From 12ba7d6aeb6a28a94713c5965a22f987f989b5f4 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 22 Feb 2022 22:18:40 +0100
Subject: ma backup: add latte

---
 makefu/2configs/backup/ssh/latte.pub | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 makefu/2configs/backup/ssh/latte.pub

(limited to 'makefu')

diff --git a/makefu/2configs/backup/ssh/latte.pub b/makefu/2configs/backup/ssh/latte.pub
new file mode 100644
index 00000000..52d56d95
--- /dev/null
+++ b/makefu/2configs/backup/ssh/latte.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x
-- 
cgit v1.2.3


From 036289a0a119159901e20c272b97c00412e41676 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 28 Feb 2022 21:31:52 +0100
Subject: ma omo.r: enable more services

---
 makefu/1systems/latte/config.nix     | 18 +++++++--
 makefu/1systems/omo/config.nix       |  7 ++++
 makefu/2configs/torrent.nix          | 73 ------------------------------------
 makefu/2configs/torrent/rtorrent.nix | 73 ++++++++++++++++++++++++++++++++++++
 4 files changed, 95 insertions(+), 76 deletions(-)
 delete mode 100644 makefu/2configs/torrent.nix
 create mode 100644 makefu/2configs/torrent/rtorrent.nix

(limited to 'makefu')

diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index fdd3df19..5332fadf 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -29,10 +29,19 @@ in {
       <stockholm/makefu/2configs/remote-build/slave.nix>
 
       # Storage
+      <stockholm/makefu/2configs/share>
       <stockholm/makefu/2configs/share/hetzner-client.nix>
 
       # Services:
       <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
+      # <stockholm/makefu/2configs/torrent.nix>
+      # <stockholm/makefu/2configs/torrent/deluge.nix>
+      <stockholm/makefu/2configs/torrent/rtorrent.nix>
+      <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix>
+
+      # local usage:
+      <stockholm/makefu/2configs/mosh.nix>
+      <stockholm/makefu/2configs/bitlbee.nix>
 
       # Supervision
       <stockholm/makefu/2configs/nix-community/supervision.nix>
@@ -40,9 +49,9 @@ in {
       # Krebs
       <stockholm/makefu/2configs/tinc/retiolum.nix>
 
-      #<stockholm/makefu/2configs/home-manager>
-      # configure your hw:
-      # <stockholm/makefu/2configs/torrent.nix>
+      # backup
+      <stockholm/makefu/2configs/backup/state.nix>
+
 
   ];
   krebs = {
@@ -50,4 +59,7 @@ in {
     build.host = config.krebs.hosts.latte;
   };
 
+  makefu.dl-dir = "/media/cloud/download";
+  networking.firewall.allowedTCPPorts = [ 80 ];
+
 }
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 3a216ea7..42f33526 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -43,14 +43,18 @@ in {
       <stockholm/makefu/2configs/tools/dev.nix>
       <stockholm/makefu/2configs/tools/desktop.nix>
       <stockholm/makefu/2configs/tools/mobility.nix>
+      <stockholm/makefu/2configs/tools/consoles.nix>
       #<stockholm/makefu/2configs/graphite-standalone.nix>
       #<stockholm/makefu/2configs/share-user-sftp.nix>
 
       <stockholm/makefu/2configs/urlwatch>
       # <stockholm/makefu/2configs/legacy_only.nix>
 
+      <stockholm/makefu/2configs/share>
       <stockholm/makefu/2configs/share/omo.nix>
       <stockholm/makefu/2configs/share/gum-client.nix>
+      <stockholm/makefu/2configs/share/hetzner-client.nix>
+      <stockholm/makefu/2configs/sync>
       <stockholm/makefu/2configs/dcpp/airdcpp.nix>
       { krebs.airdcpp.dcpp.shares = let
           d = path: "/media/cryptX/${path}";
@@ -96,6 +100,8 @@ in {
 
