summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
Diffstat (limited to 'makefu')
-rw-r--r--makefu/0tests/data/secrets/nsupdate-cache.nix1
-rw-r--r--makefu/1systems/gum/config.nix12
-rw-r--r--makefu/1systems/gum/hardware-config.nix11
-rw-r--r--makefu/1systems/gum/rescue.txt4
-rw-r--r--makefu/1systems/gum/source.nix2
-rw-r--r--makefu/2configs/bgt/auphonic.pub1
-rw-r--r--makefu/2configs/bgt/download.binaergewitter.de.nix (renamed from makefu/2configs/nginx/download.binaergewitter.de.nix)23
-rw-r--r--makefu/2configs/bgt/hidden_service.nix (renamed from makefu/2configs/deployment/bgt/hidden_service.nix)0
-rw-r--r--makefu/2configs/bureautomation/default.nix (renamed from makefu/2configs/deployment/bureautomation/default.nix)0
-rw-r--r--makefu/2configs/bureautomation/hass.nix (renamed from makefu/2configs/deployment/bureautomation/hass.nix)0
-rw-r--r--makefu/2configs/bureautomation/mpd.nix (renamed from makefu/2configs/deployment/bureautomation/mpd.nix)0
-rw-r--r--makefu/2configs/homeautomation/default.nix (renamed from makefu/2configs/deployment/homeautomation/default.nix)0
-rw-r--r--makefu/2configs/homeautomation/google-muell.nix (renamed from makefu/2configs/deployment/google-muell.nix)0
-rw-r--r--makefu/2configs/homeautomation/mqtt.nix (renamed from makefu/2configs/deployment/homeautomation/mqtt.nix)0
-rw-r--r--makefu/2configs/stats/collectd-client.nix (renamed from makefu/2configs/stats/client.nix)0
-rw-r--r--makefu/5pkgs/libopencm3/default.nix30
-rw-r--r--makefu/krops.nix15
-rwxr-xr-xmakefu/update-channel.sh2
18 files changed, 49 insertions, 52 deletions
diff --git a/makefu/0tests/data/secrets/nsupdate-cache.nix b/makefu/0tests/data/secrets/nsupdate-cache.nix
new file mode 100644
index 00000000..f5e70470
--- /dev/null
+++ b/makefu/0tests/data/secrets/nsupdate-cache.nix
@@ -0,0 +1 @@
+"derp"
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 3d2cbac6..a1691da3 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -4,13 +4,14 @@ with import <stockholm/lib>;
let
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
ext-if = config.makefu.server.primary-itf;
+ allDisks = [ "/dev/sda" "/dev/sdb" ];
in {
imports = [
<stockholm/makefu>
./hardware-config.nix
{
users.users.lass = {
- uid = 9002;
+ uid = 19002;
isNormalUser = true;
createHome = true;
useDefaultShell = true;
@@ -21,7 +22,7 @@ in {
};
}
<stockholm/makefu/2configs/headless.nix>
- # <stockholm/makefu/2configs/smart-monitor.nix>
+ <stockholm/makefu/2configs/smart-monitor.nix>
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
@@ -93,13 +94,15 @@ in {
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/iso.euer.nix>
+ <stockholm/krebs/2configs/cache.nsupdate.info.nix>
<stockholm/makefu/2configs/shack/events-publisher>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
- <stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
+ <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
+ <stockholm/makefu/2configs/bgt/hidden_service.nix>
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/logging/client.nix>
@@ -132,7 +135,7 @@ in {
ListenAddress = ${external-ip} 21031
'';
connectTo = [
- "prism" "ni" "enklave" "dishfire" "echelon" "hotdog"
+ "prism" "ni" "enklave" "eve" "archprism"
];
};
@@ -189,6 +192,7 @@ in {
nameservers = [ "8.8.8.8" ];
};
users.users.makefu.extraGroups = [ "download" "nginx" ];
+ services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
boot.tmpOnTmpfs = true;
state = [ "/home/makefu/.weechat" ];
}
diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix
index bfe29b46..e9670a5a 100644
--- a/makefu/1systems/gum/hardware-config.nix
+++ b/makefu/1systems/gum/hardware-config.nix
@@ -46,7 +46,7 @@ in {
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
- boot.kernelModules = [ "kvm-intel" ];
+ boot.kernelModules = [ "dm-thin-pool" "kvm-intel" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
device = "/dev/mapper/nixos-root";
@@ -56,10 +56,19 @@ in {
device = "/dev/mapper/nixos-lib";
fsType = "ext4";
};
+ fileSystems."/var/log" = {
+ device = "/dev/mapper/nixos-log";
+ fsType = "ext4";
+ };
fileSystems."/var/download" = {
device = "/dev/mapper/nixos-download";
fsType = "ext4";
};
+ fileSystems."/var/www/binaergewitter" = {
+ device = "/dev/mapper/nixos-binaergewitter";
+ fsType = "ext4";
+ options = [ "nofail" ];
+ };
fileSystems."/var/lib/borgbackup" = {
device = "/dev/mapper/nixos-backup";
fsType = "ext4";
diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt
index 30276b7d..0a3ed96e 100644
--- a/makefu/1systems/gum/rescue.txt
+++ b/makefu/1systems/gum/rescue.txt
@@ -1,10 +1,14 @@
+ssh gum.i -o StrictHostKeyChecking=no
+
mount /dev/mapper/nixos-root /mnt
mount /dev/sda2 /mnt/boot
chroot-prepare /mnt
chroot /mnt /bin/sh
+
journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub)
+# ... activating ...
