From cef765bc1068b71e863f47144ee3795d43d7210f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 17 May 2017 11:50:17 +0200 Subject: m 3 taskserver: rip --- makefu/3modules/default.nix | 1 - makefu/3modules/taskserver.nix | 60 ------------------------------------------ 2 files changed, 61 deletions(-) delete mode 100644 makefu/3modules/taskserver.nix diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 546fed10..2981e0fa 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -11,7 +11,6 @@ _: ./logging-config.nix ./server-config.nix ./snapraid.nix - ./taskserver.nix ./torrent.nix ./udpt.nix ./umts.nix diff --git a/makefu/3modules/taskserver.nix b/makefu/3modules/taskserver.nix deleted file mode 100644 index 40a18fe0..00000000 --- a/makefu/3modules/taskserver.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - cfg = config.makefu.taskserver; - - out = { - options.makefu.taskserver = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "taskserver"; - - workingDir = mkOption { - type = types.str; - default = "/var/lib/taskserver"; - }; - - package = mkOption { - type = types.package; - default = pkgs.taskserver; - }; - - - }; - - imp = { - environment.systemPackages = [ cfg.package ]; - systemd.services.taskserver = { - description = "taskd server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - restartIfChanged = true; - unitConfig = { - Documentation = "http://taskwarrior.org/docs/#taskd" ; - # https://taskwarrior.org/docs/taskserver/configure.html - ConditionPathExists = "${cfg.workingDir}/config"; - }; - serviceConfig = { - Type = "simple"; - ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}"; - WorkingDirectory = cfg.workingDir; - # PrivateTmp = true; - # InaccessibleDirectories = "/home /boot /opt /mnt /media"; - User = "taskd"; - }; - }; - - users.users.taskd = { - uid = genid "taskd"; - home = cfg.workingDir; - createHome = true; - }; - users.groups.taskd.gid = genid "taskd"; - }; - -in -out - -- cgit v1.2.3 From a16ec260c6005536ba8d73e38be2aa55b314c80f Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 19 May 2017 11:53:44 +0200 Subject: m 2 zsh: enable autocompletion for nix commands --- makefu/2configs/zsh-user.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 0f904fe3..453bfbe8 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -44,4 +44,8 @@ in fi ''; }; + + krebs.per-user.${mainUser}.packages = [ + pkgs.nix-zsh-completions + ]; } -- cgit v1.2.3 From 7383125f6b0f0d7965ea389234a4a4d9da8151f3 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 19 May 2017 11:54:37 +0200 Subject: m 2 time-machine: init --- makefu/2configs/time-machine.nix | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 makefu/2configs/time-machine.nix diff --git a/makefu/2configs/time-machine.nix b/makefu/2configs/time-machine.nix new file mode 100644 index 00000000..90d44e54 --- /dev/null +++ b/makefu/2configs/time-machine.nix @@ -0,0 +1,31 @@ +let + time-machine-path = "/media/crypt2/backup/time-machine/misa"; +in { + networking.firewall.allowedTCPPorts = [ + 548 # netatalk + ]; + + services = { + netatalk = { + enable = true; + + volumes = { + "misa-time-machine" = { + "time machine" = "yes"; + path = time-machine-path; + "valid users" = "misa"; + }; + }; + }; + + avahi = { + enable = true; + nssmdns = true; + + publish = { + enable = true; + userServices = true; + }; + }; + }; +} -- cgit v1.2.3 From d9d7f7fd32295a3208ace7c2c1cdfaf61ab70f04 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 24 May 2017 10:48:14 +0200 Subject: m 2 aralast: init --- makefu/2configs/logging/external/aralast.nix | 38 ++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 makefu/2configs/logging/external/aralast.nix diff --git a/makefu/2configs/logging/external/aralast.nix b/makefu/2configs/logging/external/aralast.nix new file mode 100644 index 00000000..c335db45 --- /dev/null +++ b/makefu/2configs/logging/external/aralast.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + pkg = pkgs.stdenv.mkDerivation { + name = "aralast-master"; + src = pkgs.fetchFromGitHub { + owner = "makefu"; + repo = "aralast"; + rev = "7121598"; + sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m"; + }; + installPhase = '' + install -m755 -D aralast.sh $out/bin/aralast + ''; + }; +in { + systemd.services.aralast = { + description = "periodically fetch aramark"; + path = [ + pkgs.curl + pkgs.gnugrep + pkgs.gnused + ]; + wantedBy = [ "multi-user.target" ]; + environment = { + INFLUX_HOST = "localhost"; + INFLUX_PORT = "8086"; + }; + # every 10 seconds when the cantina is open + startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0/10"; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkg}/bin/aralast"; + PrivateTmp = true; + }; + }; +} -- cgit v1.2.3 From c29ba49d3dba4386ee90e784912d38b37e63efa6 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 24 May 2017 10:49:34 +0200 Subject: m 2 central-stats-server: redirect http://stats.makefu.r to grafana --- makefu/2configs/logging/central-stats-server.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/logging/central-stats-server.nix b/makefu/2configs/logging/central-stats-server.nix index 4f7961f3..602fcc6d 100644 --- a/makefu/2configs/logging/central-stats-server.nix +++ b/makefu/2configs/logging/central-stats-server.nix @@ -12,7 +12,9 @@ in { services.grafana.addr = "0.0.0.0"; services.influxdb.enable = true; - + # redirect grafana to stats.makefu.r + services.nginx.enable = true; + services.nginx.virtualHosts."stats.makefu.r".locations."/".proxyPass = "http://localhost:3000"; # forward these via nginx services.influxdb.extraConfig = { meta.hostname = config.krebs.build.host.name; -- cgit v1.2.3 From ce43883b50db14453c21da35c8a6bd50422cfe06 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 24 May 2017 10:51:12 +0200 Subject: m 2 jack-on-pulse: start as systemd user service --- makefu/2configs/audio/jack-on-pulse.