summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/makefu/default.nix8
-rw-r--r--makefu/1systems/gum/config.nix25
-rw-r--r--makefu/1systems/gum/hetzner/default.nix (renamed from makefu/1systems/gum/hardware-config.nix)3
-rw-r--r--makefu/1systems/iso/config.nix18
-rw-r--r--makefu/1systems/iso/justdoit.nix18
-rw-r--r--makefu/1systems/iso/target-config.nix14
-rw-r--r--makefu/1systems/latte/config.nix17
-rw-r--r--makefu/1systems/omo/config.nix3
-rw-r--r--makefu/1systems/omo/hw/omo.nix4
-rw-r--r--makefu/1systems/omo/hw/vaapi.nix17
-rw-r--r--makefu/1systems/x/config.nix2
-rw-r--r--makefu/1systems/x/source.nix1
-rw-r--r--makefu/1systems/x/x13/default.nix1
-rw-r--r--makefu/1systems/x/x13/zfs.nix3
-rw-r--r--makefu/2configs/bgt/download.binaergewitter.de.nix15
-rw-r--r--makefu/2configs/bgt/template.md14
-rw-r--r--makefu/2configs/bitlbee.nix3
-rw-r--r--makefu/2configs/bitwarden.nix6
-rw-r--r--makefu/2configs/bureautomation/comic-updater.nix5
-rw-r--r--makefu/2configs/bureautomation/default.nix320
-rw-r--r--makefu/2configs/dcpp/airdcpp.nix2
-rw-r--r--makefu/2configs/dcpp/hub.nix1
-rw-r--r--makefu/2configs/deployment/owncloud.nix15
-rw-r--r--makefu/2configs/deployment/rss/ebk.yml59
-rwxr-xr-xmakefu/2configs/deployment/rss/ratt-hourly.sh28
-rw-r--r--makefu/2configs/deployment/rss/ratt.nix26
-rw-r--r--makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix (renamed from makefu/2configs/deployment/rss.euer.krebsco.de.nix)7
-rw-r--r--makefu/2configs/deployment/rss/urls7
-rw-r--r--makefu/2configs/editor/vim.nix11
-rw-r--r--makefu/2configs/gui/wbob-kiosk.nix12
-rw-r--r--makefu/2configs/home-manager/zsh.nix2
-rw-r--r--makefu/2configs/home/ham/automation/check-in.nix13
-rw-r--r--makefu/2configs/home/ham/automation/flurlicht.nix85
-rw-r--r--makefu/2configs/home/ham/automation/giesskanne.nix45
-rw-r--r--makefu/2configs/home/ham/automation/urlaub.nix26
-rw-r--r--makefu/2configs/home/ham/default.nix17
-rw-r--r--makefu/2configs/home/ham/light/tint_wohnzimmer.nix15
-rw-r--r--makefu/2configs/home/ham/media/remote_sound_arbeitszimmer.nix107
-rw-r--r--makefu/2configs/home/ham/media/sonos.nix1
-rw-r--r--makefu/2configs/home/ham/person/default.nix20
-rw-r--r--makefu/2configs/home/jellyfin.nix10
-rw-r--r--makefu/2configs/home/music.nix2
-rw-r--r--makefu/2configs/home/tonie.nix4
-rw-r--r--makefu/2configs/hw/nswitch.nix14
-rw-r--r--makefu/2configs/nginx/dl.euer.krebsco.de.nix1
-rw-r--r--makefu/2configs/nginx/euer.blog.nix1
-rw-r--r--makefu/2configs/printer.nix1
-rw-r--r--makefu/2configs/tinc/retiolum.nix1
-rw-r--r--makefu/2configs/tools/consoles.nix1
-rw-r--r--makefu/2configs/tools/dev.nix4
-rw-r--r--makefu/2configs/tools/media.nix2
-rw-r--r--makefu/2configs/torrent/deluge.nix42
-rw-r--r--makefu/2configs/torrent/rtorrent.nix20
-rw-r--r--makefu/2configs/urlwatch/default.nix2
-rw-r--r--makefu/2configs/wireguard/server.nix88
-rw-r--r--makefu/5pkgs/cups-ptouch/default.nix55
-rw-r--r--makefu/5pkgs/foomatic-db-engine/default.nix86
-rw-r--r--makefu/5pkgs/ns-usbloader/default.nix35
-rw-r--r--makefu/5pkgs/ptouch-print/default.nix45
-rw-r--r--makefu/5pkgs/ratt/default.nix26
-rw-r--r--makefu/5pkgs/tw-upload-plugin/default.nix4
-rw-r--r--makefu/krops.nix10
