makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse source
This commit is contained in:
tv 2017-06-04 06:20:54 +02:00
parent 4f58b884dd e50bc4f3eb
commit 811ceaa243
45 changed files with 415 additions and 376 deletions

30
krebs/3modules/lass/default.nix
View file

@ -224,32 +224,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
};
helios = {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.0.3";
ip6.addr = "42:0:0:0:0:0:0:7105";
aliases = [
"helios.r"
"cgit.helios.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA9SItL2mhQpTl95gjSWRstrDajUnI5YbrVCuaDKfw9gRwMyPNiO/y
Xwv/w4Ri8NCJZLZGkj2vG3X0EfJFBEPTJPTCbF9fP7PqqVs38BD41txLp+NrFxEq
5fmFk65/eg8ujrNQoOSUGmky/BKqQhWjvxdAWuwjN933wJCcNCxyaUwljHLYEK/I
oIJX+spnFmPwmhW9hsOj8K06eHixT13+0W48GG/ZNcV3x5vWxcKUvZ4Qtzz2iMNB
hud5kae7xMUfFAzCeKF/zsjuyt2d/xQg1WgR8MXGNgYhNJFSXz94r/bivNO6H4vP
Pfjndnh8cD46ADo8woS1nQ19WId+sMbipwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7";
};
shodan = {
cores = 2;
nets = {
@ -339,10 +313,6 @@ with import <stockholm/lib>;
mail = "lass@uriel.r";
pubkey = builtins.readFile ./ssh/uriel.rsa;
};
lass-helios = {
mail = "lass@helios.r";
pubkey = builtins.readFile ./ssh/helios.rsa;
};
lass-shodan = {
mail = "lass@shodan.r";
pubkey = builtins.readFile ./ssh/shodan.rsa;

1
krebs/3modules/lass/ssh/helios.rsa
View file

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios

2
krebs/3modules/makefu/default.nix
View file

@ -459,6 +459,7 @@ with import <stockholm/lib>;
share.euer IN A ${nets.internet.ip4.addr}
mattermost.euer IN A ${nets.internet.ip4.addr}
gum IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr}
pigstarter IN A ${nets.internet.ip4.addr}
cgit.euer IN A ${nets.internet.ip4.addr}
euer IN A ${nets.internet.ip4.addr}
@ -490,6 +491,7 @@ with import <stockholm/lib>;
"tracker.makefu.r"
"graph.r"
"search.makefu.r"
"wiki.makefu.r"
"wiki.gum.r"
"blog.makefu.r"

1
lass/1systems/dishfire.nix
View file

@ -70,7 +70,6 @@
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
config.krebs.hosts.mors
config.krebs.hosts.uriel
config.krebs.hosts.helios
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

130
lass/1systems/helios.nix
View file

@ -1,130 +0,0 @@
{ config, pkgs, ... }:
with builtins;
with import <stockholm/lib>;
{
imports = [
../.
../2configs/retiolum.nix
../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/programs.nix
../2configs/git.nix
../2configs/pass.nix
../2configs/fetchWallpaper.nix
../2configs/backups.nix
#{
# # conflicting stuff with gnome setup
# # TODO: fix this
# imports = [
# ../2configs/baseX.nix
# ];
#}
{
# gnome3 for suja
time.timeZone = "Europe/Berlin";
services.xserver.enable = true;
services.xserver.desktopManager.xfce.enable = true;
networking.wireless.enable = true;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
users.users.ferret = {
uid = genid "ferret";
home = "/home/ferret";
group = "users";
createHome = true;
useDefaultShell = true;
extraGroups = [
];
hashedPassword = "$6$SaneLuyep90p8BPn$0IDbvLgNbRGZL96obWavanTmY6IkBG84vs2b/2oqlpbmTZH3retOYbQKF1uVqu6dD0ZGF4eBq9tqPbwUjRyY00";
};
environment.systemPackages = with pkgs; [
firefox
chromium
maven
arandr
libreoffice
mpv
];
}
#{
# users.extraUsers = {
# root = {
# openssh.authorizedKeys.keys = map readFile [
# ../../krebs/Zpubkeys/uriel.ssh.pub
# ];
# };
# };
#}
#{
# services.elasticsearch = {
# enable = true;
# };
#}
{
krebs.power-action.battery = "BAT1";
}
];
krebs.build.host = config.krebs.hosts.helios;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
device = "/dev/pool/nix";
fsType = "ext4";
};
"/boot" = {
device = "/dev/sda1";
};
"/home" = {
device = "/dev/pool/home";
fsType = "ext4";
};
"/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
};
#services.udev.extraRules = ''
# SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
#'';
services.xserver.synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
additionalOptions = ''
Option "FingerHigh" "60"
Option "FingerLow" "60"
'';
};
}