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/makefu/2configs/audio/jack-on-pulse.nix b/makefu/2configs/audio/jack-on-pulse.nix index 09d03ea9..49b61d5a 100644 --- a/makefu/2configs/audio/jack-on-pulse.nix +++ b/makefu/2configs/audio/jack-on-pulse.nix @@ -2,6 +2,7 @@ let pulse = pkgs.pulseaudioFull; user = config.makefu.gui.user; + wait_time = 30; in { sound.enable = true; @@ -13,16 +14,17 @@ in environment.systemPackages = with pkgs; [ jack2Full ]; # from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html - systemd.services = { + systemd.user.services = { jackdbus = { description = "Runs jack, and points pulseaudio at it"; serviceConfig = { - User = user; Type = "oneshot"; ExecStart = pkgs.writeScript "start_jack.sh" '' #! ${pkgs.bash}/bin/bash . ${config.system.build.setEnvironment} - sleep 5 # wait for the gui to load + + # TODO: correctly wait for pulseaudio, cannot use pulseaudio.service + sleep ${toString wait_time} # wait for the gui to load ${pkgs.jack2Full}/bin/jack_control start sleep 3 # give some time for sources/sinks to be created @@ -37,9 +39,11 @@ in ${pkgs.jack2Full}/bin/jack_control stop ''; RemainAfterExit = true; + Restart = "always"; + RestartSec = "5"; }; - after = [ "display-manager.service" "sound.target" ]; - wantedBy = [ "multi-user.target" ]; + # after = [ "display-manager.service" "sound.target" ]; + wantedBy = [ "default.target" ]; }; }; } -- cgit v1.2.3 From 01d31cb57ddcb38d64f1eeedc25ca70ad5913e4c Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 24 May 2017 10:51:36 +0200 Subject: m 2 led-fader: wait for mosquitto if defined locally --- makefu/2configs/deployment/led-fader.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index a1841649..e4d62ae7 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -29,7 +29,8 @@ in { environment = { NIX_PATH = "/var/src"; }; - wantedBy = [ "multi-user.target" ]; + after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; + wantedBy = [ "multi-user.target" ]; serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; -- cgit v1.2.3 From b69647ac17b782fee1dfc3788bd2900a9a33b732 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 24 May 2017 10:51:58 +0200 Subject: s wolf: enable influx for rash --- shared/1systems/wolf.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 75307be1..ebe393c9 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -19,6 +19,8 @@ in # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) + services.influxdb.enable = true; + # local discovery in shackspace nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; krebs.tinc.retiolum.extraConfig = "TCPOnly = yes"; @@ -46,6 +48,7 @@ in networking = { firewall.enable = false; + firewall.allowedTCPPorts = [ 8088 8086 8083 ]; interfaces.enp0s3.ip4 = [{ address = shack-ip; prefixLength = 20; -- cgit v1.2.3 From 00f5855223ecda48979314eeb550b5885e418a00 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 24 May 2017 10:52:37 +0200 Subject: m 2 games: include games-user-env --- makefu/2configs/tools/games.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 34c68645..47f06287 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -3,5 +3,6 @@ { krebs.per-user.makefu.packages = with pkgs; [ steam + games-user-env ]; } -- cgit v1.2.3 From 54ca947fe1f918d1b62d479df308637d60a3143b Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 24 May 2017 10:53:08 +0200 Subject: m 2 wiki-irc-bot: move to subdir, add patch --- .../2configs/deployment/wiki-irc-bot/default.nix | 67 ++++++++++++++++++++++ .../deployment/wiki-irc-bot/irc-out-notice.patch | 26 +++++++++ makefu/2configs/deployment/wiki-irc.nix | 62 -------------------- 3 files changed, 93 insertions(+), 62 deletions(-) create mode 100644 makefu/2configs/deployment/wiki-irc-bot/default.nix create mode 100644 makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch delete mode 100644 makefu/2configs/deployment/wiki-irc.nix diff --git a/makefu/2configs/deployment/wiki-irc-bot/default.nix b/makefu/2configs/deployment/wiki-irc-bot/default.nix new file mode 100644 index 00000000..7ab31e69 --- /dev/null +++ b/makefu/2configs/deployment/wiki-irc-bot/default.nix @@ -0,0 +1,67 @@ +{ pkgs, lib, ... }: + +with lib; +let + port = 18872; +in { + nixpkgs.config.packageOverrides = pkgs: with pkgs; { + logstash = pkgs.stdenv.lib.overrideDerivation pkgs.logstash (old: { + patches = [ ./irc-out-notice.patch ]; }); + }; + services.logstash = { + enable = true; + inputConfig = '' + http { + port => ${toString port} + host => "127.0.0.1" + } + ''; + filterConfig = '' + if ([pages]) { + ruby { + code => ' + require "net/http" + require "net/https" + http = Net::HTTP.new("git.io", 443) + http.use_ssl = true + lines = [] + event["pages"].each {|p| + url = "#{p["html_url"]}/_compare/#{p["sha"]}" + short_url = begin + request = Net::HTTP::Post.new "/" + request.set_form_data ({"url" => url }) + response = http.request(request) + response["location"] + end + lines << "\"#{p["title"]}\" #{p["action"]} by #{event["sender"]["login"]} #{short_url}" + } + event["output"] = lines.join("\n") + ' + } + } + ''; + outputConfig = '' + file { path => "/tmp/logs.json" codec => "json_lines" } + if [output] { + irc { + channels => [ "#krebs", "#nixos" ] + host => "irc.freenode.net" + nick => "nixos-users-wiki" + format => "%{output}" + notice => true + } + } + ''; + plugins = [ ]; + }; + + services.nginx = { + enable = lib.mkDefault true; + virtualHosts."ghook.krebsco.de" = { + locations."/".proxyPass = "http://localhost:${toString port}/"; + enableSSL = true; + enableACME = true; + forceSSL = true; + }; + }; +} diff --git a/makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch b/makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch new file mode 100644 index 00000000..040643f8 --- /dev/null +++ b/makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch @@ -0,0 +1,26 @@ +index b63339d..8c8c747 100644 +--- a/vendor/bundle/jruby/1.9/gems/logstash-output-irc-2.0.4/lib/logstash/outputs/irc.rb ++++ b/vendor/bundle/jruby/1.9/gems/logstash-output-irc-2.0.4/lib/logstash/outputs/irc.rb +@@ -48,6 +48,9 @@ class LogStash::Outputs::Irc < LogStash::Outputs::Base + # Static string after event + config :post_string, :validate => :string, :required => false + ++ # Set this to true to send messages as notice ++ config :notice, :validate => :boolean, :default => false ++ + public + + def inject_bot(bot) +@@ -90,9 +93,9 @@ class LogStash::Outputs::Irc < LogStash::Outputs::Base + + @bot.channels.each do |channel| + @logger.debug("Sending to...", :channel => channel, :text => text) +- channel.msg(pre_string) if !