c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Nixfmt everything

This commit is contained in:
Ehmry - 2021-02-22 11:45:12 +01:00
parent 211106cf53
commit 6170a9c4e0
39 changed files with 858 additions and 882 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
host-registry.nix
View File

@ -59,7 +59,8 @@ rec {
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQCZ7f7bqRC6B72oMu7BCItZxZnWsqx9Th/2iBRvtIFggr4YNi7Pbw3cc68NVbm0u7feUUgH5LDiXVpig3b7Gw=
'';
};
storage.publicKey = "storage.ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX";
storage.publicKey =
"storage.ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX";
};

13
hosts/containers/deployer/configuration.nix
View File

@ -5,8 +5,8 @@
{ config, pkgs, lib, ... }:
{
imports =
[ ../../../lib/lxc-container.nix
imports = [
../../../lib/lxc-container.nix
../../../lib/shared.nix
../../../lib/admins.nix
];
@ -25,7 +25,10 @@
htop
];
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.16"; prefixLength = 26; } ];
networking.interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.16";
prefixLength = 26;
}];
networking.defaultGateway = "172.20.73.1";
networking = {
@ -50,9 +53,7 @@
# address = "fe80::a800:42ff:fe7a:3246";
# interface = "ens18";
#};
firewall.allowedTCPPorts = [
22
];
firewall.allowedTCPPorts = [ 22 ];
};
services.openssh = {

11
hosts/containers/dhcp/configuration.nix
View File

@ -1,15 +1,16 @@
{ config, pkgs, lib, ... }:
{
imports =
[ ../../../lib/lxc-container.nix
imports = [
../../../lib/lxc-container.nix
../../../lib/shared.nix
../../../lib/admins.nix
];
networking.hostName = "dhcp";
networking.defaultGateway = "172.22.99.1";
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
networking.nameservers =
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
networking.useDHCP = false;
networking.interfaces.eth0 = {
ipv4.addresses = [{
@ -21,9 +22,7 @@
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim
];
environment.systemPackages = with pkgs; [ vim ];
# dhcp
networking.firewall.allowedUDPPorts = [ 67 68 ];

69
hosts/containers/dn42/configuration.nix
View File

@ -5,8 +5,8 @@ let
address6 = "fe80::deca:fbad";
neighbors = import ../../../secrets/hosts/dn42/neighbors.nix;
in {
imports =
[ ../../../lib/lxc-container.nix
imports = [
../../../lib/lxc-container.nix
../../../lib/shared.nix
../../../lib/admins.nix
../../../lib/default-gateway.nix
@ -28,9 +28,7 @@ in {
networking.useNetworkd = true;
services.resolved.enable = false;
environment.systemPackages = with pkgs; [
vim
];
environment.systemPackages = with pkgs; [ vim ];
# SSH for nixops
services.openssh.enable = true;
@ -45,12 +43,11 @@ in {
mknod -m 666 /dev/net/tun c 10 200
fi
'';
services.openvpn =
let
services.openvpn = let
openvpnNeighbors = lib.filterAttrs (_: conf: conf ? openvpn) neighbors;
keyfile = name:
builtins.toFile "${name}.key"
(builtins.readFile (../../../secrets/hosts/dn42/openvpn + "/${name}.key"));
builtins.toFile "${name}.key" (builtins.readFile
(../../../secrets/hosts/dn42/openvpn + "/${name}.key"));
mkServer = name: conf: {
config = ''
dev ${name}
@ -73,16 +70,16 @@ in {
'';
};
in {
servers = builtins.mapAttrs (name: conf: mkServer name conf) openvpnNeighbors;
servers =
builtins.mapAttrs (name: conf: mkServer name conf) openvpnNeighbors;
};
networking.wireguard = {
enable = true;
interfaces =
let
wireguardNeighbors = lib.filterAttrs (_: conf: conf ? wireguard) neighbors;
in
builtins.mapAttrs (name: conf: {
interfaces = let
wireguardNeighbors =
lib.filterAttrs (_: conf: conf ? wireguard) neighbors;
in builtins.mapAttrs (name: conf: {
inherit (conf.wireguard) listenPort privateKey;
ips = [ "${address4}/32" "${address6}/64" ];
allowedIPsAsRoutes = false;
@ -90,46 +87,40 @@ in {
${pkgs.iproute}/bin/ip addr del ${address4}/32 dev ${name}
${pkgs.iproute}/bin/ip addr add ${address4} dev ${name} peer ${conf.address4}/32
'';
peers = [ ({
peers = [
({
inherit (conf.wireguard) publicKey;
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
persistentKeepalive = 30;
} // (lib.optionalAttrs (conf.wireguard ? endpoint) {
inherit (conf.wireguard) endpoint;
})) ];
}))
];
}) wireguardNeighbors;
};
services.bird2 = {
enable = true;
config =
config = let
bgpNeighbors = builtins.concatStringsSep "\n" (builtins.attrValues
(builtins.mapAttrs (name: conf:
let
bgpNeighbors =
builtins.concatStringsSep "\n"
(builtins.attrValues (builtins.mapAttrs (name: conf:
let
neighbor4 =
if conf ? address4
then ''
neighbor4 = if conf ? address4 then ''
protocol bgp ${name}_4 from dnpeers {
neighbor ${conf.address4} as ${builtins.toString conf.asn};
}
''
else "";
neighbor6 =
if conf ? address6
then ''
'' else
"";
neighbor6 = if conf ? address6 then ''
protocol bgp ${name}_6 from dnpeers {
neighbor ${conf.address6}%${interface} as ${builtins.toString conf.asn};
neighbor ${conf.address6}%${interface} as ${
builtins.toString conf.asn
};
}
''
else "";
interface =
if conf ? interface
then conf.interface
else name;
in "${neighbor4}${neighbor6}"
) neighbors));
'' else
"";
interface = if conf ? interface then conf.interface else name;
in "${neighbor4}${neighbor6}") neighbors));
in ''
protocol kernel {
ipv4 {

