diff options
Diffstat (limited to 'makefu')
34 files changed, 485 insertions, 814 deletions
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index 66ea2ce90..2d008cee6 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -9,28 +9,35 @@ [ # Include the results of the hardware scan. ../2configs/fs/single-partition-ext4.nix ../2configs/tinc-basic-retiolum.nix + ../2configs/smart-monitor.nix ]; krebs.build.host = config.krebs.hosts.filepimp; - + services.smartd.devices = [ + { device = "/dev/sda"; } + { device = "/dev/sdb"; } + { device = "/dev/sdc"; } + { device = "/dev/sdd"; } + { device = "/dev/sde"; } + ]; # AMD N54L boot = { - loader.grub.device = "/dev/sda"; + loader.grub.device = "/dev/sde"; initrd.availableKernelModules = [ - "usb_storage" "ahci" - "xhci_hcd" - "ata_piix" - "uhci_hcd" + "ohci_pci" "ehci_pci" + "pata_atiixp" + "usb_storage" + "usbhid" ]; - kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; }; - hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; - networking.firewall.allowPing = true; + zramSwap.enable = true; + zramSwap.numDevices = 2; } diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 417a020fa..ac7524506 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -6,18 +6,22 @@ let internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; in { imports = [ - # TODO: copy this config or move to krebs ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix ../2configs/fs/simple-swap.nix ../2configs/fs/single-partition-ext4.nix + ../2configs/smart-monitor.nix # ../2configs/iodined.nix ../2configs/git/cgit-retiolum.nix ../2configs/mattermost-docker.nix ../2configs/nginx/euer.test.nix - ]; + ../2configs/exim-retiolum.nix + ../2configs/urlwatch.nix + + ]; + services.smartd.devices = [ { device = "/dev/sda";} ]; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; ###### stable @@ -28,6 +32,9 @@ in { ListenAddress = ${external-ip} 655 ListenAddress = ${external-ip} 21031 ''; + krebs.nginx.servers.cgit.server-names = [ + "cgit.euer.krebsco.de" + ]; # Chat environment.systemPackages = with pkgs;[ diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 6ae79398a..552af4e4f 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -2,36 +2,110 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, ... }: - -{ +{ config, pkgs, lib, ... }: +let + byid = dev: "/dev/disk/by-id/" + dev; + keyFile = "/dev/disk/by-id/usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; + rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; + homePartition = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3"; + # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 + # cryptsetup luksAddKey $dev tmpkey + # cryptsetup luksOpen $dev crypt0 + # mkfs.xfs /dev/mapper/crypt0 -L crypt0 + cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; + cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; + cryptDisk2 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WCAZA5548487"; + # all physical disks + allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ]; +in { imports = - [ # Include the results of the hardware scan. + [ + # TODO: unlock home partition via ssh ../2configs/fs/single-partition-ext4.nix ../2configs/tinc-basic-retiolum.nix + ../2configs/zsh-user.nix ../2configs/exim-retiolum.nix + ../2configs/smart-monitor.nix + ../2configs/mail-client.nix + ../2configs/share-user-sftp.nix + ../2configs/nginx/omo-share.nix + ../3modules ]; + # services.openssh.allowSFTP = false; krebs.build.host = config.krebs.hosts.omo; + krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; + + # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/ + services.sabnzbd.enable = true; + systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + + # HDD Array stuff + services.smartd.devices = builtins.map (x: { device = x; }) allDisks; + + makefu.snapraid = let + toMapper = id: "/media/crypt${builtins.toString id}"; + in { + enable = true; + disks = map toMapper [ 0 1 ]; + parity = toMapper 2; + }; + fileSystems = let + cryptMount = name: + { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; + in { + "/home" = { + device = "/dev/mapper/home"; + fsType = "ext4"; + }; + } // cryptMount "crypt0" + // cryptMount "crypt1" + // cryptMount "crypt2"; + + powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' + ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} + ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} + ${pkgs.hdparm}/sbin/hdparm -y ${disk} + '') allDisks); - # AMD E350 boot = { - loader.grub.device = "/dev/sda"; + initrd.luks = { + devices = let + usbkey = name: device: { + inherit name device keyFile; + keyFileSize = 4096; + }; + in [ + (usbkey "home" homePartition) + (usbkey "crypt0" cryptDisk0) + (usbkey "crypt1" cryptDisk1) + (usbkey "crypt2" cryptDisk2) + ]; + }; + loader.grub.device = rootDisk; initrd.availableKernelModules = [ - "usb_storage" "ahci" - "xhci_hcd" - "ata_piix" - "uhci_hcd" + "ohci_pci" "ehci_pci" + "pata_atiixp" + "firewire_ohci" + "usb_storage" + "usbhid" ]; - kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; }; + networking.firewall.allowedUDPPorts = [ 655 ]; + # 8080: sabnzbd + networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; + hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; - networking.firewall.allowPing = true; + zramSwap.enable = true; + zramSwap.numDevices = 2; + + } diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 161bfa3e9..51c124bbe 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -1,62 +1,51 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - +# Usage: +# NIX_PATH=secrets=/home/makefu/secrets/wry:nixpkgs=/var/src/nixpkgs nix-build -A users.makefu.pnp.config.system.build.vm +# result/bin/run-pnp-vm -virtfs local,path=/home/makefu/secrets/pnp,security_model=none,mount_tag=secrets { config, pkgs, ... }: { imports = - [ # Include the results of the hardware scan. - # Base + [ ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix + ../../krebs/3modules/Reaktor.nix - # HW/FS - - # enables virtio kernel modules in initrd + # these will be overwritten by qemu-vm.nix but will be used if the system + # is directly deployed <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/fs/vm-single-partition.nix - # Services - ../2configs/git/cgit-retiolum.nix - - ## Reaktor - ## \/ are only plugins, must enable Reaktor explicitly - ../2configs/Reaktor/stockholmLentil.nix - ../2configs/Reaktor/simpleExtend.nix - ../2configs/Reaktor/random-emoji.nix - ../2configs/Reaktor/titlebot.nix - ../2configs/Reaktor/shack-correct.nix - - ../2configs/exim-retiolum.nix - ../2configs/urlwatch.nix - - # ../2configs/graphite-standalone.nix + # config.system.build.vm + <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> ]; - krebs.urlwatch.verbose = true; - krebs.Reaktor.enable = true; - krebs.Reaktor.debug = true; - krebs.Reaktor.nickname = "Reaktor|bot"; - krebs.Reaktor.extraEnviron = { - REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace"; + virtualisation.graphics = false; + # also export secrets, see Usage above + fileSystems = pkgs.lib.mkVMOverride { + "${builtins.toString <secrets>}" = + { device = "secrets"; + fsType = "9p"; + options = "trans=virtio,version=9p2000.L,cache=loose"; + neededForBoot = true; + }; + }; + + krebs.Reaktor = { + enable = true; + debug = true; + extraEnviron = { + REAKTOR_HOST = "cd.retiolum"; + }; + plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ]; + channels = [ "#retiolum" ]; }; krebs.build.host = config.krebs.hosts.pnp; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; - networking.firewall.allowedTCPPorts = [ - # nginx runs on 80 - 80 - # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp - # 8080 2003 - - # smtp 25 ]; - # networking.firewall.allowedUDPPorts = [ 2003 ]; - } diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 28b77d330..d7fa8edc5 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -26,6 +26,7 @@ # services ../2configs/git/brain-retiolum.nix ../2configs/tor.nix + # ../2configs/buildbot-standalone.nix # hardware specifics are in here ../2configs/hw/tp-x220.nix @@ -34,16 +35,18 @@ # ../2configs/mediawiki.nix #../2configs/wordpress.nix ]; + hardware.sane.enable = true; + hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; - buildbot = let - pkgs1509 = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; - in pkgs1509.buildbot; }; - makefu.buildbot.master.enable = true; - #krebs.Reaktor.enable = true; - #krebs.Reaktor.nickname = "makefu|r"; + krebs.Reaktor = { + enable = false; + nickname = "makefu|r"; + plugins = with pkgs.ReaktorPlugins; [ nixos-version random-emoji ]; + }; + # nix.binaryCaches = [ "http://acng.shack/nixos" "https://cache.nixos.org" ]; environment.systemPackages = with pkgs;[ @@ -58,6 +61,7 @@ hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" '' ${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"} load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"''; + networking.firewall.enable = false; networking.firewall.allowedTCPPorts = [ 25 ]; diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index a24cefd0d..b8c02cb67 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -59,7 +59,6 @@ in { buildbot buildbot-slave get - genid ]; networking.firewall.allowedTCPPorts = [ diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index cd2b3f657..f022311c9 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -18,8 +18,6 @@ in { ../2configs/iodined.nix - # Reaktor - ../2configs/Reaktor/simpleExtend.nix # other nginx ../2configs/nginx/euer.wiki.nix @@ -29,9 +27,21 @@ in { # collectd ../2configs/collectd/collectd-base.nix ]; + krebs.build.host = config.krebs.hosts.wry; - krebs.Reaktor.enable = true; + krebs.Reaktor = { + nickname = "Reaktor|bot"; + channels = [ "#krebs" "#shackspace" "#binaergewitter" ]; + enable = true; + plugins = with pkgs.ReaktorPlugins;[ + titlebot + # stockholm-issue + nixos-version + shack-correct + sed-plugin + random-emoji ]; + }; # bepasty to listen only on the correct interfaces krebs.bepasty.servers.internal.nginx.listen = [ "${internal-ip}:80" ]; @@ -59,11 +69,11 @@ in { }; networking = { - firewall = { + firewall = { allowPing = true; logRefusedConnections = false; allowedTCPPorts = [ 53 80 443 ]; - allowedUDPPorts = [ 655 ]; + allowedUDPPorts = [ 655 53 ]; }; interfaces.enp2s1.ip4 = [{ address = external-ip; diff --git a/makefu/2configs/Reaktor/full.nix b/makefu/2configs/Reaktor/full.nix deleted file mode 100644 index 50620890f..000000000 --- a/makefu/2configs/Reaktor/full.nix +++ /dev/null @@ -1,18 +0,0 @@ -_: -{ - # implementation of the complete Reaktor bot - imports = [ - #./stockholmLentil.nix - ./simpleExtend.nix - ./random-emoji.nix - ./titlebot.nix - ./shack-correct.nix - ./sed-plugin.nix - ]; - krebs.Reaktor.nickname = "Reaktor|bot"; - krebs.Reaktor.enable = true; - - krebs.Reaktor.extraEnviron = { - REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace"; - }; -} diff --git a/makefu/2configs/Reaktor/random-emoji.nix b/makefu/2configs/Reaktor/random-emoji.nix deleted file mode 100644 index 3113a826b..000000000 --- a/makefu/2configs/Reaktor/random-emoji.