From dbd3278f49c36acdbd73afedaa6ef9d6e7485fd2 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Jun 2019 07:55:30 +0200 Subject: ma gum.r: add sickbeard,wiregrill --- makefu/1systems/gum/config.nix | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 7bc06f833..9585d8599 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -97,6 +97,24 @@ in { # sharing + { services.sickbeard = { + enable = true; + package = pkgs.sickgear; + user = "sickbeard"; + group = "download"; + port = 8280; + }; + services.nginx.virtualHosts."sick.makefu.r" = { + locations."/".proxyPass = http://localhost:8280; + extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; + }; + users.users.sickbeard.extraGroups = [ "nginx" ]; + } + { nixpkgs.config.allowUnfree = true; } # ## # @@ -111,6 +129,7 @@ in { + # Removed until move: no extra mails @@ -153,11 +172,17 @@ in { makefu.dl-dir = "/var/download"; - services.openssh.hostKeys = [ + services.openssh.hostKeys = lib.mkForce [ { bits = 4096; path = (toString ); type = "rsa"; } { path = (toString ); type = "ed25519"; } ]; ###### stable - services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; + + services.nginx.virtualHosts."cgit.euer.krebsco.de" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://cgit.gum.r"; + }; + krebs.build.host = config.krebs.hosts.gum; # Network -- cgit v1.2.3 From 2a5743d3fafa825822755b994ea3a373e38ad569 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Jun 2019 07:56:22 +0200 Subject: ma filepimp.r: remove obsolete zramSwap numDevices --- makefu/1systems/filepimp/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/filepimp/config.nix b/makefu/1systems/filepimp/config.nix index 30ba61a9b..e023c2885 100644 --- a/makefu/1systems/filepimp/config.nix +++ b/makefu/1systems/filepimp/config.nix @@ -48,7 +48,6 @@ in { hardware.cpu.amd.updateMicrocode = true; zramSwap.enable = true; - zramSwap.numDevices = 2; makefu.snapraid = let toMedia = name: "/media/" + name; -- cgit v1.2.3 From c9f906a54aa0cb866d1605524ae3921f3ddf4fd9 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Jun 2019 07:57:26 +0200 Subject: ma gum.r/hardware-config: do not automount binaergewtter only nofail --- makefu/1systems/gum/hardware-config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix index 857fad7aa..e49b621e7 100644 --- a/makefu/1systems/gum/hardware-config.nix +++ b/makefu/1systems/gum/hardware-config.nix @@ -41,7 +41,7 @@ in { boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.devices = [ main-disk ]; - boot.initrd.kernelModules = [ "dm-raid" "dm_cache" ]; + boot.initrd.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" ]; boot.initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" "xhci_pci" "ehci_pci" "ahci" "sd_mod" @@ -67,7 +67,7 @@ in { fileSystems."/var/www/binaergewitter" = { device = "/dev/nixos/binaergewitter"; fsType = "ext4"; - options = [ "nofail" "x-systemd.automount" "x-systemd.device-timeout=5s" "x-systemd.mount-timeout=5s" ]; + options = [ "nofail" ]; }; fileSystems."/var/lib/borgbackup" = { device = "/dev/nixos/backup"; -- cgit v1.2.3 From 45229593215e54362b80277322beae9beb662346 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Jun 2019 07:58:09 +0200 Subject: ma wbob.r: backup state, disable virtualization --- makefu/1systems/wbob/config.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index ab77f16dd..8b01de4d0 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -16,15 +16,16 @@ in { - + # + # - # # # # + # Services # @@ -33,7 +34,7 @@ in { # Sensors - + # @@ -53,6 +54,7 @@ in { + (let collectd-port = 25826; @@ -85,6 +87,7 @@ in { ''; }) + # temporary # ]; @@ -106,6 +109,7 @@ in { LoadPlugin curl + Interval 300 TotalTime true NamelookupTime true ConnectTime true -- cgit v1.2.3 From 6245b549c66df46a92d76f5d146e545401619258 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Jun 2019 08:00:46 +0200 Subject: ma cake.r: remove dangling config --- makefu/1systems/cake/config.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix index 8617578f0..eaaac8f41 100644 --- a/makefu/1systems/cake/config.nix +++ b/makefu/1systems/cake/config.nix @@ -5,14 +5,14 @@ in { imports = [ ./hardware-config.nix + { environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];} # - { environment.systemPackages = with pkgs;[ rsync screen curl git ];} # -# configure your hw: -# + # configure your hw: + # ]; krebs = { enable = true; @@ -24,5 +24,4 @@ in { documentation.man.enable = false; services.nixosManual.enable = false; sound.enable = false; - } -- cgit v1.2.3 From 0e4035475a359d5015babd46e6d5b1e5ebc84183 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Jun 2019 08:01:42 +0200 Subject: ma firecracker: add config for rk3399 --- makefu/1systems/firecracker/config.nix | 25 ++++++++++++++++ makefu/1systems/firecracker/hardware-config.nix | 30 +++++++++++++++++++ makefu/1systems/firecracker/source.nix | 4 +++ makefu/1systems/sdcard/config.nix | 40 +++++++++++++++++++++++++ makefu/1systems/sdcard/kernel.nix | 15 ++++++++++ makefu/1systems/sdcard/source.nix | 3 ++ 6 files changed, 117 insertions(+) create mode 100644 makefu/1systems/firecracker/config.nix create mode 100644 makefu/1systems/firecracker/hardware-config.nix create mode 100644 makefu/1systems/firecracker/source.nix create mode 100644 makefu/1systems/sdcard/config.nix create mode 100644 makefu/1systems/sdcard/kernel.nix create mode 100644 makefu/1systems/sdcard/source.nix (limited to 'makefu/1systems') diff --git a/makefu/1systems/firecracker/config.nix b/makefu/1systems/firecracker/config.nix new file mode 100644 index 000000000..87f500287 --- /dev/null +++ b/makefu/1systems/firecracker/config.