diff options
27 files changed, 400 insertions, 506 deletions
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 9ea4cbf8d..1f966bf24 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -184,7 +184,7 @@ exit 1 fi twitter_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - echo "brockman: add tw_$twitter_nick http://rss.r/?action=display&bridge=Twitch&channel=$twitter_nick&type=all&format=Atom" + echo "brockman: add tw_$twitter_nick http://rss.r/?action=display&bridge=Twitter&context=By+username&u=$twitter_nick&norep=on&noretweet=on&nopinned=on&nopic=on&format=Atom" ''; search.filename = pkgs.writeDash "search" '' set -euf diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index fc57d8188..2d73da884 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -46,7 +46,6 @@ let ./realwallpaper.nix ./repo-sync.nix ./retiolum-bootstrap.nix - ./rtorrent.nix ./secret.nix ./setuid.nix ./shadow.nix diff --git a/krebs/3modules/external/kmein.nix b/krebs/3modules/external/kmein.nix index 1e4a68057..4605fbdf0 100644 --- a/krebs/3modules/external/kmein.nix +++ b/krebs/3modules/external/kmein.nix @@ -63,6 +63,7 @@ in "names.kmein.r" "graph.r" "rrm.r" + "redaktion.r" ]; ip4.addr = "10.243.2.84"; tinc.pubkey = '' diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index f87802b45..68484a102 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -148,6 +148,46 @@ in { }; }; }; + latte = rec { + ci = true; + extraZones = { + "krebsco.de" = '' + latte.euer IN A ${nets.internet.ip4.addr} + rss.euer IN A ${nets.internet.ip4.addr} + ''; + }; + cores = 4; + nets = rec { + internet = { + ip4.addr = "178.254.30.202"; + ip6.addr = "2a00:6800:3:18c::2"; + aliases = [ + "latte.i" + ]; + }; + #wiregrill = { + # via = internet; + # ip4.addr = "10.244.245.1"; + # ip6.addr = w6 "1"; + # wireguard.port = 51821; + # wireguard.subnets = [ + # (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR + # "10.244.245.0/24" # required for routing directly to gum via rockit + # ]; + #}; + retiolum = { + via = internet; + ip4.addr = "10.243.0.214"; + # never connect via gum (he eats your packets!) + #tinc.weight = 9001; + + aliases = [ + "latte.r" + "torrent.latte.r" + ]; + }; + }; + }; gum = rec { ci = true; extraZones = { @@ -173,7 +213,6 @@ in { feed.euer IN A ${nets.internet.ip4.addr} board.euer IN A ${nets.internet.ip4.addr} etherpad.euer IN A ${nets.internet.ip4.addr} - rss.euer IN A ${nets.internet.ip4.addr} mediengewitter IN CNAME over.dose.io. mon.euer IN A ${nets.internet.ip4.addr} netdata.euer IN A ${nets.internet.ip4.addr} @@ -220,7 +259,7 @@ in { via = internet; ip4.addr = "10.243.0.213"; # never connect via gum (he eats your packets!) - tinc.weight = 9001; + #tinc.weight = 9001; aliases = [ "gum.r" diff --git a/krebs/3modules/makefu/retiolum/latte.pub b/krebs/3modules/makefu/retiolum/latte.pub new file mode 100644 index 000000000..17fca2b40 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/latte.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU +5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo +r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf +43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4 +GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6 +vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/latte_ed25519.pub b/krebs/3modules/makefu/retiolum/latte_ed25519.pub new file mode 100644 index 000000000..7974bb6e5 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/latte_ed25519.pub @@ -0,0 +1 @@ +ILtT9Y5pGBtc5/wR56RYzzYeZMvmmutaC6IED6I1oTI diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix deleted file mode 100644 index 4a96f6203..000000000 --- a/krebs/3modules/rtorrent.nix +++ /dev/null @@ -1,348 +0,0 @@ -{ config, lib, pkgs, options, ... }: - -with import <stockholm/lib>; -let - cfg = config.krebs.rtorrent; - webcfg = config.krebs.rtorrent.web; - rucfg = config.krebs.rtorrent.rutorrent; - - nginx-user = config.services.nginx.user; - nginx-group = config.services.nginx.group; - fpm-socket = config.services.phpfpm.pools.rutorrent.socket; - - webdir = rucfg.webdir; - systemd-logfile = cfg.workDir + "/rtorrent-systemd.log"; - - # rutorrent requires a couple of binaries to be available to either the - # rtorrent process or to phpfpm - - rutorrent-deps = with pkgs; [ curl php coreutils procps ffmpeg mediainfo ] ++ - (if (config.nixpkgs.config.allowUnfree or false) then - trace "enabling unfree packages for rutorrent" [ unrar unzip ] else - trace "not enabling unfree packages for rutorrent because allowUnfree is unset" []); - - configFile = pkgs.writeText "rtorrent-config" '' - # THIS FILE IS AUTOGENERATED - ${optionalString (cfg.listenPort != null) '' - port_range = ${toString cfg.listenPort}-${toString cfg.listenPort} - port_random = no - ''} - - ${optionalString (cfg.watchDir != null) '' - directory.watch.added = "${cfg.watchDir}", load.start_verbose - ''} - - directory = ${cfg.downloadDir} - session = ${cfg.sessionDir} - - ${optionalString (cfg.enableXMLRPC ) '' - # prepare socket and set permissions. rtorrent user is part of group nginx - # TODO: configure a shared torrent group - execute.nothrow = rm,${cfg.xmlrpc-socket} - scgi_local = ${cfg.xmlrpc-socket} - schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"ug+w,o=\",${cfg.xmlrpc-socket}" - ''} - - system.file.allocate.set = ${if cfg.preAllocate then "yes" else "no"} - - # Prepare systemd logging - log.open_file = "rtorrent-systemd", ${systemd-logfile} - log.add_output = "warn", "rtorrent-systemd" - log.add_output = "notice", "rtorrent-systemd" - log.add_output = "info", "rtorrent-systemd" - # log.add_output = "debug", "rtorrent-systemd" - ${cfg.extraConfig} - ''; - - out = { - options.krebs.rtorrent = api; - # This only works because none of the attrsets returns the same key - config = with lib; mkIf cfg.enable (lib.mkMerge [ - (lib.mkIf webcfg.enable rpcweb-imp) - # only build rutorrent-imp if webcfg is enabled as well - (lib.mkIf (webcfg.enable && rucfg.enable) rutorrent-imp) - imp - ]); - }; - - api = { - enable = mkEnableOption "rtorrent"; - - web = { - # configure NGINX to provide /RPC2 for listen address - # authentication also applies to rtorrent.rutorrent - enable = mkEnableOption "rtorrent nginx web RPC"; - - addr = mkOption { - type = types.addr4; - default = "0.0.0.0"; - description = '' - the address to listen on - default is 0.0.0.0 - ''; - }; - - port = mkOption { - type = types.nullOr types.int; - description ='' - nginx listen port for rtorrent - ''; - default = 8006; - }; - - basicAuth = mkOption { - type = types.attrsOf types.str ; - description = '' - basic authentication to be used. If unset, no authentication will be - enabled. - - Refer to `services.nginx.virtualHosts.‹name›.basicAuth` - ''; - default = {}; - }; - }; - - rutorrent = { - enable = mkEnableOption "rutorrent"; # requires rtorrent.web.enable - - package = mkOption { - type = types.package; - description = '' - path to rutorrent package. When using your own ruTorrent package, - scgi_port and scgi_host will be patched on startup. - ''; - default = pkgs.rutorrent; - }; - - webdir = mkOption { - type = types.path; - description = '' - rutorrent php files will be written to this folder. - when using nginx, be aware that the the folder should be readable by nginx. - because rutorrent does not hold mutable data in a separate folder - these files must be writable. - ''; - default = "/var/lib/rutorrent"; - }; - - }; - - package = mkOption { - type = types.package; - default = pkgs.rtorrent; - }; - - # TODO: enable xmlrpc with web.enable - enableXMLRPC = mkEnableOption "rtorrent xmlrpc via socket"; - xmlrpc-socket = mkOption { - type = types.str; - description = '' - enable xmlrpc at given socket. Required for web-interface. - - for documentation see: - https://github.com/rakshasa/rtorrent/wiki/RPC-Setup-XMLRPC - ''; - default = cfg.workDir + "/rtorrent.sock"; - }; - - preAllocate = mkOption { - type = types.bool; - description = '' - Pre-Allocate torrent files - ''; - default = true; - }; - - downloadDir = mkOption { - type = types.path; - description = '' - directory where torrents are stored - ''; - default = cfg.workDir + "/downloads"; - }; - - sessionDir = mkOption { - type = types.path; - description = '' - directory where torrent progress is stored - ''; - default = cfg.workDir + "/rtorrent-session"; - }; - - watchDir = mkOption { - type = with types; nullOr str; - description = '' - directory to watch for torrent files. - If unset, no watch directory will be configured - ''; - default = null; - }; - - listenPort = mkOption { - type = with types; nullOr int; - description ='' - listening port. if you want multiple ports, use extraConfig port_range - ''; - }; - - extraConfig = mkOption { - type = types.lines; - description = '' - config to be placed into ${cfg.workDir}/.rtorrent.rc - - see ${cfg.package}/share/doc/rtorrent/rtorrent.rc - ''; - example = literalExample '' - log.execute = ${cfg.workDir}/execute.log - log.xmlrpc = ${cfg.workDir}/xmlrpc.log - ''; - default = ""; - }; - - user = mkOption { - description = '' - user which will run rtorrent. if kept default a new user will be created - ''; - type = types.str; - default = "rtorrent"; - }; - - workDir = mkOption { - description = '' - working directory. rtorrent will search in HOME for `.rtorrent.rc` - ''; - type = types.str; - default = "/var/lib/rtorrent"; - }; - - }; - - imp = { - systemd.services = { - rtorrent-daemon = { - description = "rtorrent headless"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - restartIfChanged = true; - serviceConfig = { - Type = "forking"; - ExecStartPre = pkgs.writeDash "prepare-folder" '' - mkdir -p ${cfg.workDir} ${cfg.sessionDir} - chmod 770 ${cfg.workDir} ${cfg.sessionDir} - touch ${systemd-logfile} - cp -f ${configFile} ${cfg.workDir}/.rtorrent.rc - ''; - ExecStart = "${pkgs.tmux}/bin/tmux new-session -s rt -n rtorrent -d 'PATH=/bin:/usr/bin:${makeBinPath rutorrent-deps} ${cfg.package}/bin/rtorrent'"; - Restart = "always"; - RestartSec = "10"; - - ## you can simply sudo -u rtorrent tmux a if privateTmp is set to false - ## otherwise the tmux session is stored in some private folder in /tmp - PrivateTmp = false; - - WorkingDirectory = cfg.workDir; - User = "${cfg.user}"; - }; - }; - rtorrent-log = { - after = [ "rtorrent-daemon.service" ]; - bindsTo = [ "rtorrent-daemon.service" ]; - wantedBy = [ "rtorrent-daemon.service" ]; - serviceConfig = { - ExecStart = "${pkgs.coreutils}/bin/tail -f ${systemd-logfile}"; - User = "${cfg.user}"; - }; - }; - } // (optionalAttrs webcfg.enable { - rutorrent-prepare = { - after = [ "rtorrent-daemon.service" ]; - wantedBy = [ "rtorrent-daemon.service" ]; - serviceConfig = { - Type = "oneshot"; - # we create the folder and set the permissions to allow nginx - # TODO: update files if the version of rutorrent changed - ExecStart = pkgs.writeDash "create-webconfig-dir" '' - if [ ! -e ${webdir} ];then - echo "creating webconfiguration directory for rutorrent: ${webdir}" - cp -vr ${rucfg.package} ${webdir} - echo "setting permissions for webdir to ${cfg.user}:${nginx-group}" - chown -R ${cfg.user}:${nginx-group} ${webdir} - chmod -R 770 ${webdir} - else - echo "not overwriting ${webdir}" - - fi - echo "updating xmlrpc-socket with unix://${cfg.xmlrpc-socket}" - sed -i -e 's#^\s*$scgi_port.*#$scgi_port = 0;#' \ - -e 's#^\s*$scgi_host.