summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2019-09-11 10:34:02 +0200
committertv <tv@krebsco.de>2019-09-11 10:34:02 +0200
commit0182f1bd64973e93d4cf4c30b6005708b7e09240 (patch)
treef5a318fee1572b9b35f9f321d4ac707bc7935792
parente388d02623b98bad5db52b29ea1ef1f494fddae8 (diff)
parent5d24345ff430df38263c113041070a900c23131e (diff)
Merge remote-tracking branch 'prism/master'
-rw-r--r--.gitlab-ci.yml53
-rw-r--r--jeschli/1systems/bolide/config.nix27
-rw-r--r--jeschli/1systems/bolide/home.nix171
-rw-r--r--jeschli/1systems/brauerei/config.nix23
-rw-r--r--jeschli/krops.nix4
-rw-r--r--krebs/0tests/data/secrets/shack/muell_mail.js0
-rw-r--r--krebs/0tests/data/secrets/shack/s3-power.json1
-rw-r--r--krebs/0tests/data/secrets/shack/unifi-prometheus-pw0
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/1systems/puyak/config.nix9
-rw-r--r--krebs/1systems/wolf/config.nix34
-rw-r--r--krebs/2configs/collectd-base.nix4
-rw-r--r--krebs/2configs/default.nix7
-rw-r--r--krebs/2configs/shack/gitlab-runner.nix19
-rw-r--r--krebs/2configs/shack/mqtt.nix14
-rw-r--r--krebs/2configs/shack/muell_mail.nix33
-rw-r--r--krebs/2configs/shack/muellshack.nix43
-rw-r--r--krebs/2configs/shack/node-light.nix53
-rw-r--r--krebs/2configs/shack/powerraw.nix72
-rw-r--r--krebs/2configs/shack/prometheus/node.nix27
-rw-r--r--krebs/2configs/shack/prometheus/server.nix195
-rw-r--r--krebs/2configs/shack/prometheus/unifi.nix10
-rw-r--r--krebs/2configs/shack/s3-power.nix33
-rw-r--r--krebs/3modules/external/default.nix32
-rw-r--r--krebs/3modules/external/ssh/0x4A6F.pub (renamed from krebs/3modules/external/ssh/0x4a6f.pub)0
-rw-r--r--krebs/3modules/lass/default.nix4
-rw-r--r--krebs/3modules/lass/ssh/android.rsa2
-rw-r--r--krebs/3modules/makefu/default.nix9
-rw-r--r--krebs/3modules/makefu/wiregrill/rockit.pub2
-rw-r--r--krebs/3modules/makefu/wiregrill/shackdev.pub1
-rw-r--r--krebs/krops.nix4
-rw-r--r--krebs/nixpkgs.json6
-rw-r--r--lass/1systems/xerxes/config.nix79
-rw-r--r--lass/1systems/xerxes/icarus/config.nix33
-rw-r--r--lass/1systems/xerxes/icarus/physical.nix25
-rw-r--r--lass/1systems/xerxes/physical.nix24
-rw-r--r--lass/3modules/autowifi.nix111
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--makefu/0tests/data/secrets/hass/citadel-bot.json1
-rw-r--r--makefu/0tests/data/secrets/hass/voicerss.apikey0
-rw-r--r--makefu/1systems/cake/config.nix7
-rw-r--r--makefu/1systems/filepimp/config.nix1
-rw-r--r--makefu/1systems/firecracker/config.nix25
-rw-r--r--makefu/1systems/firecracker/hardware-config.nix30
-rw-r--r--makefu/1systems/firecracker/source.nix4
-rw-r--r--makefu/1systems/gum/config.nix29
-rw-r--r--makefu/1systems/gum/hardware-config.nix4
-rw-r--r--makefu/1systems/sdcard/config.nix40
-rw-r--r--makefu/1systems/sdcard/kernel.nix15
-rw-r--r--makefu/1systems/sdcard/source.nix3
-rw-r--r--makefu/1systems/wbob/config.nix21
-rw-r--r--makefu/2configs/Reaktor/bgt.nix15
-rw-r--r--makefu/2configs/bureautomation/automation/10h_timer.nix154
-rw-r--r--makefu/2configs/bureautomation/automation/bureau-shutdown.nix10
-rw-r--r--makefu/2configs/bureautomation/automation/schlechteluft.nix74
-rw-r--r--makefu/2configs/bureautomation/combination/10h_timers.nix194
-rw-r--r--makefu/2configs/bureautomation/combination/README.md3
-rw-r--r--makefu/2configs/bureautomation/combination/matrix.nix65
-rw-r--r--makefu/2configs/bureautomation/combination/mittagessen.nix89
-rw-r--r--makefu/2configs/bureautomation/default.nix280
-rw-r--r--makefu/2configs/bureautomation/deps/dwd_pollen.nix32
