Nixfmt everything
This commit is contained in:
parent
211106cf53
commit
6170a9c4e0
|
@ -59,7 +59,8 @@ rec {
|
|||
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQCZ7f7bqRC6B72oMu7BCItZxZnWsqx9Th/2iBRvtIFggr4YNi7Pbw3cc68NVbm0u7feUUgH5LDiXVpig3b7Gw=
|
||||
'';
|
||||
};
|
||||
storage.publicKey = "storage.ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX";
|
||||
storage.publicKey =
|
||||
"storage.ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX";
|
||||
|
||||
};
|
||||
|
||||
|
|
|
@ -5,8 +5,8 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
imports = [
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
@ -25,7 +25,10 @@
|
|||
htop
|
||||
];
|
||||
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.16"; prefixLength = 26; } ];
|
||||
networking.interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.16";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
|
||||
networking = {
|
||||
|
@ -50,9 +53,7 @@
|
|||
# address = "fe80::a800:42ff:fe7a:3246";
|
||||
# interface = "ens18";
|
||||
#};
|
||||
firewall.allowedTCPPorts = [
|
||||
22
|
||||
];
|
||||
firewall.allowedTCPPorts = [ 22 ];
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
imports = [
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
||||
networking.hostName = "dhcp";
|
||||
networking.defaultGateway = "172.22.99.1";
|
||||
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||
networking.nameservers =
|
||||
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||
networking.useDHCP = false;
|
||||
networking.interfaces.eth0 = {
|
||||
ipv4.addresses = [{
|
||||
|
@ -21,9 +22,7 @@
|
|||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ vim ];
|
||||
|
||||
# dhcp
|
||||
networking.firewall.allowedUDPPorts = [ 67 68 ];
|
||||
|
|
|
@ -5,8 +5,8 @@ let
|
|||
address6 = "fe80::deca:fbad";
|
||||
neighbors = import ../../../secrets/hosts/dn42/neighbors.nix;
|
||||
in {
|
||||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
imports = [
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
../../../lib/default-gateway.nix
|
||||
|
@ -28,9 +28,7 @@ in {
|
|||
networking.useNetworkd = true;
|
||||
services.resolved.enable = false;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ vim ];
|
||||
|
||||
# SSH for nixops
|
||||
services.openssh.enable = true;
|
||||
|
@ -45,12 +43,11 @@ in {
|
|||
mknod -m 666 /dev/net/tun c 10 200
|
||||
fi
|
||||
'';
|
||||
services.openvpn =
|
||||
let
|
||||
services.openvpn = let
|
||||
openvpnNeighbors = lib.filterAttrs (_: conf: conf ? openvpn) neighbors;
|
||||
keyfile = name:
|
||||
builtins.toFile "${name}.key"
|
||||
(builtins.readFile (../../../secrets/hosts/dn42/openvpn + "/${name}.key"));
|
||||
builtins.toFile "${name}.key" (builtins.readFile
|
||||
(../../../secrets/hosts/dn42/openvpn + "/${name}.key"));
|
||||
mkServer = name: conf: {
|
||||
config = ''
|
||||
dev ${name}
|
||||
|
@ -73,16 +70,16 @@ in {
|
|||
'';
|
||||
};
|
||||
in {
|
||||
servers = builtins.mapAttrs (name: conf: mkServer name conf) openvpnNeighbors;
|
||||
servers =
|
||||
builtins.mapAttrs (name: conf: mkServer name conf) openvpnNeighbors;
|
||||
};
|
||||
|
||||
networking.wireguard = {
|
||||
enable = true;
|
||||
interfaces =
|
||||
let
|
||||
wireguardNeighbors = lib.filterAttrs (_: conf: conf ? wireguard) neighbors;
|
||||
in
|
||||
builtins.mapAttrs (name: conf: {
|
||||
interfaces = let
|
||||
wireguardNeighbors =
|
||||
lib.filterAttrs (_: conf: conf ? wireguard) neighbors;
