summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
Diffstat (limited to 'makefu')
-rw-r--r--makefu/1systems/filepimp.nix8
-rw-r--r--makefu/1systems/omo.nix33
-rw-r--r--makefu/1systems/wbob.nix2
-rw-r--r--makefu/1systems/x.nix (renamed from makefu/1systems/pornocauster.nix)16
-rw-r--r--makefu/2configs/base-gui.nix5
-rw-r--r--makefu/2configs/bepasty-dual.nix6
-rw-r--r--makefu/2configs/fetchWallpaper.nix2
-rw-r--r--makefu/2configs/hw/tp-x2x0.nix7
-rw-r--r--makefu/2configs/main-laptop.nix38
-rw-r--r--makefu/2configs/nginx/euer.wiki.nix38
-rw-r--r--makefu/2configs/tinc/siem.nix12
-rw-r--r--makefu/2configs/zsh-user.nix2
-rw-r--r--makefu/3modules/default.nix7
-rw-r--r--makefu/3modules/ps3netsrv.nix58
-rw-r--r--makefu/5pkgs/default.nix9
-rw-r--r--makefu/5pkgs/git-xlsx-textconv/default.nix6
-rw-r--r--makefu/5pkgs/ps3netsrv/default.nix2
-rw-r--r--makefu/5pkgs/wol/default.nix22
18 files changed, 224 insertions, 49 deletions
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index c6966c99c..4037f693d 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -3,6 +3,7 @@ let
byid = dev: "/dev/disk/by-id/" + dev;
part1 = disk: disk + "-part1";
rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890";
+ primary-interface = "enp2s0"; # c8:cb:b8:cf:e4:dc
# N54L Chassis:
# ____________________
# |______FRONT_______|
@@ -75,4 +76,11 @@ in {
(xfsmount "j2" (part1 jDisk2)) //
(xfsmount "par0" (part1 jDisk3))
;
+ services.wakeonlan.interfaces = [
+ {
+ interface = primary-interface;
+ method = "password";
+ password = "CA:FE:BA:BE:13:37";
+ }
+ ];
}
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index e11abd40d..3aa5e943e 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -4,6 +4,7 @@
{ config, pkgs, lib, ... }:
let
+ toMapper = id: "/media/crypt${builtins.toString id}";
byid = dev: "/dev/disk/by-id/" + dev;
keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904";
@@ -33,7 +34,8 @@ let
# all physical disks
# TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
- allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ];
+ dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ];
+ allDisks = [ rootDisk ] ++ dataDisks;
in {
imports =
[
@@ -72,26 +74,41 @@ in {
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
virtualisation.docker.enable = true;
-
-
+ makefu.ps3netsrv = {
+ enable = true;
+ servedir = "/media/cryptX/emu/ps3";
+ };
# HDD Array stuff
- environment.systemPackages = [ pkgs.mergerfs ];
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
- makefu.snapraid = let
- toMapper = id: "/media/crypt${builtins.toString id}";
- in {
+ makefu.snapraid = {
enable = true;
disks = map toMapper [ 0 1 ];
parity = toMapper 2;
};
+ # TODO create folders in /media
+ system.activationScripts.createCryptFolders = ''
+ ${lib.concatMapStringsSep "\n"
+ (d: "install -m 755 -d " + (toMapper d) )
+ [ 0 1 2 "X" ]}
+ '';
+ environment.systemPackages = with pkgs;[
+ mergerfs # hard requirement for mount
+ wol # wake up filepimp
+ ];
fileSystems = let
cryptMount = name:
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
in cryptMount "crypt0"
// cryptMount "crypt1"
- // cryptMount "crypt2";
+ // cryptMount "crypt2"
+ // { "/media/cryptX" = {
+ device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]);
+ fsType = "mergerfs";
+ options = [ "defaults" "allow_other" ];
+ };
+ };
powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix
index e8e0b091f..ff593ab35 100644
--- a/makefu/1systems/wbob.nix
+++ b/makefu/1systems/wbob.nix
@@ -66,7 +66,7 @@ in {
client = {
enable = true;
screenName = "wbob";
- serverAddress = "pornocauster.r";
+ serverAddress = "x.r";
};
};
}
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/x.nix
index b683e5630..d41edfa46 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/x.nix
