summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/buildbot/master.nix11
-rw-r--r--krebs/3modules/makefu/default.nix30
-rw-r--r--krebs/5pkgs/go/default.nix6
-rw-r--r--krebs/5pkgs/haskell-overrides/megaparsec.nix20
-rw-r--r--krebs/5pkgs/newsbot-js/default.nix6
-rw-r--r--lass/1systems/prism.nix50
-rw-r--r--lass/1systems/uriel.nix6
-rw-r--r--lass/2configs/baseX.nix2
-rw-r--r--lass/2configs/buildbot-standalone.nix1
-rw-r--r--lass/2configs/exim-smarthost.nix2
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/repo-sync.nix1
-rw-r--r--lass/2configs/websites/domsen.nix2
-rw-r--r--lass/2configs/websites/lassulus.nix91
-rw-r--r--makefu/1systems/filepimp.nix5
-rw-r--r--makefu/1systems/gum.nix1
-rw-r--r--makefu/1systems/omo.nix1
-rw-r--r--makefu/1systems/wbob.nix4
-rw-r--r--makefu/1systems/wry.nix4
-rw-r--r--makefu/1systems/x.nix3
-rw-r--r--makefu/2configs/backup.nix8
-rw-r--r--makefu/2configs/base-gui.nix1
-rw-r--r--makefu/2configs/default.nix11
-rw-r--r--makefu/2configs/elchos/stats.nix96
-rw-r--r--makefu/2configs/filepimp-share.nix33
-rw-r--r--makefu/2configs/hw/tp-x220.nix2
-rw-r--r--makefu/2configs/hw/tp-x2x0.nix4
-rw-r--r--makefu/2configs/iodined.nix3
-rw-r--r--makefu/2configs/nginx/icecult.nix28
-rw-r--r--makefu/2configs/rad1o.nix2
-rw-r--r--makefu/2configs/solr.nix24
-rw-r--r--makefu/2configs/urlwatch.nix2
-rw-r--r--makefu/5pkgs/default.nix7
-rw-r--r--makefu/5pkgs/devpi/default.nix70
-rw-r--r--makefu/5pkgs/devpi/py3-fix-encoding.patch11
-rw-r--r--makefu/5pkgs/mergerfs/default.nix4
-rw-r--r--shared/2configs/default.nix4
-rw-r--r--shared/2configs/graphite.nix2
38 files changed, 431 insertions, 129 deletions
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index 5dde50ea4..bd17c3765 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -3,8 +3,15 @@
with config.krebs.lib;
let
- buildbot = pkgs.buildbot;
- buildbot-master-config = pkgs.writePython2 "buildbot-master.cfg" ''
+ # https://github.com/NixOS/nixpkgs/issues/14026
+ nixpkgs-fix = import (pkgs.fetchgit {
+ url = https://github.com/nixos/nixpkgs;
+ rev = "e026b5c243ea39810826e68362718f5d703fb5d0";
+ sha256 = "87e0724910a6df0371f883f99a8cf42e366fb4119f676f6f74ffb404beca2632";
+ }) {};
+
+ buildbot = nixpkgs-fix.buildbot;
+ buildbot-master-config = pkgs.writeText "buildbot-master.cfg" ''
# -*- python -*-
from buildbot.plugins import *
import re
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index f5190b6ba..e79e54aa6 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -374,8 +374,8 @@ with config.krebs.lib;
'';
};
};
- #ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch";
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH";
};
wbob = rec {
cores = 1;
@@ -512,6 +512,32 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
};
+ sdev = rec {
+ cores = 1;
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev";
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.83.237";
+ ip6.addr = "42:af50:99cf:c185:f1a8:14d5:acb:8101";
+ aliases = [
+ "sdev.retiolum"
+ "sdev.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA8BwHwQ4pLZpskVnQONJsmzRPll4ZKMjAC56sY5p+GfT9ZBMkVDn+
+ LeH9wuTRiX/ehgtBiyu8w37cz62hz/71H+3mnWJlTm9bbBTc5N0y8l9b+YYeExW4
+ XPm4bUbJWKNRG9tHQAns/OREYDsHLsY6UoyNFmB0wTDpgs7egDCoe7E2eT+pG428
+ ysCDYlaZaigOyW+bj/HFLj8FSfpF5C/ug7NE/D7QocadsRUiLtVYrJsfmT+KHWf+
+ f5rLWLvuFiz1SWf7wZ9sICF3RCaC9Qhz7zplgHbvwbOHtF+Z/6DxduRMkggZUsUD
