summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/lass/default.nix32
-rw-r--r--krebs/3modules/miefda/default.nix40
-rw-r--r--krebs/5pkgs/krebszones/default.nix5
-rw-r--r--krebs/Zhosts/dishfire12
-rw-r--r--lass/1systems/dishfire.nix43
-rw-r--r--lass/1systems/mors.nix1
-rw-r--r--lass/1systems/uriel.nix1
-rw-r--r--lass/2configs/base.nix9
-rw-r--r--lass/2configs/baseX.nix1
-rw-r--r--lass/2configs/buildbot-standalone.nix78
-rw-r--r--lass/2configs/git.nix2
-rw-r--r--makefu/1systems/gum.nix5
-rw-r--r--makefu/1systems/omo.nix19
-rw-r--r--makefu/1systems/pornocauster.nix5
-rw-r--r--makefu/2configs/default.nix9
-rw-r--r--makefu/2configs/hw/tp-x2x0.nix7
-rw-r--r--makefu/2configs/nginx/omo-share.nix34
-rw-r--r--makefu/2configs/share-user-sftp.nix21
-rw-r--r--makefu/2configs/smart-monitor.nix5
-rw-r--r--makefu/2configs/vim.nix2
-rw-r--r--makefu/2configs/virtualization.nix1
-rw-r--r--makefu/2configs/wwan.nix36
-rw-r--r--makefu/2configs/zsh-user.nix3
-rw-r--r--makefu/3modules/default.nix1
-rw-r--r--makefu/3modules/umts.nix76
-rw-r--r--miefda/1systems/bobby.nix102
-rw-r--r--miefda/2configs/git.nix87
-rw-r--r--miefda/2configs/hardware-configuration.nix23
-rw-r--r--miefda/2configs/miefda.nix8
-rw-r--r--miefda/2configs/tinc-basic-retiolum.nix15
-rw-r--r--miefda/2configs/tlp.nix25
-rw-r--r--miefda/2configs/x220t.nix27
-rw-r--r--miefda/5pkgs/default.nix1
-rw-r--r--shared/1systems/test-minimal-deploy.nix2
35 files changed, 694 insertions, 45 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index ba1f425d9..65c1aa2ec 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -84,6 +84,7 @@ let
imp = mkMerge [
{ krebs = import ./lass { inherit lib; }; }
{ krebs = import ./makefu { inherit lib; }; }
+ { krebs = import ./miefda { inherit lib; }; }
{ krebs = import ./mv { inherit lib; }; }
{ krebs = import ./shared { inherit lib; }; }
{ krebs = import ./tv { inherit lib; }; }
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 26b0947bb..592ed475d 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -4,6 +4,38 @@ with lib;
{
hosts = addNames {
+ dishfire = {
+ cores = 4;
+ dc = "lass"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["144.76.172.188"];
+ aliases = [
+ "dishfire.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.133.99"];
+ addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"];
+ aliases = [
+ "dishfire.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
+ Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
+ uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
+ R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
+ vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
+ HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ #ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
+ };
echelon = {
cores = 2;
dc = "lass"; #dc = "cac";
diff --git a/krebs/3modules/miefda/default.nix b/krebs/3modules/miefda/default.nix
new file mode 100644
index 000000000..8ecf898c5
--- /dev/null
+++ b/krebs/3modules/miefda/default.nix
@@ -0,0 +1,40 @@
+{ lib, ... }:
+
+with lib;
+
+{
+ hosts = addNames {
+ bobby = {
+ cores = 4;
+ dc = "miefda";
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.111.112"];
+ addrs6 = ["42:0:0:0:0:0:111:112"];
+ aliases = [
+ "bobby.retiolum"
+ "cgit.bobby.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s
+ uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y
+ Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny
+ 0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+
+ jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu
+ cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ #ssh.privkey.path = <secrets/ssh.ed25519>;
+ #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
+ };
+ };
+ users = addNames {
+ miefda = {
+ mail = "miefda@miefda.de";
