From 7f57b45d61a5ce784f663c0276cc24df6e19a4fb Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 20 Mar 2019 18:29:51 +0100 Subject: nix-writers: 3.2.0 -> 3.3.0 --- submodules/nix-writers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/nix-writers b/submodules/nix-writers index fc8a3802a..d856f05da 160000 --- a/submodules/nix-writers +++ b/submodules/nix-writers @@ -1 +1 @@ -Subproject commit fc8a3802a0777a5f43a9a2fe0f5848ecaeb555a1 +Subproject commit d856f05daff9cd726d1e798f1bb9a18eecbe2f50 -- cgit v1.2.3 From ed499a84a9fe067c80e5a4768482333863c1e9ad Mon Sep 17 00:00:00 2001 From: jeschli Date: Thu, 21 Mar 2019 20:08:41 +0100 Subject: j brauerei: now on i3 --- jeschli/1systems/brauerei/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index ecf40a615..b9bb021b8 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -145,10 +145,11 @@ in ''; } ]; - }; }; + services.xserver.windowManager.i3.enable = true; + users.extraUsers.jeschli = { # TODO: define as krebs.users isNormalUser = true; extraGroups = ["docker" "vboxusers" "audio"]; -- cgit v1.2.3 From 9a58e882acf7268ba28eeb6e6d5a174342f018f5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 22 Mar 2019 07:56:13 +0100 Subject: types host: add syncthing.id --- lib/types.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/types.nix b/lib/types.nix index 45c009893..9001bc7c3 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -86,6 +86,12 @@ rec { type = nullOr ssh-privkey; default = null; }; + + syncthing.id = mkOption { + # TODO syncthing id type + type = nullOr string; + default = null; + }; }; }); -- cgit v1.2.3 From 67d3a55df5dd7a96d21781a581c249a9e50caaec Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 22 Mar 2019 07:57:34 +0100 Subject: k: add syncthing module --- krebs/3modules/default.nix | 1 + krebs/3modules/syncthing.nix | 129 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 130 insertions(+) create mode 100644 krebs/3modules/syncthing.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 9c2f53cbe..567c077eb 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -48,6 +48,7 @@ let ./rtorrent.nix ./secret.nix ./setuid.nix + ./syncthing.nix ./tinc.nix ./tinc_graphs.nix ./urlwatch.nix diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix new file mode 100644 index 000000000..389da81d4 --- /dev/null +++ b/krebs/3modules/syncthing.nix @@ -0,0 +1,129 @@ +{ config, pkgs, ... }: with import ; + +let + + cfg = config.krebs.syncthing; + + devices = mapAttrsToList (name: peer: { + name = name; + deviceID = peer.id; + addresses = peer.addresses; + }) cfg.peers; + + folders = map (folder: { + inherit (folder) path type; + id = folder.path; + devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers; + rescanIntervalS = folder.rescanInterval; + }) cfg.folders; + + getApiKey = pkgs.writeDash "getAPIKey" '' + ${pkgs.libxml2}/bin/xmllint \ + --xpath 'string(configuration/gui/apikey)'\ + ${config.services.syncthing.dataDir}/config.xml + ''; + + updateConfig = pkgs.writeDash "merge-syncthing-config" '' + set -efu + API_KEY=$(${getApiKey}) + CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config) + echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * { + "devices": ${builtins.toJSON devices}, + "folders": ${builtins.toJSON folders} + }' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @- + ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST + ''; + +in + +{ + options.krebs.syncthing = { + + enable = mkEnableOption "syncthing-init"; + + id = mkOption { + type = types.str; + default = config.krebs.build.host.name; + }; + + cert = mkOption { + type = types.nullOr types.absolute-pathname; + default = null; + }; + + key = mkOption { + type = types.nullOr types.absolute-pathname; + default = null; + }; + + peers = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ + options = { + + # TODO make into addr + port submodule + addresses = mkOption { + type = types.listOf types.str; + default = []; + }; + + #TODO check + id = mkOption { + type = types.str; + }; + + }; + })); + }; + + folders = mkOption { + default = []; + type = types.listOf (types.submodule ({ + options = { + + path = mkOption { + type = types.absolute-pathname; + }; + + peers = mkOption { + type = types.listOf types.str; + default = []; + }; + + rescanInterval = mkOption { + type = types.int; + default = 60; + }; + + type = mkOption { + type = types.enum [ "sendreceive" "sendonly" "receiveonly" ]; + default = "sendreceive"; + }; + + }; + })); + }; + }; + + config = (mkIf cfg.enable) { + + systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) { + preStart = '' + ${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"} + ${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"} + ''; + }; + + systemd.services.syncthing-init = { + after = [ "syncthing.service" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + User = config.services.syncthing.user; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = updateConfig; + }; + }; + }; +} -- cgit v1.2.3 From 90ab9c288e0baa6f2e7f7b2e7cdffd10bda89938 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 22 Mar 2019 08:01:03 +0100 Subject: l: add syncthing ids for mors, icarus & skynet --- krebs/3modules/lass/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 630c14f18..6849f0813 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -204,6 +204,7 @@ in { secure = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; + syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH"; }; shodan = { cores = 2; @@ -270,6 +271,7 @@ in { secure = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj"; + syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4"; }; daedalus = { cores = 2; @@ -328,6 +330,7 @@ in { secure = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t"; + syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3"; }; littleT = { cores = 2; -- cgit v1.2.3 From 96fc1908a2488fd4ccedfea7b6bdf64425de2e83 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 22 Mar 2019 08:07:04 +0100 Subject: l syncthing: use module --- lass/1systems/icarus/config.nix | 1 + lass/1systems/skynet/config.nix | 1 + lass/2configs/syncthing.nix | 9 +++++++++ lass/2configs/tests/dummy-secrets/syncthing.cert | 0 lass/2configs/tests/dummy-secrets/syncthing.key | 0 5 files changed, 11 insertions(+) create mode 100644 lass/2configs/tests/dummy-secrets/syncthing.cert create mode 100644 lass/2configs/tests/dummy-secrets/syncthing.key diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index d2d4bd3eb..868d75083 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -17,6 +17,7 @@ + ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 4b806af7b..0bf3e6b4d 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -7,6 +7,7 @@ with import ; + { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 17debf822..164e89679 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -8,4 +8,13 @@ with import ; { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} { predicate = "-p udp --dport 21027"; target = "ACCEPT";} ]; + krebs.syncthing = { + enable = true; + cert = toString ; + key = toString ; + peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); + folders = [ + { path = "/tmp/testsync"; peers = [ "icarus" "mors" "skynet" ]; } + ]; + }; } diff --git a/lass/2configs/tests/dummy-secrets/syncthing.cert b/lass/2configs/tests/dummy-secrets/syncthing.cert new file mode 100644 index 000000000..e69de29bb diff --git a/lass/2configs/tests/dummy-secrets/syncthing.key b/lass/2configs/tests/dummy-secrets/syncthing.key new file mode 100644 index 000000000..e69de29bb -- cgit v1.2.3 From e1f33f0b588cbdc28a91790ee372359678ae8dbe Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 14:18:03 +0100 Subject: l littleT: add wiregrill & syncthing --- krebs/3modules/lass/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 6849f0813..eaba2d734 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -368,10 +368,18 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "771e"; + aliases = [ + "littleT.w" + ]; + wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg="; + }; }; secure = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; + syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD"; }; red = { monitoring = false; -- cgit v1.2.3 From c3a1847b9826b9bd08bbf21d006ce7e5e3fe57e1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 16:02:07 +0100 Subject: l blue: add syncthing.id --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index eaba2d734..575ff3d62 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -485,6 +485,7 @@ in { }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; + syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD"; }; phone = { nets = { -- cgit v1.2.3 From 84d0489583e2ee8a299d066e57e28f899c23c3d5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 16:03:20 +0100 Subject: l phone: add syncthing.id --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 575ff3d62..7352d36e9 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -499,6 +499,7 @@ in { }; external = true; ci = false; + syncthing.id = "V6D4CKT-7POOIKX-KB6UM7R-3R774RB-DSZ26FE-MSW3VTO-6AIJCIA-ZHJXKA7"; }; morpheus = { cores = 1; -- cgit v1.2.3 From 0bb9321d1b979f64703c22fa6c25a46776da50af Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 16:04:01 +0100 Subject: syncthing folders: add watch & ignorePerms options --- krebs/3modules/syncthing.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 389da81d4..485dd3991 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -15,6 +15,9 @@ let id = folder.path; devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers; rescanIntervalS = folder.rescanInterval; + fsWatcherEnabled = folder.watch; + fsWatcherDelayS = folder.watchDelay; + ignorePerms = folder.ignorePerms; }) cfg.folders; getApiKey = pkgs.writeDash "getAPIKey" '' @@ -100,6 +103,21 @@ in default = "sendreceive"; }; + watch = mkOption { + type = types.bool; + default = true; + }; + + watchDelay = mkOption { + type = types.int; + default = 10; + }; + + ignorePerms = mkOption { + type = types.bool; + default = true; + }; + }; })); }; -- cgit v1.2.3 From 86150b31f20772c761dac2ce76862928bcc07537 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 16:04:22 +0100 Subject: syncthing: wait for service startup --- krebs/3modules/syncthing.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 485dd3991..e7f95f7fc 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -28,6 +28,8 @@ let updateConfig = pkgs.writeDash "merge-syncthing-config" '' set -efu + # wait for service to restart + ${pkgs.untilport}/bin/untilport localhost 8384 API_KEY=$(${getApiKey}) CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config) echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * { -- cgit v1.2.3 From 67ca249e33e977a83b54b21ad7c717e3eaa38d84 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 16:04:50 +0100 Subject: syncthing: increase rescanInterval to track upstream --- krebs/3modules/syncthing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index e7f95f7fc..3c60eec4b 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -97,7 +97,7 @@ in rescanInterval = mkOption { type = types.int; - default = 60; + default = 3600; }; type = mkOption { -- cgit v1.2.3 From 5b15417be2e76e3df03f8b67baaf29230cfa88c6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 16:05:21 +0100 Subject: l icarus.r: enable thinkfan --- lass/1systems/icarus/physical.