diff options
| -rw-r--r-- | krebs/3modules/apt-cacher-ng.nix | 157 | ||||
| -rw-r--r-- | krebs/3modules/default.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/shared/default.nix | 15 | ||||
| -rw-r--r-- | krebs/3modules/tinc_graphs.nix | 2 | ||||
| -rw-r--r-- | krebs/5pkgs/Reaktor/default.nix | 4 | ||||
| -rw-r--r-- | krebs/5pkgs/apt-cacher-ng/default.nix | 21 | ||||
| -rw-r--r-- | krebs/5pkgs/drivedroid-gen-repo/default.nix | 22 | ||||
| -rw-r--r-- | krebs/Zpubkeys/exco.ssh.pub | 1 | ||||
| -rw-r--r-- | makefu/1systems/filepimp.nix | 2 | ||||
| -rw-r--r-- | makefu/1systems/gum.nix | 34 | ||||
| -rw-r--r-- | makefu/1systems/wry.nix | 17 | ||||
| -rw-r--r-- | makefu/2configs/fs/simple-swap.nix | 11 | ||||
| -rw-r--r-- | makefu/2configs/git/brain-retiolum.nix | 4 | ||||
| -rw-r--r-- | makefu/2configs/git/cgit-retiolum.nix | 55 | ||||
| -rw-r--r-- | makefu/2configs/main-laptop.nix | 2 | ||||
| -rw-r--r-- | makefu/2configs/virtualization-virtualbox.nix | 6 | ||||
| -rw-r--r-- | shared/1systems/wolf.nix | 25 | ||||
| -rw-r--r-- | shared/2configs/base.nix | 2 | ||||
| -rw-r--r-- | shared/2configs/shack-drivedroid.nix | 42 | ||||
| -rw-r--r-- | shared/2configs/shack-nix-cacher.nix | 25 |
20 files changed, 393 insertions, 56 deletions
diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix new file mode 100644 index 000000000..75296bafb --- /dev/null +++ b/krebs/3modules/apt-cacher-ng.nix @@ -0,0 +1,157 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + acng-config = pkgs.writeTextFile { + name = "acng-configuration"; + destination = "/acng.conf"; + text = '' + ForeGround: 1 + CacheDir: ${cfg.cacheDir} + LogDir: ${cfg.logDir} + PidFile: /var/run/apt-cacher-ng.pid + ExTreshold: ${toString cfg.cacheExpiration} + CAfile: ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + + Port: ${toString cfg.port} + BindAddress: ${cfg.bindAddress} + + # defaults: + Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian + Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu + Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol + Remap-cygwin: file:cygwin_mirrors /cygwin + Remap-sfnet: file:sfnet_mirrors + Remap-alxrep: file:archlx_mirrors /archlinux + Remap-fedora: file:fedora_mirrors + Remap-epel: file:epel_mirrors + Remap-slrep: file:sl_mirrors # Scientific Linux + Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo + + ReportPage: acng-report.html + SupportDir: ${pkgs.apt-cacher-ng}/lib/apt-cacher-ng + LocalDirs: acng-doc ${pkgs.apt-cacher-ng}/share/doc/apt-cacher-ng + + # Nix cache + ${optionalString cfg.enableNixCache '' + Remap-nix: http://cache.nixos.org /nixos ; https://cache.nixos.org + PfilePatternEx: (^|.*?/).*\.nar(info)?(|\.gz|\.xz|\.bz2)$ + VfilePatternEx: (^|.*?/)nix-cache-info$ + ''} + + ${cfg.extraConfig} + ''; + }; + + acng-home = "/var/cache/acng"; + cfg = config.krebs.apt-cacher-ng; + + api = { + enable = mkEnableOption "apt-cacher-ng"; + + cacheDir = mkOption { + default = acng-home + "/cache"; + type = types.str; + description = '' + Path to apt-cacher-ng cache directory. + Will be created and chowned to acng-user + ''; + }; + + logDir = mkOption { + default = acng-home + "/log"; + type = types.str; + description = '' + Path to apt-cacher-ng log directory. + Will be created and chowned to acng-user + ''; + }; + + port = mkOption { + default = 3142; + type = types.int; + description = '' + port of apt-cacher-ng + ''; + }; + + bindAddress = mkOption { + default = ""; + type = types.str; + example = "localhost 192.168.7.254 publicNameOnMainInterface"; + description = '' + listen address of apt-cacher-ng. Defaults to every interface. + ''; + }; + + cacheExpiration = mkOption { + default = 4; + type = types.int; + description = '' + number of days before packages expire in the cache without being + requested. + ''; + }; + + enableNixCache = mkOption { + default = true; + type = types.bool; + description = '' + enable cache.nixos.org caching via PfilePatternEx and VfilePatternEx. + + to use the apt-cacher-ng in your nixos configuration: + nix.binary-cache = [ http://acng-host:port/nixos ]; + + These options cannot be used in extraConfig, use SVfilePattern and + SPfilePattern or disable this option. + ''; + }; + + extraConfig = mkOption { + default = ""; + type = types.lines; + description = '' + extra config appended to the generated acng.conf + ''; + }; + }; + + imp = { + + users.extraUsers.acng = { + # uid = config.ids.uids.acng; + uid = 897955083; #genid Reaktor + description = "apt-cacher-ng"; + home = acng-home; + createHome = false; + }; + + users.extraGroups.acng = { + gid = 897955083; #genid Reaktor + # gid = config.ids.gids.Reaktor; + }; + + systemd.services.apt-cacher-ng = { + description = "apt-cacher-ng"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + PermissionsStartOnly = true; + ExecStartPre = pkgs.writeScript "acng-init" '' + #!/bin/sh + mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir} + chown acng:acng ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir} + ''; + ExecStart = "${pkgs.apt-cacher-ng}/bin/apt-cacher-ng -c ${acng-config}"; + PrivateTmp = "true"; + User = "acng"; + Restart = "always"; + RestartSec = "10"; + }; + }; + }; +in +{ + options.krebs.apt-cacher-ng = api; + config = mkIf cfg.enable imp; +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 0ca6c8033..6d2b090a2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,6 +6,7 @@ let out = { imports = [ + ./apt-cacher-ng.nix ./bepasty-server.nix ./build.nix ./current.nix @@ -86,6 +87,7 @@ let krebs.dns.providers = { de.krebsco = "zones"; gg23 = "hosts"; + shack = "hosts"; internet = "hosts"; retiolum = "hosts"; }; diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix index 13aae886b..b332676c6 100644 --- a/krebs/3modules/shared/default.nix +++ b/krebs/3modules/shared/default.nix @@ -33,12 +33,17 @@ let in { hosts = addNames { wolf = { - #dc = "shack"; + dc = "shack"; nets = { - #shack = { - # addrs4 = [ TODO ]; - # aliases = ["wolf.shack"]; - #}; + shack = { + addrs4 = [ "10.42.2.150" ]; + aliases = [ + "wolf.shack" + "graphite.shack" + "acng.shack" + "drivedroid.shack" + ]; + }; retiolum = { addrs4 = ["10.243.77.1"]; addrs6 = ["42:0:0:0:0:0:77:1"]; diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index e415d20ab..20aa385a9 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -89,9 +89,9 @@ let }; restartIfChanged = true; - serviceConfig = { Type = "simple"; + restart = "always"; ExecStartPre = pkgs.writeScript "tinc_graphs-init" '' #!/bin/sh diff --git a/krebs/5pkgs/Reaktor/default.nix b/krebs/5pkgs/Reaktor/default.nix index c38aa6423..c4a362757 100644 --- a/krebs/5pkgs/Reaktor/default.nix +++ b/krebs/5pkgs/Reaktor/default.nix @@ -2,14 +2,14 @@ python3Packages.buildPythonPackage rec { name = "Reaktor-${version}"; - version = "0.5.0"; + version = "0.5.1"; propagatedBuildInputs = with pkgs;[ python3Packages.docopt python3Packages.requests2 ]; src = fetchurl { url = "https://pypi.python.org/packages/source/R/Reaktor/Reaktor-${version}.tar.gz"; - sha256 = "1npag52xmnyqv56z0anyf6xf00q0smfzsippal0xdbxrfj7s8qim"; + sha256 = "0dn9r0cyxi1sji2pnybsrc4hhaaq7hmf235nlgkrxqlsdb7y6n6n"; }; meta = { homepage = http://krebsco.de/; diff --git a/krebs/5pkgs/apt-cacher-ng/default.nix b/krebs/5pkgs/apt-cacher-ng/default.nix new file mode 100644 index 000000000..f253cdba0 --- /dev/null +++ b/krebs/5pkgs/apt-cacher-ng/default.nix @@ -0,0 +1,21 @@ +{ stdenv, fetchurl, cmake, doxygen, zlib, openssl, bzip2, pkgconfig, libpthreadstubs }: + +stdenv.mkDerivation rec { + name = "apt-cacher-ng-${version}"; + version = "0.8.6"; + + src = fetchurl { + url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz"; + sha256 = "0044dfks8djl11fs28jj8894i4rq424xix3d3fkvzz2i6lnp8nr5"; + }; + + NIX_LDFLAGS = "-lpthread"; + buildInputs = [ doxygen cmake zlib openssl bzip2 pkgconfig libpthreadstubs ]; + + meta = { + description = "A caching proxy specialized for linux distribution files"; + homepage = http://www.unix-ag.uni-kl.de/~bloch/acng/; + license = stdenv.lib.licenses.gpl2; + maintainers = [ stdenv.lib.maintainers.makefu ]; + }; +} diff --git a/krebs/5pkgs/drivedroid-gen-repo/default.nix b/krebs/5pkgs/drivedroid-gen-repo/default.nix new file mode 100644 index 000000000..087f97c9a --- /dev/null +++ b/krebs/5pkgs/drivedroid-gen-repo/default.nix @@ -0,0 +1,22 @@ +{stdenv,fetchurl,pkgs,python3Packages, ... }: + +python3Packages.buildPythonPackage rec { + name = "drivedroid-gen-repo-${version}"; + version = "0.4.2"; + + propagatedBuildInputs = with pkgs;[ + python3Packages.docopt + ]; + + src = fetchurl { + url = "https://pypi.python.org/packages/source/d/drivedroid-gen-repo/drivedroid-gen-repo-${version}.tar.gz"; + sha256 = "1w4dqc9ndyiv5kjh2y8n4p4c280vhqyj8s7y6al2klchcp2ab7q7"; + }; + + meta = { + homepage = http://krebsco.de/; + description = "Generate Drivedroid repos"; + license = stdenv.lib.licenses.wtfpl; + }; +} + diff --git a/krebs/Zpubkeys/exco.ssh.pub b/krebs/Zpubkeys/exco.ssh.pub new file mode 100644 index 000000000..e2afcf3fb --- /dev/null +++ b/krebs/Zpubkeys/exco.ssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== christian.stoeveken@gmail.com diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index fb1a57552..66ea2ce90 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -7,8 +7,6 @@ { imports = [ # Include the results of the hardware scan. - ../2configs/default.nix - ../2configs/fs/vm-single-partition.nix ../2configs/fs/single-partition-ext4.nix ../2configs/tinc-basic-retiolum.nix ]; diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 8dd347b4f..63ad18339 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -9,14 +9,15 @@ in { # TODO: copy this config or move to krebs ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix + ../2configs/fs/simple-swap.nix ../2configs/fs/single-partition-ext4.nix # ../2configs/iodined.nix + ../2configs/git/cgit-retiolum.nix ]; krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; - # Chat environment.systemPackages = with pkgs;[ weechat @@ -33,21 +34,24 @@ in { services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" ''; + boot.kernelParams = [ "ipv6.disable=1" ]; networking = { - firewall = { - allowPing = true; - allowedTCPPorts = [ - # smtp - 25 - # http - 80 443 - # tinc - 655 - ]; - allowedUDPPorts = [ - # tinc - 655 53 - ]; + enableIPv6 = false; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # tinc + 655 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + ]; }; interfaces.et0.ip4 = [{ address = external-ip; diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index ba94972fb..cd2b3f657 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -24,11 +24,11 @@ in { # other nginx ../2configs/nginx/euer.wiki.nix ../2configs/nginx/euer.blog.nix + ../2configs/nginx/euer.test.nix # collectd ../2configs/collectd/collectd-base.nix ]; - krebs.build.host = config.krebs.hosts.wry; krebs.Reaktor.enable = true; @@ -59,9 +59,12 @@ in { }; networking = { - firewall.allowPing = true; - firewall.allowedTCPPorts = [ 53 80 443 ]; - firewall.allowedUDPPorts = [ 655 ]; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ 53 80 443 ]; + allowedUDPPorts = [ 655 ]; + }; interfaces.enp2s1.ip4 = [{ address = external-ip; prefixLength = 24; @@ -70,5 +73,9 @@ in { nameservers = [ "8.8.8.8" ]; }; - environment.systemPackages = [ pkgs.translate-shell ]; + # small machine - do not forget to gc every day + nix.gc.automatic = true; + nix.gc.dates = "03:10"; + + environment.systemPackages = [ ]; } diff --git a/makefu/2configs/fs/simple-swap.nix b/makefu/2configs/fs/simple-swap.nix new file mode 100644 index 000000000..8c161b287 --- /dev/null +++ b/makefu/2configs/fs/simple-swap.nix @@ -0,0 +1,11 @@ +_: +{ + # do not swap that often + boot.kernel.sysctl = { + "vm.swappiness" = 25; + }; + + swapDevices = [ + { device = "/dev/disk/by-label/swap"; } + ]; +} diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix index 793373859..066d50a28 100644 --- a/makefu/2configs/git/brain-retiolum.nix +++ b/makefu/2configs/git/brain-retiolum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: # TODO: remove tv lib :) -with import ../../../tv/4lib { inherit lib pkgs; }; +with lib; let repos = priv-repos // krebs-repos ; @@ -26,7 +26,7 @@ let inherit name desc; public = false; hooks = { - post-receive = git.irc-announce { + post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; channel = "#retiolum"; # TODO remove the hardcoded hostname diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 189dd66c8..e12827697 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -1,10 +1,12 @@ { config, lib, pkgs, ... }: # TODO: remove tv lib :) -with import ../../../tv/4lib { inherit lib pkgs; }; +with lib; let - repos = priv-repos // krebs-repos ; - rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos); + repos = priv-repos // krebs-repos // connector-repos ; + rules = concatMap krebs-rules (attrValues krebs-repos) + ++ concatMap priv-rules (attrValues priv-repos) + ++ concatMap connector-rules (attrValues connector-repos); krebs-repos = mapAttrs make-krebs-repo { stockholm = { @@ -19,6 +21,10 @@ let autosync = { }; }; + connector-repos = mapAttrs make-priv-repo { + connector = { }; + }; + # TODO move users to separate module make-priv-repo = name: { desc ? null, ... }: { @@ -30,7 +36,7 @@ let inherit name desc; public = true; hooks = { - post-receive = git.irc-announce { + post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = config.krebs.build.host.name == "pnp"; channel = "#retiolum"; @@ -40,38 +46,49 @@ let }; }; - set-owners = with git;repo: user: - singleton { - inherit user; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - }; - set-ro-access = with git; repo: user: - optional repo.public { - inherit user; - repo = [ repo ]; - perm = fetch; - }; # TODO: get the list of all krebsministers krebsminister = with config.krebs.users; [ lass tv uriel ]; all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; + all-exco = with config.krebs.users; [ exco ]; priv-rules = repo: set-owners repo all-makefu; + connector-rules = repo: set-owners repo all-makefu ++ set-owners repo all-exco; + krebs-rules = repo: set-owners repo all-makefu ++ set-ro-access repo krebsminister; + set-ro-access = with git; repo: user: + optional repo.public { + inherit user; + repo = [ repo ]; + perm = fetch; + }; + + set-owners = with git;repo: user: + singleton { + inherit user; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + }; + in { imports = [{ - krebs.users.makefu-omo = { + krebs.users = { + makefu-omo = { name = "makefu-omo" ; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub; - }; - krebs.users.makefu-tsp = { + }; + makefu-tsp = { name = "makefu-tsp" ; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; + }; + exco = { + name = "exco"; + pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub; + }; }; }]; krebs.git = { diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index 294ee7510..dfc8c1c07 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -12,7 +12,7 @@ with lib; firefox chromium keepassx - + ntfs3g virtmanager at_spi2_core # dep for virtmanager? ]; diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix index 610b63732..aaabcd50e 100644 --- a/makefu/2configs/virtualization-virtualbox.nix +++ b/makefu/2configs/virtualization-virtualbox.nix @@ -2,11 +2,11 @@ let mainUser = config.krebs.build.user; - version = "5.0.4"; - rev = "102546"; + version = "5.0.6"; + rev = "103037"; vboxguestpkg = pkgs.fetchurl { url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack"; - sha256 = "1ykwpjvfgj11iwhx70bh2hbxhyy3hg6rnqzl4qac7xzg8xw8wqg4"; + sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf"; }; in { #inherit vboxguestpkg; diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 4fe3388c8..8c5295bb3 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -1,12 +1,35 @@ { config, lib, pkgs, ... }: +let + shack-ip = lib.head config.krebs.build.host.nets.shack.addrs4; + internal-ip = lib.head config.krebs.build.host.nets.retiolum.addrs4; +in { imports = [ ../2configs/base.nix <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/collectd-base.nix + ../2configs/shack-nix-cacher.nix + ../2configs/shack-drivedroid.nix ]; + # use your own binary cache, fallback use cache.nixos.org (which is used by + # apt-cacher-ng in first place) + nix.binaryCaches = [ "http://localhost:3142/nixos" "https://cache.nixos.org" ]; + + networking = { + firewall.enable = false; + interfaces.eth0.ip4 = [{ + address = shack-ip; + prefixLength = 20; + }]; + + defaultGateway = "10.42.0.1"; + nameservers = [ "8.8.8.8" ]; + }; + ##################### + # uninteresting stuff + ##################### krebs.build.host = config.krebs.hosts.wolf; # TODO rename shared user to "krebs" krebs.build.user = config.krebs.users.shared; @@ -31,7 +54,7 @@ fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; swapDevices = [ - { device = "/dev/disk/by-label/swap"; } + { device = "/dev/disk/by-label/swap"; } ]; time.timeZone = "Europe/Berlin"; diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix index c9f4ffa8d..df41eae1a 100644 --- a/shared/2configs/base.nix +++ b/shared/2configs/base.nix @@ -64,6 +64,8 @@ with lib; # TODO config.krebs.users.lass.pubkey config.krebs.users.makefu.pubkey + # TODO HARDER: + (readFile ../../krebs/Zpubkeys/makefu_omo.ssh.pub) config.krebs.users.tv.pubkey ]; diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix new file mode 100644 index 000000000..66940bc08 --- /dev/null +++ b/shared/2configs/shack-drivedroid.nix @@ -0,0 +1,42 @@ +{ pkgs, lib, config, ... }: +let + repodir = "/var/srv/drivedroid"; + srepodir = lib.shell.escape repodir; +in +{ + systemd.paths.drivedroid = { + wantedBy = [ "multi-user.target" ]; + Description = "triggers for changes in drivedroid dir"; + pathConfig = { + PathModified = repodir; + }; + }; + + systemd.services.drivedroid = { + ServiceConfig = { + ExecStartPre = pkgs.writeScript "prepare-drivedroid-repo-gen" '' + #!/bin/sh + mkdir -p ${srepodir}/repos + ''; + ExecStart = pkgs.writeScript "start-drivedroid-repo-gen" '' + #!/bin/sh + {pkgs.drivedroid-gen-repo}/bin/drivedroid-gen-repo --chdir "${srepodir}" repos/ > "${srepodir}/main.json" + ''; + }; + }; + + krebs.nginx = { + enable = lib.mkDefault true; + servers = { + drivedroid-repo = { + server-names = [ "drivedroid.shack" ]; + # TODO: prepare this somehow + locations = lib.singleton (lib.nameValuePair "/" '' + root ${repodir}; + index main.json; + ''); + }; + }; + }; + +} diff --git a/shared/2configs/shack-nix-cacher.nix b/shared/2configs/shack-nix-cacher.nix new file mode 100644 index 000000000..7519bb3ac --- /dev/null +++ b/shared/2configs/shack-nix-cacher.nix @@ -0,0 +1,25 @@ +{ pkgs, lib, ... }: + +{ + krebs.nginx = { + enable = lib.mkDefault true; + servers = { + apt-cacher-ng = { + server-names = [ "acng.shack" ]; + locations = lib.singleton (lib.nameValuePair "/" '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://localhost:3142/; + ''); + }; + }; + }; + + krebs.apt-cacher-ng = { + enable = true; + port = 3142; + bindAddress = "localhost"; + cacheExpiration = 30; + }; +} |