32
hosts/containers/dnscache/configuration.nix
View File

@ -1,9 +1,7 @@
{ config, pkgs, lib, ... }:
{
imports =
[ <nixpkgs/nixos/modules/profiles/minimal.nix>
];
imports = [ <nixpkgs/nixos/modules/profiles/minimal.nix> ];
nix.useSandbox = false;
nix.maxJobs = lib.mkDefault 4;
@ -13,16 +11,23 @@
boot.loader.grub.enable = false;
#boot.supportedFilesystems = ["zfs" "ext2" "ext3" "vfat" "fat32" "bcache" "bcachefs"];
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
fileSystems."/" = {
fsType = "rootfs";
device = "rootfs";
};
networking.hostName = "dnscache"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.useNetworkd = true;
networking.useDHCP = false;
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.8"; prefixLength = 26; } ];
networking.interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.8";
prefixLength = 26;
}];
networking.defaultGateway = "172.20.73.1";
services.resolved.enable = false;
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
networking.nameservers =
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
# Set your time zone.
time.timeZone = "Europe/Berlin";
@ -34,15 +39,11 @@
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget vim
traceroute tcpdump bind
];
environment.systemPackages = with pkgs; [ wget vim traceroute tcpdump bind ];
# Create a few files early before packing tarball for Proxmox
# architecture/OS detection.
system.extraSystemBuilderCmds =
''
system.extraSystemBuilderCmds = ''
mkdir -m 0755 -p $out/bin
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
mkdir -m 0755 -p $out/sbin
@ -88,7 +89,9 @@
"1.1.1.1@853" # cloudflare-dns.com
"2606:4700:4700::1111@853" # cloudflare-dns.com
"1.0.0.1@853" # cloudflare-dns.com
"2606:4700:4700::1001@853\n forward-ssl-upstream: yes" #cloudflare-dns.com
''
2606:4700:4700::1001@853
forward-ssl-upstream: yes'' # cloudflare-dns.com
];
extraConfig = ''
server:
@ -191,8 +194,7 @@
memory = "";
interface = "";
load = "";
exec =
let
exec = let
unboundScript = builtins.toFile "unbound.rb" ''
loop do
`/run/current-system/sw/bin/unbound-control -c /var/lib/unbound/unbound.conf stats_noreset`

23
hosts/containers/elastic/configuration.nix
View File

@ -5,26 +5,23 @@
{ config, pkgs, lib, ... }:
{
imports =
[ ../../../lib/lxc-container.nix
imports = [
../../../lib/lxc-container.nix
../../../lib/shared.nix
../../../lib/admins.nix
];
environment.systemPackages = with pkgs; [
vim
];
environment.systemPackages = with pkgs; [ vim ];
networking = {
hostName = "elastic1";
interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.15"; prefixLength = 26; } ];
interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.15";
prefixLength = 26;
}];
defaultGateway = "172.20.73.1";
firewall = {
allowedTCPPorts = [
22
9200
9300
];
allowedTCPPorts = [ 22 9200 9300 ];
enable = true;
};
};
@ -46,9 +43,7 @@
systemd.services.elasticsearch.serviceConfig.Restart = "always";
# does not work, needs to be set on hv (done through ansible)
boot.kernel.sysctl = {
"vm.max_map_count"="262144";
};
boot.kernel.sysctl = { "vm.max_map_count" = "262144"; };
services.elasticsearch-curator = {
enable = true;

22
hosts/containers/freifunk/configuration.nix
View File

@ -12,9 +12,8 @@ let
ddmeshAddrPart = "200.74";
rt_table = 7;
bmxd = import (toString <lib/pkgs/bmxd.nix>) { inherit pkgs; };
sysinfo-json = import <this-host/sysinfo-json.nix> {
inherit pkgs bmxd ddmeshNode;
};
sysinfo-json =
import <this-host/sysinfo-json.nix> { inherit pkgs bmxd ddmeshNode; };
in {
imports = [
<nixpkgs/nixos/modules/profiles/minimal.nix>
@ -141,7 +140,9 @@ in {
script = ''
${pkgs.curl}/bin/curl \
-o /tmp/ddmesh-registration.json \
'${ddmeshRegisterUrl}?registerkey=${ddmeshRegisterKey}&node=${toString ddmeshNode}'
'${ddmeshRegisterUrl}?registerkey=${ddmeshRegisterKey}&node=${
toString ddmeshNode
}'
'';
serviceConfig = {
User = "nobody";
@ -229,8 +230,7 @@ in {
"c3d2.ffdd" = {
default = true;
root = <this-host/assets>;
locations =
let
locations = let
sysinfo-json = {
alias = "/run/nginx/sysinfo.json";
extraConfig = ''
@ -242,21 +242,25 @@ in {
index = "index.html";
extraConfig = ''
etag off;
add_header etag "\"${builtins.substring 11 32 (<this-host> + "/assets")}\"";
add_header etag "\"${
builtins.substring 11 32 (<this-host> + "/assets")
}\"";
'';
};
"=/sysinfo-json.cgi" = sysinfo-json;
"=/sysinfo.json" = sysinfo-json;
};
};
"storage.hq.c3d2.ffdd".locations."/".proxyPass = "http://storage.hq.c3d2.de/";
"storage.hq.c3d2.ffdd".locations."/".proxyPass =
"http://storage.hq.c3d2.de/";
"grafana.hq.c3d2.ffdd".locations."/" = {
proxyPass = "https://grafana.hq.c3d2.de/";
extraConfig = ''
proxy_ssl_server_name on;
'';
};
"influxdb.hq.c3d2.ffdd".locations."/".proxyPass = "http://grafana.hq.c3d2.de:8086/";
"influxdb.hq.c3d2.ffdd".locations."/".proxyPass =
"http://grafana.hq.c3d2.de:8086/";
};
};