-rw-r--r--makefu/2configs/bureautomation/deps/gtts-token.nix27
-rw-r--r--makefu/2configs/bureautomation/deps/pyhaversion.nix33
-rw-r--r--makefu/2configs/bureautomation/device_tracker/openwrt.nix3
-rw-r--r--makefu/2configs/bureautomation/hass.nix198
-rw-r--r--makefu/2configs/bureautomation/script/multi_blink.nix8
-rw-r--r--makefu/2configs/bureautomation/sensor/airquality.nix9
-rw-r--r--makefu/2configs/bureautomation/sensor/pollen.nix7
-rw-r--r--makefu/2configs/mail/mail.euer.nix6
-rw-r--r--makefu/2configs/tools/extra-gui.nix2
-rw-r--r--makefu/2configs/wireguard/wiregrill.nix46
71 files changed, 1857 insertions, 744 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6d2f15063..fb273c932 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,20 +1,57 @@
before_script:
- - mkdir -p ~/.ssh
- - echo "$deploy_privkey" > deploy.key
- - export GIT_SSH_COMMAND="ssh -i $PWD/deploy.key"
- - chmod 600 deploy.key
- - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts
+ - nix-env -iA nixpkgs.openssh nixpkgs.gnupg nixpkgs.curl nixpkgs.git nixpkgs.pass || true
+ # prepare github deployment for NUR
+ - mkdir -p ~/.ssh
+ - echo "$github_deploy_privkey" > ~/.ssh/github_deploy.key
+ - chmod 600 ~/.ssh/github_deploy.key
+ - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts
+ # prepare git fetching of secrets
+ - echo "$gitlab_deploy_privkey" > ~/.ssh/gitlab_deploy.key
+ - chmod 600 ~/.ssh/gitlab_deploy.key
+ - ssh-keyscan -H 'ssh.git.shackspace.de' >> ~/.ssh/known_hosts
+ # import secret key for secrets
+ - echo "$secrets_gpg_key" | gpg --import
+wolf deployment test:
+ stage: test
+ script:
+ - GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
+ - test $(PASSWORD_STORE_DIR=~/brain pass smoke) == 1337
+ - git submodule update --init
+ - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target /tmp -A test)
nix-shell test:
+ stage: test
script:
- - env
- nix-shell --pure --command 'true' -p stdenv && echo success
- nix-shell --pure --command 'false' -p stdenv || echo success
+ - git --version
+ - ssh -V
+ - gpg --version
+ - curl --version
+wolf deployment:
+ stage: deploy
+ script:
+ - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa
+ - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
+ - git submodule update --init
+ - ssh-keyscan -H 'wolf.shack' >> ~/.ssh/known_hosts
+ # TODO, hostname wolf cannot be resolved
+ - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target wolf.shack -A deploy)
+ only:
+ changes:
+ - .gitlab-ci.yml
+ - krebs/**/*
+ - lib/**/*
+ - .gitmodules
nur-packages makefu:
+ stage: deploy
script:
- git reset --hard origin/master
- git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD
- git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git
- - git push --force deploy HEAD:master
+ - GIT_SSH_COMMAND="ssh -i ~/.ssh/github_deploy.key" git push --force deploy HEAD:master
- curl -XPOST http://nur-update.herokuapp.com/update?repo=makefu
+ only:
+ changes:
+ - makefu/**/*
after_script:
- - rm -f deploy.key
+ - rm -rf .ssh/
diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix
index a9f564f75..5cb6ef568 100644
--- a/jeschli/1systems/bolide/config.nix
+++ b/jeschli/1systems/bolide/config.nix
@@ -3,12 +3,14 @@
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, lib, ... }:
+let
+ unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
+in
{
imports =
[
./hardware-configuration.nix
<stockholm/jeschli>
- <home-manager/nixos>
<stockholm/jeschli/2configs/urxvt.nix>
# <stockholm/jeschli/2configs/emacs.nix>
];