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVdNCks6mrItKHYIwgW3s+NINFhHqZtLPj3l6TJUWd93ZSuuI6P+Z/0m0G9Z4tWWaXWsOCnzMA2WOKcitBbLcaQxVypJfvmfoA5CVlh4/nf8NfvbMFkVIYPehxR7YoejfKOxPOCNC3248RiD8kqa4/5IF8qdqE+mRQUIZJXvN0jZZ+rGnYo5Z544O9JqsV+VjjOgK0Fchpxf/lC8dnBucIce7gUwi5npwsGQZgSDmRobBRFVDZag1abLFNZN2faI8uqzSlU6KRRapYV266Of7j3kmDokMan4szjP1EexmTWm+arwRiz9p0M5oKs6zofez0mOyF5ux02NB3XIhbJc8CfMjeA7PmSg4ZhghjlSjIOR+1mMIDiDVi6PNLw5atzvpyfYtpf5sWpdIpXCS0lyzIgasqW4gbAiWoFPv5A0mw0QI6UqlxQ8Pdm6R7P6yQxyknrxnvFGMQPiqgl21ssSNA9A+YRd4j0nATntzOeD1bxTZkyU4FtW++0hg3Ph6HiHLfPd9w70wPr7b0RITVnBcN2ZqIO+5NIqQYU801FCNXsTuBh0ueTsVTGJYySUGkmkHyH5spLYdr1Z5w+4W+HgbxPk40pyZJ18S0umL49igxR9NsniucFy1/jqqi0TiDIsHx6vsawFT1F2rq9ZtGaRcJL6Yfz0p+uZC5rc/nI+mMlQ== miefda@nixos";
+ };
+ };
+}
diff --git a/krebs/5pkgs/krebszones/default.nix b/krebs/5pkgs/krebszones/default.nix
index f6fd672dc..9230192bd 100644
--- a/krebs/5pkgs/krebszones/default.nix
+++ b/krebs/5pkgs/krebszones/default.nix
@@ -1,5 +1,10 @@
{ lib, pkgs,python3Packages,fetchurl, ... }:
+# TODO: Prepare a diff of future and current
+## ovh-zone export krebsco.de --config ~/secrets/krebs/cfg.json |sed 's/[ ]\+/ /g' | sort current
+## sed 's/[ ]\+/ /g'/etc/zones/krebsco.de | sort > future
+## diff future.sorted current.sorted
+
python3Packages.buildPythonPackage rec {
name = "krebszones-${version}";
version = "0.4.4";
diff --git a/krebs/Zhosts/dishfire b/krebs/Zhosts/dishfire
new file mode 100644
index 000000000..c4cf68b6b
--- /dev/null
+++ b/krebs/Zhosts/dishfire
@@ -0,0 +1,12 @@
+Address = 144.76.172.188
+Subnet = 10.243.133.99
+Subnet = 42:0000:0000:0000:0000:0000:d15f:1233
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
+Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
+uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
+R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
+vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
+HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
new file mode 100644
index 000000000..a1288d578
--- /dev/null
+++ b/lass/1systems/dishfire.nix
@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ ../2configs/base.nix
+ {
+ boot.loader.grub = {
+ device = "/dev/vda";
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "ehci_pci"
+ "uhci_hcd"
+ "virtio_pci"
+ "virtio_blk"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/mapper/pool-nix";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/vda1";
+ fsType = "ext4";
+ };
+ }
+ {
+ networking.dhcpcd.allowInterfaces = [
+ "enp*"
+ "eth*"
+ ];
+ }
+ {
+ sound.enable = false;
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.dishfire;
+}
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 61f57f1f9..effaa576b 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -25,6 +25,7 @@
../2configs/teamviewer.nix
../2configs/libvirt.nix
../2configs/fetchWallpaper.nix
+ ../2configs/buildbot-standalone.nix
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 1b008cbfd..d53e783d0 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -13,6 +13,7 @@ with builtins;
../2configs/retiolum.nix
../2configs/bitlbee.nix
../2configs/weechat.nix
+ ../2configs/skype.nix
{
users.extraUsers = {
root = {
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 66e12b262..ab7cda7d3 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -50,7 +50,8 @@ with lib;
source = {
git.nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
- rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119";
+ rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
+ target-path = "/var/src/nixpkgs";
};
dir.secrets = {
host = config.krebs.hosts.mors;
@@ -176,4 +177,10 @@ with lib;
noipv4ll
'';
+ #CVE-2016-0777 and CVE-2016-0778 workaround
+ #https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
+ programs.ssh.extraConfig = ''
+ UseRoaming no
+ '';
+
}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 0596682df..ede1c7b7b 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -31,6 +31,7 @@ in {
environment.systemPackages = with pkgs; [
+ dmenu
gitAndTools.qgit
mpv
much
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
new file mode 100644
index 000000000..4d02fb97a
--- /dev/null
+++ b/lass/2configs/buildbot-standalone.nix
