From 79f36f6408052d8b83091036e342094de3ce1a32 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 3 Apr 2017 08:26:13 +0200 Subject: m 2 urlwatch: remove old vicious url --- makefu/2configs/urlwatch.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index 5b82d8107..d1dcec657 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -9,7 +9,6 @@ ## nixpkgs maintenance https://api.github.com/repos/ovh/python-ovh/tags https://api.github.com/repos/embray/d2to1/tags - http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release https://api.github.com/repos/Mic92/vicious/tags https://pypi.python.org/simple/bepasty/ https://pypi.python.org/simple/xstatic/ -- cgit v1.2.3 From 16b8fef4f59583d8fa8ef0e7806ef1b3175bce40 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Apr 2017 21:35:49 +0200 Subject: m 2 deployment: add graphs --- makefu/2configs/deployment/graphs.nix | 37 +++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 makefu/2configs/deployment/graphs.nix diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix new file mode 100644 index 000000000..35a724f6a --- /dev/null +++ b/makefu/2configs/deployment/graphs.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + hn = config.krebs.build.host.name; +in { + krebs.bepasty.servers."paste.r".nginx.extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; + krebs.tinc_graphs = { + enable = true; + nginx = { + enable = true; + # TODO: remove hard-coded hostname + complete = { + extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; + serverAliases = [ + "graphs.r" "graphs.retiolum" + "graphs.${hn}" "graphs.${hn}.retiolum" + ]; + }; + anonymous = { + enableSSL = true; + forceSSL = true; + enableACME = true; + }; + }; + }; +} -- cgit v1.2.3 From 63a35e7bd7a5f402d9c6805b9e6d13806b82b118 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Apr 2017 21:36:10 +0200 Subject: m 2 deployment: uwsgi add --- makefu/2configs/deployment/uwsgi.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 makefu/2configs/deployment/uwsgi.nix diff --git a/makefu/2configs/deployment/uwsgi.nix b/makefu/2configs/deployment/uwsgi.nix new file mode 100644 index 000000000..4ad9961f6 --- /dev/null +++ b/makefu/2configs/deployment/uwsgi.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: +# more than just nginx config but not enough to become a module +with import ; +let + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock"; + elch-sock = "${config.services.uwsgi.runDir}/uwsgi-elch.sock"; +in { + + services.uwsgi = { + enable = true; + user = "nginx"; + plugins = [ "python2" ]; + instance.type = "emperor"; + }; +} -- cgit v1.2.3 From e0a423e1f0a228dbcaa70dd5037404608af8daeb Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Apr 2017 21:36:27 +0200 Subject: m 2 deployment/uwsgi: purge --- makefu/2configs/deployment/uwsgi.nix | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 makefu/2configs/deployment/uwsgi.nix diff --git a/makefu/2configs/deployment/uwsgi.nix b/makefu/2configs/deployment/uwsgi.nix deleted file mode 100644 index 4ad9961f6..000000000 --- a/makefu/2configs/deployment/uwsgi.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: -# more than just nginx config but not enough to become a module -with import ; -let - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock"; - elch-sock = "${config.services.uwsgi.runDir}/uwsgi-elch.sock"; -in { - - services.uwsgi = { - enable = true; - user = "nginx"; - plugins = [ "python2" ]; - instance.type = "emperor"; - }; -} -- cgit v1.2.3 From 4c7f5909d82c368d9dc316d0987eadb4a1ff03e1 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Apr 2017 21:36:41 +0200 Subject: m 5 awesomecfg: add todo --- makefu/5pkgs/awesomecfg/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix index c2276887e..b94b6fa54 100644 --- a/makefu/5pkgs/awesomecfg/default.nix +++ b/makefu/5pkgs/awesomecfg/default.nix @@ -1,6 +1,7 @@ _: { + # TODO: requires in path: amixer, xlock, xbacklight full = ./full.cfg; kiosk = ./kiosk.lua; } -- cgit v1.2.3 From 8a40e9346e9fbfd20cf53d733f0c2790b1a7f7b1 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Apr 2017 21:37:37 +0200 Subject: m 2 bepasty-dual: use secretKeyFile --- makefu/2configs/bepasty-dual.nix | 6 +++--- makefu/2configs/default.nix | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index 936aaf004..ecf5f8a38 