diff options
Diffstat (limited to 'makefu/1systems')
79 files changed, 0 insertions, 3382 deletions
diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix deleted file mode 100644 index 3befa201..00000000 --- a/makefu/1systems/cake/config.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: -let - primaryInterface = "eth0"; -in { - imports = [ - <stockholm/makefu> - ./hardware-config.nix - { environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];} - # <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/binary-cache/nixos.nix> - #<stockholm/makefu/2configs/support-nixos.nix> - <stockholm/makefu/2configs/homeautomation/default.nix> - # <stockholm/makefu/2configs/homeautomation/google-muell.nix> - # configure your hw: - # <stockholm/makefu/2configs/save-diskspace.nix> - ]; - krebs = { - enable = true; - tinc.retiolum.enable = true; - build.host = config.krebs.hosts.cake; - }; - networking.firewall.trustedInterfaces = [ primaryInterface ]; - documentation.info.enable = false; - documentation.man.enable = false; - services.nixosManual.enable = false; - sound.enable = false; -} diff --git a/makefu/1systems/cake/hardware-config.nix b/makefu/1systems/cake/hardware-config.nix deleted file mode 100644 index d021f945..00000000 --- a/makefu/1systems/cake/hardware-config.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ pkgs, lib, ... }: -{ - # raspi3 - boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ]; - boot.loader.grub.enable = false; - boot.loader.raspberryPi.enable = true; - boot.loader.raspberryPi.version = 3; - boot.loader.raspberryPi.uboot.enable = true; - boot.loader.raspberryPi.uboot.configurationLimit = 3; - boot.loader.raspberryPi.firmwareConfig = '' - gpu_mem=32 - arm_freq=1350 - core_freq=500 - over_voltage=4 - disable_splash=1 - # bye bye warranty - force_turbo=1 - ''; - boot.loader.generationsDir.enable = lib.mkDefault false; - - boot.tmpOnTmpfs = lib.mkForce false; - boot.cleanTmpDir = true; - hardware.enableRedistributableFirmware = true; - - ## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747 - # boot.kernelPackages = pkgs.linuxPackages_latest; - boot.kernelPackages = pkgs.linuxPackages_latest; - environment.systemPackages = [ pkgs.raspberrypi-tools ]; - networking.wireless.enable = true; - # File systems configuration for using the installer's partition layout - swapDevices = [ { device = "/var/swap"; size = 2048; } ]; - fileSystems = { - "/boot" = { - device = "/dev/disk/by-label/NIXOS_BOOT"; - fsType = "vfat"; - }; - "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - }; - }; -} diff --git a/makefu/1systems/cake/source.nix b/makefu/1systems/cake/source.nix deleted file mode 100644 index 22c40039..00000000 --- a/makefu/1systems/cake/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - name="cake"; - full = true; -} diff --git a/makefu/1systems/crapi/README b/makefu/1systems/crapi/README deleted file mode 100644 index 9278c764..00000000 --- a/makefu/1systems/crapi/README +++ /dev/null @@ -1,4 +0,0 @@ -1. flash arm6 image from https://www.cs.helsinki.fi/u/tmtynkky/nixos-arm/installer/ to sdcard -2. passwd; systemctl start sshd; mkdir /var/src ; touch /var/src/.populate -3. "environment.systemPackages = [ pkgs.rsync pkgs.git ];" in /etc/nixos/configuration.nix -5. nixos-rebuild switch --fast --option binary-caches http://nixos-arm.dezgeg.me/channel --option binary-cache-public-keys nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=% diff --git a/makefu/1systems/crapi/config.nix b/makefu/1systems/crapi/config.nix deleted file mode 100644 index e7c6c366..00000000 --- a/makefu/1systems/crapi/config.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - imports = [ - <stockholm/makefu> - ./hardware-config.nix - <stockholm/makefu/2configs> - <stockholm/makefu/2configs/tinc/retiolum.nix> - <stockholm/makefu/2configs/save-diskspace.nix> - - ]; - krebs.build.host = config.krebs.hosts.crapi; - - services.openssh.enable = true; - -} diff --git a/makefu/1systems/crapi/hardware-config.nix b/makefu/1systems/crapi/hardware-config.nix deleted file mode 100644 index bba31dab..00000000 --- a/makefu/1systems/crapi/hardware-config.