@@ -43,16 +43,8 @@
../2configs/temp/share-samba.nix
# ../2configs/temp/elkstack.nix
# ../2configs/temp/sabnzbd.nix
+ ../2configs/tinc/siem.nix
];
-
- services.tinc.networks.siem = {
- name = "makefu";
- extraConfig = ''
- ConnectTo = sdarth
- ConnectTo = sjump
- '';
- };
-
krebs.nginx = {
default404 = false;
servers.default.listen = [ "80 default_server" ];
@@ -65,10 +57,10 @@
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
- networking.firewall.allowedTCPPorts = [ 80 24800 ];
- networking.firewall.allowedUDPPorts = [ 665 ];
+ networking.firewall.allowedTCPPorts = [ 80 24800 26061 ];
+ networking.firewall.allowedUDPPorts = [ 665 26061 ];
- krebs.build.host = config.krebs.hosts.pornocauster;
+ krebs.build.host = config.krebs.hosts.x;
krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11";
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index f7d6991c5..a028e5073 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -87,5 +87,8 @@ in
URxvt.url-select.underline: true
URxvt.searchable-scrollback: CM-s
'';
- in "cat ${xdefaultsfile} | xrdb -merge";
+ in ''
+ cat ${xdefaultsfile} | xrdb -merge
+ ${pkgs.xorg.xhost}/bin/xhost +local:
+ '';
}
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
index f675c4ac8..4b5389c32 100644
--- a/makefu/2configs/bepasty-dual.nix
+++ b/makefu/2configs/bepasty-dual.nix
@@ -45,6 +45,7 @@ in {
#certificate = "${sec}/wildcard.krebsco.de.crt";
#certificate_key = "${sec}/wildcard.krebsco.de.key";
ciphers = "RC4:HIGH:!aNULL:!MD5" ;
+ force_encryption = true;
};
locations = singleton ( nameValuePair "/.well-known/acme-challenge" ''
root ${acmechall}/${ext-dom}/;
@@ -54,10 +55,7 @@ in {
ssl_session_timeout 10m;
ssl_verify_client off;
proxy_ssl_session_reuse off;
-
- if ($scheme = http){
- return 301 https://$server_name$request_uri;
- }'';
+ '';
};
defaultPermissions = "read";
secretKey = secKey;
diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix
index 786df6d40..fb74919c4 100644
--- a/makefu/2configs/fetchWallpaper.nix
+++ b/makefu/2configs/fetchWallpaper.nix
@@ -3,7 +3,7 @@
{
krebs.fetchWallpaper = {
enable = true;
- display = ":0";
+ display = ":0.0";
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
timerConfig = {
OnCalendar = "*:0/30";
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index c10ec1314..9047cfb66 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -12,6 +12,12 @@ with config.krebs.lib;
zramSwap.enable = true;
zramSwap.numDevices = 2;
+ # enable synaptics so we can easily disable the touchpad
+ # enable the touchpad with `synclient TouchpadOff=0`
+ services.xserver.synaptics = {
+ enable = true;
+ additionalOptions = ''Option "TouchpadOff" "1"'';
+ };
hardware.trackpoint = {
enable = true;
sensitivity = 220;
@@ -19,7 +25,6 @@ with config.krebs.lib;
emulateWheel = true;
};
-
services.tlp.enable = true;
services.tlp.extraConfig = ''
# BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix
index 3cc91b630..92cc1fc43 100644
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@@ -16,6 +16,44 @@ with config.krebs.lib;
users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ];
+ krebs.power-action = let
+ speak = "${pkgs.espeak}/bin/espeak";
+ whisper = text: ''${pkgs.espeak}/bin/espeak -v +whisper -s 110 "${text}"'';
+ note = "${pkgs.libnotify}/bin/notify-send";
+ in {
+ enable = true;
+ plans.low-battery = {
+ upperLimit = 25;
+ lowerLimit = 15;
+ charging = false;
+ action = whisper "power level low, please plug me in";
+ };
+ plans.nag-harder = {
+ upperLimit = 15;
+ lowerLimit = 5;
+ action = pkgs.writeDash "crit-speak" ''
+ ${whisper "Power level critical, do something"}
+ ${note} Battery -u critical -t 600000 "Power level critical, do something!"
