diff options
40 files changed, 355 insertions, 206 deletions
diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix index 224a38ac3..82f8ec942 100644 --- a/krebs/2configs/exim-smarthost.nix +++ b/krebs/2configs/exim-smarthost.nix @@ -22,13 +22,11 @@ in { tv ]; in { - "anmeldung@eloop.org" = eloop-ml; "brain@krebsco.de" = brain-ml; - "cfp2019@eloop.org" = eloop-ml; - "eloop2019@krebsco.de" = eloop-ml; - "kontakt@eloop.org" = eloop-ml; - "root@eloop.org" = eloop-ml; - "youtube@eloop.org" = eloop-ml; + "eloop2022@krebsco.de" = eloop-ml; + "root@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead + "spam@eloop.org" = eloop-ml; + "youtube@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead "postmaster@krebsco.de" = spam-ml; # RFC 822 "lass@krebsco.de" = lass; "makefu@krebsco.de" = makefu; diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 205cc96f4..2ed0b08fb 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -71,12 +71,12 @@ let ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \ | ${pkgs.coreutils}/bin/tail +2 \ | ${pkgs.miller}/bin/mlr --icsv --opprint cat \ - | ${pkgs.gnused}/bin/sed 's/^/the_/' + | ${pkgs.gnused}/bin/sed 's/^\(.\)/\1/' ''; }; } { - pattern = ''^([\H-]*):?\s+([+-][1-9][0-9]*)\s+(\S+)$''; + pattern = ''^([\H-]*?):?\s+([+-][1-9][0-9]*)\s+(\S+)$''; activate = "match"; arguments = [1 2 3]; command = { diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 2d73da884..8ea727dc7 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -102,6 +102,7 @@ let imp = lib.mkMerge [ { krebs = import ./external { inherit config; }; } + { krebs = import ./external/dbalan.nix { inherit config; }; } { krebs = import ./external/kmein.nix { inherit config; }; } { krebs = import ./external/mic92.nix { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; } diff --git a/krebs/3modules/external/dbalan.nix b/krebs/3modules/external/dbalan.nix new file mode 100644 index 000000000..301f010d3 --- /dev/null +++ b/krebs/3modules/external/dbalan.nix @@ -0,0 +1,50 @@ +with import <stockholm/lib>; +{ config, ... }: +let + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + owner = config.krebs.users.dbalan; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum = { + ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }; + } // optionalAttrs (host.nets?wiregrill) { + nets.wiregrill = { + ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + }; + }); +in +{ + users = rec { + dbalan = { + mail = "dbalan@thaum.space"; + pubkey = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAiWF+U3VHNfp1IPU0/TWhMioxJvmoyG1AMZMvnQjy5QAAAABHNzaDo= dj@v60"; + }; + }; + hosts = mapAttrs hostDefaults { + v60 = { + nets.retiolum = { + aliases = [ "v60.dbalan.r" ]; + ip4.addr = "10.243.42.12"; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxVRxcCWfjLu9cNo5ELfXyuwhpJBSfod5f9JkclSpydVHaQBfeVC6 + RKfdknQVL6RXiCMFsSAvCvmnIohmpUCbiQWu29P/g0jzQZZ7zNx5L7JHy18x9qAr + 1scu7FRdVErVuWKXXNt0+j45dA+u5HE6RLsjAHGYtQbAr21VLyLF3qq11IWNrFYU + uqSnM/ZPbOPPHLS8XtsQRdJ2cOkccSCO4W6xBar92aPFuDImH60VuxMFEKYWY2bz + p6q0K0rtRqW1qANTV62SUDeA1wMPlSmvnMFY7qesSLk6tJjJ02HwwiOvK2ov1/Rm + bpwcrqrrbUxbCaZC6t7pBBxUOZlGfnO3woZQm63+4TEw/YDHhxD0HbhH88Wc+eHy + I73tuL1oc01JxL131bJV6jcHG7LrG7wTsTdDaZpjbH54adJP47QpTMb0ggsx2WkD + mpxFFSnTZL7ghZO5NGPvidTBp+wJiSOv5igAjA72CvjR3tOF4d5Lsq4JsQeCStjA + OPrIrN0AnJRg2IFDXZEGwTS9AbLWX147O9VrNimLzezOylH4Eihn7GUJ5KLIPjLy + AvsgIYljoJuhGbM8QoWlakwqOndMeoqhz52ORZ5CDgfybJJEbyrYF8gYFVNJOzds + 9gy/F+27TwfjMgcheN2+ogJp+lD754aCF0EJMwaK8ElzQLqAzbBRGAsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "dcPFpCG94cq1KHD4TH9WgOl9fpc1589YvWkmnkEZcSC"; + }; + }; + }; +} diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index d63a6b306..3bd2c1b7b 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -681,27 +681,6 @@ in { }; }; }; - jarvis = { - owner = config.krebs.users.mic92; - nets = rec { - internet.addrs = [ "jarvis.thalheim.io" ]; - retiolum = { - via = internet; - aliases = [ "jarvis.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA7PtJlYBpBr2TK5CAvAukkGvj+esC+sMPKd3mO9iDwdViBrqKdf+D - yEy8SI80Y02dpkL97NjvnzepKpyGQWpG1ZQflJLhCTj7oFyVpWd4XsbIuzYp5ES6 - r8qKWs2xcItc1pbW0ZmrCBzdWsC1B0VAHlYkiz+7vM6pCTvg6hNQugP4c1TRCtJC - Sr+n+EjTXN/NTaKl+f7eoHJGnT5liDO3/xZVxm8AuLnron1xPPDghXClVHfDj5mt - f66f+CLwZhq3BrZuptwXp7TerMfrNtPyTx96b+EyuLPjrYxKeKL/+Nbr3VmmiDIV - tsraNc+0a8OBpVsYh4MQLp55NYwqxAoetQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "RRkMnGSg+nMkz4L2iqmdFf2fIf4wIfcTM0TlTWLLNCE"; - }; - }; - }; bernie = { owner = config.krebs.users.mic92; nets = rec { diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix index 7bdf5bb7c..eec719f27 100644 --- a/krebs/3modules/github-known-hosts.nix +++ b/krebs/3modules/github-known-hosts.nix @@ -57,6 +57,7 @@ "20.201.28.151" "20.205.243.166" "102.133.202.242" + "20.248.137.48" "18.181.13.223" "54.238.117.237" "54.168.17.15" @@ -70,6 +71,7 @@ "20.201.28.152" "20.205.243.160" "102.133.202.246" + "20.248.137.50" ]; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; }; diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix index e8037128d..9ed5f29c5 100644 --- a/krebs/3modules/iana-etc.nix +++ b/krebs/3modules/iana-etc.nix @@ -34,7 +34,7 @@ with import <stockholm/lib>; '') (filter (proto: entry.${proto} != null) ["tcp" "udp"])} '') (attrValues config.krebs.iana-etc.services)} - cat ${pkgs.iana_etc}/etc/services + cat ${pkgs.iana-etc}/etc/services } | sort -b -k 2,2 -u > $out ''); diff --git a/krebs/5pkgs/haskell/reaktor2/default.nix b/krebs/5pkgs/haskell/reaktor2/default.nix index 9ff2bd883..7f89c0b1f 100644 --- a/krebs/5pkgs/haskell/reaktor2/default.nix +++ b/krebs/5pkgs/haskell/reaktor2/default.nix @@ -1,18 +1,18 @@ { mkDerivation, aeson, async, attoparsec, base, blessings -, bytestring, containers, data-default, fetchgit, filepath -, hashable, lens, lens-aeson, network, network-simple -, network-simple-tls, network-uri, pcre-light, process, random -, servant-server, lib, string-conversions, stringsearch, text -, time, transformers, unagi-chan, unix, unordered-containers -, vector, wai, warp +, bytestring, containers, data-default, filepath, hashable, lens +, lens-aeson, lib, network, network-simple, network-simple-tls +, network-uri, pcre-light, process, random, servant-server +, string-conversions, stringsearch, text, time, transformers +, unagi-chan, unix, unordered-containers, vector, wai, warp +, fetchgit }: -mkDerivation rec { +mkDerivation { pname = "reaktor2"; - version = "0.4.0a"; + version = "0.4.2"; src = fetchgit { - url = "https://cgit.lassul.us/reaktor2"; - sha256 = "sha256-x1i2TWcycYVFij6832xaBiQa1RQ1VmSfu5Qt1QrUtds="; - rev = "6d3eb6de5e770ee26874bb7449934f0c55bd1efa"; + url = "https://cgit.krebsco.de/reaktor2"; + hash = "sha256-JPQyy0hDSH5JqQGjwoO5BNsD4qk+GKP1VH+j4/2cqes"; + rev = "53a11f421fb18e8687fa06e5511cea8bd9defc36"; fetchSubmodules = true; }; isLibrary = false; diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix index fe13b4309..ae42bc1a3 100644 --- a/krebs/5pkgs/override/default.nix +++ b/krebs/5pkgs/override/default.nix @@ -10,20 +10,17 @@ self: super: { }); flameshot = super.flameshot.overrideAttrs (old: rec { - patches = old.patches or [] ++ { - "0.6.0" = [ - ./flameshot/flameshot_imgur_0.6.0.patch - ]; - "0.9.0" = [ - ./flameshot/flameshot_imgur_0.9.0.patch - ]; - "0.10.1" = [ - ./flameshot/flameshot_imgur_0.9.0.patch - ]; - "0.10.2" = [ - ./flameshot/flameshot_imgur_0.9.0.patch - ]; - }.${old.version} or []; + name = "flameshot-${version}"; + version = "0.10.2"; + src = self.fetchFromGitHub { + owner = "flameshot-org"; + repo = "flameshot"; + rev = "v${version}"; + sha256 = "sha256-rZUiaS32C77tFJmEkw/9MGbVTVscb6LOCyWaWO5FyR4="; + }; + patches = old.patches or [] ++ [ + ./flameshot/flameshot_imgur_0.10.2.patch + ]; }); # https://github.com/proot-me/PRoot/issues/106 diff --git a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.10.2.patch index c4c0bf38a..c4c0bf38a 100644 --- a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch +++ b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.10.2.patch diff --git a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch deleted file mode 100644 index 92023554a..000000000 --- a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch +++ /dev/null @@ -1,34 +0,0 @@ ---- a/src/tools/imgur/imguruploader.cpp -+++ b/src/tools/imgur/imguruploader.cpp -@@ -40,6 +40,7 @@ - #include <QTimer> - #include <QJsonDocument> - #include <QJsonObject> -+#include <stdlib.h> - - ImgurUploader::ImgurUploader(const QPixmap &capture, QWidget *parent) : - QWidget(parent), m_pixmap(capture) -@@ -74,7 +75,10 @@ void ImgurUploader::handleReply(QNetworkReply *reply) { - QJsonObject json = response.object(); - QJsonObject data = json["data"].toObject(); - m_imageURL.setUrl(data["link"].toString()); -- m_deleteImageURL.setUrl(QString("https://imgur.com/delete/%1").arg( -+ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL"); -+ if (deleteImageURLPattern == NULL) -+ deleteImageURLPattern = "https://imgur.com/delete/%1"; -+ m_deleteImageURL.setUrl(QString(deleteImageURLPattern).arg( - data["deletehash"].toString())); - onUploadOk(); - } else { -@@ -105,7 +109,10 @@ void ImgurUploader::upload() { - QString description = FileNameHandler().parsedPattern(); - urlQuery.addQueryItem("description", description); - -- QUrl url("https://api.imgur.com/3/image"); -+ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL"); -+ if (createImageURLPattern == NULL) -+ createImageURLPattern = "https://api.imgur.com/3/image"; -+ QUrl url(createImageURLPattern); - url.setQuery(urlQuery); - QNetworkRequest request(url); - request.setHeader(QNetworkRequest::ContentTypeHeader, diff --git a/krebs/5pkgs/simple/cidr2glob.nix b/krebs/5pkgs/simple/cidr2glob.nix index 9b0b3f86b..47a75ea41 100644 --- a/krebs/5pkgs/simple/cidr2glob.nix +++ b/krebs/5pkgs/simple/cidr2glob.nix @@ -1,6 +1,7 @@ -{ python, writeScriptBin, ... }: +{ python3, writeScriptBin, ... }: let + python = python3; pythonEnv = python.withPackages (ps: [ ps.netaddr ]); in writeScriptBin "cidr2glob" '' @@ -25,6 +26,6 @@ in if __name__ == "__main__": for cidr in sys.stdin: for glob in cidr2glob(cidr): - print glob + print(glob) '' diff --git a/krebs/5pkgs/simple/veroroute.nix b/krebs/5pkgs/simple/veroroute.nix new file mode 100644 index 000000000..e40c98e75 --- /dev/null +++ b/krebs/5pkgs/simple/veroroute.nix @@ -0,0 +1,28 @@ +{ pkgs }: + +pkgs.stdenv.mkDerivation rec { + pname = "veroroute"; + version = "2.28"; + + src = pkgs.fetchurl { + url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz"; + sha256 = "04dig0g4v1rz50mjj1k6jk99rqbg24hdx8kzrlwv0dlxm567lvc7"; + }; + + buildInputs = [ + pkgs.qt5.qtbase + ]; + nativeBuildInputs = [ + pkgs.qt5.wrapQtAppsHook + ]; + + buildPhase = '' + qmake Src/veroroute.pro + make + ''; + + installPhase = '' + sed -i 's;/usr;;g' veroroute-install.sh + pkgdir=$out bash ./veroroute-install.sh + ''; +} diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 49d65160d..9c50f9709 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "5ce6597eca7d7b518c03ecda57d45f9404b5e060", - "date": "2022-05-24T17:55:48+02:00", - "path": "/nix/store/glvcj0zmqq9z5wf6bppnppbpf8w85iwf-nixpkgs", - "sha256": "1hs1lnnbp1dky3nfp7xlricpp5c63sr46jyrnvykci8bl8jnxnl3", + "rev": "e4d49de45a3b5dbcb881656b4e3986e666141ea9", + "date": "2022-07-18T18:21:45+02:00", + "path": "/nix/store/665hb1ysmaadwh4axp7f9inhczq08xay-nixpkgs", + "sha256": "0y0c9ybkcfmjgrl93wzzlk7ii95kh2fb4v5ac5w6rmcsq2ff3yaz", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index e6dbcf37b..799399ea7 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "8b538fcb329a7bc3d153962f17c509ee49166973", - "date": "2022-06-15T15:30:32+08:00", - "path": "/nix/store/7r9xwvy1qc2m88cpx8sz494ad08whgqg-nixpkgs", - "sha256": "08797zlq57i8bi8f89j38ymi8nwp5hp0vh62162k526qf6v3paqz", + "rev": "e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6", + "date": "2022-07-19T15:32:15+02:00", + "path": "/nix/store/4dcxnk4xplx79xrwxg2m6pqh8b5k6ya0-nixpkgs", + "sha256": "1j73j17g852zfc75b7ll4avp30pnyvm37pgm66cz844phkv5ywfg", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/lass/2configs/fysiirc.nix b/lass/2configs/fysiirc.nix index e12eda42e..809298df4 100644 --- a/lass/2configs/fysiirc.nix +++ b/lass/2configs/fysiirc.nix @@ -10,8 +10,7 @@ ${write_to_irc} "$(echo "$INPUT" | jq -r ' "\(.action): " + "[\(.issue.title // .pull_request.title)] " + - "\(.comment.html_url // .issue.html_url // .pull_request.html_url) " + - "by \(.comment.user.login // .issue.user.login // .pull_request.user.login)" + "\(.comment.html_url // .issue.html_url // .pull_request.html_url) " ')" fi ''; @@ -58,16 +57,16 @@ in { case "$Method $Request_URI" in "POST /") payload=$(head -c "$req_content_length") - echo "$payload" >&2 + raw=$(printf '%s' "$payload" | ${pkgs.curl}/bin/curl --data-binary @- http://p.krebsco.de | tail -1) payload2=$payload - payload2=$(echo "$payload" | tr '\n' ' ' | tr -d '\r') + payload2=$(printf '%s' "$payload" | tr '\n' ' ' | tr -d '\r') if [ "$payload" != "$payload2" ]; then echo "payload has been mangled" >&2 else echo "payload not mangled" >&2 fi - echo "$payload2" > /tmp/last_fysi_payload echo "$payload2" | ${format-github-message}/bin/format-github-message + ${write_to_irc} "$raw" printf 'HTTP/1.1 200 OK\r\n' printf 'Connection: close\r\n' printf '\r\n' diff --git a/lass/2configs/radio/default.nix b/lass/2configs/radio/default.nix index b8d958865..2f503eae9 100644 --- a/lass/2configs/radio/default.nix +++ b/lass/2configs/radio/default.nix @@ -168,7 +168,7 @@ in { output.icecast(mount = '/music.mp3', password = 'hackme', %mp3.vbr(), source) output.icecast(mount = '/music.opus', password = 'hackme', %opus(bitrate = 96), source) - extra_input = audio_to_stereo(input.harbor("live", port=1338)) + extra_input = amplify(1.4, audio_to_stereo(input.harbor("live", port=1338))) o = smooth_add(normal = source, special = extra_input) output.icecast(mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), o) diff --git a/lass/2configs/radio/weather_for_ips.py b/lass/2configs/radio/weather_for_ips.py index f7cc2dace..587cc1f28 100644 --- a/lass/2configs/radio/weather_for_ips.py +++ b/lass/2configs/radio/weather_for_ips.py @@ -25,9 +25,9 @@ for ip in fileinput.input(): output.append( f'Weather report for {location.city.name}, {location.country.name}. ' f'Currently it is {weather["current"]["weather"][0]["description"]} outside ' - f'with a temperature of {weather["current"]["temp"]} degrees, ' - f'and a wind speed of {weather["current"]["wind_speed"]} meters per second. ' - f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100} percent. ' + f'with a temperature of {weather["current"]["temp"]:.1f} degrees, ' + f'and a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second. ' + f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. ' ) print('\n'.join(output)) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index fe4d78a3b..90a0a5a72 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -104,7 +104,7 @@ in { services.nextcloud = { enable = true; hostName = "o.xanf.org"; - package = pkgs.nextcloud23; + package = pkgs.nextcloud24; config = { adminpassFile = "/run/nextcloud.pw"; overwriteProtocol = "https"; diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 570bb45be..3a0b1306c 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -2,6 +2,7 @@ _: { imports = [ ./dnsmasq.nix + ./drbd.nix ./folderPerms.nix ./hosts.nix ./klem.nix diff --git a/lass/3modules/drbd.nix b/lass/3modules/drbd.nix new file mode 100644 index 000000000..816e58f0a --- /dev/null +++ b/lass/3modules/drbd.nix @@ -0,0 +1,118 @@ +{ config, lib, pkgs, ... }: let + cfg = config.lass.drbd; + slib = import <stockholm/lib>; +in { + options = { + lass.drbd = lib.mkOption { + default = {}; + type = lib.types.attrsOf (lib.types.submodule ({ config, ... }: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = config._module.args.name; + }; + blockMinor = lib.mkOption { + type = lib.types.int; + default = lib.mod (slib.genid config.name) 16000; # TODO get max_id fron drbd + }; + port = lib.mkOption { + type = lib.types.int; + default = 20000 + config.blockMinor; + }; + peers = lib.mkOption { + type = lib.types.listOf slib.types.host; + }; + disk = lib.mkOption { + type = lib.types.str; + default = "/dev/loop${toString config.blockMinor}"; + }; + drbdConfig = lib.mkOption { + type = lib.types.path; + internal = true; + default = pkgs.writeText "drbd-${config.name}.conf" '' + resource ${config.name} { + net { + protocol a; + ping-int 10; + } + device minor ${toString config.blockMinor}; + disk ${config.disk}; + meta-disk internal; + ${slib.indent (lib.concatStrings (lib.imap1 (i: peer: /* shell */ '' + on ${peer.name} { + address ${peer.nets.retiolum.ip4.addr}:${toString config.port}; + node-id ${toString i}; + } + '') config.peers))} + connection-mesh { + hosts ${lib.concatMapStringsSep " " (peer: peer.name) config.peers}; + } + } + ''; + }; + }; + })); + }; + }; + config = lib.mkIf (cfg != {}) { + boot.extraModulePackages = [ + (pkgs.linuxPackages.callPackage ../5pkgs/drbd9/default.nix {}) + ]; + boot.extraModprobeConfig = '' + options drbd usermode_helper=/run/current-system/sw/bin/drbdadm + ''; + services.udev.packages = [ pkgs.drbd ]; + boot.kernelModules = [ "drbd" ]; + + environment.systemPackages = [ pkgs.drbd ]; + + + networking.firewall.allowedTCPPorts = map (device: device.port) (lib.attrValues cfg); + systemd.services = lib.mapAttrs' (_: device: + lib.nameValuePair "drbd-${device.name}" { + after = [ "systemd-udev.settle.service" "network.target" ]; + wants = [ "systemd-udev.settle.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + RemainAfterExit = true; + ExecStart = pkgs.writers.writeDash "start-drbd-${device.name}" '' + set -efux + mkdir -p /var/lib/sync-containers2 + ${lib.optionalString (device.disk == "/dev/loop${toString device.blockMinor}") '' + if ! test -e /var/lib/sync-containers2/${device.name}.disk; then + truncate -s 10G /var/lib/sync-containers2/${device.name}.disk + fi + if ! ${pkgs.util-linux}/bin/losetup /dev/loop${toString device.blockMinor}; then + ${pkgs.util-linux}/bin/losetup /dev/loop${toString device.blockMinor} /var/lib/sync-containers2/${device.name}.disk + fi + ''} + if ! ${pkgs.drbd}/bin/drbdadm adjust ${device.name}; then + ${pkgs.drbd}/bin/drbdadm down ${device.name} + ${pkgs.drbd}/bin/drbdadm create-md ${device.name} + ${pkgs.drbd}/bin/drbdadm up ${device.name} + fi + ''; + ExecStop = pkgs.writers.writeDash "stop-drbd-${device.name}" '' + set -efux + ${pkgs.drbd}/bin/drbdadm -c ${device.drbdConfig} down ${device.name} + ${lib.optionalString (device.disk == "/dev/loop${toString device.blockMinor}") '' + ${pkgs.util-linux}/bin/losetup -d /dev/loop${toString device.blockMinor} + ''} + ''; + }; + } + ) cfg; + + + environment.etc."drbd.conf".text = '' + global { + usage-count yes; + } + + ${lib.concatMapStrings (device: /* shell */ '' + include ${device.drbdConfig}; + '') (lib.attrValues cfg)} + ''; + }; +} + |