@pre_string.nil? +- channel.msg(text) +- channel.msg(post_string) if !@post_string.nil? ++ channel.send(pre_string, :notice => @notice) if !@pre_string.nil? ++ channel.send(text, :notice => @notice) ++ channel.send(post_string, :notice => @notice) if !@post_string.nil? + end # channels.each + end # def receive + end # class LogStash::Outputs::Irc diff --git a/makefu/2configs/deployment/wiki-irc.nix b/makefu/2configs/deployment/wiki-irc.nix deleted file mode 100644 index dc7c8afe..00000000 --- a/makefu/2configs/deployment/wiki-irc.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ pkgs, lib, ... }: - -with lib; -let - port = 18872; -in { - services.logstash = { - enable = true; - inputConfig = '' - http { - port => ${toString port} - host => "127.0.0.1" - } - ''; - filterConfig = '' - if ([pages]) { - ruby { - code => ' - require "net/http" - require "net/https" - http = Net::HTTP.new("git.io", 443) - http.use_ssl = true - lines = [] - event["pages"].each {|p| - url = "#{p["html_url"]}/_compare/#{p["sha"]}" - short_url = begin - request = Net::HTTP::Post.new "/" - request.set_form_data ({"url" => url }) - response = http.request(request) - response["location"] - end - lines << "\"#{p["title"]}\" #{p["action"]} by #{event["sender"]["login"]} #{short_url}" - } - event["output"] = lines.join("\n") - ' - } - } - ''; - outputConfig = '' - file { path => "/tmp/logs.json" codec => "json_lines" } - if [output] { - irc { - channels => [ "#nixos" , "#krebs" ] - host => "irc.freenode.net" - nick => "nixos-users-wiki" - format => "%{output}" - } - } - ''; - plugins = [ ]; - }; - - services.nginx = { - enable = lib.mkDefault true; - virtualHosts."ghook.krebsco.de" = { - locations."/".proxyPass = "http://localhost:${toString port}/"; - enableSSL = true; - enableACME = true; - forceSSL = true; - }; - }; -} -- cgit v1.2.3 From b4289416165428a490542784b0ee418d85c85226 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 24 May 2017 10:53:50 +0200 Subject: m 1 gum: use upstream taskserver config --- makefu/1systems/gum.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 92c44621..ddff9f78 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -48,8 +48,18 @@ in { ../2configs/deployment/mycube.connector.one.nix ../2configs/deployment/graphs.nix ../2configs/deployment/owncloud.nix - ../2configs/deployment/wiki-irc.nix + ../2configs/deployment/wiki-irc-bot ../2configs/deployment/boot-euer.nix + { + services.taskserver.enable = true; + services.taskserver.fqdn = config.krebs.build.host.name; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.home.users = [ "makefu" ]; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ''; + } # ../2configs/ipfs.nix ../2configs/syncthing.nix @@ -78,7 +88,6 @@ in { ]; }; - makefu.taskserver.enable = true; # access @@ -122,6 +131,8 @@ in { 21031 # taskserver 53589 + # temp vnc + 18001 ]; allowedUDPPorts = [ # tinc -- cgit v1.2.3 From 243d33abe350a1a7b41a7f2c6106fd5b92bde4c8 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 24 May 2017 16:53:57 +0200 Subject: m 2 gui/base: euro-sign --- makefu/2configs/gui/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index bf6bef29..0247010b 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -24,7 +24,7 @@ in enable = true; layout = "us"; xkbVariant = "altgr-intl"; - xkbOptions = "ctrl:nocaps"; + xkbOptions = "ctrl:nocaps, eurosign:e"; windowManager = { awesome.enable = true; -- cgit v1.2.3 From 0c92dd719a46139523f6e353c354871bd78024a4 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 25 May 2017 23:19:36 +0200 Subject: m 2: rename stats and share --- makefu/1systems/gum.nix | 6 +- makefu/1systems/omo.nix | 13 ++-- makefu/2configs/gum-share.nix | 39 ---------- makefu/2configs/logging/central-logging-client.nix | 32 --------- makefu/2configs/logging/central-logging-server.nix | 23 ------ makefu/2configs/logging/central-stats-client.nix | 60 ---------------- makefu/2configs/logging/central-stats-server.nix | 84 ---------------------- makefu/2configs/logging/client.nix | 32 +++++++++ makefu/2configs/logging/external/aralast.nix | 38 ---------- makefu/2configs/logging/server.nix | 23 ++++++ makefu/2configs/omo-share.nix | 69 ------------------ makefu/2configs/share/gum.nix | 39 ++++++++++ makefu/2configs/share/omo.nix | 69 ++++++++++++++++++ makefu/2configs/share/temp-share-samba.nix | 31 ++++++++ makefu/2configs/stats/client.nix | 60 ++++++++++++++++ makefu/2configs/stats/external/aralast.nix | 38 ++++++++++ makefu/2configs/stats/server.nix | 84 ++++++++++++++++++++++ makefu/2configs/temp-share-samba.nix | 31 -------- 18 files changed, 387 insertions(+), 384 deletions(-) delete mode 100644 makefu/2configs/gum-share.nix delete mode 100644 makefu/2configs/logging/central-logging-client.nix delete mode 100644 makefu/2configs/logging/central-logging-server.nix delete mode 100644 makefu/2configs/logging/central-stats-client.nix delete mode 100644 makefu/2configs/logging/central-stats-server.nix create mode 100644 makefu/2configs/logging/client.nix delete mode 100644 makefu/2configs/logging/external/aralast.nix create mode 100644 makefu/2configs/logging/server.nix delete mode 100644 makefu/2configs/omo-share.nix create mode 100644 makefu/2configs/share/gum.nix create mode 100644 makefu/2configs/share/omo.nix create mode 100644 makefu/2configs/share/temp-share-samba.nix create mode 100644 makefu/2configs/stats/client.nix create mode 100644 makefu/2configs/stats/external/aralast.nix create mode 100644 makefu/2configs/stats/server.nix delete mode 100644 makefu/2configs/temp-share-samba.nix diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index ddff9f78..fb4fac3f 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -32,7 +32,7 @@ in { ../2configs/tools/sec.nix # services - ../2configs/gum-share.nix + ../2configs/share/gum.nix ../2configs/sabnzbd.nix ../2configs/torrent.nix ../2configs/iodined.nix @@ -64,8 +64,8 @@ in { ../2configs/syncthing.nix # ../2configs/opentracker.nix - ../2configs/logging/central-stats-client.nix - # ../2configs/logging/central-logging-client.nix + ../2configs/stats/client.nix + # ../2configs/logging/client.nix ]; makefu.dl-dir = "/var/download"; diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 91785a07..0f1b8e0d 