       <stockholm/makefu/2configs/home/music.nix>
       <stockholm/makefu/2configs/home/photoprism.nix>
+      <stockholm/makefu/2configs/home/tonie.nix>
+      <stockholm/makefu/2configs/home/ps4srv.nix>
       # <stockholm/makefu/2configs/home/metube.nix>
       <stockholm/makefu/2configs/home/ham>
       <stockholm/makefu/2configs/home/zigbee2mqtt>
@@ -104,6 +110,7 @@ in {
           enable = true;
           servedir = "/media/cryptX/emu/ps3";
         };
+        users.users.makefu.packages = [ pkgs.pkgrename ];
       }
 
 
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
deleted file mode 100644
index 74f1e5fe..00000000
--- a/makefu/2configs/torrent.nix
+++ /dev/null
@@ -1,73 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
-  basicAuth = import <torrent-secrets/auth.nix>;
-  peer-port = 51412;
-  web-port = 8112;
-  daemon-port = 58846;
-  base-dir = config.krebs.rtorrent.workDir;
-in {
-
-  users.users = {
-    download = {
-      name = "download";
-      home = base-dir;
-      uid = mkDefault (genid "download");
-      createHome = true;
-      useDefaultShell = true;
-      group = "download";
-      openssh.authorizedKeys.keys = [ ];
-    };
-  };
-
-  users.extraGroups = {
-    download = {
-      gid = lib.mkDefault (genid "download");
-      members = [
-        config.krebs.build.user.name
-        "download"
-        "rtorrent"
-        "nginx"
-      ];
-    };
-    rtorrent.members = [ "download" ];
-  };
-
-  krebs.rtorrent = let
-    d = config.makefu.dl-dir;
-  in {
-    enable = true;
-    web = {
-      enable = true;
-      port = web-port;
-      inherit basicAuth;
-    };
-    rutorrent.enable = true;
-    enableXMLRPC = true;
-    listenPort = peer-port;
-    downloadDir = d + "/finished/incoming";
-    watchDir = d + "/watch";
-    # TODO: maybe test out multiple watch dirs with tags: https://github.com/rakshasa/rtorrent/wiki/TORRENT-Watch-directories
-    extraConfig = ''
-      # log.add_output = "debug", "rtorrent-systemd"
-      # log.add_output = "dht_debug", "rtorrent-systemd"
-      # log.add_output = "tracker_debug", "rtorrent-systemd"
-      log.add_output = "rpc_events", "rtorrent-systemd"
-      # log.add_output = "rpc_dump", "rtorrent-systemd"
-      system.daemon.set = true
-    '';
-    # dump old torrents into watch folder to have them re-added
-  };
-
-  services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; };
-
-  networking.firewall.extraCommands = ''
-    iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
-  '';
-
-  networking.firewall.allowedTCPPorts = [ peer-port ];
-  networking.firewall.allowedUDPPorts = [ peer-port ];
-  state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded
-}
diff --git a/makefu/2configs/torrent/rtorrent.nix b/makefu/2configs/torrent/rtorrent.nix
new file mode 100644
index 00000000..74f1e5fe
--- /dev/null
+++ b/makefu/2configs/torrent/rtorrent.nix
@@ -0,0 +1,73 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+  basicAuth = import <torrent-secrets/auth.nix>;
+  peer-port = 51412;
+  web-port = 8112;
+  daemon-port = 58846;
+  base-dir = config.krebs.rtorrent.workDir;
+in {
+
+  users.users = {
+    download = {
+      name = "download";
+      home = base-dir;
+      uid = mkDefault (genid "download");
+      createHome = true;
+      useDefaultShell = true;
+      group = "download";
+      openssh.authorizedKeys.keys = [ ];
+    };
+  };
+
+  users.extraGroups = {
+    download = {
+      gid = lib.mkDefault (genid "download");
+      members = [
+        config.krebs.build.user.name
+        "download"
+        "rtorrent"
+        "nginx"
+      ];
+    };
+    rtorrent.members = [ "download" ];
+  };
+
+  krebs.rtorrent = let
+    d = config.makefu.dl-dir;
+  in {
+    enable = true;
+    web = {
+      enable = true;
+      port = web-port;
+      inherit basicAuth;
+    };
+    rutorrent.enable = true;
+    enableXMLRPC = true;
+    listenPort = peer-port;
+    downloadDir = d + "/finished/incoming";
+    watchDir = d + "/watch";
+    # TODO: maybe test out multiple watch dirs with tags: https://github.com/rakshasa/rtorrent/wiki/TORRENT-Watch-directories
+    extraConfig = ''
+      # log.add_output = "debug", "rtorrent-systemd"
+      # log.add_output = "dht_debug", "rtorrent-systemd"
+      # log.add_output = "tracker_debug", "rtorrent-systemd"
+      log.add_output = "rpc_events", "rtorrent-systemd"
+      # log.add_output = "rpc_dump", "rtorrent-systemd"
+      system.daemon.set = true
+    '';
+    # dump old torrents into watch folder to have them re-added
+  };
+
+  services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; };
+
+  networking.firewall.extraCommands = ''
+    iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
+  '';
+
+  networking.firewall.allowedTCPPorts = [ peer-port ];
+  networking.firewall.allowedUDPPorts = [ peer-port ];
+  state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded
+}
-- 
cgit v1.2.3


