diff options
| author | tv <tv@krebsco.de> | 2018-01-02 20:58:59 +0100 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2018-01-02 20:58:59 +0100 |
| commit | 493984d97e6deaee3d7b358724e83c59bccb212d (patch) | |
| tree | 691e019ae0b55d48a9681d9c26ae65e6c83d1d0f | |
| parent | 84fdbeba2ceee152a128f5e9013043c172c07ecf (diff) | |
| parent | e48b4eb4606f6d0ec0b930016a53e7e7cfcbfb64 (diff) | |
Merge remote-tracking branch 'prism/master'
46 files changed, 511 insertions, 228 deletions
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix index 8a647012f..ca994e996 100644 --- a/krebs/2configs/buildbot-all.nix +++ b/krebs/2configs/buildbot-all.nix @@ -9,5 +9,6 @@ with import <stockholm/lib>; krebs.ci.enable = true; krebs.ci.treeStableTimer = 1; krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts); + krebs.ci.tests = [ "deploy" ]; } diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 44743b87d..90a1a111f 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -23,7 +23,7 @@ with import <stockholm/lib>; pkgs.vaapiVdpau ]; - security.rngd.enable = true; + security.rngd.enable = mkDefault true; services.xserver = { videoDriver = "intel"; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index b56f5c543..bb19f0602 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -24,6 +24,13 @@ in List of hosts that should be build ''; }; + tests = mkOption { + type = types.listOf types.str; + default = []; + description = '' + List of tests that should be build + ''; + }; }; config = mkIf cfg.enable { @@ -56,14 +63,14 @@ in ''; scheduler = { build-scheduler = '' - # build all hosts sched.append( schedulers.SingleBranchScheduler( change_filter=util.ChangeFilter(branch_re=".*"), treeStableTimer=${toString cfg.treeStableTimer}*60, name="build-all-branches", builderNames=[ - "build-hosts" + ${optionalString (cfg.hosts != []) ''"hosts",''} + ${optionalString (cfg.tests != []) ''"tests",''} ] ) ) @@ -73,7 +80,8 @@ in schedulers.ForceScheduler( name="force", builderNames=[ - "build-hosts" + ${optionalString (cfg.hosts != []) ''"hosts",''} + ${optionalString (cfg.tests != []) ''"tests",''} ] ) ) @@ -91,7 +99,7 @@ in factory.addStep(steps.ShellCommand(**kwargs)) ''; builder = { - build-hosts = '' + hosts = mkIf (cfg.hosts != []) '' f = util.BuildFactory() f.addStep(grab_repo) @@ -120,12 +128,42 @@ in bu.append( util.BuilderConfig( - name="build-hosts", + name="hosts", slavenames=slavenames, factory=f ) ) + ''; + tests = mkIf (cfg.tests != []) '' + f = util.BuildFactory() + f.addStep(grab_repo) + def run_test(test): + addShell(f, + name="{}".format(test), + env={ + "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + }, + command=[ + "nix-build", "-I", "stockholm=.", "krebs/6tests", + "-A", "{}".format(test) + ], + timeout=90001 + ) + + ${concatMapStringsSep "\n" (test: + "run_test(\"${test}\")" + ) cfg.tests} + + bu.append( + util.BuilderConfig( + name="tests", + slavenames=slavenames, + factory=f + ) + ) ''; }; enable = true; diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index d64ed86de..6298a05a5 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -61,6 +61,15 @@ let }; }; }))); + default = { + filter.INPUT.policy = "ACCEPT"; + filter.FORWARD.policy = "ACCEPT"; + filter.OUTPUT.policy = "ACCEPT"; + nat.PREROUTING.policy = "ACCEPT"; + nat.INPUT.policy = "ACCEPT"; + nat.OUTPUT.policy = "ACCEPT"; + nat.POSTROUTING.policy = "ACCEPT"; + }; }; }; diff --git a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh index 3b4d04f80..d500b3cb3 100644 --- a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh +++ b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh @@ -2,5 +2,5 @@ set -eu printf "Sie meinten wohl \"" echo -n $@ | sed 's/Shack/shack/g' -echo "\"" +echo "\" check out https://wiki.shackspace.de/project/logo_and_ci#name_ci" echo "${_from}--" diff --git a/krebs/5pkgs/simple/bitlbee-discord/default.nix b/krebs/5pkgs/simple/bitlbee-discord/default.nix new file mode 100644 index 000000000..c01b87d6b --- /dev/null +++ b/krebs/5pkgs/simple/bitlbee-discord/default.nix @@ -0,0 +1,29 @@ +{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoreconfHook, pkgconfig, glib }: + +with stdenv.lib; +stdenv.mkDerivation rec { + name = "bitlbee-discord-2017-12-27"; + + src = fetchFromGitHub { + rev = "6a03db169ad44fee55609ecd16e19f3c0f99a182"; + owner = "sm00th"; + repo = "bitlbee-discord"; + sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95"; + }; + + nativeBuildInputs = [ autoreconfHook pkgconfig ]; + buildInputs = [ bitlbee glib ]; + + preConfigure = '' + export BITLBEE_PLUGINDIR=$out/lib/bitlbee + ./autogen.sh + ''; + + meta = { + description = "Bitlbee plugin for Discord"; + + homepage = https://github.com/sm00th/bitlbee-discord; + license = licenses.gpl2Plus; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/krebs/5pkgs/simple/fortclientsslvpn/default.nix b/krebs/5pkgs/simple/fortclientsslvpn/default.nix index cbcfab05f..1f86d6fe4 100644 --- a/krebs/5pkgs/simple/fortclientsslvpn/default.nix +++ b/krebs/5pkgs/simple/fortclientsslvpn/default.nix @@ -12,8 +12,8 @@ stdenv.mkDerivation rec { src = fetchurl { # archive.org mirror: - # https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz - url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz; + url = https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz; + # url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz; sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr"; }; phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ]; diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index 6e67ed699..a48fc0f87 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -283,27 +283,33 @@ with import <stockholm/lib>; ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out ''); - writePython2 = name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - check = pkgs.writeDash "python2check.sh" '' - exec ${pkgs.python2}/bin/python -m py_compile "$1" - ''; - inherit text; - }; - }; + writePython2 = deps: + let + py = pkgs.python2.withPackages(ps: attrVals deps ps); + in + pkgs.makeScriptWriter { + interpreter = "${py}/bin/python"; + check = pkgs.writeDash "python2check.sh" '' + exec ${pkgs.python2Packages.flake8}/bin/flake8 --show-source "$1" + ''; + }; - writePython3 = name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - check = pkgs.writeDash "python3check.sh" '' - exec ${pkgs.python3}/bin/python -m py_compile "$textPath" - ''; - inherit text; - }; - }; + writePython2Bin = d: name: + pkgs.writePython2 d "/bin/${name}"; + + writePython3 = deps: + let + py = pkgs.python3.withPackages(ps: attrVals deps ps); + in + pkgs.makeScriptWriter { + interpreter = "${py}/bin/python"; + check = pkgs.writeDash "python3check.sh" '' + exec ${pkgs.python3Packages.flake8}/bin/flake8 --show-source "$1" + ''; + }; + + writePython3Bin = d: name: + pkgs.writePython3 d "/bin/${name}"; writeSed = pkgs.makeScriptWriter { interpreter = "${pkgs.gnused}/bin/sed -f"; diff --git a/krebs/6tests/default.nix b/krebs/6tests/default.nix new file mode 100644 index 000000000..c0ca00296 --- /dev/null +++ b/krebs/6tests/default.nix @@ -0,0 +1,6 @@ +with import <stockholm/lib>; +{ ... }: + +{ + deploy = import ./deploy.nix; +} diff --git a/krebs/6tests/deploy.nix b/krebs/6tests/deploy.nix index 842bbc22a..156e9239f 100644 --- a/krebs/6tests/deploy.nix +++ b/krebs/6tests/deploy.nix @@ -1,7 +1,8 @@ with import <stockholm/lib>; -import <nixpkgs/nixos/tests/make-test.nix> ({ pkgs, ... }: +import <nixpkgs/nixos/tests/make-test.nix> ({ ... }: let + pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; }; test-config = <stockholm/krebs/6tests/data/test-config.nix>; privKey = '' -----BEGIN OPENSSH PRIVATE KEY----- @@ -41,15 +42,12 @@ let cd ${<stockholm>} export NIX_PATH=stockholm=${<stockholm>}:nixpkgs=${<nixpkgs>}:$NIX_PATH exec >&2 - : ${minimalSystem} source=${pkgs.writeJSON "source.json" populate-source} - cat > /tmp/derp <<EOF - builtins.fromJSON (builtins.readFile "$source") - EOF LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source" + # TODO: make deploy work #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \ # --force-populate \ - # --source=/tmp/derp \ + # --source=${./data/test-source.nix} \ # --system=server \ ''; minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> { @@ -70,22 +68,20 @@ in { imports = [ test-config ]; environment.variables = { NIX_PATH = mkForce "nixpkgs=${<nixpkgs>}"; - #LOL = minimalSystem; }; services.openssh.enable = true; users.extraUsers.root.openssh.authorizedKeys.keys = [ pubKey ]; - #virtualisation.writableStore = true; virtualisation.pathsInNixDB = [ minimalSystem - pkgs.stockholm ]; + environment.systemPackages = [ pkgs.git ]; }; client = - { config, pkgs, ... }: { }; - + { config, pkgs, ... }: + { }; }; testScript = '' diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 8bd9735a9..fc30a3478 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -120,8 +120,6 @@ with import <stockholm/lib>; ]; }; - programs.ssh.startAgent = lib.mkForce true; - services.tlp.