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ pkgs, lib, ... }: -{ - #raspi1 - boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ]; - - boot.loader.grub.enable = false; - boot.loader.raspberryPi.enable = true; - boot.loader.raspberryPi.version = 1; - boot.loader.raspberryPi.uboot.enable = true; - boot.loader.raspberryPi.uboot.configurationLimit = 1; - boot.loader.generationsDir.enable = lib.mkDefault false; - hardware.enableRedistributableFirmware = true; - boot.cleanTmpDir = true; - environment.systemPackages = [ pkgs.raspberrypi-tools ]; - boot.kernelPackages = pkgs.linuxPackages_rpi; - - nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ]; - nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ]; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-label/NIXOS_BOOT"; - fsType = "vfat"; - }; - "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - }; - }; - - system.activationScripts.create-swap = '' - if [ ! -e /swapfile ]; then - fallocate -l 2G /swapfile - mkswap /swapfile - chmod 600 /swapfile - fi - ''; - swapDevices = [ { device = "/swapfile"; size = 4096; } ]; -} diff --git a/makefu/1systems/crapi/source.nix b/makefu/1systems/crapi/source.nix deleted file mode 100644 index 4a4359ee..00000000 --- a/makefu/1systems/crapi/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - arm6 = true; -} diff --git a/makefu/1systems/darth/config.nix b/makefu/1systems/darth/config.nix deleted file mode 100644 index 4e71d142..00000000 --- a/makefu/1systems/darth/config.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import <stockholm/lib>; -let - # all the good stuff resides in /data - - byid = dev: "/dev/disk/by-id/" + dev; - rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN"; - bootPart = rootDisk + "-part1"; - rootPart = rootDisk + "-part2"; - - allDisks = [ rootDisk ]; # auxDisk -in { - imports = [ - <stockholm/makefu> - <stockholm/makefu/2configs/fs/sda-crypto-root.nix> - <stockholm/makefu/2configs/sshd-totp.nix> - <stockholm/makefu/2configs/zsh-user.nix> - <stockholm/makefu/2configs/smart-monitor.nix> - <stockholm/makefu/2configs/exim-retiolum.nix> - # <stockholm/makefu/2configs/virtualisation/libvirt.nix> - - <stockholm/makefu/2configs/tinc/retiolum.nix> - <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/stats/client.nix> - # <stockholm/makefu/2configs/nsupdate-data.nix> - - <stockholm/makefu/2configs/share/anon-ftp.nix> - - # lan party - <stockholm/makefu/2configs/lanparty/lancache.nix> - <stockholm/makefu/2configs/lanparty/lancache-dns.nix> - <stockholm/makefu/2configs/lanparty/samba.nix> - <stockholm/makefu/2configs/lanparty/mumble-server.nix> - <stockholm/makefu/2configs/virtualisation/libvirt.nix> - ]; - - - - #networking.firewall.enable = false; - makefu.server.primary-itf = "enp0s25"; - # krebs.hidden-ssh.enable = true; - boot.kernelModules = [ "coretemp" "f71882fg" ]; - hardware.enableRedistributableFirmware = true; - nixpkgs.config.allowUnfree = true; - networking = { - wireless.enable = true; - firewall = { - allowPing = true; - logRefusedConnections = false; - # trustedInterfaces = [ "eno1" ]; - allowedUDPPorts = [ 80 655 1655 67 ]; - allowedTCPPorts = [ 80 655 1655 ]; - }; - # fallback connection to the internal virtual network - # interfaces.virbr3.ip4 = [{ - # address = "10.8.8.2"; - # prefixLength = 24; - # }]; - }; - - # TODO smartd omo darth gum all-in-one - services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - - boot.loader.grub.device = rootDisk; - boot.initrd.luks.devices = [ - { name = "luksroot"; - device = rootPart; - allowDiscards = true; - keyFileSize = 4096; - keyFile = "/dev/sdb"; - } - ]; - - krebs.build.host = config.krebs.hosts.darth; -} diff --git a/makefu/1systems/darth/source.nix b/makefu/1systems/darth/source.nix deleted file mode 100644 index a8d7368a..00000000 --- a/makefu/1systems/darth/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - name="darth"; -} diff --git a/makefu/1systems/drop/config.nix b/makefu/1systems/drop/config.nix deleted file mode 100644 index 2757db8c..00000000 --- a/makefu/1systems/drop/config.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, pkgs, ... }: -let - external-ip = "45.55.145.62"; - default-gw = "45.55.128.1"; - prefixLength = 18; -in { - imports = [ - <stockholm/makefu> - <stockholm/makefu/2configs/hw/CAC.nix> - <stockholm/makefu/2configs/save-diskspace.nix> - <stockholm/makefu/2configs/torrent.nix> - ]; - krebs = { - enable = true; - tinc.retiolum.enable = true; - build.host = config.krebs.hosts.drop; - }; - - boot.loader.grub.device = "/dev/vda"; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ]; - fileSystems."/" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - - networking = { - firewall = { - allowPing = true; - logRefusedConnections = false; - allowedTCPPorts = [ ]; - allowedUDPPorts = [ 655 ]; - }; - interfaces.enp0s3.ipv4.addresses = [{ - address = external-ip; - inherit prefixLength; - }]; - defaultGateway = default-gw; - nameservers = [ "8.8.8.8" ]; - }; -} diff --git a/makefu/1systems/drop/source.nix b/makefu/1systems/drop/source.nix deleted file mode 100644 index a6bc834b..00000000 --- a/makefu/1systems/drop/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - name="drop"; - torrent = true; -} diff --git a/makefu/1systems/fileleech/config.nix b/makefu/1systems/fileleech/config.nix deleted file mode 100644 index 7e9dea9e..00000000 --- a/makefu/1systems/fileleech/config.nix +++ /dev/null @@ -1,174 +0,0 @@ -{ config, pkgs, lib, ... }: -let - toMapper = id: "/media/crypt${builtins.toString id}"; - byid = dev: "/dev/disk/by-id/" + dev; - keyFile = byid "usb-Intuix_DiskOnKey_09A07360336198F8-0:0"; - rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; - rootPartition = rootDisk + "-part3"; - - dataDisks = let - idpart = dev: byid dev + "-part1"; - in [ - { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";} - { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";} - { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";} - { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";} - { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";} - { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";} - { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";} - { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity - ]; - - disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks; -in { - imports = [ - <stockholm/makefu> - <stockholm/makefu/2configs/tinc/retiolum.nix> - <stockholm/makefu/2configs/disable_v6.nix> - <stockholm/makefu/2configs/torrent.nix> - <stockholm/makefu/2configs/fs/sda-crypto-root.nix> - - #<stockholm/makefu/2configs/elchos/irc-token.nix> - # <stockholm/makefu/2configs/elchos/log.nix> - # <stockholm/makefu/2configs/elchos/search.nix> - # <stockholm/makefu/2configs/elchos/stats.nix> - - ]; - systemd.services.grafana.serviceConfig.LimitNOFILE=10032; - systemd.services.graphiteApi.serviceConfig.LimitNOFILE=10032; - systemd.services.carbonCache.serviceConfig.LimitNOFILE=10032; - makefu.server.primary-itf = "enp8s0f0"; - krebs = { - enable = true; - build.host = config.krebs.hosts.fileleech; - }; - # git clone https://github.com/makefu/docker-pyload - # docker build . - # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload - - virtualisation.docker.enable = true; # for pyload - networking.firewall.allowPing = true; - networking.firewall.logRefusedConnections = false; - networking.firewall.allowedTCPPorts = [ - 51412 # torrent - 8112 # rutorrent-web - 8113 # pyload - 8080 # sabnzbd - 9090 # sabnzbd-ssl - 655 # tinc - 21 # ftp - ]; - services.nginx.virtualHosts._download = { - default = true; - root = config.makefu.dl-dir; - extraConfig = '' - autoindex on; - ''; - basicAuth = import <secrets/kibana-auth.nix>; - }; - networking.firewall.allowedUDPPorts = [ - 655 # tinc - 51412 # torrent - ]; - - services.vsftpd.enable = true; - services.vsftpd.localUsers = true; - services.vsftpd.userlist = [ "download" ]; - services.vsftpd.userlistEnable = true; - # services.vsftpd.chrootlocalUser = true; - - services.sabnzbd.enable = true; - systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - - # TODO use users.motd and pam.services.sshd.showMotd - services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" '' - Services: - ssh://download@fileleech - ssh via filebitch - ftp://download@fileleech - access to ${config.makefu.dl-dir} - http://fileleech:8112 - rutorrent - http://fileleech:8113 - pyload - https://fileleech:9090 - sabnzb - ''; in "Banner ${banner}"; - - boot.initrd.luks = { - devices = let - usbkey = name: device: { - inherit name device keyFile; - keyFileSize = 4096; - allowDiscards = true; - }; - in builtins.map (x: usbkey x.name x.device) disks; - }; - environment.systemPackages = with pkgs;[ mergerfs ]; - - fileSystems = let - cryptMount = name: - { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; - in cryptMount "crypt0" - // cryptMount "crypt1" - // cryptMount "crypt2" - // cryptMount "crypt3" - // cryptMount "crypt4" - // cryptMount "crypt5" - // cryptMount "crypt6" - // cryptMount "crypt7" - - # this entry sometimes creates issues - // { "/media/cryptX" = { - device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 4 5 6 ]); - fsType = "mergerfs"; - noCheck = true; - options = [ "defaults" "nofail" "allow_other" "nonempty" ]; }; - } - - ; - makefu.dl-dir = "/media/cryptX"; - users.users.download = { - useDefaultShell = true; - # name = "download"; - # createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.makefu. |