summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-08-29 01:38:45 +0200
committertv <tv@krebsco.de>2018-08-29 01:38:45 +0200
commit000f2a7c9123fcd4b110c6c220570758d556c837 (patch)
tree8464e80b13adce3b5958ad6e9bcebc8a4f559cd9 /makefu
parent16ad5fb0a835a1022656253ae838e83fa024e692 (diff)
parent413e0689acd4f6b322f9996950927ebd41d0e58c (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu')
-rw-r--r--makefu/1systems/nextgum/config.nix3
-rw-r--r--makefu/1systems/nextgum/hardware-config.nix14
-rw-r--r--makefu/1systems/wbob/config.nix16
-rw-r--r--makefu/1systems/x/config.nix7
-rw-r--r--makefu/2configs/binary-cache/server.nix31
-rw-r--r--makefu/2configs/deployment/bureautomation/hass.nix158
-rw-r--r--makefu/2configs/deployment/bureautomation/home.nix67
-rw-r--r--makefu/2configs/deployment/events-publisher/default.nix48
-rw-r--r--makefu/2configs/deployment/owncloud.nix10
-rw-r--r--makefu/2configs/hw/mceusb.nix17
-rw-r--r--makefu/2configs/hw/network-manager.nix14
-rw-r--r--makefu/2configs/hw/stk1160.nix17
-rw-r--r--makefu/2configs/nginx/gold.krebsco.de.nix24
-rw-r--r--makefu/2configs/nur.nix7
-rw-r--r--makefu/2configs/stats/client.nix1
-rw-r--r--makefu/2configs/task-client.nix2
-rw-r--r--makefu/2configs/tools/core-gui.nix4
-rw-r--r--makefu/2configs/tools/desktop.nix2
-rw-r--r--makefu/2configs/tools/extra-gui.nix2
-rw-r--r--makefu/2configs/tools/media.nix2
-rw-r--r--makefu/2configs/tools/sec.nix2
-rw-r--r--makefu/2configs/torrent.nix18
-rw-r--r--makefu/5pkgs/awesomecfg/default.nix7
-rw-r--r--makefu/5pkgs/awesomecfg/full.cfg14
-rw-r--r--makefu/source.nix3
25 files changed, 389 insertions, 101 deletions
diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix
index 93171d23a..9761546e7 100644
--- a/makefu/1systems/nextgum/config.nix
+++ b/makefu/1systems/nextgum/config.nix
@@ -49,6 +49,7 @@ in {
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix>
+ <stockholm/makefu/2configs/binary-cache/server.nix>
<stockholm/makefu/2configs/iodined.nix>
## buildbot
@@ -69,6 +70,8 @@ in {
#<stockholm/makefu/2configs/nginx/public_html.nix>
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
#<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
+ <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
+ <stockholm/makefu/2configs/deployment/events-publisher>
#<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
#<stockholm/makefu/2configs/deployment/graphs.nix>
diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix
index 36fea6544..944210701 100644
--- a/makefu/1systems/nextgum/hardware-config.nix
+++ b/makefu/1systems/nextgum/hardware-config.nix
@@ -45,12 +45,20 @@ in {
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
- boot.kernelModules = [ "kvm-intel" ];
+ boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
device = "/dev/mapper/nixos-root";
fsType = "ext4";
};
+ fileSystems."/var/lib" = {
+ device = "/dev/mapper/nixos-lib";
+ fsType = "ext4";
+ };
+ fileSystems."/var/download" = {
+ device = "/dev/mapper/nixos-download";
+ fsType = "ext4";
+ };
fileSystems."/boot" = {
device = "/dev/sda2";
fsType = "vfat";
@@ -69,7 +77,9 @@ in {
#pvcreate /dev/sda3
#pvcreate /dev/sdb1
#vgcreate nixos /dev/sda3 /dev/sdb1
- #lvcreate -L 120G -n root nixos
+ #lvcreate -L 120G -m 1 -n root nixos
+ #lvcreate -L 50G -m 1 -n lib nixos
+ #lvcreate -L 50G -n download nixos
#mkfs.ext4 /dev/mapper/nixos-root
#mount /dev/mapper/nixos-root /mnt
#mkdir /mnt/boot
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index df317a016..9d8a91e6d 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -39,20 +39,27 @@ in {
# Sensors
<stockholm/makefu/2configs/stats/telegraf>
- <stockholm/makefu/2configs/deployment/led-fader.nix>
- <stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
+ <stockholm/makefu/2configs/stats/telegraf/europastats.nix>
+ <stockholm/makefu/2configs/stats/external/aralast.nix>
+ <stockholm/makefu/2configs/stats/arafetch.nix>
