Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2018-05-03 18:59:31 +02:00
commit e6794ca882
10 changed files with 97 additions and 32 deletions

View file

@ -1,33 +1,34 @@
{ config, pkgs, lib, ... }:
{
# :l <nixpkgs>
# builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
imports = [
<stockholm/krebs>
<stockholm/krebs/2configs>
{ # minimal disk usage
environment.noXlibs = true;
{ # flag to rebuild everything yourself:
# environment.noXlibs = true;
# minimal disk usage
nix.gc.automatic = true;
nix.gc.dates = "03:10";
programs.info.enable = false;
programs.man.enable = false;
services.journald.extraConfig = "SystemMaxUse=50M";
documentation.man.enable = false;
documentation.info.enable = false;
services.nixosManual.enable = false;
services.journald.extraConfig = "SystemMaxUse=50M";
}
];
krebs.build.host = config.krebs.hosts.onebutton;
# NixOS wants to enable GRUB by default
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
# !!! If your board is a Raspberry Pi 1, select this:
boot.kernelPackages = pkgs.linuxPackages_rpi;
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
# !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
# boot.kernelParams = ["cma=32M"];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
@ -41,4 +42,7 @@
swapDevices = [ { device = "/swapfile"; size = 1024; } ];
services.openssh.enable = true;
networking.wireless.enable = true;
hardware.enableRedistributableFirmware = true;
}

View file

@ -75,6 +75,7 @@ let
};
wdpath = "/usr/worlddomination/wd.lst";
esphost = "10.42.24.7"; # esp8266
afrihost = "10.42.25.201"; # africa
timeout = 10; # minutes
in {
systemd.services.worlddomination = {
@ -88,4 +89,16 @@ in {
PermissionsStartOnly = true;
};
};
systemd.services.worlddomination-africa = {
description = "run worlddomination africa";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody"; # TODO separate user
ExecStart = "${pkg}/bin/push-led ${afrihost} ${pkg}/${wdpath} loop ${toString timeout}";
Restart = "always";
PrivateTmp = true;
PermissionsStartOnly = true;
};
};
}

View file

@ -62,6 +62,7 @@ in {
## Web
<stockholm/makefu/2configs/nginx/share-download.nix>
<stockholm/makefu/2configs/nginx/euer.test.nix>
<stockholm/makefu/2configs/nginx/euer.mon.nix>
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
<stockholm/makefu/2configs/nginx/euer.blog.nix>
# <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>

View file

@ -1,4 +1,5 @@
import <stockholm/makefu/source.nix> {
name="gum";
torrent = true;
clever_kexec = true;
}

View file

@ -50,6 +50,7 @@ in {
<stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/mail-client.nix>
<stockholm/makefu/2configs/mosh.nix>
<stockholm/makefu/2configs/tools/mobility.nix>
# <stockholm/makefu/2configs/disable_v6.nix>
#<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix>
@ -85,7 +86,7 @@ in {
<stockholm/makefu/2configs/sshd-totp.nix>
# <stockholm/makefu/2configs/logging/central-logging-client.nix>
# <stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/torrent.nix>
# <stockholm/makefu/2configs/elchos/search.nix>
# <stockholm/makefu/2configs/elchos/log.nix>
@ -100,7 +101,7 @@ in {
makefu.full-populate = true;
makefu.server.primary-itf = primaryInterface;
krebs.rtorrent = {
downloadDir = lib.mkForce "/media/crypt0/torrent";
downloadDir = lib.mkForce "/media/cryptX/torrent";
extraConfig = ''
upload_rate = 200
'';

View file

@ -52,9 +52,10 @@ in {
db = "collectd_db";
logging-interface = "enp0s25";
in {
networking.firewall.allowedTCPPorts = [ 3000 ];
services.grafana.enable = true;
services.grafana.addr = "0.0.0.0";
services.influxdb.enable = true;
services.influxdb.extraConfig = {
meta.hostname = config.krebs.build.host.name;

View file

@ -11,9 +11,8 @@
systemd.services.modemmanager = {
description = "ModemManager";
after = [ "network-manager.service" ];
bindsTo = [ "network-manager.service" ];
wantedBy = [ "network-manager.service" ];
wantedBy = [ "network-manager.service" "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
PrivateTmp = true;

View file

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
hostname = config.krebs.build.host.name;
user = config.services.nginx.user;
group = config.services.nginx.group;
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
in {
services.nginx = {
enable = mkDefault true;
virtualHosts."mon.euer.krebsco.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://wbob.r:3000/";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
};
}

View file

@ -1,10 +1,6 @@
{ pkgs, ... }:
{
nixpkgs.config.firefox = {
enableAdobeFlash = true;
};
krebs.per-user.makefu.packages = with pkgs; [
chromium
clipit

View file

@ -1,14 +1,16 @@
with import <stockholm/lib>;
host@{ name,
override ? {}
, secure ? false
, full ? false
, torrent ? false
, hw ? false
, musnix ? false
, python ? false
, unstable ? false #unstable channel checked out
, mic92 ? false
, secure ? false
, full ? false
, torrent ? false
, hw ? false
, musnix ? false
, python ? false
, unstable ? false #unstable channel checked out
, mic92 ? false
, nms ? false
, clever_kexec ?false
}:
let
builder = if getEnv "dummy_secrets" == "true"
@ -42,11 +44,15 @@ in
file = "/home/makefu/store/${ref}";
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/makefu/6tests/data/secrets>;
makefu = "/home/makefu/secrets/${name}";
secrets = getAttr builder {
buildbot.file = toString <stockholm/makefu/6tests/data/secrets>;
makefu.pass = {
inherit name;
dir = "${getEnv "HOME"}/.secrets-pass";
};
};
stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
}
@ -72,9 +78,12 @@ in
})
(mkIf ( torrent ) {
torrent-secrets.file = getAttr builder {
buildbot = toString <stockholm/makefu/6tests/data/secrets>;
makefu = "/home/makefu/secrets/torrent" ;
torrent-secrets = getAttr builder {
buildbot.file = toString <stockholm/makefu/6tests/data/secrets>;
makefu.pass = {
name = "torrent";
dir = "${getEnv "HOME"}/.secrets-pass";
};
};
})
@ -92,5 +101,19 @@ in
};
})
(mkIf ( nms ) {
nms.git = {
url = https://github.com/r-raymond/nixos-mailserver;
ref = "v2.1.2";
};
})
(mkIf ( clever_kexec ) {
clever_kexec.git = {
url = https://github.com/cleverca22/nix-tests;
ref = "5a670de7f2decfaafc95c34ffeb0f1896662f3d7";
};
})
override
]