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, lib, pkgs, ... }: - -with pkgs; -let - rpkg = pkgs.substituteAll( { - name="random-emoji"; - dir= "bin"; - isExecutable=true; - src= ./random-emoji.sh; - }); - rpkg-path = lib.makeSearchPath "bin" (with pkgs; [ - coreutils - gnused - gnugrep - xmlstarlet - curl]); -in { - # TODO: make origin a variable, <- module is generic enough to handle different origins, not only stockholm - krebs.Reaktor.extraConfig = '' - public_commands.insert(0,{ - 'capname' : "emoji", - 'pattern' : indirect_pattern.format("emoji"), - 'argv' : ["${rpkg}/bin/random-emoji"], - 'env' : { 'PATH':'${rpkg-path}' } }) - ''; -} diff --git a/makefu/2configs/Reaktor/random-emoji.sh b/makefu/2configs/Reaktor/random-emoji.sh deleted file mode 100644 index 386aa68b9..000000000 --- a/makefu/2configs/Reaktor/random-emoji.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -curl http://emojicons.com/random -s | \ - grep data-text | \ - sed -n 's/.*>\(.*\)<\/textarea>/\1/p' | \ - head -n 1 | \ - xmlstarlet unesc diff --git a/makefu/2configs/Reaktor/random-issue.sh b/makefu/2configs/Reaktor/random-issue.sh deleted file mode 100644 index 5c47c6156..000000000 --- a/makefu/2configs/Reaktor/random-issue.sh +++ /dev/null @@ -1,20 +0,0 @@ -#! /bin/sh -set -eu -# requires env: -# $state_dir -# $origin - -# in PATH: git,lentil,coreutils -subdir=`echo "$1" | tr -dc "[:alnum:]"` -name=`echo "$origin" | tr -dc "[:alnum:]"` -track="$state_dir/$name-checkout" -(if test -e "$track" ;then - cd "$track" - git fetch origin master - git reset --hard origin/master -else - git clone "$origin" "$track" -fi) >&2 - -cd "$track" -lentil "${subdir:-.}" -f csv | sed 1d | shuf | head -1 diff --git a/makefu/2configs/Reaktor/sed-plugin.nix b/makefu/2configs/Reaktor/sed-plugin.nix deleted file mode 100644 index a451e0d3e..000000000 --- a/makefu/2configs/Reaktor/sed-plugin.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, lib, pkgs, ... }: - -with pkgs; -let - script = ./sed-plugin.py; -in { - #TODO: this will eat up the last regex, fix Reaktor - krebs.Reaktor.extraConfig = '' - public_commands.append({ - 'capname' : "sed-plugin", - # only support s///gi - 'pattern' : '^(?P<args>.*)$$', - 'argv' : ["${pkgs.python3}/bin/python3","${script}"], - 'env' : { 'state_dir' : workdir, - 'PATH':'${lib.makeSearchPath "bin" [pkgs.gnused]}' }}) - ''; -} - diff --git a/makefu/2configs/Reaktor/sed-plugin.py b/makefu/2configs/Reaktor/sed-plugin.py deleted file mode 100644 index 8103c9585..000000000 --- a/makefu/2configs/Reaktor/sed-plugin.py +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env python3 - -# Usage: -# _from=krebs state_dir=. python sed-plugin.py 'dick butt' -# _from=krebs state_dir=. python sed-plugin.py 's/t/l/g' -## dick bull -import shelve -from os import environ -from os.path import join -from sys import argv -d = shelve.open(join(environ['state_dir'],'sed-plugin.shelve'),writeback=True) -usr = environ['_from'] -import re - -def is_regex(line): - myre = re.compile(r'^s/((?:\\/|[^/])+)/((?:\\/|[^/])*)/([ig]*)$') - return myre.match(line) - -line = argv[1] -m = is_regex(line) - -if m: - f,t,flagstr = m.groups() - fn = f.replace('\/','/') - tn = t.replace('\/','/') - flags = 0 - count = 1 - if flagstr: - if 'i' in flagstr: - flags = re.IGNORECASE - if 'g' in flagstr: - count = 0 - else: - flagstr = '' - last = d.get(usr,None) - if last: - #print(re.sub(fn,tn,last,count=count,flags=flags)) - from subprocess import Popen,PIPE - p = Popen(['sed','s/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE ) - so,se = p.communicate(bytes("{}\n".format(last),"UTF-8")) - if p.returncode: - print("something went wrong when trying to process your regex: {}".format(se.decode())) - ret = so.decode() - print("\x1b[1m{}\x1b[0m meinte: {}".format(usr,ret.strip())) - if ret: - d[usr] = ret - - else: - print("no last message") -else: - d[usr] = line - -d.close() diff --git a/makefu/2configs/Reaktor/shack-correct.nix b/makefu/2configs/Reaktor/shack-correct.nix deleted file mode 100644 index 8f30807f1..000000000 --- a/makefu/2configs/Reaktor/shack-correct.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, pkgs, ... }: - -with pkgs; -let - script = pkgs.substituteAll ( { - name="shack-correct"; - isExecutable=true; - dir = ""; - src = ./shack-correct.sh; - }); -in { - krebs.Reaktor.extraConfig = '' - public_commands.insert(0,{ - 'capname' : "shack-correct", - 'pattern' : '^(?P<args>.*Shack.*)$$', - 'argv' : ["${script}"], - 'env' : { }}) - ''; -} - diff --git a/makefu/2configs/Reaktor/shack-correct.sh b/makefu/2configs/Reaktor/shack-correct.sh deleted file mode 100644 index 3b4d04f80..000000000 --- a/makefu/2configs/Reaktor/shack-correct.sh +++ /dev/null @@ -1,6 +0,0 @@ -#! /bin/sh -set -eu -printf "Sie meinten wohl \"" -echo -n $@ | sed 's/Shack/shack/g' -echo "\"" -echo "${_from}--" diff --git a/makefu/2configs/Reaktor/simpleExtend.nix b/makefu/2configs/Reaktor/simpleExtend.nix deleted file mode 100644 index 95175a4e0..000000000 --- a/makefu/2configs/Reaktor/simpleExtend.