*#$scgi_host = "unix://${cfg.xmlrpc-socket}";#' \ - "${webdir}/conf/config.php" - ''; - }; - }; - }) - // (optionalAttrs rucfg.enable { }); - - users = lib.mkIf (cfg.user == "rtorrent") { - users.rtorrent = { - uid = genid "rtorrent"; - home = cfg.workDir; - group = nginx-group; # required for rutorrent to work - shell = "/bin/sh"; #required for tmux - isSystemUser = true; - createHome = true; - }; - groups.rtorrent.gid = genid "rtorrent"; - }; - }; - - rpcweb-imp = { - services.nginx.enable = mkDefault true; - services.nginx.virtualHosts.rtorrent = { - default = mkDefault true; - inherit (webcfg) basicAuth; - root = optionalString rucfg.enable webdir; - listen = [ { inherit (webcfg) addr port; } ]; - - locations = { - "/RPC2".extraConfig = '' - include ${pkgs.nginx}/conf/scgi_params; - scgi_param SCRIPT_NAME /RPC2; - scgi_pass unix:${cfg.xmlrpc-socket}; - ''; - } // (optionalAttrs rucfg.enable { - "~ \.php$".extraConfig = '' - client_max_body_size 200M; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${fpm-socket}; - try_files $uri =404; - fastcgi_index index.php; - include ${pkgs.nginx}/conf/fastcgi_params; - include ${pkgs.nginx}/conf/fastcgi.conf; - ''; } - ); - }; - }; - - rutorrent-imp = { - services.phpfpm = { - pools.rutorrent = { - user = nginx-user; - group = nginx-group; - phpEnv.PATH = makeBinPath rutorrent-deps; - - settings = { - "listen.owner" = nginx-user; - "pm" = "dynamic"; - "pm.max_children" = 5; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 1; - "pm.max_spare_servers" = 3; - "chdir" = "/"; - "php_admin_value[error_log]" = "stderr"; - "php_admin_flag[log_errors]" = "on"; - "catch_workers_output" = "yes"; - }; - }; - }; - }; -in out diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index bc85aa0a6..1b28628d6 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -19,13 +19,15 @@ with import <stockholm/lib>; "hosts" = tinc.config.hostsPackage; "tinc.conf" = pkgs.writeText "${netname}-tinc.conf" '' Name = ${tinc.config.host.name} + LogLevel = ${toString tinc.config.logLevel} Interface = ${netname} Broadcast = no ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo} Port = ${toString tinc.config.host.nets.${netname}.tinc.port} ${tinc.config.extraConfig} ''; - "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' + "tinc-up" = pkgs.writeScript "${netname}-tinc-up" '' + #!/bin/sh ip link set ${netname} up ${tinc.config.tincUp} ''; @@ -192,6 +194,14 @@ with import <stockholm/lib>; ''; }; + logLevel = mkOption { + type = types.int; + description = '' + LogLevel in tinc.conf + ''; + default = 3; + }; + user = mkOption { type = types.user; default = { diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 12afe0e9c..71367c2f1 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "60c52a73f1d5858020ac4f161cd5bf1c9650f8b8", - "date": "2022-02-07T23:59:33+00:00", - "path": "/nix/store/5w1yn77d2b44wq0w7b8cqqqfap2897n2-nixpkgs", - "sha256": "1xyi4xag084ikcbis3iixpvfsmlfm2s105j58770x7k24mkrif7n", + "rev": "7f9b6e2babf232412682c09e57ed666d8f84ac2d", + "date": "2022-02-21T09:47:16+01:00", + "path": "/nix/store/4vd9z4b2s4jfn96ypdfavizy6908l71h-nixpkgs", + "sha256": "03nb8sbzgc3c0qdr1jbsn852zi3qp74z4qcy7vrabvvly8rbixp2", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 22d465b27..c9b40c10f 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "521e4d7d13b09bc0a21976b9d19abd197d4e3b1e", - "date": "2022-02-07T00:29:53+00:00", - "path": "/nix/store/pvmrsiy8k37nwg18g7230g5kasbsf132-nixpkgs", - "sha256": "156b4wnm6y6lg0gz09mp48rd0mhcdazr5s888c4lbhlpn3j8h042", + "rev": "4275a321beab5a71872fb7a5fe5da511bb2bec73", + "date": "2022-02-23T13:42:45-08:00", + "path": "/nix/store/g521qhbql6116naa3fjgga6dm0r24ynx-nixpkgs", + "sha256": "1p3pn7767ifbg08nmgjd93iqk0z87z4lv29ypalj9idwd3chsm69", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix index 9aa97a8ce..de6562cbc 100644 --- a/lass/2configs/bitcoin.nix +++ b/lass/2configs/bitcoin.nix @@ -5,15 +5,6 @@ let in { users.extraUsers = { - bch = { - name = "bch"; - description = "user for bch stuff"; - home = "/home/bch"; - useDefaultShell = true; - createHome = true; - packages = [ pkgs.electron-cash ]; - isNormalUser = true; - }; bitcoin = { name = "bitcoin"; description = "user for bitcoin stuff"; diff --git a/lass/2configs/radio-news.nix b/lass/2configs/radio-news.nix index a4e28c1b1..eb7d3bd9a 100644 --- a/lass/2configs/radio-news.nix +++ b/lass/2configs/radio-news.nix @@ -1,8 +1,8 @@ -{ config, pkgs, ... }: with pkgs.stockholm.lib; +{ config, lib, pkgs, ... }: let weather_report = pkgs.writers.writeDashBin "weather_report" '' set -efu - ${pkgs.curl}/bin/curl -sSL https://wttr.in/''${1-}?format=j1 \ + ${pkgs.curl}/bin/curl -fsSL https://wttr.in/''${1-}?format=j1 \ | ${pkgs.jq}/bin/jq -r ' [.nearest_area[0] | "Weather report for \(.areaName[0].value), \(.country[0].value)."] + [.current_condition[0] | "Currently it is \(.weatherDesc[0].value) outside with a temperature of \(.temp_C) degrees."] @@ -14,11 +14,25 @@ let ${pkgs.libshout}/bin/shout --format ogg --host localhost --port 1338 --mount /live ''; + gc_news = pkgs.writers.writeDashBin "gc_news" '' + set -xefu + ${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -cs 'map(select((.to|fromdateiso8601) > now)) | .[]' > $HOME/bla-news.tmp + ${pkgs.coreutils}/bin/mv $HOME/bla-news.tmp $HOME/news + ''; + + get_current_news = pkgs.writers.writeDashBin "get_current_news" '' + set -xefu + ${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -rs 'map(select(((.to | fromdateiso8601) > now) and (.from|fromdateiso8601) < now) | .text) | .[]' + ''; + newsshow = pkgs.writers.writeDashBin "newsshow" /* sh */ '' echo " hello crabpeople! $(${pkgs.ddate}/bin/ddate | sed 's/YOLD/Year of Discord/')! It is $(date --utc +%H) o clock UTC. + todays news: + $(get_current_news) + $(gc_news) $(weather_report berlin) $(weather_report 70173) $(weather_report munich) @@ -30,6 +44,8 @@ in path = [ newsshow send_to_radio + gc_news + get_current_news weather_report pkgs.curl pkgs.retry @@ -37,10 +53,41 @@ in script = '' set -efu retry -t 5 -d 10 -- newsshow | - retry -t 5 -d 10 -- curl -SsG http://tts.r/api/tts --data-urlencode 'text@-' | + retry -t 5 -d 10 -- curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' | retry -t 5 -d 10 -- send_to_radio ''; startAt = "*:00:00"; + serviceConfig = { + User = "radio-news"; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 7999"; target = "ACCEPT"; } + ]; + + krebs.htgen.news = { + port = 7999; + user = { + name = "radio-news"; + }; + script = ''. ${pkgs.writers.writeDash "htgen-news" '' + set -xefu + case "$Method $Request_URI" in + "POST /") + payload=$(head -c "$req_content_length" \ + | sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \ + | xargs -0 echo -e \ + ) + echo "$payload" | jq 'has("from") and has("to") and has("text")' >&2 + echo "$payload" | jq -c '{ from: (.from | fromdate | todate), to: (.to | fromdate | todate), text: .text }' >> $HOME/news + printf 'HTTP/1.1 200 OK\r\n' + printf 'Connection: close\r\n' + printf '\r\n' + exit + ;; + esac + ''}''; }; ## debug diff --git a/makefu/0tests/data/secrets/hetzner.smb b/makefu/0tests/data/secrets/hetzner.smb new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/secrets/hetzner.smb diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index a9d9b661f..089fc8e9f 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -23,11 +23,12 @@ in { } <stockholm/makefu/2configs/nur.nix> <stockholm/makefu/2configs/support-nixos.nix> - <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix> <stockholm/makefu/2configs/nix-community/supervision.nix> <stockholm/makefu/2configs/home-manager> <stockholm/makefu/2configs/home-manager/cli.nix> # <stockholm/makefu/2configs/stats/client.nix> + <stockholm/makefu/2configs/share> + <stockholm/makefu/2configs/share/hetzner-client.nix> # <stockholm/makefu/2configs/stats/netdata-server.nix> <stockholm/makefu/2configs/headless.nix> @@ -56,13 +57,13 @@ in { <stockholm/makefu/2configs/tinc/retiolum.nix> { # bonus retiolum config for connecting more hosts krebs.tinc.retiolum = { - extraConfig = lib.mkForce '' - ListenAddress = ${external-ip} 53 - ListenAddress = ${external-ip} 655 - ListenAddress = ${external-ip} 21031 - StrictSubnets = yes - LocalDiscovery = no - ''; + #extraConfig = lib.mkForce '' + # ListenAddress = ${external-ip} 53 + # ListenAddress = ${external-ip} 655 + # ListenAddress = ${external-ip} 21031 + # StrictSubnets = yes + # LocalDiscovery = no + #''; connectTo = [ "prism" "ni" "enklave" "eve" "dishfire" ]; @@ -106,7 +107,7 @@ in { # sharing <stockholm/makefu/2configs/share/gum.nix> # samba sahre - <stockholm/makefu/2configs/torrent.nix> + <stockholm/makefu/2configs/torrent/rtorrent.nix> # <stockholm/makefu/2configs/sickbeard> <stockholm/makefu/2configs/bitwarden.nix> @@ -114,7 +115,7 @@ in { #<stockholm/makefu/2configs/retroshare.nix> ## <stockholm/makefu/2configs/ipfs.nix> #<stockholm/makefu/2configs/syncthing.nix> - <stockholm/makefu/2configs/sync> + # <stockholm/makefu/2configs/sync> # <stockholm/makefu/2configs/opentracker.nix> @@ -125,9 +126,8 @@ in { { makefu.backup.server.repo = "/var/backup/borg"; } <stockholm/makefu/2configs/backup/server.nix> <stockholm/makefu/2configs/backup/state.nix> - <stockholm/makefu/2configs/bitlbee.nix> <stockholm/makefu/2configs/wireguard/server.nix> - <stockholm/makefu/2configs/wireguard/wiregrill.nix> + # <stockholm/makefu/2configs/wireguard/wiregrill.nix> { # recent changes mediawiki bot networking.firewall.allowedUDPPorts = [ 5005 5006 ]; @@ -150,13 +150,12 @@ in { # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> <stockholm/makefu/2configs/deployment/graphs.nix> - <stockholm/makefu/2configs/deployment/owncloud.nix> + #<stockholm/makefu/2configs/deployment/owncloud.nix> <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix> - <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix> #<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de> <stockholm/makefu/2configs/deployment/boot-euer.nix> <stockholm/makefu/2configs/deployment/gecloudpad> - <stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix> + #<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix> <stockholm/makefu/2configs/deployment/mediengewitter.de.nix> <stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix> # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix> @@ -182,14 +181,15 @@ in { ## Temporary: # <stockholm/makefu/2configs/temp/rst-issue.nix> - <stockholm/makefu/2configs/virtualisation/docker.nix> + # <stockholm/makefu/2configs/virtualisation/docker.nix> #<stockholm/makefu/2configs/virtualisation/libvirt.nix> # krebs infrastructure services # <stockholm/makefu/2configs/stats/server.nix> ]; - makefu.dl-dir = "/var/download"; + # makefu.dl-dir = "/var/download"; + makefu.dl-dir = "/media/cloud/download"; services.openssh.hostKeys = lib.mkForce [ { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; } diff --git a/makefu/1systems/latte/1blu/default.nix b/makefu/1systems/latte/1blu/default.nix new file mode 100644 index 000000000..50cd9204d --- /dev/null +++ b/makefu/1systems/latte/1blu/default.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, modulesPath, ... }: +{ + + imports = + [ ./network.nix + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + # Disk + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "tank/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "tank/home"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "tank/nix"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/AEF3-A486"; + fsType = "vfat"; |