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -50,11 +50,13 @@ in { # ../2configs/disable_v6.nix #../2configs/graphite-standalone.nix #../2configs/share-user-sftp.nix - ../2configs/omo-share.nix + ../2configs/share/omo.nix ../2configs/tinc/retiolum.nix - ../2configs/logging/central-stats-server.nix - # ../2configs/logging/central-logging-server.nix - ../2configs/logging/central-stats-client.nix + + # Logging + ../2configs/stats/server.nix #influx + grafana + ../2configs/stats/client.nix + ../2configs/stats/external/aralast.nix # logs to influx # services ../2configs/syncthing.nix @@ -180,7 +182,8 @@ in { uid = 9002; name = "misa"; }; - hardware.enableAllFirmware = true; + # hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; hardware.cpu.intel.updateMicrocode = true; zramSwap.enable = true; diff --git a/makefu/2configs/gum-share.nix b/makefu/2configs/gum-share.nix deleted file mode 100644 index e578f43d..00000000 --- a/makefu/2configs/gum-share.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; -let - hostname = config.krebs.build.host.name; -in { - # users.users.smbguest = { - # name = "smbguest"; - # uid = config.ids.uids.smbguest; - # description = "smb guest user"; - # home = "/var/empty"; - # }; - - users.users.download = { }; - services.samba = { - enable = true; - shares = { - download = { - path = "/var/download"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "no"; - "valid users" = "download"; - }; - }; - extraConfig = '' - # guest account = smbguest - # map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport 445 -j ACCEPT - ''; -} diff --git a/makefu/2configs/logging/central-logging-client.nix b/makefu/2configs/logging/central-logging-client.nix deleted file mode 100644 index 04d2de0d..00000000 --- a/makefu/2configs/logging/central-logging-client.nix +++ /dev/null @@ -1,32 +0,0 @@ -{pkgs, buil, config, ...}: -let - log-server = config.makefu.log-server; - log-port = 9200; -in { - services.journalbeat = { - enable = true; - # TODO: filter for certain journal fields, not all - extraConfig = '' - journalbeat: - name: logs-${config.krebs.build.host.name} - seek_position: cursor - cursor_seek_fallback: tail - write_cursor_state: true - cursor_flush_period: 5s - clean_field_names: true - convert_to_numbers: false - move_metadata_to_field: journal - default_type: journal - output.elasticsearch: - enabled: true - hosts: ["${log-server}:${builtins.toString log-port}"] - template.enabled: false - #output.console: - # enabled: true - logging.level: info - logging.to_syslog: true - logging.selectors: ["*"] - - ''; - }; -} diff --git a/makefu/2configs/logging/central-logging-server.nix b/makefu/2configs/logging/central-logging-server.nix deleted file mode 100644 index 90f8e668..00000000 --- a/makefu/2configs/logging/central-logging-server.nix +++ /dev/null @@ -1,23 +0,0 @@ -{pkgs, config, ...}: - -with import ; -let - es-port = 9200; - kibana-port = 5601; -in { - services.elasticsearch = { - enable = true; - listenAddress = "0.0.0.0"; - port = es-port; - }; - services.kibana = { - enable = true; - listenAddress = "0.0.0.0"; - port = kibana-port; - }; - - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport ${toString es-port} -j ACCEPT - iptables -A INPUT -i retiolum -p tcp --dport ${toString kibana-port} -j ACCEPT - ''; -} diff --git a/makefu/2configs/logging/central-stats-client.nix b/makefu/2configs/logging/central-stats-client.nix deleted file mode 100644 index dd6dddda..00000000 --- a/makefu/2configs/logging/central-stats-client.nix +++ /dev/null @@ -1,60 +0,0 @@ -{pkgs, config, ...}: -{ - services.collectd = { - enable = true; - autoLoadPlugin = true; - extraConfig = '' - Hostname ${config.krebs.build.host.name} - LoadPlugin load - LoadPlugin disk - LoadPlugin memory - LoadPlugin df - Interval 30.0 - - LoadPlugin interface - - Interface "*Link" - Interface "lo" - Interface "vboxnet*" - Interface "virbr*" - IgnoreSelected true - - - LoadPlugin df - - MountPoint "/nix/store" - # MountPoint "/run*" - # MountPoint "/sys*" - # MountPoint "/dev" - # MountPoint "/dev/shm" - # MountPoint "/tmp" - FSType "tmpfs" - FSType "binfmt_misc" - FSType "debugfs" - FSType "mqueue" - FSType "hugetlbfs" - FSType "systemd-1" - FSType "cgroup" - FSType "securityfs" - FSType "ramfs" - FSType "proc" - FSType "devpts" - FSType "devtmpfs" - MountPoint "/var/lib/docker/devicemapper" - IgnoreSelected true - - - LoadPlugin cpu - - ReportByCpu true - ReportByState true - ValuesPercentage true - - - LoadPlugin network - - Server "${config.makefu.stats-server}" "25826" - - ''; - }; -} diff --git a/makefu/2configs/logging/central-stats-server.nix b/makefu/2configs/logging/central-stats-server.nix deleted file mode 100644 index 602fcc6d..00000000 --- a/makefu/2configs/logging/central-stats-server.nix +++ /dev/null @@ -1,84 +0,0 @@ -{pkgs, config, ...}: - -with import ; -let - collectd-port = 25826; - influx-port = 8086; - grafana-port = 3000; # TODO nginx forward - db = "collectd_db"; - logging-interface = config.makefu.server.primary-itf; -in { - services.grafana.enable = true; - services.grafana.addr = "0.0.0.0"; - - services.influxdb.enable = true; - # redirect grafana to stats.makefu.r - services.nginx.enable = true; - services.nginx.virtualHosts."stats.makefu.r".locations."/".proxyPass = "http://localhost:3000"; - # forward these via nginx - services.influxdb.extraConfig = { - meta.hostname = config.krebs.build.host.name; - # meta.logging-enabled = true; - http.bind-address = ":${toString influx-port}"; - admin.bind-address = ":8083"; - monitoring = { - enabled = false; - # write-interval = "24h"; - }; - collectd = [{ - enabled = true; - typesdb = "${pkgs.collectd}/share/collectd/types.db"; - database = db; - port = collectd-port; - }]; - }; - krebs.kapacitor = - let - echoToIrc = pkgs.writeDash "echo_irc" '' - set -euf - data="$(${pkgs.jq}/bin/jq -r .message)" - export LOGNAME=malarm - ${pkgs.irc-announce}/bin/irc-announce \ - irc.freenode.org 6667 malarm \#krebs-bots "$data" >/dev/null - ''; - in { - enable = true; - alarms = { - cpu_deadman.database = db; - cpu_deadman.text = '' - var data = batch - |query(${"'''"} - SELECT mean("value") AS mean - FROM "collectd_db"."default"."cpu_value" - WHERE "type_instance" = 'idle' AND "type" = 'percent' fill(0) - ${"'''"}) - .period(10m) - .every(1m) - .groupBy('host') - data |alert() - .crit(lambda: "mean" < 50) - .stateChangesOnly() - .exec('${echoToIrc}') - data |deadman(1.0,5m) - .stateChangesOnly() - .exec('${echoToIrc}') - ''; - }; - - }; - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT - iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT - iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT - - ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT - ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT - ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT - ''; -} diff --git a/makefu/2configs/logging/client.nix b/makefu/2configs/logging/client.nix new file mode 100644 index 00000000..04d2de0d --- /dev/null +++ b/makefu/2configs/logging/client.nix @@ -0,0 +1,32 @@ +{pkgs, buil, config, ...