+ nm+40Ex1XJTe+s4V4GKLgh/fDKBTS6JwewIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
# non-stockholm
diff --git a/krebs/5pkgs/go/default.nix b/krebs/5pkgs/go/default.nix
index fb8b65ea1..2871e5a99 100644
--- a/krebs/5pkgs/go/default.nix
+++ b/krebs/5pkgs/go/default.nix
@@ -1,9 +1,9 @@
-{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodePackages, nodejs }:
+{ stdenv, makeWrapper, callPackage, lib, buildEnv, fetchgit, nodePackages, nodejs }:
with lib;
let
- np = nodePackages.override {
+ np = (callPackage <nixpkgs/pkgs/top-level/node-packages.nix>) {
generated = ./packages.nix;
self = np;
};
@@ -18,7 +18,7 @@ let
ignoreCollisions = true;
};
-in nodePackages.buildNodePackage {
+in np.buildNodePackage {
name = "go";
src = fetchgit {
diff --git a/krebs/5pkgs/haskell-overrides/megaparsec.nix b/krebs/5pkgs/haskell-overrides/megaparsec.nix
deleted file mode 100644
index 5ade6006e..000000000
--- a/krebs/5pkgs/haskell-overrides/megaparsec.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ mkDerivation, base, bytestring, fetchzip, HUnit, mtl, QuickCheck
-, stdenv, test-framework, test-framework-hunit
-, test-framework-quickcheck2, text, transformers
-}:
-mkDerivation {
- pname = "megaparsec";
- version = "4.1.0";
- src = fetchzip {
- url = "https://hackage.haskell.org/package/megaparsec-4.1.0/megaparsec-4.1.0.tar.gz";
- sha256 = "1a1ka53a3r91lwnlvzaa8nyk1dxvfd1ij1i5x5vp83q2r9z9dcmi";
- };
- libraryHaskellDepends = [ base bytestring mtl text transformers ];
- testHaskellDepends = [
- base HUnit mtl QuickCheck test-framework test-framework-hunit
- test-framework-quickcheck2 transformers
- ];
- homepage = "https://github.com/mrkkrp/megaparsec";
- description = "Monadic parser combinators";
- license = stdenv.lib.licenses.bsd3;
-}
diff --git a/krebs/5pkgs/newsbot-js/default.nix b/krebs/5pkgs/newsbot-js/default.nix
index 9e4a51306..b52454ca4 100644
--- a/krebs/5pkgs/newsbot-js/default.nix
+++ b/krebs/5pkgs/newsbot-js/default.nix
@@ -1,9 +1,9 @@
-{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodePackages, nodejs }:
+{ stdenv, makeWrapper, callPackage, lib, buildEnv, fetchgit, nodePackages, nodejs }:
with lib;
let
- np = nodePackages.override {
+ np = (callPackage <nixpkgs/pkgs/top-level/node-packages.nix>) {
generated = ./packages.nix;
self = np;
};
@@ -21,7 +21,7 @@ let
ignoreCollisions = true;
};
-in nodePackages.buildNodePackage {
+in np.buildNodePackage {
name = "newsbot-js";
src = fetchgit {
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 51d106b5e..8b4f1d7a2 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -25,26 +25,6 @@ in {
../2configs/binary-cache/server.nix
../2configs/iodined.nix
{
- imports = [
- ../2configs/git.nix
- ];
- krebs.nginx.servers.cgit = {
- server-names = [
- "cgit.lassul.us"
- ];
- locations = [
- (nameValuePair "/.well-known/acme-challenge" ''
- root /var/lib/acme/challenges/cgit.lassul.us/;
- '')
- ];
- ssl = {
- enable = true;
- certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
- certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem";
- };
- };
- }
- {
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
# Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
@@ -164,7 +144,6 @@ in {
users.users.chat.openssh.authorizedKeys.keys = [