+ <stockholm/makefu/2configs/deployment/led-fader.nix>
+ <stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
+
+
<stockholm/makefu/2configs/deployment/bureautomation>
+ <stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
(let
collectd-port = 25826;
influx-port = 8086;
+ admin-port = 8083;
grafana-port = 3000; # TODO nginx forward
db = "collectd_db";
logging-interface = "enp0s25";
in {
- networking.firewall.allowedTCPPorts = [ 3000 ];
+ networking.firewall.allowedTCPPorts = [ 3000 influx-port admin-port ];
services.grafana.enable = true;
services.grafana.addr = "0.0.0.0";
@@ -61,7 +68,7 @@ in {
meta.hostname = config.krebs.build.host.name;
# meta.logging-enabled = true;
http.bind-address = ":${toString influx-port}";
- admin.bind-address = ":8083";
+ admin.bind-address = ":${toString admin-port}";
collectd = [{
enabled = true;
typesdb = "${pkgs.collectd}/share/collectd/types.db";
@@ -125,7 +132,6 @@ in {
networking.firewall.allowedTCPPorts = [
655
8081 #smokeping
- 8086 #influx
49152
];
networking.firewall.trustedInterfaces = [ "enp0s25" ];
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 451689f91..e5b481ab6 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -8,6 +8,7 @@ with import <stockholm/lib>;
imports =
[ # base
<stockholm/makefu>
+ <stockholm/makefu/2configs/nur.nix>
<stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
@@ -54,7 +55,6 @@ with import <stockholm/lib>;
internalInterfaces = [ "vboxnet0" ];
};
}
-
# Services
<stockholm/makefu/2configs/git/brain-retiolum.nix>
<stockholm/makefu/2configs/tor.nix>
@@ -64,6 +64,7 @@ with import <stockholm/lib>;
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
+ <stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/hw/tpm.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
@@ -125,7 +126,7 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.x;
- krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
+ krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" "nextgum" ];
networking.extraHosts = ''
192.168.1.11 omo.local
@@ -133,6 +134,8 @@ with import <stockholm/lib>;
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
+ # avoid full boot dir
+ boot.loader.grub.configurationLimit = 3;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
nixpkgs.overlays = [ (import <python/overlay.nix>) ];
diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix
new file mode 100644
index 000000000..ad6256830
--- /dev/null
+++ b/makefu/2configs/binary-cache/server.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ...}:
+
+{
+ # generate private key with:
+ # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub
+ services.nix-serve = {
+ enable = true;
+ secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+ };
+
+ systemd.services.nix-serve = {
+ requires = ["secret.service"];
+ after = ["secret.service"];
+ };
+ krebs.secret.files.nix-serve-key = {
+ path = "/run/secret/nix-serve.key";
+ owner.name = "nix-serve";
+ source-path = toString <secrets> + "/nix-serve.key";
+ };
+ services.nginx = {
+ enable = true;
+ virtualHosts.nix-serve = {
+ serverAliases = [ "cache.gum.r"
+ "cache.euer.krebsco.de"
+ "cache.gum.krebsco.de"
+ ];
+ locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
+ };
+ };
+}
+
diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix
index b62f37bdb..d5793f886 100644
--- a/makefu/2configs/deployment/bureautomation/hass.nix
+++ b/makefu/2configs/deployment/bureautomation/hass.nix
@@ -1,75 +1,125 @@
{ pkgs, lib, ... }:
let
- firetv = "192.168.1.238";
+ tasmota_plug = name: topic: {
+ platform = "mqtt";
+ inherit name;
+ state_topic = "/bam/${topic}/stat/POWER";
+ command_topic = "/bam/${topic}/cmnd/POWER";
+ availability_topic = "/bam/${topic}/tele/LWT";
+ qos = 1;
+ payload_on= "ON";
+ payload_off= "OFF";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ retain= false;
+ };
