Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
d825d2db87
|
@ -10,7 +10,7 @@ let
|
|||
addresses = peer.addresses;
|
||||
}) cfg.peers;
|
||||
|
||||
folders = map (folder: {
|
||||
folders = mapAttrsToList ( _: folder: {
|
||||
inherit (folder) path id type;
|
||||
devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
|
||||
rescanIntervalS = folder.rescanInterval;
|
||||
|
@ -81,17 +81,18 @@ in
|
|||
};
|
||||
|
||||
folders = mkOption {
|
||||
default = [];
|
||||
type = types.listOf (types.submodule ({ config, ... }: {
|
||||
default = {};
|
||||
type = types.attrsOf (types.submodule ({ config, ... }: {
|
||||
options = {
|
||||
|
||||
path = mkOption {
|
||||
type = types.absolute-pathname;
|
||||
default = config._module.args.name;
|
||||
};
|
||||
|
||||
id = mkOption {
|
||||
type = types.str;
|
||||
default = config.path;
|
||||
default = config._module.args.name;
|
||||
};
|
||||
|
||||
peers = mkOption {
|
||||
|
|
|
@ -49,12 +49,15 @@ with import <stockholm/lib>;
|
|||
];
|
||||
}
|
||||
{
|
||||
krebs.syncthing.folders = [
|
||||
{ id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; }
|
||||
];
|
||||
lass.ensure-permissions = [
|
||||
{ folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
|
||||
];
|
||||
krebs.syncthing.folders."the_playlist" = {
|
||||
path = "/home/lass/tmp/the_playlist";
|
||||
peers = [ "mors" "phone" "prism" ];
|
||||
};
|
||||
krebs.permown."/home/lass/tmp/the_playlist" = {
|
||||
owner = "lass";
|
||||
group = "syncthing";
|
||||
umask = "0007";
|
||||
};
|
||||
}
|
||||
{
|
||||
lass.umts = {
|
||||
|
|
|
@ -20,13 +20,12 @@ with import <stockholm/lib>;
|
|||
}
|
||||
];
|
||||
|
||||
lass.ensure-permissions = [
|
||||
{ folder = "/var/lib/sync-containers"; owner = "root"; group = "syncthing"; }
|
||||
];
|
||||
|
||||
krebs.syncthing.folders = [
|
||||
{ path = "/var/lib/sync-containers"; peers = [ "icarus" "skynet" "littleT" "shodan" ]; }
|
||||
];
|
||||
krebs.syncthing.folders."/var/lib/sync-containers".peers = [ "icarus" "skynet" "littleT" "shodan" ];
|
||||
krebs.permown."/var/lib/sync-containers" = {
|
||||
owner = "root";
|
||||
group = "syncthing";
|
||||
umask = "0007";
|
||||
};
|
||||
|
||||
system.activationScripts.containerPermissions = ''
|
||||
mkdir -p /var/lib/containers
|
||||
|
|
|
@ -10,7 +10,7 @@ let
|
|||
source-password = import <secrets/icecast-source-pw>;
|
||||
|
||||
add_random = pkgs.writeDashBin "add_random" ''
|
||||
${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)"
|
||||
${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls the_playlist/music | grep '\.ogg$' | shuf -n1)"
|
||||
'';
|
||||
|
||||
skip_track = pkgs.writeDashBin "skip_track" ''
|
||||
|
@ -57,7 +57,7 @@ in {
|
|||
services.mpd = {
|
||||
enable = true;
|
||||
group = "radio";
|
||||
musicDirectory = "/home/radio/the_playlist/music";
|
||||
musicDirectory = "/home/radio/music";
|
||||
extraConfig = ''
|
||||
log_level "default"
|
||||
auto_update "yes"
|
||||
|
@ -248,10 +248,13 @@ in {
|
|||
alias ${html};
|
||||
'';
|
||||
};
|
||||
krebs.syncthing.folders = [
|
||||
{ id = "the_playlist"; path = "/home/radio/music/the_playlist"; peers = [ "mors" "phone" "prism" ]; }
|
||||
];
|
||||
lass.ensure-permissions = [
|
||||
{ folder = "/home/radio/music/the_playlist"; owner = "radio"; group = "syncthing"; }
|
||||
];
|
||||
krebs.syncthing.folders."the_playlist" = {
|
||||
path = "/home/radio/music/the_playlist";
|
||||
peers = [ "mors" "phone" "prism" ];
|
||||
};
|
||||
krebs.permown."/home/radio/music/the_playlist" = {
|
||||
owner = "radio";
|
||||
group = "syncthing";
|
||||
umask = "0002";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
{
|
||||
krebs.syncthing.folders = [
|
||||
{ id = "decsync"; path = "/home/lass/decsync"; peers = [ "mors" "blue" "green" "phone" ]; }
|
||||
];
|