}: +let + log-server = config.makefu.log-server; + log-port = 9200; +in { + services.journalbeat = { + enable = true; + # TODO: filter for certain journal fields, not all + extraConfig = '' + journalbeat: + name: logs-${config.krebs.build.host.name} + seek_position: cursor + cursor_seek_fallback: tail + write_cursor_state: true + cursor_flush_period: 5s + clean_field_names: true + convert_to_numbers: false + move_metadata_to_field: journal + default_type: journal + output.elasticsearch: + enabled: true + hosts: ["${log-server}:${builtins.toString log-port}"] + template.enabled: false + #output.console: + # enabled: true + logging.level: info + logging.to_syslog: true + logging.selectors: ["*"] + + ''; + }; +} diff --git a/makefu/2configs/logging/external/aralast.nix b/makefu/2configs/logging/external/aralast.nix deleted file mode 100644 index c335db45..00000000 --- a/makefu/2configs/logging/external/aralast.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - pkg = pkgs.stdenv.mkDerivation { - name = "aralast-master"; - src = pkgs.fetchFromGitHub { - owner = "makefu"; - repo = "aralast"; - rev = "7121598"; - sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m"; - }; - installPhase = '' - install -m755 -D aralast.sh $out/bin/aralast - ''; - }; -in { - systemd.services.aralast = { - description = "periodically fetch aramark"; - path = [ - pkgs.curl - pkgs.gnugrep - pkgs.gnused - ]; - wantedBy = [ "multi-user.target" ]; - environment = { - INFLUX_HOST = "localhost"; - INFLUX_PORT = "8086"; - }; - # every 10 seconds when the cantina is open - startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0/10"; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkg}/bin/aralast"; - PrivateTmp = true; - }; - }; -} diff --git a/makefu/2configs/logging/server.nix b/makefu/2configs/logging/server.nix new file mode 100644 index 00000000..90f8e668 --- /dev/null +++ b/makefu/2configs/logging/server.nix @@ -0,0 +1,23 @@ +{pkgs, config, ...}: + +with import ; +let + es-port = 9200; + kibana-port = 5601; +in { + services.elasticsearch = { + enable = true; + listenAddress = "0.0.0.0"; + port = es-port; + }; + services.kibana = { + enable = true; + listenAddress = "0.0.0.0"; + port = kibana-port; + }; + + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport ${toString es-port} -j ACCEPT + iptables -A INPUT -i retiolum -p tcp --dport ${toString kibana-port} -j ACCEPT + ''; +} diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix deleted file mode 100644 index 7d7a4ec5..00000000 --- a/makefu/2configs/omo-share.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - hostname = config.krebs.build.host.name; - # TODO local-ip from the nets config - local-ip = "192.168.1.11"; - # local-ip = config.krebs.build.host.nets.retiolum.ip4.addr; -in { - - # samba share /media/crypt1/share - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; - description = "smb guest user"; - home = "/var/empty"; - }; - services.samba = { - enable = true; - shares = { - winshare = { - path = "/media/crypt1/share"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - emu = { - path = "/media/crypt1/emu"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - usenet = { - path = "/media/crypt0/usenet/dst"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - pyload = { - path = "/media/crypt0/pyload"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - crypt0 = { - path = "/media/crypt0"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - media-rw = { - path = "/media/"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "no"; - "valid users" = "makefu"; - }; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; -} diff --git a/makefu/2configs/share/gum.nix b/makefu/2configs/share/gum.nix new file mode 100644 index 00000000..e578f43d --- /dev/null +++ b/makefu/2configs/share/gum.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +let + hostname = config.krebs.build.host.name; +in { + # users.users.smbguest = { + # name = "smbguest"; + # uid = config.ids.uids.smbguest; + # description = "smb guest user"; + # home = "/var/empty"; + # }; + + users.users.download = { }; + services.samba = { + enable = true; + shares = { + download = { + path = "/var/download"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "no"; + "valid users" = "download"; + }; + }; + extraConfig = '' + # guest account = smbguest + # map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport 445 -j ACCEPT + ''; +} diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix new file mode 100644 index 00000000..7d7a4ec5 --- /dev/null +++ b/makefu/2configs/share/omo.nix @@ -0,0 +1,69 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + hostname = config.krebs.build.host.name; + # TODO local-ip from the nets config + local-ip = "192.168.1.11"; + # local-ip = config.krebs.build.host.nets.retiolum.ip4.addr; +in { + + # samba share /media/crypt1/share + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/var/empty"; + }; + services.samba = { + enable = true; + shares = { + winshare = { + path = "/media/crypt1/share"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + emu = { + path = "/media/crypt1/emu"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + usenet = { + path = "/media/crypt0/usenet/dst"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + pyload = { + path = "/media/crypt0/pyload"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + crypt0 = { + path = "/media/crypt0"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + media-rw = { + path = "/media/"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "no"; + "valid users" = "makefu"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} diff --git a/makefu/2configs/share/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix new file mode 100644 index 00000000..0907c2db --- /dev/null +++ b/makefu/2configs/share/temp-share-samba.nix @@ -0,0 +1,31 @@ +{config, ... }:{ + networking.firewall.allowedUDPPorts = [ 137 138 ]; + networking.firewall.allowedTCPPorts = [ 139 445 ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + services.samba = { + enable = true; + shares = { + share-home = { + path = "/home/share/"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/client.nix new file mode 100644 index 00000000..dd6dddda --- /dev/null +++ b/makefu/2configs/stats/client.nix @@ -0,0 +1,60 @@ +{pkgs, config, ...}: +{ + services.collectd = { + enable = true; + autoLoadPlugin = true; + extraConfig = '' + Hostname ${config.krebs.build.host.name} + LoadPlugin load + LoadPlugin disk + LoadPlugin memory + LoadPlugin df + Interval 30.0 + + LoadPlugin interface + + Interface "*Link" + Interface "lo" + Interface "vboxnet*" + Interface "virbr*" + IgnoreSelected true + + + LoadPlugin df + + MountPoint "/nix/store" + # MountPoint "/run*" + # MountPoint "/sys*" + # MountPoint "/dev" + # MountPoint "/dev/shm" + # MountPoint "/tmp" + FSType "tmpfs" + FSType "binfmt_misc" + FSType "debugfs" + FSType "mqueue" + FSType "hugetlbfs" + FSType "systemd-1" + FSType "cgroup" + FSType "securityfs" + FSType "ramfs" + FSType "proc" + FSType "devpts" + FSType "devtmpfs" + MountPoint "/var/lib/docker/devicemapper" + IgnoreSelected true + + + LoadPlugin cpu + + ReportByCpu true + ReportByState true + ValuesPercentage true + + + LoadPlugin network + + Server "${config.makefu.stats-server}" "25826" + + ''; + }; +} diff --git a/makefu/2configs/stats/external/aralast.nix b/makefu/2configs/stats/external/aralast.nix new file mode 100644 index 00000000..c335db45 --- /dev/null +++ b/makefu/2configs/stats/external/aralast.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + pkg = pkgs.stdenv.mkDerivation { + name = "aralast-master"; + src = pkgs.fetchFromGitHub { + owner = "makefu"; + repo = "aralast"; + rev = "7121598"; + sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m"; + }; + installPhase = '' + install -m755 -D aralast.sh $out/bin/aralast + ''; + }; +in { + systemd.services.aralast = { + description = "periodically fetch aramark"; + path = [ + pkgs.curl + pkgs.gnugrep + pkgs.gnused + ]; + wantedBy = [ "multi-user.target" ]; + environment = { + INFLUX_HOST = "localhost"; + INFLUX_PORT = "8086"; + }; + # every 10 seconds when the cantina is open + startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0/10"; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkg}/bin/aralast"; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix new file mode 100644 index 00000000..602fcc6d --- /dev/null +++ b/makefu/2configs/stats/server.nix @@ -0,0 +1,84 @@ +{pkgs, config, ...}: + +with import ; +let + collectd-port = 25826; + influx-port = 8086; + grafana-port = 3000; # TODO nginx forward + db = "collectd_db"; + logging-interface = config.makefu.server.primary-itf; +in { + services.grafana.enable = true; + services.grafana.addr = "0.0.0.0"; + + services.influxdb.enable = true; + # redirect grafana to stats.makefu.r + services.nginx.enable = true; + services.nginx.virtualHosts."stats.makefu.r".locations."/".proxyPass = "http://localhost:3000"; + # forward these via nginx + services.influxdb.extraConfig = { + meta.hostname = config.krebs.build.host.name; + # meta.logging-enabled = true; + http.bind-address = ":${toString influx-port}"; + admin.bind-address = ":8083"; + monitoring = { + enabled = false; + # write-interval = "24h"; + }; + collectd = [{ + enabled = true; + typesdb = "${pkgs.collectd}/share/collectd/types.db"; + database = db; + port = collectd-port; + }]; + }; + krebs.kapacitor = + let + echoToIrc = pkgs.writeDash "echo_irc" '' + set -euf + data="$(${pkgs.jq}/bin/jq -r .message)" + export LOGNAME=malarm + ${pkgs.irc-announce}/bin/irc-announce \ + irc.freenode.org 6667 malarm \#krebs-bots "$data" >/dev/null + ''; + in { + enable = true; + alarms = { + cpu_deadman.database = db; + cpu_deadman.text = '' + var data = batch + |query(${"'''"} + SELECT mean("value") AS mean + FROM "collectd_db"."default"."cpu_value" + WHERE "type_instance" = 'idle' AND "type" = 'percent' fill(0) + ${"'''"}) + .period(10m) + .every(1m) + .groupBy('host') + data |alert() + .crit(lambda: "mean" < 50) + .stateChangesOnly() + .exec('${echoToIrc}') + data |deadman(1.0,5m) + .stateChangesOnly() + .exec('${echoToIrc}') + ''; + }; + + }; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT + iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT + iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT + iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + + ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT + ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + ''; +} diff --git a/makefu/2configs/temp-share-samba.nix b/makefu/2configs/temp-share-samba.nix deleted file mode 100644 index 0907c2db..00000000 --- a/makefu/2configs/temp-share-samba.nix +++ /dev/null @@ -1,31 +0,0 @@ -{config, ... }:{ - networking.firewall.allowedUDPPorts = [ 137 138 ]; - networking.firewall.allowedTCPPorts = [ 139 445 ]; - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; - description = "smb guest user"; - home = "/home/share"; - createHome = true; - }; - services.samba = { - enable = true; - shares = { - share-home = { - path = "/home/share/"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; -} -- cgit v1.2.3 From e086914ce0cbe09a100475149ae9730b58d1222d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 25 May 2017 23:21:20 +0200 Subject: s: enable save-diskspace --- shared/1systems/wolf.nix | 2 ++ shared/2configs/default.nix | 2 +- shared/2configs/save-diskspace.nix | 11 +++++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 shared/2configs/save-diskspace.nix diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index