@@ -0,0 +1,78 @@
+{ lib, config, pkgs, ... }:
+{
+ #networking.firewall.allowedTCPPorts = [ 8010 9989 ];
+ krebs.buildbot.master = {
+ slaves = {
+ testslave = "lasspass";
+ };
+ change_source.stockholm = ''
+ stockholm_repo = 'http://cgit.mors/stockholm'
+ cs.append(changes.GitPoller(
+ stockholm_repo,
+ workdir='stockholm-poller', branch='master',
+ project='stockholm',
+ pollinterval=120))
+ '';
+ scheduler = {
+ force-scheduler = ''
+ sched.append(schedulers.ForceScheduler(
+ name="force",
+ builderNames=["fast-tests"]))
+ '';
+ fast-tests-scheduler = ''
+ # test the master real quick
+ sched.append(schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch="master"),
+ name="fast-master-test",
+ builderNames=["fast-tests"]))
+ '';
+ };
+ builder_pre = ''
+ # prepare grab_repo step for stockholm
+ grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
+
+ env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"}
+
+ # prepare nix-shell
+ # the dependencies which are used by the test script
+ deps = [ "gnumake", "jq","nix","rsync" ]
+ # TODO: --pure , prepare ENV in nix-shell command:
+ # SSL_CERT_FILE,LOGNAME,NIX_REMOTE
+ nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
+
+ # prepare addShell function
+ def addShell(factory,**kwargs):
+ factory.addStep(steps.ShellCommand(**kwargs))
+ '';
+ builder = {
+ fast-tests = ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+ addShell(f,name="mors-eval",env=env,
+ command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"])
+
+ bu.append(util.BuilderConfig(name="fast-tests",
+ slavenames=slavenames,
+ factory=f))
+ '';
+ };
+ enable = true;
+ web.enable = true;
+ irc = {
+ enable = true;
+ nick = "lass-buildbot";
+ server = "cd.retiolum";
+ channels = [ "retiolum" ];
+ allowForce = true;
+ };
+ };
+
+ krebs.buildbot.slave = {
+ enable = true;
+ masterhost = "localhost";
+ username = "testslave";
+ password = "lasspass";
+ packages = with pkgs;[ git nix ];
+ extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
+ };
+}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 16ecaefec..10e54074c 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -74,7 +74,7 @@ let
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
- user = [ tv makefu uriel ];
+ user = [ tv makefu miefda uriel ];
repo = [ repo ];
perm = fetch;
} ++
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 1907424ec..ac7524506 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -21,7 +21,7 @@ in {
];
-
+ services.smartd.devices = [ { device = "/dev/sda";} ];
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
###### stable
@@ -32,6 +32,9 @@ in {
ListenAddress = ${external-ip} 655
ListenAddress = ${external-ip} 21031
'';
+ krebs.nginx.servers.cgit.server-names = [
+ "cgit.euer.krebsco.de"
+ ];
# Chat
environment.systemPackages = with pkgs;[
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index e19205a95..552af4e4f 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -27,10 +27,21 @@ in {
../2configs/exim-retiolum.nix
../2configs/smart-monitor.nix
../2configs/mail-client.nix
+ ../2configs/share-user-sftp.nix
+ ../2configs/nginx/omo-share.nix
../3modules
];
+ # services.openssh.allowSFTP = false;
krebs.build.host = config.krebs.hosts.omo;
+ krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
+
+ # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
+ services.sabnzbd.enable = true;
+ systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+
+ # HDD Array stuff
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
+
makefu.snapraid = let
toMapper = id: "/media/crypt${builtins.toString id}";
in {
@@ -38,7 +49,6 @@ in {
disks = map toMapper [ 0 1 ];
parity = toMapper 2;
};
- # AMD E350
fileSystems = let
cryptMount = name:
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
@@ -56,6 +66,7 @@ in {
${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
${pkgs.hdparm}/sbin/hdparm -y ${disk}
'') allDisks);
+
boot = {
initrd.luks = {
devices = let
@@ -87,10 +98,14 @@ in {
};