30
hosts/containers/freifunk/sysinfo-json.nix
View File

@ -1,8 +1,6 @@
{ pkgs ? import <nixpkgs> {},
ffdd-server ? builtins.fetchGit "https://github.com/Freifunk-Dresden/ffdd-server.git",
bmxd,
ddmeshNode,
... }:
{ pkgs ? import <nixpkgs> { }, ffdd-server ?
builtins.fetchGit "https://github.com/Freifunk-Dresden/ffdd-server.git", bmxd
, ddmeshNode, ... }:
with pkgs;
let
@ -18,8 +16,7 @@ let
gps_longitude = "13.7285866";
gps_altitude = "100";
};
in
stdenv.mkDerivation {
in stdenv.mkDerivation {
name = "sysinfo-json";
src = "${ffdd-server}/salt/freifunk/base/ddmesh/";
buildPhase = ''
@ -50,14 +47,21 @@ stdenv.mkDerivation {
--replace '"node_type":"server"' '"node_type":"node"' \
--replace ddmesh-ipcalc.sh $out/bin/ddmesh-ipcalc.sh \
--replace lsb_release $out/bin/lsb_release \
--replace ${lib.strings.escapeShellArg "$(sudo /sbin/iptables -w -xvn -L stat_from_ovpn | awk '/RETURN/{print $2}')"} 0 \
--replace ${lib.strings.escapeShellArg "$(sudo /sbin/iptables -w -xvn -L stat_to_ovpn | awk '/RETURN/{print $2}')"} 0 \
--replace ${
lib.strings.escapeShellArg
"$(sudo /sbin/iptables -w -xvn -L stat_from_ovpn | awk '/RETURN/{print $2}')"
} 0 \
--replace ${
lib.strings.escapeShellArg
"$(sudo /sbin/iptables -w -xvn -L stat_to_ovpn | awk '/RETURN/{print $2}')"
} 0 \
--replace 'nettype_lookup[$2]' '"lan"' \
--replace awk ${gawk}/bin/awk
'' +
lib.strings.concatStrings (lib.attrsets.mapAttrsToList (
var: value: "substituteInPlace sysinfo-json.cgi --replace ${lib.strings.escapeShellArg "$(uci -qX get ffdd.sys.${var})"} '${value}'\n"
) nvram);
'' + lib.strings.concatStrings (lib.attrsets.mapAttrsToList (var: value: ''
substituteInPlace sysinfo-json.cgi --replace ${
lib.strings.escapeShellArg "$(uci -qX get ffdd.sys.${var})"
} '${value}'
'') nvram);
installPhase = ''
pwd
mkdir -p $out/bin

5
hosts/containers/grafana/configuration.nix
View File

@ -15,7 +15,10 @@
networking.hostName = "grafana";
networking.useNetworkd = true;
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.43"; prefixLength = 26; } ];
networking.interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.43";
prefixLength = 26;
}];
networking.defaultGateway = "172.20.73.1";
# http https influxdb

11
hosts/containers/kibana/configuration.nix
View File

@ -9,7 +9,10 @@
];
networking.hostName = "kibana";
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.44"; prefixLength = 26; } ];
networking.interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.44";
prefixLength = 26;
}];
networking.defaultGateway = "172.20.73.1";
networking.firewall.allowedTCPPorts = [ 80 443 ];
@ -31,8 +34,7 @@
acceptTerms = true;
email = "mail@c3d2.de";
};
services.nginx =
let
services.nginx = let
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
vhost = url: {
forceSSL = true;
@ -45,8 +47,7 @@
'';
};
};
in
{
in {
enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;

39
hosts/containers/logging/configuration.nix
View File

@ -5,33 +5,24 @@
{ config, pkgs, lib, ... }:
{
imports =
[ ../../../lib/lxc-container.nix
imports = [
../../../lib/lxc-container.nix
../../../lib/shared.nix
../../../lib/admins.nix
];
environment.systemPackages = with pkgs; [
vim
];
environment.systemPackages = with pkgs; [ vim ];
networking = {
hostName = "logging";
interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.13"; prefixLength = 26; } ];
interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.13";
prefixLength = 26;
}];
defaultGateway = "172.20.73.1";
firewall = {
allowedTCPPorts = [
22
9000
80
443
5044
12201
514
];
allowedUDPPorts = [
514
];
allowedTCPPorts = [ 22 9000 80 443 5044 12201 514 ];
allowedUDPPorts = [ 514 ];
enable = false;
};
dhcpcd.denyInterfaces = [ "eth1" ];
@ -53,20 +44,18 @@
services.nginx = {
enable = true;
virtualHosts = {
default = {
locations = {
"/".proxyPass = "http://127.0.0.1:9000/";
};
};
default = { locations = { "/".proxyPass = "http://127.0.0.1:9000/"; }; };
};
};
services.graylog = {
enable = true;
passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
passwordSecret =
"SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
# mongo.serv.zentralwerk. ?
elasticsearchHosts = [ "http://elastic1.serv.zentralwerk.org:9200" ];
rootPasswordSha2 = "3e784172684dcd89d66175b8719cd7894cc96b454ef1d5aa74bd92b3c57da7cd";
rootPasswordSha2 =
"3e784172684dcd89d66175b8719cd7894cc96b454ef1d5aa74bd92b3c57da7cd";
# mongo.serv.zentralwerk. ?
mongodbUri = "mongodb://mongo.serv.zentralwerk.org/graylog";
extraConfig = ''

