From 198cadf3968b116a2f3d74f83f4f636cde925203 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Jul 2016 20:43:56 +0200 Subject: ma: nixpkgs@0546a4a --- makefu/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 422927b28..4e6cc0b44 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -24,7 +24,7 @@ with config.krebs.lib; source = mapAttrs (_: mkDefault) { nixpkgs = { url = https://github.com/nixos/nixpkgs; - rev = "63b9785"; # stable @ 2016-06-01 + rev = "8bf31d7"; # stable @ 2016-06-11 }; secrets = if getEnv "dummy_secrets" == "true" then toString -- cgit v1.2.3 From 393f5cb5c71d91493be05f624796f1b19bac8e58 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Jul 2016 20:44:16 +0200 Subject: k 3 m: init honeydrive --- krebs/3modules/makefu/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e5cb0e7f6..d5537cf56 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -66,6 +66,16 @@ with config.krebs.lib; }; }; }; + honeydrive = { # vm on darth + nets = { + internet = { # via shoney + ip4.addr = "64.137.234.232"; + aliases = [ + "honeydrive.i" + ]; + }; + }; + }; tsp = { cores = 1; nets = { -- cgit v1.2.3 From b9c2dc13d376a79bceef0829e3990544f950215d Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Jul 2016 20:45:16 +0200 Subject: m 1 darth: configure with forward-journal, share --- makefu/1systems/darth.nix | 19 +++++++++++++- makefu/2configs/temp-share-samba.nix | 5 +++- makefu/3modules/forward-journal.nix | 50 ++++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 makefu/3modules/forward-journal.nix diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index 5f1d6e121..87029a693 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -16,16 +16,32 @@ in { ../2configs/smart-monitor.nix ../2configs/exim-retiolum.nix ../2configs/virtualization.nix + + ../2configs/temp-share-samba.nix ]; + services.samba.shares = { + isos = { + path = "/data/isos/"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; services.tinc.networks.siem = { name = "sdarth"; extraConfig = "ConnectTo = sjump"; }; + + makefu.forward-journal = { + enable = true; + src = "10.8.10.2"; + dst = "10.8.10.6"; + }; + #networking.firewall.enable = false; krebs.retiolum.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; - hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; networking = { @@ -33,6 +49,7 @@ in { firewall = { allowPing = true; logRefusedConnections = false; + trustedInterfaces = [ "eno1" ]; allowedUDPPorts = [ 80 655 1655 67 ]; allowedTCPPorts = [ 80 655 1655 ]; }; diff --git a/makefu/2configs/temp-share-samba.nix b/makefu/2configs/temp-share-samba.nix index 5f21e3bf7..0907c2dbf 100644 --- a/makefu/2configs/temp-share-samba.nix +++ b/makefu/2configs/temp-share-samba.nix @@ -1,9 +1,12 @@ {config, ... }:{ + networking.firewall.allowedUDPPorts = [ 137 138 ]; + networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; uid = config.ids.uids.smbguest; description = "smb guest user"; - home = "/var/empty"; + home = "/home/share"; + createHome = true; }; services.samba = { enable = true; diff --git a/makefu/3modules/forward-journal.nix b/makefu/3modules/forward-journal.nix new file mode 100644 index 000000000..26de3ffdd --- /dev/null +++ b/makefu/3modules/forward-journal.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +let + cfg = config.makefu.forward-journal; + + out = { + options.makefu.forward-journal = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "forward journal via syslog"; + src = mkOption { + type = types.str; + description = "syslog host identifier"; + default = config.networking.hostName; + }; + dst = mkOption { + type = types.str; + description = "syslog host identifier"; + default = ""; + }; + proto = mkOption { + type = types.str; + default = "udp"; + }; + port = mkOption { + type = types.int; + description = "destination port"; + default = 514; + }; + + }; + + imp = { + services.syslog-ng = { + enable = true; + extraConfig = '' + template t_remote { template("<$PRI>$DATE ${cfg.src} $PROGRAM[$PID]: $MSG\n"); }; + source s_all { system(); internal(); }; + destination d_loghost { udp("${cfg.dst}" port(${toString cfg.port}) template(t_remote)); }; + log { source(s_all); destination(d_loghost); }; + ''; + }; + }; + +in +out + -- cgit v1.2.3 From 45b79ac86b1ff2a48de33aa3a10057dba2d6e8f3 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Jul 2016 20:45:34 +0200 Subject: ma 1 omo: init share user --- makefu/1systems/omo.