@@ -31,6 +33,7 @@
# networking.hostName = "bolide"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true;
+ networking.enableB43Firmware = true; #new
# Select internationalisation properties.
# i18n = {
@@ -53,8 +56,6 @@
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
- home-manager
-
wget vim
# system helper
ag
@@ -78,7 +79,9 @@
google-chrome
# programming languages
go
- gcc
+ gcc9
+ ccls
+ unstable.clang_8
ghc
python35
python35Packages.pip
@@ -95,22 +98,6 @@
zathura
];
- home-manager.useUserPackages = true;
- home-manager.users.jeschli = {
- home.stateVersion = "19.03";
- };
-
- home-manager.users.jeschli.home.file = {
- ".emacs.d" = {
- source = pkgs.fetchFromGitHub {
- owner = "jeschli";
- repo = "emacs.d";
- rev = "8ed6c40";
- sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0";
- };
- recursive = true;
- };
- };
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.bash.enableCompletion = true;
diff --git a/jeschli/1systems/bolide/home.nix b/jeschli/1systems/bolide/home.nix
deleted file mode 100644
index 60fee8b67..000000000
--- a/jeschli/1systems/bolide/home.nix
+++ /dev/null
@@ -1,171 +0,0 @@
-{ pkgs, ... }:
-
-{
- home.file = {
- ".emacs.d" = {
- source = pkgs.fetchFromGitHub {
- owner = "jeschli";
- repo = "emacs.d";
- rev = "8ed6c40";
- sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0";
- };
- recursive = true;
- };
- ".config/i3/config".text = ''
-
-set $mod Mod4
-
-font pango:monospace 8
-
-floating_modifier $mod
-
-bindsym $mod+Return exec i3-sensible-terminal
-
-bindsym $mod+Shift+q kill
-
-bindsym $mod+d exec rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run
-
-bindsym $mod+x exec rofi -modi window -show window -auto-select
-
-# switch to last used window
-bindsym $mod+Tab exec rofi -show window& sleep 0.15 && xdotool key Down
-
-# change focus
-bindsym $mod+j focus left
-bindsym $mod+k focus down
-bindsym $mod+l focus up
-bindsym $mod+semicolon focus right
-
-# alternatively, you can use the cursor keys:
-bindsym $mod+Left focus left
-bindsym $mod+Down focus down
-bindsym $mod+Up focus up
-bindsym $mod+Right focus right
-
-# Resizing windows by 10 in i3 using keyboard only
-bindsym $mod+Ctrl+Shift+Right resize shrink width 10 px or 10 ppt
-bindsym $mod+Ctrl+Shift+Up resize grow height 10 px or 10 ppt
-bindsym $mod+Ctrl+Shift+Down resize shrink height 10 px or 10 ppt
-bindsym $mod+Ctrl+Shift+Left resize grow width 10 px or 10 ppt
-
-# move focused window
-bindsym $mod+Shift+j move left
-bindsym $mod+Shift+k move down
-bindsym $mod+Shift+l move up
-bindsym $mod+Shift+semicolon move right
-
-# alternatively, you can use the cursor keys:
-bindsym $mod+Shift+Left move left
-bindsym $mod+Shift+Down move down
-bindsym $mod+Shift+Up move up
-bindsym $mod+Shift+Right move right
-
-# split in horizontal orientation
-bindsym $mod+h split h
-
-# split in vertical orientation
-bindsym $mod+v split v
-
-# enter fullscreen mode for the focused container
-bindsym $mod+f fullscreen toggle
-
-# change container layout (stacked, tabbed, toggle split)
-bindsym $mod+s layout stacking
-bindsym $mod+w layout tabbed
-bindsym $mod+e layout toggle split
-
-# toggle tiling / floating
-bindsym $mod+Shift+space floating toggle
-
-# change focus between tiling / floating windows
-bindsym $mod+space focus mode_toggle
-
-# focus the parent container
-bindsym $mod+a focus parent
-
-# focus the child container
-#bindsym $mod+d focus child
-
-# Define names for default workspaces for which we configure key bindings later on.