+ espeasy_dht22 = name: [
+ {
+ platform = "mqtt";
+ device_class = "temperature";
+ state_topic = "/bam/${name}/dht22/Temperature";
+ availability_topic = "/bam/${name}/status/LWT";
+ payload_available = "Connected";
+ payload_not_available = "Connection Lost";
+ }
+ {
+ platform = "mqtt";
+ device_class = "humidity";
+ state_topic = "/bam/${name}/dht22/Temperature";
+ unit_of_measurement = "C";
+ availability_topic = "/bam/${name}/status/LWT";
+ payload_available = "Connected";
+ payload_not_available = "Connection Lost";
+ }];
+ espeasy_ds18 = name: [
+ {
+ platform = "mqtt";
+ device_class = "temperature";
+ state_topic = "/bam/${name}/ds18/Temperature";
+ availability_topic = "/bam/${name}/status/LWT";
+ payload_available = "Connected";
+ payload_not_available = "Connection Lost";
+ }
+ ];
in {
- imports = [
- <nixpkgs-unstable/nixos/modules/services/misc/home-assistant.nix>
+
+ nixpkgs.config.permittedInsecurePackages = [
+ "homeassistant-0.65.5"
];
- systemd.services.firetv = {
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- User = "nobody";
- ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
- };
- };
- nixpkgs.config.packageOverrides = oldpkgs: {
- home-assistant = (import <nixpkgs-unstable> {}).home-assistant;
- };
- ids.uids.hass = 286;
- ids.gids.hass = 286;
+
services.home-assistant = {
- #panel_iframe:
- #configurator:
- # title: Configurator
- # icon: mdi:wrench
- # url: http://hassio.local:3218
- # sensor:
- # - platform: random
enable = true;
config = {
homeassistant = {
name = "Bureautomation";
time_zone = "Europe/Berlin";
};
- panel_iframe = {
- euer_blog = {
- title = "Euer Blog";
- icon = "mdi:wrench";
- url = "https://euer.krebsco.de";
+
+ mqtt = {
+ broker = "localhost";
+ port = 1883;
+ client_id = "home-assistant";
+ keepalive = 60;
+ protocol = 3.1;
+ birth_message = {
+ topic = "/bam/hass/tele/LWT";
+ payload = "Online";
+ qos = 1;
+ retain = true;
+ };
+ will_message = {
+ topic = "/bam/hass/tele/LWT";
+ payload = "Offline";
+ qos = 1;
+ retain = true;
};
};
- media_player = [
- { platform = "kodi";
- host = firetv;
- }
- { platform = "firetv";
- # assumes python-firetv running
- }
+ switch = [
+ (tasmota_plug "Bauarbeiterlampe" "plug")
+ (tasmota_plug "Blitzdings" "plug2")
+ (tasmota_plug "Fernseher" "plug3")
+ (tasmota_plug "Pluggy" "plug4")
];
- sensor = [
- {
- platform = "luftdaten";
- name = "Shack 1";
- sensorid = "50";
- monitored_conditions = [ "P1" "P2" ];
- }
- {
- platform = "luftdaten";
- name = "Shack 2";
- sensorid = "658";
- monitored_conditions = [ "P1" "P2" ];
- }
- {
- platform = "luftdaten";
- name = "Ditzingen";
- sensorid = "5341";
- monitored_conditions = [ "P1" "P2" ];
+ binary_sensor = [
+ { # esp_easy
+ platform = "mqtt";
+ device_class = "motion";
+ state_topic = "/bam/easy2/movement/Switch";
+ payload_on = "1";
+ payload_off = "0";
+ availability_topic = "/bam/easy2/status/LWT";
+ payload_available = "Connected";
+ payload_not_available = "Connection Lost";
}
- { platform = "random"; }
];
+ sensor =
+ (espeasy_dht22 "easy2") ++
+ [ (espeasy_ds18 "easy3" )
+ { platform = "luftdaten";
+ name = "Ditzingen";
+ sensorid = "5341";
+ monitored_conditions = [ "P1" "P2" ];
+ }
+ { platform = "influxdb";
+ queries = [
+ { name = "mean value of feinstaub P1";
+ where = '' "node" = 'esp8266-1355142' '';
+ measurement = "feinstaub";
+ database = "telegraf";
+ field = "P1";
+ }
+ { name = "mean value of feinstaub P2";
+ where = '' "node" = 'esp8266-1355142' '';
+ measurement = "feinstaub";
+ database = "telegraf";
+ field = "P2";
+ }
+ ];
+ }
+ ];
frontend = { };
http = { };
- feedreader.urls = [ "https://nixos.org/blogs.xml" ];
+ feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
};
};
}
diff --git a/makefu/2configs/deployment/bureautomation/home.nix b/makefu/2configs/deployment/bureautomation/home.nix
new file mode 100644