ebe393c9..c6cc2f81 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -15,6 +15,7 @@ in ../2configs/shared-buildbot.nix ../2configs/share-shack.nix ../2configs/central-stats-client.nix + ../2configs/save-diskspace.nix ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) @@ -86,4 +87,5 @@ in ]; time.timeZone = "Europe/Berlin"; + sound.enable = false; } diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index e7f600cd..894f8a99 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -11,7 +11,7 @@ with import ; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "22da5d02466ffe465735986d705675982f3646a0"; # nixos-17.03 @ 2017-05-13 + ref = "58e227052d40021d82d015f3f8da011ae54ea430"; # nixos-17.03 @ 2017-05-24 }; secrets.file = if getEnv "dummy_secrets" == "true" diff --git a/shared/2configs/save-diskspace.nix b/shared/2configs/save-diskspace.nix new file mode 100644 index 00000000..ab074c75 --- /dev/null +++ b/shared/2configs/save-diskspace.nix @@ -0,0 +1,11 @@ +{lib, ... }: +# TODO: do not check out nixpkgs master but fetch revision from github +{ + environment.noXlibs = true; + nix.gc.automatic = true; + nix.gc.dates = lib.mkDefault "03:10"; + programs.info.enable = false; + programs.man.enable = false; + services.journald.extraConfig = "SystemMaxUse=50M"; + services.nixosManual.enable = false; +} -- cgit v1.2.3 From 6e93f661e0b31c95f69d1bd3a6f208d26e3e0958 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 29 May 2017 10:52:58 +0200 Subject: l 2 nixpkgs: f469354 -> f8dfdd7 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index c6620afa..a3916a2e 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "f469354"; + ref = "f8dfdd7"; }; } -- cgit v1.2.3 From 21d92086fe00c7369fde3951f92e9f73f4c05ee9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 30 May 2017 10:06:04 +0200 Subject: l: move Reaktor coders config to 2configs --- lass/1systems/prism.nix | 99 +------------------------------------------- lass/2configs/coders-irc.nix | 92 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 93 insertions(+), 98 deletions(-) create mode 100644 lass/2configs/coders-irc.nix diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 01cfe541..02054a8e 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: - with import ; let @@ -46,6 +45,7 @@ in { ../2configs/monitoring/monit-alarms.nix ../2configs/paste.nix ../2configs/syncthing.nix + ../2configs/coders-irc.nix { imports = [ ../2configs/bepasty.nix @@ -253,103 +253,6 @@ in { { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } ]; } - { - krebs.Reaktor.coders = { - nickname = "Reaktor|lass"; - channels = [ "#coders" "#germany" ]; - extraEnviron = { - REAKTOR_HOST = "irc.hackint.org"; - }; - plugins = with pkgs.ReaktorPlugins; let - - lambdabot = (import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs"; - rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; - sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; - }) {}).lambdabot; - - lambdabotflags = '' - -XStandaloneDeriving -XGADTs -XFlexibleContexts \ - -XFlexibleInstances -XMultiParamTypeClasses \ - -XOverloadedStrings -XFunctionalDependencies \''; - in [ - url-title - (buildSimpleReaktorPlugin "lambdabot-pl" { - pattern = "^@pl (?P.*)$$"; - script = pkgs.writeDash "lambda-pl" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@pl $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-type" { - pattern = "^@type (?P.*)$$"; - script = pkgs.writeDash "lambda-type" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@type $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-let" { - pattern = "^@let (?P.*)$$"; - script = pkgs.writeDash "lambda-let" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@let $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-run" { - pattern = "^@run (?P.*)$$"; - script = pkgs.writeDash "lambda-run" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@run $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-kind" { - pattern = "^@kind (?P.*)$$"; - script = pkgs.writeDash "lambda-kind" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@kind $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-kind" { - pattern = "^@kind (?P.*)$$"; - script = pkgs.writeDash "lambda-kind" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@kind $1" - ''; - }) - (buildSimpleReaktorPlugin "random-unicorn-porn" { - pattern = "^!rup$$"; - script = pkgs.writePython2 "rup" '' - #!${pkgs.python2}/bin/python - t1 = """ - _. - ;=',_ () - 8===D~~ S" .--`|| - sS \__ || - __.' ( \-->|| - _=/ _./-\/ || - 8===D~~ ((\( /-' -'l || - ) |/ \\ (_)) - \\ \\ - '~ '~ - """ - print(t1) - ''; - }) - (buildSimpleReaktorPlugin "ping" { - pattern = "^!ping (?P.*)$$"; - script = pkgs.writeDash "ping" '' - exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1 - ''; - }) - ]; - }; - } { krebs.Reaktor.prism = { nickname = "Reaktor|lass"; diff --git a/lass/2configs/coders-irc.nix b/lass/2configs/coders-irc.nix new file mode 100644 index 00000000..61cc7cfe --- /dev/null +++ b/lass/2configs/coders-irc.nix @@ -0,0 +1,92 @@ +{ config, lib, pkgs, ... }: +with import ; + +{ + krebs.Reaktor.coders = { + nickname = "Reaktor|lass"; + channels = [ "#coders" "#germany" ]; + extraEnviron = { + REAKTOR_HOST = "irc.hackint.org"; + }; + plugins = with pkgs.ReaktorPlugins; let + + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + + lambdabotflags = '' + -XStandaloneDeriving -XGADTs -XFlexibleContexts \ + -XFlexibleInstances -XMultiParamTypeClasses \ + -XOverloadedStrings -XFunctionalDependencies \''; + in [ + url-title + (buildSimpleReaktorPlugin "lambdabot-pl" { + pattern = "^@pl (?P.*)$$"; + script = pkgs.writeDash "lambda-pl" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@pl $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-type" { + pattern = "^@type (?P.*)$$"; + script = pkgs.writeDash "lambda-type" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@type $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-let" { + pattern = "^@let (?P.*)$$"; + script = pkgs.writeDash "lambda-let" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@let $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-run" { + pattern = "^@run (?P.