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix index 6cc77a47d..d764dabc1 100644 --- a/lass/1systems/icarus/physical.nix +++ b/lass/1systems/icarus/physical.nix @@ -17,4 +17,6 @@ SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; + + services.thinkfan.enable = true; } -- cgit v1.2.3 From db9a1e4bb93f8023daf7b360b2719dc92f744217 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 16:06:39 +0100 Subject: l blue.r & littleT.r: import syncthing --- lass/1systems/blue/config.nix | 1 + lass/1systems/littleT/config.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index a84bb37f6..d740403da 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -8,6 +8,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.blue; diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index 7fe143c3c..eee23ee60 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -7,6 +7,7 @@ with import ; + ]; networking.networkmanager.enable = true; -- cgit v1.2.3 From 6654f03b09b7b80e3ee6339c92e6172579349744 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 16:08:20 +0100 Subject: l: enable netdata on all hosts --- lass/2configs/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 2547e8bac..085cc04b7 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -218,4 +218,7 @@ with import ; networking.dhcpcd.extraConfig = '' noipv4ll ''; + services.netdata = { + enable = true; + }; } -- cgit v1.2.3 From d40f20b711a71240d235a26b6c87156afc355612 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 29 Mar 2019 18:14:39 +0100 Subject: q-power_supply: init from tv's q --- krebs/5pkgs/simple/q-power_supply.nix | 126 +++++++++++++++++++++++++++++++++ tv/5pkgs/simple/q/default.nix | 127 +--------------------------------- 2 files changed, 127 insertions(+), 126 deletions(-) create mode 100644 krebs/5pkgs/simple/q-power_supply.nix diff --git a/krebs/5pkgs/simple/q-power_supply.nix b/krebs/5pkgs/simple/q-power_supply.nix new file mode 100644 index 000000000..87f900194 --- /dev/null +++ b/krebs/5pkgs/simple/q-power_supply.nix @@ -0,0 +1,126 @@ +{ gawk, gnused, writeDashBin }: + +writeDashBin "q-power_supply" '' + power_supply() {( + set -efu + uevent=$1 + eval "$(${gnused}/bin/sed -n ' + s/^\([A-Z_]\+=[0-9A-Za-z_-]*\)$/export \1/p + ' $uevent)" + case $POWER_SUPPLY_NAME in + AC) + exit # not battery + ;; + esac + exec = .42) t_col = "1;32" + else if (r >= 23) t_col = "1;33" + else if (r >= 11) t_col = "1;31" + else t_col = "5;1;31" + return sgr(t_col) strdup("■", t1) sgr(";30") strdup("■", t2) sgr() + } + + function sgr(p) { + return "\x1b[" p "m" + } + + function strdup(s,n,t) { + t = sprintf("%"n"s","") + gsub(/ /,s,t) + return t + } + + END { + name = ENVIRON["POWER_SUPPLY_NAME"] + + charge_unit = "Ah" + charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6 + charge_full = ENVIRON["POWER_SUPPLY_CHARGE_FULL"] / 10^6 + + current_unit = "A" + current_now = ENVIRON["POWER_SUPPLY_CURRENT_NOW"] / 10^6 + + energy_unit = "Wh" + energy_now = ENVIRON["POWER_SUPPLY_ENERGY_NOW"] / 10^6 + energy_full = ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6 + + power_unit = "W" + power_now = ENVIRON["POWER_SUPPLY_POWER_NOW"] / 10^6 + + voltage_unit = "V" + voltage_now = ENVIRON["POWER_SUPPLY_VOLTAGE_NOW"] / 10^6 + voltage_min_design = ENVIRON["POWER_SUPPLY_VOLTAGE_MIN_DESIGN"] / 10^6 + + #printf "charge_now: %s\n", charge_now + #printf "charge_full: %s\n", charge_full + #printf "current_now: %s\n", current_now + #printf "energy_now: %s\n", energy_now + #printf "energy_full: %s\n", energy_full + #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] + #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6 + #printf "power_now: %s\n", power_now + #printf "voltage_now: %s\n", voltage_now + + if (current_now == 0 && voltage_now != 0) { + current_now = power_now / voltage_now + } + if (power_now == 0) { + power_now = current_now * voltage_now + } + if (charge_now == 0 && voltage_min_design != 0) { + charge_now = energy_now / voltage_min_design + } + if (energy_now == 0) { + energy_now = charge_now * voltage_min_design + } + if (charge_full == 0 && voltage_min_design != 0) { + charge_full = energy_full / voltage_min_design + } + if (energy_full == 0) { + energy_full = charge_full * voltage_min_design + } + + if (charge_now == 0 || charge_full == 0) { + die("unknown charge") + } + + charge_ratio = charge_now / charge_full + + out = out name + out = out sprintf(" %s", print_bar(10, charge_ratio)) + out = out sprintf(" %d%", charge_ratio * 100) + out = out sprintf(" %.2f%s", charge_now, charge_unit) + if (current_now != 0) { + out = out sprintf("/%.1f%s", current_now, current_unit) + } + out = out sprintf(" %d%s", energy_full, energy_unit) + if (power_now != 0) { + out = out sprintf("/%.1f%s", power_now, power_unit) + } + if (current_now != 0) { + out = out sprintf(" %s", print_hm(charge_now / current_now)) + } + + print out + } + ' + )} + + for uevent in /sys/class/power_supply/*/uevent; do + power_supply "$uevent" || : + done +'' diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix index 7906b968f..e17282e17 100644 --- a/tv/5pkgs/simple/q/default.nix +++ b/tv/5pkgs/simple/q/default.nix @@ -102,131 +102,6 @@ let ' ''; - q-power_supply = let - power_supply = pkgs.writeBash "power_supply" '' - set -efu - uevent=$1 - eval "$(${pkgs.gnused}/bin/sed -n ' - s/^\([A-Z_]\+=[0-9A-Za-z_-]*\)$/export \1/p - ' $uevent)" - case $POWER_SUPPLY_NAME in - AC) - exit # not battery - ;; - esac - exec = .42) t_col = "1;32" - else if (r >= 23) t_col = "1;33" - else if (r >= 11) t_col = "1;31" - else