||||
lass.ensure-permissions = [
|
||||
{ folder = "/home/lass/decsync"; owner = "lass"; group = "syncthing"; }
|
||||
];
|
||||
krebs.syncthing.folders.decsync = {
|
||||
path = "/home/lass/decsync";
|
||||
peers = [ "mors" "blue" "green" "phone" ];
|
||||
};
|
||||
krebs.permown."/home/lass/decsync" = {
|
||||
owner = "lass";
|
||||
group = "syncthing";
|
||||
umask = "0007";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{
|
||||
krebs.syncthing.folders = [
|
||||
{ path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
|
||||
];
|
||||
lass.ensure-permissions = [
|
||||
{ folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
|
||||
];
|
||||
krebs.syncthing.folders."/home/lass/.weechat".peers = [ "blue" "green" "mors" ];
|
||||
krebs.permown."/home/lass/.weechat" = {
|
||||
owner = "lass";
|
||||
group = "syncthing";
|
||||
umask = "0007";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
{ config, pkgs, ... }: with import <stockholm/lib>; let
|
||||
peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
|
||||
in {
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
group = "syncthing";
|
||||
|
@ -14,17 +14,17 @@ with import <stockholm/lib>;
|
|||
enable = true;
|
||||
cert = toString <secrets/syncthing.cert>;
|
||||
key = toString <secrets/syncthing.key>;
|
||||
peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
|
||||
folders = [
|
||||
{ path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism" "shodan" ]; }
|
||||
];
|
||||
peers = peers;
|
||||
folders."/home/lass/sync".peers = attrNames peers;
|
||||
};
|
||||
|
||||
system.activationScripts.syncthing-home = ''
|
||||
${pkgs.coreutils}/bin/chmod a+x /home/lass
|
||||
'';
|
||||
|
||||
lass.ensure-permissions = [
|
||||
{ folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; }
|
||||
];
|
||||
krebs.permown."/home/lass/sync" = {
|
||||
owner = "lass";
|
||||
group = "syncthing";
|
||||
umask = "0007";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -3,7 +3,6 @@ _:
|
|||
imports = [
|
||||
./dnsmasq.nix
|
||||
./ejabberd
|
||||
./ensure-permissions.nix
|
||||
./folderPerms.nix
|
||||
./hosts.nix
|
||||
./mysql-backup.nix
|
||||
|
|
|
@ -1,66 +0,0 @@
|
|||
{ config, pkgs, ... }: with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.lass.ensure-permissions;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
options.lass.ensure-permissions = mkOption {
|
||||
default = [];
|
||||
type = types.listOf (types.submodule ({
|
||||
options = {
|
||||
|
||||
folder = mkOption {
|
||||
type = types.absolute-pathname;
|
||||
};
|
||||
|
||||
owner = mkOption {
|
||||
# TODO user type
|
||||
type = types.str;
|
||||
default = "root";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
# TODO group type
|
||||
type = types.str;
|
||||
default = "root";
|
||||
};
|
||||
|
||||
permission = mkOption {
|
||||
# TODO permission type
|
||||
type = types.str;
|
||||
default = "u+rw,g+rw";
|
||||
};
|
||||
|
||||
};
|
||||
}));
|
||||
};
|
||||
|
||||
config = mkIf (cfg != []) {
|
||||
|
||||
system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''
|
||||
${pkgs.coreutils}/bin/mkdir -p ${plan.folder}
|
||||
${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}
|
||||
${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}
|
||||
'') cfg;
|
||||
systemd.services =
|
||||
listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = 10;
|
||||
ExecStart = pkgs.writeDash "ensure-perms" ''
|
||||
${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \
|
||||
| while IFS= read -r FILE; do
|
||||
${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null
|
||||
${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null
|
||||
done
|
||||
'';
|
||||
};
|
||||
}) cfg)
|
||||
;
|
||||
|
||||
};
|
||||
}
|
|
@ -6,13 +6,13 @@
|
|||
[ # Include the results of the hardware scan.
