Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2018-04-21 13:03:18 +02:00
commit d7320041b8
18 changed files with 155 additions and 50 deletions

View file

@ -0,0 +1,32 @@
{ config, pkgs, lib, ... }:
{
imports = [
<stockholm/krebs>
];
# NixOS wants to enable GRUB by default
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
# !!! If your board is a Raspberry Pi 1, select this:
boot.kernelPackages = pkgs.linuxPackages_rpi;
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
# !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
# boot.kernelParams = ["cma=32M"];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
swapDevices = [ { device = "/swapfile"; size = 1024; } ];
}

View file

@ -0,0 +1,11 @@
let
pkgs = import <nixpkgs> {};
in import <stockholm/krebs/source.nix> {
name = "onebutton";
nixpkgs.file = pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs-channels";
rev = "6c064e6b"; # only binary cache for unstable arm6
sha256 = "0ssaaaaaaaaaaaawkgjk8c75mvhgn5z7g1dkb78r8vrih9428bb8";
};
}

View file

@ -64,8 +64,10 @@ in {
<stockholm/makefu/2configs/nginx/euer.test.nix>
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
<stockholm/makefu/2configs/nginx/euer.blog.nix>
# <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/public_html.nix>
<stockholm/makefu/2configs/nginx/update.connector.one.nix>
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
@ -222,6 +224,8 @@ in {
25
# http
80 443
# httptunnel
8080 8443
# tinc
655
# tinc-shack

View file

@ -33,6 +33,9 @@ in {
<stockholm/makefu/2configs/share/wbob.nix>
<stockholm/makefu/2configs/bluetooth-mpd.nix>
{
users.users.makefu.extraGroups = [ "pulse" ];
}
# Sensors
<stockholm/makefu/2configs/stats/telegraf>
@ -121,6 +124,7 @@ in {
networking.firewall.allowedTCPPorts = [
655
8081 #smokeping
8086 #influx
49152
];
networking.firewall.trustedInterfaces = [ "enp0s25" ];

View file

@ -141,15 +141,6 @@ with import <stockholm/lib>;
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
}
{ # auto-mounting
services.udisks2.enable = true;
services.devmon.enable = true;
# services.gnome3.gvfs.enable = true;
users.users.makefu.packages = with pkgs;[
gvfs pcmanfm lxmenu-data
];
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
}
];
@ -170,6 +161,7 @@ with import <stockholm/lib>;
networking.extraHosts = ''
192.168.1.11 omo.local
80.92.65.53 www.wifionice.de wifionice.de
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];

View file

@ -34,7 +34,7 @@ in {
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
# systemWide = true;
# systemWide = true;
support32Bit = true;
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
@ -42,12 +42,13 @@ in {
enable = true;
# PULSE_SERVER=192.168.1.11 pavucontrol
anonymousClients.allowAll = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.0.0/16" ];
};
configFile = pkgs.writeText "default.pa" ''
load-module module-udev-detect
load-module module-bluetooth-policy
load-module module-bluetooth-discover
load-module module-native-protocol-unix
load-module module-native-protocol-unix auth-anonymous=1
load-module module-always-sink
load-module module-console-kit
load-module module-systemd-login
@ -56,13 +57,15 @@ in {
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-switch-on-connect
#load-module module-bluez5-device
#load-module module-bluez5-discover
'';
};
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
#hardware.bluetooth.extraConfig = ''
# [general]
# Enable=Source,Sink,Media,Socket
#'';
# environment.etc."bluetooth/audio.conf".text = ''
# [General]
# Enable = Source,Sink,Media,Socket
# '';
};
}

View file

@ -30,6 +30,7 @@ let
euer_blog = { };
ampel = { };
europastats = { };
arafetch = { };
init-stockholm = {
cgit.desc = "Init stuff for stockholm";
};

View file

@ -0,0 +1,44 @@
{ pkgs, ... }:
with import <stockholm/lib>; #genid
{ # auto-mounting via polkit
services.udisks2.enable = true;
## automount all disks:
# services.devmon.enable = true;
# services.gnome3.gvfs.enable = true;
users.groups.storage = {
gid = genid "storage";
members = [ "makefu" ];
};
users.users.makefu.packages = with pkgs;[
gvfs pcmanfm lxmenu-data
];
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
## allow users in group "storage" to mount disk
# https://github.com/coldfix/udiskie/wiki/Permissions
security.polkit.extraConfig =
''
polkit.addRule(function(action, subject) {
var YES = polkit.Result.YES;
var permission = {
"org.freedesktop.udisks.filesystem-mount": YES,
"org.freedesktop.udisks.luks-unlock": YES,
"org.freedesktop.udisks.drive-eject": YES,
"org.freedesktop.udisks.drive-detach": YES,
"org.freedesktop.udisks2.filesystem-mount": YES,
"org.freedesktop.udisks2.encrypted-unlock": YES,
"org.freedesktop.udisks2.eject-media": YES,
"org.freedesktop.udisks2.power-off-drive": YES,
"org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
"org.freedesktop.udisks2.filesystem-unmount-others": YES,
"org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
"org.freedesktop.udisks2.eject-media-other-seat": YES,
"org.freedesktop.udisks2.power-off-drive-other-seat": YES
};
if (subject.isInGroup("storage")) {
return permission[action.id];
}
});
'';
}

View file

@ -5,7 +5,6 @@
{
# TODO postgres backup
services.postgresql.enable = true;
services.hydra = {
enable = true;