4
hosts/containers/lxc-template.nix
View File

@ -22,9 +22,7 @@
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget vim
];
environment.systemPackages = with pkgs; [ wget vim ];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database

19
hosts/containers/mongo/configuration.nix
View File

@ -5,26 +5,23 @@
{ config, pkgs, lib, ... }:
{
imports =
[ ../../../lib/lxc-container.nix
imports = [
../../../lib/lxc-container.nix
../../../lib/shared.nix
../../../lib/admins.nix
];
environment.systemPackages = with pkgs; [
vim
mongodb-tools
];
environment.systemPackages = with pkgs; [ vim mongodb-tools ];
networking = {
hostName = "mongo";
interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.21"; prefixLength = 26; } ];
interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.21";
prefixLength = 26;
}];
defaultGateway = "172.20.73.1";
firewall = {
allowedTCPPorts = [
22
27017
];
allowedTCPPorts = [ 22 27017 ];
enable = true;
};
};

21
hosts/containers/mucbot/configuration.nix
View File

@ -1,20 +1,24 @@
{ config, pkgs, lib, ... }:
let
tiggerGit = builtins.fetchTarball https://github.com/astro/tigger/archive/master.tar.gz;
in
{
imports =
[ ../../../lib/lxc-container.nix
tiggerGit = builtins.fetchTarball
"https://github.com/astro/tigger/archive/master.tar.gz";
in {
imports = [
../../../lib/lxc-container.nix
../../../lib/shared.nix
../../../lib/admins.nix
"${tiggerGit}/module.nix"
];
networking.hostName = "mucbot";
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.27"; prefixLength = 26; } ];
networking.interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.27";
prefixLength = 26;
}];
networking.defaultGateway = "172.20.73.1";
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
networking.nameservers =
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
users.users.tigger = {
createHome = true;
@ -28,7 +32,8 @@ in
group = "tigger";
jid = import ../../../secrets/hosts/mucbot/jabber-jid.nix;
password = import ../../../secrets/hosts/mucbot/jabber-password.nix;
mucs = [ "c3d2@chat.c3d2.de/Astrobot" "international@chat.c3d2.de/Astrobot" ];
mucs =
[ "c3d2@chat.c3d2.de/Astrobot" "international@chat.c3d2.de/Astrobot" ];
};
# This value determines the NixOS release with which your system is to be

24
hosts/containers/prometheus/configuration.nix
View File

@ -5,28 +5,18 @@
{ config, pkgs, lib, ... }:
{
imports =
[ ../../../lib/lxc-container.nix
imports = [
../../../lib/lxc-container.nix
../../../lib/shared.nix
../../../lib/admins.nix
];
environment.systemPackages = with pkgs; [
vim
];
environment.systemPackages = with pkgs; [ vim ];
networking = {
hostName = "prometheus";
firewall = {
allowedTCPPorts = [
22
80
443
9090
9091
9093
9094
];
allowedTCPPorts = [ 22 80 443 9090 9091 9093 9094 ];
enable = true;
};
};
@ -51,8 +41,7 @@
"repeat_interval" = "4h";
"receiver" = "team-admins";
};
"receivers" = [
{
"receivers" = [{
"name" = "team-admins";
# "email_configs" = [
# {
@ -66,8 +55,7 @@
# "send_resolved" = true;
# }
# ];
}
];
}];
};
};

49
hosts/containers/public-access-proxy/configuration.nix
View File

@ -5,8 +5,8 @@
{ config, pkgs, lib, ... }:
{
imports =
[ ../../../lib/lxc-container.nix
imports = [
../../../lib/lxc-container.nix
../../../lib/shared.nix
../../../lib/admins.nix
./proxy.nix
@ -15,7 +15,10 @@
networking.hostName = "public-access-proxy";
networking.useNetworkd = true;
networking.interfaces.eth0 = {
ipv4.addresses = [ { address = "172.20.73.45"; prefixLength = 26; } ];
ipv4.addresses = [{
address = "172.20.73.45";
prefixLength = 26;
}];
};
networking.defaultGateway = "172.20.73.1";
@ -24,35 +27,55 @@
proxyHosts = [
{
hostNames = [ "cloud.bombenverleih.de" "unifi.arkom.men" ];
proxyTo = { host = "172.22.99.192"; httpPort = 80; httpsPort = 443; };
proxyTo = {
host = "172.22.99.192";
httpPort = 80;
httpsPort = 443;
};
}
{
hostNames = [ "grafana.hq.c3d2.de" ];
proxyTo = { host = "grafana.serv.zentralwerk.dn42"; httpPort = 80; httpsPort = 443; };
proxyTo = {
host = "grafana.serv.zentralwerk.dn42";
httpPort = 80;
httpsPort = 443;
};
}
{
hostNames = [ "kibana.hq.c3d2.de" "kibana-es.hq.c3d2.de" ];
proxyTo = { host = "kibana.serv.zentralwerk.dn42"; httpPort = 80; httpsPort = 443; };
proxyTo = {
host = "kibana.serv.zentralwerk.dn42";
httpPort = 80;
httpsPort = 443;
};
}
{
hostNames = [ "robo1.hq.c3d2.de" ];
proxyTo = { host = "172.20.79.62"; httpPort = 80; };
proxyTo = {
host = "172.20.79.62";
httpPort = 80;
};
}
{
hostNames = [ "robots.datenspuren.de" ];
proxyTo = { host = "172.22.99.170"; httpPort = 80; httpsPort = 443; };
proxyTo = {
host = "172.22.99.170";
httpPort = 80;
httpsPort = 443;
};
}
{
hostNames = [ "error.hq.c3d2.de" ];
proxyTo = { host = "172.20.73.47"; httpPort = 80; httpsPort = 443; };
proxyTo = {
host = "172.20.73.47";
httpPort = 80;
httpsPort = 443;
};
}
];
};
networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowedTCPPorts = [ 80 443 ];
system.stateVersion = "18.09"; # Did you read the comment?