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e71055f54..8e492ccaa 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -129,7 +129,10 @@ in { kernelModules = [ "kvm-intel" ]; extraModulePackages = [ ]; }; - + users.users.misa = { + uid = 9002; + name = "misa"; + }; hardware.enableAllFirmware = true; hardware.cpu.intel.updateMicrocode = true; -- cgit v1.2.3 From 50229a32997d1685b8f3359a675c43828b024362 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Jul 2016 20:46:09 +0200 Subject: m 1 shoney: configure forward-journal --- makefu/1systems/shoney.nix | 14 ++++++++++---- makefu/3modules/default.nix | 1 + 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 1fe8871d2..3a3ac9c7c 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -3,8 +3,9 @@ let tinc-siem-ip = "10.8.10.1"; ip = "64.137.234.215"; - alt-ip = "64.137.234.210"; - extra-ip = "64.137.234.114"; #currently unused + alt-ip = "64.137.234.210"; # honeydrive honeyd + extra-ip1 = "64.137.234.114"; # floating tinc.siem + extra-ip2 = "64.137.234.232"; # honeydrive gw = "64.137.234.1"; in { imports = [ @@ -15,7 +16,7 @@ in { ]; - + environment.systemPackages = [ pkgs.honeyd ]; services.tinc.networks.siem.name = "sjump"; krebs = { @@ -37,10 +38,15 @@ in { }; }; }; + makefu.forward-journal = { + enable = true; + src = "10.8.10.1"; + dst = "10.8.10.6"; + }; networking = { interfaces.enp2s1.ip4 = [ { address = ip; prefixLength = 24; } - { address = alt-ip; prefixLength = 24; } + # { address = alt-ip; prefixLength = 24; } ]; defaultGateway = gw; diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 853bdca04..febebaa18 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -6,6 +6,7 @@ _: ./umts.nix ./taskserver.nix ./awesome-extra.nix + ./forward-journal.nix ]; } -- cgit v1.2.3 From 1c8ee1239fe57aabd55b686aca49960a9521ed8c Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Jul 2016 20:47:22 +0200 Subject: m: nixpkgs@0546a4a --- makefu/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 4e6cc0b44..48cfcb7cb 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -24,7 +24,7 @@ with config.krebs.lib; source = mapAttrs (_: mkDefault) { nixpkgs = { url = https://github.com/nixos/nixpkgs; - rev = "8bf31d7"; # stable @ 2016-06-11 + rev = "0546a4a"; # stable @ 2016-06-11 }; secrets = if getEnv "dummy_secrets" == "true" then toString -- cgit v1.2.3 From 941b137408982dfe4e918d4de54fbcfd88fef394 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Jul 2016 21:20:02 +0200 Subject: m 2 virtualbox: bump version --- makefu/2configs/virtualization-virtualbox.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix index aaabcd50e..5d84b0284 100644 --- a/makefu/2configs/virtualization-virtualbox.nix +++ b/makefu/2configs/virtualization-virtualbox.nix @@ -2,8 +2,8 @@ let mainUser = config.krebs.build.user; - version = "5.0.6"; - rev = "103037"; + version = "5.0.20"; + rev = "106931"; vboxguestpkg = pkgs.fetchurl { url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack"; sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf"; -- cgit v1.2.3 From c6c40da83712ca91ede062d84e31b57448db140f Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 12 Jul 2016 09:43:23 +0200 Subject: m 2 virtualbox: directly retrieve vboxguestextensions --- makefu/2configs/virtualization-virtualbox.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix index 5d84b0284..2b4e24774 100644 --- a/makefu/2configs/virtualization-virtualbox.nix +++ b/makefu/2configs/virtualization-virtualbox.nix @@ -14,5 +14,10 @@ in { nixpkgs.config.virtualbox.enableExtensionPack = true; users.extraGroups.vboxusers.members = [ "${mainUser.name}" ]; - environment.systemPackages = [ vboxguestpkg ]; + nixpkgs.config.packageOverrides = super: { + boot.kernelPackages = super.boot.kernelPackages.virtualbox.override { + buildInputs = super.boot.kernelPackages.virtualBox.buildInputs + ++ [ vboxguestpkg ]; + }; + }; } -- cgit v1.2.3 From 0691d1ba14a3c9c69ba6b6f50246b6402b29b3ad Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Jul 2016 17:55:41 +0200 Subject: m 2 default:remove useroaming no as it is