62 files changed, 1077 insertions, 373 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index d63277132..b0bd83248 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -129,6 +129,7 @@ in {
aliases = [
"omo.r"
"dcpp.omo.r"
+ "backup.makefu.r"
"torrent.omo.r"
];
};
@@ -153,9 +154,6 @@ in {
extraZones = {
"krebsco.de" = ''
latte.euer IN A ${nets.internet.ip4.addr}
- rss.euer IN A ${nets.internet.ip4.addr}
- o.euer IN A ${nets.internet.ip4.addr}
- bw.euer IN A ${nets.internet.ip4.addr}
'';
};
cores = 4;
@@ -194,6 +192,9 @@ in {
ci = true;
extraZones = {
"krebsco.de" = ''
+ rss.euer IN A ${nets.internet.ip4.addr}
+ o.euer IN A ${nets.internet.ip4.addr}
+ bw.euer IN A ${nets.internet.ip4.addr}
bookmark.euer IN A ${nets.internet.ip4.addr}
boot IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr}
@@ -263,7 +264,6 @@ in {
aliases = [
"gum.r"
- "backup.makefu.r"
"blog.gum.r"
"blog.makefu.r"
"cache.gum.r"
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 540106004..ff0c18795 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -32,8 +32,6 @@ in {
# <stockholm/makefu/2configs/stats/netdata-server.nix>
<stockholm/makefu/2configs/headless.nix>
- <stockholm/makefu/2configs/smart-monitor.nix>
- { services.smartd.devices = builtins.map (x: { device = x; }) allDisks; }
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
@@ -135,6 +133,27 @@ in {
# <stockholm/makefu/2configs/urlwatch>
# Removed until move: avoid letsencrypt ban
### Web
+
+ <stockholm/makefu/2configs/bitwarden.nix> # postgres backend
+ <stockholm/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix> # postgres backend
+ <stockholm/makefu/2configs/deployment/rss/ratt.nix>
+
+ <stockholm/makefu/2configs/deployment/owncloud.nix> #postgres backend
+ ### Moving owncloud data dir to /media/cloud/nextcloud-data
+ {
+ users.users.nextcloud.extraGroups = [ "download" ];
+ # nextcloud-setup fails as it cannot set permissions for nextcloud
+ systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1";
+ fileSystems."/var/lib/nextcloud/data" = {
+ device = "/media/cloud/nextcloud-data";
+ options = [ "bind" ];
+ };
+ fileSystems."/var/backup" = {
+ device = "/media/cloud/gum-backup";
+ options = [ "bind" ];
+ };
+ }
+
<stockholm/makefu/2configs/nginx/dl.euer.krebsco.de.nix>
#<stockholm/makefu/2configs/nginx/euer.test.nix>
<stockholm/makefu/2configs/nginx/euer.mon.nix>
@@ -150,7 +169,7 @@ in {
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
#<stockholm/makefu/2configs/deployment/owncloud.nix>
- <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix>
+ # <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix>
#<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/gecloudpad>
diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hetzner/default.nix
index 1881329ce..7d445879a 100644
--- a/makefu/1systems/gum/hardware-config.nix
+++ b/makefu/1systems/gum/hetzner/default.nix
@@ -18,6 +18,9 @@ let
ext-if = "et0"; # gets renamed on the fly
in {
imports = [
+ <stockholm/makefu/2configs/smart-monitor.nix>
+ { services.smartd.devices = builtins.map (x: { device = x; }) allDisks; }
+
];
makefu.server.primary-itf = ext-if;
services.udev.extraRules = ''
diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix
index 6c4f62310..207121236 100644
--- a/makefu/1systems/iso/config.nix