t_col = "5;1;31" - return sgr(t_col) strdup("■", t1) sgr(";30") strdup("■", t2) sgr() - } - - function sgr(p) { - return "\x1b[" p "m" - } - - function strdup(s,n,t) { - t = sprintf("%"n"s","") - gsub(/ /,s,t) - return t - } - - END { - name = ENVIRON["POWER_SUPPLY_NAME"] - - charge_unit = "Ah" - charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6 - charge_full = ENVIRON["POWER_SUPPLY_CHARGE_FULL"] / 10^6 - - current_unit = "A" - current_now = ENVIRON["POWER_SUPPLY_CURRENT_NOW"] / 10^6 - - energy_unit = "Wh" - energy_now = ENVIRON["POWER_SUPPLY_ENERGY_NOW"] / 10^6 - energy_full = ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6 - - power_unit = "W" - power_now = ENVIRON["POWER_SUPPLY_POWER_NOW"] / 10^6 - - voltage_unit = "V" - voltage_now = ENVIRON["POWER_SUPPLY_VOLTAGE_NOW"] / 10^6 - voltage_min_design = ENVIRON["POWER_SUPPLY_VOLTAGE_MIN_DESIGN"] / 10^6 - - #printf "charge_now: %s\n", charge_now - #printf "charge_full: %s\n", charge_full - #printf "current_now: %s\n", current_now - #printf "energy_now: %s\n", energy_now - #printf "energy_full: %s\n", energy_full - #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] - #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6 - #printf "power_now: %s\n", power_now - #printf "voltage_now: %s\n", voltage_now - - if (current_now == 0 && voltage_now != 0) { - current_now = power_now / voltage_now - } - if (power_now == 0) { - power_now = current_now * voltage_now - } - if (charge_now == 0 && voltage_min_design != 0) { - charge_now = energy_now / voltage_min_design - } - if (energy_now == 0) { - energy_now = charge_now * voltage_min_design - } - if (charge_full == 0 && voltage_min_design != 0) { - charge_full = energy_full / voltage_min_design - } - if (energy_full == 0) { - energy_full = charge_full * voltage_min_design - } - - if (charge_now == 0 || charge_full == 0) { - die("unknown charge") - } - - charge_ratio = charge_now / charge_full - - out = out name - out = out sprintf(" %s", print_bar(10, charge_ratio)) - out = out sprintf(" %d%", charge_ratio * 100) - out = out sprintf(" %.2f%s", charge_now, charge_unit) - if (current_now != 0) { - out = out sprintf("/%.1f%s", current_now, current_unit) - } - out = out sprintf(" %d%s", energy_full, energy_unit) - if (power_now != 0) { - out = out sprintf("/%.1f%s", power_now, power_unit) - } - if (current_now != 0) { - out = out sprintf(" %s", print_hm(charge_now / current_now)) - } - - print out - } - ' - ''; - in '' - for uevent in /sys/class/power_supply/*/uevent; do - ${power_supply} "$uevent" || : - done - ''; - q-virtualization = /* sh */ '' echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)" ''; @@ -302,7 +177,7 @@ pkgs.writeBashBin "q" '' ${q-sgtdate} (${q-gitdir}) & (${q-intel_backlight}) & - (${q-power_supply}) & + ${pkgs.q-power_supply}/bin/q-power_supply & (${q-virtualization}) & (${q-wireless}) & (${q-online}) & -- cgit v1.2.3 From 0ae1dc7b96f26dec1240b837f7bdd2bc633c6398 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Apr 2019 20:06:31 +0200 Subject: nix-writers: 3.3.0 -> 3.4.0 --- submodules/nix-writers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/nix-writers b/submodules/nix-writers index d856f05da..c528cf970 160000 --- a/submodules/nix-writers +++ b/submodules/nix-writers @@ -1 +1 @@ -Subproject commit d856f05daff9cd726d1e798f1bb9a18eecbe2f50 +Subproject commit c528cf970e292790b414b4c1c8c8e9d7e73b2a71 -- cgit v1.2.3 From bd539533789a85a1786ae6f997a76d16d453b7f4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 26 Mar 2019 14:39:52 +0100 Subject: l blue: use file nixpkgs deployment when not testing --- lass/1systems/blue/source.nix | 17 ++++------------- lass/krops.nix | 5 ++--- 2 files changed, 6 insertions(+), 16 deletions(-) diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index a52771a4d..8f748ab8f 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,20 +1,11 @@ { lib, pkgs, ... }: { nixpkgs = lib.mkForce { - derivation = let + file = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; - in '' - with import (builtins.fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; - sha256 = "${sha256}"; - }) {}; - pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = "${rev}"; - sha256 = "${sha256}"; - } - ''; + }); }; } diff --git a/lass/krops.nix b/lass/krops.nix index d64454ea5..12652216a 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -11,7 +11,7 @@ {} ; - source = { test }: lib.evalSource [ + source = { test }: lib.evalSource ([ (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; @@ -24,8 +24,7 @@ }; }; } - host-source - ]; + ] ++ (lib.optional (! test) host-source)); in { -- cgit v1.2.3 From 2b748822b18a41b6ff9beb6bafeb9753eebb2e56 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 17:47:31 +0200 Subject: nixpkgs: 8abca4b -> 2229509 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 28c98ceb2..1ee21020b 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "8abca4bc7b8b313c6e3073d074d623d1095c0dba", - "date": "2019-03-07T09:54:51+01:00", - "sha256": "1qhhlqkwzxwhq8ga4n7p4zg4nrhl79m6x4qd0pgaic6n4z5m82gr", + "rev": "222950952f15f6b1e9f036b80440b597f23e652d", + "date": "2019-04-05T10:07:50+02:00", + "sha256": "1hfchhy8vlc333sglabk1glkcnv4mrnarm9j4havqn7g5ri68vrd", "fetchSubmodules": false } -- cgit v1.2.3 From 1c014eb05c0022906629ee7fb9189cf6764ddc2f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:08:54 +0200 Subject: l prism.r: add syncthing.id --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 7352d36e9..0b5eb93ce 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -106,6 +106,7 @@ in { }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; + syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU"; }; archprism = { cores = 1; -- cgit v1.2.3 From a8c958821dcc9912dddb6727a4ad74a4dbcbe02f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:10:02 +0200 Subject: l skynet.r: add wiregrill --- krebs/3modules/lass/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0b5eb93ce..9c18f8a73 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -327,6 +327,13 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "5ce7"; + aliases = [ + "skynet.w" + ]; + wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU="; + }; }; secure = true; ssh.privkey.path = ; -- cgit v1.2.3 From e56e7fbe7103f4c570bf8e4cdee764b9ad0b5062 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:19:05 +0200 Subject: l phone.w: rotate all keys --- krebs/3modules/lass/default.nix | 4 ++-- krebs/3modules/lass/ssh/android.rsa | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 9c18f8a73..146d7a441 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -502,12 +502,12 @@ in { aliases = [ "phone.w" ]; - wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw="; + wireguard.pubkey = "MRicxap2VxPnzmXoOqqjQNGWJ54cQC8Tfy28+IXXsxM="; }; }; external = true; ci = false; - syncthing.id = "V6D4CKT-7POOIKX-KB6UM7R-3R774RB-DSZ26FE-MSW3VTO-6AIJCIA-ZHJXKA7"; + syncthing.id = "DUFMX7V-HNR6WXM-LZB5LJE-TM6QIOH-MTGHEUJ-QSD3XIY-YRFJLOR-G6Y3XQB"; }; morpheus = { cores = 1; diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa index 3d35b76e4..675ba8df2 100644 --- a/krebs/3modules/lass/ssh/android.rsa +++ b/krebs/3modules/lass/ssh/android.rsa @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPH4c2zQCaCmus4T9GvaY1lrgVR9CKV3Fx1vRn1K1XB u0_a194@android +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPF7RHU4q6w1f3xWcfeAD6u23jDs2fd/H3IuxdT5G1ZL -- cgit v1.2.3 From 212e7f4b9843790e29fd990a17279dc96e181baf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:21:18 +0200 Subject: syncthing: add id option --- krebs/3modules/syncthing.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 3c60eec4b..34879fd3f 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -11,8 +11,7 @@ let }) cfg.peers; folders = map (folder: { - inherit (folder) path type; - id = folder.path; + inherit (folder) path id type; devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers; rescanIntervalS = folder.rescanInterval; fsWatcherEnabled = folder.watch; @@ -83,13 +82,18 @@ in folders = mkOption { default = []; - type = types.listOf (types.submodule ({ + type = types.listOf (types.submodule ({ config, ... }: { options = { path = mkOption { type = types.absolute-pathname; }; + id = mkOption { + type = types.str; + default = config.path; + }; + peers = mkOption { type = types.listOf types.str; default = []; -- cgit v1.2.3 From 853e6b6d2610a9c49bf24c1c29ab59fddad64382 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:26:45 +0200 Subject: l: add ensure-permissions module --- lass/3modules/default.nix | 1 + lass/3modules/ensure-permissions.nix | 66 ++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 lass/3modules/ensure-permissions.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 613c7c8ac..59043aeb1 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -3,6 +3,7 @@ _: imports = [ ./dnsmasq.nix ./ejabberd + ./ensure-permissions.nix ./folderPerms.nix ./hosts.nix ./mysql-backup.nix diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix new file mode 100644 index 000000000..36edc1127 --- /dev/null +++ b/lass/3modules/ensure-permissions.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: with import ; + +let + + cfg = config.lass.ensure-permissions; + +in + +{ + options.lass.ensure-permissions = mkOption { + default = []; + type = types.listOf (types.submodule ({ + options = { + + folder = mkOption { + type = types.absolute-pathname; + }; + + owner = mkOption { + # TODO user type + type = types.str; + default = "root"; + }; + + group = mkOption { + # TODO group type + type = types.str; + default = "root"; + }; + + permission = mkOption { + # TODO permission type + type = types.str; + default = "u+rw,g+rw"; + }; + + }; + })); + }; + + config = mkIf (cfg != []) { + + system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: '' + ${pkgs.coreutils}/bin/mkdir -p ${plan.folder} + ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder} + ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder} + '') cfg; + systemd.services = + listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "always"; + RestartSec = 10; + ExecStart = pkgs.writeDash "ensure-perms" '' + ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \ + | while IFS= read -r FILE; do + ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null + ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null + done + ''; + }; + }) cfg) + ; + + }; +} -- cgit v1.2.3 From 797dd8cc2ac3b67ec385e0350db1c3c77012486f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:44:57 +0200 Subject: l: sync more with syncthing --- lass/1systems/blue/config.nix | 7 +++++++ lass/1systems/mors/config.nix | 10 ++++++++++ lass/2configs/syncthing.nix | 11 ++++++++++- 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index d740403da..da555a860 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -13,6 +13,13 @@ with import ; krebs.build.host = config.krebs.hosts.blue; + krebs.syncthing.folders = [ + { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + ]; + environment.shellAliases = { deploy = pkgs.writeDash "deploy" '' set -eu diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index f35ebff56..250d96e53 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -48,6 +48,16 @@ with import ; { predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; } ]; } + { + krebs.syncthing.folders = [ + { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } + ]; + } { lass.umts = { enable = true; diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 164e89679..842abc195 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -3,6 +3,7 @@ with import ; { services.syncthing = { enable = true; + group = "syncthing"; }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} @@ -14,7 +15,15 @@ with import ; key = toString ; peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); folders = [ - { path = "/tmp/testsync"; peers = [ "icarus" "mors" "skynet" ]; } + { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism"]; } ]; }; + + system.activationScripts.syncthing-home = '' + ${pkgs.coreutils}/bin/chmod a+x /home/lass + ''; + + lass.ensure-permissions = [ + { folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; } + ]; } -- cgit v1.2.3 From 44a48a8d3a4ce4732545a96828bf41ab6cf283da Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:35:34 +0200 Subject: l: add green.r --- krebs/3modules/lass/default.nix | 40 ++++++++++++++++++++++++++++++++++++++++ lass/1systems/green/config.nix | 28 ++++++++++++++++++++++++++++ lass/1systems/green/physical.nix | 8 ++++++++ lass/1systems/green/source.nix | 14 ++++++++++++++ 4 files changed, 90 insertions(+) create mode 100644 lass/1systems/green/config.nix create mode 100644 lass/1systems/green/physical.nix create mode 100644 lass/1systems/green/source.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 146d7a441..a3b8cab39 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -495,6 +495,46 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD"; }; + + green = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.66"; + ip6.addr = r6 "12ee"; + aliases = [ + "green.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk + uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx + ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477 + n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI + hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6 + m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6 + BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1 + pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy + 2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk + UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA + udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT + 3MVh92sFyMVYkJcL7SISk80CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "12ee"; + aliases = [ + "green.w" + ]; + wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk="; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 "; + syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM"; + }; + phone = { nets = { wiregrill = { diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix new file mode 100644 index 000000000..6ae157e38 --- /dev/null +++ b/lass/1systems/green/config.nix @@ -0,0 +1,28 @@ +with import ; +{ config, lib, pkgs, ... }: +{ + imports = [ + + + + + + + # + + ]; + + krebs.build.host = config.krebs.hosts.green; + + krebs.syncthing.folders = [ + { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + ]; + + + #networking.nameservers = [ "1.1.1.1" ]; + + #time.timeZone = "Europe/Berlin"; +} diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix new file mode 100644 index 000000000..7499ff723 --- /dev/null +++ b/lass/1systems/green/physical.nix @@ -0,0 +1,8 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = false; + environment.variables.NIX_REMOTE = "daemon"; +} diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix new file mode 100644 index 000000000..21f3a8bd5 --- /dev/null +++ b/lass/1systems/green/source.nix @@ -0,0 +1,14 @@ +{ lib, pkgs, ... }: +{ + nixpkgs = lib.mkForce { + file = { + path = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; + sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; + }); + useChecksum = true; + }; + }; +} -- cgit v1.2.3 From 4769b3186597117daec579ac71df79e2fafabcf5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:55:47 +0200 Subject: l blue.r: backup with services.restic --- lass/1systems/blue/config.nix | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index da555a860..84c8a5b3e 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -30,7 +30,7 @@ with import ; networking.nameservers = [ "1.1.1.1" ]; - lass.restic = genAttrs [ + services.restic.backups = genAttrs [ "daedalus" "icarus" "littleT" @@ -38,20 +38,19 @@ with import ; "shodan" "skynet" ] (dest: { - dirs = [ - "/home/" - "/var/lib" + initialize = true; + extraOptions = [ + "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" ]; + repository = "sftp:backup@${dest}.r:/backups/blue"; passwordFile = (toString ) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/blue"; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" + timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; + paths = [ + "/home/" + "/var/lib" ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; }); + time.timeZone = "Europe/Berlin"; users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ]; } -- cgit v1.2.3 From d72523a157380b602f9033404c63f512693cbb09 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:56:27 +0200 Subject: l blue.r deploy: point to stockholms new dir --- lass/1systems/blue/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index 84c8a5b3e..a287f548b 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -24,7 +24,7 @@ with import ; deploy = pkgs.writeDash "deploy" '' set -eu export SYSTEM="$1" - $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) + $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; }; -- cgit v1.2.3 From fc85c6d16800f73eb088c42cf67f9f6918ce3001 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:56:50 +0200 Subject: l blue.r: add checksum check to nixpkgs populate --- lass/1systems/blue/source.