diff options
32 files changed, 251 insertions, 130 deletions
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 21ae20ea0..4d0c0ffa5 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -26,9 +26,13 @@ in <stockholm/krebs/2configs/shack/share.nix> { systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate - #systemd.services.telegraf.environment = { - # "MIBDIRS" : ""; # extra mibs like ADSL - #}; + systemd.services.telegraf.environment = { + MIBDIRS = pkgs.fetchgit { + url = "http://git.shackspace.de/makefu/modem-mibs.git"; + sha256 = + "a4244aa43ddd6e3ef9e64bb80f4ee952f68232aa008d3da9c78e3b627e5675c8"; + }; # extra mibs like ADSL + }; services.telegraf = { enable = true; extraConfig = { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 401cba97a..29f188bbe 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -5,7 +5,7 @@ with import <stockholm/lib>; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { cake = rec { - cores = 1; + cores = 4; ci = false; nets = { retiolum = { @@ -545,8 +545,8 @@ with import <stockholm/lib>; }; nets = rec { internet = { - ip4.addr = "188.68.40.19"; - ip6.addr = "2a03:4000:17:2df::1"; + ip4.addr = "185.194.143.140"; + ip6.addr = "2a03:4000:1c:43f::1"; aliases = [ "gum.i" ]; diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index 472accef9..b7ef824b5 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -38,12 +38,12 @@ let ${optionalString (cfg.enableXMLRPC ) '' # prepare socket and set permissions. rtorrent user is part of group nginx # TODO: configure a shared torrent group - execute_nothrow = rm,${cfg.xmlrpc-socket} + execute.nothrow = rm,${cfg.xmlrpc-socket} scgi_local = ${cfg.xmlrpc-socket} schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"ug+w,o=\",${cfg.xmlrpc-socket}" ''} - system.file_allocate.set = ${if cfg.preAllocate then "yes" else "no"} + system.file.allocate.set = ${if cfg.preAllocate then "yes" else "no"} # Prepare systemd logging log.open_file = "rtorrent-systemd", ${systemd-logfile} diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix new file mode 100644 index 000000000..f5e1bbff3 --- /dev/null +++ b/krebs/5pkgs/simple/internetarchive/default.nix @@ -0,0 +1,38 @@ +{ pkgs, fetchFromGitHub, ... }: +with pkgs.python3Packages; +buildPythonPackage rec { + pname = "internetarchive"; + version = "1.7.3"; + name = "${pname}-${version}"; + propagatedBuildInputs = [ + requests + jsonpatch + docopt + clint + six + schema + backports_csv + ]; + +# check only works when cloned from git repo + doCheck = false; + checkInputs = [ + pytest + responses + ]; + + prePatch = '' + sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py + ''; + + src = fetchPypi { + inherit pname version; + sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g"; + }; + + meta = with stdenv.lib; { + description = "python library and cli for uploading files to internet archive"; + license = licenses.agpl3; + }; + +} diff --git a/krebs/5pkgs/simple/slog/default.nix b/krebs/5pkgs/simple/slog/default.nix new file mode 100644 index 000000000..c74a2ad80 --- /dev/null +++ b/krebs/5pkgs/simple/slog/default.nix @@ -0,0 +1,26 @@ +{ pkgs, stdenv, fetchFromGitHub }: + +## use with: +# . $(command -v slog.sh) +stdenv.mkDerivation rec { + name = "slog-${version}"; + version = "2017-10-27"; + + src = fetchFromGitHub { + owner = "makefu"; + repo = "slog"; + rev = "50367c3"; + sha256 = "16wlh8xz430101lrxmgl2wangbbhvyj4pg8k5aibnh76sgj6x77r"; + }; + + installPhase = '' + mkdir -p $out/bin + install -m755 slog.sh $out/bin + ''; + + meta = with stdenv.lib; { + description = "POSIX shell logging"; + license = licenses.mit; + }; + +} diff --git a/krebs/source.nix b/krebs/source.nix index 09edc817b..39a388e03 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString <stockholm>; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "07ca7b64d2ff2fa7a79e4eab1aba70ff746fed8c"; # nixos-17.09 @ 2017-10-02 + ref = "0c5a587eeba5302ff87e494baefd2f14f4e19bee"; # nixos-17.09 @ 2017-11-10 }; } diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 70aa3832d..c64789d8d 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -105,6 +105,8 @@ with import <stockholm/lib>; { output = "DP-2"; primary = true; } ]; + networking.hostName = lib.mkForce "BLN02NB0162"; + security.pki.certificateFiles = [ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) @@ -117,4 +119,12 @@ with import <stockholm/lib>; ]; lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; + + programs.adb.enable = true; + users.users.mainUser.extraGroups = [ "adbusers" ]; + + services.printing = { + enable = true; + drivers = [ pkgs.postscript-lexmark ]; + }; } diff --git a/lass/2configs/audit.nix b/lass/2configs/audit.nix deleted file mode 100644 index 644741a5b..000000000 --- a/lass/2configs/audit.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - security.audit = { - rules = [ - "-a task,never" - ]; - }; -} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 180647a6d..f8b750093 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,7 +2,6 @@ with import <stockholm/lib>; { imports = [ - ../2configs/audit.nix ../2configs/binary-cache/client.nix ../2configs/gc.nix ../2configs/mc.nix diff --git a/lass/source.nix b/lass/source.nix index 4849cadcc..d0f77573d 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "6a0a00d"; + ref = "0c5a587"; }; secrets.file = getAttr builder { buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>; diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix index c287c28df..1a617e52d 100644 --- a/makefu/1systems/cake/config.nix +++ b/makefu/1systems/cake/config.nix @@ -6,9 +6,6 @@ # configure your hw: # <stockholm/makefu/2configs/save-diskspace.nix> ]; - users.extraUsers.root.openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - ]; krebs = { enable = true; tinc.retiolum.enable = true; @@ -23,6 +20,7 @@ programs.man.enable = false; services.nixosManual.enable = false; boot.tmpOnTmpfs = lib.mkForce false; + sound.enable = false; hardware.enableRedistributableFirmware = true; hardware.firmware = [ diff --git a/makefu/1systems/darth/config.nix b/makefu/1systems/darth/config.nix index 7accb13d3..046c1574c 100644 --- a/makefu/1systems/darth/config.nix +++ b/makefu/1systems/darth/config.nix @@ -2,6 +2,8 @@ with import <stockholm/lib>; let + # all the good stuff resides in /data + byid = dev: "/dev/disk/by-id/" + dev; rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN"; bootPart = rootDisk + "-part1"; @@ -21,44 +23,23 @@ in { <stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tools/core.nix> <stockholm/makefu/2configs/stats/client.nix> - <stockholm/makefu/2configs/nsupdate-data.nix> - - # SIEM - #<stockholm/makefu/2configs/tinc/siem.nix> - # {services.tinc.networks.siem = { - # name = "sdarth"; - # extraConfig = "ConnectTo = sjump"; - # }; - # } + # <stockholm/makefu/2configs/nsupdate-data.nix> - # { - # makefu.forward-journal = { - # enable = true; - # src = "10.8.10.2"; - # dst = "10.8.10.6"; - # }; - # } - - ## Sharing - # <stockholm/makefu/2configs/share/temp-share-samba.nix> - #{ - # services.samba.shares = { - # isos = { - # path = "/data/isos/"; - # "read only" = "yes"; - # browseable = "yes"; - # "guest ok" = "yes"; - # }; - # }; - #} <stockholm/makefu/2configs/share/anon-ftp.nix> + + # lan party + <stockholm/makefu/2configs/lanparty/lancache.nix> + <stockholm/makefu/2configs/lanparty/lancache-dns.nix> + <stockholm/makefu/2configs/lanparty/samba.nix> + <stockholm/makefu/2configs/lanparty/mumble-server.nix> + <stockholm/makefu/2configs/virtualisation/libvirt.nix> ]; #networking.firewall.enable = false; makefu.server.primary-itf = "enp0s25"; - krebs.hidden-ssh.enable = true; + # krebs.hidden-ssh.