56
hosts/containers/public-access-proxy/proxy.nix
View File

@ -1,8 +1,7 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.my.services.proxy;
let cfg = config.my.services.proxy;
in {
@ -15,8 +14,7 @@ in {
};
proxyHosts = mkOption {
type = types.listOf (types.submodule (
{
type = types.listOf (types.submodule ({
options = {
hostNames = mkOption {
type = types.listOf types.str;
@ -26,8 +24,7 @@ in {
'';
};
proxyTo = mkOption {
type = types.submodule (
{
type = types.submodule ({
options = {
host = mkOption {
type = types.nullOr types.string;
@ -62,11 +59,14 @@ in {
}));
default = [ ];
example = [
{ hostNames = [ "test.hq.c3d2.de" "test.c3d2.de" ];
proxyTo = { host = "172.22.99.99"; httpPort = 80; httpsPort = 443; };
}
];
example = [{
hostNames = [ "test.hq.c3d2.de" "test.c3d2.de" ];
proxyTo = {
host = "172.22.99.99";
httpPort = 80;
httpsPort = 443;
};
}];
};
};
@ -91,15 +91,16 @@ in {
option forwardfor
http-request set-header X-Forwarded-Proto http
http-request set-header X-Forwarded-Port 80
${concatMapStringsSep "\n" (proxyHost:
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
concatMapStringsSep "\n" (hostname: ''
${
concatMapStringsSep "\n" (proxyHost:
optionalString
(proxyHost.hostNames != [ ] && proxyHost.proxyTo.host != null)
(concatMapStringsSep "\n" (hostname: ''
use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort}
''
) (proxyHost.hostNames)
)
) (cfg.proxyHosts)
server ${hostname}-http ${proxyHost.proxyTo.host}:${
toString proxyHost.proxyTo.httpPort
}
'') (proxyHost.hostNames))) (cfg.proxyHosts)
}
frontend https-in
@ -114,15 +115,16 @@ in {
option http-server-close
http-request set-header X-Forwarded-Proto https
http-request set-header X-Forwarded-Port 443
${concatMapStringsSep "\n" (proxyHost:
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
concatMapStringsSep "\n" (hostname: ''
${
concatMapStringsSep "\n" (proxyHost:
optionalString
(proxyHost.hostNames != [ ] && proxyHost.proxyTo.host != null)
(concatMapStringsSep "\n" (hostname: ''
use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort}
''
) (proxyHost.hostNames)
)
) (cfg.proxyHosts)
server ${hostname}-https ${proxyHost.proxyTo.host}:${
toString proxyHost.proxyTo.httpsPort
}
'') (proxyHost.hostNames))) (cfg.proxyHosts)
}
'';
};

18
hosts/containers/registry/configuration.nix
View File

@ -5,8 +5,8 @@
{ config, pkgs, lib, ... }:
{
imports =
[ ../../../lib/lxc-container.nix
imports = [
../../../lib/lxc-container.nix
../../../lib/shared.nix
../../../lib/admins.nix
];
@ -37,20 +37,11 @@
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
22
80
443
5000
];
networking.firewall.allowedTCPPorts = [ 22 80 443 5000 ];
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget
vim
];
environment.systemPackages = with pkgs; [ wget vim ];
services.dockerRegistry = {
enable = true;
@ -81,4 +72,3 @@
system.stateVersion = "19.03"; # Did you read the comment?
}