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, ... }: - -with pkgs; -let - nixos-version-script = pkgs.writeScript "nix-version" '' - #! /bin/sh - . /etc/os-release - echo "$PRETTY_NAME" - ''; -in { - krebs.Reaktor.extraConfig = '' - public_commands.insert(0,{ - 'capname' : "nixos-version", - 'pattern' : indirect_pattern.format("nixos-version"), - 'argv' : ["${nixos-version-script}"], - 'env' : { 'state_dir': workdir } }) - ''; -} - diff --git a/makefu/2configs/Reaktor/stockholmLentil.nix b/makefu/2configs/Reaktor/stockholmLentil.nix deleted file mode 100644 index 21f0305fb..000000000 --- a/makefu/2configs/Reaktor/stockholmLentil.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: - -with pkgs; -let - random-issue = pkgs.substituteAll( { - name="random-issue"; - dir= "bin"; - isExecutable=true; - src= ./random-issue.sh; - }); - random-issue-path = lib.makeSearchPath "bin" (with pkgs; [ - coreutils - git - gnused - lentil]); -in { - # TODO: make origin a variable, <- module is generic enough to handle different origins, not only stockholm - krebs.Reaktor.extraConfig = '' - public_commands.insert(0,{ - 'capname' : "stockholm-issue", - 'pattern' : indirect_pattern.format("stockholm-issue"), - 'argv' : ["${random-issue}/bin/random-issue"], - 'env' : { 'state_dir': workdir, - 'PATH':'${random-issue-path}', - 'origin':'http://cgit.pnp/stockholm' } }) - ''; -} diff --git a/makefu/2configs/Reaktor/titlebot.nix b/makefu/2configs/Reaktor/titlebot.nix deleted file mode 100644 index 9ef02548b..000000000 --- a/makefu/2configs/Reaktor/titlebot.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ stdenv,config, lib, pkgs, ... }: - -with pkgs; -let - pypkgs = pkgs.python3Packages; - titlebot_cmds = pypkgs.buildPythonPackage { - name = "titlebot_cmds"; - propagatedBuildInputs = with pypkgs; [ setuptools ]; - src = fetchurl { - # https://github.com/makefu/reaktor-titlebot tag 2.1.0 - url = "https://github.com/makefu/reaktor-titlebot/archive/2.1.0.tar.gz"; - sha256 = "0wvf09wmk8b52f9j65qrw81nwrhs9pfhijwrlkzp5l7l2q8cjkp6"; - }; - }; - pub_cmds = ["up" "help" "list" "top" "highest" "undo" ]; - priv_cmds = [ "clear" ]; -in { - # TODO: write identify file in - # {config.users.extraUsers.Reaktor.home}/state/admin.lst - krebs.Reaktor.extraConfig = '' - def titlebot_cmd(cmd): - return { - 'capname': cmd, - 'env': { - 'TITLEDB': - '${config.users.extraUsers.Reaktor.home}/suggestions.json' - }, - 'pattern': '^\\.' + cmd + '\\s*(?:\\s+(?P<args>.*))?$$', - 'argv': [ '${titlebot_cmds}/bin/' + cmd ] } - # TODO: for each element in ${titlebot_cmds}/bin/* - public_commands.insert(0,titlebot_cmd('up')) - public_commands.insert(0,titlebot_cmd('help')) - public_commands.insert(0,titlebot_cmd('list')) - public_commands.insert(0,titlebot_cmd('top')) - public_commands.insert(0,titlebot_cmd('new')) - commands.insert(0,titlebot_cmd('clear')) - ''; -} diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index a0b49edaf..ec1100582 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -13,7 +13,7 @@ with lib; ./vim.nix ]; - + nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); krebs = { enable = true; search-domain = "retiolum"; @@ -23,8 +23,8 @@ with lib; source = { git.nixpkgs = { #url = https://github.com/NixOS/nixpkgs; - url = mkDefault https://github.com/makefu/nixpkgs; - rev = mkDefault "3fd2c24685f604edc925f73ed56600b8c66236b3"; # nixos-15.09 + cherry-picking + url = mkDefault https://github.com/nixos/nixpkgs; + rev = mkDefault "93d8671e2c6d1d25f126ed30e5e6f16764330119"; # unstable @ 2015-01-03, tested on filepimp target-path = "/var/src/nixpkgs"; }; @@ -65,7 +65,12 @@ with lib; time.timeZone = "Europe/Berlin"; #nix.maxJobs = 1; - programs.ssh.startAgent = false; + programs.ssh = { + startAgent = false; + extraConfig = '' + UseRoaming no + ''; + }; services.openssh.enable = true; nix.useChroot = true; diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 047895ce6..ebc72a06e 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -24,5 +24,12 @@ with lib; services.tlp.enable = true; services.tlp.extraConfig = '' START_CHARGE_THRESH_BAT0=80 + + CPU_SCALING_GOVERNOR_ON_AC=performance + CPU_SCALING_GOVERNOR_ON_BAT=ondemand + CPU_MIN_PERF_ON_AC=0 + CPU_MAX_PERF_ON_AC=100 + CPU_MIN_PERF_ON_BAT=0 + CPU_MAX_PERF_ON_BAT=30 ''; } diff --git a/makefu/2configs/mail-client.nix b/makefu/2configs/mail-client.nix index a6ae33d2f..bda21e9d0 100644 --- a/makefu/2configs/mail-client.nix +++ b/makefu/2configs/mail-client.nix @@ -7,6 +7,8 @@ with lib; mutt-kz notmuch offlineimap + imapfilter + gnupg ]; } diff --git a/makefu/2configs/nginx/omo-share.nix b/makefu/2configs/nginx/omo-share.nix new file mode 100644 index 000000000..ce85e0442 --- /dev/null +++ b/makefu/2configs/nginx/omo-share.