From 7b34d93b0721acacaa112d94e57889618b11f399 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 28 Feb 2022 21:32:18 +0100
Subject: ma x.r: enable hetzner share

---
 makefu/1systems/x/config.nix | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'makefu')

diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 22427786..3edfcecc 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -137,6 +137,8 @@
       # <stockholm/makefu/2configs/share/anon-ftp.nix>
       # <stockholm/makefu/2configs/share/anon-sftp.nix>
       <stockholm/makefu/2configs/share/gum-client.nix>
+      <stockholm/makefu/2configs/share/hetzner-client.nix>
+      <stockholm/makefu/2configs/share>
       # <stockholm/makefu/2configs/share/temp-share-samba.nix>
 
 
@@ -145,6 +147,7 @@
       <stockholm/makefu/2configs/mail-client.nix>
       <stockholm/makefu/2configs/printer.nix>
       # <stockholm/makefu/2configs/syncthing.nix>
+      <stockholm/makefu/2configs/sync>
 
       # Virtualization
       # <stockholm/makefu/2configs/virtualisation/libvirt.nix>
@@ -167,7 +170,7 @@
       # <stockholm/makefu/2configs/remote-build/gum.nix>
       # { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
 
-      <stockholm/makefu/2configs/binary-cache/gum.nix>
+      # <stockholm/makefu/2configs/binary-cache/gum.nix>
       <stockholm/makefu/2configs/binary-cache/lass.nix>
 
 
@@ -223,7 +226,8 @@
 
   krebs.build.host = config.krebs.hosts.x;
 
-  krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ];
+  #krebs.tinc.retiolum.connectTo = lib.mkForce [ "gum" ];
+  #krebs.tinc.retiolum.extraConfig = "AutoConnect = no";
 
 
   environment.systemPackages = [ pkgs.passwdqc-utils ];
@@ -245,6 +249,6 @@
     "/home/makefu/.config/syncthing"
   ];
 
-  services.syncthing.user = lib.mkForce "makefu";
-  services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
+  # services.syncthing.user = lib.mkForce "makefu";
+  # services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
 }
-- 
cgit v1.2.3


From 859a1c2101e5c0b3b519d359a75f6f3086737843 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 1 Mar 2022 23:19:44 +0100
Subject: ma latte.r: continue migration from gum

---
 makefu/1systems/gum/config.nix   | 32 ++++++++++++++++----------------
 makefu/1systems/latte/config.nix | 14 +++++++++++---
 2 files changed, 27 insertions(+), 19 deletions(-)

