From dae12b6893a1d28e8bcb1fe3fb9ee8757bbfbed4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 24 Nov 2022 17:15:14 +0100 Subject: l prism.r: simplify networking --- lass/1systems/prism/config.nix | 18 ++---------------- lass/1systems/prism/physical.nix | 18 ++++++++++-------- 2 files changed, 12 insertions(+), 24 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 62c6f0b71..7bffc39aa 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -25,7 +25,6 @@ with import ; ]; } { # TODO make new hfos.nix out of this vv - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; users.users.riot = { uid = genid_uint31 "riot"; isNormalUser = true; @@ -33,23 +32,10 @@ with import ; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" ]; - packages = [ - (pkgs.writeDashBin "kick-routing" '' - /run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service - '') - ]; }; - security.sudo.extraConfig = '' - riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service - ''; - - # TODO write function for proxy_pass (ssl/nonssl) - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; } + { v6 = false; precedence = 1000; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "--source 95.216.1.130"; target = "ACCEPT"; } ]; } { diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 151cfbf41..027a27b2b 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -78,29 +78,31 @@ boot.loader.grub.version = 2; boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ]; - boot.kernelParams = [ "net.ifnames=0" ]; + # we don't pay for power there and this might solve a problem we observed at least once + # https://www.thomas-krenn.com/de/wiki/PCIe_Bus_Error_Status_00001100_beheben + boot.kernelParams = [ "pcie_aspm=off" "net.ifnames=0" ]; networking.dhcpcd.enable = false; + + # bridge config + networking.bridges."ext-br".interfaces = [ "eth0" ]; networking = { hostId = "2283aaae"; defaultGateway = "95.216.1.129"; - defaultGateway6 = { address = "fe80::1"; interface = "eth0"; }; + defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; }; # Use google's public DNS server nameservers = [ "8.8.8.8" ]; - interfaces.eth0.ipv4.addresses = [ + interfaces.ext-br.ipv4.addresses = [ { address = "95.216.1.150"; prefixLength = 26; } - { - address = "95.216.1.130"; - prefixLength = 26; - } ]; - interfaces.eth0.ipv6.addresses = [ + interfaces.ext-br.ipv6.addresses = [ { address = "2a01:4f9:2a:1e9::1"; prefixLength = 64; } ]; }; + } -- cgit v1.2.3 From a4637e2bb15a86bd96faaf75914dc8d0dfcc6294 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Nov 2022 21:51:15 +0100 Subject: l: allow piping into sxiv --- lass/2configs/baseX.nix | 4 +--- lass/5pkgs/sxiv/default.nix | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 3 deletions(-) create mode 100644 lass/5pkgs/sxiv/default.nix (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9b2b58f22..efd6c8a24 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -79,9 +79,7 @@ in { powertop rxvt-unicode sshvnc - (pkgs.writers.writeDashBin "sxiv" '' - ${pkgs.nsxiv}/bin/nsxiv "$@" - '') + sxiv nsxiv taskwarrior termite diff --git a/lass/5pkgs/sxiv/default.nix b/lass/5pkgs/sxiv/default.nix new file mode 100644 index 000000000..04fc1c3f6 --- /dev/null +++ b/lass/5pkgs/sxiv/default.nix @@ -0,0 +1,27 @@ +{ nsxiv, writers }: + +writers.writeDashBin "sxiv" '' + set -efu + tmpfile="''${TMPDIR:-/tmp}/nsxiv_pipe_$$" + trap 'rm -f -- $tmpfile' EXIT + + if [ "$#" -eq 0 ]; then + if [ -t 0 ]; then + echo "sxiv: No arguments provided" >&2; exit 1 + else + # Consume stdin and put it in the temporal file + cat > "$tmpfile" + fi + fi + + for arg in "$@"; do + # if it's a pipe then drain it to $tmpfile + [ -p "$arg" ] && cat "$arg" > "$tmpfile" + done + + if [ -s "$tmpfile" ]; then + ${nsxiv}/bin/nsxiv -q "$@" "$tmpfile" # -q to silence warnings + else + ${nsxiv}/bin/nsxiv "$@" # fallback + fi +'' -- cgit v1.2.3 From 8eb64fe9a84b2b7f3bd9a4ac5f46202a9ceb643c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Nov 2022 21:52:13 +0100 Subject: l xmonad: use StateFull instead of Full --- lass/2configs/xmonad.