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = config.krebs.build.host.name; + # TODO local-ip from the nets config + local-ip = "192.168.1.11"; + # local-ip = head config.krebs.build.host.nets.retiolum.addrs4; +in { + krebs.nginx = { + enable = mkDefault true; + servers = { + omo-share = { + listen = [ "${local-ip}:80" ]; + locations = singleton (nameValuePair "/" '' + autoindex on; + root /media; + limit_rate_after 100m; + limit_rate 5m; + mp4_buffer_size 4M; + mp4_max_buffer_size 10M; + allow all; + access_log off; + keepalive_timeout 65; + keepalive_requests 200; + reset_timedout_connection on; + sendfile on; + tcp_nopush on; + gzip off; + ''); + }; + }; + }; +} diff --git a/makefu/2configs/share-user-sftp.nix b/makefu/2configs/share-user-sftp.nix new file mode 100644 index 000000000..2c93143ec --- /dev/null +++ b/makefu/2configs/share-user-sftp.nix @@ -0,0 +1,21 @@ +{ config, ... }: + +{ + users.users = { + share = { + uid = 9002; + home = "/var/empty"; + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; + }; + }; + # we will use internal-sftp to make uncomplicated Chroot work + services.openssh.extraConfig = '' + Match User share + ChrootDirectory /media + ForceCommand internal-sftp + AllowTcpForwarding no + PermitTunnel no + X11Forwarding no + Match All + ''; +} diff --git a/makefu/2configs/smart-monitor.nix b/makefu/2configs/smart-monitor.nix new file mode 100644 index 000000000..daf3aad01 --- /dev/null +++ b/makefu/2configs/smart-monitor.nix @@ -0,0 +1,18 @@ +{ config, lib, ... }: +{ + krebs.exim-retiolum.enable = lib.mkDefault true; + services.smartd = { + enable = true; + autodetect = false; + notifications = { + mail = { + enable = true; + recipient = config.krebs.users.makefu.mail; + }; + }; + # short daily, long weekly, check on boot + defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)"; + + devices = lib.mkDefault [ ]; + }; +} diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index cd05f0114..a83279ba2 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -1,6 +1,22 @@ -{ config, ... }: +{ config, lib, ... }: { + nixpkgs.config.packageOverrides = pkgs: { + urlwatch = with pkgs.pythonPackages; buildPythonPackage rec { + name = "urlwatch-1.18"; + + propagatedBuildInputs = [ futures ]; + + src = pkgs.fetchurl { + url = "http://thp.io/2008/urlwatch/${name}.tar.gz"; + sha256 = "090qfgx249ks7103sap6w47f8302ix2k46wxhfssxwsqcqdl25vb"; + }; + + postFixup = '' + wrapProgram "$out/bin/urlwatch" --prefix "PYTHONPATH" : "$PYTHONPATH" + ''; + }; + }; krebs.urlwatch = { enable = true; mailto = config.krebs.users.makefu.mail; @@ -12,7 +28,7 @@ http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release https://pypi.python.org/simple/bepasty/ https://pypi.python.org/simple/xstatic/ - + http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ ]; }; } diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix index 02a46d22a..227d73c81 100644 --- a/makefu/2configs/vim.nix +++ b/makefu/2configs/vim.nix @@ -122,7 +122,7 @@ in { vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; vimrcConfig.vam.pluginDictionaries = [ { names = [ "undotree" - "YouCompleteMe" + # "YouCompleteMe" "vim-better-whitespace" ]; } { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } ]; diff --git a/makefu/2configs/virtualization.nix b/makefu/2configs/virtualization.nix index b3f8c8284..b90467ab8 100644 --- a/makefu/2configs/virtualization.nix +++ b/makefu/2configs/virtualization.nix @@ -5,4 +5,5 @@ let in { virtualisation.libvirtd.enable = true; users.extraUsers.${mainUser.name}.extraGroups = [ "libvirtd" ]; + networking.firewall.checkReversePath = false; # TODO: unsolved issue in nixpkgs:#9067 [bug] } diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/wwan.nix index 29a610ac6..1e76cd28a 100644 --- a/makefu/2configs/wwan.nix +++ b/makefu/2configs/wwan.nix @@ -1,33 +1,9 @@ -{ config, lib, pkgs, ... }: +_: -#usage: $ wvdial - -let - mainUser = config.krebs.build.user; -in { - environment.systemPackages = with pkgs;[ - wvdial - ]; - - environment.shellAliases = { - umts = "sudo wvdial netzclub"; +{ + imports = [ ../3modules ]; + makefu.umts = { + enable = true; + modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01"; }; - - # configure for NETZCLUB - environment.wvdial.dialerDefaults = '' - Phone = *99***1# - Dial Command = ATDT - Modem = /dev/ttyACM0 - Baud = 460800 - Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 - Init2 = ATZ - Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 - ISDN = 0 - Modem Type = Analog Modem - Username = netzclub - Password = netzclub - Stupid Mode = 1 - Idle Seconds = 0''; - - users.extraUsers.${mainUser.name}.extraGroups = [ "dialout" ]; } diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 1b1762418..f79f258f3 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -19,8 +19,7 @@ in bindkey -e # shift-tab bindkey '^[[Z' reverse-menu-complete - - autoload -U compinit && compinit + bindkey "\e[3~" delete-char zstyle ':completion:*' menu select # load gpg-agent diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix deleted file mode 100644 index 58e2f8175..000000000 --- a/makefu/3modules/buildbot/master.nix +++ /dev/null @@ -1,263 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - buildbot = pkgs.buildbot; - buildbot-master-config = pkgs.writeText "buildbot-master.cfg" '' - # -*- python -*- - from buildbot.plugins import * - import re - - c = BuildmasterConfig = {} - - c['slaves'] = [] - # TODO: template potential buildslaves - # TODO: set password? - slavenames= [ 'testslave' ] - for i in slavenames: - c['slaves'].append(buildslave.BuildSlave(i, "krebspass")) - - c['protocols'] = {'pb': {'port': 9989}} - - ####### Build Inputs - stockholm_repo = 'http://cgit.gum/stockholm' - c['change_source'] = [] - c['change_source'].append(changes.GitPoller( - stockholm_repo, - workdir='stockholm-poller', branch='master', - project='stockholm', - pollinterval=120)) - - ####### Build Scheduler - # TODO: configure scheduler - c['schedulers'] = [] - - # test the master real quick - fast = schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch="master"), - name="fast-master-test", - builderNames=["fast-tests"]) - - force = schedulers.ForceScheduler( - name="force", - builderNames=["full-tests"]) - - # files everyone depends on or are part of the share branch - def shared_files(change): - r =re.compile("^((krebs|share)/.