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -14,7 +14,7 @@ with import ; let sec = toString ; # secKey is nothing worth protecting on a local machine - secKey = import ; + secKey = "${secrets}/bepasty-secret"; acmepath = "/var/lib/acme/"; acmechall = acmepath + "/challenges/"; ext-dom = "paste.krebsco.de" ; @@ -31,7 +31,7 @@ in { serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; }; defaultPermissions = "admin,list,create,read,delete"; - secretKey = secKey; + secretKeyFile = secKey; }; "${ext-dom}" = { @@ -41,7 +41,7 @@ in { enableACME = true; }; defaultPermissions = "read"; - secretKey = secKey; + secretKeyFile = secKey; }; }; }; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 2f340a678..7b2e6b617 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import ; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "3ff00fa"; # unstable @ 2017-03-31 + cups-dymo + ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1 in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { -- cgit v1.2.3 From 9224e9c4c8432ce8d7788592b9d25cfc29440ee6 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Apr 2017 21:38:27 +0200 Subject: m: gum takes over euer,wiki,graphs from wry --- krebs/3modules/makefu/default.nix | 23 ++++++++++++----------- makefu/1systems/gum.nix | 3 +++ makefu/1systems/wry.nix | 27 --------------------------- 3 files changed, 15 insertions(+), 38 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 7a6a88e85..8e5927f9d 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -285,12 +285,9 @@ with import ; cores = 1; extraZones = { "krebsco.de" = '' - euer IN A ${nets.internet.ip4.addr} - wiki.euer IN A ${nets.internet.ip4.addr} - wry IN A ${nets.internet.ip4.addr} - io IN NS wry.krebsco.de. - graphs IN A ${nets.internet.ip4.addr} - tinc IN A ${nets.internet.ip4.addr} + wry IN A ${nets.internet.ip4.addr} + io IN NS wry.krebsco.de. + tinc IN A ${nets.internet.ip4.addr} ''; }; nets = rec { @@ -307,13 +304,8 @@ with import ; ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "graphs.wry.retiolum" - "graphs.r" "graphs.retiolum" "paste.wry.retiolum" "wry.r" "wry.retiolum" - "wiki.makefu.retiolum" - "wiki.wry.retiolum" - "blog.makefu.retiolum" - "blog.wry.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -452,6 +444,9 @@ with import ; cgit.euer IN A ${nets.internet.ip4.addr} o.euer IN A ${nets.internet.ip4.addr} dl.euer IN A ${nets.internet.ip4.addr} + euer IN A ${nets.internet.ip4.addr} + wiki.euer IN A ${nets.internet.ip4.addr} + graphs IN A ${nets.internet.ip4.addr} ''; }; nets = rec { @@ -473,6 +468,12 @@ with import ; "o.gum.retiolum" "tracker.makefu.r" "tracker.makefu.retiolum" + + "graphs.r" "graphs.retiolum" + "wiki.makefu.retiolum" + "wiki.wry.retiolum" + "blog.makefu.retiolum" + "blog.wry.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 910493026..c39997ebf 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -29,9 +29,12 @@ in { ../2configs/deployment/owncloud.nix ../2configs/nginx/share-download.nix ../2configs/nginx/euer.test.nix + ../2configs/nginx/euer.wiki.nix + ../2configs/nginx/euer.blog.nix ../2configs/nginx/public_html.nix ../2configs/nginx/update.connector.one.nix ../2configs/deployment/mycube.connector.one.nix + ../2configs/deployment/graphs.nix # ../2configs/opentracker.nix ../2configs/logging/central-stats-client.nix diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index c403d2352..a5c4d3cca 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -19,8 +19,6 @@ in { ../2configs/backup.nix # other nginx - ../2configs/nginx/euer.wiki.nix - ../2configs/nginx/euer.blog.nix # ../2configs/nginx/euer.test.nix # collectd @@ -36,31 +34,6 @@ in { # prepare graphs services.nginx.enable = true; krebs.retiolum-bootstrap.enable = true; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${external-ip}" ) { - return 403; - } - ''; - krebs.tinc_graphs = { - enable = true; - nginx = { - enable = true; - # TODO: remove hard-coded hostname - complete = { - extraConfig = '' - if ( $server_addr = "${external-ip}" ) { - return 403; - } - ''; - serverAliases = [ "graphs.r" "graphs.retiolum" "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ]; - }; - anonymous = { - enableSSL = true; - forceSSL = true; - enableACME = true; - }; - }; - }; networking = { firewall = { -- cgit v1.2.3