From fb121299ab56d9a36abafdab12b42b207d7bcb60 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Oct 2019 08:45:39 +0200 Subject: ma x.r: cleanup --- makefu/1systems/x/config.nix | 31 +++++-------------------------- makefu/2configs/hw/upower.nix | 6 ++++++ 2 files changed, 11 insertions(+), 26 deletions(-) create mode 100644 makefu/2configs/hw/upower.nix diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index ad9a3324b..ea18c68ac 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -58,7 +58,7 @@ # Krebs - # + # @@ -93,23 +93,18 @@ # Hardware - + # + bluetooth # - # + # # # # - # - - { - services.upower.enable = true; - users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ]; - } + # Filesystem @@ -147,9 +142,6 @@ ]; }; } - # { - # services.zerotierone.enable = true; - # } ]; @@ -167,12 +159,8 @@ krebs.build.host = config.krebs.hosts.x; - krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" "nextgum" ]; + krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ]; - networking.extraHosts = '' - 192.168.1.11 omo.local - 80.92.65.53 www.wifionice.de wifionice.de - ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; # avoid full boot dir @@ -199,13 +187,4 @@ services.syncthing.user = lib.mkForce "makefu"; services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/"; - # latest kernel (5.0) has issues with wifi card - boot.kernelPackages = pkgs.linuxPackages; - # Bugfix for wifi card - powerManagement.resumeCommands = '' - sleep 2 - echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove - sleep 3 - echo 1 > /sys/bus/pci/rescan - ''; } diff --git a/makefu/2configs/hw/upower.nix b/makefu/2configs/hw/upower.nix new file mode 100644 index 000000000..a3932fed3 --- /dev/null +++ b/makefu/2configs/hw/upower.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + services.upower.enable = true; + users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ]; +} + -- cgit v1.2.3 From d82b3b9b66d8493426bfff9936d34ff5d76734dd Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Oct 2019 08:47:31 +0200 Subject: ma: fix warnings and errors for 19.09 --- makefu/2configs/hw/tp-x230.nix | 1 - makefu/2configs/hw/tp-x2x0.nix | 1 + makefu/2configs/tools/pcmanfm-extra.nix | 2 +- makefu/3modules/opentracker.nix | 2 +- makefu/5pkgs/default.nix | 16 ++++++++-------- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix index a6ded0a3e..37d1affb7 100644 --- a/makefu/2configs/hw/tp-x230.nix +++ b/makefu/2configs/hw/tp-x230.nix @@ -7,7 +7,6 @@ with import ; # configured media keys inside awesomerc # sound.mediaKeys.enable = true; - hardware.bluetooth.enable = true; # possible i915 powersave options: # options i915 enable_rc6=1 enable_fbc=1 semaphores=1 diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 5570bec55..564925db5 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -4,6 +4,7 @@ imports = [ ./tpm.nix ./ssd.nix + ./bluetooth.nix ]; boot.kernelModules = [ diff --git a/makefu/2configs/tools/pcmanfm-extra.nix b/makefu/2configs/tools/pcmanfm-extra.nix index 2d5d20f80..f28f9a91a 100644 --- a/makefu/2configs/tools/pcmanfm-extra.nix +++ b/makefu/2configs/tools/pcmanfm-extra.nix @@ -7,5 +7,5 @@ lxmenu-data ]; environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; - services.gnome3.gvfs.enable = true; + services.gvfs.enable = true; } diff --git a/makefu/3modules/opentracker.nix b/makefu/3modules/opentracker.nix index 202231fa1..6c65b82b6 100644 --- a/makefu/3modules/opentracker.nix +++ b/makefu/3modules/opentracker.nix @@ -18,7 +18,7 @@ let }; args = mkOption { - type = types.string; + type = types.separatedString; description = '' see https://erdgeist.org/arts/software/opentracker/ for all params ''; diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 0f87265a9..bbd99ffe7 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -25,15 +25,15 @@ in { patches = [ ./custom/quodlibet/single-digit-discnumber.patch ./custom/quodlibet/remove-override-warning.patch ]; }); - rclone = super.pkgs.stdenv.lib.overrideDerivation super.rclone (old: { - postInstall = old.postInstall + '' + #rclone = super.pkgs.stdenv.lib.overrideDerivation super.rclone (old: { + # postInstall = old.postInstall + '' - $out/bin/rclone genautocomplete zsh _rclone - install -D -m644 _rclone $out/share/zsh/vendor-completions/_rclone - $out/bin/rclone genautocomplete bash _rclone - install -D -m644 _rclone $out/etc/bash_completion.d/rclone - ''; - }); + # $out/bin/rclone genautocomplete zsh _rclone + # install -D -m644 _rclone $out/share/zsh/vendor-completions/_rclone + # $out/bin/rclone genautocomplete bash _rclone + # install -D -m644 _rclone $out/etc/bash_completion.d/rclone + # ''; + #}); alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; -- cgit v1.2.3 From 9598c993010d8dff0b428d59bb0957361f976f63 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Oct 2019 09:05:37 +0200 Subject: shack/muell_mail: mkYarnPackage comes from yarn2nix now --- krebs/2configs/shack/muell_mail.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index a41dbc977..2c105b912 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -1,12 +1,12 @@ { config, lib, pkgs, ... }: let - pkg = pkgs.callPackage ( + pkg = ( pkgs.fetchgit { url = "https://git.shackspace.de/rz/muell_mail"; rev = "861ec25ab22797d8961efb32e72d79e113aa9f0f"; sha256 = "sha256:18cw95zbr7isv4cw80cbpd84n5z208fwh5390i6j10jkn398mjq2"; - }) {}; + }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; home = "/var/lib/muell_mail"; cfg = toString ; in { -- cgit v1.2.3 From dc60431d5927946fbd76a605744c60f2fecee89f Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Oct 2019 11:59:17 +0200 Subject: ma owncloud: re-enable secrets, add dummy secret --- makefu/0tests/data/secrets/mysql_rootPassword | 0 makefu/2configs/deployment/owncloud.nix | 46 ++++++++++++++------------- 2 files changed, 24 insertions(+), 22 deletions(-) create mode 100644 makefu/0tests/data/secrets/mysql_rootPassword diff --git a/makefu/0tests/data/secrets/mysql_rootPassword b/makefu/0tests/data/secrets/mysql_rootPassword new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 6f073fd4c..6f041e1e0 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -171,27 +171,29 @@ in { networking.firewall.allowedTCPPorts = [ 80 443 ]; services.redis.enable = true; - services.mysql = { - enable = false; - package = pkgs.mariadb; - rootPassword = config.krebs.secret.files.mysql_rootPassword.path; - initialDatabases = [ - # Or use writeText instead of literalExample? - #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; } - { - name = "nextcloud"; - schema = pkgs.writeText "nextcloud.sql" - '' - create user if not exists 'nextcloud'@'localhost' identified by 'password'; - grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password'; - ''; - } - ]; - }; + + #services.mysql = { + # enable = false; + # package = pkgs.mariadb; + # rootPassword = config.krebs.secret.files.mysql_rootPassword.path; + # initialDatabases = [ + # # Or use writeText instead of literalExample? + # #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; } + # { + # name = "nextcloud"; + # schema = pkgs.writeText "nextcloud.sql" + # '' + # create user if not exists 'nextcloud'@'localhost' identified by 'password'; + # grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password'; + # ''; + # } + # ]; + #}; + # dataDir is only defined after mysql is enabled - # krebs.secret.files.mysql_rootPassword = { - # path = "${config.services.mysql.dataDir}/mysql_rootPassword"; - # owner.name = "root"; - # source-path = toString + "/mysql_rootPassword"; - # }; + #krebs.secret.files.mysql_rootPassword = { + # path = "${config.services.mysql.dataDir}/mysql_rootPassword"; + # owner.name = "root"; + # source-path = toString + "/mysql_rootPassword"; + #}; } -- cgit v1.2.3 From 0c7b43e7606d4431c59b99db4e7d690995ee8e6c Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Oct 2019 13:59:11 +0200 Subject: rtorrent module: switch from poolConfigs to pools for phpfpm --- krebs/3modules/rtorrent.nix | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index 09e552010..d59569317 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -333,18 +333,18 @@ let rutorrent-imp = { services.phpfpm = { # phpfpm does not have an enable option - poolConfigs = { - rutorrent = '' - user = ${nginx-user} - group = ${nginx-group} - listen = ${fpm-socket} - listen.owner = ${nginx-user} - listen.group = ${nginx-group} - pm = dynamic - pm.max_children = 5 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 + pools.rutorrent = { + user = nginx-user; + group = nginx-group; + listen = fpm-socket; + settings = { + "pm" = "dynamic"; + "pm.max_children" = 5; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 1; + "pm.max_spare_servers" = 3; + }; + extraConfig = '' chdir = / php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on -- cgit v1.2.3 From 93a3e61f0c907e4f7d5c1d11cdba995c77c2e7ce Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Oct 2019 14:02:38 +0200 Subject: ma krops: update home-manager --- makefu/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/krops.nix b/makefu/krops.nix index 36c882d7e..6913a5c63 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -71,7 +71,7 @@ (lib.mkIf ( host-src.home-manager ) { home-manager.git = { url = https://github.com/rycee/home-manager; - ref = "ff602cb906e3dd5d5f89c7c1d0fae65bc67119a0"; + ref = "f856c78a4a220f44b64ce5045f228cbb9d4d9f31"; }; }) ]; -- cgit v1.2.3 From 7535bc7457cb4cec27420d13570994d3badd2b3d Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Oct 2019 14:08:00 +0200 Subject: shack/prometheus: use alertmanagers instead of alertmanagerURL --- krebs/2configs/shack/prometheus/server.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix index 12f757e89..7f6f38610 100644 --- a/krebs/2configs/shack/prometheus/server.nix +++ b/krebs/2configs/shack/prometheus/server.nix @@ -28,7 +28,6 @@ "-storage.local.index-cache-size.label-name-to-label-values 2097152" "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040" ]; - alertmanagerURL = [ "http://localhost:9093" ]; rules = [ '' ALERT node_down @@ -161,6 +160,12 @@ ]; } ]; + alertmanagers = [ + { scheme = "http"; + path_prefix = "/"; + static_configs = [ { targets = [ "localhost:9093" ]; } ]; + } + ]; alertmanager = { enable = true; listenAddress = "0.0.0.0"; -- cgit v1.2.3 From 44477523519b40d92c743c30792e1ca8c7bcc83b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Oct 2019 14:26:50 +0200 Subject: ma nginx/euer.wiki: poolConfigs -> pools --- makefu/2configs/deployment/owncloud.nix | 36 +++++++++++++++++---------------- makefu/2configs/nginx/euer.wiki.nix | 26 +++++++++++------------- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 6f041e1e0..38eed2fd9 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -118,23 +118,25 @@ let access_log off; ''; }; - services.phpfpm.poolConfigs."${domain}" = '' - listen = ${socket} - user = nginx - group = nginx - pm = dynamic - pm.max_children = 32 - pm.max_requests = 500 - pm.start_servers = 2 - pm.min_spare_servers = 2 - pm.max_spare_servers = 5 - listen.owner = nginx - listen.group = nginx - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - env[PATH] = ${lib.makeBinPath [ pkgs.php ]} - catch_workers_output = yes - ''; + services.phpfpm.pools."${domain}" = { + user = "nginx"; + group = "nginx"; + listen = socket; + settings = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.max_requests" = 500; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 5; + }; + extraConfig = '' + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + env[PATH] = ${lib.makeBinPath [ pkgs.php ]} + catch_workers_output = yes + ''; + }; services.phpfpm.phpOptions = '' opcache.enable=1 opcache.enable_cli=1 diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 732c27784..56f44f9ad 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -23,20 +23,18 @@ let in { state = [ base-dir ]; services.phpfpm = { - # phpfpm does not have an enable option - poolConfigs = { - euer-wiki = '' - user = ${user} - group = ${group} - listen = ${fpm-socket} - listen.owner = ${user} - listen.group = ${group} - env[twconf] = ${base-cfg}; - pm = dynamic - pm.max_children = 5 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 + pools.euer-wiki = { + inherit user group; + listen = fpm-socket; + config = { + "pm" = "dynamic"; + "pm.max_children" = 5; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 1; + "pm.max_spare_servers" = 