From c47c07d4274dfcf2cfe82bc087e2eace2a4b62b3 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Jan 2016 03:37:38 +0100 Subject: ma 1 omo: add sabnzbd; --- makefu/1systems/omo.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e19205a95..3daa74cf2 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -30,7 +30,14 @@ in { ../3modules ]; krebs.build.host = config.krebs.hosts.omo; + + # copy config from to /var/lib/sabnzbd/ + services.sabnzbd.enable = true; + systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + + # HDD Array stuff services.smartd.devices = builtins.map (x: { device = x; }) allDisks; + makefu.snapraid = let toMapper = id: "/media/crypt${builtins.toString id}"; in { @@ -38,7 +45,6 @@ in { disks = map toMapper [ 0 1 ]; parity = toMapper 2; }; - # AMD E350 fileSystems = let cryptMount = name: { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; @@ -56,6 +62,7 @@ in { ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} ${pkgs.hdparm}/sbin/hdparm -y ${disk} '') allDisks); + boot = { initrd.luks = { devices = let @@ -87,10 +94,13 @@ in { }; networking.firewall.allowedUDPPorts = [ 655 ]; + # 8080: sabnzbd + networking.firewall.allowedTCPPorts = [ 655 8080 ]; + hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; - #zramSwap.enable = true; + zramSwap.enable = true; zramSwap.numDevices = 2; } -- cgit v1.2.3 From f678d7e083c596e06057b8037dc1c321842ce838 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 13 Jan 2016 23:20:40 +0100 Subject: ma 2 zsh-user: compinit is being automatically --- makefu/2configs/hw/tp-x2x0.nix | 7 +++++++ makefu/2configs/zsh-user.nix | 3 +-- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 047895ce6..ebc72a06e 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -24,5 +24,12 @@ with lib; services.tlp.enable = true; services.tlp.extraConfig = '' START_CHARGE_THRESH_BAT0=80 + + CPU_SCALING_GOVERNOR_ON_AC=performance + CPU_SCALING_GOVERNOR_ON_BAT=ondemand + CPU_MIN_PERF_ON_AC=0 + CPU_MAX_PERF_ON_AC=100 + CPU_MIN_PERF_ON_BAT=0 + CPU_MAX_PERF_ON_BAT=30 ''; } diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 1b1762418..f79f258f3 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -19,8 +19,7 @@ in bindkey -e # shift-tab bindkey '^[[Z' reverse-menu-complete - - autoload -U compinit && compinit + bindkey "\e[3~" delete-char zstyle ':completion:*' menu select # load gpg-agent -- cgit v1.2.3 From e0b71680b0da8a12d2fcc54cff25a71d5a408075 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Jan 2016 11:15:20 +0100 Subject: ma 2 virtualization: add firewall exception for checkReversePath --- makefu/2configs/virtualization.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/2configs/virtualization.nix b/makefu/2configs/virtualization.nix index b3f8c8284..b90467ab8 100644 --- a/makefu/2configs/virtualization.nix +++ b/makefu/2configs/virtualization.nix @@ -5,4 +5,5 @@ let in { virtualisation.libvirtd.enable = true; users.extraUsers.${mainUser.name}.extraGroups = [ "libvirtd" ]; + networking.firewall.checkReversePath = false; # TODO: unsolved issue in nixpkgs:#9067 [bug] } -- cgit v1.2.3 From 1e845f7b765c4039f7541fb3542ba2bf76bb323c Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Jan 2016 12:42:52 +0100 Subject: ma 1 omo: use sftp share --- makefu/1systems/omo.nix | 4 ++++ makefu/2configs/share-user-sftp.nix | 21 +++++++++++++++++++++ makefu/2configs/smart-monitor.nix | 4 +--- 3 files changed, 26 insertions(+), 3 deletions(-) create mode 100644 makefu/2configs/share-user-sftp.nix (limited to 'makefu') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 3daa74cf2..2a657995c 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -27,9 +27,12 @@ in { ../2configs/exim-retiolum.nix ../2configs/smart-monitor.nix ../2configs/mail-client.nix + ../2configs/share-user-sftp.nix ../3modules ]; + # services.openssh.allowSFTP = false; krebs.build.host = config.krebs.hosts.omo; + # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; @@ -103,4 +106,5 @@ in { zramSwap.enable = true; zramSwap.numDevices = 2; + } diff --git a/makefu/2configs/share-user-sftp.nix b/makefu/2configs/share-user-sftp.nix new file mode 100644 index 000000000..2c93143ec --- /dev/null +++ b/makefu/2configs/share-user-sftp.nix @@ -0,0 +1,21 @@ +{ config, ... }: + +{ + users.users = { + share = { + uid = 9002; + home = "/var/empty"; + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; + }; + }; + # we will use internal-sftp to make uncomplicated Chroot work + services.openssh.extraConfig = '' + Match User share + ChrootDirectory /media + ForceCommand internal-sftp + AllowTcpForwarding no + PermitTunnel no + X11Forwarding no + Match All + ''; +} diff --git a/makefu/2configs/smart-monitor.nix b/makefu/2configs/smart-monitor.nix index 9b0290a9b..a37969d3d 100644 --- a/makefu/2configs/smart-monitor.nix +++ b/makefu/2configs/smart-monitor.nix @@ -12,8 +12,6 @@ # short daily, long weekly, check on boot defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)"; - devices = lib.mkDefault [{ - device = "/dev/sda"; - }]; + devices = lib.mkDefault [ ]; }; } -- cgit v1.2.3 From 1d18ada0773443fddd22ddce04373da782b034a7 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Jan 2016 12:43:59 +0100 Subject: ma 3 umts: init --- makefu/1systems/pornocauster.nix | 5 ++- makefu/2configs/wwan.nix | 36 ++++--------------- makefu/3modules/default.nix | 1 + makefu/3modules/umts.nix | 76 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 87 insertions(+), 31 deletions(-) create mode 100644 makefu/3modules/umts.nix (limited to 'makefu') diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 690e26b36..d7fa8edc5 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -35,12 +35,14 @@ # ../2configs/mediawiki.nix #../2configs/wordpress.nix ]; + hardware.sane.enable = true; + hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; krebs.Reaktor = { - enable = true; + enable = false; nickname = "makefu|r"; plugins = with pkgs.ReaktorPlugins; [ nixos-version random-emoji ]; }; @@ -59,6 +61,7 @@ hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" '' ${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"} load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"''; + networking.firewall.enable = false; networking.firewall.allowedTCPPorts = [ 25 ]; diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/wwan.nix index 29a610ac6..1e76cd28a 100644 --- a/makefu/2configs/wwan.nix +++ b/makefu/2configs/wwan.nix @@ -1,33 +1,9 @@ -{ config, lib, pkgs, ... }: +_: -#usage: $ wvdial - -let - mainUser = config.krebs.build.user; -in { - environment.systemPackages = with pkgs;[ - wvdial - ]; - - environment.shellAliases = { - umts = "sudo wvdial netzclub"; +{ + imports = [ ../3modules ]; + makefu.umts = { + enable = true; + modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01"; }; - - # configure for NETZCLUB - environment.wvdial.dialerDefaults = '' - Phone = *99***1# - Dial Command = ATDT - Modem = /dev/ttyACM0 - Baud = 460800 - Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 - Init2 = ATZ - Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 - ISDN = 0 - Modem Type = Analog Modem - Username = netzclub - Password = netzclub - Stupid Mode = 1 - Idle Seconds = 0''; - - users.extraUsers.${mainUser.name}.extraGroups = [ "dialout" ]; } diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 218c9138e..f007a8418 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -3,6 +3,7 @@ _: { imports = [ ./snapraid.nix + ./umts.nix ]; } diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix new file mode 100644 index 000000000..d7be45f62 --- /dev/null +++ b/makefu/3modules/umts.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + # TODO: currently it is only netzclub + umts-bin = pkgs.writeScriptBin "umts" '' + #!/bin/sh + set -euf + systemctl start umts + trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT + echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf + journalctl -xfu umts + ''; + + wvdial-defaults = '' + Phone = *99***1# + Dial Command = ATDT + Modem = ${cfg.modem-device} + Baud = 460800 + Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + Init2 = ATZ + Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 + ISDN = 0 + Modem Type = Analog Modem + Username = netzclub + Password = netzclub + Stupid Mode = 1 + Idle Seconds = 0''; + + cfg = config.makefu.umts; + + out = { + options.makefu.umts = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "umts"; + + modem-device = mkOption { + default = "/dev/ttyUSB0"; + type = types.str; + description = '' + path to modem device, use /dev/serial/by-id/... + to avoid race conditions. + ''; + }; + }; + + imp = { + environment.shellAliases = { + umts = "sudo ${umts-bin}/bin/umts"; + }; + environment.systemPackages = [ ]; + + environment.wvdial.dialerDefaults = wvdial-defaults; + + systemd.targets.network-umts = { + description = "System is running on UMTS"; + unitConfig.StopWhenUnneeded = true; + }; + + systemd.services.umts = { + description = "UMTS wvdial Service"; + before = [ "network-umts.target" ]; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = "4s"; + ExecStart = "${pkgs.wvdial}/bin/wvdial -n"; + }; + }; + }; +in out -- cgit v1.2.3 From 2ef651f78d0b8e2bf19f9bdbbfa982a0a5991c22 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 16 Jan 2016 01:30:37 +0100 Subject: ma 2 default: useroaming no, omo: provide share --- makefu/1systems/omo.nix | 4 ++-- makefu/2configs/default.nix | 7 ++++++- makefu/2configs/nginx/omo-share.nix | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 makefu/2configs/nginx/omo-share.nix (limited to 'makefu') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 2a657995c..e11665fbc 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -28,11 +28,11 @@ in { ../2configs/smart-monitor.nix ../2configs/mail-client.nix ../2configs/share-user-sftp.nix + ../2configs/nginx/omo-share.nix ../3modules ]; # services.openssh.allowSFTP = false; krebs.build.host = config.krebs.hosts.omo; - # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; @@ -98,7 +98,7 @@ in { networking.firewall.allowedUDPPorts = [ 655 ]; # 8080: sabnzbd - networking.firewall.allowedTCPPorts = [ 655 8080 ]; + networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 7593eaff7..7771e24d4 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -65,7 +65,12 @@ with lib; time.timeZone = "Europe/Berlin"; #nix.maxJobs = 1; - programs.ssh.startAgent = false; + programs.ssh = { + startAgent = false; + extraConfig = '' + UseRoaming no + ''; + }; services.openssh.enable = true; nix.useChroot = true; diff --git a/makefu/2configs/nginx/omo-share.nix b/makefu/2configs/nginx/omo-share.nix new file mode 100644 index 000000000..ce85e0442 --- /dev/null +++ b/makefu/2configs/nginx/omo-share.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = config.krebs.build.host.name; + # TODO local-ip from the nets config + local-ip = "192.168.1.11"; + # local-ip = head config.krebs.build.host.nets.retiolum.addrs4; +in { + krebs.nginx = { + enable = mkDefault true; + servers = { + omo-share = { + listen = [ "${local-ip}:80" ]; + locations = singleton (nameValuePair "/" '' + autoindex on; + root /media; + limit_rate_after 100m; + limit_rate 5m; + mp4_buffer_size 4M; + mp4_max_buffer_size 10M; + allow all; + access_log off; + keepalive_timeout 65; + keepalive_requests 200; + reset_timedout_connection on; + sendfile on; + tcp_nopush on; + gzip off; + ''); + }; + }; + }; +} -- cgit v1.2.3 From f42d23f69bb84186b5218cfa49e1321a80acc293 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 17 Jan 2016 00:40:06 +0100 Subject: ma 2 smart-monitor: disable autodetection --- makefu/1systems/gum.nix | 5 ++++- makefu/2configs/smart-monitor.nix | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 1907424ec..ac7524506 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -21,7 +21,7 @@ in { ]; - + services.smartd.devices = [ { device = "/dev/sda";} ]; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; ###### stable @@ -32,6 +32,9 @@ in { ListenAddress = ${external-ip} 655 ListenAddress = ${external-ip} 21031 ''; + krebs.nginx.servers.cgit.server-names = [ + "cgit.euer.krebsco.de" + ]; # Chat environment.systemPackages = with pkgs;[ diff --git a/makefu/2configs/smart-monitor.nix b/makefu/2configs/smart-monitor.nix index a37969d3d..daf3aad01 100644 --- a/makefu/2configs/smart-monitor.nix +++ b/makefu/2configs/smart-monitor.nix @@ -3,6 +3,7 @@ krebs.exim-retiolum.enable = lib.mkDefault true; services.smartd = { enable = true; + autodetect = false; notifications = { mail = { enable = true; -- cgit v1.2.3 From 908149206b4680c951487d9ddded6636b35cd4d9 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 17 Jan 2016 00:40:26 +0100 Subject: ma 1 omo: bump to unstable@2016-01-13 --- makefu/1systems/omo.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e11665fbc..552af4e4f 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -33,6 +33,7 @@ in { ]; # services.openssh.allowSFTP = false; krebs.build.host = config.krebs.hosts.omo; + krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; -- cgit v1.2.3 From 769b939e8d74ad3d6358ccebc1ed356c3ba3f219 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 17 Jan 2016 00:41:02 +0100 Subject: ma 2 vim: disable youcompleteme, install breaks --- makefu/2configs/vim.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix index 02a46d22a..227d73c81 100644 --- a/makefu/2configs/vim.nix +++ b/makefu/2configs/vim.nix @@ -122,7 +122,7 @@ in { vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; vimrcConfig.vam.pluginDictionaries = [ { names = [ "undotree" - "YouCompleteMe" + # "YouCompleteMe" "vim-better-whitespace" ]; } { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } ]; -- cgit v1.2.3 From de891cf43181d28cbc9526993df4e55022d230da Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 17 Jan 2016 00:46:28 +0100 Subject: ma 2 default: whitelist unrar from unfree --- makefu/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 7771e24d4..ec1100582 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -13,7 +13,7 @@ with lib; ./vim.nix ]; - + nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); krebs = { enable = true; search-domain = "retiolum"; -- cgit v1.2.3 From 818ea249f08846a1b5efdf4cb09ba94e07e44e74 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 19 Jan 2016 20:04:29 +0100 Subject: ma 2 git/cgit: add init-stockholm repo --- makefu/2configs/git/cgit-retiolum.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'makefu') diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 35bb169cf..7d85eb8d1 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -16,6 +16,9 @@ let desc = "Tinc Advanced Graph Generation"; }; cac = { }; + init-stockholm = { + desc = "Init stuff for stockholm"; + }; }; priv-repos = mapAttrs make-priv-repo { -- cgit v1.2.3 From 1b39a26933966c5da8316f81ae67ff88e56d348d Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 19 Jan 2016 20:37:46 +0100 Subject: ma 2 tinc-basic-retiolum: remove obsolete hosts path - corresponds with defaults --- makefu/2configs/tinc-basic-retiolum.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix index 2abf4f188..f49c596fc 100644 --- a/makefu/2configs/tinc-basic-retiolum.nix +++ b/makefu/2configs/tinc-basic-retiolum.nix @@ -4,7 +4,6 @@ with lib; { krebs.retiolum = { enable = true; - hosts = ../../krebs/Zhosts; connectTo = [ "gum" "pigstarter" -- cgit v1.2.3 From 93c217475155f4a7770607b854da9c95ff7b336c Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 13 Jan 2016 12:20:01 +0100 Subject: ma 5 awesomecfg/full: remove volume field --- makefu/5pkgs/awesomecfg/full.cfg | 3 --- 1 file changed, 3 deletions(-) (limited to 'makefu') diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index 15711a5d5..c1b58aa90 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -38,8 +38,6 @@ do end) end -- }}} -volwidget = wibox.widget.textbox() -vicious.register(volwidget, vicious.widgets.volume, " $1% ", 2, "Master") -- {{{ Mails widget type local function worker(format,warg) @@ -258,7 +256,6 @@ for s = 1, screen.count() do local right_layout = wibox.layout.fixed.horizontal() right_layout:add(mailwidget) if s == 1 then right_layout:add(wibox.widget.systray()) end - right_layout:add(volwidget) right_layout:add(cpuwidget) right_layout:add(batwidget) right_layout:add(mytextclock) -- cgit v1.2.3 From fbe826ba2ae916b8f8fab1293e302e22a5d0b579 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 18 Jan 2016 12:54:03 +0100 Subject: ma 1 vbob: remove unstable --- makefu/1systems/vbob.nix | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index b8c02cb67..d95362919 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -2,9 +2,7 @@ # # { lib, config, pkgs, ... }: -let - pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; -in { +{ krebs.build.host = config.krebs.hosts.vbob; krebs.build.target = "root@10.10.10.220"; imports = @@ -15,14 +13,13 @@ in { # environment ]; + nixpkgs.config.allowUnfree = true; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; - buildbot = pkgs-unst.buildbot; - buildbot-slave = pkgs-unst.buildbot-slave; }; makefu.buildbot.master = { - enable = true; + enable = false; irc = { enable = true; server = "cd.retiolum"; @@ -30,8 +27,9 @@ in { allowForce = true; }; }; + # services.logstash.enable = true; makefu.buildbot.slave = { - enable = true; + enable = false; masterhost = "localhost"; username = "testslave"; password = "krebspass"; @@ -41,8 +39,8 @@ in { krebs.build.source.git.nixpkgs = { #url = https://github.com/nixos/nixpkgs; - # HTTP Everywhere - rev = "a3974e"; + # HTTP Everywhere + libredir + rev = "8239ac6"; }; fileSystems."/nix" = { device ="/dev/disk/by-label/nixstore"; @@ -56,9 +54,12 @@ in { }; }; environment.systemPackages = with pkgs;[ + fortclientsslvpn buildbot buildbot-slave get + genid + logstash ]; networking.firewall.allowedTCPPorts = [ -- cgit v1.2.3 From 440e78fc9946d3abf74ae1eeeea1532e84fddec6 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 19 Jan 2016 20:26:38 +0100 Subject: makefu: init wbob --- makefu/1systems/wbob.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 makefu/1systems/wbob.nix (limited to 'makefu') diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix new file mode 100644 index 000000000..d6916f006 --- /dev/null +++ b/makefu/1systems/wbob.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: +{ + imports = + [ # Include the results of the hardware scan. + ../2configs/main-laptop.nix + ]; + krebs = { + enable = true; + retiolum.enable = true; + build.host = config.krebs.hosts.wbob; + }; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" ]; + boot.kernelModules = [ "kvm-intel" ]; + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; +} -- cgit v1.2.3 From 69daaa8f3477cdfbe8d0b508c12ee5d976586e11 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 23 Jan 2016 00:22:56 +0100 Subject: ma 2 urlwatch: add acng --- makefu/2configs/urlwatch.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index a83279ba2..f869f5a78 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -29,6 +29,7 @@ https://pypi.python.org/simple/bepasty/ https://pypi.python.org/simple/xstatic/ http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ + http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ ]; }; } -- cgit v1.2.3 From d1a371f48b95140279528c2a2ff619d39c177a7c Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 27 Jan 2016 22:00:50 +0100 Subject: ma 1 omo: add samba share --- makefu/1systems/omo.nix | 49 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 5 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 552af4e4f..9162f2ed4 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -32,9 +32,35 @@ in { ../3modules ]; # services.openssh.allowSFTP = false; - krebs.build.host = config.krebs.hosts.omo; krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; + # samba share /media/crypt1/share + users.extraUsers.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/var/empty"; + }; + services.samba = { + enable = true; + shares = { + winshare = { + path = "/media/crypt1/share"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; @@ -97,9 +123,22 @@ in { extraModulePackages = [ ]; }; - networking.firewall.allowedUDPPorts = [ 655 ]; - # 8080: sabnzbd - networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; + networking.firewall.allowedUDPPorts = [ + # tinc + 655 + # samba + 137 138 + ]; + networking.firewall.allowedTCPPorts = [ + # nginx + 80 + # tinc + 655 + # samba + 445 139 + # sabnzbd + 8080 + ]; hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; @@ -107,5 +146,5 @@ in { zramSwap.enable = true; zramSwap.numDevices = 2; - + krebs.build.host = config.krebs.hosts.omo; } -- cgit v1.2.3 From f6a3c1f3d6b013641b077baf8ddb3a78e75d8b95 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 27 Jan 2016 22:20:32 +0100 Subject: ma 1 omo: cleanup, fix firewalling --- makefu/1systems/omo.nix | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 9162f2ed4..19183fea8 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -31,11 +31,19 @@ in { ../2configs/nginx/omo-share.nix ../3modules ]; + networking.firewall.trustedInterfaces = [ "enp3s0" ]; + # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net + # tcp:80 - nginx for sharing files + # tcp:655 udp:655 - tinc + # tcp:8080 - sabnzbd + networking.firewall.allowedUDPPorts = [ 655 ]; + networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; + # services.openssh.allowSFTP = false; krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; # samba share /media/crypt1/share - users.extraUsers.smbguest = { + users.users.smbguest = { name = "smbguest"; uid = config.ids.uids.smbguest; description = "smb guest user"; @@ -61,6 +69,7 @@ in { disable spoolss = yes ''; }; + # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; @@ -93,6 +102,7 @@ in { ${pkgs.hdparm}/sbin/hdparm -y ${disk} '') allDisks); + # crypto unlocking boot = { initrd.luks = { devices = let @@ -123,23 +133,6 @@ in { extraModulePackages = [ ]; }; - networking.firewall.allowedUDPPorts = [ - # tinc - 655 - # samba - 137 138 - ]; - networking.firewall.allowedTCPPorts = [ - # nginx - 80 - # tinc - 655 - # samba - 445 139 - # sabnzbd - 8080 - ]; - hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; -- cgit v1.2.3