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 1cca76331..593a1fc9c 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -234,8 +234,7 @@ in { } <stockholm/lass/2configs/exim-smarthost.nix> <stockholm/lass/2configs/ts3.nix> - <stockholm/lass/2configs/bitlbee.nix> - <stockholm/lass/2configs/weechat.nix> + <stockholm/lass/2configs/IM.nix> <stockholm/lass/2configs/privoxy-retiolum.nix> <stockholm/lass/2configs/radio.nix> <stockholm/lass/2configs/repo-sync.nix> diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix new file mode 100644 index 000000000..b94cb0634 --- /dev/null +++ b/lass/2configs/IM.nix @@ -0,0 +1,57 @@ +with (import <stockholm/lib>); +{ config, lib, pkgs, ... }: + +let + tmux = pkgs.writeDash "tmux" '' + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' + set-option -g prefix ` + unbind-key C-b + bind ` send-prefix + + set-option -g status off + set-option -g default-terminal screen-256color + + #use session instead of windows + bind-key c new-session + bind-key p switch-client -p + bind-key n switch-client -n + bind-key C-s switch-client -l + ''} "$@" + ''; +in { + + users.extraUsers.chat = { + home = "/home/chat"; + uid = genid "chat"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + lass-shodan.pubkey + lass-icarus.pubkey + lass-android.pubkey + ]; + }; + + # mosh + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + { predicate = "-p tcp --dport 9999"; target = "ACCEPT";} + ]; + + systemd.services.chat = { + description = "chat environment setup"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = false; + + serviceConfig = { + User = "chat"; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; + ExecStop = "${tmux} kill-session -t IM"; + }; + }; +} diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 6f5533b0d..59ea0ecb7 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -53,7 +53,7 @@ in { time.timeZone = "Europe/Berlin"; - programs.ssh.startAgent = false; + programs.ssh.startAgent = true; services.openssh.forwardX11 = true; services.printing = { diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix deleted file mode 100644 index b23628dc5..000000000 --- a/lass/2configs/bitlbee.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.bitlbee = { - enable = true; - portNumber = 6666; - plugins = [ - pkgs.bitlbee-facebook - pkgs.bitlbee-steam - ]; - }; -} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 0e00dc2fd..c68aee330 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -1,5 +1,5 @@ -{ config, pkgs, ... }: with import <stockholm/lib>; +{ config, pkgs, ... }: { imports = [ ../2configs/binary-cache/client.nix @@ -78,7 +78,7 @@ with import <stockholm/lib>; users.mutableUsers = false; - services.timesyncd.enable = true; + services.timesyncd.enable = mkForce true; #why is this on in the first place? services.nscd.enable = false; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 2d848773f..94191fcb7 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -49,6 +49,11 @@ with import <stockholm/lib>; { from = "aliexpress@lassul.us"; to = lass.mail; } { from = "business@lassul.us"; to = lass.mail; } { from = "payeer@lassul.us"; to = lass.mail; } + { from = "github@lassul.us"; to = lass.mail; } + { from = "bitwala@lassul.us"; to = lass.mail; } + { from = "bitstamp@lassul.us"; to = lass.mail; } + { from = "bitcoin.de@lassul.us"; to = lass.mail; } + { from = "ableton@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 61cc7cfe0..2541df3a6 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -21,6 +21,7 @@ with import <stockholm/lib>; -XFlexibleInstances -XMultiParamTypeClasses \ -XOverloadedStrings -XFunctionalDependencies \''; in [ + sed-plugin url-title (buildSimpleReaktorPlugin "lambdabot-pl" { pattern = "^@pl (?P<args>.*)$$"; @@ -64,8 +65,7 @@ with import <stockholm/lib>; }) (buildSimpleReaktorPlugin "random-unicorn-porn" { pattern = "^!rup$$"; - script = pkgs.writePython2 "rup" '' - #!${pkgs.python2}/bin/python + script = pkgs.writePython2 [] "rup" '' t1 = """ _. ;=',_ () diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index f6c736fbc..5fe9e1450 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -103,7 +103,6 @@ let cnoreabbrev Ack Ack! " copy/paste from/to xclipboard - noremap x "_x set clipboard=unnamedplus ''; diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix deleted file mode 100644 index d5496ac09..000000000 --- a/lass/2configs/weechat.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import <stockholm/lib>) genid; -in { - krebs.per-user.chat.packages = with pkgs; [ - mosh - weechat - ]; - - users.extraUsers.chat = { - home = "/home/chat"; - uid = genid "chat"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - lass-shodan.pubkey - lass-icarus.pubkey - lass-android.pubkey - ]; - }; - - # mosh - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} - ]; - - #systemd.services.chat = { - # description = "chat environment setup"; - # after = [ "network.target" ]; - # wantedBy = [ "multi-user.target" ]; - - # path = with pkgs; [ - # weechat - # tmux - # ]; - - # restartIfChanged = true; - - # serviceConfig = { - # User = "chat"; - # Restart = "always"; - # ExecStart = "${pkgs.tmux}/bin/tmux new -s IM weechat"; - # }; - #}; -} diff --git a/lass/3modules/news.nix b/lass/3modules/news.nix index 06b80df8d..b6061736c 100644 --- a/lass/3modules/news.nix +++ b/lass/3modules/news.nix @@ -38,7 +38,7 @@ let }; ircServer = mkOption { type = types.str; - default = "echelon.r"; + default = "localhost"; description = "to which server the bot should connect"; }; }; diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index d3f76903d..2dd352bd4 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -66,7 +66,7 @@ main' = do { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook - , manageHook = placeHook (smart (1,0)) <+> floatNextHook + , manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks , startupHook = whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) (\path -> forkFile path [] Nothing) @@ -80,6 +80,14 @@ myLayoutHook = defLayout where defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat) +floatHooks = composeAll . concat $ + [ [ title =? t --> doFloat | t <- myTitleFloats] + , [ className =? c --> doFloat | c <- myClassFloats ] ] + where + myTitleFloats = [] -- for the KDE "open link" popup from konsole + myClassFloats = ["Pinentry"] -- for gpg passphrase entry + + myKeyMap :: [([Char], X ())] myKeyMap = [ ("M4-<F11>", spawn "${config.lass.screenlock.command}") diff --git a/lass/source.nix b/lass/source.nix index de7351604..473dd2cf2 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "53e6d67"; + ref = "3aec59c"; }; secrets = getAttr builder { buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>; diff --git a/makefu/1systems/fileleech/config.nix b/makefu/1systems/fileleech/config.nix index b5ec370a5..e36afecd5 100644 --- a/makefu/1systems/fileleech/config.nix +++ b/makefu/1systems/fileleech/config.nix @@ -6,18 +6,18 @@ let rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; rootPartition = rootDisk + "-part3"; - dataDisks = let - idpart = dev: byid dev + "-part1"; - in [ - { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";} - { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";} - { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";} - { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";} - { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";} - { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";} - { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";} - { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity - ]; + dataDisks = let + idpart = dev: byid dev + "-part1"; + in [ + { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";} + { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";} + { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";} + { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";} + { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";} + { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";} + { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";} + { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity + ]; disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks; in { @@ -25,13 +25,13 @@ in { <stockholm/makefu> <stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/disable_v6.nix> - # <stockholm/makefu/2configs/torrent.nix> + <stockholm/makefu/2configs/torrent.nix> <stockholm/makefu/2configs/fs/sda-crypto-root.nix> #<stockholm/makefu/2configs/elchos/irc-token.nix> - <stockholm/makefu/2configs/elchos/log.nix> - <stockholm/makefu/2configs/elchos/search.nix> - <stockholm/makefu/2configs/elchos/stats.nix> + # <stockholm/makefu/2configs/elchos/log.nix> + # <stockholm/makefu/2configs/elchos/search.nix> + # <stockholm/makefu/2configs/elchos/stats.nix> ]; systemd.services.grafana.serviceConfig.LimitNOFILE=10032; @@ -42,8 +42,8 @@ in { enable = true; build.host = config.krebs.hosts.fileleech; }; - # git clone https://github.com/makefu/docker-pyload - # docker build . + # git clone https://github.com/makefu/docker-pyload + # docker build . # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload virtualisation.docker.enable = true; # for pyload @@ -60,7 +60,7 @@ in { ]; services.nginx.virtualHosts._download = { default = true; - root = "/media/cryptX"; + root = config.makefu.dl-dir; extraConfig = '' autoindex on; ''; @@ -80,10 +80,11 @@ in { services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + # TODO use users.motd and pam.services.sshd.showMotd services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" '' Services: - ssh://download@fileleech - ssh via filebitch.shack - ftp://download@fileleech - access to /media/cryptX + ssh://download@fileleech - ssh via filebitch + ftp://download@fileleech - access to ${config.makefu.dl-dir} http://fileleech:8112 - rutorrent http://fileleech:8113 - pyload https://fileleech:9090 - sabnzb @@ -104,13 +105,13 @@ in { cryptMount = name: { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; in cryptMount "crypt0" - // cryptMount "crypt1" - // cryptMount "crypt2" - // cryptMount "crypt3" - // cryptMount "crypt4" - // cryptMount "crypt5" - // cryptMount "crypt6" - // cryptMount "crypt7" + // cryptMount "crypt1" + // cryptMount "crypt2" + // cryptMount "crypt3" + // cryptMount "crypt4" + // cryptMount "crypt5" + // cryptMount "crypt6" + // cryptMount "crypt7" # this entry sometimes creates issues // { "/media/cryptX" = { @@ -121,10 +122,10 @@ in { } ; + makefu.dl-dir = "/media/cryptX"; users.users.download = { useDefaultShell = true; # name = "download"; - home = "/media/cryptX/"; # createHome = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey @@ -132,7 +133,7 @@ in { "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClaVl9Fwp4wdGLeTZdfy5MpJf+hM6fpL1k6UmtYXWgVYU7tgmStdlpLlbyMQspoFRtT7/76n4kPwCmM0c82xNXaJJMuWa98pwMp+bAwSSdOGAP/vjfzL/TUAX+Xtrw6ehF7r1O+zqw/E/bWt6UezKj08wDLWjByzdDQwslJV6lrGek4mmYRdgmHHeZ1oG89ePEZJZOM6jcZqv0AfIj0NID3ir9Z0kz9uSSXb1279Qt4953mfjs5xwhtc1B7vrxJ3qtTZUsBoAkUkLeulUEIjkfn60wvDGu/66GP5ZClXyk2gck/ZNmtFYrQoqx9EtF1KK02cC17A0nfRySQy5BnfWn root@filebitch" ]; }; @@ -142,15 +143,19 @@ in { parity = toMapper 7; }; networking.nameservers = [ "8.8.8.8" ]; - #networking.interfaces.enp6s0f0.ip4 = [{ - # address = "151.217.173.20"; - # prefixLength = 22; - #}]; - #networking.defaultGateway = "151.217.172.1"; + # SPF + networking.defaultGateway = "151.217.176.1"; + networking.interfaces.enp6s0f0.ip4 = [{ + address = "151.217.178.63"; + prefixLength = 22; + }]; + + # Gigabit networking.interfaces.enp8s0f1.ip4 = [{ address = "192.168.126.1"; prefixLength = 24; }]; + #interfaces.enp6s0f1.ip4 = [{ # address = external-ip; # prefixLength = 22; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index b66ef1ab8..1fe0b62f9 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -48,9 +48,15 @@ in { <stockholm/makefu/2configs/share/gum.nix> # <stockholm/makefu/2configs/sabnzbd.nix> <stockholm/makefu/2configs/torrent.nix> - <stockholm/makefu/2configs/iodined.nix> + <stockholm/makefu/2configs/mosh.nix> + + # network <stockholm/makefu/2configs/vpn/openvpn-server.nix> + <stockholm/makefu/2configs/vpn/vpnws/server.nix> <stockholm/makefu/2configs/dnscrypt/server.nix> + <stockholm/makefu/2configs/iodined.nix> + + # buildbot <stockholm/makefu/2configs/remote-build/slave.nix> ## Web @@ -103,15 +109,16 @@ in { #} { # wireguard server networking.firewall.allowedUDPPorts = [ 51820 ]; - #networking.wireguard.interfaces.wg0 = { - # ips = [ "10.244.0.1/24" ]; - # privateKeyFile = (toString <secrets>) + "/wireguard.key"; - # allowedIPsAsRoutes = true; - # peers = [{ - # allowedIPs = [ "0.0.0.0/0" "::/0" ]; - # publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - # }]; - #}; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.1/24" ]; + privateKeyFile = (toString <secrets>) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [{ + # allowedIPs = [ "0.0.0.0/0" "::/0" ]; + allowedIPs = [ "10.244.0.2/32" ]; + publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + }]; + }; } ]; diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 4af87dc10..aaecebadc 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -47,6 +47,7 @@ in { <stockholm/makefu/2configs/exim-retiolum.nix> <stockholm/makefu/2configs/smart-monitor.nix> <stockholm/makefu/2configs/mail-client.nix> + <stockholm/makefu/2configs/mosh.nix> # <stockholm/makefu/2configs/disable_v6.nix> #<stockholm/makefu/2configs/graphite-standalone.nix> #<stockholm/makefu/2configs/share-user-sftp.nix> diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index f71634501..f318c0e61 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -3,37 +3,57 @@ krebs.build.host = config.krebs.hosts.vbob; makefu.awesome.modkey = "Mod1"; imports = - [ # Include the results of the hardware scan. + [ <stockholm/makefu> - (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>) - (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>) + { + imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ]; + boot.loader.grub.device = "/dev/vda"; + } + # { + # imports = [ + # <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix> + # ]; + # virtualbox.baseImageSize = 35 * 1024; + # fileSystems."/media/share" = { + # fsType = "vboxsf"; + # device = "share"; + # options = [ "rw" "uid=9001" "gid=9001" ]; + # }; + # } + + # { + # imports = [ + # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> + # ]; + # fileSystems."