32
hosts/containers/scrape/configuration.nix
View File

@ -24,24 +24,24 @@ in {
enableHail = false;
};
networking.hostName = "scrape";
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.32"; prefixLength = 26; } ];
networking.interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.32";
prefixLength = 26;
}];
networking.defaultGateway = "172.20.73.1";
# Required for krops
services.openssh.enable = true;
environment.systemPackages = [ pkgs.git ];
systemd.services =
let
scrapers = import (
builtins.fetchGit { url = "https://gitea.c3d2.de/astro/scrapers.git"; }
) {
inherit pkgs;
};
systemd.services = let
scrapers = import (builtins.fetchGit {
url = "https://gitea.c3d2.de/astro/scrapers.git";
}) { inherit pkgs; };
makeService = { script, host, user ? "", password ? "" }: {
script = "${scrapers.${script}}/bin/${script} ${host} ${user} ${password}";
script =
"${scrapers.${script}}/bin/${script} ${host} ${user} ${password}";
};
xeriLogin = import <secrets/hosts/scrape/xeri.nix>;
fhemLogin = import <secrets/hosts/scrape/fhem.nix>;
@ -73,18 +73,17 @@ in {
host = "matemat.hq.c3d2.de";
inherit (matematLogin) user password;
};
} // builtins.listToAttrs (map makeNodeScraper (builtins.attrNames freifunkNodes));
} // builtins.listToAttrs
(map makeNodeScraper (builtins.attrNames freifunkNodes));
systemd.timers =
let
systemd.timers = let
makeTimer = service: interval: {
partOf = [ "${service}.service" ];
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = interval;
};
makeNodeScraperTimer = nodeId:
let
name = "scrape-node${nodeId}";
let name = "scrape-node${nodeId}";
in {
inherit name;
value = makeTimer name "minutely";
@ -94,7 +93,8 @@ in {
scrape-roxi = makeTimer "scrape-roxi.service" "minutely";
scrape-fhem = makeTimer "scrape-fhem.service" "minutely";
scrape-matemat = makeTimer "scrape-matemat.service" "minutely";
} // builtins.listToAttrs (map makeNodeScraperTimer (builtins.attrNames freifunkNodes));
} // builtins.listToAttrs
(map makeNodeScraperTimer (builtins.attrNames freifunkNodes));
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database

19
hosts/containers/spaceapi/configuration.nix
View File

@ -1,24 +1,23 @@
{ config, pkgs, lib, ... }:
let
spacemsgGit = builtins.fetchGit https://github.com/astro/spacemsg.git;
in
{
imports =
[ ../../../lib/lxc-container.nix
let spacemsgGit = builtins.fetchGit "https://github.com/astro/spacemsg.git";
in {
imports = [
../../../lib/lxc-container.nix
../../../lib/shared.nix
../../../lib/admins.nix
"${spacemsgGit}/spaceapi/module.nix"
];
networking.hostName = "spaceapi";
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.25"; prefixLength = 26; } ];
networking.interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.25";
prefixLength = 26;
}];
networking.defaultGateway = "172.20.73.1";
networking.firewall.enable = false;
services.spaceapi = {
enable = true;
};
services.spaceapi = { enable = true; };
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database

16
hosts/glotzbert/configuration.nix
View File

@ -44,9 +44,15 @@
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget vim git tmux screen
chromium firefox
mpv kodi
wget
vim
git
tmux
screen
chromium
firefox
mpv
kodi
];
systemd.user.services.x11vnc = {
@ -108,9 +114,7 @@
services.xserver.xkbOptions = "eurosign:e";
services.xserver.displayManager = {
lightdm = {
enable = true;
};
lightdm = { enable = true; };
autoLogin = {
enable = true;
user = "k-ot";

11
hosts/glotzbert/hardware-configuration.nix
View File

@ -6,17 +6,18 @@
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/3a8ddd25-0c5d-4fec-b957-bdcea1c52db4";
fileSystems."/" = {
device = "/dev/disk/by-uuid/3a8ddd25-0c5d-4fec-b957-bdcea1c52db4";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/6490-45A0";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6490-45A0";
fsType = "vfat";
};

6
hosts/hydra/configuration.nix
View File

@ -1,11 +1,7 @@
{ config, pkgs, lib, ... }:
{
imports = [
./hydra.nix
./cache.nix
../../lib
];
imports = [ ./hydra.nix ./cache.nix ../../lib ];
c3d2 = {
users = {

6
hosts/hydra/hydra.nix
View File

@ -2,10 +2,8 @@
{
nix = {
binaryCaches = [
"https://cache.nixos.org"
"https://genodepkgs.cachix.org"
];
binaryCaches =
[ "https://cache.nixos.org" "https://genodepkgs.cachix.org" ];
binaryCachePublicKeys = [
"genodepkgs.cachix.org-1:j6xcYrUP9Q9c+WbS+MbkJR26cqeytOVdC4SmhOYj2Sw="
];

21
hosts/inbert-containers/ticker/configuration.nix
View File

@ -3,11 +3,10 @@
with lib;
let
tickerSrc = builtins.fetchGit {
url = "https://gitea.c3d2.de/astro/ticker.git";
};
in
{ boot.isContainer = true;
tickerSrc =
builtins.fetchGit { url = "https://gitea.c3d2.de/astro/ticker.git"; };
in {
boot.isContainer = true;
#boot.loader.initScript.enable = true;
networking.hostName = mkDefault "ticker";
networking.useDHCP = false;
@ -38,7 +37,8 @@ in
color = "#FF3F3F";
};
hicknhack = {
url = "https://www.google.com/calendar/ical/grhnk1uaotql6gv2dkf9ldmqjc%40group.calendar.google.com/public/basic.ics";
url =
"https://www.google.com/calendar/ical/grhnk1uaotql6gv2dkf9ldmqjc%40group.calendar.google.com/public/basic.ics";
color = "#A700A7";
};
palaissommer = {
@ -58,15 +58,18 @@ in
color = "#FF7F00";
};
rosenwerk-home = {
url = "https://www.google.com/calendar/ical/bj85d742g31mgkblbaiusmk3s8%40group.calendar.google.com/public/basic.ics";
url =
"https://www.google.com/calendar/ical/bj85d742g31mgkblbaiusmk3s8%40group.calendar.google.com/public/basic.ics";
color = "#BF003F";
};
rosenwerk-extern = {
url = "https://www.google.com/calendar/ical/ogo94kraeq5ckmu3jsr0uus2mo%40group.calendar.google.com/private-8d048bfa99cca84705ffa675aacfe22a/basic.ics";
url =
"https://www.google.com/calendar/ical/ogo94kraeq5ckmu3jsr0uus2mo%40group.calendar.google.com/private-8d048bfa99cca84705ffa675aacfe22a/basic.ics";
color = "#BF002F";
};
rosenwerk-kultur = {
url = "https://www.google.com/calendar/ical/93enn926ddhgr79hnqp83ipj3g%40group.calendar.google.com/public/basic.ics";
url =
"https://www.google.com/calendar/ical/93enn926ddhgr79hnqp83ipj3g%40group.calendar.google.com/public/basic.ics";
color = "#BF001F";
};
haengemathe = {

