diff options
| -rw-r--r-- | krebs/1systems/wolf/config.nix | 10 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 4 | ||||
| -rw-r--r-- | krebs/3modules/rtorrent.nix | 4 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/internetarchive/default.nix | 38 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/slog/default.nix | 26 | ||||
| -rw-r--r-- | makefu/1systems/darth/config.nix | 41 | ||||
| -rw-r--r-- | makefu/1systems/gum/config.nix | 15 | ||||
| -rw-r--r-- | makefu/1systems/tsp/config.nix | 42 | ||||
| -rw-r--r-- | makefu/2configs/backup.nix | 13 | ||||
| -rw-r--r-- | makefu/2configs/lanparty/lancache-dns.nix | 21 | ||||
| -rw-r--r-- | makefu/2configs/lanparty/lancache.nix | 9 | ||||
| -rw-r--r-- | makefu/2configs/lanparty/mumble-server.nix | 12 | ||||
| -rw-r--r-- | makefu/2configs/lanparty/samba.nix | 9 | ||||
| -rw-r--r-- | makefu/2configs/tools/core.nix | 29 | ||||
| -rw-r--r-- | makefu/2configs/tools/sec.nix | 2 | ||||
| -rw-r--r-- | makefu/5pkgs/default.nix | 5 | ||||
| -rw-r--r-- | makefu/5pkgs/u3_tool/default.nix | 22 | ||||
| -rw-r--r-- | makefu/source.nix | 9 |
18 files changed, 221 insertions, 90 deletions
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 21ae20ea0..4d0c0ffa5 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -26,9 +26,13 @@ in <stockholm/krebs/2configs/shack/share.nix> { systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate - #systemd.services.telegraf.environment = { - # "MIBDIRS" : ""; # extra mibs like ADSL - #}; + systemd.services.telegraf.environment = { + MIBDIRS = pkgs.fetchgit { + url = "http://git.shackspace.de/makefu/modem-mibs.git"; + sha256 = + "a4244aa43ddd6e3ef9e64bb80f4ee952f68232aa008d3da9c78e3b627e5675c8"; + }; # extra mibs like ADSL + }; services.telegraf = { enable = true; extraConfig = { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 401cba97a..acd4184c0 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -545,8 +545,8 @@ with import <stockholm/lib>; }; nets = rec { internet = { - ip4.addr = "188.68.40.19"; - ip6.addr = "2a03:4000:17:2df::1"; + ip4.addr = "185.194.143.140"; + ip6.addr = "2a03:4000:1c:43f::1"; aliases = [ "gum.i" ]; diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index 472accef9..b7ef824b5 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -38,12 +38,12 @@ let ${optionalString (cfg.enableXMLRPC ) '' # prepare socket and set permissions. rtorrent user is part of group nginx # TODO: configure a shared torrent group - execute_nothrow = rm,${cfg.xmlrpc-socket} + execute.nothrow = rm,${cfg.xmlrpc-socket} scgi_local = ${cfg.xmlrpc-socket} schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"ug+w,o=\",${cfg.xmlrpc-socket}" ''} - system.file_allocate.set = ${if cfg.preAllocate then "yes" else "no"} + system.file.allocate.set = ${if cfg.preAllocate then "yes" else "no"} # Prepare systemd logging log.open_file = "rtorrent-systemd", ${systemd-logfile} diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix new file mode 100644 index 000000000..f5e1bbff3 --- /dev/null +++ b/krebs/5pkgs/simple/internetarchive/default.nix @@ -0,0 +1,38 @@ +{ pkgs, fetchFromGitHub, ... }: +with pkgs.python3Packages; +buildPythonPackage rec { + pname = "internetarchive"; + version = "1.7.3"; + name = "${pname}-${version}"; + propagatedBuildInputs = [ + requests + jsonpatch + docopt + clint + six + schema + backports_csv + ]; + +# check only works when cloned from git repo + doCheck = false; + checkInputs = [ + pytest + responses + ]; + + prePatch = '' + sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py + ''; + + src = fetchPypi { + inherit pname version; + sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g"; + }; + + meta = with stdenv.lib; { + description = "python library and cli for uploading files to internet archive"; + license = licenses.agpl3; + }; + +} diff --git a/krebs/5pkgs/simple/slog/default.nix b/krebs/5pkgs/simple/slog/default.nix new file mode 100644 index 000000000..c74a2ad80 --- /dev/null +++ b/krebs/5pkgs/simple/slog/default.nix @@ -0,0 +1,26 @@ +{ pkgs, stdenv, fetchFromGitHub }: + +## use with: +# . $(command -v slog.sh) +stdenv.mkDerivation