disabled by default --- makefu/2configs/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 48cfcb7cb..c40256db3 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -62,9 +62,6 @@ with config.krebs.lib; programs.ssh = { startAgent = false; - extraConfig = '' - UseRoaming no - ''; }; services.openssh.enable = true; nix.useChroot = true; -- cgit v1.2.3 From d5ebe15536e1b5a461b48621ecc4b8bcf61de3e2 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Jul 2016 22:30:44 +0200 Subject: m mergerfs: init --- makefu/1systems/omo.nix | 1 + makefu/5pkgs/default.nix | 2 ++ makefu/5pkgs/mergerfs/default.nix | 26 ++++++++++++++++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 makefu/5pkgs/mergerfs/default.nix diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 8e492ccaa..8c24e0ff5 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -75,6 +75,7 @@ in { # HDD Array stuff + environment.systemPackages = [ pkgs.mergerfs ]; services.smartd.devices = builtins.map (x: { device = x; }) allDisks; makefu.snapraid = let diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index f6a6b674b..f94136c0b 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -10,6 +10,8 @@ in alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; awesomecfg = callPackage ./awesomecfg {}; bintray-upload = callPackage ./bintray-upload {}; + git-xlsx-textconv = callPackage ./git-xlsx-textconv {}; + mergerfs = callPackage ./mergerfs {}; mycube-flask = callPackage ./mycube-flask {}; nodemcu-uploader = callPackage ./nodemcu-uploader {}; tw-upload-plugin = callPackage ./tw-upload-plugin {}; diff --git a/makefu/5pkgs/mergerfs/default.nix b/makefu/5pkgs/mergerfs/default.nix new file mode 100644 index 000000000..64e8fc671 --- /dev/null +++ b/makefu/5pkgs/mergerfs/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchgit, fuse, pkgconfig, which, attr, pandoc, git }: + +stdenv.mkDerivation rec { + name = "mergerfs-${version}"; + version = "2.14.0"; + + # not using fetchFromGitHub because of changelog being built with git log + src = fetchgit { + url = "https://github.com/trapexit/mergerfs"; + rev = "refs/tags/${version}"; + sha256 = "0j5r96xddlj5gp3n1xhfwjmr6yf861xg3hgby4p078c8zfriq5rm"; + deepClone = true; + }; + + buildInputs = [ fuse pkgconfig which attr pandoc git ]; + + makeFlags = [ "PREFIX=$(out)" "XATTR_AVAILABLE=1" ]; + + + meta = { + homepage = https://github.com/trapexit/mergerfs; + description = "a FUSE based union filesystem"; + license = stdenv.lib.licenses.isc; + maintainers = [ stdenv.lib.maintainers.makefu ]; + }; +} -- cgit v1.2.3 From 14242c68f234f6de0bed015817ac206f99dc4f20 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Jul 2016 22:31:27 +0200 Subject: m binary-cache: split lass and nixos --- makefu/2configs/binary-cache/lass.nix | 12 ++++++++++++ makefu/2configs/binary-cache/nixos.nix | 12 ++++++++++++ makefu/2configs/default.nix | 4 ++-- 3 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 makefu/2configs/binary-cache/lass.nix create mode 100644 makefu/2configs/binary-cache/nixos.nix diff --git a/makefu/2configs/binary-cache/lass.nix b/makefu/2configs/binary-cache/lass.nix new file mode 100644 index 000000000..4813eeb0f --- /dev/null +++ b/makefu/2configs/binary-cache/lass.nix @@ -0,0 +1,12 @@ +{ config, ... }: + +{ + nix = { + binaryCaches = [ + "http://cache.prism.r" + ]; + binaryCachePublicKeys = [ + "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + ]; + }; +} diff --git a/makefu/2configs/binary-cache/nixos.nix b/makefu/2configs/binary-cache/nixos.nix new file mode 100644 index 000000000..2ff5e1307 --- /dev/null +++ b/makefu/2configs/binary-cache/nixos.nix @@ -0,0 +1,12 @@ +{ config, ... }: + +{ + nix = { + binaryCaches = [ + "https://cache.nixos.org/" + ]; + binaryCachePublicKeys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + ]; + }; +} diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index c40256db3..acd34b0d3 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -2,8 +2,6 @@ with config.krebs.lib; { - system.stateVersion = "15.09"; - imports = [ { users.extraUsers = @@ -11,6 +9,8 @@ with config.krebs.lib; (import ); } ./vim.nix + ./binary-cache/nixos.nix + ./binary-cache/lass.nix ]; nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); -- cgit v1.2.3