export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate
diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix
index 6940498f..1e36c6e8 100644
--- a/makefu/1systems/gum/source.nix
+++ b/makefu/1systems/gum/source.nix
@@ -1,5 +1,5 @@
{
- name="nextgum";
+ name="gum";
torrent = true;
clever_kexec = true;
}
diff --git a/makefu/2configs/bgt/auphonic.pub b/makefu/2configs/bgt/auphonic.pub
new file mode 100644
index 00000000..37b8e059
--- /dev/null
+++ b/makefu/2configs/bgt/auphonic.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvP50lgtHhlC3LKzC1/4yzJNxkZFDSIBvEfavNfchNKJUEBPo82oVtfFgJR5XfjI7c2U9dHl+0q4qMl+9ZiZWr2YgDpAr78kpur4gjWKrnBa2eT9GIfXB3Tm1+OpI2HoeOHUKEK1gKqqe9tJfS+CLb7DLCjulW8zdLiiH6KmvyaH78hGjZv+bpx7H4rItAinl8vGe+ceRIk4tZbmkyhphXbQZa3Ov+imiJXIr7fmX3tkOhUp4YwrVlUK8J0MEa1Kf7ZYWRqvGnKYFQ73LwLPz7UIOZ93zPF4d0R7xqvdEEhIx+u1/gToQZSMUczbVqg3dixr3yeBhFA/6h0lTA61mx
diff --git a/makefu/2configs/nginx/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
index 6b5687e7..6d64848f 100644
--- a/makefu/2configs/nginx/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@@ -1,12 +1,25 @@
{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
let
- ident = (toString <secrets>) + "/mirrorsync.gum.id_ed25519";
+ ident = (builtins.readFile ./auphonic.pub);
in {
- systemd.services.mirrorsync = {
- startAt = "08:00:00";
- path = with pkgs; [ rsync openssh ];
- script = ''rsync -av -e "ssh -i ${ident}" mirrorsync@159.69.132.234:/var/www/html/ /var/www/binaergewitter'';
+ services.openssh = {
+ allowSFTP = true;
+ sftpFlags = [ "-l VERBOSE" ];
+ extraConfig = ''
+ Match User auphonic
+ ForceCommand internal-sftp
+ AllowTcpForwarding no
+ X11Forwarding no
+ PasswordAuthentication no
+ '';
+ };
+ users.users.auphonic = {
+ uid = genid "auphonic";
+ group = "nginx";
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
};
services.nginx = {
enable = lib.mkDefault true;
diff --git a/makefu/2configs/deployment/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix
index c1a31b8d..c1a31b8d 100644
--- a/makefu/2configs/deployment/bgt/hidden_service.nix
+++ b/makefu/2configs/bgt/hidden_service.nix
diff --git a/makefu/2configs/deployment/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix
index 3897537e..3897537e 100644
--- a/makefu/2configs/deployment/bureautomation/default.nix
+++ b/makefu/2configs/bureautomation/default.nix
diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix
index 443484a3..443484a3 100644
--- a/makefu/2configs/deployment/bureautomation/hass.nix
+++ b/makefu/2configs/bureautomation/hass.nix
diff --git a/makefu/2configs/deployment/bureautomation/mpd.nix b/makefu/2configs/bureautomation/mpd.nix
index 1f5acb35..1f5acb35 100644
--- a/makefu/2configs/deployment/bureautomation/mpd.nix
+++ b/makefu/2configs/bureautomation/mpd.nix
diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/homeautomation/default.nix
index 94799b11..94799b11 100644
--- a/makefu/2configs/deployment/homeautomation/default.nix
+++ b/makefu/2configs/homeautomation/default.nix
diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/homeautomation/google-muell.nix
index 235cc154..235cc154 100644