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHF9tijlMoEevRZCG1AggukxWggfxPHUwg6Ye113ODG6PZ2m98oSmnsjixDy4GfIJjy+8HBbkwS6iH+fsNk86QtAgFNMjBl+9YvEzNRBzcyCqdOkZFvvZvV2oYA7I15il4ln62PDPKjEIS3YPhZPSwc6GhrlsFTnIG56NF/93IhF7R/FA== JuiceSSH"
config.krebs.users.lass-uriel.pubkey
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQ8DJhHAqmdrB2+qkV/OuKjR4QDXUww2TWItyDrs+/6F58WacMozgaZr2goA5JQJ5d19nC3LzYb4yLGguADsp987I6cAu5iXPT5PHKc0eRWDN+AGlpTgUtN1BvVrnJZaUJrR9WlHhFYlkOkzAsB15fKYciVWsyxBCVZ+3oiTEjs2L/sfbrgailWqHIUWDftUnJx8EFmSUVZ2GZWklMcgBo0FJD1i0x5u2dQGguNY+28DzQmKgUMS+xD/uUZvrFIWr9I6CBqhsuHJo8n85BT3B3QdG8ARLt5FKPr5L3My6UjlxOkKrDNLjJFjERFCsuIxnrO3tQhvKXQYlOyskHokocYSdcIq8svghJLA3kmRYIjHjZ4y1BNENsk79WyYNMAi5y+A0Evmu+g3ks/DiW3vI/Sw/D3Uc7ilbImpaoL5qUC4+WZM3J2b3Z1AU5D1QiojpKkB9Qt1bokCm8hrRCG9ZDKqAD6IqmI1ARRjfgA4zKwKUhmMqG4p55YGGVf9OeK0rXgX0Z2InyFXeBaU2aBcDfdKD/65w5MnC9CsJnjELdd4r9u2ugTPExzOo3WUlNuOTB1WoZ8CiY2OVGle/E/MzKUDfGuIFhUsFeX0YcLHPbo+mesISNUPaeadSuMuHE8W4FOeEq51toBo/gkxgjtqqWMOd9SxnDQTMBKq3L/w7nEQ== lass@mors"
];
}
{
@@ -174,6 +153,7 @@ in {
imports = [
../2configs/websites/wohnprojekt-rhh.de.nix
../2configs/websites/domsen.nix
+ ../2configs/websites/lassulus.nix
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
@@ -186,34 +166,6 @@ in {
};
}
{
- security.acme = {
- certs."lassul.us" = {
- email = "lass@lassul.us";
- webroot = "/var/lib/acme/challenges/lassul.us";
- plugins = [
- "account_key.json"
- "key.pem"
- "fullchain.pem"
- "full.pem"
- ];
- allowKeysForGroup = true;
- group = "lasscert";
- };
- };
- users.groups.lasscert.members = [
- "dovecot2"
- "ejabberd"
- "exim"
- "nginx"
- ];
- krebs.nginx.servers."lassul.us" = {
- server-names = [ "lassul.us" ];
- locations = [
- (lib.nameValuePair "/.well-known/acme-challenge" ''
- root /var/lib/acme/challenges/lassul.us/;
- '')
- ];
- };
lass.ejabberd = {
enable = true;
hosts = [ "lassul.us" ];
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index aa5286ae0..e1417c83d 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -9,6 +9,7 @@ with config.krebs.lib;
../2configs/exim-retiolum.nix
{
# locke config
+ i18n.defaultLocale ="de_DE.UTF-8";
time.timeZone = "Europe/Berlin";
services.xserver.enable = true;
users.users.locke = {
@@ -28,6 +29,7 @@ with config.krebs.lib;
systemWide = true;
};
environment.systemPackages = with pkgs; [
+ pavucontrol
firefox
hexchat
networkmanagerapplet
@@ -51,8 +53,8 @@ with config.krebs.lib;
#loader.grub.version = 2;
#loader.grub.device = "/dev/sda";
- loader.gummiboot.enable = true;
- loader.gummiboot.timeout = 5;
+ loader.systemd-boot.enable = true;
+ loader.timeout = 5;
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 2649ecab9..4b05e3296 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -49,6 +49,8 @@ in {
mpv-poll
yt-next
+
+ youtube-tools
#window manager stuff
#haskellPackages.xmobar
#haskellPackages.yeganesh
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 2fc3d3732..628fdf61f 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -172,7 +172,6 @@ in {
"hashPassword",
"haskellPackages.blessings",
"haskellPackages.email-header",
- "haskellPackages.megaparsec",
"haskellPackages.scanner",
"haskellPackages.xmonad-stockholm",
"krebspaste",
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 00a3612fd..3ed8be77f 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -29,6 +29,8 @@ with config.krebs.lib;
{ from = "finanzamt@lassul.us"; to = lass.mail; }
{ from = "netzclub@lassul.us"; to = lass.mail; }
