diff options
author | tv <tv@krebsco.de> | 2016-02-04 01:31:21 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2016-02-04 01:31:21 +0100 |
commit | e2a922dd7d2ab1f3e24a5d54c641c9ce6f51865d (patch) | |
tree | 361d2db5f8226a5b9d6aea80e9b7e55a7a845bed /makefu/1systems | |
parent | 48381bd8dd9607d54a936c644964ab5bac90e4a9 (diff) | |
parent | b38a821c31de84af6567073bd65ac76c5fc02b5d (diff) |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/1systems')
-rw-r--r-- | makefu/1systems/gum.nix | 5 | ||||
-rw-r--r-- | makefu/1systems/omo.nix | 55 | ||||
-rw-r--r-- | makefu/1systems/pornocauster.nix | 5 | ||||
-rw-r--r-- | makefu/1systems/vbob.nix | 19 | ||||
-rw-r--r-- | makefu/1systems/wbob.nix | 19 |
5 files changed, 88 insertions, 15 deletions
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 1907424ec..ac7524506 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -21,7 +21,7 @@ in { ]; - + services.smartd.devices = [ { device = "/dev/sda";} ]; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; ###### stable @@ -32,6 +32,9 @@ in { ListenAddress = ${external-ip} 655 ListenAddress = ${external-ip} 21031 ''; + krebs.nginx.servers.cgit.server-names = [ + "cgit.euer.krebsco.de" + ]; # Chat environment.systemPackages = with pkgs;[ diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e19205a95..19183fea8 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -27,10 +27,56 @@ in { ../2configs/exim-retiolum.nix ../2configs/smart-monitor.nix ../2configs/mail-client.nix + ../2configs/share-user-sftp.nix + ../2configs/nginx/omo-share.nix ../3modules ]; - krebs.build.host = config.krebs.hosts.omo; + networking.firewall.trustedInterfaces = [ "enp3s0" ]; + # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net + # tcp:80 - nginx for sharing files + # tcp:655 udp:655 - tinc + # tcp:8080 - sabnzbd + networking.firewall.allowedUDPPorts = [ 655 ]; + networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; + + # services.openssh.allowSFTP = false; + krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; + + # samba share /media/crypt1/share + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/var/empty"; + }; + services.samba = { + enable = true; + shares = { + winshare = { + path = "/media/crypt1/share"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; + + # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/ + services.sabnzbd.enable = true; + systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + + # HDD Array stuff services.smartd.devices = builtins.map (x: { device = x; }) allDisks; + makefu.snapraid = let toMapper = id: "/media/crypt${builtins.toString id}"; in { @@ -38,7 +84,6 @@ in { disks = map toMapper [ 0 1 ]; parity = toMapper 2; }; - # AMD E350 fileSystems = let cryptMount = name: { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; @@ -56,6 +101,8 @@ in { ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} ${pkgs.hdparm}/sbin/hdparm -y ${disk} '') allDisks); + + # crypto unlocking boot = { initrd.luks = { devices = let @@ -86,11 +133,11 @@ in { extraModulePackages = [ ]; }; - networking.firewall.allowedUDPPorts = [ 655 ]; hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; - #zramSwap.enable = true; + zramSwap.enable = true; zramSwap.numDevices = 2; + krebs.build.host = config.krebs.hosts.omo; } diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 690e26b36..d7fa8edc5 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -35,12 +35,14 @@ # ../2configs/mediawiki.nix #../2configs/wordpress.nix ]; + hardware.sane.enable = true; + hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; krebs.Reaktor = { - enable = true; + enable = false; nickname = "makefu|r"; plugins = with pkgs.ReaktorPlugins; [ nixos-version random-emoji ]; }; @@ -59,6 +61,7 @@ hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" '' ${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"} load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"''; + networking.firewall.enable = false; networking.firewall.allowedTCPPorts = [ 25 ]; diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index b8c02cb67..d95362919 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -2,9 +2,7 @@ # # { lib, config, pkgs, ... }: -let - pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; -in { +{ krebs.build.host = config.krebs.hosts.vbob; krebs.build.target = "root@10.10.10.220"; imports = @@ -15,14 +13,13 @@ in { # environment ]; + nixpkgs.config.allowUnfree = true; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; - buildbot = pkgs-unst.buildbot; - buildbot-slave = pkgs-unst.buildbot-slave; }; makefu.buildbot.master = { - enable = true; + enable = false; irc = { enable = true; server = "cd.retiolum"; @@ -30,8 +27,9 @@ in { allowForce = true; }; }; + # services.logstash.enable = true; makefu.buildbot.slave = { - enable = true; + enable = false; masterhost = "localhost"; username = "testslave"; password = "krebspass"; @@ -41,8 +39,8 @@ in { krebs.build.source.git.nixpkgs = { #url = https://github.com/nixos/nixpkgs; - # HTTP Everywhere - rev = "a3974e"; + # HTTP Everywhere + libredir + rev = "8239ac6"; }; fileSystems."/nix" = { device ="/dev/disk/by-label/nixstore"; @@ -56,9 +54,12 @@ in { }; }; environment.systemPackages = with pkgs;[ + fortclientsslvpn buildbot buildbot-slave get + genid + logstash ]; networking.firewall.allowedTCPPorts = [ diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix new file mode 100644 index 000000000..d6916f006 --- /dev/null +++ b/makefu/1systems/wbob.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: +{ + imports = + [ # Include the results of the hardware scan. + ../2configs/main-laptop.nix + ]; + krebs = { + enable = true; + retiolum.enable = true; + build.host = config.krebs.hosts.wbob; + }; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" ]; + boot.kernelModules = [ "kvm-intel" ]; + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; +} |