summaryrefslogtreecommitdiffstats
path: root/makefu/1systems
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-02-04 01:31:21 +0100
committertv <tv@krebsco.de>2016-02-04 01:31:21 +0100
commite2a922dd7d2ab1f3e24a5d54c641c9ce6f51865d (patch)
tree361d2db5f8226a5b9d6aea80e9b7e55a7a845bed /makefu/1systems
parent48381bd8dd9607d54a936c644964ab5bac90e4a9 (diff)
parentb38a821c31de84af6567073bd65ac76c5fc02b5d (diff)
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/1systems')
-rw-r--r--makefu/1systems/gum.nix5
-rw-r--r--makefu/1systems/omo.nix55
-rw-r--r--makefu/1systems/pornocauster.nix5
-rw-r--r--makefu/1systems/vbob.nix19
-rw-r--r--makefu/1systems/wbob.nix19
5 files changed, 88 insertions, 15 deletions
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 1907424ec..ac7524506 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -21,7 +21,7 @@ in {
];
-
+ services.smartd.devices = [ { device = "/dev/sda";} ];
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
###### stable
@@ -32,6 +32,9 @@ in {
ListenAddress = ${external-ip} 655
ListenAddress = ${external-ip} 21031
'';
+ krebs.nginx.servers.cgit.server-names = [
+ "cgit.euer.krebsco.de"
+ ];
# Chat
environment.systemPackages = with pkgs;[
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index e19205a95..19183fea8 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -27,10 +27,56 @@ in {
../2configs/exim-retiolum.nix
../2configs/smart-monitor.nix
../2configs/mail-client.nix
+ ../2configs/share-user-sftp.nix
+ ../2configs/nginx/omo-share.nix
../3modules
];
- krebs.build.host = config.krebs.hosts.omo;
+ networking.firewall.trustedInterfaces = [ "enp3s0" ];
+ # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
+ # tcp:80 - nginx for sharing files
+ # tcp:655 udp:655 - tinc
+ # tcp:8080 - sabnzbd
+ networking.firewall.allowedUDPPorts = [ 655 ];
+ networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
+
+ # services.openssh.allowSFTP = false;
+ krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
+
+ # samba share /media/crypt1/share
+ users.users.smbguest = {
+ name = "smbguest";
+ uid = config.ids.uids.smbguest;
+ description = "smb guest user";
+ home = "/var/empty";
+ };
+ services.samba = {
+ enable = true;
+ shares = {
+ winshare = {
+ path = "/media/crypt1/share";
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ };
+ extraConfig = ''
+ guest account = smbguest
+ map to guest = bad user
+ # disable printing
+ load printers = no
+ printing = bsd
+ printcap name = /dev/null
+ disable spoolss = yes
+ '';
+ };
+
+ # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
+ services.sabnzbd.enable = true;
+ systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+
+ # HDD Array stuff
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
+
makefu.snapraid = let
toMapper = id: "/media/crypt${builtins.toString id}";
in {
@@ -38,7 +84,6 @@ in {
disks = map toMapper [ 0 1 ];
parity = toMapper 2;
};
- # AMD E350
fileSystems = let
cryptMount = name:
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
@@ -56,6 +101,8 @@ in {
${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
${pkgs.hdparm}/sbin/hdparm -y ${disk}
'') allDisks);
+
+ # crypto unlocking
boot = {
initrd.luks = {
devices = let
@@ -86,11 +133,11 @@ in {
extraModulePackages = [ ];
};
- networking.firewall.allowedUDPPorts = [ 655 ];
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
- #zramSwap.enable = true;
+ zramSwap.enable = true;
zramSwap.numDevices = 2;
+ krebs.build.host = config.krebs.hosts.omo;
}
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 690e26b36..d7fa8edc5 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -35,12 +35,14 @@
# ../2configs/mediawiki.nix
#../2configs/wordpress.nix
];
+ hardware.sane.enable = true;
+ hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ];
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
krebs.Reaktor = {
- enable = true;
+ enable = false;
nickname = "makefu|r";
plugins = with pkgs.ReaktorPlugins; [ nixos-version random-emoji ];
};
@@ -59,6 +61,7 @@
hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"}
load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"'';
+ networking.firewall.enable = false;
networking.firewall.allowedTCPPorts = [
25
];
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index b8c02cb67..d95362919 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -2,9 +2,7 @@
#
#
{ lib, config, pkgs, ... }:
-let
- pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
-in {
+{
krebs.build.host = config.krebs.hosts.vbob;
krebs.build.target = "root@10.10.10.220";
imports =
@@ -15,14 +13,13 @@ in {
# environment
];
+ nixpkgs.config.allowUnfree = true;
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
- buildbot = pkgs-unst.buildbot;
- buildbot-slave = pkgs-unst.buildbot-slave;
};
makefu.buildbot.master = {
- enable = true;
+ enable = false;
irc = {
enable = true;
server = "cd.retiolum";
@@ -30,8 +27,9 @@ in {
allowForce = true;
};
};
+ # services.logstash.enable = true;
makefu.buildbot.slave = {
- enable = true;
+ enable = false;
masterhost = "localhost";
username = "testslave";
password = "krebspass";
@@ -41,8 +39,8 @@ in {
krebs.build.source.git.nixpkgs = {
#url = https://github.com/nixos/nixpkgs;
- # HTTP Everywhere
- rev = "a3974e";
+ # HTTP Everywhere + libredir
+ rev = "8239ac6";
};
fileSystems."/nix" = {
device ="/dev/disk/by-label/nixstore";
@@ -56,9 +54,12 @@ in {
};
};
environment.systemPackages = with pkgs;[
+ fortclientsslvpn
buildbot
buildbot-slave
get
+ genid
+ logstash
];
networking.firewall.allowedTCPPorts = [
diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix
new file mode 100644
index 000000000..d6916f006
--- /dev/null
+++ b/makefu/1systems/wbob.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ../2configs/main-laptop.nix
+ ];
+ krebs = {
+ enable = true;
+ retiolum.enable = true;
+ build.host = config.krebs.hosts.wbob;
+ };
+ boot.loader.grub.device = "/dev/sda";
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ fileSystems."/" = {
+ device = "/dev/sda1";
+ fsType = "ext4";
+ };
+}