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index 8f748ab8f..21f3a8bd5 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,11 +1,14 @@ { lib, pkgs, ... }: { nixpkgs = lib.mkForce { - file = toString (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; - sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; - }); + file = { + path = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; + sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; + }); + useChecksum = true; + }; }; } -- cgit v1.2.3 From 15fe4f74471fd4da438a7939fbad50ca41ae36b5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:58:28 +0200 Subject: l backups: don't mount /backups --- lass/2configs/backup.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix index d23cf9a43..94272fdb0 100644 --- a/lass/2configs/backup.nix +++ b/lass/2configs/backup.nix @@ -2,19 +2,11 @@ with import ; { - fileSystems = { - "/backups" = { - device = "/dev/pool/backup"; - fsType = "ext4"; - }; - }; users.users.backup = { useDefaultShell = true; home = "/backups"; createHome = true; openssh.authorizedKeys.keys = with config.krebs.hosts; [ - mors.ssh.pubkey - prism.ssh.pubkey blue.ssh.pubkey ]; }; -- cgit v1.2.3 From 02515a27de2141558f390939dc2e0824c0665e2f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:57:26 +0200 Subject: l mors.r: add /backups fs --- lass/1systems/mors/physical.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix index 680dc9bde..25425f146 100644 --- a/lass/1systems/mors/physical.nix +++ b/lass/1systems/mors/physical.nix @@ -15,6 +15,10 @@ device = "/dev/mapper/pool-virtual"; fsType = "ext4"; }; + "/backups" = { + device = "/dev/pool/backup"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' -- cgit v1.2.3 From 2b1140bc4c98b40bd7100ead1b20a7569873157f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:57:58 +0200 Subject: l daedalus.r: add /backups fs --- lass/1systems/daedalus/physical.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix index 33a0cb473..d10ced7da 100644 --- a/lass/1systems/daedalus/physical.nix +++ b/lass/1systems/daedalus/physical.nix @@ -11,6 +11,10 @@ fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; + "/backups" = { + device = "/dev/pool/backup"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' -- cgit v1.2.3 From 79fcc0eb126b45f07982f9f12de39346151df4cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:59:31 +0200 Subject: l shodan.r: add /backups fs --- lass/1systems/shodan/physical.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 4a550d0a4..41508127c 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -38,6 +38,10 @@ device = "/dev/pool/bku"; fsType = "btrfs"; }; + "/backups" = { + device = "/dev/pool/backup"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' -- cgit v1.2.3 From 1c999ffaaea7a1856a8fcd53f178f8b79e5f9c17 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:00:05 +0200 Subject: l yellow.r: fix startup permissions --- lass/1systems/yellow/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 9d8bcd7be..5737faea3 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -11,7 +11,8 @@ with import ; system.activationScripts.downloadFolder = '' mkdir -p /var/download - chown download:download /var/download + chown transmission:download /var/download + chown transmission:download /var/download/finished chmod 775 /var/download ''; -- cgit v1.2.3 From 3f23200f7bc5b26ad1f7a05800812dd8548a09ca Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:01:31 +0200 Subject: l yellow.r: show nginx for all hosts --- lass/1systems/yellow/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 5737faea3..8b3b2814f 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -44,7 +44,7 @@ with import ; fancyindex ]; }; - virtualHosts."dl" = { + virtualHosts.default = { default = true; locations."/Nginx-Fancyindex-Theme-dark" = { extraConfig = '' -- cgit v1.2.3 From cbc493e82b1550b5fb1715fd78a05d0ba3a4745b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:05:03 +0200 Subject: l blue: open port 9998 --- lass/2configs/blue.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index cdd77e847..aad8411b1 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -23,8 +23,8 @@ with (import ); krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";} - { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";} - { predicate = "-i wiregrill -p tcp --dport 9999"; target = "ACCEPT";} + { predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";} + { predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";} ]; systemd.services.chat = let -- cgit v1.2.3 From d820e42a584160f3ff7d00a8ccf19ae82717ba90 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:08:11 +0200 Subject: l: import backup.nix --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 085cc04b7..646d3e0c1 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -4,6 +4,7 @@ with import ; imports = [ ./binary-cache/client.nix + ./backup.nix ./gc.nix ./mc.nix ./vim.nix -- cgit v1.2.3 From d817fe8a18625eb684f06de97e058f66ebbea50d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:08:32 +0200 Subject: l: don't authorize shodan/icarus --- lass/2configs/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 646d3e0c1..9dc2eed21 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -43,8 +43,6 @@ with import ; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey - config.krebs.users.lass-shodan.pubkey - config.krebs.users.lass-icarus.pubkey ]; }; }; -- cgit