(limited to 'makefu')

diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index a9d9b661..9ee00c1d 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -23,11 +23,12 @@ in {
       }
       <stockholm/makefu/2configs/nur.nix>
       <stockholm/makefu/2configs/support-nixos.nix>
-      <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
       <stockholm/makefu/2configs/nix-community/supervision.nix>
       <stockholm/makefu/2configs/home-manager>
       <stockholm/makefu/2configs/home-manager/cli.nix>
       # <stockholm/makefu/2configs/stats/client.nix>
+      <stockholm/makefu/2configs/share>
+      <stockholm/makefu/2configs/share/hetzner-client.nix>
       # <stockholm/makefu/2configs/stats/netdata-server.nix>
 
       <stockholm/makefu/2configs/headless.nix>
@@ -56,13 +57,13 @@ in {
       <stockholm/makefu/2configs/tinc/retiolum.nix>
       { # bonus retiolum config for connecting more hosts
         krebs.tinc.retiolum = {
-          extraConfig = lib.mkForce ''
-            ListenAddress = ${external-ip} 53
-            ListenAddress = ${external-ip} 655
-            ListenAddress = ${external-ip} 21031
-            StrictSubnets = yes
-            LocalDiscovery = no
-          '';
+          #extraConfig = lib.mkForce ''
+          #  ListenAddress = ${external-ip} 53
+          #  ListenAddress = ${external-ip} 655
+          #  ListenAddress = ${external-ip} 21031
+          #  StrictSubnets = yes
+          #  LocalDiscovery = no
+          #'';
           connectTo = [
             "prism" "ni" "enklave" "eve" "dishfire"
           ];
@@ -106,7 +107,7 @@ in {
 
       # sharing
       <stockholm/makefu/2configs/share/gum.nix> # samba sahre
-      <stockholm/makefu/2configs/torrent.nix>
+      <stockholm/makefu/2configs/torrent/rtorrent.nix>
       # <stockholm/makefu/2configs/sickbeard>
       <stockholm/makefu/2configs/bitwarden.nix>
 
@@ -114,7 +115,7 @@ in {
       #<stockholm/makefu/2configs/retroshare.nix>
       ## <stockholm/makefu/2configs/ipfs.nix>
       #<stockholm/makefu/2configs/syncthing.nix>
-      <stockholm/makefu/2configs/sync>
+      # <stockholm/makefu/2configs/sync>
       # <stockholm/makefu/2configs/opentracker.nix>
 
 
@@ -125,9 +126,8 @@ in {
       { makefu.backup.server.repo = "/var/backup/borg"; }
       <stockholm/makefu/2configs/backup/server.nix>
       <stockholm/makefu/2configs/backup/state.nix>
-      <stockholm/makefu/2configs/bitlbee.nix>
       <stockholm/makefu/2configs/wireguard/server.nix>
-      <stockholm/makefu/2configs/wireguard/wiregrill.nix>
+      # <stockholm/makefu/2configs/wireguard/wiregrill.nix>
 
       { # recent changes mediawiki bot
         networking.firewall.allowedUDPPorts = [ 5005 5006 ];
@@ -152,11 +152,10 @@ in {
       <stockholm/makefu/2configs/deployment/graphs.nix>
       <stockholm/makefu/2configs/deployment/owncloud.nix>
       <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix>
-      <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix>
       #<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de>
       <stockholm/makefu/2configs/deployment/boot-euer.nix>
       <stockholm/makefu/2configs/deployment/gecloudpad>
-      <stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
+      #<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
       <stockholm/makefu/2configs/deployment/mediengewitter.de.nix>
       <stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix>
       # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
@@ -182,14 +181,15 @@ in {
 
       ## Temporary:
       # <stockholm/makefu/2configs/temp/rst-issue.nix>
-      <stockholm/makefu/2configs/virtualisation/docker.nix>
+      # <stockholm/makefu/2configs/virtualisation/docker.nix>
       #<stockholm/makefu/2configs/virtualisation/libvirt.nix>
 