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index e769b1e22..98d5d2988 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -2,16 +2,22 @@ with import <stockholm/lib>; let - external-mac = "3a:66:48:8e:82:b2"; + # hw-specific + external-mac = "2a:c5:6e:d2:fc:7f"; + main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + external-gw = "185.194.140.1"; + # single partition, label "nixos" + # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate + + + # static external-ip = config.krebs.build.host.nets.internet.ip4.addr; external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; - external-gw = "188.68.40.1"; external-gw6 = "fe80::1"; external-netmask = 22; external-netmask6 = 64; - ext-if = "et0"; # gets renamed on the fly internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + ext-if = "et0"; # gets renamed on the fly in { imports = [ <stockholm/makefu> @@ -19,6 +25,7 @@ in { <stockholm/makefu/2configs/headless.nix> <stockholm/makefu/2configs/fs/single-partition-ext4.nix> # <stockholm/makefu/2configs/smart-monitor.nix> + <stockholm/makefu/2configs/git/cgit-retiolum.nix> <stockholm/makefu/2configs/backup.nix> # <stockholm/makefu/2configs/mattermost-docker.nix> @@ -76,7 +83,7 @@ in { # <stockholm/makefu/2configs/logging/client.nix> # Temporary: - <stockholm/makefu/2configs/temp/rst-issue.nix> + # <stockholm/makefu/2configs/temp/rst-issue.nix> ]; makefu.dl-dir = "/var/download"; diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix index 3b06660c6..5352b029f 100644 --- a/makefu/1systems/latte/config.nix +++ b/makefu/1systems/latte/config.nix @@ -18,7 +18,7 @@ in { # Security <stockholm/makefu/2configs/sshd-totp.nix> - <stockholm/makefu/2configs/stats/client.nix> + # <stockholm/makefu/2configs/stats/client.nix> # Tools <stockholm/makefu/2configs/tools/core.nix> diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index a22ff10bd..1d157460b 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -82,7 +82,7 @@ in { # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload # Temporary: - <stockholm/makefu/2configs/temp/rst-issue.nix> + # <stockholm/makefu/2configs/temp/rst-issue.nix> ]; makefu.full-populate = true; makefu.server.primary-itf = primaryInterface; diff --git a/makefu/1systems/tsp/config.nix b/makefu/1systems/tsp/config.nix index 75a11d3a7..7b751e514 100644 --- a/makefu/1systems/tsp/config.nix +++ b/makefu/1systems/tsp/config.nix @@ -1,20 +1,20 @@ # # # -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { imports = [ # Include the results of the hardware scan. <stockholm/makefu> - <stockholm/makefu/2configs/gui/base.nix> + <stockholm/makefu/2configs/main-laptop.nix> + <stockholm/makefu/2configs/tools/all.nix> <stockholm/makefu/2configs/fs/sda-crypto-root.nix> # hardware specifics are in here # imports tp-x2x0.nix - <stockholm/makefu/2configs/hw/tp-x200.nix> + # <stockholm/makefu/2configs/hw/tp-x200.nix> - <stockholm/makefu/2configs/disable_v6.nix> - <stockholm/makefu/2configs/rad1o.nix> + # <stockholm/makefu/2configs/rad1o.nix> <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/exim-retiolum.nix> @@ -22,9 +22,41 @@ ]; # not working in vm krebs.build.host = config.krebs.hosts.tsp; + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; + boot.loader.grub.copyKernels = true; networking.firewall.allowedTCPPorts = [ 25 ]; + # acer aspire + networking.wireless.enable = lib.mkDefault true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.cpu.intel.updateMicrocode = true; + + zramSwap.enable = true; + zramSwap.numDevices = 2; + + services.tlp.enable = true; + services.tlp.extraConfig = '' + # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery + START_CHARGE_THRESH_BAT0=67 + STOP_CHARGE_THRESH_BAT0=100 + + + CPU_SCALING_GOVERNOR_ON_AC=performance + CPU_SCALING_GOVERNOR_ON_BAT=ondemand + CPU_MIN_PERF_ON_AC=0 + CPU_MAX_PERF_ON_AC=100 + CPU_MIN_PERF_ON_BAT=0 + CPU_MAX_PERF_ON_BAT=30 + ''; + + powerManagement.resumeCommands = '' + ${pkgs.rfkill}/bin/rfkill unblock all + ''; + } diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 