|
||||
<stockholm/makefu>
|
||||
|
||||
<stockholm/makefu/2configs/hw/vbox-guest.nix>
|
||||
#{ # until virtualbox-image is fixed
|
||||
# imports = [
|
||||
# <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
||||
# ];
|
||||
# boot.loader.grub.device = lib.mkForce "/dev/sda";
|
||||
#}
|
||||
# <stockholm/makefu/2configs/hw/vbox-guest.nix> # broken since 2019-04-18
|
||||
{ # until virtualbox-image is fixed
|
||||
imports = [
|
||||
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
||||
];
|
||||
boot.loader.grub.device = lib.mkForce "/dev/sda";
|
||||
}
|
||||
<stockholm/makefu/2configs/main-laptop.nix>
|
||||
# <secrets/extra-hosts.nix>
|
||||
|
||||
|
|
|
@ -11,9 +11,13 @@
|
|||
<stockholm/makefu/2configs/home-manager/desktop.nix>
|
||||
<stockholm/makefu/2configs/home-manager/cli.nix>
|
||||
<stockholm/makefu/2configs/home-manager/mail.nix>
|
||||
<stockholm/makefu/2configs/home-manager/taskwarrior.nix>
|
||||
|
||||
<stockholm/makefu/2configs/main-laptop.nix>
|
||||
<stockholm/makefu/2configs/extra-fonts.nix>
|
||||
<stockholm/makefu/2configs/tools/all.nix>
|
||||
{ programs.adb.enable = true; }
|
||||
|
||||
<stockholm/makefu/2configs/dict.nix>
|
||||
#<stockholm/makefu/3modules/netboot_server.nix>
|
||||
#{
|
||||
|
@ -23,7 +27,14 @@
|
|||
# };
|
||||
#}
|
||||
|
||||
# Restore:
|
||||
# systemctl cat borgbackup-job-state
|
||||
# export BORG_PASSCOMMAND BORG_REPO BORG_RSH
|
||||
# borg list "$BORG_REPO"
|
||||
# mount newroot somewhere && cd somewhere
|
||||
# borg extract "$BORG_REPO::x-state-2019-04-17T01:41:51" --progress # < extract to cwd
|
||||
<stockholm/makefu/2configs/backup/state.nix>
|
||||
|
||||
# <stockholm/makefu/2configs/dnscrypt/client.nix>
|
||||
<stockholm/makefu/2configs/avahi.nix>
|
||||
<stockholm/makefu/2configs/support-nixos.nix>
|
||||
|
@ -46,19 +57,18 @@
|
|||
|
||||
# Krebs
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
<stockholm/makefu/2configs/share/gum-client.nix>
|
||||
# <stockholm/makefu/2configs/share/gum-client.nix>
|
||||
|
||||
|
||||
# applications
|
||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
<stockholm/makefu/2configs/mail-client.nix>
|
||||
<stockholm/makefu/2configs/printer.nix>
|
||||
<stockholm/makefu/2configs/task-client.nix>
|
||||
# <stockholm/makefu/2configs/syncthing.nix>
|
||||
|
||||
# Virtualization
|
||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||
# <stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||
# <stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/virtualbox.nix>
|
||||
#{
|
||||
# networking.firewall.allowedTCPPorts = [ 8080 ];
|
||||
|
@ -71,35 +81,43 @@
|
|||
# Services
|
||||
<stockholm/makefu/2configs/git/brain-retiolum.nix>
|
||||
<stockholm/makefu/2configs/tor.nix>
|
||||
<stockholm/makefu/2configs/vpn/vpngate.nix>
|
||||
# <stockholm/makefu/2configs/vpn/vpngate.nix>
|
||||
# <stockholm/makefu/2configs/buildbot-standalone.nix>
|
||||
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
|
||||
<stockholm/makefu/2configs/remote-build/gum.nix>
|
||||
{ nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
|
||||
# <stockholm/makefu/2configs/remote-build/gum.nix>
|
||||
# { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
|
||||
|
||||