99
lass/1systems/prism.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
@ -46,6 +45,7 @@ in {
../2configs/monitoring/monit-alarms.nix
../2configs/paste.nix
../2configs/syncthing.nix
../2configs/coders-irc.nix
{
imports = [
../2configs/bepasty.nix
@ -253,103 +253,6 @@ in {
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
];
}
{
krebs.Reaktor.coders = {
nickname = "Reaktor|lass";
channels = [ "#coders" "#germany" ];
extraEnviron = {
REAKTOR_HOST = "irc.hackint.org";
};
plugins = with pkgs.ReaktorPlugins; let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
}) {}).lambdabot;
lambdabotflags = ''
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
-XFlexibleInstances -XMultiParamTypeClasses \
-XOverloadedStrings -XFunctionalDependencies \'';
in [
url-title
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";
script = pkgs.writeDash "lambda-pl" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@pl $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-type" {
pattern = "^@type (?P<args>.*)$$";
script = pkgs.writeDash "lambda-type" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@type $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-let" {
pattern = "^@let (?P<args>.*)$$";
script = pkgs.writeDash "lambda-let" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@let $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-run" {
pattern = "^@run (?P<args>.*)$$";
script = pkgs.writeDash "lambda-run" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@run $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
})
(buildSimpleReaktorPlugin "random-unicorn-porn" {
pattern = "^!rup$$";
script = pkgs.writePython2 "rup" ''
#!${pkgs.python2}/bin/python
t1 = """
_.
;=',_ ()
8===D~~ S" .--`||
sS \__ ||
__.' ( \-->||
_=/ _./-\/ ||
8===D~~ ((\( /-' -'l ||
) |/ \\ (_))
\\ \\
'~ '~
"""
print(t1)
'';
})
(buildSimpleReaktorPlugin "ping" {
pattern = "^!ping (?P<args>.*)$$";
script = pkgs.writeDash "ping" ''
exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
'';
})
];
};
}
{
krebs.Reaktor.prism = {
nickname = "Reaktor|lass";

24
lass/2configs/backups.nix
View file

@ -107,29 +107,5 @@ with import <stockholm/lib>;
dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; };
startAt = "05:00";
};
dishfire-http-helios = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-http"; };
startAt = "12:00";
};
dishfire-sql-helios = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-sql"; };
startAt = "12:15";
};
prism-sql-helios = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.helios; path = "/bku/prism-sql_dumps"; };
startAt = "12:30";
};
prism-http-helios = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
dst = { host = config.krebs.hosts.helios; path = "/bku/prism-http"; };
startAt = "12:45";
};
};
}

2
lass/2configs/buildbot-standalone.nix
View file

@ -113,7 +113,7 @@ in {
]
)
for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
addShell(f,name="build-{}".format(i),env=env_lass,
command=nixshell + \
["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \

92
lass/2configs/coders-irc.nix Normal file
View file

@ -0,0 +1,92 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
krebs.Reaktor.coders = {
nickname = "Reaktor|lass";
channels = [ "#coders" "#germany" ];
extraEnviron = {
REAKTOR_HOST = "irc.hackint.org";
};
plugins = with pkgs.ReaktorPlugins; let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
}) {}).lambdabot;
lambdabotflags = ''
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
-XFlexibleInstances -XMultiParamTypeClasses \
-XOverloadedStrings -XFunctionalDependencies \'';
in [
url-title
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";
script = pkgs.writeDash "lambda-pl" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@pl $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-type" {
pattern = "^@type (?P<args>.*)$$";
script = pkgs.writeDash "lambda-type" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@type $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-let" {
pattern = "^@let (?P<args>.*)$$";
script = pkgs.writeDash "lambda-let" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@let $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-run" {
pattern = "^@run (?P<args>.*)$$";
script = pkgs.writeDash "lambda-run" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@run $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
})
(buildSimpleReaktorPlugin "random-unicorn-porn" {
pattern = "^!rup$$";
script = pkgs.writePython2 "rup" ''
#!${pkgs.python2}/bin/python
t1 = """
_.
;=',_ ()
8===D~~ S" .--`||
sS \__ ||
__.' ( \-->||
_=/ _./-\/ ||
8===D~~ ((\( /-' -'l ||
) |/ \\ (_))
\\ \\
'~ '~
"""
print(t1)
'';
})
(buildSimpleReaktorPlugin "ping" {
pattern = "^!ping (?P<args>.*)$$";
script = pkgs.writeDash "ping" ''
exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
'';
})
];
};
}

1
lass/2configs/downloading.nix
View file

@ -15,7 +15,6 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
lass-helios.pubkey
lass-icarus.pubkey
makefu.pubkey
];

1
lass/2configs/exim-smarthost.nix
View file

@ -16,7 +16,6 @@ with import <stockholm/lib>;
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
config.krebs.hosts.uriel
config.krebs.hosts.helios
];
internet-aliases = with config.krebs.users; [
{ from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822

1
lass/2configs/logf.nix
View file

@ -8,7 +8,6 @@ let
shodan = "51";
icarus = "53";
echelon = "197";
helios = "199";
cloudkrebs = "119";
};
in {

2
lass/2configs/nixpkgs.nix
View file

@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs;
ref = "f469354";
ref = "f8dfdd7";
};
}

22
makefu/1systems/gum.nix
View file

@ -32,7 +32,7 @@ in {
../2configs/tools/sec.nix
# services
../2configs/gum-share.nix
../2configs/share/gum.nix
../2configs/sabnzbd.nix
../2configs/torrent.nix
../2configs/iodined.nix
@ -48,14 +48,25 @@ in {
../2configs/deployment/mycube.connector.one.nix
../2configs/deployment/graphs.nix
../2configs/deployment/owncloud.nix
../2configs/deployment/wiki-irc.nix
../2configs/deployment/wiki-irc-bot
../2configs/deployment/boot-euer.nix
../2configs/deployment/hound
{
services.taskserver.enable = true;
services.taskserver.fqdn = config.krebs.build.host.name;
services.taskserver.listenHost = "::";
services.taskserver.organisations.home.users = [ "makefu" ];
networking.firewall.extraCommands = ''
iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
'';
}
# ../2configs/ipfs.nix
../2configs/syncthing.nix
# ../2configs/opentracker.nix
../2configs/logging/central-stats-client.nix
# ../2configs/logging/central-logging-client.nix
../2configs/stats/client.nix
# ../2configs/logging/client.nix
];
makefu.dl-dir = "/var/download";
@ -78,7 +89,6 @@ in {
];
};
makefu.taskserver.enable = true;
# access
@ -122,6 +132,8 @@ in {
21031
# taskserver
53589
# temp vnc
18001
];
allowedUDPPorts = [
# tinc

13
makefu/1systems/omo.nix
View file

@ -50,11 +50,13 @@ in {
# ../2configs/disable_v6.nix
#../2configs/graphite-standalone.nix
#../2configs/share-user-sftp.nix
../2configs/omo-share.nix
../2configs/share/omo.nix
../2configs/tinc/retiolum.nix
../2configs/logging/central-stats-server.nix
# ../2configs/logging/central-logging-server.nix
../2configs/logging/central-stats-client.nix
# Logging
../2configs/stats/server.nix #influx + grafana
../2configs/stats/client.nix
../2configs/stats/external/aralast.nix # logs to influx
# services
../2configs/syncthing.nix
@ -180,7 +182,8 @@ in {
uid = 9002;
name = "misa";
};
hardware.enableAllFirmware = true;
# hardware.enableAllFirmware = true;
hardware.enableRedistributableFirmware = true;
hardware.cpu.intel.updateMicrocode = true;
zramSwap.enable = true;