rec { + name = "slog-${version}"; + version = "2017-10-27"; + + src = fetchFromGitHub { + owner = "makefu"; + repo = "slog"; + rev = "50367c3"; + sha256 = "16wlh8xz430101lrxmgl2wangbbhvyj4pg8k5aibnh76sgj6x77r"; + }; + + installPhase = '' + mkdir -p $out/bin + install -m755 slog.sh $out/bin + ''; + + meta = with stdenv.lib; { + description = "POSIX shell logging"; + license = licenses.mit; + }; + +} diff --git a/makefu/1systems/darth/config.nix b/makefu/1systems/darth/config.nix index 7accb13d3..046c1574c 100644 --- a/makefu/1systems/darth/config.nix +++ b/makefu/1systems/darth/config.nix @@ -2,6 +2,8 @@ with import <stockholm/lib>; let + # all the good stuff resides in /data + byid = dev: "/dev/disk/by-id/" + dev; rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN"; bootPart = rootDisk + "-part1"; @@ -21,44 +23,23 @@ in { <stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tools/core.nix> <stockholm/makefu/2configs/stats/client.nix> - <stockholm/makefu/2configs/nsupdate-data.nix> - - # SIEM - #<stockholm/makefu/2configs/tinc/siem.nix> - # {services.tinc.networks.siem = { - # name = "sdarth"; - # extraConfig = "ConnectTo = sjump"; - # }; - # } + # <stockholm/makefu/2configs/nsupdate-data.nix> - # { - # makefu.forward-journal = { - # enable = true; - # src = "10.8.10.2"; - # dst = "10.8.10.6"; - # }; - # } - - ## Sharing - # <stockholm/makefu/2configs/share/temp-share-samba.nix> - #{ - # services.samba.shares = { - # isos = { - # path = "/data/isos/"; - # "read only" = "yes"; - # browseable = "yes"; - # "guest ok" = "yes"; - # }; - # }; - #} <stockholm/makefu/2configs/share/anon-ftp.nix> + + # lan party + <stockholm/makefu/2configs/lanparty/lancache.nix> + <stockholm/makefu/2configs/lanparty/lancache-dns.nix> + <stockholm/makefu/2configs/lanparty/samba.nix> + <stockholm/makefu/2configs/lanparty/mumble-server.nix> + <stockholm/makefu/2configs/virtualisation/libvirt.nix> ]; #networking.firewall.enable = false; makefu.server.primary-itf = "enp0s25"; - krebs.hidden-ssh.enable = true; + # krebs.hidden-ssh.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index e769b1e22..667804bf0 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -2,16 +2,22 @@ with import <stockholm/lib>; let - external-mac = "3a:66:48:8e:82:b2"; + # hw-specific + external-mac = "2a:c5:6e:d2:fc:7f"; + main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + external-gw = "185.194.140.1"; + # single partition, label "nixos" + # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate + + + # static external-ip = config.krebs.build.host.nets.internet.ip4.addr; external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; - external-gw = "188.68.40.1"; external-gw6 = "fe80::1"; external-netmask = 22; external-netmask6 = 64; - ext-if = "et0"; # gets renamed on the fly internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + ext-if = "et0"; # gets renamed on the fly in { imports = [ <stockholm/makefu> @@ -19,6 +25,7 @@ in { <stockholm/makefu/2configs/headless.nix> <stockholm/makefu/2configs/fs/single-partition-ext4.nix> # <stockholm/makefu/2configs/smart-monitor.nix> + <stockholm/makefu/2configs/git/cgit-retiolum.nix> <stockholm/makefu/2configs/backup.nix> # <stockholm/makefu/2configs/mattermost-docker.nix> diff --git a/makefu/1systems/tsp/config.nix b/makefu/1systems/tsp/config.nix index 75a11d3a7..7b751e514 100644 --- a/makefu/1systems/tsp/config.nix +++ b/makefu/1systems/tsp/config.nix @@ -1,20 +1,20 @@ # # # -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { imports = [ # Include the results of the hardware scan. <stockholm/makefu> - <stockholm/makefu/2configs/gui/base.nix> + <stockholm/makefu/2configs/main-laptop.nix> + <stockholm/makefu/2configs/tools/all.nix> <stockholm/makefu/2configs/fs/sda-crypto-root.nix> # hardware specifics are in here # imports tp-x2x0.nix - <stockholm/makefu/2configs/hw/tp-x200.nix> + # <stockholm/makefu/2configs/hw/tp-x200.nix> - <stockholm/makefu/2configs/disable_v6.nix> - <stockholm/makefu/2configs/rad1o.nix> + # <stockholm/makefu/2configs/rad1o.nix> <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/exim-retiolum.nix> @@ -22,9 +22,41 @@ ]; # not working in vm krebs.build.host = config.krebs.hosts.tsp; + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; + boot.loader.grub.copyKernels = true; networking.firewall.allowedTCPPorts = [ 25 ]; + # acer aspire + networking.wireless.enable = lib.mkDefault true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.cpu.intel.updateMicrocode = true; + + zramSwap.enable = true; + zramSwap.numDevices = 2; + + services.tlp.enable = true; + services.tlp.extraConfig = '' + # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery + START_CHARGE_THRESH_BAT0=67 + STOP_CHARGE_THRESH_BAT0=100 + + + CPU_SCALING_GOVERNOR_ON_AC=performance + CPU_SCALING_GOVERNOR_ON_BAT=ondemand + CPU_MIN_PERF_ON_AC=0 + CPU_MAX_PERF_ON_AC=100 + CPU_MIN_PERF_ON_BAT=0 + CPU_MAX_PERF_ON_BAT=30 + ''; + + powerManagement.resumeCommands = '' + ${pkgs.rfkill}/bin/rfkill unblock all + ''; + } diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix index 166365ba0..a4d02af6b 100644 --- a/makefu/2configs/backup.nix +++ b/makefu/2configs/backup.nix @@ -31,6 +31,19 @@ in { krebs.backup.plans = { # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; gum-to-omo_root = defaultPull config.krebs.hosts.gum "/"; + gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )// + { + dst.path = "/media/cryptX/backup/gum/var-download"; + dst.host = defaultBackupServer; + startAt = "19:00"; + }; + gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )// + { + dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de"; + dst.host = defaultBackupServer; + + startAt = "05:00"; + }; # wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/"; }; environment.systemPackages = [ diff --git a/makefu/2configs/lanparty/lancache-dns.nix b/makefu/2configs/lanparty/lancache-dns.nix index 4b4ebf0a0..c9da7c4c4 100644 --- a/makefu/2configs/lanparty/lancache-dns.nix +++ b/makefu/2configs/lanparty/lancache-dns.nix @@ -1,6 +1,19 @@ { pkgs, lib, config, ... }: with import <stockholm/lib>; let + upstream-server = "8.8.8.8"; + # make sure the router pins the ip address to the deployed host + # and set it as dns server ( dhcp option 6,192.168.10.10 ) + local_ip = "192.168.10.10"; + + extra-config = pkgs.writeText "local.conf" '' + server: + local-data: "piratebox. A ${local_ip}" + local-data: "store. A ${local_ip}" + local-data: "share. A ${local_ip}" + ''; + + # see https://github.com/zeropingheroes/lancache for full docs lancache-dns = pkgs.stdenv.mkDerivation rec { name = "lancache-dns-2017-06-28"; @@ -11,8 +24,9 @@ let rev = "420aa62"; sha256 = "0ik7by7ripdv2avyy5kk9jp1i7rz9ksc8xmg7n9iik365q9pv94m"; }; + phases = [ "unpackPhase" "installPhase" ]; - # here we can chance to edit `includes/proxy-cache-paths.conf` + # here we have the chance to edit `includes/proxy-cache-paths.conf` installPhase = '' mkdir -p $out cp -r * $out/ @@ -20,7 +34,6 @@ let }; stateDir = "/var/lib/unbound"; user = "unbound"; - upstream-server = "8.8.8.8"; in { services.unbound = { enable = true; @@ -29,6 +42,7 @@ in { forwardAddresses = [ upstream-server ]; extraConfig = '' include: "${stateDir}/lancache/*.conf" + include: "${extra-config}" ''; }; services.dnscrypt-proxy.enable = lib.mkForce false; @@ -42,7 +56,8 @@ in { path = [ pkgs.gawk pkgs.iproute pkgs.gnused ]; script = '' set -xeu - current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}') + # current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}') + current_ip=${local_ip} old_ip=10.1.1.250 mkdir -p ${stateDir} rm -rvf ${stateDir}/lancache diff --git a/makefu/2configs/lanparty/lancache.nix b/makefu/2configs/lanparty/lancache.nix index 3df2e3f59..bcacf2e15 100644 --- a/makefu/2configs/lanparty/lancache.nix +++ b/makefu/2configs/lanparty/lancache.nix @@ -17,15 +17,21 @@ let installPhase = '' mkdir -p $out cp -r * $out/ + rm $out/caches-enabled/* sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \ -e '1 idaemon off;' \ + -e 's#/var/lancache#${cfg.statedir}#g' \ $out/nginx.conf + sed -i -e 's#/var/lancache#${cfg.statedir}#g' \ + $out/*/*.conf + ln -s $out/caches-available/* $out/caches-enabled/ ''; }; cfg = { + statedir = "/data/cache"; + group = "nginx-lancache"; user = "nginx-lancache"; - statedir = "/var/lancache"; package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{ configureFlags = old.configureFlags ++ [ "--with-http_slice_module" @@ -43,6 +49,7 @@ in { preStart = '' mkdir -p ${cfg.statedir} && cd ${cfg.statedir} + chmod 700 ${cfg.statedir} PATH_CACHE=$PATH_BASE/cache PATH_LOGS=$PATH_BASE/logs diff --git a/makefu/2configs/lanparty/mumble-server.nix b/makefu/2configs/lanparty/mumble-server.nix new file mode 100644 index 000000000..5b9631cd1 --- /dev/null +++ b/makefu/2configs/lanparty/mumble-server.nix @@ -0,0 +1,12 @@ +{ config, ... }: +{ + networking.firewall.allowedTCPPorts = [ 64738 ]; + networking.firewall.allowedUDPPorts = [ 64738 ]; + services.murmur = { + enable = true; + welcometext = "Welcome to the LANest Party mumble server"; + bonjour = true; + hostName = "0.0.0.0"; + sendVersion = true; + }; +} diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index de834ab16..4176d7b35 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -10,9 +10,16 @@ }; services.samba = { enable = true; + enableNmbd = true; shares = { - share-home = { + lanparty = { path = "/data/lanparty/"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + share = { + path = "/data/incoming"; "read only" = "no"; browseable = "yes"; "guest ok" = "yes"; diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix index 8a15ae2e7..eced961be 100644 --- a/makefu/2configs/tools/core.nix +++ b/makefu/2configs/tools/core.nix @@ -5,38 +5,43 @@ # # essentially `nix-env -q` of the main user { - krebs.per-user.makefu.packages = with pkgs; [ + environment.systemPackages = with pkgs; [ at_spi2_core acpi bc rsync exif file + lsof + which + # fs - ntfs3g + cifs-utils dosfstools + ntfs3g + smartmontools + + # io pv sshpass usbutils p7zip hdparm + + # net + wget + curl inetutils ncftp - mutt tcpdump sysstat - which - weechat wol - tmux iftop + mkpasswd - # storage - smartmontools - cifs-utils - # net - wget - curl + mutt + weechat + tmux # stockholm git diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 817cd9ead..3dc02937d 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -13,6 +13,6 @@ thc-hydra borgbackup ledger - u3_tool + u3-tool ]; } diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index e99aa696b..80a453ddc 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -31,7 +31,10 @@ in { }); pwqgen-ger = callPackage <stockholm/krebs/5pkgs/simple/passwdqc-utils> { wordset-file = super.pkgs.fetchurl { - url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ; + urls = [ + https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c + https://archive.org/download/nixos-stockholm-tarballs/pviar5j1gxiqcf3l34b4n2pil06xc8zf-wordset_4k.c + ]; sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; }; }; diff --git a/makefu/5pkgs/u3_tool/default.nix b/makefu/5pkgs/u3_tool/default.nix deleted file mode 100644 index e8c5573a8..000000000 --- a/makefu/5pkgs/u3_tool/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - proj = "u3-tool"; - name = "${proj}-${version}"; - version = "0.3"; - - enableParallelBuilding = true; - - src = fetchurl { - url = "mirror://sourceforge/${proj}/${name}.tar.gz"; - sha256 = "1p9c9kibd1pdbdfa0nd0i3n7bvzi3xg0chm38jg3xfl8gsn0390f"; - }; - - meta = { - description = "Tool for controlling the special features of a 'U3 smart drive' USB Flash disk."; - homepage = https://sourceforge.net/projects/u3-tool/ ; - license = stdenv.lib.licenses.gpl2; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ makefu ]; - }; -} diff --git a/makefu/source.nix b/makefu/source.nix index 8c880a8e2..992e4070b 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,9 +11,12 @@ let then "buildbot" else "makefu"; _file = <stockholm> + "/makefu/1systems/${name}/source.nix"; - ref = "809cf38"; # unstable @ 2017-10-07 - # + ruby stuff (2f0b17e4be9,55a952be5b5) - # + mitmproxy fix (360a5efd,ef52c95b) + ref = "e3d14bb"; # unstable @ 2017-11-02 + # + ruby stuff: 2f0b17e4be9 55a952be5b5 + # + jsbeautifier: c60bee3 + # + mitmproxy fix: a0f7cedfae31 + # + synergy fix: 5e6c76bc1 + # + snapraid fix: e3d14bb1 in evalSource (toString _file) [ |