index 000000000..28edb6af2
--- /dev/null
+++ b/makefu/2configs/deployment/bureautomation/home.nix
@@ -0,0 +1,67 @@
+{ pkgs, lib, ... }:
+let
+ firetv = "192.168.1.238";
+in {
+ systemd.services.firetv = {
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = "nobody";
+ ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
+ };
+ };
+ services.home-assistant = {
+ #panel_iframe:
+ #configurator:
+ # title: Configurator
+ # icon: mdi:wrench
+ # url: http://hassio.local:3218
+ # sensor:
+ # - platform: random
+ enable = true;
+ config = {
+ homeassistant = {
+ name = "Bureautomation";
+ time_zone = "Europe/Berlin";
+ };
+ panel_iframe = {
+ euer_blog = {
+ title = "Euer Blog";
+ icon = "mdi:wrench";
+ url = "https://euer.krebsco.de";
+ };
+ };
+ media_player = [
+ { platform = "kodi";
+ host = firetv;
+ }
+ { platform = "firetv";
+ # assumes python-firetv running
+ }
+ ];
+ sensor = [
+ {
+ platform = "luftdaten";
+ name = "Shack 1";
+ sensorid = "50";
+ monitored_conditions = [ "P1" "P2" ];
+ }
+ {
+ platform = "luftdaten";
+ name = "Shack 2";
+ sensorid = "658";
+ monitored_conditions = [ "P1" "P2" ];
+ }
+ {
+ platform = "luftdaten";
+ name = "Ditzingen";
+ sensorid = "5341";
+ monitored_conditions = [ "P1" "P2" ];
+ }
+ { platform = "random"; }
+ ];
+ frontend = { };
+ http = { };
+ feedreader.urls = [ "https://nixos.org/blogs.xml" ];
+ };
+ };
+}
diff --git a/makefu/2configs/deployment/events-publisher/default.nix b/makefu/2configs/deployment/events-publisher/default.nix
new file mode 100644
index 000000000..c671b1a0b
--- /dev/null
+++ b/makefu/2configs/deployment/events-publisher/default.nix
@@ -0,0 +1,48 @@
+{ pkgs, ... }:
+with import <stockholm/lib>;
+let
+ shack-announce = pkgs.callPackage (builtins.fetchTarball {
+ url = "https://github.com/makefu/events-publisher/archive/5e7b083c63f25182a02c1fddb3d32cb9534fbc50.tar.gz";
+ sha256 = "1zzlhyj8fr6y3a3b6qlyrm474xxxs1ydqjpkd2jva3g1lnzlmvkp";
+ }) {} ;
+ home = "/var/lib/shackannounce";
+ user = "shackannounce";
+ creds = (toString <secrets>) + "/shack-announce.json";
+in
+{
+ users.users.${user}= {
+ uid = genid user;
+ inherit home;
+ createHome = true;
+ };
+ systemd.services.shack-announce = {
+ description = "Announce shack events";
+ startAt = "*:0/30";
+ path = [ shack-announce ];
+ serviceConfig = {
+ WorkingDirectory = home;
+ User = user;
+ PermissionsStartOnly = true;
+ ExecStartPre = pkgs.writeDash "shack-announce-pre" ''
+ set -eu
+ cp ${creds} creds.json
+ chown ${user} creds.json
+ '';
+ ExecStart = pkgs.writeDash "shack-announce" ''
+ if test ! -e announce.state; then
+ echo "initializing state"
+ announce-daemon \
+ --lol INFO \
+ --creds creds.json \
+ --state announce.state \
+ --clean --init
+ fi
+ echo "Running announce"
+ announce-daemon \
+ --lol INFO \
+ --creds creds.json \
+ --state announce.state
+ '';
+ };
+ };
+}
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index e9d4b18e0..cfde0aba8 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -108,7 +108,6 @@ let
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Optional: Don't log access to assets
@@ -144,6 +143,8 @@ let
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
+ opcache.file_cache = .opcache
+ zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
display_errors = on
display_startup_errors = on
@@ -155,6 +156,13 @@ let
extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
'';
+ systemd.services."nextcloud-cron-${domain}" = {
+ serviceConfig = {
+ User = "nginx";
+ ExecStart = "${pkgs.php}/bin/php -f ${root}/cron.php";
+ };
+ startAt = "*:0/15";
+ };
};
in {
imports = [
diff --git a/makefu/2configs/hw/mceusb.nix b/makefu/2configs/hw/mceusb.nix
new file mode 100644
index 000000000..069e6e7eb
--- /dev/null
+++ b/makefu/2configs/hw/mceusb.nix
@@ -0,0 +1,17 @@
+{pkgs, lib, ...}:{
+ # Disable the MCE remote from acting like a keyboard. (We use lirc instead.)