-# We use variables to avoid repeating the names in multiple places.
-set $ws1 "1"
-set $ws2 "2"
-set $ws3 "3"
-set $ws4 "4"
-set $ws5 "5"
-set $ws6 "6"
-set $ws7 "7"
-set $ws8 "8"
-set $ws9 "9"
-set $ws10 "10"
-
-# switch to workspace
-bindsym $mod+1 workspace $ws1
-bindsym $mod+2 workspace $ws2
-bindsym $mod+3 workspace $ws3
-bindsym $mod+4 workspace $ws4
-bindsym $mod+5 workspace $ws5
-bindsym $mod+6 workspace $ws6
-bindsym $mod+7 workspace $ws7
-bindsym $mod+8 workspace $ws8
-bindsym $mod+9 workspace $ws9
-bindsym $mod+0 workspace $ws10
-
-# move focused container to workspace
-bindsym $mod+Shift+1 move container to workspace $ws1
-bindsym $mod+Shift+2 move container to workspace $ws2
-bindsym $mod+Shift+3 move container to workspace $ws3
-bindsym $mod+Shift+4 move container to workspace $ws4
-bindsym $mod+Shift+5 move container to workspace $ws5
-bindsym $mod+Shift+6 move container to workspace $ws6
-bindsym $mod+Shift+7 move container to workspace $ws7
-bindsym $mod+Shift+8 move container to workspace $ws8
-bindsym $mod+Shift+9 move container to workspace $ws9
-bindsym $mod+Shift+0 move container to workspace $ws10
-
-# reload the configuration file
-bindsym $mod+Shift+c reload
-# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
-bindsym $mod+Shift+r restart
-# exit i3 (logs you out of your X session)
-bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'"
-
-bindsym $mod+p exec i3-sensible-pager
-
-# resize window (you can also use the mouse for that)
-mode "resize" {
- # These bindings trigger as soon as you enter the resize mode
-
- # Pressing left will shrink the window’s width.
- # Pressing right will grow the window’s width.
- # Pressing up will shrink the window’s height.
- # Pressing down will grow the window’s height.