+ '';
+ };
+ plans.last-chance = {
+ upperLimit = 5;
+ lowerLimit = 3;
+ charging = false;
+ action = pkgs.writeDash "suspend-wrapper" ''
+ ${note} Battery -u crit "You've had your chance, suspend in 5 seconds"
+ ${concatMapStringsSep "\n" (i: ''
+ ${note} -u critical -t 1000 ${toString i}
+ ${speak} ${toString i} &
+ sleep 1
+ '')
+ [ 5 4 3 2 1 ]}
+ /var/setuid-wrappers/sudo ${pkgs.systemd}/bin/systemctl suspend
+ '';
+ };
+ };
+ users.users.power-action.extraGroups = [ "audio" ];
+ security.sudo.extraConfig = "${config.krebs.power-action.user.name} ALL= (root) NOPASSWD: ${pkgs.systemd}/bin/systemctl suspend";
services.redshift = {
enable = true;
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index 10985c833..655dee7b2 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -3,8 +3,15 @@
with config.krebs.lib;
let
sec = toString <secrets>;
- ssl_cert = "${sec}/wildcard.krebsco.de.crt";
- ssl_key = "${sec}/wildcard.krebsco.de.key";
+ ext-dom = "wiki.euer.krebsco.de";
+ acmepath = "/var/lib/acme/";
+ acmechall = acmepath + "/challenges/";
+
+ #ssl_cert = "${sec}/wildcard.krebsco.de.crt";
+ #ssl_key = "${sec}/wildcard.krebsco.de.key";
+ ssl_cert = "${acmepath}/${ext-dom}/fullchain.pem";
+ ssl_key = "${acmepath}/${ext-dom}/key.pem";
+
user = config.services.nginx.user;
group = config.services.nginx.group;
fpm-socket = "/var/run/php5-fpm.sock";
@@ -80,22 +87,23 @@ in {
listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
"${internal-ip}:80" "${internal-ip}:443 ssl" ];
server-names = [
- "wiki.euer.krebsco.de"
+ ext-dom
"wiki.makefu.retiolum"
"wiki.makefu"
];
+ ssl = {
+ enable = true;
+ # these certs will be needed if acme has not yet created certificates:
+ certificate = ssl_cert;
+ certificate_key = ssl_key;
+ force_encryption = true;
+ };
extraConfig = ''
gzip on;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/css;
- ssl_certificate ${ssl_cert};
- ssl_certificate_key ${ssl_key};
default_type text/plain;
- if ($scheme = http){
- return 301 https://$server_name$request_uri;
- }
-
'';
locations = [
(nameValuePair "/" ''
@@ -111,8 +119,20 @@ in {
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
'')
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root ${acmechall}/${ext-dom}/;
+ '')
+
];
};
};
};
+ security.acme.certs."${ext-dom}" = {
+ email = "acme@syntax-fehler.de";
+ webroot = "${acmechall}/${ext-dom}/";
+ group = "nginx";
+ allowKeysForGroup = true;
+ postRun = "systemctl reload nginx.service";
+ extraDomains."${ext-dom}" = null ;
+ };
}
diff --git a/makefu/2configs/tinc/siem.nix b/makefu/2configs/tinc/siem.nix
new file mode 100644
index 000000000..8f17f1a0a
--- /dev/null
+++ b/makefu/2configs/tinc/siem.nix
@@ -0,0 +1,12 @@
+{lib, config, ... }:
+{
+ # TODO do not know why we need to force it, port is only set via default to 655
+ krebs.build.host.nets.siem.tinc.port = lib.mkForce 1655;
+ krebs.dns.providers.siem = "hosts";
+ networking.firewall.allowedUDPPorts = [ 1665 ];
+ networking.firewall.allowedTCPPorts = [ 1655 ];
+ krebs.tinc.siem = {
+ enable = true;
+ connectTo = [ "shoney" ];
+ };
+}
diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix
index 99c1315e1..a3286b7fd 100644
--- a/makefu/2configs/zsh-user.nix
+++ b/makefu/2configs/zsh-user.nix
@@ -22,7 +22,7 @@ in
bindkey "\e[3~" delete-char
zstyle ':completion:*' menu select
- gpg-connect-agent updatestartuptty /bye >/dev/null
+ ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null
GPG_TTY=$(tty)
export GPG_TTY
unset SSH_AGENT_PID
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index febebaa18..7fc095bab 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -2,11 +2,12 @@ _:
{
imports = [
- ./snapraid.nix
- ./umts.nix
- ./taskserver.nix
./awesome-extra.nix
./forward-journal.nix
+ ./ps3netsrv.nix
+ ./snapraid.nix
+ ./taskserver.nix
+ ./umts.nix
];
}
diff --git a/makefu/3modules/ps3netsrv.nix b/makefu/3modules/ps3netsrv.nix
new file mode 100644
index 000000000..22681637c
--- /dev/null
+++ b/makefu/3modules/ps3netsrv.nix
@@ -0,0 +1,58 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+ cfg = config.makefu.ps3netsrv;
