diff options
Diffstat (limited to 'makefu')
-rw-r--r-- | makefu/1systems/fileleech.nix | 27 | ||||
-rw-r--r-- | makefu/2configs/default.nix | 2 | ||||
-rw-r--r-- | makefu/2configs/elchos/irc-token.nix | 62 | ||||
-rw-r--r-- | makefu/2configs/torrent.nix | 7 | ||||
-rw-r--r-- | makefu/3modules/default.nix | 1 | ||||
-rw-r--r-- | makefu/3modules/server-config.nix | 10 | ||||
-rw-r--r-- | makefu/6tests/data/secrets/auth.nix | 3 | ||||
-rw-r--r-- | makefu/6tests/data/secrets/authfile | 1 |
8 files changed, 107 insertions, 6 deletions
diff --git a/makefu/1systems/fileleech.nix b/makefu/1systems/fileleech.nix new file mode 100644 index 000000000..4d9b37cea --- /dev/null +++ b/makefu/1systems/fileleech.nix @@ -0,0 +1,27 @@ +{ config, pkgs, ... }: +{ + imports = [ + ../. + # configure your hw: + # ../2configs/hw/CAC.nix + # ../2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/save-diskspace.nix + ../2configs/tinc/retiolum.nix + + ]; + krebs = { + enable = true; + build.host = config.krebs.hosts.fileleech; + }; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; + fileSystems."/" = { + device = "/dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; + }; + + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "aacraid" "usb_storage" "usbhid" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; +} diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 9a2adbc3e..9e3f3eb61 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import <stockholm/lib>; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "f52eaf4"; # stable @ 2016-12-12 + ref = "ee13b9af"; # stable @ 2016-12-12 in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { diff --git a/makefu/2configs/elchos/irc-token.nix b/makefu/2configs/elchos/irc-token.nix new file mode 100644 index 000000000..3f3c4ffc3 --- /dev/null +++ b/makefu/2configs/elchos/irc-token.nix @@ -0,0 +1,62 @@ +{pkgs, ...}: +with import <stockholm/lib>; +let + secret = (import <secrets/elchos-token.nix>); +in { + systemd.services.elchos-irctoken = { + startAt = "*:0/30"; + serviceConfig = { + RuntimeMaxSec = "20"; + }; + script = '' + set -euf + now=$(date -u +%Y-%m-%dT%H:%M) + sec=$(echo -n "${secret}$now" | md5sum | cut -d\ -f1) + message="The secret valid for 30 minutes is $sec" + echo "token for $now (UTC) is $sec" + LOGNAME=sec-announcer + HOSTNAME=$(${pkgs.systemd}/bin/hostnamectl --static) + IRC_SERVER=irc.freenode.net + IRC_PORT=6667 + IRC_NICK=$HOSTNAME-$$ + IRC_CHANNEL='#eloop' + + export IRC_CHANNEL # for privmsg_cat + + echo2() { echo "$*"; echo "$*" >&2; } + + privmsg_cat() { ${pkgs.gawk}/bin/awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } + + tmpdir="$(mktemp -d irc-announce_XXXXXXXX)" + cd "$tmpdir" + mkfifo ircin + trap " + rm ircin + cd '$OLDPWD' + rmdir '$tmpdir' + trap - EXIT INT QUIT + " EXIT INT QUIT + + { + echo2 "USER $LOGNAME 0 * :$LOGNAME@$HOSTNAME" + echo2 "NICK $IRC_NICK" + + # wait for MODE message + ${pkgs.gnused}/bin/sed -un '/^:[^ ]* MODE /q' + + echo2 "JOIN $IRC_CHANNEL" + + printf '%s' "$message" \ + | privmsg_cat + + echo2 "PART $IRC_CHANNEL" + + # wait for PART confirmation + sed -un '/:'"$IRC_NICK"'![^ ]* PART /q' + + echo2 'QUIT :Gone to have lunch' + } < ircin \ + | ${pkgs.netcat}/bin/netcat "$IRC_SERVER" "$IRC_PORT" |tee -a ircin + ''; + }; +} diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix index 5b9ce6178..f3bc9091b 100644 --- a/makefu/2configs/torrent.nix +++ b/makefu/2configs/torrent.nix @@ -4,7 +4,7 @@ with import <stockholm/lib>; let daemon-user = "tor"; - authfile = <torrent-secrets/authfile>; + basicAuth = import <torrent-secrets/auth.nix>; peer-port = 51412; web-port = 8112; daemon-port = 58846; @@ -53,9 +53,8 @@ in { enable = true; web = { enable = true; - enableAuth = true; - listenAddress = toString web-port; - inherit authfile; + port = web-port; + inherit basicAuth; }; rutorrent.enable = true; enableXMLRPC = true; diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 855e134ab..16215b27a 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -8,6 +8,7 @@ _: ./forward-journal.nix ./opentracker.nix ./ps3netsrv.nix + ./server-config.nix ./snapraid.nix ./taskserver.nix ./udpt.nix diff --git a/makefu/3modules/server-config.nix b/makefu/3modules/server-config.nix new file mode 100644 index 000000000..dbd29d748 --- /dev/null +++ b/makefu/3modules/server-config.nix @@ -0,0 +1,10 @@ +{config, lib, pkgs, ... }: + +with import <stockholm/lib>; +{ + options.makefu.server.primary-itf = lib.mkOption { + type = types.str; + description = "Primary interface of the server"; + }; +} + diff --git a/makefu/6tests/data/secrets/auth.nix b/makefu/6tests/data/secrets/auth.nix new file mode 100644 index 000000000..92d5c34a8 --- /dev/null +++ b/makefu/6tests/data/secrets/auth.nix @@ -0,0 +1,3 @@ +{ + user = "password"; +} diff --git a/makefu/6tests/data/secrets/authfile b/makefu/6tests/data/secrets/authfile deleted file mode 100644 index f5e704702..000000000 --- a/makefu/6tests/data/secrets/authfile +++ /dev/null @@ -1 +0,0 @@ -"derp" |