       # krebs infrastructure services
       # <stockholm/makefu/2configs/stats/server.nix>
     ];
 
-  makefu.dl-dir = "/var/download";
+  # makefu.dl-dir = "/var/download";
+  makefu.dl-dir = "/media/cloud/download";
 
   services.openssh.hostKeys = lib.mkForce [
     { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index 5332fadf..c493541f 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -34,10 +34,18 @@ in {
 
       # Services:
       <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
-      # <stockholm/makefu/2configs/torrent.nix>
-      # <stockholm/makefu/2configs/torrent/deluge.nix>
       <stockholm/makefu/2configs/torrent/rtorrent.nix>
+      ## Web
       <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix>
+      <stockholm/makefu/2configs/deployment/owncloud.nix>
+      ### Moving owncloud data dir to /media/cloud/nextcloud-data
+      {
+        users.users.nextcloud.extraGroups = [ "download" ];
+        fileSystems."/var/lib/nextcloud/data" = {
+          device = "/media/cloud/nextcloud-data";
+          options = [ "bind" ];
+        };
+      }
 
       # local usage:
       <stockholm/makefu/2configs/mosh.nix>
@@ -60,6 +68,6 @@ in {
   };
 
   makefu.dl-dir = "/media/cloud/download";
-  networking.firewall.allowedTCPPorts = [ 80 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 
 }
-- 
cgit v1.2.3


From 4904dcf2291d61d41a22f5429327e95e8a7e61ae Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 1 Mar 2022 23:20:22 +0100
Subject: ma torrent: migrate to upstream rtorrent + flood

---
 makefu/2configs/torrent/rtorrent.nix | 85 +++++++++++++-----------------------
 1 file changed, 30 insertions(+), 55 deletions(-)

(limited to 'makefu')

diff --git a/makefu/2configs/torrent/rtorrent.nix b/makefu/2configs/torrent/rtorrent.nix
index 74f1e5fe..79325bfc 100644
--- a/makefu/2configs/torrent/rtorrent.nix
+++ b/makefu/2configs/torrent/rtorrent.nix
@@ -1,73 +1,48 @@
 { config, lib, pkgs, ... }:
 
-with import <stockholm/lib>;
-
 let
   basicAuth = import <torrent-secrets/auth.nix>;
   peer-port = 51412;
   web-port = 8112;
   daemon-port = 58846;
-  base-dir = config.krebs.rtorrent.workDir;
+  dldir = config.makefu.dl-dir;
 in {
+  services.rtorrent.enable = true;
+  services.rtorrent.user = "rtorrent";
+  services.rtorrent.group = "download";
+  services.rtorrent.downloadDir = dldir;
+  services.rtorrent.configText = ''
+    schedule2 = watch_start, 10, 10, ((load.start, (cat, (cfg.watch), "/media/cloud/watch/*.torrent")))
+  '';
 
-  users.users = {
-    download = {
-      name = "download";
-      home = base-dir;
-      uid = mkDefault (genid "download");
-      createHome = true;
-      useDefaultShell = true;
-      group = "download";
-      openssh.authorizedKeys.keys = [ ];
-    };
-  };
+  services.rtorrent.openFirewall = true;
 
-  users.extraGroups = {
-    download = {
-      gid = lib.mkDefault (genid "download");
-      members = [
-        config.krebs.build.user.name
-        "download"
-        "rtorrent"
-        "nginx"
-      ];
+  systemd.services.flood = {
+    wantedBy = [ "multi-user.target" ];
+    wants = [ "rtorrent.service" ];
+    after = [ "rtorrent.service" ];
+    serviceConfig = {
+      User = "rtorrent";
+      ExecStart = "${pkgs.nodePackages.flood}/bin/flood --auth none --port ${toString web-port} --rtsocket ${config.services.rtorrent.rpcSocket}";
     };
-    rtorrent.members = [ "download" ];
   };
 
