diff options
71 files changed, 1111 insertions, 230 deletions
diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix index 4cb8d247c..8dab11e16 100644 --- a/krebs/1systems/puyak/net.nix +++ b/krebs/1systems/puyak/net.nix @@ -1,11 +1,11 @@ let - ext-if = "enp0s25"; + ext-if = "et0"; shack-ip = "10.42.22.184"; shack-gw = "10.42.20.1"; in { services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="${ext-if}" ''; networking = { firewall.enable = false; @@ -13,7 +13,7 @@ in { interfaces."${ext-if}".ipv4.addresses = [ { address = shack-ip; - prefixLength = 20; + prefixLength = 22; } ]; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index c8e1e0386..f9fa037d3 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -108,12 +108,6 @@ in { ci = false; cores = 1; nets = { - lan = { - ip4.addr = "192.168.1.12"; - aliases = [ - "filepimp.lan" - ]; - }; retiolum.ip4.addr = "10.243.153.102"; }; }; @@ -123,12 +117,6 @@ in { cores = 2; nets = { - lan = { - ip4.addr = "192.168.1.11"; - aliases = [ - "omo.lan" - ]; - }; retiolum = { ip4.addr = "10.243.0.89"; aliases = [ @@ -143,13 +131,6 @@ in { ci = true; cores = 4; nets = { - lan = { - ip4.addr = "192.168.8.11"; - aliases = [ - "wbob.lan" - "log.wbob.lan" - ]; - }; retiolum = { ip4.addr = "10.243.214.15"; aliases = [ diff --git a/makefu/0tests/data/secrets/photoprism.nix b/makefu/0tests/data/secrets/photoprism.nix new file mode 100644 index 000000000..17811ec5f --- /dev/null +++ b/makefu/0tests/data/secrets/photoprism.nix @@ -0,0 +1,4 @@ +{ + db.username = "photoprism"; + db.password = "photoprism"; +} diff --git a/makefu/0tests/data/secrets/zigbee2mqtt.nix b/makefu/0tests/data/secrets/zigbee2mqtt.nix new file mode 100644 index 000000000..c67ff3865 --- /dev/null +++ b/makefu/0tests/data/secrets/zigbee2mqtt.nix @@ -0,0 +1,6 @@ +{ + mqtt.password = "hass"; + mqtt.username = "hass"; + zigbee.network_key = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ]; +} + diff --git a/makefu/1systems/filepimp/config.nix b/makefu/1systems/filepimp/config.nix index e023c2885..346de10ba 100644 --- a/makefu/1systems/filepimp/config.nix +++ b/makefu/1systems/filepimp/config.nix @@ -1,26 +1,13 @@ { config, pkgs, lib, ... }: +# nix-shell -p wol --run 'wol C8:CB:B8:CF:E4:DC --passwd=CA-FE-BA-BE-13-37' let - byid = dev: "/dev/disk/by-id/" + dev; - part1 = disk: disk + "-part1"; - rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890"; - primary-interface = "enp3s0"; # c8:cb:b8:cf:e4:dc - # N54L Chassis: - # ____________________ - # |______FRONT_______| - # | [ ]| - # | [ d1 ** d3 d4 ]| - # |___[_____________]| - jDisk1 = byid "ata-ST4000DM000-1F2168_Z3040NEA"; - - # transfer to omo - # jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; - jDisk2 = byid "ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E0621363"; - jDisk3 = byid "ata-TOSHIBA_MD04ACA400_156GK89OFSBA"; - allDisks = [ rootDisk jDisk1 jDisk2 jDisk3 ]; + itf = config.makefu.server.primary-itf; in { imports = [ # Include the results of the hardware scan. + ./hw.nix <stockholm/makefu> + <stockholm/makefu/2configs/home-manager> <stockholm/makefu/2configs/fs/single-partition-ext4.nix> <stockholm/makefu/2configs/smart-monitor.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> @@ -28,64 +15,12 @@ in { ]; krebs.build.host = config.krebs.hosts.filepimp; - # AMD N54L - boot = { - loader.grub.device = rootDisk; - - initrd.availableKernelModules = [ - "ahci" - "ohci_pci" - "ehci_pci" - "pata_atiixp" - "usb_storage" - "usbhid" - ]; - - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; - }; - hardware.enableRedistributableFirmware = true; - hardware.cpu.amd.updateMicrocode = true; - - zramSwap.enable = true; - - makefu.snapraid = let - toMedia = name: "/media/" + name; - in { - enable = true; - # todo combine creation when enabling the mount point - disks = map toMedia [ - # "j0" - "j1" - "j2" - ]; - parity = toMedia "par0"; - }; - # TODO: refactor, copy-paste from omo - services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' - ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} - ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} - ${pkgs.hdparm}/sbin/hdparm -y ${disk} - '') allDisks); - fileSystems = let - xfsmount = name: dev: - { "/media/${name}" = { - device = dev; fsType = "xfs"; - options = [ "nofail" ]; - }; }; - in - # (xfsmount "j0" (part1 jDisk0)) // - (xfsmount "j1" (part1 jDisk1)) // - (xfsmount "j2" (part1 jDisk2)) // - (xfsmount "par0" (part1 jDisk3)) - ; - networking.firewall.trustedInterfaces = [ primary-interface ]; + networking.firewall.trustedInterfaces = [ itf ]; services.wakeonlan.interfaces = [ { - interface = primary-interface; + interface = itf ; method = "password"; password = "CA:FE:BA:BE:13:37"; } diff --git a/makefu/1systems/filepimp/hw.nix b/makefu/1systems/filepimp/hw.nix new file mode 100644 index 000000000..6f02d9b1b --- /dev/null +++ b/makefu/1systems/filepimp/hw.nix @@ -0,0 +1,83 @@ +{ config, pkgs, lib, ... }: + +let + byid = dev: "/dev/disk/by-id/" + dev; + part1 = disk: disk + "-part1"; + rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890"; + primary-interface = "enp3s0"; # c8:cb:b8:cf:e4:dc + # N54L Chassis: + # ____________________ + # |______FRONT_______| + # | [ ]| + # | [ d1 d0 d3 d4 ]| + # |___[_____________]| + jDisk1 = byid "ata-ST4000DM000-1F2168_Z3040NEA"; + + # transfer to omo + jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; + jDisk2 = byid "ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E0621363"; + jDisk3 = byid "ata-TOSHIBA_MD04ACA400_156GK89OFSBA"; + allDisks = [ rootDisk jDisk0 jDisk1 jDisk2 jDisk3 ]; +in { + boot = { + loader.grub.device = rootDisk; + + initrd.availableKernelModules = [ + "ahci" + "ohci_pci" + "ehci_pci" + "pata_atiixp" + "usb_storage" + "usbhid" + ]; + + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; + makefu.server.primary-itf = primary-interface; + + hardware.enableRedistributableFirmware = true; + hardware.cpu.amd.updateMicrocode = true; + + zramSwap.enable = true; + + makefu.snapraid = let + toMedia = name: "/media/" + name; + in { + enable = true; + # todo combine creation when enabling the mount point + disks = map toMedia [ + "j0" + "j1" + "j2" + ]; + parity = toMedia "par0"; + }; + # TODO: refactor, copy-paste from omo + services.smartd.devices = builtins.map (x: { device = x; }) allDisks; + powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' + ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} + ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} + ${pkgs.hdparm}/sbin/hdparm -y ${disk} + '') allDisks); + fileSystems = let + xfsmount = name: dev: + { "/media/${name}" = { + device = dev; fsType = "xfs"; + options = [ "nofail" ]; + }; }; + tomedia = id: "/media/${id}"; + in + (xfsmount "j0" (part1 jDisk0)) // + (xfsmount "j1" (part1 jDisk1)) // + (xfsmount "j2" (part1 jDisk2)) // + (xfsmount "par0" (part1 jDisk3)) // + { "/media/jX" = { + device = (lib.concatMapStringsSep ":" (d: (tomedia d)) ["j0" "j1" "j2" ]); + fsType = "mergerfs"; + noCheck = true; + options = [ "defaults" "allow_other" "nofail" "nonempty" ]; + }; + }; + environment.systemPackages = [ pkgs.mergerfs ]; +} diff --git a/makefu/1systems/filepimp/source.nix b/makefu/1systems/filepimp/source.nix index b81a2bf4a..9930f0e42 100644 --- a/makefu/1systems/filepimp/source.nix +++ b/makefu/1systems/filepimp/source.nix @@ -1,3 +1,4 @@ { name="filepimp"; + home-manager = true; } diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 2fd99122a..83fbd8f83 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -43,6 +43,7 @@ in { <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/mosh.nix> + <stockholm/makefu/2configs/storj/forward-port.nix> # <stockholm/makefu/2configs/gui/xpra.nix> # networking @@ -147,7 +148,7 @@ in { <stockholm/makefu/2configs/deployment/boot-euer.nix> <stockholm/makefu/2configs/deployment/gecloudpad> <stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix> - <stockholm/makefu/2configs/deployment/docker/etherpad.euer.krebsco.de.nix> + <stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix> # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix> <stockholm/makefu/2configs/shiori.nix> @@ -156,6 +157,7 @@ in { <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix> <stockholm/makefu/2configs/bgt/hidden_service.nix> <stockholm/makefu/2configs/bgt/backup.nix> + <stockholm/makefu/2configs/bgt/social-to-irc.nix> # <stockholm/makefu/2configs/logging/client.nix> @@ -203,7 +205,10 @@ in { # Network networking = { firewall = { - allowedTCPPorts = [ 80 443 ]; + allowedTCPPorts = [ + 80 443 + 28967 # storj + ]; allowPing = true; logRefusedConnections = false; }; diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index a9e307ddf..a04593715 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -28,9 +28,11 @@ in { <stockholm/makefu/2configs/home-manager> <stockholm/makefu/2configs/home-manager/cli.nix> <stockholm/makefu/2configs/editor/neovim> + <stockholm/makefu/2configs/storj/client.nix> <stockholm/makefu/2configs/backup/state.nix> + <stockholm/makefu/2configs/backup/server.nix> <stockholm/makefu/2configs/exim-retiolum.nix> # <stockholm/makefu/2configs/smart-monitor.nix> <stockholm/makefu/2configs/mail-client.nix> @@ -68,7 +70,7 @@ in { <stockholm/makefu/2configs/tinc/retiolum.nix> # statistics - <stockholm/makefu/2configs/stats/client.nix> + # <stockholm/makefu/2configs/stats/client.nix> # Logging #influx + grafana <stockholm/makefu/2configs/stats/server.nix> @@ -91,13 +93,18 @@ in { <stockholm/makefu/2configs/virtualisation/docker.nix> <stockholm/makefu/2configs/bluetooth-mpd.nix> - <stockholm/makefu/2configs/ham> + <stockholm/makefu/2configs/home/ham> + <stockholm/makefu/2configs/home/airsonic.nix> + <stockholm/makefu/2configs/home/photoprism.nix> + <stockholm/makefu/2configs/home/metube.nix> { makefu.ps3netsrv = { enable = true; servedir = "/media/cryptX/emu/ps3"; }; } + + { hardware.pulseaudio.systemWide = true; makefu.mpd.musicDirectory = "/media/cryptX/music"; @@ -107,7 +114,15 @@ in { <stockholm/makefu/2configs/sshd-totp.nix> # <stockholm/makefu/2configs/logging/central-logging-client.nix> - <stockholm/makefu/2configs/torrent.nix> + # <stockholm/makefu/2configs/torrent.nix> + { + #krebs.rtorrent = { + # downloadDir = lib.mkForce "/media/cryptX/torrent"; + # extraConfig = '' + # upload_rate = 500 + # ''; + #}; + } # <stockholm/makefu/2configs/elchos/search.nix> # <stockholm/makefu/2configs/elchos/log.nix> @@ -118,16 +133,11 @@ in { # Temporary: # <stockholm/makefu/2configs/temp/rst-issue.nix> + <stockholm/makefu/2configs/bgt/social-to-irc.nix> ]; makefu.full-populate = true; nixpkgs.config.allowUnfree = true; - krebs.rtorrent = { - downloadDir = lib.mkForce "/media/cryptX/torrent"; - extraConfig = '' - upload_rate = 500 - ''; - }; users.groups.share = { gid = (import <stockholm/lib>).genid "share"; members = [ "makefu" "misa" ]; diff --git a/makefu/1systems/omo/hw/omo.nix b/makefu/1systems/omo/hw/omo.nix index 586ad98c4..ae5b778bf 100644 --- a/makefu/1systems/omo/hw/omo.nix +++ b/makefu/1systems/omo/hw/omo.nix @@ -51,6 +51,10 @@ in { enable = true; disks = map toMapper [ 0 1 3 ]; parity = toMapper 2; # find -name PARITY_PARTITION + extraConfig = '' + exclude /lib/storj/ + exclude /.bitcoin/blocks/ + ''; }; fileSystems = let cryptMount = name: diff --git a/makefu/1systems/tsp/config.nix b/makefu/1systems/tsp/config.nix index 7c65737f7..9586578d3 100644 --- a/makefu/1systems/tsp/config.nix +++ b/makefu/1systems/tsp/config.nix @@ -6,21 +6,26 @@ { imports = [ # Include the results of the hardware scan. + ./hardware.nix <stockholm/makefu> + <stockholm/makefu/2configs/nur.nix> <stockholm/makefu/2configs/home-manager> <stockholm/makefu/2configs/main-laptop.nix> + <stockholm/makefu/2configs/editor/neovim> + <stockholm/makefu/2configs/tools/core.nix> # <stockholm/makefu/2configs/tools/all.nix> <stockholm/makefu/2configs/fs/single-partition-ext4.nix> # hardware specifics are in here - # imports tp-x2x0.nix - <stockholm/makefu/2configs/hw/tp-x230.nix> <stockholm/makefu/2configs/hw/bluetooth.nix> <stockholm/makefu/2configs/hw/network-manager.nix> + # <stockholm/makefu/2configs/rad1o.nix> <stockholm/makefu/2configs/zsh-user.nix> - <stockholm/makefu/2configs/exim-retiolum.nix> + <stockholm/makefu/2configs/home-manager> + <stockholm/make |