{ from = "nebenan@lassul.us"; to = lass.mail; }
+ { from = "feed@lassul.us"; to = lass.mail; }
+ { from = "art@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 6e9138b61..73c96e876 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "354fd3728952c229fee4f2924737c601d7ab4725";
+ ref = "b8ede35d2efa96490857c22c751e75d600bea44f";
};
}
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index 027f31fe0..eae583a84 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -92,6 +92,7 @@ in {
(sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger")
(sync-remote "xintmap" "https://github.com/4z3/xintmap")
(sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
+ (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog")
(sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
(sync-retiolum "go")
(sync-retiolum "much")
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index e05f40d97..3a3e60d39 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -191,7 +191,7 @@ in {
server_set_id = $auth1
'';
internet-aliases = [
- { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
+ { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
];
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
new file mode 100644
index 000000000..04c19fad0
--- /dev/null
+++ b/lass/2configs/websites/lassulus.nix
@@ -0,0 +1,91 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+ inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ genid
+ ;
+
+in {
+ imports = [
+ ../git.nix
+ ];
+
+ security.acme = {
+ certs."lassul.us" = {
+ email = "lass@lassul.us";
+ webroot = "/var/lib/acme/challenges/lassul.us";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ "full.pem"
+ ];
+ allowKeysForGroup = true;
+ group = "lasscert";
+ };
+ certs."cgit.lassul.us" = {
+ email = "lassulus@gmail.com";
+ webroot = "/var/lib/acme/challenges/cgit.lassul.us";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ ];
+ group = "nginx";
+ allowKeysForGroup = true;
+ };
+ };
+
+ users.groups.lasscert.members = [
+ "dovecot2"
+ "ejabberd"
+ "exim"
+ "nginx"
+ ];
+
+ krebs.nginx.servers."lassul.us" = {
+ server-names = [ "lassul.us" ];
+ locations = [
+ (nameValuePair "/" ''
+ root /srv/http/lassul.us;
+ '')
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/lassul.us/;
+ '')
+ ];
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/lassul.us/fullchain.pem";
+ certificate_key = "/var/lib/acme/lassul.us/key.pem";
+ };
+ };
+
+ krebs.nginx.servers.cgit = {
+ server-names = [
+ "cgit.lassul.us"
+ ];
+ locations = [
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/cgit.lassul.us/;
+ '')
+ ];
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
+ certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem";
+ };
+ };
+
+ users.users.blog = {
+ uid = genid "blog";
+ description = "lassul.us blog deployment";
+ home = "/srv/http/lassul.us";
+ useDefaultShell = true;
+ createHome = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
+ };
+}
+
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index 4037f693d..0fabf6d93 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -24,7 +24,9 @@ in {
../2configs/fs/single-partition-ext4.nix
../2configs/smart-monitor.nix
../2configs/tinc/retiolum.nix
+ ../2configs/filepimp-share.nix
];
+
krebs.build.host = config.krebs.hosts.filepimp;
# AMD N54L
boot = {
@@ -76,6 +78,9 @@ in {
(xfsmount "j2" (part1 jDisk2)) //