networking.firewall.allowedUDPPorts = [ 655 ];
+ # 8080: sabnzbd
+ networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
+
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
- #zramSwap.enable = true;
+ zramSwap.enable = true;
zramSwap.numDevices = 2;
+
}
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 690e26b36..d7fa8edc5 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -35,12 +35,14 @@
# ../2configs/mediawiki.nix
#../2configs/wordpress.nix
];
+ hardware.sane.enable = true;
+ hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ];
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
krebs.Reaktor = {
- enable = true;
+ enable = false;
nickname = "makefu|r";
plugins = with pkgs.ReaktorPlugins; [ nixos-version random-emoji ];
};
@@ -59,6 +61,7 @@
hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"}
load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"'';
+ networking.firewall.enable = false;
networking.firewall.allowedTCPPorts = [
25
];
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 7593eaff7..ec1100582 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -13,7 +13,7 @@ with lib;
./vim.nix
];
-
+ nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
krebs = {
enable = true;
search-domain = "retiolum";
@@ -65,7 +65,12 @@ with lib;
time.timeZone = "Europe/Berlin";
#nix.maxJobs = 1;
- programs.ssh.startAgent = false;
+ programs.ssh = {
+ startAgent = false;
+ extraConfig = ''
+ UseRoaming no
+ '';
+ };
services.openssh.enable = true;
nix.useChroot = true;
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index 047895ce6..ebc72a06e 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -24,5 +24,12 @@ with lib;
services.tlp.enable = true;
services.tlp.extraConfig = ''
START_CHARGE_THRESH_BAT0=80
+
+ CPU_SCALING_GOVERNOR_ON_AC=performance
+ CPU_SCALING_GOVERNOR_ON_BAT=ondemand
+ CPU_MIN_PERF_ON_AC=0
+ CPU_MAX_PERF_ON_AC=100
+ CPU_MIN_PERF_ON_BAT=0
+ CPU_MAX_PERF_ON_BAT=30
'';
}
diff --git a/makefu/2configs/nginx/omo-share.nix b/makefu/2configs/nginx/omo-share.nix
new file mode 100644
index 000000000..ce85e0442
--- /dev/null
+++ b/makefu/2configs/nginx/omo-share.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ hostname = config.krebs.build.host.name;
+ # TODO local-ip from the nets config
+ local-ip = "192.168.1.11";
+ # local-ip = head config.krebs.build.host.nets.retiolum.addrs4;
+in {
+ krebs.nginx = {
+ enable = mkDefault true;
+ servers = {
+ omo-share = {
+ listen = [ "${local-ip}:80" ];
+ locations = singleton (nameValuePair "/" ''
+ autoindex on;
+ root /media;
+ limit_rate_after 100m;
+ limit_rate 5m;
+ mp4_buffer_size 4M;
+ mp4_max_buffer_size 10M;
+ allow all;
+ access_log off;
+ keepalive_timeout 65;
+ keepalive_requests 200;
+ reset_timedout_connection on;
+ sendfile on;
+ tcp_nopush on;
+ gzip off;
+ '');
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/share-user-sftp.nix b/makefu/2configs/share-user-sftp.nix
new file mode 100644
index 000000000..2c93143ec
--- /dev/null
+++ b/makefu/2configs/share-user-sftp.nix
@@ -0,0 +1,21 @@
+{ config, ... }:
+
+{
+ users.users = {
+ share = {
+ uid = 9002;
+ home = "/var/empty";
+ openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
+ };
+ };
+ # we will use internal-sftp to make uncomplicated Chroot work
+ services.openssh.extraConfig = ''
+ Match User share
+ ChrootDirectory /media
+ ForceCommand internal-sftp
+ AllowTcpForwarding no
+ PermitTunnel no
+ X11Forwarding no
+ Match All
+ '';
+}
diff --git a/makefu/2configs/smart-monitor.nix b/makefu/2configs/smart-monitor.nix
index 9b0290a9b..daf3aad01 100644
--- a/makefu/2configs/smart-monitor.nix
+++ b/makefu/2configs/smart-monitor.nix
@@ -3,6 +3,7 @@
krebs.exim-retiolum.enable = lib.mkDefault true;
services.smartd = {
enable = true;
+ autodetect = false;
notifications = {
mail = {
enable = true;
@@ -12,8 +13,6 @@
# short daily, long weekly, check on boot
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
- devices = lib.mkDefault [{
- device = "/dev/sda";
