diff options
author | tv <tv@krebsco.de> | 2017-06-04 06:20:54 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-06-04 06:20:54 +0200 |
commit | 811ceaa243bf5241ca1189871c4426240962f04d (patch) | |
tree | f46006567b5f9279ebd9cb23de3eadb508f83c54 /shared/2configs/shack | |
parent | 4f58b884dda57db8106768a22a206d6605d6e3e5 (diff) | |
parent | e50bc4f3eb3dac13bba4ae6158e839a52455c3c3 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'shared/2configs/shack')
-rw-r--r-- | shared/2configs/shack/drivedroid.nix | 49 | ||||
-rw-r--r-- | shared/2configs/shack/mqtt_sub.nix | 34 | ||||
-rw-r--r-- | shared/2configs/shack/muell_caller.nix | 41 | ||||
-rw-r--r-- | shared/2configs/shack/nix-cacher.nix | 28 | ||||
-rw-r--r-- | shared/2configs/shack/share.nix | 38 |
5 files changed, 190 insertions, 0 deletions
diff --git a/shared/2configs/shack/drivedroid.nix b/shared/2configs/shack/drivedroid.nix new file mode 100644 index 000000000..12e4a39c3 --- /dev/null +++ b/shared/2configs/shack/drivedroid.nix @@ -0,0 +1,49 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +let + root = "/var/srv/drivedroid"; +in +{ + environment.systemPackages = [ pkgs.drivedroid-gen-repo ]; + + services.nginx = { + enable = mkDefault true; + virtualHosts.shack-drivedroid = { + serverAliases = [ + "drivedroid.shack" + ]; + # TODO: prepare this somehow + locations."/".extraConfig = '' + root ${root}; + index main.json; + ''; + }; + }; + + systemd.services.drivedroid-gen-repo = { + description = "generates drivedroid repo file"; + path = [ + pkgs.coreutils + pkgs.drivedroid-gen-repo + pkgs.inotify-tools + ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + ExecStartPre = pkgs.writeDash "prepare-drivedroid-gen-repo" '' + mkdir -p ${root}/repos + ''; + ExecStart = pkgs.writeDash "start-drivedroid-gen-repo" '' + set -efu + cd ${root} + while sleep 60; do + if inotifywait -r .; then + drivedroid-gen-repo repos > main.json + fi + done + ''; + }; + }; +} diff --git a/shared/2configs/shack/mqtt_sub.nix b/shared/2configs/shack/mqtt_sub.nix new file mode 100644 index 000000000..dafa06ba9 --- /dev/null +++ b/shared/2configs/shack/mqtt_sub.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + pkg = pkgs.stdenv.mkDerivation { + name = "mqtt2graphite-2017-05-29"; + src = pkgs.fetchgit { + url = "https://github.com/shackspace/mqtt2graphite/"; + rev = "8c060e6"; + sha256 = "06x7a1j6sfyvvdxg0366fcslhn478anqh4m5hljyf0z29knvz7pg"; + }; + buildInputs = [ + (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [ + docopt + paho-mqtt + ])) + ]; + installPhase = '' + install -m755 -D sub.py $out/bin/sub + install -m755 -D sub2.py $out/bin/sub-new + ''; + }; +in { + systemd.services.mqtt_sub = { + description = "subscribe to mqtt, send to graphite"; + # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkg}/bin/sub-new"; + PrivateTmp = true; + }; + }; +} diff --git a/shared/2configs/shack/muell_caller.nix b/shared/2configs/shack/muell_caller.nix new file mode 100644 index 000000000..2d8d78e33 --- /dev/null +++ b/shared/2configs/shack/muell_caller.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + pkg = pkgs.stdenv.mkDerivation { + name = "muell_caller-2017-06-01"; + src = pkgs.fetchgit { + url = "https://github.com/shackspace/muell_caller/"; + rev = "bbd4009"; + sha256 = "1bfnfl2vdh0p5wzyz5p48qh04vvsg2445avg86fzhzragx25fqv0"; + }; + buildInputs = [ + (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ + docopt + requests2 + paramiko + python + ])) + ]; + installPhase = '' + install -m755 -D call.py $out/bin/call-muell + ''; + }; + cfg = "${toString <secrets>}/tell.json"; +in { + systemd.services.call_muell = { + description = "call muell"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; # TODO separate user + ExecStartPre = pkgs.writeDash "call-muell-pre" '' + cp ${cfg} /tmp/tell.json + chown nobody /tmp/tell.json + ''; + ExecStart = "${pkg}/bin/call-muell --cfg /tmp/tell.json --mode mpd loop 60"; + Restart = "always"; + PrivateTmp = true; + PermissionsStartOnly = true; + }; + }; +} diff --git a/shared/2configs/shack/nix-cacher.nix b/shared/2configs/shack/nix-cacher.nix new file mode 100644 index 000000000..4fcbf3a4e --- /dev/null +++ b/shared/2configs/shack/nix-cacher.nix @@ -0,0 +1,28 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +let + cfg = config.krebs.apt-cacher-ng; +in +{ + krebs.apt-cacher-ng = { + enable = true; + port = 3142; + bindAddress = "localhost"; + cacheExpiration = 30; + }; + + services.nginx = { + enable = mkDefault true; + virtualHosts.shack-nix-cacher = { + serverAliases = [ + "acng.shack" + ]; + locations."/".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://localhost:${toString cfg.port}/; + ''; + }; + }; +} diff --git a/shared/2configs/shack/share.nix b/shared/2configs/shack/share.nix new file mode 100644 index 000000000..247b9ee7d --- /dev/null +++ b/shared/2configs/shack/share.nix @@ -0,0 +1,38 @@ +{config, ... }:{ + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + group = "share"; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + + networking.firewall.allowedTCPPorts = [ + 139 445 # samba + ]; + + networking.firewall.allowedUDPPorts = [ + 137 138 + ]; + services.samba = { + enable = true; + shares = { + share-home = { + path = "/home/share/"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} |