Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
e2e532c880
|
@ -66,6 +66,16 @@ with config.krebs.lib;
|
|||
};
|
||||
};
|
||||
};
|
||||
honeydrive = { # vm on darth
|
||||
nets = {
|
||||
internet = { # via shoney
|
||||
ip4.addr = "64.137.234.232";
|
||||
aliases = [
|
||||
"honeydrive.i"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
tsp = {
|
||||
cores = 1;
|
||||
nets = {
|
||||
|
|
|
@ -16,16 +16,32 @@ in {
|
|||
../2configs/smart-monitor.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/virtualization.nix
|
||||
|
||||
../2configs/temp-share-samba.nix
|
||||
];
|
||||
services.samba.shares = {
|
||||
isos = {
|
||||
path = "/data/isos/";
|
||||
"read only" = "yes";
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
};
|
||||
services.tinc.networks.siem = {
|
||||
name = "sdarth";
|
||||
extraConfig = "ConnectTo = sjump";
|
||||
};
|
||||
|
||||
makefu.forward-journal = {
|
||||
enable = true;
|
||||
src = "10.8.10.2";
|
||||
dst = "10.8.10.6";
|
||||
};
|
||||
|
||||
#networking.firewall.enable = false;
|
||||
krebs.retiolum.enable = true;
|
||||
|
||||
boot.kernelModules = [ "coretemp" "f71882fg" ];
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
networking = {
|
||||
|
@ -33,6 +49,7 @@ in {
|
|||
firewall = {
|
||||
allowPing = true;
|
||||
logRefusedConnections = false;
|
||||
trustedInterfaces = [ "eno1" ];
|
||||
allowedUDPPorts = [ 80 655 1655 67 ];
|
||||
allowedTCPPorts = [ 80 655 1655 ];
|
||||
};
|
||||
|
|
|
@ -75,6 +75,7 @@ in {
|
|||
|
||||
|
||||
# HDD Array stuff
|
||||
environment.systemPackages = [ pkgs.mergerfs ];
|
||||
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
||||
|
||||
makefu.snapraid = let
|
||||
|
@ -129,7 +130,10 @@ in {
|
|||
kernelModules = [ "kvm-intel" ];
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
users.users.misa = {
|
||||
uid = 9002;
|
||||
name = "misa";
|
||||
};
|
||||
hardware.enableAllFirmware = true;
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
|
||||
|
|
|
@ -3,8 +3,9 @@ let
|
|||
tinc-siem-ip = "10.8.10.1";
|
||||
|
||||
ip = "64.137.234.215";
|
||||
alt-ip = "64.137.234.210";
|
||||
extra-ip = "64.137.234.114"; #currently unused
|
||||
alt-ip = "64.137.234.210"; # honeydrive honeyd
|
||||
extra-ip1 = "64.137.234.114"; # floating tinc.siem
|
||||
extra-ip2 = "64.137.234.232"; # honeydrive
|
||||
gw = "64.137.234.1";
|
||||
in {
|
||||
imports = [
|
||||
|
@ -15,7 +16,7 @@ in {
|
|||
];
|
||||
|
||||
|
||||
|
||||
environment.systemPackages = [ pkgs.honeyd ];
|
||||
services.tinc.networks.siem.name = "sjump";
|
||||
|
||||
krebs = {
|
||||
|
@ -37,10 +38,15 @@ in {
|
|||
};
|
||||
};
|
||||
};
|
||||
makefu.forward-journal = {
|
||||
enable = true;
|
||||
src = "10.8.10.1";
|
||||
dst = "10.8.10.6";
|
||||
};
|
||||
networking = {
|
||||
interfaces.enp2s1.ip4 = [
|
||||
{ address = ip; prefixLength = 24; }
|
||||
{ address = alt-ip; prefixLength = 24; }
|
||||
# { address = alt-ip; prefixLength = 24; }
|
||||
];
|
||||
|
||||
defaultGateway = gw;
|
||||
|
|
12
makefu/2configs/binary-cache/lass.nix
Normal file
12
makefu/2configs/binary-cache/lass.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = [
|
||||
"http://cache.prism.r"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
|
||||
];
|
||||
};
|
||||
}
|
12
makefu/2configs/binary-cache/nixos.nix
Normal file
12
makefu/2configs/binary-cache/nixos.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = [
|
||||
"https://cache.nixos.org/"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
];
|
||||
};
|
||||
}
|
|
@ -2,8 +2,6 @@
|
|||
|
||||
with config.krebs.lib;
|
||||
{
|
||||
system.stateVersion = "15.09";
|
||||
|
||||
imports = [
|
||||
{
|
||||
users.extraUsers =
|
||||
|
@ -11,6 +9,8 @@ with config.krebs.lib;
|
|||
(import <secrets/hashedPasswords.nix>);
|
||||
}
|
||||
./vim.nix
|
||||
./binary-cache/nixos.nix
|
||||
./binary-cache/lass.nix
|
||||
];
|
||||
|
||||
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
|
||||
|
@ -24,7 +24,7 @@ with config.krebs.lib;
|
|||
source = mapAttrs (_: mkDefault) {
|
||||
nixpkgs = {
|
||||
url = https://github.com/nixos/nixpkgs;
|
||||
rev = "63b9785"; # stable @ 2016-06-01
|
||||
rev = "0546a4a"; # stable @ 2016-06-11
|
||||
};
|
||||
secrets = if getEnv "dummy_secrets" == "true"
|
||||
then toString <stockholm/makefu/6tests/data/secrets>
|
||||
|
@ -62,9 +62,6 @@ with config.krebs.lib;
|
|||
|
||||
programs.ssh = {
|
||||
startAgent = false;
|
||||
extraConfig = ''
|
||||