+++ b/makefu/1systems/iso/config.nix
@@ -9,17 +9,22 @@ with import <stockholm/lib>;
# <stockholm/makefu/2configs/tools/core.nix>
./justdoit.nix
{
+ environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" ''
+ #!/bin/sh
+ ip addr add 178.254.30.202/255.255.252.0 dev ens3
+ ip route add default via 178.254.28.1
+ echo nameserver 1.1.1.1 > /etc/resolv.conf
+ '')];
kexec.justdoit = {
- # bootSize = 512;
- rootDevice = "/dev/sdb";
- swapSize = 1024;
+ bootSize = 512;
+ rootDevice = "/dev/vda";
bootType = "vfat";
- luksEncrypt = true;
- uefi = true;
+ luksEncrypt = false;
+ uefi = false;
};
}
];
- boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+ # boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
#krebs.build.host = { cores = 0; };
@@ -33,7 +38,6 @@ with import <stockholm/lib>;
EDITOR=vim
'';
# iso-specific
- boot.kernelParams = [ "copytoram" ];
services.openssh = {
enable = true;
hostKeys = [
diff --git a/makefu/1systems/iso/justdoit.nix b/makefu/1systems/iso/justdoit.nix
index 7947953f9..0ce90494b 100644
--- a/makefu/1systems/iso/justdoit.nix
+++ b/makefu/1systems/iso/justdoit.nix
@@ -67,29 +67,22 @@ in {
unit: sectors
${lib.optionalString (cfg.bootType != "zfs") "1 : size=${toString (2048 * cfg.bootSize)}, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4"}
${lib.optionalString (! cfg.uefi) "4 : size=4096, type=21686148-6449-6E6F-744E-656564454649"}
- 2 : size=${toString (2048 * cfg.swapSize)}, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F
- 3 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
+ 2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
EOF
${if cfg.luksEncrypt then ''
cryptsetup luksFormat ${cfg.rootDevice}${x}2
- cryptsetup open --type luks ${cfg.rootDevice}${x}2 swap
- cryptsetup luksFormat ${cfg.rootDevice}${x}3
- cryptsetup open --type luks ${cfg.rootDevice}${x}3 root
+ cryptsetup open --type luks ${cfg.rootDevice}${x}2 root
export ROOT_DEVICE=/dev/mapper/root
- export SWAP_DEVICE=/dev/mapper/swap
'' else ''
- export ROOT_DEVICE=${cfg.rootDevice}${x}3
- export SWAP_DEVICE=${cfg.rootDevice}${x}2
+ export ROOT_DEVICE=${cfg.rootDevice}${x}2
''}
${lib.optionalString (cfg.bootType != "zfs") "export NIXOS_BOOT=${cfg.rootDevice}${x}1"}
mkdir -p /mnt
${mkBootTable.${cfg.bootType}}
- mkswap $SWAP_DEVICE -L NIXOS_SWAP
zpool create -o ashift=12 -o altroot=/mnt ${cfg.poolName} $ROOT_DEVICE
zfs create -o mountpoint=legacy ${cfg.poolName}/root
zfs create -o mountpoint=legacy ${cfg.poolName}/home
zfs create -o mountpoint=legacy ${cfg.poolName}/nix
- swapon $SWAP_DEVICE
mount -t zfs ${cfg.poolName}/root /mnt/
mkdir /mnt/{home,nix,boot}
mount -t zfs ${cfg.poolName}/home /mnt/home/
@@ -111,8 +104,7 @@ in {
networking.hostId = "$hostId"; # required for zfs use
${lib.optionalString cfg.luksEncrypt ''
boot.initrd.luks.devices = [
- { name = "swap"; device = "${cfg.rootDevice}${x}2"; preLVM = true; }
- { name = "root"; device = "${cfg.rootDevice}${x}3"; preLVM = true; }
+ { name = "root"; device = "${cfg.rootDevice}${x}2"; preLVM = true; }
];
''}
}
@@ -120,9 +112,9 @@ in {
nixos-install
umount /mnt/home /mnt/nix ${lib.optionalString (cfg.bootType != "zfs") "/mnt/boot"} /mnt
zpool export ${cfg.poolName}
- swapoff $SWAP_DEVICE
'';
