summaryrefslogtreecommitdiffstats
path: root/shared/2configs/shack
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-06-04 06:20:54 +0200
committertv <tv@krebsco.de>2017-06-04 06:20:54 +0200
commit811ceaa243bf5241ca1189871c4426240962f04d (patch)
treef46006567b5f9279ebd9cb23de3eadb508f83c54 /shared/2configs/shack
parent4f58b884dda57db8106768a22a206d6605d6e3e5 (diff)
parente50bc4f3eb3dac13bba4ae6158e839a52455c3c3 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'shared/2configs/shack')
-rw-r--r--shared/2configs/shack/drivedroid.nix49
-rw-r--r--shared/2configs/shack/mqtt_sub.nix34
-rw-r--r--shared/2configs/shack/muell_caller.nix41
-rw-r--r--shared/2configs/shack/nix-cacher.nix28
-rw-r--r--shared/2configs/shack/share.nix38
5 files changed, 190 insertions, 0 deletions
diff --git a/shared/2configs/shack/drivedroid.nix b/shared/2configs/shack/drivedroid.nix
new file mode 100644
index 000000000..12e4a39c3
--- /dev/null
+++ b/shared/2configs/shack/drivedroid.nix
@@ -0,0 +1,49 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+let
+ root = "/var/srv/drivedroid";
+in
+{
+ environment.systemPackages = [ pkgs.drivedroid-gen-repo ];
+
+ services.nginx = {
+ enable = mkDefault true;
+ virtualHosts.shack-drivedroid = {
+ serverAliases = [
+ "drivedroid.shack"
+ ];
+ # TODO: prepare this somehow
+ locations."/".extraConfig = ''
+ root ${root};
+ index main.json;
+ '';
+ };
+ };
+
+ systemd.services.drivedroid-gen-repo = {
+ description = "generates drivedroid repo file";
+ path = [
+ pkgs.coreutils
+ pkgs.drivedroid-gen-repo
+ pkgs.inotify-tools
+ ];
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig = {
+ Type = "simple";
+ Restart = "always";
+ ExecStartPre = pkgs.writeDash "prepare-drivedroid-gen-repo" ''
+ mkdir -p ${root}/repos
+ '';
+ ExecStart = pkgs.writeDash "start-drivedroid-gen-repo" ''
+ set -efu
+ cd ${root}
+ while sleep 60; do
+ if inotifywait -r .; then
+ drivedroid-gen-repo repos > main.json
+ fi
+ done
+ '';
+ };
+ };
+}
diff --git a/shared/2configs/shack/mqtt_sub.nix b/shared/2configs/shack/mqtt_sub.nix
new file mode 100644
index 000000000..dafa06ba9
--- /dev/null
+++ b/shared/2configs/shack/mqtt_sub.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ pkg = pkgs.stdenv.mkDerivation {
+ name = "mqtt2graphite-2017-05-29";
+ src = pkgs.fetchgit {
+ url = "https://github.com/shackspace/mqtt2graphite/";
+ rev = "8c060e6";
+ sha256 = "06x7a1j6sfyvvdxg0366fcslhn478anqh4m5hljyf0z29knvz7pg";
+ };
+ buildInputs = [
+ (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [
+ docopt
+ paho-mqtt
+ ]))
+ ];
+ installPhase = ''
+ install -m755 -D sub.py $out/bin/sub
+ install -m755 -D sub2.py $out/bin/sub-new
+ '';
+ };
+in {
+ systemd.services.mqtt_sub = {
+ description = "subscribe to mqtt, send to graphite";
+ # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = "nobody";
+ ExecStart = "${pkg}/bin/sub-new";
+ PrivateTmp = true;
+ };
+ };
+}
diff --git a/shared/2configs/shack/muell_caller.nix b/shared/2configs/shack/muell_caller.nix
new file mode 100644
index 000000000..2d8d78e33
--- /dev/null
+++ b/shared/2configs/shack/muell_caller.nix
@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ pkg = pkgs.stdenv.mkDerivation {
+ name = "muell_caller-2017-06-01";
+ src = pkgs.fetchgit {
+ url = "https://github.com/shackspace/muell_caller/";
+ rev = "bbd4009";
+ sha256 = "1bfnfl2vdh0p5wzyz5p48qh04vvsg2445avg86fzhzragx25fqv0";
+ };
+ buildInputs = [
+ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
+ docopt
+ requests2
+ paramiko
+ python
+ ]))
+ ];
+ installPhase = ''
+ install -m755 -D call.py $out/bin/call-muell
+ '';
+ };
+ cfg = "${toString <secrets>}/tell.json";
+in {
+ systemd.services.call_muell = {
+ description = "call muell";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = "nobody"; # TODO separate user
+ ExecStartPre = pkgs.writeDash "call-muell-pre" ''
+ cp ${cfg} /tmp/tell.json
+ chown nobody /tmp/tell.json
+ '';
+ ExecStart = "${pkg}/bin/call-muell --cfg /tmp/tell.json --mode mpd loop 60";
+ Restart = "always";
+ PrivateTmp = true;
+ PermissionsStartOnly = true;
+ };
+ };
+}
diff --git a/shared/2configs/shack/nix-cacher.nix b/shared/2configs/shack/nix-cacher.nix
new file mode 100644
index 000000000..4fcbf3a4e
--- /dev/null
+++ b/shared/2configs/shack/nix-cacher.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+let
+ cfg = config.krebs.apt-cacher-ng;
+in
+{
+ krebs.apt-cacher-ng = {
+ enable = true;
+ port = 3142;
+ bindAddress = "localhost";
+ cacheExpiration = 30;
+ };
+
+ services.nginx = {
+ enable = mkDefault true;
+ virtualHosts.shack-nix-cacher = {
+ serverAliases = [
+ "acng.shack"
+ ];
+ locations."/".extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_pass http://localhost:${toString cfg.port}/;
+ '';
+ };
+ };
+}
diff --git a/shared/2configs/shack/share.nix b/shared/2configs/shack/share.nix
new file mode 100644
index 000000000..247b9ee7d
--- /dev/null
+++ b/shared/2configs/shack/share.nix
@@ -0,0 +1,38 @@
+{config, ... }:{
+ users.users.smbguest = {
+ name = "smbguest";
+ uid = config.ids.uids.smbguest;
+ group = "share";
+ description = "smb guest user";
+ home = "/home/share";
+ createHome = true;
+ };
+
+ networking.firewall.allowedTCPPorts = [
+ 139 445 # samba
+ ];
+
+ networking.firewall.allowedUDPPorts = [
+ 137 138
+ ];
+ services.samba = {
+ enable = true;
+ shares = {
+ share-home = {
+ path = "/home/share/";
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ };
+ extraConfig = ''
+ guest account = smbguest
+ map to guest = bad user
+ # disable printing
+ load printers = no
+ printing = bsd
+ printcap name = /dev/null
+ disable spoolss = yes
+ '';
+ };
+}