(xfsmount "par0" (part1 jDisk3))
;
+
+ networking.firewall.trustedInterfaces = [ primary-interface ];
+
services.wakeonlan.interfaces = [
{
interface = primary-interface;
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 401ec6093..20731c847 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -22,6 +22,7 @@ in {
../2configs/tinc/retiolum.nix
../2configs/urlwatch.nix
../2configs/torrent.nix
+ ../2configs/graphite-standalone.nix
../2configs/sabnzbd.nix
../2configs/opentracker.nix
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 71fb85ff6..2e09e345e 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -44,6 +44,7 @@ in {
../2configs/fs/sda-crypto-root.nix
../2configs/zsh-user.nix
../2configs/urlwatch.nix
+ ../2configs/backup.nix
../2configs/exim-retiolum.nix
../2configs/smart-monitor.nix
../2configs/mail-client.nix
diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix
index ff176edd9..184f74147 100644
--- a/makefu/1systems/wbob.nix
+++ b/makefu/1systems/wbob.nix
@@ -55,6 +55,10 @@ in {
# rt2870 with nonfree creates wlp2s0 from wlp0s20u2
# not explicitly setting the interface results in wpa_supplicant to crash
networking.wireless.interfaces = [ "wlp2s0" ];
+ networking.interfaces.virbr1.ip4 = [{
+ address = "10.8.8.11";
+ prefixLength = 24;
+ }];
# nuc hardware
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index 81cd362e6..238b740a6 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -16,13 +16,15 @@ in {
../2configs/bepasty-dual.nix
../2configs/iodined.nix
-
+ ../2configs/backup.nix
# other nginx
../2configs/nginx/euer.wiki.nix
../2configs/nginx/euer.blog.nix
../2configs/nginx/euer.test.nix
+ #../2configs/elchos/stats.nix
+
# collectd
# ../2configs/collectd/collectd-base.nix
diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index 0243856ab..00eca87c4 100644
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@@ -63,11 +63,10 @@
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
- networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 ];
+ networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
networking.firewall.allowedUDPPorts = [ 665 26061 ];
krebs.build.host = config.krebs.hosts.x;
- krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11";
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix
index 6f79ed4f4..57fd7a64d 100644
--- a/makefu/2configs/backup.nix
+++ b/makefu/2configs/backup.nix
@@ -1,6 +1,10 @@
{ config, lib, ... }:
with config.krebs.lib;
let
+ # preparation:
+ # mkdir -p defaultBackupDir/host.name/src
+ # as root on omo:
+ # ssh-copy-id root@src
startAt = "0,6,12,18:00";
defaultBackupServer = config.krebs.hosts.omo;
defaultBackupDir = "/home/backup";
@@ -12,7 +16,7 @@ let
};
dst = {
host = defaultBackupServer;
- path = defaultBackupDir + src;
+ path = "${defaultBackupDir}/${host.name}${src}";
};
startAt = "0,6,12,18:00";
snapshots = {
@@ -25,6 +29,6 @@ let
};
in {
krebs.backup.plans = {
- wry-to-omo_var-www = defaultPull wry "/var/www";
+ wry-to-omo_var-www = defaultPull config.krebs.hosts.wry "/";
};
}
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index b039c12ca..cbc3efbac 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -82,7 +82,6 @@ in
URxvt.perl-ext: default,url-select
URxvt.keysym.M-u: perl:url-select:select_next
- #URxvt.url-select.launcher: firefox -new-tab
URxvt.url-select.launcher: chromium
URxvt.url-select.underline: true