3a53b70cb..ac51fd9ca 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -24,9 +24,12 @@ in { # <stockholm/makefu/2configs/audio/jack-on-pulse.nix> # <stockholm/makefu/2configs/audio/realtime-audio.nix> # <stockholm/makefu/2configs/vncserver.nix> - <stockholm/makefu/2configs/temp/rst-issue.nix> + # Services <stockholm/makefu/2configs/remote-build/slave.nix> + + # temporary + # <stockholm/makefu/2configs/temp/rst-issue.nix> ]; krebs = { diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index f7db75564..1dd1a070f 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -23,8 +23,6 @@ with import <stockholm/lib>; # <stockholm/makefu/2configs/deployment/wiki-irc-bot> # <stockholm/makefu/2configs/torrent.nix> - # <stockholm/makefu/2configs/lanparty/lancache.nix> - # <stockholm/makefu/2configs/lanparty/lancache-dns.nix> # <stockholm/makefu/2configs/deployment/dirctator.nix> # <stockholm/makefu/2configs/vncserver.nix> # <stockholm/makefu/2configs/deployment/led-fader> @@ -64,7 +62,7 @@ with import <stockholm/lib>; <stockholm/makefu/2configs/hw/rtl8812au.nix> <stockholm/makefu/2configs/hw/exfat-nofuse.nix> <stockholm/makefu/2configs/hw/wwan.nix> - <stockholm/makefu/2configs/hw/stk1160.nix> + # <stockholm/makefu/2configs/hw/stk1160.nix> # <stockholm/makefu/2configs/rad1o.nix> # Filesystem @@ -75,6 +73,11 @@ with import <stockholm/lib>; { programs.adb.enable = true; } + # temporary + # <stockholm/makefu/2configs/lanparty/lancache.nix> + # <stockholm/makefu/2configs/lanparty/lancache-dns.nix> + # <stockholm/makefu/2configs/lanparty/samba.nix> + # <stockholm/makefu/2configs/lanparty/mumble-server.nix> ]; @@ -84,7 +87,6 @@ with import <stockholm/lib>; nixpkgs.config.allowUnfree = true; - environment.systemPackages = [ pkgs.passwdqc-utils ]; # configure pulseAudio to provide a HDMI sink as well @@ -102,4 +104,7 @@ with import <stockholm/lib>; ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; + + nix.package = pkgs.nixUnstable; + environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; } diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix index 166365ba0..a4d02af6b 100644 --- a/makefu/2configs/backup.nix +++ b/makefu/2configs/backup.nix @@ -31,6 +31,19 @@ in { krebs.backup.plans = { # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; gum-to-omo_root = defaultPull config.krebs.hosts.gum "/"; + gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )// + { + dst.path = "/media/cryptX/backup/gum/var-download"; + dst.host = defaultBackupServer; + startAt = "19:00"; + }; + gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )// + { + dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de"; + dst.host = defaultBackupServer; + + startAt = "05:00"; + }; # wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/"; }; environment.systemPackages = [ diff --git a/makefu/2configs/temp/elkstack.nix b/makefu/2configs/deployment/scrape/elkstack.nix index c6bf1c6d8..c6bf1c6d8 100644 --- a/makefu/2configs/temp/elkstack.nix +++ b/makefu/2configs/deployment/scrape/elkstack.nix diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix deleted file mode 100644 index b3a9e1a5a..000000000 --- a/makefu/2configs/hw/stk1160.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: -{ - # TODO: un-pin linuxPackages somehow - boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages; - nixpkgs.config.packageOverrides = pkgs: { - linux_4_9 = pkgs.linux_4_9.override { - extraConfig = '' - MEDIA_ANALOG_TV_SUPPORT y - VIDEO_STK1160_COMMON m - VIDEO_STK1160_AC97 y - VIDEO_STK1160 m - ''; - }; - }; -} diff --git a/makefu/2configs/lanparty/lancache-dns.nix b/makefu/2configs/lanparty/lancache-dns.nix index 4b4ebf0a0..c9da7c4c4 100644 --- a/makefu/2configs/lanparty/lancache-dns.nix +++ b/makefu/2configs/lanparty/lancache-dns.nix @@ -1,6 +1,19 @@ { pkgs, lib, config, ... }: with import <stockholm/lib>; let + upstream-server = "8.8.8.8"; + # make