30
hosts/pulsebert/configuration.nix
View File

@ -7,15 +7,18 @@
let
octoprintPort = 8080;
espCam = "http://172.20.78.164:81";
in
{
in {
imports = [ # Include the results of the hardware scan.
<this-host/hardware-configuration.nix>
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = false;
boot.loader.raspberryPi = { enable = true; version = 4; uboot.enable = false; };
boot.loader.raspberryPi = {
enable = true;
version = 4;
uboot.enable = false;
};
#boot.kernelPackages = pkgs.linuxPackages_rpi4;
boot.kernelPackages = pkgs.linuxPackages_latest;
@ -49,10 +52,7 @@ in
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget vim git
raspberrypi-tools
];
environment.systemPackages = with pkgs; [ wget vim git raspberrypi-tools ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
@ -83,7 +83,6 @@ in
extraGroups = [ "wheel" "audio" ];
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
@ -111,10 +110,13 @@ in
systemWide = true;
tcp.enable = true;
tcp.anonymousClients.allowedIpRanges = [
"127.0.0.0/8" "::1/128"
"127.0.0.0/8"
"::1/128"
"fd23:42:c3d2:500::/56"
"172.22.99.0/24" "2a02:8106:208:5200::/56"
"172.20.72.0/21" "2a02:8106:211:e900::/56"
"172.22.99.0/24"
"2a02:8106:208:5200::/56"
"172.20.72.0/21"
"2a02:8106:211:e900::/56"
];
zeroconf.publish.enable = true;
package = pkgs.pulseaudioFull;
@ -190,11 +192,11 @@ in
};
# Allow access to printer serial port and GPIO
users.users.${config.services.octoprint.user}.extraGroups = [ "dialout" "gpio" ];
users.users.${config.services.octoprint.user}.extraGroups =
[ "dialout" "gpio" ];
systemd.services.mjpeg-stream =
let
mjpeg-proxy = pkgs.callPackage <lib/pkgs/mjpeg-proxy.nix> {};
let mjpeg-proxy = pkgs.callPackage <lib/pkgs/mjpeg-proxy.nix> { };
in {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];

12
hosts/pulsebert/hardware-configuration.nix
View File

@ -12,17 +12,15 @@
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.kernelParams = [
"snd_bcm2835.enable_headphones=1"
];
boot.kernelParams = [ "snd_bcm2835.enable_headphones=1" ];
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXOS_SD";
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/FIRMWARE";
fileSystems."/boot" = {
device = "/dev/disk/by-label/FIRMWARE";
fsType = "vfat";
};

19
hosts/storage-ng/hardware-configuration.nix
View File

@ -4,27 +4,24 @@
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/vda1";
fileSystems."/" = {
device = "/dev/vda1";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/vda3";
fileSystems."/boot" = {
device = "/dev/vda3";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/vda2"; }
];
swapDevices = [{ device = "/dev/vda2"; }];
nix.maxJobs = lib.mkDefault 4;
}

12
krops.nix
View File

@ -1,7 +1,5 @@
let
krops = builtins.fetchGit {
url = "https://cgit.krebsco.de/krops/";
};
krops = builtins.fetchGit { url = "https://cgit.krebsco.de/krops/"; };
lib = import "${krops}/lib";
pkgs = import "${krops}/pkgs" { };
@ -31,14 +29,10 @@ in {
glotzbert = pkgs.krops.writeDeploy "glotzbert" {
source = hostSource "glotzbert" "nixos-20.09";
target = lib.mkTarget "k-ot@glotzbert.hq.c3d2.de" // {
sudo = true;
};
target = lib.mkTarget "k-ot@glotzbert.hq.c3d2.de" // { sudo = true; };
};
pulsebert = pkgs.krops.writeDeploy "pulsebert" {
source = hostSource "pulsebert" "nixos-20.09";
target = lib.mkTarget "k-ot@pulsebert.hq.c3d2.de" // {
sudo = true;
};
target = lib.mkTarget "k-ot@pulsebert.hq.c3d2.de" // { sudo = true; };
};
}

7
lib/admins.nix
View File

@ -1,6 +1 @@
{ config, ... }:
{
imports = [
../secrets/lib/authorized_keys
];
}
{ config, ... }: { imports = [ ../secrets/lib/authorized_keys ]; }

6
lib/default.nix
View File

@ -162,12 +162,10 @@ in {
host.ip6
else
toHqPrivateAddress hostName;
in [
{
in [{
name = ip6;
value = [ "${hostName}.hq" hostName ];
}
] ++ lib.optional (hasAttr "ip4" host) {
}] ++ lib.optional (hasAttr "ip4" host) {
name = host.ip4;
value = [ "${hostName}.hq" hostName ];
};

3
lib/logging.nix
View File

@ -22,8 +22,7 @@ let
error_log syslog:server=graylog.server.org:12302;
'';
in
{
in {
# add central logging
services.journalbeat = {