URxvt.searchable-scrollback: CM-s
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index a7c2a983e..56a87d7af 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -21,10 +21,13 @@ with config.krebs.lib;
search-domain = "retiolum";
build = {
user = config.krebs.users.makefu;
- source = let inherit (config.krebs.build) host user; in {
+ source = let
+ inherit (config.krebs.build) host user;
+ ref = "b8ede35"; # stable @ 2016-10-19
+ in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
- { # stable @ 2016-07-20
- git = { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; };
+ {
+ git = { url = https://github.com/nixos/nixpkgs; inherit ref; };
}
else
# TODO use http, once it is implemented
@@ -32,7 +35,7 @@ with config.krebs.lib;
## prepare so we do not have to wait for rsync:
## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs
- { file = "/home/makefu/store/125ffff";};
+ { file = "/home/makefu/store/${ref}";};
secrets.file =
if getEnv "dummy_secrets" == "true"
then toString <stockholm/makefu/6tests/data/secrets>
diff --git a/makefu/2configs/elchos/stats.nix b/makefu/2configs/elchos/stats.nix
new file mode 100644
index 000000000..0282b04cf
--- /dev/null
+++ b/makefu/2configs/elchos/stats.nix
@@ -0,0 +1,96 @@
+{ config, lib, pkgs, ... }:
+
+# graphite-web on port 8080
+# carbon cache on port 2003 (tcp/udp)
+with config.krebs.lib;
+let
+ sec = toString <secrets>;
+ acmepath = "/var/lib/acme/";
+ acmechall = acmepath + "/challenges/";
+ ext-dom = "stats.nsupdate.info";
+ #ssl_cert = "${sec}/wildcard.krebsco.de.crt";
+ #ssl_key = "${sec}/wildcard.krebsco.de.key";
+ ssl_cert = "${acmepath}/${ext-dom}/fullchain.pem";
+ ssl_key = "${acmepath}/${ext-dom}/key.pem";
+in {
+ networking.firewall = {
+ allowedTCPPorts = [ 2003 80 443 ];
+ allowedUDPPorts = [ 2003 ];
+ };
+
+ services.grafana = {
+ enable = true;
+ addr = "127.0.0.1";
+ extraOptions = { "AUTH_ANONYMOUS_ENABLED" = "true"; };
+ users.allowSignUp = false;
+ users.allowOrgCreate = false;
+ users.autoAssignOrg = false;
+ security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
+ };
+ krebs.nginx = {
+ enable = true;
+ servers.elch-stats = {
+ server-names = [ ext-dom ];
+ listen = [ "80" "443 ssl" ];
+ ssl = {
+ enable = true;
+ # these certs will be needed if acme has not yet created certificates:
+ certificate = ssl_cert;
+ certificate_key = ssl_key;
+ force_encryption = true;
+ };
+
+ locations = [
+ (nameValuePair "/" ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_pass http://localhost:3000/;
+ '')
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root ${acmechall}/${ext-dom}/;
+ '')
+ ];
+ };
+ };
+
+ security.acme.certs."${ext-dom}" = {
+ email = "acme@syntax-fehler.de";
+ webroot = "${acmechall}/${ext-dom}/";
+ group = "nginx";
+ allowKeysForGroup = true;
+ postRun = "systemctl reload nginx.service";
+ extraDomains."${ext-dom}" = null ;
+ };
+
+ services.graphite = {
+ web = {
+ enable = true;
+ host = "127.0.0.1";
+ port = 8080;
+ };
+ carbon = {
+ enableCache = true;
+ # save disk usage by restricting to 1 bulk update per second
+ config = ''
+ [cache]
+ MAX_CACHE_SIZE = inf
+ MAX_UPDATES_PER_SECOND = 1
+ MAX_CREATES_PER_MINUTE = 500
+ '';
+ storageSchemas = ''
+ [carbon]
+ pattern = ^carbon\.
+ retentions = 60:90d
+
+ [elchos]
+ patterhn = ^elchos\.
+ retention = 10s:30d,60s:1y
+
+ [default]
+ pattern = .*