4
makefu/1systems/studio.nix
View file

@ -5,8 +5,10 @@
../2configs/vncserver.nix
../2configs/vim.nix
../2configs/disable_v6.nix
../2configs/jack-on-pulse.nix
../2configs/audio/jack-on-pulse.nix
../2configs/audio/realtime-audio.nix
../2configs/gui/studio.nix
../2configs/binary-cache/lass.nix
];
makefu.gui.user = "user"; # we use an extra user

1
makefu/1systems/wbob.nix
View file

@ -18,6 +18,7 @@ in {
../2configs/mqtt.nix
../2configs/deployment/led-fader.nix
# ../2configs/gui/wbob-kiosk.nix
../2configs/stats/client.nix
../2configs/gui/studio.nix
../2configs/audio/jack-on-pulse.nix

14
makefu/2configs/audio/jack-on-pulse.nix
View file

@ -2,6 +2,7 @@
let
pulse = pkgs.pulseaudioFull;
user = config.makefu.gui.user;
wait_time = 30;
in
{
sound.enable = true;
@ -13,16 +14,17 @@ in
environment.systemPackages = with pkgs; [ jack2Full ];
# from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html
systemd.services = {
systemd.user.services = {
jackdbus = {
description = "Runs jack, and points pulseaudio at it";
serviceConfig = {
User = user;
Type = "oneshot";
ExecStart = pkgs.writeScript "start_jack.sh" ''
#! ${pkgs.bash}/bin/bash
. ${config.system.build.setEnvironment}
sleep 5 # wait for the gui to load
# TODO: correctly wait for pulseaudio, cannot use pulseaudio.service
sleep ${toString wait_time} # wait for the gui to load
${pkgs.jack2Full}/bin/jack_control start
sleep 3 # give some time for sources/sinks to be created
@ -37,9 +39,11 @@ in
${pkgs.jack2Full}/bin/jack_control stop
'';
RemainAfterExit = true;
Restart = "always";
RestartSec = "5";
};
after = [ "display-manager.service" "sound.target" ];
wantedBy = [ "multi-user.target" ];
# after = [ "display-manager.service" "sound.target" ];
wantedBy = [ "default.target" ];
};
};
}

28
makefu/2configs/deployment/hound/default.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, pkgs, ... }:
{
services.nginx.virtualHosts."wikisearch.krebsco.de" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:6080";
};
services.hound = {
enable = true;
listen = "127.0.0.1:6080";
# package = pkgs.hound.overrideDerivation(oldAttrs: {
# patches = [ ./keep-repo.patch ];
# });
config = ''{
"max-concurrent-indexers" : 2,
"dbpath" : "${config.services.hound.home}/data",
"repos" : {
"nixos-users-wiki": {
"url" : "https://github.com/nixos-users/wiki.wiki.git",
"url-pattern" : {
"base-url" : "{url}/{path}"
}
}
}
}'';
};
}

3
makefu/2configs/deployment/led-fader.nix
View file

@ -29,7 +29,8 @@ in {
environment = {
NIX_PATH = "/var/src";
};
wantedBy = [ "multi-user.target" ];
after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
# User = "nobody"; # need a user with permissions to run nix-shell
ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json";

7
makefu/2configs/deployment/wiki-irc.nix → makefu/2configs/deployment/wiki-irc-bot/default.nix
View file

@ -4,6 +4,10 @@ with lib;
let
port = 18872;
in {
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
logstash = pkgs.stdenv.lib.overrideDerivation pkgs.logstash (old: {
patches = [ ./irc-out-notice.patch ]; });
};
services.logstash = {
enable = true;
inputConfig = ''
@ -40,10 +44,11 @@ in {
file { path => "/tmp/logs.json" codec => "json_lines" }
if [output] {
irc {
channels => [ "#nixos" , "#krebs" ]
channels => [ "#krebs", "#nixos" ]
host => "irc.freenode.net"
nick => "nixos-users-wiki"
format => "%{output}"
notice => true
}
}
'';