11
lib/lxc-container.nix
View File

@ -15,7 +15,8 @@
networking.useNetworkd = true;
networking.useDHCP = false;
services.resolved.enable = false;
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
networking.nameservers =
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
networking.interfaces.eth0 = {
useDHCP = false;
@ -36,15 +37,17 @@
# Create a few files early before packing tarball for Proxmox
# architecture/OS detection.
system.extraSystemBuilderCmds =
''
system.extraSystemBuilderCmds = ''
mkdir -m 0755 -p $out/bin
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
mkdir -m 0755 -p $out/sbin
ln -s ../init $out/sbin/init
'';
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
fileSystems."/" = {
fsType = "rootfs";
device = "rootfs";
};
# add central logging
services.journalbeat = {

61
lib/lxc/default.nix
View File

@ -1,5 +1,4 @@
{ config, lib, pkgs,
... }:
{ config, lib, pkgs, ... }:
with lib;
let
@ -9,31 +8,25 @@ let
rev = "3a0767f0536fac811065eb87e6342f27eac085aa";
sha256 = "vC0vBu+0HchrevuWsmE7giouKnSt/q4F0TffwhuNJv8=";
};
nixcloud = (
import "${nixcloud-webservices}/pkgs" { inherit pkgs; }
).nixcloud;
nixcloud = (import "${nixcloud-webservices}/pkgs" { inherit pkgs; }).nixcloud;
profilesDir = "/nix/var/nix/profiles/lxc";
containers = config.lxc.containers;
nixPath = config.nix.nixPath;
toLxcConfig' = path: a:
if builtins.isString a
then "${path} = ${a}\n"
else if builtins.isInt a
then "${path} = ${toString a}\n"
else if builtins.isAttrs a
then lib.concatMapStrings (name:
let
path' = if path == ""
then name
else "${path}.${name}";
in
toLxcConfig' path' (builtins.getAttr name a)
) (builtins.attrNames a)
else if builtins.isList a
then lib.concatMapStrings (toLxcConfig' path) a
else throw "Invalid LXC config value";
if builtins.isString a then ''
${path} = ${a}
'' else if builtins.isInt a then ''
${path} = ${toString a}
'' else if builtins.isAttrs a then
lib.concatMapStrings (name:
let path' = if path == "" then name else "${path}.${name}";
in toLxcConfig' path' (builtins.getAttr name a)) (builtins.attrNames a)
else if builtins.isList a then
lib.concatMapStrings (toLxcConfig' path) a
else
throw "Invalid LXC config value";
toLxcConfig = toLxcConfig' "";
lxc-rootfs = pkgs.runCommand "lxc-rootfs" { } ''
@ -55,14 +48,18 @@ in {
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
'';
users.users.root.subGidRanges = [
{ count = 65536; startGid = 100000; }
];
users.users.root.subUidRanges = [
{ count = 65536; startUid = 100000; }
];
users.users.root.subGidRanges = [{
count = 65536;
startGid = 100000;
}];
users.users.root.subUidRanges = [{
count = 65536;
startUid = 100000;
}];
systemd.services = if true then {} else
systemd.services = if true then
{ }
else
builtins.foldl' (services: name:
let
systemDir = "/${profilesDir}/${name}/system";
@ -94,9 +91,8 @@ in {
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
serviceConfig.Environment = [
''NIX_PATH=${builtins.concatStringsSep ":" nixPath}''
];
serviceConfig.Environment =
[ "NIX_PATH=${builtins.concatStringsSep ":" nixPath}" ];
script = ''
mkdir -p ${profilesDir}/${name}
@ -123,7 +119,6 @@ in {
in services // {
"lxc-container-${name}-builder" = builder;
"lxc-container-${name}" = starter;
}
) {} (builtins.attrNames containers);
}) { } (builtins.attrNames containers);
};
}

12
lib/pkgs/bmxd.nix
View File

@ -1,18 +1,20 @@
{ pkgs ? import <nixpkgs> {},
src ? builtins.fetchGit "https://gitlab.freifunk-dresden.de/firmware-developer/firmware.git",
}:
{ pkgs ? import <nixpkgs> { }, src ? builtins.fetchGit
"https://gitlab.freifunk-dresden.de/firmware-developer/firmware.git", }:
with pkgs;
let
path = "feeds/19.07/feeds-own/bmxd";
makefile = builtins.readFile "${src}/${path}/Makefile";
makeDef = name:
builtins.elemAt (builtins.match ".*?${name}:=([^\n]+).*?" makefile) 0;
builtins.elemAt (builtins.match ''
.*?${name}:=([^
]+).*?'' makefile) 0;
name = makeDef "PKG_NAME";
version = makeDef "PKG_VERSION";
release = makeDef "PKG_RELEASE";
patch = fetchurl {
url = "https://gitlab.freifunk-dresden.de/firmware-developer/firmware/merge_requests/36.patch";
url =
"https://gitlab.freifunk-dresden.de/firmware-developer/firmware/merge_requests/36.patch";
sha256 = "10gm1fqg2s8c261i0j1py3sfyyzr0h5b6wwdsgg3icn7lfjd6k75";
};
in stdenv.mkDerivation {

3
lib/pkgs/pile.nix
View File

@ -1,8 +1,7 @@
{ pkgs ? import <nixpkgs> { } }:
with pkgs;
let
pile = builtins.fetchGit "https://github.com/astro/pile.git";
let pile = builtins.fetchGit "https://github.com/astro/pile.git";
in {
ledball = rustPlatform.buildRustPackage {
name = "ledball";