Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
e6794ca882
|
@ -1,33 +1,34 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
# :l <nixpkgs>
|
||||
# builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
|
||||
imports = [
|
||||
<stockholm/krebs>
|
||||
<stockholm/krebs/2configs>
|
||||
{ # minimal disk usage
|
||||
environment.noXlibs = true;
|
||||
{ # flag to rebuild everything yourself:
|
||||
# environment.noXlibs = true;
|
||||
|
||||
# minimal disk usage
|
||||
nix.gc.automatic = true;
|
||||
nix.gc.dates = "03:10";
|
||||
programs.info.enable = false;
|
||||
programs.man.enable = false;
|
||||
services.journald.extraConfig = "SystemMaxUse=50M";
|
||||
documentation.man.enable = false;
|
||||
documentation.info.enable = false;
|
||||
services.nixosManual.enable = false;
|
||||
services.journald.extraConfig = "SystemMaxUse=50M";
|
||||
}
|
||||
];
|
||||
krebs.build.host = config.krebs.hosts.onebutton;
|
||||
# NixOS wants to enable GRUB by default
|
||||
boot.loader.grub.enable = false;
|
||||
|
||||
# Enables the generation of /boot/extlinux/extlinux.conf
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
|
||||
# !!! If your board is a Raspberry Pi 1, select this:
|
||||
boot.kernelPackages = pkgs.linuxPackages_rpi;
|
||||
|
||||
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
|
||||
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
|
||||
|
||||
# !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
|
||||
# boot.kernelParams = ["cma=32M"];
|
||||
|
||||
fileSystems = {
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/NIXOS_BOOT";
|
||||
|
@ -41,4 +42,7 @@
|
|||
|
||||
swapDevices = [ { device = "/swapfile"; size = 1024; } ];
|
||||
services.openssh.enable = true;
|
||||
|
||||
networking.wireless.enable = true;
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
}
|
||||
|
|
|
@ -75,6 +75,7 @@ let
|
|||
};
|
||||
wdpath = "/usr/worlddomination/wd.lst";
|
||||
esphost = "10.42.24.7"; # esp8266
|
||||
afrihost = "10.42.25.201"; # africa
|
||||
timeout = 10; # minutes
|
||||
in {
|
||||
systemd.services.worlddomination = {
|
||||
|
@ -88,4 +89,16 @@ in {
|
|||
PermissionsStartOnly = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.worlddomination-africa = {
|
||||
description = "run worlddomination africa";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = "nobody"; # TODO separate user
|
||||
ExecStart = "${pkg}/bin/push-led ${afrihost} ${pkg}/${wdpath} loop ${toString timeout}";
|
||||
Restart = "always";
|
||||
PrivateTmp = true;
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -62,6 +62,7 @@ in {
|
|||
## Web
|
||||
<stockholm/makefu/2configs/nginx/share-download.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.test.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.mon.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.blog.nix>
|
||||
# <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="gum";
|
||||
torrent = true;
|
||||
clever_kexec = true;
|
||||
}
|
||||
|
|
|
@ -50,6 +50,7 @@ in {
|
|||
<stockholm/makefu/2configs/smart-monitor.nix>
|
||||
<stockholm/makefu/2configs/mail-client.nix>
|
||||
<stockholm/makefu/2configs/mosh.nix>
|
||||
<stockholm/makefu/2configs/tools/mobility.nix>
|
||||
# <stockholm/makefu/2configs/disable_v6.nix>
|
||||
#<stockholm/makefu/2configs/graphite-standalone.nix>
|
||||
#<stockholm/makefu/2configs/share-user-sftp.nix>
|
||||
|
@ -85,7 +86,7 @@ in {
|
|||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
# <stockholm/makefu/2configs/logging/central-logging-client.nix>
|
||||
|
||||
# <stockholm/makefu/2configs/torrent.nix>
|
||||
<stockholm/makefu/2configs/torrent.nix>
|
||||
|
||||
# <stockholm/makefu/2configs/elchos/search.nix>
|
||||
# <stockholm/makefu/2configs/elchos/log.nix>
|
||||
|
@ -100,7 +101,7 @@ in {
|
|||
makefu.full-populate = true;
|
||||
makefu.server.primary-itf = primaryInterface;
|