- }];
+ devices = lib.mkDefault [ ];
};
}
diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix
index 02a46d22a..227d73c81 100644
--- a/makefu/2configs/vim.nix
+++ b/makefu/2configs/vim.nix
@@ -122,7 +122,7 @@ in {
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
vimrcConfig.vam.pluginDictionaries = [
{ names = [ "undotree"
- "YouCompleteMe"
+ # "YouCompleteMe"
"vim-better-whitespace" ]; }
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
];
diff --git a/makefu/2configs/virtualization.nix b/makefu/2configs/virtualization.nix
index b3f8c8284..b90467ab8 100644
--- a/makefu/2configs/virtualization.nix
+++ b/makefu/2configs/virtualization.nix
@@ -5,4 +5,5 @@ let
in {
virtualisation.libvirtd.enable = true;
users.extraUsers.${mainUser.name}.extraGroups = [ "libvirtd" ];
+ networking.firewall.checkReversePath = false; # TODO: unsolved issue in nixpkgs:#9067 [bug]
}
diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/wwan.nix
index 29a610ac6..1e76cd28a 100644
--- a/makefu/2configs/wwan.nix
+++ b/makefu/2configs/wwan.nix
@@ -1,33 +1,9 @@
-{ config, lib, pkgs, ... }:
+_:
-#usage: $ wvdial
-
-let
- mainUser = config.krebs.build.user;
-in {
- environment.systemPackages = with pkgs;[
- wvdial
- ];
-
- environment.shellAliases = {
- umts = "sudo wvdial netzclub";
+{
+ imports = [ ../3modules ];
+ makefu.umts = {
+ enable = true;
+ modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
};
-
- # configure for NETZCLUB
- environment.wvdial.dialerDefaults = ''
- Phone = *99***1#
- Dial Command = ATDT
- Modem = /dev/ttyACM0
- Baud = 460800
- Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
- Init2 = ATZ
- Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
- ISDN = 0
- Modem Type = Analog Modem
- Username = netzclub
- Password = netzclub
- Stupid Mode = 1
- Idle Seconds = 0'';
-
- users.extraUsers.${mainUser.name}.extraGroups = [ "dialout" ];
}
diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix
index 1b1762418..f79f258f3 100644
--- a/makefu/2configs/zsh-user.nix
+++ b/makefu/2configs/zsh-user.nix
@@ -19,8 +19,7 @@ in
bindkey -e
# shift-tab
bindkey '^[[Z' reverse-menu-complete
-
- autoload -U compinit && compinit
+ bindkey "\e[3~" delete-char
zstyle ':completion:*' menu select
# load gpg-agent
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index 218c9138e..f007a8418 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -3,6 +3,7 @@ _:
{
imports = [
./snapraid.nix
+ ./umts.nix
];
}
diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix
new file mode 100644
index 000000000..d7be45f62
--- /dev/null
+++ b/makefu/3modules/umts.nix
@@ -0,0 +1,76 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ # TODO: currently it is only netzclub
+ umts-bin = pkgs.writeScriptBin "umts" ''
+ #!/bin/sh
+ set -euf
+ systemctl start umts
+ trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
+ echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
+ journalctl -xfu umts
+ '';
+
+ wvdial-defaults = ''
+ Phone = *99***1#
+ Dial Command = ATDT
+ Modem = ${cfg.modem-device}
+ Baud = 460800
+ Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
+ Init2 = ATZ
+ Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
+ ISDN = 0
+ Modem Type = Analog Modem
+ Username = netzclub
+ Password = netzclub
+ Stupid Mode = 1
+ Idle Seconds = 0'';
+
+ cfg = config.makefu.umts;
+
+ out = {
+ options.makefu.umts = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "umts";
+
+ modem-device = mkOption {
+ default = "/dev/ttyUSB0";
+ type = types.str;
+ description = ''
+ path to modem device, use <filename>/dev/serial/by-id/...</filename>
+ to avoid race conditions.
+ '';
+ };
+ };
+
+ imp = {
+ environment.shellAliases = {
+ umts = "sudo ${umts-bin}/bin/umts";
+ };
+ environment.systemPackages = [ ];
+
+ environment.wvdial.dialerDefaults = wvdial-defaults;
+
+ systemd.targets.network-umts = {
+ description = "System is running on UMTS";
+ unitConfig.StopWhenUnneeded = true;
+ };
+
+ systemd.services.umts = {
+ description