*)$$"; + script = pkgs.writeDash "lambda-run" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@run $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-kind" { + pattern = "^@kind (?P.*)$$"; + script = pkgs.writeDash "lambda-kind" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@kind $1" + ''; + }) + (buildSimpleReaktorPlugin "random-unicorn-porn" { + pattern = "^!rup$$"; + script = pkgs.writePython2 "rup" '' + #!${pkgs.python2}/bin/python + t1 = """ + _. + ;=',_ () + 8===D~~ S" .--`|| + sS \__ || + __.' ( \-->|| + _=/ _./-\/ || + 8===D~~ ((\( /-' -'l || + ) |/ \\ (_)) + \\ \\ + '~ '~ + """ + print(t1) + ''; + }) + (buildSimpleReaktorPlugin "ping" { + pattern = "^!ping (?P.*)$$"; + script = pkgs.writeDash "ping" '' + exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1 + ''; + }) + ]; + }; +} -- cgit v1.2.3 From 90822f64e0bf247c5cca2f035077553cac5ceb79 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 1 Jun 2017 09:21:20 +0200 Subject: shared: move shack config to shack/ --- makefu/2configs/deployment/hound/default.nix | 24 ++++++++++++++ shared/1systems/wolf.nix | 17 ++++++---- shared/2configs/shack-drivedroid.nix | 49 ---------------------------- shared/2configs/shack-nix-cacher.nix | 28 ---------------- shared/2configs/shack/drivedroid.nix | 49 ++++++++++++++++++++++++++++ shared/2configs/shack/mqtt_sub.nix | 34 +++++++++++++++++++ shared/2configs/shack/muell_caller.nix | 41 +++++++++++++++++++++++ shared/2configs/shack/nix-cacher.nix | 28 ++++++++++++++++ shared/2configs/shack/share.nix | 38 +++++++++++++++++++++ shared/2configs/share-shack.nix | 38 --------------------- 10 files changed, 225 insertions(+), 121 deletions(-) create mode 100644 makefu/2configs/deployment/hound/default.nix delete mode 100644 shared/2configs/shack-drivedroid.nix delete mode 100644 shared/2configs/shack-nix-cacher.nix create mode 100644 shared/2configs/shack/drivedroid.nix create mode 100644 shared/2configs/shack/mqtt_sub.nix create mode 100644 shared/2configs/shack/muell_caller.nix create mode 100644 shared/2configs/shack/nix-cacher.nix create mode 100644 shared/2configs/shack/share.nix delete mode 100644 shared/2configs/share-shack.nix diff --git a/makefu/2configs/deployment/hound/default.nix b/makefu/2configs/deployment/hound/default.nix new file mode 100644 index 00000000..9e8f8889 --- /dev/null +++ b/makefu/2configs/deployment/hound/default.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: +{ + services.nginx.virtualHosts."wikisearch.krebsco.de".locations."/".proxyPass = "http://localhost:6080"; + services.hound = { + enable = true; + listen = "127.0.0.1:6080"; + # package = pkgs.hound.overrideDerivation(oldAttrs: { + # patches = [ ./keep-repo.patch ]; + # }); + config = ''{ + "max-concurrent-indexers" : 2, + "dbpath" : "${config.services.hound.home}/data", + "repos" : { + "nixos-users-wiki": { + "url" : "https://github.com/nixos-users/wiki.wiki.git", + "url-pattern" : { + "base-url" : "{url}/{path}" + } + } + } + }''; + }; + +} diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index c6cc2f81..9acc5894 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -6,16 +6,21 @@ in imports = [ ../. - ../2configs/cgit-mirror.nix ../2configs/collectd-base.nix + ../2configs/shack/share.nix + ../2configs/central-stats-client.nix + ../2configs/save-diskspace.nix + + ../2configs/cgit-mirror.nix ../2configs/graphite.nix ../2configs/repo-sync.nix - ../2configs/shack-drivedroid.nix - ../2configs/shack-nix-cacher.nix ../2configs/shared-buildbot.nix - ../2configs/share-shack.nix - ../2configs/central-stats-client.nix - ../2configs/save-diskspace.nix + ../2configs/shack/drivedroid.nix + ../2configs/shack/nix-cacher.nix + + ../2configs/shack/mqtt_sub.nix + ../2configs/shack/muell_caller.nix + ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix deleted file mode 100644 index 12e4a39c..00000000 --- a/shared/2configs/shack-drivedroid.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, pkgs, ... }: -with import ; -let - root = "/var/srv/drivedroid"; -in -{ - environment.systemPackages = [ pkgs.drivedroid-gen-repo ]; - - services.nginx = { - enable = mkDefault true; - virtualHosts.shack-drivedroid = { - serverAliases = [ - "drivedroid.shack" - ]; - # TODO: prepare this somehow - locations."/".extraConfig = '' - root ${root}; - index main.json; - ''; - }; - }; - - systemd.services.drivedroid-gen-repo = { - description = "generates drivedroid repo file"; - path = [ - pkgs.coreutils - pkgs.drivedroid-gen-repo - pkgs.inotify-tools - ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Type = "simple"; - Restart = "always"; - ExecStartPre = pkgs.writeDash "prepare-drivedroid-gen-repo" '' - mkdir -p ${root}/repos - ''; - ExecStart = pkgs.writeDash "start-drivedroid-gen-repo" '' - set -efu - cd ${root} - while sleep 60; do - if inotifywait -r .; then - drivedroid-gen-repo repos > main.json - fi - done - ''; - }; - }; -} diff --git a/shared/2configs/shack-nix-cacher.nix b/shared/2configs/shack-nix-cacher.nix deleted file mode 100644 index 4fcbf3a4..00000000 --- a/shared/2configs/shack-nix-cacher.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, pkgs, ... }: -with import ; -let - cfg = config.krebs.apt-cacher-ng; -in -{ - krebs.apt-cacher-ng = { - enable = true; - port = 3142; - bindAddress = "localhost"; - cacheExpiration = 30; - }; - - services.nginx = { - enable = mkDefault true; - virtualHosts.shack-nix-cacher = { - serverAliases = [ - "acng.shack" - ]; - locations."/".extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://localhost:${toString cfg.port}/; - ''; - }; - }; -} diff --git a/shared/2configs/shack/drivedroid.nix b/shared/2configs/shack/drivedroid.nix new file mode 100644 index 00000000..12e4a39c --- /dev/null +++ b/shared/2configs/shack/drivedroid.nix @@ -0,0 +1,49 @@ +{ config, pkgs, ... }: +with import ; +let + root = "/var/srv/drivedroid"; +in +{ + environment.systemPackages = [ pkgs.drivedroid-gen-repo ]; + + services.nginx = { + enable = mkDefault true; + virtualHosts.shack-drivedroid = { + serverAliases = [ + "drivedroid.shack" + ]; + # TODO: prepare this somehow + locations."/".extraConfig = '' + root ${root}; + index main.json; + ''; + }; + }; + + systemd.services.drivedroid-gen-repo = { + description = "generates drivedroid repo