-  krebs.rtorrent = let
-    d = config.makefu.dl-dir;
-  in {
+  #security.acme.certs."torrent.${config.krebs.build.host.name}.r".server = config.krebs.ssl.acmeURL;
+
+  services.nginx = {
     enable = true;
-    web = {
-      enable = true;
-      port = web-port;
+    virtualHosts."torrent.${config.krebs.build.host.name}.r" = {
+      # TODO
       inherit basicAuth;
+      #enableACME = true;
+      #addSSL = true;
+      root = "${pkgs.nodePackages.flood}/lib/node_modules/flood/dist/assets";
+      locations."/api".extraConfig = ''
+        proxy_pass       http://localhost:${toString web-port};
+      '';
+      locations."/".extraConfig = ''
+        try_files $uri /index.html;
+      '';
     };
-    rutorrent.enable = true;
-    enableXMLRPC = true;
-    listenPort = peer-port;
-    downloadDir = d + "/finished/incoming";
-    watchDir = d + "/watch";
-    # TODO: maybe test out multiple watch dirs with tags: https://github.com/rakshasa/rtorrent/wiki/TORRENT-Watch-directories
-    extraConfig = ''
-      # log.add_output = "debug", "rtorrent-systemd"
-      # log.add_output = "dht_debug", "rtorrent-systemd"
-      # log.add_output = "tracker_debug", "rtorrent-systemd"
-      log.add_output = "rpc_events", "rtorrent-systemd"
-      # log.add_output = "rpc_dump", "rtorrent-systemd"
-      system.daemon.set = true
-    '';
-    # dump old torrents into watch folder to have them re-added
   };
-
-  services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; };
-
-  networking.firewall.extraCommands = ''
-    iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
-  '';
-
-  networking.firewall.allowedTCPPorts = [ peer-port ];
-  networking.firewall.allowedUDPPorts = [ peer-port ];
-  state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded
 }
-- 
cgit v1.2.3


From 94b29daa137e704d9db1979169ba82f9150515c6 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 1 Mar 2022 23:26:31 +0100
Subject: ma share: set file-mode to 0770 for hetzner

---
 makefu/2configs/share/default.nix        | 29 +++++++++++++++++++++++++++++
 makefu/2configs/share/hetzner-client.nix | 12 +++++++-----
 makefu/2configs/share/omo.nix            |  6 ++++++
 3 files changed, 42 insertions(+), 5 deletions(-)
 create mode 100644 makefu/2configs/share/default.nix

(limited to 'makefu')

diff --git a/makefu/2configs/share/default.nix b/makefu/2configs/share/default.nix
new file mode 100644
index 00000000..a1ad349b
--- /dev/null
+++ b/makefu/2configs/share/default.nix
@@ -0,0 +1,29 @@
+{ config, lib, ... }:
+with import <stockholm/lib>;
+let
+  base-dir = config.services.rtorrent.downloadDir;
+in {
+  users.users = {
+    download = {
+      name = "download";
+      home = base-dir;
+      isNormalUser = true;
+      uid = mkDefault (genid "download");
+      createHome = false;
+      useDefaultShell = true;
+      group = "download";
+      openssh.authorizedKeys.keys = [ ];
+    };
+  };
+
+  users.groups = {
+    download = {
+      gid = lib.mkDefault (genid "download");
+      members = [
+        config.krebs.build.user.name
+        "download"
+      ];
+    };
+  };
+
+}
diff --git a/makefu/2configs/share/hetzner-client.nix b/makefu/2configs/share/hetzner-client.nix
index e5969806..90bc32de 100644
--- a/makefu/2configs/share/hetzner-client.nix
+++ b/makefu/2configs/share/hetzner-client.nix
@@ -1,5 +1,6 @@
 { config, lib, pkgs, ... }:
 