+ services.xserver.inputClassSections = [''
+ Identifier "MCE USB Keyboard mimic blacklist"
+ Driver "mceusb"
+ MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)"
+ Option "Ignore" "on"
+ ''];
+ boot.kernelPatches = lib.singleton {
+ name = "enable-lirc";
+ patch = null;
+ extraConfig = ''
+ LIRC y
+ '';
+ };
+
+}
diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix
index d322c683d..ffc32e0cb 100644
--- a/makefu/2configs/hw/network-manager.nix
+++ b/makefu/2configs/hw/network-manager.nix
@@ -22,15 +22,9 @@
};
networking.networkmanager.enable = true;
- # TODO: put somewhere else
- services.xserver.displayManager.sessionCommands = ''
- ${pkgs.clipit}/bin/clipit &
- ${pkgs.networkmanagerapplet}/bin/nm-applet &
- '';
-
# nixOSUnstable
-# networking.networkmanager.wifi = {
-# powersave = true;
-# scanRandMacAddress = true;
-# };
+ networking.networkmanager.wifi = {
+ powersave = true;
+ scanRandMacAddress = true;
+ };
}
diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix
index 4ac639a25..735cb4c17 100644
--- a/makefu/2configs/hw/stk1160.nix
+++ b/makefu/2configs/hw/stk1160.nix
@@ -1,13 +1,12 @@
{ pkgs, lib, ... }:
{
- # TODO: un-pin linuxPackages somehow
- nixpkgs.config.packageOverrides = pkgs: {
- linux_4_14 = pkgs.linux_4_14.override {
- extraConfig = ''
- MEDIA_ANALOG_TV_SUPPORT y
- VIDEO_STK1160_COMMON m
- VIDEO_STK1160 m
- '';
- };
+ boot.kernelPatches = lib.singleton {
+ name = "enable-stk1160";
+ patch = null;
+ extraConfig = ''
+ MEDIA_ANALOG_TV_SUPPORT y
+ VIDEO_STK1160_COMMON m
+ VIDEO_STK1160 m
+ '';
};
}
diff --git a/makefu/2configs/nginx/gold.krebsco.de.nix b/makefu/2configs/nginx/gold.krebsco.de.nix
new file mode 100644
index 000000000..083c0f8d7
--- /dev/null
+++ b/makefu/2configs/nginx/gold.krebsco.de.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ gold = pkgs.fetchFromGitHub {
+ owner = "krebs";
+ repo = "krebsgold";
+ rev = "15f7a74";
+ sha256= "1ya9xgg640k3hbl63022sfm44c1si2mxch8jkxindmwg4pa1y4ly";
+ };
+in {
+
+ services.nginx = {
+ enable = mkDefault true;
+ virtualHosts = {
+ "gold.krebsco.de" = {
+ enableACME = true;
+ forceSSL = true;
+ root = toString gold + "/html";
+ };
+ };
+ };
+}
+
diff --git a/makefu/2configs/nur.nix b/makefu/2configs/nur.nix
new file mode 100644
index 000000000..dda00063a
--- /dev/null
+++ b/makefu/2configs/nur.nix
@@ -0,0 +1,7 @@
+{ pkgs, ... }:{
+ nixpkgs.config.packageOverrides = pkgs: {
+ nur = pkgs.callPackage (import (builtins.fetchGit {
+ url = "https://github.com/nix-community/NUR";
+ })) {};
+ };
+}
diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/client.nix
index dd6ddddaf..cfb5e3fd2 100644
--- a/makefu/2configs/stats/client.nix
+++ b/makefu/2configs/stats/client.nix
@@ -31,6 +31,7 @@
FSType "tmpfs"
FSType "binfmt_misc"
FSType "debugfs"
+ FSType "tracefs"
FSType "mqueue"
FSType "hugetlbfs"
FSType "systemd-1"
diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix
index 330616f4a..470193d6c 100644
--- a/makefu/2configs/task-client.nix
+++ b/makefu/2configs/task-client.nix
