diff options
author | tv <tv@krebsco.de> | 2016-10-20 20:22:29 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2016-10-20 20:22:29 +0200 |
commit | 9329c1e47ddda0653d7e9824a01632ce3766e8f0 (patch) | |
tree | 2bfb70737a757d0bd61ca0aa895c77d740b21e73 /makefu/2configs | |
parent | 844d347ce7cf0b7646e9ecba3fbdc0b90e608501 (diff) | |
parent | 0f2a9778315c3126794c0f1ad63710d38e7a67f7 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/2configs')
-rw-r--r-- | makefu/2configs/backup.nix | 8 | ||||
-rw-r--r-- | makefu/2configs/base-gui.nix | 1 | ||||
-rw-r--r-- | makefu/2configs/default.nix | 11 | ||||
-rw-r--r-- | makefu/2configs/elchos/stats.nix | 96 | ||||
-rw-r--r-- | makefu/2configs/filepimp-share.nix | 33 | ||||
-rw-r--r-- | makefu/2configs/hw/tp-x220.nix | 2 | ||||
-rw-r--r-- | makefu/2configs/hw/tp-x2x0.nix | 4 | ||||
-rw-r--r-- | makefu/2configs/iodined.nix | 3 | ||||
-rw-r--r-- | makefu/2configs/nginx/icecult.nix | 28 | ||||
-rw-r--r-- | makefu/2configs/rad1o.nix | 2 | ||||
-rw-r--r-- | makefu/2configs/solr.nix | 24 | ||||
-rw-r--r-- | makefu/2configs/urlwatch.nix | 2 |
12 files changed, 204 insertions, 10 deletions
diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix index 6f79ed4f4..57fd7a64d 100644 --- a/makefu/2configs/backup.nix +++ b/makefu/2configs/backup.nix @@ -1,6 +1,10 @@ { config, lib, ... }: with config.krebs.lib; let + # preparation: + # mkdir -p defaultBackupDir/host.name/src + # as root on omo: + # ssh-copy-id root@src startAt = "0,6,12,18:00"; defaultBackupServer = config.krebs.hosts.omo; defaultBackupDir = "/home/backup"; @@ -12,7 +16,7 @@ let }; dst = { host = defaultBackupServer; - path = defaultBackupDir + src; + path = "${defaultBackupDir}/${host.name}${src}"; }; startAt = "0,6,12,18:00"; snapshots = { @@ -25,6 +29,6 @@ let }; in { krebs.backup.plans = { - wry-to-omo_var-www = defaultPull wry "/var/www"; + wry-to-omo_var-www = defaultPull config.krebs.hosts.wry "/"; }; } diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index b039c12ca..cbc3efbac 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -82,7 +82,6 @@ in URxvt.perl-ext: default,url-select URxvt.keysym.M-u: perl:url-select:select_next - #URxvt.url-select.launcher: firefox -new-tab URxvt.url-select.launcher: chromium URxvt.url-select.underline: true URxvt.searchable-scrollback: CM-s diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index a7c2a983e..56a87d7af 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -21,10 +21,13 @@ with config.krebs.lib; search-domain = "retiolum"; build = { user = config.krebs.users.makefu; - source = let inherit (config.krebs.build) host user; in { + source = let + inherit (config.krebs.build) host user; + ref = "b8ede35"; # stable @ 2016-10-19 + in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then - { # stable @ 2016-07-20 - git = { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; }; + { + git = { url = https://github.com/nixos/nixpkgs; inherit ref; }; } else # TODO use http, once it is implemented @@ -32,7 +35,7 @@ with config.krebs.lib; ## prepare so we do not have to wait for rsync: ## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs - { file = "/home/makefu/store/125ffff";}; + { file = "/home/makefu/store/${ref}";}; secrets.file = if getEnv "dummy_secrets" == "true" then toString <stockholm/makefu/6tests/data/secrets> diff --git a/makefu/2configs/elchos/stats.nix b/makefu/2configs/elchos/stats.nix new file mode 100644 index 000000000..0282b04cf --- /dev/null +++ b/makefu/2configs/elchos/stats.nix @@ -0,0 +1,96 @@ +{ config, lib, pkgs, ... }: + +# graphite-web on port 8080 +# carbon cache on port 2003 (tcp/udp) +with config.krebs.lib; +let + sec = toString <secrets>; + acmepath = "/var/lib/acme/"; + acmechall = acmepath + "/challenges/"; + ext-dom = "stats.nsupdate.info"; + #ssl_cert = "${sec}/wildcard.krebsco.de.crt"; + #ssl_key = "${sec}/wildcard.krebsco.de.key"; + ssl_cert = "${acmepath}/${ext-dom}/fullchain.pem"; + ssl_key = "${acmepath}/${ext-dom}/key.pem"; +in { + networking.firewall = { + allowedTCPPorts = [ 2003 80 443 ]; + allowedUDPPorts = [ 2003 ]; + }; + + services.grafana = { + enable = true; + addr = "127.0.0.1"; + extraOptions = { "AUTH_ANONYMOUS_ENABLED" = "true"; }; + users.allowSignUp = false; + users.allowOrgCreate = false; + users.autoAssignOrg = false; + security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""} + }; + krebs.nginx = { + enable = true; + servers.elch-stats = { + server-names = [ ext-dom ]; + listen = [ "80" "443 ssl" ]; + ssl = { + enable = true; + # these certs will be needed if acme has not yet created certificates: + certificate = ssl_cert; + certificate_key = ssl_key; + force_encryption = true; + }; + + locations = [ + (nameValuePair "/" '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://localhost:3000/; + '') + (nameValuePair "/.well-known/acme-challenge" '' + root ${acmechall}/${ext-dom}/; + '') + ]; + }; + }; + + security.acme.certs."