|
||||
in builtins.mapAttrs (name: conf: {
|
||||
inherit (conf.wireguard) listenPort privateKey;
|
||||
ips = [ "${address4}/32" "${address6}/64" ];
|
||||
allowedIPsAsRoutes = false;
|
||||
|
@ -90,46 +87,40 @@ in {
|
|||
${pkgs.iproute}/bin/ip addr del ${address4}/32 dev ${name}
|
||||
${pkgs.iproute}/bin/ip addr add ${address4} dev ${name} peer ${conf.address4}/32
|
||||
'';
|
||||
peers = [ ({
|
||||
peers = [
|
||||
({
|
||||
inherit (conf.wireguard) publicKey;
|
||||
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
|
||||
persistentKeepalive = 30;
|
||||
} // (lib.optionalAttrs (conf.wireguard ? endpoint) {
|
||||
inherit (conf.wireguard) endpoint;
|
||||
})) ];
|
||||
}))
|
||||
];
|
||||
}) wireguardNeighbors;
|
||||
};
|
||||
|
||||
services.bird2 = {
|
||||
enable = true;
|
||||
config =
|
||||
config = let
|
||||
bgpNeighbors = builtins.concatStringsSep "\n" (builtins.attrValues
|
||||
(builtins.mapAttrs (name: conf:
|
||||
let
|
||||
bgpNeighbors =
|
||||
builtins.concatStringsSep "\n"
|
||||
(builtins.attrValues (builtins.mapAttrs (name: conf:
|
||||
let
|
||||
neighbor4 =
|
||||
if conf ? address4
|
||||
then ''
|
||||
neighbor4 = if conf ? address4 then ''
|
||||
protocol bgp ${name}_4 from dnpeers {
|
||||
neighbor ${conf.address4} as ${builtins.toString conf.asn};
|
||||
}
|
||||
''
|
||||
else "";
|
||||
neighbor6 =
|
||||
if conf ? address6
|
||||
then ''
|
||||
'' else
|
||||
"";
|
||||
neighbor6 = if conf ? address6 then ''
|
||||
protocol bgp ${name}_6 from dnpeers {
|
||||
neighbor ${conf.address6}%${interface} as ${builtins.toString conf.asn};
|
||||
neighbor ${conf.address6}%${interface} as ${
|
||||
builtins.toString conf.asn
|
||||
};
|
||||
}
|
||||
''
|
||||
else "";
|
||||
interface =
|
||||
if conf ? interface
|
||||
then conf.interface
|
||||
else name;
|
||||
in "${neighbor4}${neighbor6}"
|
||||
) neighbors));
|
||||
'' else
|
||||
"";
|
||||
interface = if conf ? interface then conf.interface else name;
|
||||
in "${neighbor4}${neighbor6}") neighbors));
|
||||
in ''
|
||||
protocol kernel {
|
||||
ipv4 {
|
||||
|
|
|
@ -1,9 +1,7 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||
];
|
||||
imports = [ <nixpkgs/nixos/modules/profiles/minimal.nix> ];
|
||||
nix.useSandbox = false;
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
|
||||
|
@ -13,16 +11,23 @@
|
|||
boot.loader.grub.enable = false;
|
||||
#boot.supportedFilesystems = ["zfs" "ext2" "ext3" "vfat" "fat32" "bcache" "bcachefs"];
|
||||
|
||||
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
|
||||
fileSystems."/" = {
|
||||
fsType = "rootfs";
|
||||
device = "rootfs";
|
||||
};
|
||||
|
||||
networking.hostName = "dnscache"; # Define your hostname.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
networking.useNetworkd = true;
|
||||
networking.useDHCP = false;
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.8"; prefixLength = 26; } ];
|
||||
networking.interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.8";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
services.resolved.enable = false;
|
||||
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||
networking.nameservers =
|
||||
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
@ -34,15 +39,11 @@
|
|||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget vim
|
||||
traceroute tcpdump bind
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ wget vim traceroute tcpdump bind ];