||||
krebs.rtorrent = {
|
||||
downloadDir = lib.mkForce "/media/crypt0/torrent";
|
||||
downloadDir = lib.mkForce "/media/cryptX/torrent";
|
||||
extraConfig = ''
|
||||
upload_rate = 200
|
||||
'';
|
||||
|
|
|
@ -52,9 +52,10 @@ in {
|
|||
db = "collectd_db";
|
||||
logging-interface = "enp0s25";
|
||||
in {
|
||||
networking.firewall.allowedTCPPorts = [ 3000 ];
|
||||
|
||||
services.grafana.enable = true;
|
||||
services.grafana.addr = "0.0.0.0";
|
||||
|
||||
services.influxdb.enable = true;
|
||||
services.influxdb.extraConfig = {
|
||||
meta.hostname = config.krebs.build.host.name;
|
||||
|
|
|
@ -11,9 +11,8 @@
|
|||
|
||||
systemd.services.modemmanager = {
|
||||
description = "ModemManager";
|
||||
after = [ "network-manager.service" ];
|
||||
bindsTo = [ "network-manager.service" ];
|
||||
wantedBy = [ "network-manager.service" ];
|
||||
wantedBy = [ "network-manager.service" "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
|
||||
PrivateTmp = true;
|
||||
|
|
26
makefu/2configs/nginx/euer.mon.nix
Normal file
26
makefu/2configs/nginx/euer.mon.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
hostname = config.krebs.build.host.name;
|
||||
user = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
in {
|
||||
services.nginx = {
|
||||
enable = mkDefault true;
|
||||
virtualHosts."mon.euer.krebsco.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://wbob.r:3000/";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,10 +1,6 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
nixpkgs.config.firefox = {
|
||||
enableAdobeFlash = true;
|
||||
};
|
||||
|
||||
krebs.per-user.makefu.packages = with pkgs; [
|
||||
chromium
|
||||
clipit
|
||||
|
|
|
@ -1,14 +1,16 @@
|
|||
with import <stockholm/lib>;
|
||||
host@{ name,
|
||||
override ? {}
|
||||
, secure ? false
|
||||
, full ? false
|
||||
, torrent ? false
|
||||
, hw ? false
|
||||
, musnix ? false
|
||||
, python ? false
|
||||
, unstable ? false #unstable channel checked out
|
||||
, mic92 ? false
|
||||
, secure ? false
|
||||
, full ? false
|
||||
, torrent ? false
|
||||
, hw ? false
|
||||
, musnix ? false
|
||||
, python ? false
|
||||
, unstable ? false #unstable channel checked out
|
||||
, mic92 ? false
|
||||
, nms ? false
|
||||
, clever_kexec ?false
|
||||
}:
|
||||
let
|
||||
builder = if getEnv "dummy_secrets" == "true"
|
||||
|
@ -42,11 +44,15 @@ in
|
|||
file = "/home/makefu/store/${ref}";
|
||||
};
|
||||
|
||||
secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/makefu/6tests/data/secrets>;
|
||||
makefu = "/home/makefu/secrets/${name}";
|
||||
secrets = getAttr builder {
|
||||
buildbot.file = toString <stockholm/makefu/6tests/data/secrets>;
|
||||
makefu.pass = {
|
||||
inherit name;
|
||||
dir = "${getEnv "HOME"}/.secrets-pass";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
stockholm.file = toString <stockholm>;
|
||||
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
|
||||
}
|
||||
|
@ -72,9 +78,12 @@ in
|
|||
})
|
||||
|
||||
(mkIf ( torrent ) {
|
||||
torrent-secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/makefu/6tests/data/secrets>;
|
||||
makefu = "/home/makefu/secrets/torrent" ;
|
||||
torrent-secrets = getAttr builder {
|
||||
buildbot.file = toString <stockholm/makefu/6tests/data/secrets>;
|
||||
makefu.pass = {
|
||||
name = "torrent";
|
||||
dir = "${getEnv "HOME"}/.secrets-pass";
|
||||
};
|
||||
};
|
||||
})
|
||||
|
||||
|
@ -92,5 +101,19 @@ in
|
|||
};
|
||||
})
|
||||
|
||||
(mkIf ( nms ) {
|
||||
nms.git = {
|
||||
url = https://github.com/r-raymond/nixos-mailserver;
|
||||
ref = "v2.1.2";
|
||||
};
|
||||
})
|
||||
|
||||
(mkIf ( clever_kexec ) {
|
||||
clever_kexec.git = {
|
||||
url = https://github.com/cleverca22/nix-tests;
|
||||
ref = "5a670de7f2decfaafc95c34ffeb0f1896662f3d7";
|
||||
};
|
||||
})
|
||||
|
||||
override
|
||||
]
|
||||
|
|
Loading…
Reference in a new issue