+
+ out = {
+ options.makefu.ps3netsrv = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "ps3netsrv";
+
+ servedir = mkOption {
+ description = "path to serve, must be set";
+ type = types.str;
+ };
+
+ package = mkOption {
+ type = types.package;
+ default = pkgs.ps3netsrv;
+ };
+
+ user = mkOption {
+ description = ''user which will run ps3netsrv'';
+ type = types.str;
+ default = "ps3netsrv";
+ };
+ };
+
+ imp = {
+ systemd.services.ps3netsrv = {
+ description = "ps3netsrv server";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ restartIfChanged = true;
+ unitConfig = {
+ Documentation = "https://www.arm-blog.com/playing-ps3-games-from-your-nas/" ;
+ ConditionPathExists = cfg.servedir;
+ };
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = "${cfg.package}/bin/ps3netsrv++ ${shell.escape cfg.servedir}";
+ PrivateTmp = true;
+ User = "${cfg.user}";
+ };
+ };
+
+ # TODO only create if user is ps3netsrv
+ users.users.ps3netsrv = {
+ uid = genid "ps3netsrv";
+ };
+ users.groups.ps3netsrv.gid = genid "ps3netsrv";
+ };
+in
+out
+
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 718b23c9e..29e762f27 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -5,20 +5,21 @@ let
in
{
nixpkgs.config.packageOverrides = rec {
- alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
+ alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
awesomecfg = callPackage ./awesomecfg {};
bintray-upload = callPackage ./bintray-upload {};
+ inherit (callPackage ./devpi {}) devpi-web devpi-server;
+ farpd = callPackage ./farpd {};
git-xlsx-textconv = callPackage ./git-xlsx-textconv {};
mergerfs = callPackage ./mergerfs {};
mycube-flask = callPackage ./mycube-flask {};
nodemcu-uploader = callPackage ./nodemcu-uploader {};
+ ps3netsrv = callPackage ./ps3netsrv {};
tw-upload-plugin = callPackage ./tw-upload-plugin {};
- inherit (callPackage ./devpi {}) devpi-web devpi-server;
skytraq-logger = callPackage ./skytraq-logger {};
taskserver = callPackage ./taskserver {};
- ps3netsrv = callPackage ./ps3netsrv {};
- farpd = callPackage ./farpd {};
+ wol = callPackage ./wol {};
};
}
diff --git a/makefu/5pkgs/git-xlsx-textconv/default.nix b/makefu/5pkgs/git-xlsx-textconv/default.nix
index 1f631f020..66dde76ef 100644
--- a/makefu/5pkgs/git-xlsx-textconv/default.nix
+++ b/makefu/5pkgs/git-xlsx-textconv/default.nix
@@ -1,6 +1,6 @@
-{ stdenv, lib, goPackages, fetchFromGitHub }:
+{ stdenv, lib, buildGoPackage, fetchFromGitHub }:
let
- go-xlsx = goPackages.buildGoPackage rec {
+ go-xlsx = buildGoPackage rec {
name = "go-xlsx-${version}";
version = "46e6e472d";
@@ -13,7 +13,7 @@ let
};
};
in
-(goPackages.buildGoPackage rec {
+(buildGoPackage rec {
name = "git-xlsx-textconv-${version}";
version = "70685e7f8";
diff --git a/makefu/5pkgs/ps3netsrv/default.nix b/makefu/5pkgs/ps3netsrv/default.nix
index 904185934..f62ee0c9a 100644
--- a/makefu/5pkgs/ps3netsrv/default.nix
+++ b/makefu/5pkgs/ps3netsrv/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
url = "https://github.com/dirkvdb/ps3netsrv--";
fetchSubmodules = true;
rev = "e54a66cbf142b86e2cffc1701984b95adb921e81"; # latest @ 2016-05-24
- sha256 = "0l7bp18cs3xr2qgsmcf18diccski49mj9whngxm9isi8wd4r9inj";
+ sha256 = "09hvmfzqy2jckpsml0z1gkcnar8sigmgs1q66k718fph2d3g54sa";
};
nativeBuildInputs = [ gnugrep ];
diff --git a/makefu/5pkgs/wol/default.nix b/makefu/5pkgs/wol/default.nix
new file mode 100644
index 000000000..a6d54b8a2
--- /dev/null
+++ b/makefu/5pkgs/wol/default.nix
@@ -0,0 +1,22 @@
+{ stdenv, fetchurl }:
+
+stdenv.mkDerivation rec {
+ proj = "wake-on-lan";
+ name = "wol-${version}";
+ version = "0.7.1";
+
+ enableParallelBuilding = true;
+
+ src = fetchurl {
+ url = "mirror://sourceforge/${proj}/${name}.tar.gz";
+ sha256 = "08i6l5lr14mh4n3qbmx6kyx7vjqvzdnh3j9yfvgjppqik2dnq270";
+ };
+
+ meta = {
+ description = "simple wake-on-lan client";
+ homepage = https://sourceforge.net/projects/wake-on-lan/;
+ license = stdenv.lib.licenses.gpl2;
+ platforms = stdenv.lib.platforms.linux;
+ maintainers = with stdenv.lib.maintainers; [ makefu ];
+ };
+}