@@ -1,6 +1,6 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = [
+ users.users.makefu.packages = [
pkgs.taskwarrior
];
diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix
index 898bae10d..1e85da53c 100644
--- a/makefu/2configs/tools/core-gui.nix
+++ b/makefu/2configs/tools/core-gui.nix
@@ -1,10 +1,10 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = with pkgs; [
+ users.users.makefu.packages = with pkgs; [
chromium
- clipit
feh
+ clipit
firefox
keepassx
pcmanfm
diff --git a/makefu/2configs/tools/desktop.nix b/makefu/2configs/tools/desktop.nix
index 1fe03e111..bb14c3eb5 100644
--- a/makefu/2configs/tools/desktop.nix
+++ b/makefu/2configs/tools/desktop.nix
@@ -4,8 +4,10 @@
users.users.makefu.packages = with pkgs; [
taskwarrior
pass
+ gopass
mutt
weechat
tmux
];
+
}
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index e25290297..ae97edd54 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -1,7 +1,7 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = with pkgs;[
+ users.users.makefu.packages = with pkgs;[
# media
gimp
inkscape
diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix
index 4de2b545e..35faaa29f 100644
--- a/makefu/2configs/tools/media.nix
+++ b/makefu/2configs/tools/media.nix
@@ -1,7 +1,7 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = with pkgs; [
+ users.users.makefu.packages = with pkgs; [
kodi
streamripper
youtube-dl
diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix
index 3dc02937d..17a980ef7 100644
--- a/makefu/2configs/tools/sec.nix
+++ b/makefu/2configs/tools/sec.nix
@@ -1,7 +1,7 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = with pkgs; [
+ users.users.makefu.packages = with pkgs; [
aria2
# mitmproxy
pythonPackages.binwalk-full
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
index a076479c2..3df0ddbfe 100644
--- a/makefu/2configs/torrent.nix
+++ b/makefu/2configs/torrent.nix
@@ -8,13 +8,13 @@ let
peer-port = 51412;
web-port = 8112;
daemon-port = 58846;
- torrent-dir = config.makefu.dl-dir;
+ base-dir = config.makefu.dl-dir;
in {
users.users = {
download = {
name = "download";
- home = torrent-dir;
+ home = base-dir;
uid = mkDefault (genid "download");
createHome = true;
useDefaultShell = true;
@@ -25,10 +25,12 @@ in {
# todo: race condition, do this after download user has been created
system.activationScripts."download-dir-chmod" = ''
- for i in finished watch torrents; do
- mkdir -p "${torrent-dir}/$i"
- chown download:download "${torrent-dir}/$i"
- chmod 770 "${torrent-dir}/$i"
+ for i in finished watch; do
+ if test ! -d $i;then
+ mkdir -p "${base-dir}/$i"
+ chown rtorrent:download "${base-dir}/$i"
+ chmod 775 "${base-dir}/$i"
+ fi
done
'';
@@ -42,6 +44,7 @@ in {
"nginx"
];
};
+ rtorrent.members = [ "download" ];
};
krebs.rtorrent = {
@@ -54,7 +57,8 @@ in {
rutorrent.enable = true;
enableXMLRPC = true;
listenPort = peer-port;
- workDir = torrent-dir;
+ downloadDir = base-dir + "/finished";
+ watchDir = base-dir + "/watch";
# dump old torrents into watch folder to have them re-added
};