26
makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch Normal file
View file

@ -0,0 +1,26 @@
index b63339d..8c8c747 100644
--- a/vendor/bundle/jruby/1.9/gems/logstash-output-irc-2.0.4/lib/logstash/outputs/irc.rb
+++ b/vendor/bundle/jruby/1.9/gems/logstash-output-irc-2.0.4/lib/logstash/outputs/irc.rb
@@ -48,6 +48,9 @@ class LogStash::Outputs::Irc < LogStash::Outputs::Base
# Static string after event
config :post_string, :validate => :string, :required => false
+ # Set this to true to send messages as notice
+ config :notice, :validate => :boolean, :default => false
+
public
def inject_bot(bot)
@@ -90,9 +93,9 @@ class LogStash::Outputs::Irc < LogStash::Outputs::Base
@bot.channels.each do |channel|
@logger.debug("Sending to...", :channel => channel, :text => text)
- channel.msg(pre_string) if !@pre_string.nil?
- channel.msg(text)
- channel.msg(post_string) if !@post_string.nil?
+ channel.send(pre_string, :notice => @notice) if !@pre_string.nil?
+ channel.send(text, :notice => @notice)
+ channel.send(post_string, :notice => @notice) if !@post_string.nil?
end # channels.each
end # def receive
end # class LogStash::Outputs::Irc

2
makefu/2configs/gui/base.nix
View file

@ -24,7 +24,7 @@ in
enable = true;
layout = "us";
xkbVariant = "altgr-intl";
xkbOptions = "ctrl:nocaps";
xkbOptions = "ctrl:nocaps, eurosign:e";
windowManager = {
awesome.enable = true;

0
makefu/2configs/logging/central-logging-client.nix → makefu/2configs/logging/client.nix
View file

0
makefu/2configs/logging/central-logging-server.nix → makefu/2configs/logging/server.nix
View file

0
makefu/2configs/gum-share.nix → makefu/2configs/share/gum.nix
View file

0
makefu/2configs/omo-share.nix → makefu/2configs/share/omo.nix
View file

0
makefu/2configs/temp-share-samba.nix → makefu/2configs/share/temp-share-samba.nix
View file

0
makefu/2configs/logging/central-stats-client.nix → makefu/2configs/stats/client.nix
View file

38
makefu/2configs/stats/external/aralast.nix vendored Normal file
View file

@ -0,0 +1,38 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
pkg = pkgs.stdenv.mkDerivation {
name = "aralast-master";
src = pkgs.fetchFromGitHub {
owner = "makefu";
repo = "aralast";
rev = "7121598";
sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m";
};
installPhase = ''
install -m755 -D aralast.sh $out/bin/aralast
'';
};
in {
systemd.services.aralast = {
description = "periodically fetch aramark";
path = [
pkgs.curl
pkgs.gnugrep
pkgs.gnused
];
wantedBy = [ "multi-user.target" ];
environment = {
INFLUX_HOST = "localhost";
INFLUX_PORT = "8086";
};
# every 10 seconds when the cantina is open
startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0,15,30,45";
serviceConfig = {
User = "nobody";
ExecStart = "${pkg}/bin/aralast";
PrivateTmp = true;
};
};
}

4
makefu/2configs/logging/central-stats-server.nix → makefu/2configs/stats/server.nix
View file

@ -12,7 +12,9 @@ in {
services.grafana.addr = "0.0.0.0";
services.influxdb.enable = true;
# redirect grafana to stats.makefu.r
services.nginx.enable = true;
services.nginx.virtualHosts."stats.makefu.r".locations."/".proxyPass = "http://localhost:3000";
# forward these via nginx
services.influxdb.extraConfig = {
meta.hostname = config.krebs.build.host.name;