- bindsym j resize shrink width 10 px or 10 ppt
- bindsym k resize grow height 10 px or 10 ppt
- bindsym l resize shrink height 10 px or 10 ppt
- bindsym semicolon resize grow width 10 px or 10 ppt
-
- # same bindings, but for the arrow keys
- bindsym Left resize shrink width 10 px or 10 ppt
- bindsym Down resize grow height 10 px or 10 ppt
- bindsym Up resize shrink height 10 px or 10 ppt
- bindsym Right resize grow width 10 px or 10 ppt
-
- # back to normal: Enter or Escape or $mod+r
- bindsym Return mode "default"
- bindsym Escape mode "default"
- bindsym $mod+r mode "default"
-}
-
-bindsym $mod+r mode "resize"
-
-# Start i3bar to display a workspace bar (plus the system information i3status
-# finds out, if available)
-bar {
- position top
- status_command i3status
-}
- '';
- };
-
-}
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 059ec6d71..aabb4b7ba 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -2,6 +2,7 @@
let
xmonad-jeschli = pkgs.callPackage <stockholm/jeschli/5pkgs/simple/xmonad-jeschli> { inherit config; };
mainUser = config.krebs.build.user.name;
+ unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
in
{
imports = [
@@ -52,6 +53,8 @@ in
copyq
curl
dmenu
+ aspell
+ ispell
rofi
xdotool
git
@@ -75,22 +78,14 @@ in
elixir
elmPackages.elm
exercism
- gcc
+ gcc9
+ ccls
+ unstable.clang_8
ghc
go
- python35
- python35Packages.pip
- (vagrant.override {
- bundlerEnv = bundlerEnv.override {
- bundler = bundler.overrideAttrs (old: {
- name = "bundler-1.16.1";
- src = fetchurl {
- url = "https://rubygems.org/gems/bundler-1.16.1.gem";
- sha256 = "1s2nq4qnffxg3kwrk7cnwxcvfihlhxm9absl2l6d3qckf3sy1f22";
- };
- });
- };
- })
+ python37
+ python37Packages.pip
+ pipenv
# dev tools
gnumake
jetbrains.clion
diff --git a/jeschli/krops.nix b/jeschli/krops.nix
index f3964a553..30b06c1e6 100644
--- a/jeschli/krops.nix
+++ b/jeschli/krops.nix
@@ -9,6 +9,10 @@
(krebs-source { test = test; })
{
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
+ nixpkgs-unstable.git = {
+ url = "https://github.com/nixos/nixpkgs-channels";
+ ref = "nixos-unstable";
+ };
secrets = if test then {
file = toString ./2configs/tests/dummy-secrets;
} else {
diff --git a/krebs/0tests/data/secrets/shack/muell_mail.js b/krebs/0tests/data/secrets/shack/muell_mail.js
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/krebs/0tests/data/secrets/shack/muell_mail.js
diff --git a/krebs/0tests/data/secrets/shack/s3-power.json b/krebs/0tests/data/secrets/shack/s3-power.json
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/krebs/0tests/data/secrets/shack/s3-power.json
@@ -0,0 +1 @@
+{}
diff --git a/krebs/0tests/data/secrets/shack/unifi-prometheus-pw b/krebs/0tests/data/secrets/shack/unifi-prometheus-pw
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/krebs/0tests/data/secrets/shack/unifi-prometheus-pw
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 32e416831..60ec625f2 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -14,7 +14,6 @@
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/nscd-fix.nix>
<stockholm/krebs/2configs/reaktor2.nix>
- <stockholm/krebs/2configs/repo-sync.nix>
];
krebs.build.host = config.krebs.hosts.hotdog;
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index af11c6944..ea73e4bd2 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -7,13 +7,14 @@
<stockholm/krebs/2configs/secret-passwords.nix>
<stockholm/krebs/2configs/hw/x220.nix>
- <stockholm/krebs/2configs/stats/puyak-client.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
<stockholm/krebs/2configs/go.nix>
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/news.nix>
<stockholm/krebs/2configs/news-spam.nix>
+ <stockholm/krebs/2configs/shack/prometheus/node.nix>
+ <stockholm/krebs/2configs/shack/gitlab-runner.nix>
];
krebs.build.host = config.krebs.hosts.puyak;
@@ -59,9 +60,9 @@
};
};
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
+ services.logind.lidSwitch = "ignore";
+ services.logind.lidSwitchExternalPower = "ignore";
+
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 7ca0f0ec1..9ae65466c 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -23,6 +23,16 @@ in
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
# Say if muell will be collected
<stockholm/krebs/2configs/shack/muell_caller.nix>
+ # provide muellshack api
+ <stockholm/krebs/2configs/shack/muellshack.nix>
+ # provide light control api
+ <stockholm/krebs/2configs/shack/node-light.nix>
+ # send mail if muell was not handled
+ <stockholm/krebs/2configs/shack/muell_mail.nix>
+ # send mail if m