 12:43:59 +0100
Subject: [PATCH 5/7] ma 3 umts: init
---
makefu/1systems/pornocauster.nix | 5 ++-
makefu/2configs/wwan.nix | 36 +++------------
makefu/3modules/default.nix | 1 +
makefu/3modules/umts.nix | 76 ++++++++++++++++++++++++++++++++
4 files changed, 87 insertions(+), 31 deletions(-)
create mode 100644 makefu/3modules/umts.nix
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 690e26b36..d7fa8edc5 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -35,12 +35,14 @@
# ../2configs/mediawiki.nix
#../2configs/wordpress.nix
];
+ hardware.sane.enable = true;
+ hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ];
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
krebs.Reaktor = {
- enable = true;
+ enable = false;
nickname = "makefu|r";
plugins = with pkgs.ReaktorPlugins; [ nixos-version random-emoji ];
};
@@ -59,6 +61,7 @@
hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"}
load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"'';
+ networking.firewall.enable = false;
networking.firewall.allowedTCPPorts = [
25
];
diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/wwan.nix
index 29a610ac6..1e76cd28a 100644
--- a/makefu/2configs/wwan.nix
+++ b/makefu/2configs/wwan.nix
@@ -1,33 +1,9 @@
-{ config, lib, pkgs, ... }:
+_:
-#usage: $ wvdial
-
-let
- mainUser = config.krebs.build.user;
-in {
- environment.systemPackages = with pkgs;[
- wvdial
- ];
-
- environment.shellAliases = {
- umts = "sudo wvdial netzclub";
+{
+ imports = [ ../3modules ];
+ makefu.umts = {
+ enable = true;
+ modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
};
-
- # configure for NETZCLUB
- environment.wvdial.dialerDefaults = ''
- Phone = *99***1#
- Dial Command = ATDT
- Modem = /dev/ttyACM0
- Baud = 460800
- Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
- Init2 = ATZ
- Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
- ISDN = 0
- Modem Type = Analog Modem
- Username = netzclub
- Password = netzclub
- Stupid Mode = 1
- Idle Seconds = 0'';
-
- users.extraUsers.${mainUser.name}.extraGroups = [ "dialout" ];
}
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index 218c9138e..f007a8418 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -3,6 +3,7 @@ _:
{
imports = [
./snapraid.nix
+ ./umts.nix
];
}
diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix
new file mode 100644
index 000000000..d7be45f62
--- /dev/null
+++ b/makefu/3modules/umts.nix
@@ -0,0 +1,76 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ # TODO: currently it is only netzclub
+ umts-bin = pkgs.writeScriptBin "umts" ''
+ #!/bin/sh
+ set -euf
+ systemctl start umts
+ trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
+ echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
+ journalctl -xfu umts
+ '';
+
+ wvdial-defaults = ''
+ Phone = *99***1#
+ Dial Command = ATDT
+ Modem = ${cfg.modem-device}
+ Baud = 460800
+ Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
+ Init2 = ATZ
+ Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
+ ISDN = 0
+ Modem Type = Analog Modem
+ Username = netzclub
+ Password = netzclub
+ Stupid Mode = 1
+ Idle Seconds = 0'';
+
+ cfg = config.makefu.umts;
+
+ out = {
+ options.makefu.umts = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "umts";
+
+ modem-device = mkOption {
+ default = "/dev/ttyUSB0";
+ type = types.str;
+ description = ''
+ path to modem device, use <filename>/dev/serial/by-id/...</filename>
+ to avoid race conditions.
