7 files changed, 145 insertions, 4 deletions
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 7e4c87cf..cdaa38f2 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -22,10 +22,17 @@ with config.krebs.lib;
     build = {
       user = config.krebs.users.makefu;
       source = let inherit (config.krebs.build) host user; in {
-        nixpkgs.git = {
-          url = https://github.com/nixos/nixpkgs;
-          ref = "125ffff"; # stable @ 2016-07-20
-        };
+        nixpkgs = if config.makefu.full-populate or (getEnv "dummy_secrets" == "true") then
+          { # stable @ 2016-07-20
+            git = { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; };
+          }
+            else
+            # TODO use http, once it is implemented
+            # right now it is simply extracted revision folder
+
+            ## prepare so we do not have to wait for rsync:
+            ## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff  -L | tar zx  && mv NixOS-nixpkgs-125ffff nixpkgs
+            { file = "/home/makefu/store/125ffff";};
         secrets.file =
           if getEnv "dummy_secrets" == "true"
             then toString <stockholm/makefu/6tests/data/secrets>
diff --git a/makefu/2configs/hw/bcm4352.nix b/makefu/2configs/hw/bcm4352.nix
new file mode 100644
index 00000000..516637eb
--- /dev/null
+++ b/makefu/2configs/hw/bcm4352.nix
@@ -0,0 +1,6 @@
+{config, ...}:
+{
+  networking.enableB43Firmware = true;
+  boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
+}
+
diff --git a/makefu/2configs/temp/8812au.nix b/makefu/2configs/temp/8812au.nix
new file mode 100644
index 00000000..9587171b
--- /dev/null
+++ b/makefu/2configs/temp/8812au.nix
@@ -0,0 +1,6 @@
+{config, pkgs, ...}:
+{
+  #boot.extraModulePackages = [ pkgs.rtl8812au ];
+  boot.extraModulePackages = [config.boot.kernelPackages.rtl8812au ];
+  boot.kernelModules = [ "rtl8812au" ];
+}
diff --git a/makefu/2configs/temp/elkstack.nix b/makefu/2configs/temp/elkstack.nix
new file mode 100644
index 00000000..c6bf1c6d
--- /dev/null
+++ b/makefu/2configs/temp/elkstack.nix
@@ -0,0 +1,5 @@
+_:
+{
+  services.elasticsearch.enable = true;
+  services.kibana.enable = true;
+}
diff --git a/makefu/2configs/temp/sabnzbd.nix b/makefu/2configs/temp/sabnzbd.nix
new file mode 100644
index 00000000..d8eab273
--- /dev/null
+++ b/makefu/2configs/temp/sabnzbd.nix
@@ -0,0 +1,5 @@
+{pkgs, ...}:
+{
+  services.sabnzbd.enable = true;
+  systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+}
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
new file mode 100644
index 00000000..c18db9fa
--- /dev/null
+++ b/makefu/2configs/torrent.nix
@@ -0,0 +1,81 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+let
+  daemon-user = "tor";
+  daemon-pw = (import <torrent-secrets/daemon-pw>);
+  peer-port = 51412;
+  web-port = 8112;
+  daemon-port = 58846;
+  dl-dir = "/var/download";
+in {
+  # prepare secrets
+  krebs.build.source.torrent-secrets.file =
+    if getEnv "dummy_secrets" == "true"
+    then toString <stockholm/makefu/6tests/data/secrets>
+    else "/home/makefu/secrets/torrent";
+
+  users.users = {
+    download = {
+      name = "download";
+      home = dl-dir;
+      uid = genid "download";
+      createHome = true;
+      useDefaultShell = true;
+      group = "download";
+      openssh.authorizedKeys.keys = [ ];
+    };
+  };
+  # todo: race condition, do this after download user has been created
+  system.activationScripts."download-dir-chmod" = ''
+    for i in finished torrents; do
+      mkdir -p "${dl-dir}/$i"
+      chown download:download "${dl-dir}/$i"
+      chmod 770 "${dl-dir}/$i"
+    done
+  '';
+
+  users.extraGroups = {
+    download = {
+      gid = genid "download";
+      members = [
+        config.krebs.build.user.name
+        "download"
+        "deluge"
+      ];
+    };
+  };
+
+  makefu.deluge = {
+    enable = true;
+    auth = "${daemon-user}:${daemon-pw}:10";
+    # web.enable = true;
+    cfg = {
+      autoadd_enable = true;
+      download_location = dl-dir + "/finished";
+      torrentfiles_location = dl-dir + "/torrents"; copy_torrent_file = true;
+      lsd = true;
+      dht = true;
+      upnp = true;
+      natpmp = true;
+      add_paused = false;
+      allow_remote = true;
+      remove_seed_at_ratio = false;
+      move_completed = false;
+      daemon_port = daemon-port;
+      listen_ports = [ peer-port peer-port ];
+      outgoing_ports = [ peer-port peer-port ];
+      # performance tuning
+      cache_expiry = 3600;
+      stop_seed_at_ratio = true;
+    };
+  };
+
+  networking.firewall.extraCommands = ''
+    iptables -A INPUT -i retiolum -p tcp --dport ${toString daemon-port} -j ACCEPT
+  '';
+
+  networking.firewall.allowedTCPPorts = [ peer-port ];
+  networking.firewall.allowedUDPPorts = [ peer-port ];
+}
diff --git a/makefu/2configs/udpt.nix b/makefu/2configs/udpt.nix
new file mode 100644
index 00000000..6d55ffaf
--- /dev/null
+++ b/makefu/2configs/udpt.nix
@@ -0,0 +1,31 @@
+{pkgs, ...}:
+
+let
+  cfgfile = pkgs.writeText "udpt-config" ''
+    [db]
+    driver=sqlite3
+    param=:memory:
+
+    [tracker]
+    is_dynamic=yes
+    port=6969
+    threads=5
+    allow_remotes=yes
+    allow_iana_ips=no
+    announce_interval=1800
+    cleanup_interval=120
+
+    [apiserver]
+    enable=yes
+
+    [logging]
+    filename=-
+    level=warning
+  '';
+in {
+  makefu.udpt = {
+    enable = true;
+    inherit cfgfile;
+  };
+
+}