*|Makefile|default.nix)") - for file in change.files: - if r.match(file): - return True - return False - - full = schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch="master"), - fileIsImportant=shared_files, - name="full-master-test", - builderNames=["full-tests"]) - c['schedulers'] = [ fast, force, full ] - ###### The actual build - # couple of fast steps: - f = util.BuildFactory() - ## fetch repo - grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') - f.addStep(grab_repo) - - # the dependencies which are used by the test script - deps = [ "gnumake", "jq" ] - nixshell = ["nix-shell", "-p" ] + deps + [ "--run" ] - def addShell(f,**kwargs): - f.addStep(steps.ShellCommand(**kwargs)) - - addShell(f,name="centos7-eval",env={"LOGNAME": "shared", - "get" : "krebs.deploy", - "filter" : "json" - }, - command=nixshell + ["make -s eval system=test-centos7"]) - - addShell(f,name="wolf-eval",env={"LOGNAME": "shared", - "get" : "krebs.deploy", - "filter" : "json" - }, - command=nixshell + ["make -s eval system=wolf"]) - - c['builders'] = [] - c['builders'].append( - util.BuilderConfig(name="fast-tests", - slavenames=slavenames, - factory=f)) - - # TODO slow build - c['builders'].append( - util.BuilderConfig(name="full-tests", - slavenames=slavenames, - factory=f)) - - ####### Status of Builds - c['status'] = [] - - from buildbot.status import html - from buildbot.status.web import authz, auth - # TODO: configure if http is wanted - authz_cfg=authz.Authz( - # TODO: configure user/pw - auth=auth.BasicAuth([("krebs","bob")]), - gracefulShutdown = False, - forceBuild = 'auth', - forceAllBuilds = 'auth', - pingBuilder = False, - stopBuild = False, - stopAllBuilds = False, - cancelPendingBuild = False, - ) - # TODO: configure nginx - c['status'].append(html.WebStatus(http_port=8010, authz=authz_cfg)) - - from buildbot.status import words - ${optionalString (cfg.irc.enable) '' - irc = words.IRC("${cfg.irc.server}", "krebsbuild", - # TODO: multiple channels - channels=["${cfg.irc.channel}"], - notify_events={ - #'success': 1, - #'failure': 1, - 'exception': 1, - 'successToFailure': 1, - 'failureToSuccess': 1, - }${optionalString cfg.irc.allowForce ",allowForce=True"}) - c['status'].append(irc) - ''} - - ####### PROJECT IDENTITY - c['title'] = "Stockholm" - c['titleURL'] = "http://krebsco.de" - - #c['buildbotURL'] = "http://buildbot.krebsco.de/" - # TODO: configure url - c['buildbotURL'] = "http://vbob:8010/" - - ####### DB URL - c['db'] = { - 'db_url' : "sqlite:///state.sqlite", - } - ${cfg.extraConfig} - ''; - - cfg = config.makefu.buildbot.master; - - api = { - enable = mkEnableOption "Buildbot Master"; - workDir = mkOption { - default = "/var/lib/buildbot/master"; - type = types.str; - description = '' - Path to build bot master directory. - Will be created on startup. - ''; - }; - irc = mkOption { - default = {}; - type = types.submodule ({ config, ... }: { - options = { - enable = mkEnableOption "Buildbot Master IRC Status"; - channel = mkOption { - default = "nix-buildbot-meetup"; - type = types.str; - description = '' - irc channel the bot should connect to - ''; - }; - allowForce = mkOption { - default = false; - type = types.bool; - description = '' - Determines if builds can be forced via IRC - ''; - }; - nick = mkOption { - default = "nix-buildbot"; - type = types.str; - description = '' - nickname for IRC - ''; - }; - server = mkOption { - default = "irc.freenode.net"; - type = types.str; - description = '' - Buildbot Status IRC Server to connect to - ''; - }; - }; - }); - }; - - extraConfig = mkOption { - default = ""; - type = types.lines; - description = '' - extra config appended to the generated master.cfg - ''; - }; - }; - - imp = { - - users.extraUsers.buildbotMaster = { - uid = 672626386; #genid buildbotMaster - description = "Buildbot Master"; - home = cfg.workDir; - createHome = false; - }; - - users.extraGroups.buildbotMaster = { - gid = 672626386; - }; - - systemd.services.buildbotMaster = { - description = "Buildbot Master"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.git ]; - serviceConfig = let - workdir="${lib.shell.escape cfg.workDir}"; - # TODO: check if git is the only dep - in { - PermissionsStartOnly = true; - Type = "forking"; - PIDFile = "${workdir}/twistd.pid"; - # TODO: maybe also prepare buildbot.tac? - ExecStartPre = pkgs.writeScript "buildbot-master-init" '' - #!