Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2016-07-14 22:59:13 +02:00
commit e2e532c880
13 changed files with 161 additions and 16 deletions

View file

@ -66,6 +66,16 @@ with config.krebs.lib;
};
};
};
honeydrive = { # vm on darth
nets = {
internet = { # via shoney
ip4.addr = "64.137.234.232";
aliases = [
"honeydrive.i"
];
};
};
};
tsp = {
cores = 1;
nets = {

View file

@ -16,16 +16,32 @@ in {
../2configs/smart-monitor.nix
../2configs/exim-retiolum.nix
../2configs/virtualization.nix
../2configs/temp-share-samba.nix
];
services.samba.shares = {
isos = {
path = "/data/isos/";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
};
services.tinc.networks.siem = {
name = "sdarth";
extraConfig = "ConnectTo = sjump";
};
makefu.forward-journal = {
enable = true;
src = "10.8.10.2";
dst = "10.8.10.6";
};
#networking.firewall.enable = false;
krebs.retiolum.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ];
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
networking = {
@ -33,6 +49,7 @@ in {
firewall = {
allowPing = true;
logRefusedConnections = false;
trustedInterfaces = [ "eno1" ];
allowedUDPPorts = [ 80 655 1655 67 ];
allowedTCPPorts = [ 80 655 1655 ];
};

View file

@ -75,6 +75,7 @@ in {
# HDD Array stuff
environment.systemPackages = [ pkgs.mergerfs ];
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
makefu.snapraid = let
@ -129,7 +130,10 @@ in {
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
users.users.misa = {
uid = 9002;
name = "misa";
};
hardware.enableAllFirmware = true;
hardware.cpu.intel.updateMicrocode = true;

View file

@ -3,8 +3,9 @@ let
tinc-siem-ip = "10.8.10.1";
ip = "64.137.234.215";
alt-ip = "64.137.234.210";
extra-ip = "64.137.234.114"; #currently unused
alt-ip = "64.137.234.210"; # honeydrive honeyd
extra-ip1 = "64.137.234.114"; # floating tinc.siem
extra-ip2 = "64.137.234.232"; # honeydrive
gw = "64.137.234.1";
in {
imports = [
@ -15,7 +16,7 @@ in {
];
environment.systemPackages = [ pkgs.honeyd ];
services.tinc.networks.siem.name = "sjump";
krebs = {
@ -37,10 +38,15 @@ in {
};
};
};
makefu.forward-journal = {
enable = true;
src = "10.8.10.1";
dst = "10.8.10.6";
};
networking = {
interfaces.enp2s1.ip4 = [
{ address = ip; prefixLength = 24; }
{ address = alt-ip; prefixLength = 24; }
# { address = alt-ip; prefixLength = 24; }
];
defaultGateway = gw;

View file

@ -0,0 +1,12 @@
{ config, ... }:
{
nix = {
binaryCaches = [
"http://cache.prism.r"
];
binaryCachePublicKeys = [
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
];
};
}

View file

@ -0,0 +1,12 @@
{ config, ... }:
{
nix = {
binaryCaches = [
"https://cache.nixos.org/"
];
binaryCachePublicKeys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
];
};
}

View file

@ -2,8 +2,6 @@
with config.krebs.lib;
{
system.stateVersion = "15.09";
imports = [
{
users.extraUsers =
@ -11,6 +9,8 @@ with config.krebs.lib;
(import <secrets/hashedPasswords.nix>);
}
./vim.nix
./binary-cache/nixos.nix
./binary-cache/lass.nix
];
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
@ -24,7 +24,7 @@ with config.krebs.lib;
source = mapAttrs (_: mkDefault) {
nixpkgs = {
url = https://github.com/nixos/nixpkgs;
rev = "63b9785"; # stable @ 2016-06-01
rev = "0546a4a"; # stable @ 2016-06-11
};
secrets = if getEnv "dummy_secrets" == "true"
then toString <stockholm/makefu/6tests/data/secrets>
@ -62,9 +62,6 @@ with config.krebs.lib;
programs.ssh = {
startAgent = false;
extraConfig = ''
UseRoaming no
'';
};
services.openssh.enable = true;
nix.useChroot = true;

View file

@ -1,9 +1,12 @@
{config, ... }:{
networking.firewall.allowedUDPPorts = [ 137 138 ];
networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
description = "smb guest user";
home = "/var/empty";
home = "/home/share";
createHome = true;
};
services.samba = {
enable = true;

View file

@ -2,8 +2,8 @@
let
mainUser = config.krebs.build.user;
version = "5.0.6";
rev = "103037";
version = "5.0.20";
rev = "106931";
vboxguestpkg = pkgs.fetchurl {
url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
@ -14,5 +14,10 @@ in {
nixpkgs.config.virtualbox.enableExtensionPack = true;
users.extraGroups.vboxusers.members = [ "${mainUser.name}" ];
environment.systemPackages = [ vboxguestpkg ];
nixpkgs.config.packageOverrides = super: {
boot.kernelPackages = super.boot.kernelPackages.virtualbox.override {
buildInputs = super.boot.kernelPackages.virtualBox.buildInputs
++ [ vboxguestpkg ];
};
};
}

View file

@ -6,6 +6,7 @@ _:
./umts.nix
./taskserver.nix
./awesome-extra.nix
./forward-journal.nix
];
}

View file

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
with config.krebs.lib;
let
cfg = config.makefu.forward-journal;
out = {
options.makefu.forward-journal = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "forward journal via syslog";
src = mkOption {
type = types.str;
description = "syslog host identifier";
default = config.networking.hostName;
};
dst = mkOption {
type = types.str;
description = "syslog host identifier";
default = "";
};
proto = mkOption {
type = types.str;
default = "udp";
};
port = mkOption {
type = types.int;
description = "destination port";
default = 514;
};
};
imp = {
services.syslog-ng = {
enable = true;
extraConfig = ''
template t_remote { template("<$PRI>$DATE ${cfg.src} $PROGRAM[$PID]: $MSG\n"); };
source s_all { system(); internal(); };
destination d_loghost { udp("${cfg.dst}" port(${toString cfg.port}) template(t_remote)); };
log { source(s_all); destination(d_loghost); };
'';
};
};
in
out

View file

@ -10,6 +10,8 @@ in
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
awesomecfg = callPackage ./awesomecfg {};
bintray-upload = callPackage ./bintray-upload {};
git-xlsx-textconv = callPackage ./git-xlsx-textconv {};
mergerfs = callPackage ./mergerfs {};
mycube-flask = callPackage ./mycube-flask {};
nodemcu-uploader = callPackage ./nodemcu-uploader {};
tw-upload-plugin = callPackage ./tw-upload-plugin {};

View file

@ -0,0 +1,26 @@
{ stdenv, fetchgit, fuse, pkgconfig, which, attr, pandoc, git }:
stdenv.mkDerivation rec {
name = "mergerfs-${version}";
version = "2.14.0";
# not using fetchFromGitHub because of changelog being built with git log
src = fetchgit {
url = "https://github.com/trapexit/mergerfs";
rev = "refs/tags/${version}";
sha256 = "0j5r96xddlj5gp3n1xhfwjmr6yf861xg3hgby4p078c8zfriq5rm";
deepClone = true;
};
buildInputs = [ fuse pkgconfig which attr pandoc git ];
makeFlags = [ "PREFIX=$(out)" "XATTR_AVAILABLE=1" ];
meta = {
homepage = https://github.com/trapexit/mergerfs;
description = "a FUSE based union filesystem";
license = stdenv.lib.licenses.isc;
maintainers = [ stdenv.lib.maintainers.makefu ];
};
}