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix index fd70f8b15..05d719b8f 100644 --- a/lass/2configs/xmonad.nix +++ b/lass/2configs/xmonad.nix @@ -45,6 +45,7 @@ import XMonad.Layout.Minimize (minimize) import XMonad.Layout.NoBorders (smartBorders) import XMonad.Layout.MouseResizableTile (mouseResizableTile) import XMonad.Layout.SimplestFloat (simplestFloat) +import XMonad.Layout.StateFull import XMonad.ManageHook (composeAll) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) @@ -87,7 +88,7 @@ main = do myLayoutHook = defLayout where - defLayout = minimize . boringWindows $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid) + defLayout = minimize . boringWindows $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| StateFull ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid) floatHooks = composeAll [ className =? "Pinentry" --> doCenterFloat -- cgit v1.2.3 From 32b23666d15861f6f4d8b1f522ee53d4f21fabb6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 29 Nov 2022 13:47:36 +0100 Subject: l drbd: use drbd9 --- lass/3modules/drbd.nix | 35 ++++++++++++++++++++++++++++++++--- lass/5pkgs/drbd9/default.nix | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 3 deletions(-) create mode 100644 lass/5pkgs/drbd9/default.nix (limited to 'lass') diff --git a/lass/3modules/drbd.nix b/lass/3modules/drbd.nix index 816e58f0a..dbc3db4db 100644 --- a/lass/3modules/drbd.nix +++ b/lass/3modules/drbd.nix @@ -64,13 +64,42 @@ in { services.udev.packages = [ pkgs.drbd ]; boot.kernelModules = [ "drbd" ]; - environment.systemPackages = [ pkgs.drbd ]; + environment.systemPackages = [ + pkgs.drbd + (pkgs.writers.writeDashBin "drbd-change-nodeid" '' + # https://linbit.com/drbd-user-guide/drbd-guide-9_0-en/#s-using-truck-based-replication + set -efux + if [ "$#" -ne 2 ]; then + echo '$1 needs to be drbd volume name' + echo '$2 needs to be new node id' + exit 1 + fi + + + TMPDIR=$(mktemp -d) + trap 'rm -rf $TMPDIR' EXIT + + V=$1 + NODE_TO=$2 + META_DATA_LOCATION=internal + + ${pkgs.drbd}/bin/drbdadm -- --force dump-md $V > "$TMPDIR"/md_orig.txt + NODE_FROM=$(cat "$TMPDIR"/md_orig.txt | ${pkgs.gnused}/bin/sed -n 's/^node-id \(.*\);$/\1/p') + ${pkgs.gnused}/bin/sed -e "s/node-id $NODE_FROM/node-id $NODE_TO/" \ + -e "s/^peer.$NODE_FROM. /peer-NEW /" \ + -e "s/^peer.$NODE_TO. /peer[$NODE_FROM] /" \ + -e "s/^peer-NEW /peer[$NODE_TO] /" \ + < "$TMPDIR"/md_orig.txt > "$TMPDIR"/md.txt + + drbdmeta --force $(drbdadm sh-minor $V) v09 $(drbdadm sh-md-dev $V) $META_DATA_LOCATION restore-md "$TMPDIR"/md.txt + '') + ]; networking.firewall.allowedTCPPorts = map (device: device.port) (lib.attrValues cfg); systemd.services = lib.mapAttrs' (_: device: lib.nameValuePair "drbd-${device.name}" { - after = [ "systemd-udev.settle.service" "network.target" ]; + after = [ "systemd-udev.settle.service" "network.target" "retiolum.service" ]; wants = [ "systemd-udev.settle.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { @@ -88,7 +117,7 @@ in { ''} if ! ${pkgs.drbd}/bin/drbdadm adjust ${device.name}; then ${pkgs.drbd}/bin/drbdadm down ${device.name} - ${pkgs.drbd}/bin/drbdadm create-md ${device.name} + ${pkgs.drbd}/bin/drbdadm create-md ${device.name}/0 --max-peers 31 ${pkgs.drbd}/bin/drbdadm up ${device.name} fi ''; diff --git a/lass/5pkgs/drbd9/default.nix b/lass/5pkgs/drbd9/default.nix new file mode 100644 index 000000000..34ef0f564 --- /dev/null +++ b/lass/5pkgs/drbd9/default.nix @@ -0,0 +1,35 @@ +{ lib, stdenv, git, fetchzip, fetchFromGitHub, kernel }: let + + version = "9.1.7"; + +in stdenv.mkDerivation { + pname = "drbd"; + version = "${kernel.version}-${version}"; + + src = fetchzip { + url = "https://pkg.linbit.com//downloads/drbd/9/drbd-9.1.7.tar.gz"; + sha256 = "sha256-JsbtOrqhZkG7tFEc6tDmj3RlxZggl0HOKfCI8lYtQok="; + }; + # src = fetchFromGitHub { + # owner = "LINBIT"; + # repo = "drbd"; + # rev = "drbd-${version}"; + # sha256 = "sha256-8HAt+k0yi6XsZZ9mkVCQkv2pn65o3Zsa0KwTSBJh0yY="; + # leaveDotGit = true; + # }; + + nativeBuildInputs = [ git ] ++ kernel.moduleBuildDependencies; + + # hardeningDisable = [ "pic" ]; + + makeFlags = kernel.makeFlags ++ [ + "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + ]; + + installPhase = '' + install -D drbd/drbd.ko -t "$out/lib/modules/${kernel.modDirVersion}/updates/" + install -D drbd/drbd_transport_tcp.ko -t "$out/lib/modules/${kernel.modDirVersion}/updates/" + ''; + + enableParallelBuilding = true; +} -- cgit v1.2.3