View file

@ -16,6 +16,7 @@ in {
./zsh-user.nix
./tools/core.nix
./tools/core-gui.nix
./gui/automatic-diskmount.nix
];
users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ];

View file

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
{
services.nginx = {
enable = lib.mkDefault true;
virtualHosts."misa-felix-hochzeit.ml" = {
serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ];
forceSSL = true;
enableACME = true;
locations = {
"/" = {
index = "index.html";
root = "/var/www/misa-felix-hochzeit.ml";
};
};
};
};
}

View file

@ -1,14 +0,0 @@
{ pkgs, ...}:
let
sshKey = (toString <secrets>) + "/id_nixBuild";
in {
nix.distributedBuilds = true;
# TODO: iterate over krebs.hosts
nix.buildMachines = map ( hostName:
{ inherit hostName sshKey;
sshUser = "nixBuild";
system = "x86_64-linux";
maxJobs = 8;
}) [ "hotdog.r" ];
# puyak.r "wbob.r" "omo.r" "gum.r" "latte.r"
}

View file

@ -3,7 +3,7 @@ with import <stockholm/lib>;
let
pkg = with pkgs.python3Packages;buildPythonPackage rec {
rev = "762d747";
name = "europastats-${rev}";
name = "arafetch-${rev}";
propagatedBuildInputs = [
requests
docopt
@ -25,12 +25,25 @@ in {
};
systemd.services.arafetch = {
startAt = "Mon 09:15:00";
startAt = "Mon,Wed,Fri 09:15:00";
wantedBy = [ "multi-user.target" ];
environment = {
OUTDIR = home;
};
path = [ pkg pkgs.git pkgs.wget ];
script = "${pkg}/bin/weekrun";
serviceConfig = {
User = "arafetch";
WorkingDirectory = home;
PrivateTmp = true;
ExecStart = pkgs.writeDash "start-weekrun" ''
set -x
weekrun || echo "weekrun failed!"
find $OUTDIR/db -name \*.json | while read path;do
file=''${path##*/}
cantine=''${file%%.json}
ara2influx $path --cantine $cantine --host wbob.r
done
'';
};
};
}

View file

@ -25,7 +25,6 @@ in {
# pypi
https://pypi.python.org/simple/bepasty/
https://pypi.python.org/simple/devpi-client/
https://pypi.python.org/simple/oslo.config/
https://pypi.python.org/simple/sqlalchemy_migrate/
https://pypi.python.org/simple/xstatic/
https://pypi.python.org/simple/pyserial/

View file

@ -2,7 +2,7 @@
with pkgs.python3Packages;buildPythonPackage rec {
name = "ampel-${version}";
version = "0.2";
version = "0.2.1";
propagatedBuildInputs = [
docopt
@ -16,8 +16,8 @@ with pkgs.python3Packages;buildPythonPackage rec {
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
rev = "d8a0250";
sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f";
rev = "92321d7";
sha256 = "0mvpbpf1rx8sc589qjb73gl8z6fir2zs3gl3br1pbhg5jgn0ij4n";
};
meta = {
homepage = http://cgit.euer.krebsco.de/ampel;

View file

@ -412,8 +412,7 @@ clientkeys = awful.util.table.join(
end),
awful.key({ modkey, }, "m",
function (c)
c.maximized_horizontal = not c.maximized_horizontal
c.maximized_vertical = not c.maximized_vertical
c.maximized = not c.maximized
end)
)

View file

@ -16,16 +16,17 @@ let
};
devpi-web = pkgs.python3Packages.buildPythonPackage rec {
name = "devpi-web";
version = "3.1.1";
version = "3.2.2";
src = pkgs.fetchurl {
url = "mirror://pypi/d/devpi-web/devpi-web-${version}.tar.gz";
sha256 = "0bvqv52jmasfm4sdyccwsgvk9a663d3grj7zjw8r9x7xm7l3svqv";
sha256 = "1mwg2fcw88rn47ypnhg5f4s1r066129z922113shyinwrwfddhay";
};
propagatedBuildInputs = with pkgs.python3Packages;
[ pkgs.devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ];
propagatedBuildInputs = with pkgs.python3Packages; builtins.trace pkgs.devpi-server.version
[ pkgs.devpi-server pyramid_chameleon pygments docutils devpi-common
whoosh beautifulsoup4 defusedxml readme-renderer ];
meta = {
homepage = https://bitbucket.org/hpk42/devpi;
@ -37,6 +38,6 @@ let
in {
devpi-web = pkgs.python3.buildEnv.override {
extraLibs = [ devpi-web devpi-server ];
};
extraLibs = [ devpi-web pkgs.devpi-server ];
};
}

View file

@ -21,9 +21,8 @@ let
];
};
# TODO: automate updating of this ref + cherry-picks
ref = "6583793"; # nixos-17.09 @ 2018-03-07
# + do_sqlite3 ruby: 55a952be5b5
# + signal: 0f19beef3, 50ad913, 9449782, b7046ab2
ref = "a09afbfb8a4"; # nixos-18.03 @ 2018-04-04
# + do_sqlite3 ruby: 55a952be5b5
in
evalSource (toString _file) [
@ -54,7 +53,7 @@ in
(mkIf ( musnix ) {
musnix.git = {
url = https://github.com/musnix/musnix.git;
ref = "d8b989f";
ref = "master"; # follow the musnix channel, lets see how this works out
};
})