/bin/sh - set -efux - if [ ! -e ${workdir} ];then - mkdir -p ${workdir} - ${buildbot}/bin/buildbot create-master -r -l 10 -f ${workdir} - fi - # always override the master.cfg - cp ${buildbot-master-config} ${workdir}/master.cfg - # sanity - ${buildbot}/bin/buildbot checkconfig ${workdir} - - # TODO: maybe upgrade? not sure about this - # normally we should write buildbot.tac by our own - # ${buildbot}/bin/buildbot upgrade-master ${workdir} - - chmod 700 -R ${workdir} - chown buildbotMaster:buildbotMaster -R ${workdir} - ''; - ExecStart = "${buildbot}/bin/buildbot start ${workdir}"; - ExecStop = "${buildbot}/bin/buildbot stop ${workdir}"; - ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}"; - PrivateTmp = "true"; - User = "buildbotMaster"; - Restart = "always"; - RestartSec = "10"; - }; - }; - }; -in -{ - options.makefu.buildbot.master = api; - config = mkIf cfg.enable imp; -} diff --git a/makefu/3modules/buildbot/slave.nix b/makefu/3modules/buildbot/slave.nix deleted file mode 100644 index 69d0361bf..000000000 --- a/makefu/3modules/buildbot/slave.nix +++ /dev/null @@ -1,185 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" '' - import os - - from buildslave.bot import BuildSlave - from twisted.application import service - - basedir = '${cfg.workDir}' - rotateLength = 10000000 - maxRotatedFiles = 10 - - application = service.Application('buildslave') - - from twisted.python.logfile import LogFile - from twisted.python.log import ILogObserver, FileLogObserver - logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength, - maxRotatedFiles=maxRotatedFiles) - application.setComponent(ILogObserver, FileLogObserver(logfile).emit) - - buildmaster_host = '${cfg.masterhost}' - # TODO: masterport? - port = 9989 - slavename = '${cfg.username}' - passwd = '${cfg.password}' - keepalive = 600 - usepty = 0 - umask = None - maxdelay = 300 - allow_shutdown = None - - ${cfg.extraConfig} - - s = BuildSlave(buildmaster_host, port, slavename, passwd, basedir, - keepalive, usepty, umask=umask, maxdelay=maxdelay, - allow_shutdown=allow_shutdown) - s.setServiceParent(application) - ''; - default-packages = [ pkgs.git pkgs.bash ]; - cfg = config.makefu.buildbot.slave; - - api = { - enable = mkEnableOption "Buildbot Slave"; - - workDir = mkOption { - default = "/var/lib/buildbot/slave"; - type = types.str; - description = '' - Path to build bot slave directory. - Will be created on startup. - ''; - }; - - masterhost = mkOption { - default = "localhost"; - type = types.str; - description = '' - Hostname/IP of the buildbot master - ''; - }; - - username = mkOption { - type = types.str; - description = '' - slavename used to authenticate with master - ''; - }; - - password = mkOption { - type = types.str; - description = '' - slave password used to authenticate with master - ''; - }; - - contact = mkOption { - default = "nix slave <buildslave@${config.networking.hostName}>"; - type = types.str; - description = '' - contact to be announced by buildslave - ''; - }; - - description = mkOption { - default = "Nix Generated BuildSlave"; - type = types.str; - description = '' - description for hostto be announced by buildslave - ''; - }; - - packages = mkOption { - default = [ pkgs.git ]; - type = with types; listOf package; - description = '' - packages which should be in path for buildslave - ''; - }; - - extraEnviron = mkOption { - default = {}; - example = { - NIX_PATH = "nixpkgs=/path/to/my/nixpkgs"; - }; - type = types.attrsOf types.str; - description = '' - extra environment variables to be provided to the buildslave service - if you need nixpkgs, e.g. for running nix-shell you can set NIX_PATH here. - ''; - }; - - extraConfig = mkOption { - default = ""; - type = types.lines; - example = '' - port = 443 - keepalive = 600 - ''; - description = '' - extra config evaluated before calling BuildSlave init in .tac file - ''; - }; - }; - - imp = { - - users.extraUsers.buildbotSlave = { - uid = 1408105834; #genid buildbotMaster - description = "Buildbot Slave"; - home = cfg.workDir; - createHome = false; - }; - - users.extraGroups.buildbotSlave = { - gid = 1408105834; - }; - - systemd.services."buildbotSlave-${cfg.username}-${cfg.masterhost}" = { - description = "Buildbot Slave for ${cfg.username}@${cfg.masterhost}"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = default-packages ++ cfg.packages; - - environment = { - NIX_REMOTE="daemon"; - } // cfg.extraEnviron; - - serviceConfig = let - workdir = "${lib.shell.escape cfg.workDir}"; - contact = "${lib.shell.escape cfg.contact}"; - description = "${lib.shell.escape cfg.description}"; - buildbot = pkgs.buildbot-slave; - # TODO:make this - in { - PermissionsStartOnly = true; - Type = "forking"; - PIDFile = "${workdir}/twistd.pid"; - # TODO: maybe also prepare buildbot.tac? - ExecStartPre = pkgs.writeScript "buildbot-master-init" '' - #!