+with <stockholm/lib>;
 let
   automount_opts =
   [ "x-systemd.automount"
@@ -10,14 +11,16 @@ let
   host = "u288834.your-storagebox.de";
 in {
   boot.kernel.sysctl."net.ipv6.route.max_size" = 2147483647;
+
   fileSystems."/media/cloud" = {
       device = "//${host}/backup";
       fsType = "cifs";
       options = automount_opts ++
-      [ "credentials=/var/src/secrets/hetzner.smb"
-        "file_mode=0775"
-        "dir_mode=0775"
-        "uid=9001"
+      [ "credentials=${toString <secrets/hetzner.smb>}"
+        "file_mode=0770"
+        "dir_mode=0770"
+        "uid=${toString config.users.users.download.uid}"
+        "gid=${toString config.users.groups.download.gid}"
         #"vers=3"
         "vers=2.1"
         "rsize=65536"
@@ -25,5 +28,4 @@ in {
         "iocharset=utf8"
       ];
   };
-
 }
diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix
index 93536b63..e53158b8 100644
--- a/makefu/2configs/share/omo.nix
+++ b/makefu/2configs/share/omo.nix
@@ -32,6 +32,12 @@ in {
         browseable = "yes";
         "guest ok" = "yes";
       };
+      movies = {
+        path = "/media/cryptX/movies";
+        "read only" = "yes";
+        browseable = "yes";
+        "guest ok" = "yes";
+      };
       audiobook = {
         path = "/media/crypt1/audiobooks";
         "read only" = "yes";
-- 
cgit v1.2.3


From 26e2bc72ab89c9e2d0ca02fed632c982beb73322 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 2 Mar 2022 13:23:44 +0100
Subject: ma latte.r: un-fail nextcloud-setup

---
 makefu/1systems/gum/config.nix   | 2 +-
 makefu/1systems/latte/config.nix | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'makefu')

diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 9ee00c1d..089fc8e9 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -150,7 +150,7 @@ in {
 
       # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
       <stockholm/makefu/2configs/deployment/graphs.nix>
-      <stockholm/makefu/2configs/deployment/owncloud.nix>
+      #<stockholm/makefu/2configs/deployment/owncloud.nix>
       <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix>
       #<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de>
       <stockholm/makefu/2configs/deployment/boot-euer.nix>
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index c493541f..2828aea0 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -41,6 +41,8 @@ in {
       ### Moving owncloud data dir to /media/cloud/nextcloud-data
       {
         users.users.nextcloud.extraGroups = [ "download" ];
+        # nextcloud-setup fails as it cannot set permissions for nextcloud
+        systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1";
         fileSystems."/var/lib/nextcloud/data" = {
           device = "/media/cloud/nextcloud-data";
           options = [ "bind" ];
-- 
cgit v1.2.3


From a2d2a6977e5d0809ee45590bc1e6faf705dfaee2 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 2 Mar 2022 16:20:42 +0100
Subject: ma secrets: add hetzner.smb

---
 makefu/0tests/data/secrets/hetzner.smb | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 makefu/0tests/data/secrets/hetzner.smb

(limited to 'makefu')

diff --git a/makefu/0tests/data/secrets/hetzner.smb b/makefu/0tests/data/secrets/hetzner.smb
new file mode 100644
index 00000000..e69de29b
-- 
cgit v1.2.3


From 81817007edda4601c95a8f95aa99ce15320e224a Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 2 Mar 2022 16:22:14 +0100
Subject: ma home: init ps4srv

---
 makefu/2configs/home/ps4srv.nix | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 makefu/2configs/home/ps4srv.nix

(limited to 'makefu')

diff --git a/makefu/2configs/home/ps4srv.nix b/makefu/2configs/home/ps4srv.nix
new file mode 100644
index 00000000..cb1864fa
--- /dev/null
+++ b/makefu/2configs/home/ps4srv.nix
@@ -0,0 +1,17 @@
+let
+  internal-ip = "192.168.111.11";
+in
+{
+  services.nginx.virtualHosts."ps4srv" = {
+    serverAliases = [
+              "ps4srv.lan"
+    ];
+
+    locations."/".root = "/media/cryptX/emu/ps4";
+    extraConfig = ''
+      if ( $server_addr != "${internal-ip}" ) {
+        return 403;
+      }
+    '';
+  };
+}
-- 
cgit v1.2.3