UseRoaming no
|
||||
'';
|
||||
};
|
||||
services.openssh.enable = true;
|
||||
nix.useChroot = true;
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
{config, ... }:{
|
||||
networking.firewall.allowedUDPPorts = [ 137 138 ];
|
||||
networking.firewall.allowedTCPPorts = [ 139 445 ];
|
||||
users.users.smbguest = {
|
||||
name = "smbguest";
|
||||
uid = config.ids.uids.smbguest;
|
||||
description = "smb guest user";
|
||||
home = "/var/empty";
|
||||
home = "/home/share";
|
||||
createHome = true;
|
||||
};
|
||||
services.samba = {
|
||||
enable = true;
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
|
||||
let
|
||||
mainUser = config.krebs.build.user;
|
||||
version = "5.0.6";
|
||||
rev = "103037";
|
||||
version = "5.0.20";
|
||||
rev = "106931";
|
||||
vboxguestpkg = pkgs.fetchurl {
|
||||
url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
|
||||
sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
|
||||
|
@ -14,5 +14,10 @@ in {
|
|||
nixpkgs.config.virtualbox.enableExtensionPack = true;
|
||||
|
||||
users.extraGroups.vboxusers.members = [ "${mainUser.name}" ];
|
||||
environment.systemPackages = [ vboxguestpkg ];
|
||||
nixpkgs.config.packageOverrides = super: {
|
||||
boot.kernelPackages = super.boot.kernelPackages.virtualbox.override {
|
||||
buildInputs = super.boot.kernelPackages.virtualBox.buildInputs
|
||||
++ [ vboxguestpkg ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@ _:
|
|||
./umts.nix
|
||||
./taskserver.nix
|
||||
./awesome-extra.nix
|
||||
./forward-journal.nix
|
||||
];
|
||||
}
|
||||
|
||||
|
|
50
makefu/3modules/forward-journal.nix
Normal file
50
makefu/3modules/forward-journal.nix
Normal file
|
@ -0,0 +1,50 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
let
|
||||
cfg = config.makefu.forward-journal;
|
||||
|
||||
out = {
|
||||
options.makefu.forward-journal = api;
|
||||
config = lib.mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkEnableOption "forward journal via syslog";
|
||||
src = mkOption {
|
||||
type = types.str;
|
||||
description = "syslog host identifier";
|
||||
default = config.networking.hostName;
|
||||
};
|
||||
dst = mkOption {
|
||||
type = types.str;
|
||||
description = "syslog host identifier";
|
||||
default = "";
|
||||
};
|
||||
proto = mkOption {
|
||||
type = types.str;
|
||||
default = "udp";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
description = "destination port";
|
||||
default = 514;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
imp = {
|
||||
services.syslog-ng = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
template t_remote { template("<$PRI>$DATE ${cfg.src} $PROGRAM[$PID]: $MSG\n"); };
|
||||
source s_all { system(); internal(); };
|
||||
destination d_loghost { udp("${cfg.dst}" port(${toString cfg.port}) template(t_remote)); };
|
||||
log { source(s_all); destination(d_loghost); };
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
in
|
||||
out
|
||||
|
|
@ -10,6 +10,8 @@ in
|
|||
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
|
||||
awesomecfg = callPackage ./awesomecfg {};
|
||||
bintray-upload = callPackage ./bintray-upload {};
|
||||
git-xlsx-textconv = callPackage ./git-xlsx-textconv {};
|
||||
mergerfs = callPackage ./mergerfs {};
|
||||
mycube-flask = callPackage ./mycube-flask {};
|
||||
nodemcu-uploader = callPackage ./nodemcu-uploader {};
|
||||
tw-upload-plugin = callPackage ./tw-upload-plugin {};
|
||||
|
|
26
makefu/5pkgs/mergerfs/default.nix
Normal file
26
makefu/5pkgs/mergerfs/default.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ stdenv, fetchgit, fuse, pkgconfig, which, attr, pandoc, git }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "mergerfs-${version}";
|
||||
version = "2.14.0";
|
||||
|
||||
# not using fetchFromGitHub because of changelog being built with git log
|
||||
src = fetchgit {
|
||||
url = "https://github.com/trapexit/mergerfs";
|
||||
rev = "refs/tags/${version}";
|
||||
sha256 = "0j5r96xddlj5gp3n1xhfwjmr6yf861xg3hgby4p078c8zfriq5rm";
|
||||
deepClone = true;
|
||||
};
|
||||
|
||||
buildInputs = [ fuse pkgconfig which attr pandoc git ];
|
||||
|
||||
makeFlags = [ "PREFIX=$(out)" "XATTR_AVAILABLE=1" ];
|
||||
|
||||
|
||||
meta = {
|
||||
homepage = https://github.com/trapexit/mergerfs;
|
||||
description = "a FUSE based union filesystem";
|
||||
license = stdenv.lib.licenses.isc;
|
||||
maintainers = [ stdenv.lib.maintainers.makefu ];
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue