diff options
| author | tv <tv@krebsco.de> | 2017-07-14 00:17:58 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2017-07-14 00:21:02 +0200 |
| commit | 58380c82848c3db0bd6c3d74904153f3464c2098 (patch) | |
| tree | dcefa424c037ef13edba18967143b3290dc739cb /krebs/2configs/shack | |
| parent | c213968c44befe32f115ec0122accebdabd89582 (diff) | |
merge shared into krebs
Diffstat (limited to 'krebs/2configs/shack')
| -rw-r--r-- | krebs/2configs/shack/bincache.nix | 6 | ||||
| -rw-r--r-- | krebs/2configs/shack/drivedroid.nix | 49 | ||||
| -rw-r--r-- | krebs/2configs/shack/mqtt_sub.nix | 34 | ||||
| -rw-r--r-- | krebs/2configs/shack/muell_caller.nix | 41 | ||||
| -rw-r--r-- | krebs/2configs/shack/nix-cacher.nix | 31 | ||||
| -rw-r--r-- | krebs/2configs/shack/radioactive.nix | 35 | ||||
| -rw-r--r-- | krebs/2configs/shack/share.nix | 38 | ||||
| -rw-r--r-- | krebs/2configs/shack/worlddomination.nix | 67 |
8 files changed, 301 insertions, 0 deletions
diff --git a/krebs/2configs/shack/bincache.nix b/krebs/2configs/shack/bincache.nix new file mode 100644 index 00000000..9cd7fae2 --- /dev/null +++ b/krebs/2configs/shack/bincache.nix @@ -0,0 +1,6 @@ +{...}: +{ + nix.binaryCaches = [ + "http://wolf.shack:3142/nixos" + ]; +} diff --git a/krebs/2configs/shack/drivedroid.nix b/krebs/2configs/shack/drivedroid.nix new file mode 100644 index 00000000..12e4a39c --- /dev/null +++ b/krebs/2configs/shack/drivedroid.nix @@ -0,0 +1,49 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +let + root = "/var/srv/drivedroid"; +in +{ + environment.systemPackages = [ pkgs.drivedroid-gen-repo ]; + + services.nginx = { + enable = mkDefault true; + virtualHosts.shack-drivedroid = { + serverAliases = [ + "drivedroid.shack" + ]; + # TODO: prepare this somehow + locations."/".extraConfig = '' + root ${root}; + index main.json; + ''; + }; + }; + + systemd.services.drivedroid-gen-repo = { + description = "generates drivedroid repo file"; + path = [ + pkgs.coreutils + pkgs.drivedroid-gen-repo + pkgs.inotify-tools + ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + ExecStartPre = pkgs.writeDash "prepare-drivedroid-gen-repo" '' + mkdir -p ${root}/repos + ''; + ExecStart = pkgs.writeDash "start-drivedroid-gen-repo" '' + set -efu + cd ${root} + while sleep 60; do + if inotifywait -r .; then + drivedroid-gen-repo repos > main.json + fi + done + ''; + }; + }; +} diff --git a/krebs/2configs/shack/mqtt_sub.nix b/krebs/2configs/shack/mqtt_sub.nix new file mode 100644 index 00000000..a8427dde --- /dev/null +++ b/krebs/2configs/shack/mqtt_sub.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + pkg = pkgs.stdenv.mkDerivation { + name = "mqtt2graphite-2017-05-29"; + src = pkgs.fetchgit { + url = "https://github.com/shackspace/mqtt2graphite/"; + rev = "117179d"; + sha256 = "1334jbbzlqizyp7zcn4hdswhhrnkj1p4p435n5nph82lzffrsi44"; + }; + buildInputs = [ + (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [ + docopt + paho-mqtt + ])) + ]; + installPhase = '' + install -m755 -D sub.py $out/bin/sub + install -m755 -D sub2.py $out/bin/sub-new + ''; + }; +in { + systemd.services.mqtt_sub = { + description = "subscribe to mqtt, send to graphite"; + # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkg}/bin/sub-new"; + PrivateTmp = true; + }; + }; +} diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix new file mode 100644 index 00000000..2d8d78e3 --- /dev/null +++ b/krebs/2configs/shack/muell_caller.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + pkg = pkgs.stdenv.mkDerivation { + name = "muell_caller-2017-06-01"; + src = pkgs.fetchgit { + url = "https://github.com/shackspace/muell_caller/"; + rev = "bbd4009"; + sha256 = "1bfnfl2vdh0p5wzyz5p48qh04vvsg2445avg86fzhzragx25fqv0"; + }; + buildInputs = [ + (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ + docopt + requests2 + paramiko + python + ])) + ]; + installPhase = '' + install -m755 -D call.py $out/bin/call-muell + ''; + }; + cfg = "${toString <secrets>}/tell.json"; +in { + systemd.services.call_muell = { + description = "call muell"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; # TODO separate user + ExecStartPre = pkgs.writeDash "call-muell-pre" '' + cp ${cfg} /tmp/tell.json + chown nobody /tmp/tell.json + ''; + ExecStart = "${pkg}/bin/call-muell --cfg /tmp/tell.json --mode mpd loop 60"; + Restart = "always"; + PrivateTmp = true; + PermissionsStartOnly = true; + }; + }; +} diff --git a/krebs/2configs/shack/nix-cacher.nix b/krebs/2configs/shack/nix-cacher.nix new file mode 100644 index 00000000..8feeca9a --- /dev/null +++ b/krebs/2configs/shack/nix-cacher.nix @@ -0,0 +1,31 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +let + cfg = config.krebs.apt-cacher-ng; +in +{ + imports = [ + ./bincache.nix + ]; + krebs.apt-cacher-ng = { + enable = true; + port = 3142; + bindAddress = "localhost"; + cacheExpiration = 30; + }; + + services.nginx = { + enable = mkDefault true; + virtualHosts.shack-nix-cacher = { + serverAliases = [ + "acng.shack" + ]; + locations."/".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://localhost:${toString cfg.port}/; + ''; + }; + }; +} diff --git a/krebs/2configs/shack/radioactive.nix b/krebs/2configs/shack/radioactive.nix new file mode 100644 index 00000000..378b5405 --- /dev/null +++ b/krebs/2configs/shack/radioactive.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + pkg = pkgs.stdenv.mkDerivation { + name = "radioactive-2017-06-01"; + src = pkgs.fetchgit { + url = "https://github.com/makefu/nagios-radioactiveathome-plugins/"; + rev = "955f614"; + sha256 = "0ql6npl3n6shvij0ly6a52yjmf7dc31c5x29y927k9lvp8ygin20"; + }; + buildInputs = [ + (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ + docopt + requests2 + python + ])) + ]; + installPhase = '' + install -m755 -D add_many_points.py $out/bin/radioactive-add-many + ''; + }; +in { + systemd.services.radioactive = { + description = "radioactive"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; # TODO separate user + ExecStart = "${pkg}/bin/radioactive-add-many loop 60"; + Restart = "always"; + PrivateTmp = true; + PermissionsStartOnly = true; + }; + }; +} diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix new file mode 100644 index 00000000..247b9ee7 --- /dev/null +++ b/krebs/2configs/shack/share.nix @@ -0,0 +1,38 @@ +{config, ... }:{ + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + group = "share"; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + + networking.firewall.allowedTCPPorts = [ + 139 445 # samba + ]; + + networking.firewall.allowedUDPPorts = [ + 137 138 + ]; + services.samba = { + enable = true; + shares = { + share-home = { + path = "/home/share/"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix new file mode 100644 index 00000000..d0f9f5fa --- /dev/null +++ b/krebs/2configs/shack/worlddomination.nix @@ -0,0 +1,67 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + pythonPackages = pkgs.python3Packages; + # https://github.com/chrysn/aiocoap + aiocoap = pythonPackages.buildPythonPackage { + name = "aiocoap-0.3"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; }; + propagatedBuildInputs = [ ]; + doCheck = false; # 2 errors, dunnolol + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = licenses.mit; + description = "Python CoAP library"; + }; + }; + LinkHeader = pythonPackages.buildPythonPackage { + name = "LinkHeader-0.4.3"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; + propagatedBuildInputs = [ ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = licenses.bsdOriginal; + description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; + }; + }; + pkg = pkgs.stdenv.mkDerivation { + name = "worlddomination-2017-06-10"; + src = pkgs.fetchgit { + url = "https://github.com/shackspace/worlddomination/"; + rev = "72fc9b5"; + sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf"; + }; + buildInputs = [ + (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ + docopt + LinkHeader + aiocoap + requests2 + paramiko + python + ])) + ]; + installPhase = '' + install -m755 -D backend/push_led.py $out/bin/push-led + install -m755 -D backend/loop_single.py $out/bin/loop-single + # copy the provided file to the package + install -m755 -D backend/wd.lst $out/${wdpath} + ''; + }; + wdpath = "/usr/worlddomination/wd.lst"; + esphost = "10.42.24.7"; # esp8266 + timeout = 10; # minutes +in { + systemd.services.worlddomination = { + description = "run worlddomination"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; # TODO separate user + ExecStart = "${pkg}/bin/push-led ${esphost} ${pkg}/${wdpath} loop ${toString timeout}"; + Restart = "always"; + PrivateTmp = true; + PermissionsStartOnly = true; + }; + }; +} |