${ext-dom}" = { + email = "acme@syntax-fehler.de"; + webroot = "${acmechall}/${ext-dom}/"; + group = "nginx"; + allowKeysForGroup = true; + postRun = "systemctl reload nginx.service"; + extraDomains."${ext-dom}" = null ; + }; + + services.graphite = { + web = { + enable = true; + host = "127.0.0.1"; + port = 8080; + }; + carbon = { + enableCache = true; + # save disk usage by restricting to 1 bulk update per second + config = '' + [cache] + MAX_CACHE_SIZE = inf + MAX_UPDATES_PER_SECOND = 1 + MAX_CREATES_PER_MINUTE = 500 + ''; + storageSchemas = '' + [carbon] + pattern = ^carbon\. + retentions = 60:90d + + [elchos] + patterhn = ^elchos\. + retention = 10s:30d,60s:1y + + [default] + pattern = .* + retentions = 30s:30d,300s:1y + ''; + }; + }; +} diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix new file mode 100644 index 000000000..23fa8da08 --- /dev/null +++ b/makefu/2configs/filepimp-share.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +let + hostname = config.krebs.build.host.name; +in { + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/var/empty"; + }; + services.samba = { + enable = true; + shares = { + media = { + path = "/media/"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} diff --git a/makefu/2configs/hw/tp-x220.nix b/makefu/2configs/hw/tp-x220.nix index 58390e48d..2ec531e56 100644 --- a/makefu/2configs/hw/tp-x220.nix +++ b/makefu/2configs/hw/tp-x220.nix @@ -5,7 +5,7 @@ with config.krebs.lib; imports = [ ./tp-x2x0.nix ]; boot = { - kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; + kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" "tp_smapi" ]; extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; }; hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 9047cfb66..368465a8b 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -38,4 +38,8 @@ with config.krebs.lib; CPU_MIN_PERF_ON_BAT=0 CPU_MAX_PERF_ON_BAT=30 ''; + + powerManagement.resumeCommands = '' + {pkgs.rfkill}/bin/rfkill unblock all + ''; } diff --git a/makefu/2configs/iodined.nix b/makefu/2configs/iodined.nix index ca489d073..b1446eab4 100644 --- a/makefu/2configs/iodined.nix +++ b/makefu/2configs/iodined.nix @@ -5,8 +5,9 @@ let domain = "io.krebsco.de"; pw = import <secrets/iodinepw.nix>; in { + networking.firewall.allowedUDPPorts = [ 53 ]; - services.iodined = { + services.iodine = { server = { enable = true; domain = domain; diff --git a/makefu/2configs/nginx/icecult.nix b/makefu/2configs/nginx/icecult.nix new file mode 100644 index 000000000..a11f92af7 --- /dev/null +++ b/makefu/2configs/nginx/icecult.nix @@ -0,0 +1,28 @@ +{ config, pkgs, lib, ... }: + +with config.krebs.lib; + +let + icecult = pkgs.fetchFromGitHub { + owner = "kraiz"; + repo = "icecult"; + rev = "1942d43381a97f30111a48725f7532c343a6f4d7"; + sha256 = "0l8q7kw3w1kpvmy8hza9vr5liiycivbljkmwpacaifbay5y98z58"; + }; +in{ + krebs.nginx = { + enable = true; + servers.default = { + extraConfig = '' + root ${icecult}/app; + ''; + locations = [ + (nameValuePair "/rpc" '' + rewrite /rpc/(.*) /$1 break; + proxy_http_version 1.1; + proxy_pass http://10.42.22.163:3121; + '') + ]; + }; + }; +} diff --git a/makefu/2configs/rad1o.nix b/makefu/2configs/rad1o.nix index 03bb9bc7e..6eca69e0c 100644 --- a/makefu/2configs/rad1o.nix +++ b/makefu/2configs/rad1o.nix @@ -3,7 +3,7 @@ { environment.systemPackages = with pkgs; [ - gnuradio-full + gnuradio-with-packages gnuradio-osmosdr gqrx ]; diff --git a/makefu/2configs/solr.nix b/makefu/2configs/solr.nix new file mode 100644 index 000000000..cad9eabc1 --- /dev/null +++ b/makefu/2configs/solr.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +# graphite-web on port 8080 +# carbon cache on port 2003 (tcp/udp) +with config.krebs.lib; +let + solrHome = "/var/db/solr"; +in { + imports = [ ]; + users.users.solr = { + home = solrHome; + uid = genid "solr"; + createHome = true; + group = "solr"; + }; + users.groups.solr.gid = genid "solr"; + + services.solr = { + enable = true; + inherit solrHome; + user = "solr"; + group = "solr"; + }; +} diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index e0fbefa36..0d8f888fa 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -14,6 +14,8 @@ https://pypi.python.org/simple/xstatic/ http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ + https://github.com/amadvance/snapraid/releases.atom + https://erdgeist.org/gitweb/opentracker/commit/ ]; }; } |