/nix" = { + # device ="/dev/disk/by-label/nixstore"; + # fsType = "ext4"; + # }; + # } + + # base gui - <stockholm/makefu/2configs/main-laptop.nix> + # <stockholm/makefu/2configs/main-laptop.nix> + # <stockholm/makefu/2configs/tools/core-gui.nix> + + <stockholm/makefu/2configs/zsh-user.nix> # security <stockholm/makefu/2configs/sshd-totp.nix> # Tools <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/tools/core-gui.nix> <stockholm/makefu/2configs/tools/dev.nix> - <stockholm/makefu/2configs/tools/extra-gui.nix> - <stockholm/makefu/2configs/tools/sec.nix> + # <stockholm/makefu/2configs/tools/extra-gui.nix> + # <stockholm/makefu/2configs/tools/sec.nix> # environment <stockholm/makefu/2configs/tinc/retiolum.nix> - <stockholm/makefu/2configs/audio/jack-on-pulse.nix> - <stockholm/makefu/2configs/audio/realtime-audio.nix> - ]; networking.extraHosts = import (toString <secrets/extra-hosts.nix>); nixpkgs.config.allowUnfree = true; - fileSystems."/nix" = { - device ="/dev/disk/by-label/nixstore"; - fsType = "ext4"; - }; # allow vbob to deploy self users.extraUsers = { @@ -45,9 +65,13 @@ environment.shellAliases = { forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; }; - # TODO: for forticleintsslpn - # ln -s /r/current-system/sw/bin/pppd /usr/sbin/pppd - # ln -s /r/current-system/sw/bin/tail /usr/bin/tail + + system.activationScripts.prepare-fortclientvpnssl = '' + # TODO: for forticlientsslpn + mkdir -p /usr/{s,}bin + ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd + ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail + ''; environment.systemPackages = with pkgs;[ fortclientsslvpn ppp xclip get @@ -55,7 +79,6 @@ # docker #devpi-web #devpi-client - debmirror ansible ]; # virtualisation.docker.enable = true; @@ -67,10 +90,5 @@ 8010 ]; - fileSystems."/media/share" = { - fsType = "vboxsf"; - device = "share"; - options = [ "rw" "uid=9001" "gid=9001" ]; - }; } diff --git a/makefu/1systems/vbob/source.nix b/makefu/1systems/vbob/source.nix index 5b726e40b..5419215e2 100644 --- a/makefu/1systems/vbob/source.nix +++ b/makefu/1systems/vbob/source.nix @@ -1,4 +1,4 @@ import <stockholm/makefu/source.nix> { name="vbob"; - musnix = true; + # musnix = true; } diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index c30ee4c58..f44211b93 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -32,10 +32,13 @@ in { <stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/share/wbob.nix> + # Sensors <stockholm/makefu/2configs/stats/telegraf> <stockholm/makefu/2configs/deployment/led-fader.nix> <stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/telegraf/airsensor.nix> + # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix> + <stockholm/makefu/2configs/deployment/bureautomation> (let collectd-port = 25826; diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 1dd1a070f..3686acb6e 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -60,7 +60,6 @@ with import <stockholm/lib>; # Hardware <stockholm/makefu/2configs/hw/tp-x230.nix> <stockholm/makefu/2configs/hw/rtl8812au.nix> - <stockholm/makefu/2configs/hw/exfat-nofuse.nix> <stockholm/makefu/2configs/hw/wwan.nix> # <stockholm/makefu/2configs/hw/stk1160.nix> # <stockholm/makefu/2configs/rad1o.nix> diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix index 6dc17b656..6278877c3 100644 --- a/makefu/1systems/x/source.nix +++ b/makefu/1systems/x/source.nix @@ -1,5 +1,7 @@ import <stockholm/makefu/source.nix> { name="x"; full = true; + python = true; + hw = true; # torrent = true; } diff --git a/makefu/2configs/hw/exfat-nofuse.nix b/makefu/2configs/hw/exfat-nofuse.nix deleted file mode 100644 index ca3485e9f..000000000 --- a/makefu/2configs/hw/exfat-nofuse.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, ... }: -{ - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; -} diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix index 14572b35c..ec4e05d1b 100644 --- a/makefu/2configs/hw/tp-x230.nix +++ b/makefu/2configs/hw/tp-x230.nix @@ -3,38 +3,14 @@ with import <stockholm/lib>; { - imports = [ ./tp-x2x0.nix ]; - boot = { - # tp-smapi is not supported bt x230 anymore - kernelModules = [ - "kvm-intel" - "thinkpad_ec" - "acpi_call" - # "thinkpad_acpi" - # "tpm-rng" - ]; - extraModulePackages = [ - config.boot.kernelPackages.acpi_call - ]; - # support backlight adjustment - kernelParams = [ "acpi_osi=Linux" "acpi_backlight=vendor" ]; - }; + imports = [ ./tp-x2x0.nix <nixos-hardware/lenovo/thinkpad/x230> ]; # configured media keys inside awesomerc # sound.mediaKeys.enable = true; hardware.bluetooth.enable = true; - services.acpid.enable = true; - hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; - services.xserver = { - videoDriver = "intel"; - deviceSection = '' - Option "AccelMethod" "sna" - Option "Backlight" "intel_backlight" - ''; - }; - - security.rngd.enable = true; + # possible i915 powersave options: + # options i915 enable_rc6=1 enable_fbc=1 semaphores=1 services.xserver.displayManager.sessionCommands ='' xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 81c4bf4c8..f33c12a8f 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -5,6 +5,11 @@ with import <stockholm/lib>; imports = [ ./tpm.nix ]; + + boot.kernelModules = [ + "kvm-intel" + ]; + networking.wireless.enable = lib.mkDefault true; hardware.enableAllFirmware = true; @@ -17,6 +22,8 @@ with import <stockholm/lib>; # enable synaptics so we can easily disable the touchpad # enable the touchpad with `synclient TouchpadOff=0` + + services.xserver.libinput.enable = false; services.xserver.synaptics = { enable = true; additionalOptions = ''Option "TouchpadOff" "1"''; diff --git a/makefu/2configs/mosh.nix b/makefu/2configs/mosh.nix new file mode 100644 index 000000000..1c2e34e0b --- /dev/null +++ b/makefu/2configs/mosh.nix @@ -0,0 +1,3 @@ +{ + programs.mosh.enable = true; +} diff --git a/makefu/2configs/remote-build/master.nix b/makefu/2configs/remote-build/master.nix index 4ad2c5ed8..2a2c68119 100644 --- a/makefu/2configs/remote-build/master.nix +++ b/makefu/2configs/remote-build/master.nix @@ -8,7 +8,7 @@ in { { inherit hostName sshKey; sshUser = "nixBuild"; system = "x86_64-linux"; - maxJobs = 1; - }) [ "omo.r" "gum.r" "latte.r" ]; - # puyak.r "wbob.r" + maxJobs = 8; + }) [ "hotdog.r" ]; + # puyak.r "wbob.r" "omo.r" "gum.r" "latte.r" } diff --git a/makefu/2configs/stats/telegraf/airsensor.nix b/makefu/2configs/stats/telegraf/airsensor.nix index 09d23e7d4..9d481000f 100644 --- a/makefu/2configs/stats/telegraf/airsensor.nix +++ b/makefu/2configs/stats/telegraf/airsensor.nix @@ -1,11 +1,36 @@ { pkgs, ...}: - -{ +let + genTopic = name: topic: tags: { + servers = [ "tcp://localhost:1883" ]; + qos = 0; + connection_timeout = "30s"; + topics = [ topic ]; + tags = tags; + persistent_session = false; + name_override = name; + data_format = "value"; + data_type = "float"; + }; + bamStat = stat: # Temperature or Humidity + host: # easy{1-4} + sensor: # dht11, dht22, ds18 + (genTopic stat + "/bam/${host}/${sensor}/${stat}" + {"host" = host; + "scope" = "bam"; + "sensor" = sensor; + } ); + dht22 = host: [(bamStat "Temperature" host "dht22") + (bamStat "Humidity" host "dht22")]; + dht11 = host: [(bamStat "Temperature" host "dht11") + (bamStat "Humidity" host "dht11")]; + ds18 = host: [(bamStat "Temperature" host "ds18")]; +in { services.udev.extraRules = '' SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input" ''; users.users.telegraf.extraGroups = [ "input" ]; - services.telegraf.extraConfig.inputs.exec = [ + services.telegraf.extraConfig.inputs.exec = [ { commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"]; timeout = "10s"; @@ -16,4 +41,9 @@ tags.unit="VOC"; } ]; + services.telegraf.extraConfig.inputs.mqtt_consumer = + (dht22 "easy1") + ++ (dht22 "easy2") + ++ (dht11 "easy3") + ++ (ds18 "easy3"); } diff --git a/makefu/2configs/stats/telegraf/bamstats.nix b/makefu/2configs/stats/telegraf/bamstats.nix new file mode 100644 index 000000000..ae5301204 --- /dev/null +++ b/makefu/2configs/stats/telegraf/bamstats.nix @@ -0,0 +1,35 @@ +{ pkgs, ...}: + +let + genTopic = name: topic: tags: { + servers = [ "tcp://localhost:1883" ]; + qos = 0; + connection_timeout = "30s"; + topics = [ topic ]; + tags = tags; + persistent_session = false; + name_override = name; + data_format = "value"; + data_type = "float"; + }; + bamStat = stat: # Temperature or Humidity + host: # easy{1-4} + sensor: # dht11, dht22, ds18 + (genTopic stat + "/bam/${host}/${sensor}/${stat}" + {"host" = host; + "scope" = "bam"; + "sensor" = sensor; + } ); + dht22 = host: [(bamStat "Temperature" host "dht22") + (bamStat "Humidity" host "dht22")]; + dht11 = host: [(bamStat "Temperature" host "dht11") + (bamStat "Humidity" host "dht11")]; + ds18 = host: [(bamStat "Temperature" host "ds18")]; +in { + services.telegraf.extraConfig.inputs.mqtt_consumer = + (dht22 "easy1") + ++ (dht22 "easy2") + ++ (dht11 "easy3") + ++ (ds18 "easy3"); +} diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index 7755e2872..1ac22e34c 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -7,6 +7,7 @@ ./extra-gui.nix ./games.nix ./media.nix + ./mobility.nix ./scanner-tools.nix ./sec.nix ./sec-gui.nix diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 26e9808b2..04a65df26 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -2,8 +2,9 @@ { users.users.makefu.packages = with pkgs;[ - python3Packages.virtualenv + python3 python3Packages.pyserial + python3Packages.virtualenv # embedded gi flashrom @@ -20,5 +21,7 @@ gen-oath-safe cdrtools stockholm + # git-related + tig ]; } diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix new file mode 100644 index 000000000..1993a5212 --- /dev/null +++ b/makefu/2configs/tools/mobility.