v1.2.3 From c3e644d0f597218a6e419a8c779789e302f40e0e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:09:12 +0200 Subject: l yellow.r: add lass-android to download keys --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 23746d210..8e710322f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -386,6 +386,7 @@ with import ; lass-icarus.pubkey lass-daedalus.pubkey lass-helios.pubkey + lass-android.pubkey makefu.pubkey wine-mors.pubkey ]; -- cgit v1.2.3 From 7d971fc78e35bbc0a84d51b45a5aaa18dfa65a59 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:09:37 +0200 Subject: l icarus.r: share prism in local network --- lass/1systems/icarus/config.nix | 2 ++ lass/2configs/prism-share.nix | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 lass/2configs/prism-share.nix diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 868d75083..06b1e7366 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -18,6 +18,8 @@ + + ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/2configs/prism-share.nix b/lass/2configs/prism-share.nix new file mode 100644 index 000000000..70e616ec6 --- /dev/null +++ b/lass/2configs/prism-share.nix @@ -0,0 +1,39 @@ +with import ; +{ config, pkgs, ... }: + +{ + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 139"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 445"; target = "ACCEPT"; } + { predicate = "-p udp --dport 137"; target = "ACCEPT"; } + { predicate = "-p udp --dport 138"; target = "ACCEPT"; } + ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + services.samba = { + enable = true; + enableNmbd = true; + shares = { + incoming = { + path = "/mnt/prism"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} -- cgit v1.2.3 From 7bcf1f327a16b2cd4d54742f1689cc46ec99cb44 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:11:38 +0200 Subject: l virtualbox: disable ExtensionPack --- lass/2configs/virtualbox.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index cfb835d78..cd270bdf8 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -6,7 +6,6 @@ let in { #services.virtualboxHost.enable = true; virtualisation.virtualbox.host.enable = true; - nixpkgs.config.virtualbox.enableExtensionPack = true; virtualisation.virtualbox.host.enableHardening = false; users.extraUsers = { -- cgit v1.2.3 From 33283cb99c9a9494f8530542f1ab72a432b1709c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:14:54 +0200 Subject: l: remove prometheus monitoring --- lass/1systems/prism/config.nix | 1 - lass/2configs/default.nix | 1 - lass/2configs/monitoring/node-exporter.nix | 15 -- lass/2configs/monitoring/prometheus-server.nix | 217 ------------------------- 4 files changed, 234 deletions(-) delete mode 100644 lass/2configs/monitoring/node-exporter.nix delete mode 100644 lass/2configs/monitoring/prometheus-server.nix diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 8e710322f..6ff900719 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -139,7 +139,6 @@ with import ; - { # quasi bepasty.nix imports = [ diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 9dc2eed21..7ee83c174 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -8,7 +8,6 @@ with import ; ./gc.nix ./mc.nix ./vim.nix - ./monitoring/node-exporter.nix ./zsh.nix ./htop.nix ./security-workarounds.nix diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix deleted file mode 100644 index 561e3a25c..000000000 --- a/lass/2configs/monitoring/node-exporter.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; } - { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; } - ]; - services.prometheus.exporters = { - node = { - enable = true; - enabledCollectors = [ - "systemd" - ]; - }; - }; -} diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix deleted file mode 100644 index b7083c776..000000000 --- a/lass/2configs/monitoring/prometheus-server.nix +++ /dev/null @@ -1,217 +0,0 @@ -{ pkgs, lib, config, ... }: -{ - #networking = { - # firewall.allowedTCPPorts = [ - # 3000 # grafana - # 9090 # prometheus - # 9093 # alertmanager - # ]; - # useDHCP = true; - #}; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; } - ]; - - services = { - prometheus = { - enable = true; - extraFlags = [ - "-storage.local.retention 8760h" - "-storage.local.series-file-shrink-ratio 0.3" - "-storage.local.memory-chunks 2097152" - "-storage.local.max-chunks-to-persist 1048576" - "-storage.local.index-cache-size.fingerprint-to-metric 2097152" - "-storage.local.index-cache-size.fingerprint-to-timerange 1048576" - "-storage.local.index-cache-size.label-name-to-label-values 2097152" - "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040" - ]; - alertmanagerURL = [ "http://localhost:9093" ]; - rules = [ - '' - ALERT node_down - IF up == 0 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Node is down.", - description = "{{$labels.alias}} has been down for more than 5 minutes." - } - ALERT node_systemd_service_failed - IF node_systemd_unit_state{state="failed"} == 1 - FOR 4m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.", - description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}." - } - ALERT node_filesystem_full_90percent - IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Filesystem is running out of space soon.", - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem." - } - ALERT node_filesystem_full_in_4h - IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.", - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours" - } - ALERT node_filedescriptors_full_in_3h - IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum - FOR 20m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}} is running out of available file descriptors