31
makefu/2configs/time-machine.nix Normal file
View file

@ -0,0 +1,31 @@
let
time-machine-path = "/media/crypt2/backup/time-machine/misa";
in {
networking.firewall.allowedTCPPorts = [
548 # netatalk
];
services = {
netatalk = {
enable = true;
volumes = {
"misa-time-machine" = {
"time machine" = "yes";
path = time-machine-path;
"valid users" = "misa";
};
};
};
avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
userServices = true;
};
};
};
}

1
makefu/2configs/tools/games.nix
View file

@ -3,5 +3,6 @@
{
krebs.per-user.makefu.packages = with pkgs; [
steam
games-user-env
];
}

4
makefu/2configs/zsh-user.nix
View file

@ -44,4 +44,8 @@ in
fi
'';
};
krebs.per-user.${mainUser}.packages = [
pkgs.nix-zsh-completions
];
}

1
makefu/3modules/default.nix
View file

@ -11,7 +11,6 @@ _:
./logging-config.nix
./server-config.nix
./snapraid.nix
./taskserver.nix
./torrent.nix
./udpt.nix
./umts.nix

60
makefu/3modules/taskserver.nix
View file

@ -1,60 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.makefu.taskserver;
out = {
options.makefu.taskserver = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "taskserver";
workingDir = mkOption {
type = types.str;
default = "/var/lib/taskserver";
};
package = mkOption {
type = types.package;
default = pkgs.taskserver;
};
};
imp = {
environment.systemPackages = [ cfg.package ];
systemd.services.taskserver = {
description = "taskd server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
unitConfig = {
Documentation = "http://taskwarrior.org/docs/#taskd" ;
# https://taskwarrior.org/docs/taskserver/configure.html
ConditionPathExists = "${cfg.workingDir}/config";
};
serviceConfig = {
Type = "simple";
ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}";
WorkingDirectory = cfg.workingDir;
# PrivateTmp = true;
# InaccessibleDirectories = "/home /boot /opt /mnt /media";
User = "taskd";
};
};
users.users.taskd = {
uid = genid "taskd";
home = cfg.workingDir;
createHome = true;
};
users.groups.taskd.gid = genid "taskd";
};
in
out

20
shared/1systems/wolf.nix
View file

@ -6,19 +6,27 @@ in
imports = [
../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/cgit-mirror.nix
../2configs/collectd-base.nix
../2configs/shack/share.nix
../2configs/central-stats-client.nix
../2configs/save-diskspace.nix
../2configs/cgit-mirror.nix
../2configs/graphite.nix
../2configs/repo-sync.nix
../2configs/shack-drivedroid.nix
../2configs/shack-nix-cacher.nix
../2configs/shared-buildbot.nix
../2configs/share-shack.nix
../2configs/central-stats-client.nix
../2configs/shack/drivedroid.nix
../2configs/shack/nix-cacher.nix
../2configs/shack/mqtt_sub.nix
../2configs/shack/muell_caller.nix
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
services.influxdb.enable = true;
# local discovery in shackspace
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
krebs.tinc.retiolum.extraConfig = "TCPOnly = yes";
@ -46,6 +54,7 @@ in
networking = {
firewall.enable = false;
firewall.allowedTCPPorts = [ 8088 8086 8083 ];
interfaces.enp0s3.ip4 = [{
address = shack-ip;
prefixLength = 20;
@ -83,4 +92,5 @@ in
];
time.timeZone = "Europe/Berlin";
sound.enable = false;
}

2
shared/2configs/default.nix
View file

@ -11,7 +11,7 @@ with import <stockholm/lib>;
nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "22da5d02466ffe465735986d705675982f3646a0"; # nixos-17.03 @ 2017-05-13
ref = "58e227052d40021d82d015f3f8da011ae54ea430"; # nixos-17.03 @ 2017-05-24
};
secrets.file =
if getEnv "dummy_secrets" == "true"