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: +{ + users.users.makefu.packages = with pkgs;[ + go-mtpfs + mosh + ]; + + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; +} diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix index d063ad3e3..a076479c2 100644 --- a/makefu/2configs/torrent.nix +++ b/makefu/2configs/torrent.nix @@ -8,13 +8,13 @@ let peer-port = 51412; web-port = 8112; daemon-port = 58846; - dl-dir = config.makefu.dl-dir; + torrent-dir = config.makefu.dl-dir; in { users.users = { download = { name = "download"; - home = dl-dir; + home = torrent-dir; uid = mkDefault (genid "download"); createHome = true; useDefaultShell = true; @@ -26,9 +26,9 @@ in { # todo: race condition, do this after download user has been created system.activationScripts."download-dir-chmod" = '' for i in finished watch torrents; do - mkdir -p "${dl-dir}/$i" - chown download:download "${dl-dir}/$i" - chmod 770 "${dl-dir}/$i" + mkdir -p "${torrent-dir}/$i" + chown download:download "${torrent-dir}/$i" + chmod 770 "${torrent-dir}/$i" done ''; @@ -54,9 +54,8 @@ in { rutorrent.enable = true; enableXMLRPC = true; listenPort = peer-port; - downloadDir = dl-dir + "/finished"; + workDir = torrent-dir; # dump old torrents into watch folder to have them re-added - watchDir = dl-dir +"/watch"; }; networking.firewall.extraCommands = '' diff --git a/makefu/2configs/vpn/vpnws/client.nix b/makefu/2configs/vpn/vpnws/client.nix new file mode 100644 index 000000000..d06bc27db --- /dev/null +++ b/makefu/2configs/vpn/vpnws/client.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + users.users.makefu.packages = with pkgs; [ iproute vpn-ws ]; + # vpn-ws-client vpnws wss://localhost/vpn --no-verify --exec "ip link set vpnws up;ip addr add 10.244.1.2/24 dev vpnws" + networking.interfaces.vpnws = { + virtual = true; + virtualType = "tap"; + }; +} diff --git a/makefu/2configs/vpn/vpnws/server.nix b/makefu/2configs/vpn/vpnws/server.nix new file mode 100644 index 000000000..6baa5ff11 --- /dev/null +++ b/makefu/2configs/vpn/vpnws/server.nix @@ -0,0 +1,42 @@ +{pkgs, options, ... }: +let + pkg = pkgs.vpn-ws; + uid = "nginx"; + gid = "nginx"; + ip = "${pkgs.iproute}/bin/ip"; + socket = "/run/vpn.sock"; + htpasswd = (toString <secrets>) + "/vpn-ws-auth"; + nginx-prepared-secrets = "/var/spool/nginx/vpn-ws-auth"; +in { + systemd.services.vpn-ws-auth-prepare = { + wantedBy = [ "multi-user.target" ]; + before = [ "nginx.service" ]; + script = "install -m700 -o${uid} -g${gid} ${htpasswd} ${nginx-prepared-secrets}"; + }; + services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = { + extraConfig = '' + auth_basic "please stand by..."; + auth_basic_user_file ${nginx-prepared-secrets}; + uwsgi_pass unix:${socket}; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; + }; + + networking.interfaces.vpnws = { + virtual = true; + virtualType = "tap"; + }; + systemd.services.vpnws = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Restart = "always"; + PrivateTmp = true; + ExecStartPre = pkgs.writeDash "vpnws-pre" '' + ${ip} link set vpnws up + ${ip} addr add 10.244.1.1/24 dev vpnws || : + ''; + ExecStart = "${pkg}/bin/vpn-ws --uid ${uid} --gid ${gid} --tuntap vpnws ${socket}"; + }; + }; +} diff --git a/makefu/5pkgs/vpn-ws/default.nix b/makefu/5pkgs/vpn-ws/default.nix new file mode 100644 index 000000000..1f2e45fe4 --- /dev/null +++ b/makefu/5pkgs/vpn-ws/default.nix @@ -0,0 +1,30 @@ +{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, openssl }: +stdenv.mkDerivation rec { + pname = "vpn-ws"; + version = "9d0e866"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "unbit"; + repo = "vpn-ws"; + rev = version; + sha256 = "0k7338xxvg1k988zz3nb681nsqmfiik9bnkk7jmxjz7j0wfwq8nj"; + }; + + patchPhase = '' + sed -i 's/-Werror//' Makefile + ''; + + installPhase = '' + mkdir -p $out/bin + cp vpn-ws vpn-ws-client $out/bin + ''; + + buildInputs = [ openssl.dev ]; + + meta = { + homepage = https://github.com/unbit/vpn-ws; + description = "A VPN system over websockets"; + license = lib.licenses.mit; + }; +} diff --git a/makefu/source.nix b/makefu/source.nix index ce5855430..fde1d9680 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -4,7 +4,9 @@ host@{ name, secure ? false, full ? false, torrent ? false, - musnix ? false + hw ? false, + musnix ? false, + python ? false }: let builder = if getEnv "dummy_secrets" == "true" @@ -45,6 +47,20 @@ in ref = "d8b989f"; }; }) + + (mkIf ( hw ) { + nixos-hardware.git = { + url = https://github.com/nixos/nixos-hardware.git; + ref = "8a05dc9"; + }; + }) + + (mkIf ( python ) { + python.git = { + url = https://github.com/garbas/nixpkgs-python; + ref = "cac319b"; + }; + }) (mkIf ( torrent ) { torrent-secrets.file = getAttr builder { buildbot = toString <stockholm/makefu/6tests/data/secrets>; |