3; + }; + phpEnv.twconf = base-cfg; + extraConfig = '' chdir = / php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on -- cgit v1.2.3 From f786002cb3db57102d2382a450fa3715dac4742f Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Oct 2019 14:35:56 +0200 Subject: shack/muell_mail: use callPackage --- krebs/2configs/shack/muell_mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 2c105b912..5ae80d780 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - pkg = ( + pkg = pkgs.callPackage ( pkgs.fetchgit { url = "https://git.shackspace.de/rz/muell_mail"; rev = "861ec25ab22797d8961efb32e72d79e113aa9f0f"; -- cgit v1.2.3 From 0116beb65839f61763d4e3e6bf9ba381de02435b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Oct 2019 21:42:57 +0200 Subject: ma nginx/euer.wiki: use settings instead of extraConfig all the way down --- makefu/2configs/nginx/euer.wiki.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 56f44f9ad..a6766eeec 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -26,20 +26,19 @@ in { pools.euer-wiki = { inherit user group; listen = fpm-socket; - config = { + settings = { "pm" = "dynamic"; "pm.max_children" = 5; "pm.start_servers" = 2; "pm.min_spare_servers" = 1; "pm.max_spare_servers" = 3; + "chdir" = "/"; + "php_admin_value[error_log]" = "stderr"; + "php_admin_flag[log_errors]" = "on"; + "catch_workers_output" = "yes"; + }; phpEnv.twconf = base-cfg; - extraConfig = '' - chdir = / - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - ''; }; }; -- cgit v1.2.3 From 3aa59e62745bf4d8f750f1e131548dbd53de010b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Oct 2019 22:41:08 +0200 Subject: ma nginx: make linter happy --- makefu/2configs/deployment/owncloud.nix | 4 ++++ makefu/2configs/nginx/euer.mon.nix | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 38eed2fd9..59dfa3203 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -110,6 +110,10 @@ let add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; + add_header X-Frame-Options SAMEORIGIN; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + # Optional: Don't log access to assets access_log off; ''; diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix index 765fef535..c9db15b73 100644 --- a/makefu/2configs/nginx/euer.mon.nix +++ b/makefu/2configs/nginx/euer.mon.nix @@ -32,7 +32,7 @@ in { auth_basic "Needs Autherization to visit"; auth_basic_user_file ${authFile}; proxy_http_version 1.1; - proxy_set_header Host $http_host; + proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; ''; -- cgit v1.2.3 From 349ccf95e76dec7d3eb87b96cc8bb8bcb3317dc0 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Oct 2019 08:35:24 +0200 Subject: ma pkgs.uhub: bump upstream to master --- makefu/5pkgs/uhub/default.nix | 48 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 makefu/5pkgs/uhub/default.nix diff --git a/makefu/5pkgs/uhub/default.nix b/makefu/5pkgs/uhub/default.nix new file mode 100644 index 000000000..66dfebc3b --- /dev/null +++ b/makefu/5pkgs/uhub/default.nix @@ -0,0 +1,48 @@ +{ stdenv, fetchpatch, fetchFromGitHub, cmake, openssl, sqlite, pkgconfig, systemd +, tlsSupport ? false }: + +assert tlsSupport -> openssl != null; + +stdenv.mkDerivation rec { + pname = "uhub"; + version = "2019-06-18"; + + src = fetchFromGitHub { + owner = "janvidar"; + repo = "uhub"; + rev = "78a703924064a92cedeb0a5aab5a80d8f77db73e"; + sha256 = "1dqmj08salhbcdlkglbi03hn9jzgmhjqlb0iysafpzrrwi0mca1z"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ cmake sqlite systemd ] ++ stdenv.lib.optional tlsSupport openssl; + + outputs = [ "out" + "mod_example" + "mod_welcome" + "mod_logging" + "mod_auth_simple" + "mod_auth_sqlite" + "mod_chat_history" + "mod_chat_only" + "mod_topic" + "mod_no_guest_downloads" + ]; + + patches = [ + + ]; + + cmakeFlags = '' + -DSYSTEMD_SUPPORT=ON + ${if tlsSupport then "-DSSL_SUPPORT=ON" else "-DSSL_SUPPORT=OFF"} + ''; + + meta = with stdenv.lib; { + description = "High performance peer-to-peer hub for the ADC network"; + homepage = https://www.uhub.org/; + license = licenses.gpl3; + maintainers = [ maintainers.ehmry ]; + platforms = platforms.unix; + }; +} -- cgit v1.2.3