+ '';
+ };
+ };
+
+ imp = {
+ environment.shellAliases = {
+ umts = "sudo ${umts-bin}/bin/umts";
+ };
+ environment.systemPackages = [ ];
+
+ environment.wvdial.dialerDefaults = wvdial-defaults;
+
+ systemd.targets.network-umts = {
+ description = "System is running on UMTS";
+ unitConfig.StopWhenUnneeded = true;
+ };
+
+ systemd.services.umts = {
+ description = "UMTS wvdial Service";
+ before = [ "network-umts.target" ];
+
+ serviceConfig = {
+ Type = "simple";
+ Restart = "always";
+ RestartSec = "4s";
+ ExecStart = "${pkgs.wvdial}/bin/wvdial -n";
+ };
+ };
+ };
+in out
From 7a0480e5fe2b0b0762e56caa1878f7ada8cb76e1 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 14 Jan 2016 17:30:02 +0100
Subject: [PATCH 6/7] ma 1 minimal: cosmetics
---
shared/1systems/test-minimal-deploy.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/shared/1systems/test-minimal-deploy.nix b/shared/1systems/test-minimal-deploy.nix
index ddd96f6b5..309e28950 100644
--- a/shared/1systems/test-minimal-deploy.nix
+++ b/shared/1systems/test-minimal-deploy.nix
@@ -5,7 +5,7 @@
build.user = config.krebs.users.shared;
build.host = config.krebs.hosts.test-all-krebs-modules;
};
- # just get the system running
+ # just get the system to eval in nixos without errors
boot.loader.grub.devices = ["/dev/sda"];
fileSystems."/" = {
device = "/dev/lol";
From 2ef651f78d0b8e2bf19f9bdbbfa982a0a5991c22 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 16 Jan 2016 01:30:37 +0100
Subject: [PATCH 7/7] ma 2 default: useroaming no, omo: provide share
---
makefu/1systems/omo.nix | 4 ++--
makefu/2configs/default.nix | 7 +++++-
makefu/2configs/nginx/omo-share.nix | 34 +++++++++++++++++++++++++++++
3 files changed, 42 insertions(+), 3 deletions(-)
create mode 100644 makefu/2configs/nginx/omo-share.nix
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 2a657995c..e11665fbc 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -28,11 +28,11 @@ in {
../2configs/smart-monitor.nix
../2configs/mail-client.nix
../2configs/share-user-sftp.nix
+ ../2configs/nginx/omo-share.nix
../3modules
];
# services.openssh.allowSFTP = false;
krebs.build.host = config.krebs.hosts.omo;
-
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
services.sabnzbd.enable = true;
@@ -98,7 +98,7 @@ in {
networking.firewall.allowedUDPPorts = [ 655 ];
# 8080: sabnzbd
- networking.firewall.allowedTCPPorts = [ 655 8080 ];
+ networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 7593eaff7..7771e24d4 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -65,7 +65,12 @@ with lib;
time.timeZone = "Europe/Berlin";
#nix.maxJobs = 1;
- programs.ssh.startAgent = false;
+ programs.ssh = {
+ startAgent = false;
+ extraConfig = ''
+ UseRoaming no
+ '';
+ };
services.openssh.enable = true;
nix.useChroot = true;
diff --git a/makefu/2configs/nginx/omo-share.nix b/makefu/2configs/nginx/omo-share.nix
new file mode 100644
index 000000000..ce85e0442
--- /dev/null
+++ b/makefu/2configs/nginx/omo-share.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ hostname = config.krebs.build.host.name;
+ # TODO local-ip from the nets config
+ local-ip = "192.168.1.11";
+ # local-ip = head config.krebs.build.host.nets.retiolum.addrs4;
+in {
+ krebs.nginx = {
+ enable = mkDefault true;
+ servers = {
+ omo-share = {
+ listen = [ "${local-ip}:80" ];
+ locations = singleton (nameValuePair "/" ''
+ autoindex on;
+ root /media;
+ limit_rate_after 100m;
+ limit_rate 5m;
+ mp4_buffer_size 4M;
+ mp4_max_buffer_size 10M;
+ allow all;
+ access_log off;
+ keepalive_timeout 65;
+ keepalive_requests 200;
+ reset_timedout_connection on;
+ sendfile on;
+ tcp_nopush on;
+ gzip off;
+ '');
+ };
+ };
+ };
+}