environment.systemPackages = [ config.system.build.justdoit ];
boot.supportedFilesystems = [ "zfs" ];
+ users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ];
};
}
diff --git a/makefu/1systems/iso/target-config.nix b/makefu/1systems/iso/target-config.nix
index 6915e4137..59d2960bc 100644
--- a/makefu/1systems/iso/target-config.nix
+++ b/makefu/1systems/iso/target-config.nix
@@ -1,12 +1,12 @@
-{ lib, ... }:
+{ pkgs, lib, ... }:
{
imports = [ ./hardware-configuration.nix ./generated.nix ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
- boot.zfs.forceImportRoot = false;
- boot.zfs.forceImportAll = false;
+ #boot.zfs.forceImportRoot = false;
+ #boot.zfs.forceImportAll = false;
boot.kernelParams = [
"boot.shell_on_fail"
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
@@ -18,8 +18,15 @@
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
+ environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" ''
+ #!/bin/sh
+ ip addr add 178.254.30.202/255.255.252.0 dev ens3
+ ip route add default via 178.254.28.1
+ echo nameserver 1.1.1.1 > /etc/resolv.conf
+ '')];
# minimal
+ boot.supportedFilesystems = [ "zfs" ];
programs.command-not-found.enable = false;
time.timeZone = "Europe/Berlin";
programs.ssh.startAgent = false;
@@ -36,5 +43,4 @@
"net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2";
"net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2";
};
- services.nscd.enable = false;
}
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index 2828aea08..69e401d97 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -34,20 +34,11 @@ in {
# Services:
<stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
- <stockholm/makefu/2configs/torrent/rtorrent.nix>
+
+ # torrent is managed by gum
+ # <stockholm/makefu/2configs/torrent/rtorrent.nix>
+
## Web
- <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix>
- <stockholm/makefu/2configs/deployment/owncloud.nix>
- ### Moving owncloud data dir to /media/cloud/nextcloud-data
- {
- users.users.nextcloud.extraGroups = [ "download" ];
- # nextcloud-setup fails as it cannot set permissions for nextcloud
- systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1";
- fileSystems."/var/lib/nextcloud/data" = {
- device = "/media/cloud/nextcloud-data";
- options = [ "bind" ];
- };
- }
# local usage:
<stockholm/makefu/2configs/mosh.nix>
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 42f335264..ee29c03d2 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -28,7 +28,7 @@ in {
<stockholm/makefu/2configs/home-manager>
<stockholm/makefu/2configs/home-manager/cli.nix>
<stockholm/makefu/2configs/editor/neovim>
- <stockholm/makefu/2configs/storj/client.nix>
+ # <stockholm/makefu/2configs/storj/client.nix>
<stockholm/makefu/2configs/backup/state.nix>
@@ -98,6 +98,7 @@ in {
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/bluetooth-mpd.nix>
+ <stockholm/makefu/2configs/home/jellyfin.nix>
<stockholm/makefu/2configs/home/music.nix>
<stockholm/makefu/2configs/home/photoprism.nix>
<stockholm/makefu/2configs/home/tonie.nix>
diff --git a/makefu/1systems/omo/hw/omo.nix b/makefu/1systems/omo/hw/omo.nix
index ae5b778bf..eaedbb779 100644
--- a/makefu/1systems/omo/hw/omo.nix
+++ b/makefu/1systems/omo/hw/omo.nix
@@ -39,7 +39,9 @@ let
in {