|
||||
|
||||
# Create a few files early before packing tarball for Proxmox
|
||||
# architecture/OS detection.
|
||||
system.extraSystemBuilderCmds =
|
||||
''
|
||||
system.extraSystemBuilderCmds = ''
|
||||
mkdir -m 0755 -p $out/bin
|
||||
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
|
||||
mkdir -m 0755 -p $out/sbin
|
||||
|
@ -88,7 +89,9 @@
|
|||
"1.1.1.1@853" # cloudflare-dns.com
|
||||
"2606:4700:4700::1111@853" # cloudflare-dns.com
|
||||
"1.0.0.1@853" # cloudflare-dns.com
|
||||
"2606:4700:4700::1001@853\n forward-ssl-upstream: yes" #cloudflare-dns.com
|
||||
''
|
||||
2606:4700:4700::1001@853
|
||||
forward-ssl-upstream: yes'' # cloudflare-dns.com
|
||||
];
|
||||
extraConfig = ''
|
||||
server:
|
||||
|
@ -191,8 +194,7 @@
|
|||
memory = "";
|
||||
interface = "";
|
||||
load = "";
|
||||
exec =
|
||||
let
|
||||
exec = let
|
||||
unboundScript = builtins.toFile "unbound.rb" ''
|
||||
loop do
|
||||
`/run/current-system/sw/bin/unbound-control -c /var/lib/unbound/unbound.conf stats_noreset`
|
||||
|
|
|
@ -5,26 +5,23 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
imports = [
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ vim ];
|
||||
|
||||
networking = {
|
||||
hostName = "elastic1";
|
||||
interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.15"; prefixLength = 26; } ];
|
||||
interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.15";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
defaultGateway = "172.20.73.1";
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
9200
|
||||
9300
|
||||
];
|
||||
allowedTCPPorts = [ 22 9200 9300 ];
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
@ -46,9 +43,7 @@
|
|||
systemd.services.elasticsearch.serviceConfig.Restart = "always";
|
||||
|
||||
# does not work, needs to be set on hv (done through ansible)
|
||||
boot.kernel.sysctl = {
|
||||
"vm.max_map_count"="262144";
|
||||
};
|
||||
boot.kernel.sysctl = { "vm.max_map_count" = "262144"; };
|
||||
|
||||
services.elasticsearch-curator = {
|
||||
enable = true;
|
||||
|
|
|
@ -12,9 +12,8 @@ let
|
|||
ddmeshAddrPart = "200.74";
|
||||
rt_table = 7;
|
||||
bmxd = import (toString <lib/pkgs/bmxd.nix>) { inherit pkgs; };
|
||||
sysinfo-json = import <this-host/sysinfo-json.nix> {
|
||||
inherit pkgs bmxd ddmeshNode;
|
||||
};
|
||||
sysinfo-json =
|
||||
import <this-host/sysinfo-json.nix> { inherit pkgs bmxd ddmeshNode; };
|
||||
in {
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||
|
@ -141,7 +140,9 @@ in {
|
|||
script = ''
|
||||
${pkgs.curl}/bin/curl \
|
||||
-o /tmp/ddmesh-registration.json \
|
||||
'${ddmeshRegisterUrl}?registerkey=${ddmeshRegisterKey}&node=${toString ddmeshNode}'
|
||||
'${ddmeshRegisterUrl}?registerkey=${ddmeshRegisterKey}&node=${
|
||||
toString ddmeshNode
|
||||
}'
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = "nobody";
|
||||
|
@ -229,8 +230,7 @@ in {
|
|||
"c3d2.ffdd" = {
|
||||
default = true;
|
||||
root = <this-host/assets>;
|
||||
locations =
|
||||
let
|
||||
locations = let
|
||||
sysinfo-json = {
|
||||
alias = "/run/nginx/sysinfo.json";
|
||||
extraConfig = ''
|
||||
|
@ -242,21 +242,25 @@ in {
|
|||
index = "index.html";
|
||||
extraConfig = ''
|
||||
etag off;
|
||||
add_header etag "\"${builtins.substring 11 32 (<this-host> + "/assets")}\"";
|
||||
add_header etag "\"${
|
||||
builtins.substring 11 32 (<this-host> + "/assets")
|
||||
}\"";
|
||||
'';
|
||||
};
|
||||
"=/sysinfo-json.cgi" = sysinfo-json;
|
||||
"=/sysinfo.json" = sysinfo-json;
|
||||
};
|
||||
};
|
||||
"storage.hq.c3d2.ffdd".locations."/".proxyPass = "http://storage.hq.c3d2.de/";
|
||||
"storage.hq.c3d2.ffdd".locations."/".proxyPass =
|
||||
"http://storage.hq.c3d2.de/";
|
||||
"grafana.hq.c3d2.ffdd".locations."/" = {
|
||||
proxyPass = "https://grafana.hq.c3d2.de/";
|
||||
extraConfig = ''
|
||||
proxy_ssl_server_name on;
|
||||
'';
|
||||
};
|
||||
"influxdb.hq.c3d2.ffdd".locations."/".proxyPass = "http://grafana.hq.c3d2.de:8086/";
|
||||
"influxdb.hq.c3d2.ffdd".locations."/".proxyPass =
|
||||
"http://grafana.hq.c3d2.de:8086/";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
{ pkgs ? import <nixpkgs> {},
|
||||
ffdd-server ? builtins.fetchGit "https://github.com/Freifunk-Dresden/ffdd-server.git",
|
||||
bmxd,
|
||||
ddmeshNode,
|
||||
... }:
|
||||
{ pkgs ? import <nixpkgs> { }, ffdd-server ?