/bin/sh - set -efux - mkdir -p ${workdir}/info - cp ${buildbot-slave-init} ${workdir}/buildbot.tac - echo ${contact} > ${workdir}/info/admin - echo ${description} > ${workdir}/info/host - - chown buildbotSlave:buildbotSlave -R ${workdir} - chmod 700 -R ${workdir} - ''; - ExecStart = "${buildbot}/bin/buildslave start ${workdir}"; - ExecStop = "${buildbot}/bin/buildslave stop ${workdir}"; - PrivateTmp = "true"; - User = "buildbotSlave"; - Restart = "always"; - RestartSec = "10"; - }; - }; - }; -in -{ - options.makefu.buildbot.slave = api; - config = mkIf cfg.enable imp; -} diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index ffbf54cc0..f007a8418 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,8 +2,8 @@ _: { imports = [ - ./buildbot/master.nix - ./buildbot/slave.nix + ./snapraid.nix + ./umts.nix ]; } diff --git a/makefu/3modules/snapraid.nix b/makefu/3modules/snapraid.nix new file mode 100644 index 000000000..fbdf50219 --- /dev/null +++ b/makefu/3modules/snapraid.nix @@ -0,0 +1,125 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + # returns dirname without / , used as disk name + dname = dir: replaceChars ["/"] [""] (head (reverseList (splitString "/" dir))); + snapraid-conf = '' + # Disks + ${concatMapStringsSep "\n" (d: "disk ${dname d} ${d}") cfg.disks} + # Parity + ${optionalString (cfg.parity != "") "parity ${cfg.parity}/snapraid.parity"} + + # content on Disks + ${optionalString cfg.contentOnDisks + concatMapStringsSep "\n" (d: "content ${d}/snapraid.content") cfg.disks} + + # content on Parity + ${optionalString (cfg.contentOnParity && cfg.parity != "") + "content ${cfg.parity}/snapraid.content"} + # Default content file + content ${cfg.defaultContentFile} + + # Extra Configuration + ${cfg.extraConfig} + ''; + cfg = config.makefu.snapraid; + + out = { + options.makefu.snapraid = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "snapraid"; + + timerConfig = mkOption { + type = types.unspecified; + description = '' + Start snapraid service + ''; + default = { + OnCalendar = "daily"; + }; + }; + disks = mkOption { + type = with types;listOf str; + description = '' + Disks to protect. Each disk is a path to the mounted directory of the + disk. + ''; + }; + parity = mkOption { + type = types.str; + description = '' + Folder to store parity file. + Set to empty string if you want to configure the parity yourself in + extraConfig. + + All extra parity files (2,3,z, etc...) should be configured via + extraConfig. + ''; + }; + contentOnDisks = mkOption { + type = types.bool; + default = true; + description = '' + Store Content file on each Disk to protect. + Set this to false if you do not want this behavior to apply. + ''; + }; + contentOnParity = mkOption { + type = types.bool; + default = true; + description = '' + Store Content file on parity Disk. + Set this to false if you do not want this behavior to apply. + ''; + }; + defaultContentFile = mkOption { + type = types.str; + default = "/var/cache/snapraid.content"; + description = '' + Path to default content file + Set to empty string if this content file should be written. + ''; + }; + extraConfig = mkOption { + type = types.string; + default = ""; + description = '' + Extra configuration to be appended to the snapraid conf file. + You can configure extra Parity files as well as extra content files. + See `man snapraid` for additional configuration + ''; + }; + }; + + imp = { + environment.systemPackages = [ + # for scrubbing,fixing + pkgs.snapraid + ]; + environment.etc."snapraid.conf".text = snapraid-conf; + systemd.timers.snapraid-sync = { + description = "snapraid sync timer"; + wantedBy = [ "timers.target" ]; + timerConfig = cfg.timerConfig; + }; + systemd.services.snapraid-sync = { + description = "Snapraid sync service"; + after = [ "network.target" "local-fs.target" ]; + + serviceConfig = { + Type = "simple"; + ExecStartPre = pkgs.writeScript "Snapraid-sync-init" '' + #! /bin/sh + ${optionalString (cfg.defaultContentFile != "") + "mkdir -p $(dirname ${cfg.defaultContentFile})"} + ''; + ExecStart = "${pkgs.snapraid}/bin/snapraid sync"; + }; + }; + }; +in out diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix new file mode 100644 index 000000000..d7be45f62 --- /dev/null +++ b/makefu/3modules/umts.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + # TODO: currently it is only netzclub + umts-bin = pkgs.writeScriptBin "umts" '' + #!/bin/sh + set -euf + systemctl start umts + trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT + echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf + journalctl -xfu umts + ''; + + wvdial-defaults = '' + Phone = *99***1# + Dial Command = ATDT + Modem = ${cfg.modem-device} + Baud = 460800 + Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + Init2 = ATZ + Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 + ISDN = 0 + Modem Type = Analog Modem + Username = netzclub + Password = netzclub + Stupid Mode = 1 + Idle Seconds = 0''; + + cfg = config.makefu.umts; + + out = { + options.makefu.umts = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "umts"; + + modem-device = mkOption { + default = "/dev/ttyUSB0"; + type = types.str; + description = '' + path to modem device, use <filename>/dev/serial/by-id/...</filename> + to avoid race conditions. + ''; + }; + }; + + imp = { + environment.shellAliases = { + umts = "sudo ${umts-bin}/bin/umts"; + }; + environment.systemPackages = [ ]; + + environment.wvdial.dialerDefaults = wvdial-defaults; + + systemd.targets.network-umts = { + description = "System is running on UMTS"; + unitConfig.StopWhenUnneeded = true; + }; + + systemd.services.umts = { + description = "UMTS wvdial Service"; + before = [ "network-umts.target" ]; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = "4s"; + ExecStart = "${pkgs.wvdial}/bin/wvdial -n"; + }; + }; + }; +in out |