imports =
[ # TODO: unlock home partition via ssh
- <stockholm/makefu/2configs/fs/sda-crypto-root.nix> ];
+ ./vaapi.nix
+ <stockholm/makefu/2configs/fs/sda-crypto-root.nix> ];
+
makefu.server.primary-itf = primaryInterface;
system.activationScripts.createCryptFolders = ''
${lib.concatMapStringsSep "\n"
diff --git a/makefu/1systems/omo/hw/vaapi.nix b/makefu/1systems/omo/hw/vaapi.nix
new file mode 100644
index 000000000..8250d4110
--- /dev/null
+++ b/makefu/1systems/omo/hw/vaapi.nix
@@ -0,0 +1,17 @@
+{ pkgs, ... }:
+{
+ nixpkgs.config.packageOverrides = pkgs: {
+ vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
+ };
+ hardware.opengl = {
+ enable = true;
+ extraPackages = with pkgs; [
+ intel-media-driver # LIBVA_DRIVER_NAME=iHD
+ vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
+ vaapiVdpau
+ libvdpau-va-gl
+ ];
+ };
+ hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ vaapiIntel ];
+ environment.systemPackages = [ pkgs.libva-utils ];
+}
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 3edfcecc1..a4aa0cbab 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -13,7 +13,7 @@
# ./x230
# Common Hardware Components
-
+ <nix-ld/modules/nix-ld.nix>
# <stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix
index 050fd39f7..05b74a014 100644
--- a/makefu/1systems/x/source.nix
+++ b/makefu/1systems/x/source.nix
@@ -7,5 +7,6 @@
mic92 = true;
clever_kexec = true;
home-manager = true;
+ nix-ld = true;
# torrent = true;
}
diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix
index 9a407a575..7e9f4a6ac 100644
--- a/makefu/1systems/x/x13/default.nix
+++ b/makefu/1systems/x/x13/default.nix
@@ -28,6 +28,7 @@
environment.variables.VK_ICD_FILENAMES =
"/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
+ services.fwupd.enable = true;
programs.light.enable = true;
diff --git a/makefu/1systems/x/x13/zfs.nix b/makefu/1systems/x/x13/zfs.nix
index d6b99df41..ba341ef50 100644
--- a/makefu/1systems/x/x13/zfs.nix
+++ b/makefu/1systems/x/x13/zfs.nix
@@ -29,5 +29,6 @@
fsType = "zfs";
};
- swapDevices = [ ];
+ swapDevices = [ ];
+ services.zfs.autoScrub.enable = true;
}
diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
index 6ce0606a8..1cf21f213 100644
--- a/makefu/2configs/bgt/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@@ -5,22 +5,37 @@ let
ident = (builtins.readFile ./auphonic.pub);
bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log";
bgterror = "/var/spool/nginx/logs/binaergewitter.error.log";
+
+ # TODO: only when the data is stored somewhere else
+ wwwdir = "/var/www/binaergewitter";
+ storedir = "/media/cloud/www/binaergewitter";
in {
+ fileSystems."${wwwdir}" = {
+ device = storedir;
+ options = [ "bind" ];
+ };
+
services.openssh = {
allowSFTP = true;
sftpFlags = [ "-l VERBOSE" ];
extraConfig = ''
+ HostkeyAlgorithms +ssh-rsa
+
Match User auphonic
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
PasswordAuthentication no
+ PubkeyAcceptedAlgorithms +ssh-rsa
+
'';
};
users.users.auphonic = {
uid = genid "auphonic";
group = "nginx";
+ # for storedir
+ extraGroups = [ "download" ];
useDefaultShell = true;
isSystemUser = true;
openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
diff --git a/makefu/2configs/bgt/template.md b/makefu/2confi