|
||||
builtins.fetchGit "https://github.com/Freifunk-Dresden/ffdd-server.git", bmxd
|
||||
, ddmeshNode, ... }:
|
||||
|
||||
with pkgs;
|
||||
let
|
||||
|
@ -18,8 +16,7 @@ let
|
|||
gps_longitude = "13.7285866";
|
||||
gps_altitude = "100";
|
||||
};
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
in stdenv.mkDerivation {
|
||||
name = "sysinfo-json";
|
||||
src = "${ffdd-server}/salt/freifunk/base/ddmesh/";
|
||||
buildPhase = ''
|
||||
|
@ -50,14 +47,21 @@ stdenv.mkDerivation {
|
|||
--replace '"node_type":"server"' '"node_type":"node"' \
|
||||
--replace ddmesh-ipcalc.sh $out/bin/ddmesh-ipcalc.sh \
|
||||
--replace lsb_release $out/bin/lsb_release \
|
||||
--replace ${lib.strings.escapeShellArg "$(sudo /sbin/iptables -w -xvn -L stat_from_ovpn | awk '/RETURN/{print $2}')"} 0 \
|
||||
--replace ${lib.strings.escapeShellArg "$(sudo /sbin/iptables -w -xvn -L stat_to_ovpn | awk '/RETURN/{print $2}')"} 0 \
|
||||
--replace ${
|
||||
lib.strings.escapeShellArg
|
||||
"$(sudo /sbin/iptables -w -xvn -L stat_from_ovpn | awk '/RETURN/{print $2}')"
|
||||
} 0 \
|
||||
--replace ${
|
||||
lib.strings.escapeShellArg
|
||||
"$(sudo /sbin/iptables -w -xvn -L stat_to_ovpn | awk '/RETURN/{print $2}')"
|
||||
} 0 \
|
||||
--replace 'nettype_lookup[$2]' '"lan"' \
|
||||
--replace awk ${gawk}/bin/awk
|
||||
'' +
|
||||
lib.strings.concatStrings (lib.attrsets.mapAttrsToList (
|
||||
var: value: "substituteInPlace sysinfo-json.cgi --replace ${lib.strings.escapeShellArg "$(uci -qX get ffdd.sys.${var})"} '${value}'\n"
|
||||
) nvram);
|
||||
'' + lib.strings.concatStrings (lib.attrsets.mapAttrsToList (var: value: ''
|
||||
substituteInPlace sysinfo-json.cgi --replace ${
|
||||
lib.strings.escapeShellArg "$(uci -qX get ffdd.sys.${var})"
|
||||
} '${value}'
|
||||
'') nvram);
|
||||
installPhase = ''
|
||||
pwd
|
||||
mkdir -p $out/bin
|
||||
|
|
|
@ -15,7 +15,10 @@
|
|||
|
||||
networking.hostName = "grafana";
|
||||
networking.useNetworkd = true;
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.43"; prefixLength = 26; } ];
|
||||
networking.interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.43";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
|
||||
# http https influxdb
|
||||
|
|
|
@ -9,7 +9,10 @@
|
|||
];
|
||||
|
||||
networking.hostName = "kibana";
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.44"; prefixLength = 26; } ];
|
||||
networking.interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.44";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
|
@ -31,8 +34,7 @@
|
|||
acceptTerms = true;
|
||||
email = "mail@c3d2.de";
|
||||
};
|
||||
services.nginx =
|
||||
let
|
||||
services.nginx = let
|
||||
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
||||
vhost = url: {
|
||||
forceSSL = true;
|
||||
|
@ -45,8 +47,7 @@
|
|||
'';
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
in {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
|
|
|
@ -5,33 +5,24 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
imports = [
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ vim ];
|
||||
|
||||
networking = {
|
||||
hostName = "logging";
|
||||
interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.13"; prefixLength = 26; } ];
|
||||
interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.13";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
defaultGateway = "172.20.73.1";
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
9000
|
||||
80
|
||||
443
|
||||
5044
|
||||
12201
|
||||
514
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
514
|
||||
];
|
||||
allowedTCPPorts = [ 22 9000 80 443 5044 12201 514 ];
|
||||
allowedUDPPorts = [ 514 ];
|
||||
enable = false;
|
||||
};
|
||||
dhcpcd.denyInterfaces = [ "eth1" ];
|
||||
|
@ -53,20 +44,18 @@
|
|||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
default = {
|
||||
locations = {
|
||||
"/".proxyPass = "http://127.0.0.1:9000/";
|
||||
};
|
||||
};
|
||||
default = { locations = { "/".proxyPass = "http://127.0.0.1:9000/"; }; };
|
||||
};
|
||||
};
|
||||
|
||||
services.graylog = {
|
||||
enable = true;