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: +let + primaryInterface = "eth0"; +in { + imports = [ + + ./hardware-config.nix + # + { environment.systemPackages = with pkgs;[ rsync screen curl git ];} + + # +# configure your hw: +# + ]; + krebs = { + enable = true; + tinc.retiolum.enable = true; + build.host = config.krebs.hosts.firecracker; + }; + networking.firewall.trustedInterfaces = [ primaryInterface ]; + documentation.info.enable = false; + documentation.man.enable = false; + services.nixosManual.enable = false; + sound.enable = false; +} diff --git a/makefu/1systems/firecracker/hardware-config.nix b/makefu/1systems/firecracker/hardware-config.nix new file mode 100644 index 000000000..b821a3375 --- /dev/null +++ b/makefu/1systems/firecracker/hardware-config.nix @@ -0,0 +1,30 @@ +{ pkgs, lib, ... }: +{ + boot.kernelParams = lib.mkForce ["console=ttyS2,1500000n8" "earlycon=uart8250,mmio32,0xff1a0000" "earlyprintk"]; + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + boot.loader.generic-extlinux-compatible.configurationLimit = 1; + boot.loader.generationsDir.enable = lib.mkDefault false; + boot.supportedFilesystems = lib.mkForce [ "vfat" ]; + + boot.tmpOnTmpfs = lib.mkForce false; + boot.cleanTmpDir = true; + hardware.enableRedistributableFirmware = true; + + ## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747 + boot.kernelPackages = pkgs.linuxPackages_latest; + networking.wireless.enable = true; + # File systems configuration for using the installer's partition layout + swapDevices = [ { device = "/var/swap"; size = 4096; } ]; + fileSystems = { + "/boot" = { + device = "/dev/disk/by-label/NIXOS_BOOT"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + }; + +} diff --git a/makefu/1systems/firecracker/source.nix b/makefu/1systems/firecracker/source.nix new file mode 100644 index 000000000..22c40039e --- /dev/null +++ b/makefu/1systems/firecracker/source.nix @@ -0,0 +1,4 @@ +{ + name="cake"; + full = true; +} diff --git a/makefu/1systems/sdcard/config.nix b/makefu/1systems/sdcard/config.nix new file mode 100644 index 000000000..4e3c22a30 --- /dev/null +++ b/makefu/1systems/sdcard/config.nix @@ -0,0 +1,40 @@ +{ config, pkgs, lib, ... }: +let + kernel = pkgs.callPackage ./kernel.nix { + kernelPatches = with pkgs.kernelPatches; [ + # kernelPatches.bridge_stp_helper + # kernelPatches.modinst_arg_list_too_long + ]; + }; +in +{ + imports = [ + + # + ]; + # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now + # cd ~/stockholm ; nix build config.system.build.sdImage -I nixos-config=makefu/1systems/sdcard/config.nix -f /home/makefu/nixpkgs/nixos + + boot.kernelParams = ["console=ttyS2,1500000" "earlycon=uart8250,mmio32,0xff1a0000"]; + # boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxPackagesFor kernel; + boot.supportedFilesystems = lib.mkForce [ "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; + + # krebs.hidden-ssh.enable = true; + environment.systemPackages = with pkgs; [ + aria2 + ddrescue + ]; + environment.extraInit = '' + EDITOR=vim + ''; + # iso-specific + services.openssh = { + enable = true; + hostKeys = [ + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + # enable ssh in the iso boot process + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; +} diff --git a/makefu/1systems/sdcard/kernel.nix b/makefu/1systems/sdcard/kernel.nix new file mode 100644 index 000000000..df5e7ada9 --- /dev/null +++ b/makefu/1systems/sdcard/kernel.nix @@ -0,0 +1,15 @@ +{ fetchFromGitLab, buildLinux, ... } @ args: +buildLinux (args // rec { + version = "4.4.55"; + modDirVersion = "4.4.55"; + extraMeta.branch = "4.4"; + defconfig = "firefly_linux_defconfig"; + + src = fetchFromGitLab { + owner = "TeeFirefly"; + repo = "linux-kernel"; + rev = "firefly_0821_release"; + sha256 = "1fwj9cm5ysz286znrr3fyrhfn903m84i7py4rv3y3h9avxb3zl1r"; + }; + extraMeta.platforms = [ "aarch64-linux" ]; +} // (args.argsOverride or {})) diff --git a/makefu/1systems/sdcard/source.nix b/makefu/1systems/sdcard/source.nix new file mode 100644 index 000000000..6bef8ada9 --- /dev/null +++ b/makefu/1systems/sdcard/source.nix @@ -0,0 +1,3 @@ +{ + name="iso"; +} -- cgit v1.2.3 From 06a220ca1c0e368163b02a28b21796a6e2dded29 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jul 2019 08:23:18 +0200 Subject: ma wbob.r: follow changes in bureautomation refactoring --- makefu/1systems/wbob/config.nix | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 8b01de4d0..ad7fc825c 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -45,17 +45,10 @@ in { # { environment.systemPackages = [ pkgs.vlc ]; } - { - # Risikoübernahme - nixpkgs.config.permittedInsecurePackages = [ - "homeassistant-0.77.2" - ]; - } - + # new hass entry point - + # #mpd is only used for TTS - (let collectd-port = 25826; influx-port = 8086; -- cgit v1.2.3