sure the router pins the ip address to the deployed host + # and set it as dns server ( dhcp option 6,192.168.10.10 ) + local_ip = "192.168.10.10"; + + extra-config = pkgs.writeText "local.conf" '' + server: + local-data: "piratebox. A ${local_ip}" + local-data: "store. A ${local_ip}" + local-data: "share. A ${local_ip}" + ''; + + # see https://github.com/zeropingheroes/lancache for full docs lancache-dns = pkgs.stdenv.mkDerivation rec { name = "lancache-dns-2017-06-28"; @@ -11,8 +24,9 @@ let rev = "420aa62"; sha256 = "0ik7by7ripdv2avyy5kk9jp1i7rz9ksc8xmg7n9iik365q9pv94m"; }; + phases = [ "unpackPhase" "installPhase" ]; - # here we can chance to edit `includes/proxy-cache-paths.conf` + # here we have the chance to edit `includes/proxy-cache-paths.conf` installPhase = '' mkdir -p $out cp -r * $out/ @@ -20,7 +34,6 @@ let }; stateDir = "/var/lib/unbound"; user = "unbound"; - upstream-server = "8.8.8.8"; in { services.unbound = { enable = true; @@ -29,6 +42,7 @@ in { forwardAddresses = [ upstream-server ]; extraConfig = '' include: "${stateDir}/lancache/*.conf" + include: "${extra-config}" ''; }; services.dnscrypt-proxy.enable = lib.mkForce false; @@ -42,7 +56,8 @@ in { path = [ pkgs.gawk pkgs.iproute pkgs.gnused ]; script = '' set -xeu - current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}') + # current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}') + current_ip=${local_ip} old_ip=10.1.1.250 mkdir -p ${stateDir} rm -rvf ${stateDir}/lancache diff --git a/makefu/2configs/lanparty/lancache.nix b/makefu/2configs/lanparty/lancache.nix index 3df2e3f59..bcacf2e15 100644 --- a/makefu/2configs/lanparty/lancache.nix +++ b/makefu/2configs/lanparty/lancache.nix @@ -17,15 +17,21 @@ let installPhase = '' mkdir -p $out cp -r * $out/ + rm $out/caches-enabled/* sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \ -e '1 idaemon off;' \ + -e 's#/var/lancache#${cfg.statedir}#g' \ $out/nginx.conf + sed -i -e 's#/var/lancache#${cfg.statedir}#g' \ + $out/*/*.conf + ln -s $out/caches-available/* $out/caches-enabled/ ''; }; cfg = { + statedir = "/data/cache"; + group = "nginx-lancache"; user = "nginx-lancache"; - statedir = "/var/lancache"; package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{ configureFlags = old.configureFlags ++ [ "--with-http_slice_module" @@ -43,6 +49,7 @@ in { preStart = '' mkdir -p ${cfg.statedir} && cd ${cfg.statedir} + chmod 700 ${cfg.statedir} PATH_CACHE=$PATH_BASE/cache PATH_LOGS=$PATH_BASE/logs diff --git a/makefu/2configs/lanparty/mumble-server.nix b/makefu/2configs/lanparty/mumble-server.nix new file mode 100644 index 000000000..5b9631cd1 --- /dev/null +++ b/makefu/2configs/lanparty/mumble-server.nix @@ -0,0 +1,12 @@ +{ config, ... }: +{ + networking.firewall.allowedTCPPorts = [ 64738 ]; + networking.firewall.allowedUDPPorts = [ 64738 ]; + services.murmur = { + enable = true; + welcometext = "Welcome to the LANest Party mumble server"; + bonjour = true; + hostName = "0.0.0.0"; + sendVersion = true; + }; +} diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index de834ab16..4176d7b35 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -10,9 +10,16 @@ }; services.samba = { enable = true; + enableNmbd = true; shares = { - share-home = { + lanparty = { path = "/data/lanparty/"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + share = { + path = "/data/incoming"; "read only" = "no"; browseable = "yes"; "guest ok" = "yes"; diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix index 8a15ae2e7..7e9a459c3 100644 --- a/makefu/2configs/tools/core.nix +++ b/makefu/2configs/tools/core.nix @@ -5,38 +5,44 @@ # # essentially `nix-env -q` of the main user { - krebs.per-user.makefu.packages = with pkgs; [ + environment.systemPackages = with pkgs; [ at_spi2_core acpi bc rsync exif file + lsof + which + binutils + # fs - ntfs3g + cifs-utils dosfstools + ntfs3g + smartmontools + + # io pv < |