38
shared/2configs/graphite.nix
View file

@ -22,12 +22,50 @@ with import <stockholm/lib>;
MAX_CACHE_SIZE = inf
MAX_UPDATES_PER_SECOND = 1
MAX_CREATES_PER_MINUTE = 50
MAX_UPDATES_PER_SECOND_ONSHUTDOWN = 9001
'';
storageSchemas = ''
[carbon]
pattern = ^carbon\.
retentions = 60:90d
[radiation_sensor]
pattern = ^sensors\.radiation\.
retentions = 1m:30d,5m:180d,10m:3y
[motion_sensors]
pattern = ^sensors\.motion\.
retentions = 1s:1h,60s:30d,300s:1y
[motion_sensors]
pattern = ^retiolum\.
retentions = 10s:1h,30s:30d,300s:1y
[homeassistant]
pattern = ^homeassistant\.
retentions = 10s:24h,30s:30d,300s:1y,3600s:5y
[ara]
pattern = ^ara\.
retentions = 60s:30d,300s:1y
[openweathermap]
pattern = ^weather\.openweathermap
retentions = 30m:30d,1h:5y
[stadtklima]
pattern = ^weather\.stadtklima-stuttgart
retentions = 15m:30d,30m:5y
[sensebox]
pattern = ^weather\.sensebox
retentions = 1m:90d,30m:5y
[elchos]
pattern = ^elchos\.
retentions = 10s:14d,1m:90d,10m:5y
[default]
pattern = .*
retentions = 60s:30d,300s:1y

11
shared/2configs/save-diskspace.nix Normal file
View file

@ -0,0 +1,11 @@
{lib, ... }:
# TODO: do not check out nixpkgs master but fetch revision from github
{
environment.noXlibs = true;
nix.gc.automatic = true;
nix.gc.dates = lib.mkDefault "03:10";
programs.info.enable = false;
programs.man.enable = false;
services.journald.extraConfig = "SystemMaxUse=50M";
services.nixosManual.enable = false;
}

0
shared/2configs/shack-drivedroid.nix → shared/2configs/shack/drivedroid.nix
View file

34
shared/2configs/shack/mqtt_sub.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
pkg = pkgs.stdenv.mkDerivation {
name = "mqtt2graphite-2017-05-29";
src = pkgs.fetchgit {
url = "https://github.com/shackspace/mqtt2graphite/";
rev = "8c060e6";
sha256 = "06x7a1j6sfyvvdxg0366fcslhn478anqh4m5hljyf0z29knvz7pg";
};
buildInputs = [
(pkgs.python35.withPackages (pythonPackages: with pythonPackages; [
docopt
paho-mqtt
]))
];
installPhase = ''
install -m755 -D sub.py $out/bin/sub
install -m755 -D sub2.py $out/bin/sub-new
'';
};
in {
systemd.services.mqtt_sub = {
description = "subscribe to mqtt, send to graphite";
# after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody";
ExecStart = "${pkg}/bin/sub-new";
PrivateTmp = true;
};
};
}

41
shared/2configs/shack/muell_caller.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
pkg = pkgs.stdenv.mkDerivation {
name = "muell_caller-2017-06-01";
src = pkgs.fetchgit {
url = "https://github.com/shackspace/muell_caller/";
rev = "bbd4009";
sha256 = "1bfnfl2vdh0p5wzyz5p48qh04vvsg2445avg86fzhzragx25fqv0";
};
buildInputs = [
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
docopt
requests2
paramiko
python
]))
];
installPhase = ''
install -m755 -D call.py $out/bin/call-muell
'';
};
cfg = "${toString <secrets>}/tell.json";
in {
systemd.services.call_muell = {
description = "call muell";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody"; # TODO separate user
ExecStartPre = pkgs.writeDash "call-muell-pre" ''
cp ${cfg} /tmp/tell.json
chown nobody /tmp/tell.json
'';
ExecStart = "${pkg}/bin/call-muell --cfg /tmp/tell.json --mode mpd loop 60";
Restart = "always";
PrivateTmp = true;
PermissionsStartOnly = true;
};
};
}

0
shared/2configs/shack-nix-cacher.nix → shared/2configs/shack/nix-cacher.nix
View file

0
shared/2configs/share-shack.nix → shared/2configs/shack/share.nix
View file