--- a/makefu/2configs/deployment/google-muell.nix
+++ b/makefu/2configs/homeautomation/google-muell.nix
diff --git a/makefu/2configs/deployment/homeautomation/mqtt.nix b/makefu/2configs/homeautomation/mqtt.nix
index cd1c328d..cd1c328d 100644
--- a/makefu/2configs/deployment/homeautomation/mqtt.nix
+++ b/makefu/2configs/homeautomation/mqtt.nix
diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/collectd-client.nix
index cfb5e3fd..cfb5e3fd 100644
--- a/makefu/2configs/stats/client.nix
+++ b/makefu/2configs/stats/collectd-client.nix
diff --git a/makefu/5pkgs/libopencm3/default.nix b/makefu/5pkgs/libopencm3/default.nix
deleted file mode 100644
index ed35fc63..00000000
--- a/makefu/5pkgs/libopencm3/default.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ lib, stdenv, fetchFromGitHub, gcc-arm-embedded, python }:
-stdenv.mkDerivation rec {
- name = "libopencm-${version}";
- version = "2017-04-01";
-
- src = fetchFromGitHub {
- owner = "libopencm3";
- repo = "libopencm3";
- rev = "383fafc862c0d47f30965f00409d03a328049278";
- sha256 = "0ar67icxl39cf7yb5glx3zd5413vcs7zp1jq0gzv1napvmrv3jv9";
- };
-
- buildInputs = [ gcc-arm-embedded python ];
- buildPhase = ''
- sed -i 's#/usr/bin/env python#${python}/bin/python#' ./scripts/irq2nvic_h
- make
- '';
- installPhase = ''
- mkdir -p $out
- cp -r lib $out/
- '';
-
- meta = {
- description = "Open Source ARM cortex m microcontroller library";
- homepage = https://github.com/libopencm3/libopencm3;
- license = stdenv.lib.licenses.gpl2;
- platforms = stdenv.lib.platforms.linux;
- maintainers = with stdenv.lib.maintainers; [ makefu ];
- };
-}
diff --git a/makefu/krops.nix b/makefu/krops.nix
index 6c510eba..2a2f70a0 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -7,7 +7,6 @@
host-src = {
secure = false;
- full = false;
torrent = false;
hw = false;
musnix = false;
@@ -23,7 +22,11 @@
{
# nixos-18.09 @ 2018-09-18
# + uhub/sqlite: 5dd7610401747
- nixpkgs = if test then {
+ # + hovercraft: 7134801b17d72
+ nixpkgs = if host-src.arm6 then {
+ # TODO: we want to track the unstable channel
+ symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
+ } else {
file = {
path = toString (pkgs.fetchFromGitHub {
owner = "makefu";
@@ -33,14 +36,6 @@
});
useChecksum = true;
};
- } else if host-src.full then {
- git.ref = nixpkgs-src.rev;
- git.url = nixpkgs-src.url;
- } else if host-src.arm6 then {
- # TODO: we want to track the unstable channel
- symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
- } else {
- file = "/home/makefu/store/${nixpkgs-src.rev}";
};
nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix";
diff --git a/makefu/update-channel.sh b/makefu/update-channel.sh
index 59d3c434..0899581e 100755
--- a/makefu/update-channel.sh
+++ b/makefu/update-channel.sh
@@ -6,4 +6,4 @@ nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--rev refs/heads/master' \
> $dir/nixpkgs.json
newref=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
-echo git commit $dir/nixpkgs.json -m "nixpkgs: $oldref -> $newref"
+echo "git commit $dir/nixpkgs.json -m 'ma nixpkgs: $oldref -> $newref'"
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 19:05:22 +0000