<stockholm/makefu/2configs/binary-cache/gum.nix>
|
||||
<stockholm/makefu/2configs/binary-cache/lass.nix>
|
||||
|
||||
# Hardware
|
||||
<stockholm/makefu/2configs/hw/tp-x230.nix>
|
||||
<stockholm/makefu/2configs/hw/mceusb.nix>
|
||||
<stockholm/makefu/2configs/hw/malduino_elite.nix>
|
||||
# <stockholm/makefu/2configs/hw/mceusb.nix>
|
||||
# <stockholm/makefu/2configs/hw/tpm.nix>
|
||||
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
|
||||
<stockholm/makefu/2configs/hw/network-manager.nix>
|
||||
<stockholm/makefu/2configs/hw/stk1160.nix>
|
||||
<stockholm/makefu/2configs/hw/irtoy.nix>
|
||||
# <stockholm/makefu/2configs/hw/stk1160.nix>
|
||||
# <stockholm/makefu/2configs/hw/irtoy.nix>
|
||||
# <stockholm/makefu/2configs/hw/malduino_elite.nix>
|
||||
<stockholm/makefu/2configs/hw/switch.nix>
|
||||
<stockholm/makefu/2configs/hw/bluetooth.nix>
|
||||
# <stockholm/makefu/2configs/hw/rad1o.nix>
|
||||
<stockholm/makefu/2configs/hw/smartcard.nix>
|
||||
|
||||
{
|
||||
services.upower.enable = true;
|
||||
users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ];
|
||||
}
|
||||
|
||||
# Filesystem
|
||||
<stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
|
||||
|
||||
# Security
|
||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
{ programs.adb.enable = true; }
|
||||
|
||||
# temporary
|
||||
{ services.redis.enable = true; }
|
||||
<stockholm/makefu/2configs/pyload.nix>
|
||||
# { services.redis.enable = true; }
|
||||
# <stockholm/makefu/2configs/pyload.nix>
|
||||
# <stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||
# <stockholm/makefu/2configs/nginx/rompr.nix>
|
||||
# <stockholm/makefu/2configs/lanparty/lancache.nix>
|
||||
|
@ -136,6 +154,9 @@
|
|||
makefu.server.primary-itf = "wlp3s0";
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nixpkgs.config.oraclejdk.accept_license = true;
|
||||
|
||||
|
||||
|
||||
# configure pulseAudio to provide a HDMI sink as well
|
||||
networking.firewall.enable = true;
|
||||
|
@ -163,7 +184,6 @@
|
|||
"/home/makefu/.ssh/"
|
||||
"/home/makefu/.zsh_history"
|
||||
"/home/makefu/.bash_history"
|
||||
"/home/makefu/.zshrc"
|
||||
"/home/makefu/bin"
|
||||
"/home/makefu/.gnupg"
|
||||
"/home/makefu/.imapfilter"
|
||||
|
@ -171,6 +191,7 @@
|
|||
"/home/makefu/docs"
|
||||
"/home/makefu/.password-store"
|
||||
"/home/makefu/.secrets-pass"
|
||||
"/home/makefu/.config/syncthing"
|
||||
];
|
||||
|
||||
services.syncthing.user = lib.mkForce "makefu";
|
||||
|
|
13
makefu/2configs/binary-cache/gum.nix
Normal file
13
makefu/2configs/binary-cache/gum.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = [
|
||||
"https://cache.euer.krebsco.de/"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
"gum:iIXIFlCAotib+MgI3V/i3HMlFXiVYOT/jfP0y54Zuvg="
|
||||
];
|
||||
};
|
||||
}
|
|
@ -19,9 +19,10 @@
|
|||
};
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts.nix-serve = {
|
||||
serverAliases = [ "cache.gum.r"
|
||||
"cache.euer.krebsco.de"
|
||||
virtualHosts."cache.euer.krebsco.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
serverAliases = [ # "cache.gum.r"
|
||||
"cache.gum.krebsco.de"
|
||||
];
|
||||
locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
|
||||
|
|
Loading…
Reference in a new issue