|
||||
passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
|
||||
passwordSecret =
|
||||
"SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
|
||||
# mongo.serv.zentralwerk. ?
|
||||
elasticsearchHosts = [ "http://elastic1.serv.zentralwerk.org:9200" ];
|
||||
rootPasswordSha2 = "3e784172684dcd89d66175b8719cd7894cc96b454ef1d5aa74bd92b3c57da7cd";
|
||||
rootPasswordSha2 =
|
||||
"3e784172684dcd89d66175b8719cd7894cc96b454ef1d5aa74bd92b3c57da7cd";
|
||||
# mongo.serv.zentralwerk. ?
|
||||
mongodbUri = "mongodb://mongo.serv.zentralwerk.org/graylog";
|
||||
extraConfig = ''
|
||||
|
|
|
@ -22,9 +22,7 @@
|
|||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget vim
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ wget vim ];
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
|
|
|
@ -5,26 +5,23 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
imports = [
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
mongodb-tools
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ vim mongodb-tools ];
|
||||
|
||||
networking = {
|
||||
hostName = "mongo";
|
||||
interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.21"; prefixLength = 26; } ];
|
||||
interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.21";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
defaultGateway = "172.20.73.1";
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
27017
|
||||
];
|
||||
allowedTCPPorts = [ 22 27017 ];
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,20 +1,24 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
tiggerGit = builtins.fetchTarball https://github.com/astro/tigger/archive/master.tar.gz;
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
tiggerGit = builtins.fetchTarball
|
||||
"https://github.com/astro/tigger/archive/master.tar.gz";
|
||||
in {
|
||||
imports = [
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
"${tiggerGit}/module.nix"
|
||||
];
|
||||
|
||||
networking.hostName = "mucbot";
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.27"; prefixLength = 26; } ];
|
||||
networking.interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.27";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||
networking.nameservers =
|
||||
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||
|
||||
users.users.tigger = {
|
||||
createHome = true;
|
||||
|
@ -28,7 +32,8 @@ in
|
|||
group = "tigger";
|
||||
jid = import ../../../secrets/hosts/mucbot/jabber-jid.nix;
|
||||
password = import ../../../secrets/hosts/mucbot/jabber-password.nix;
|
||||
mucs = [ "c3d2@chat.c3d2.de/Astrobot" "international@chat.c3d2.de/Astrobot" ];
|
||||
mucs =
|
||||
[ "c3d2@chat.c3d2.de/Astrobot" "international@chat.c3d2.de/Astrobot" ];
|
||||
};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
|
|
|
@ -5,28 +5,18 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
imports = [
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ vim ];
|
||||
|
||||
networking = {
|
||||
hostName = "prometheus";
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
80
|
||||
443
|
||||
9090
|
||||
9091
|
||||
9093
|
||||
9094
|
||||
];
|
||||
allowedTCPPorts = [ 22 80 443 9090 9091 9093 9094 ];
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
@ -51,8 +41,7 @@
|
|||
"repeat_interval" = "4h";
|
||||
"receiver" = "team-admins";
|
||||
};
|
||||
"receivers" = [
|
||||
{
|
||||
"receivers" = [{
|
||||
"name" = "team-admins";
|
||||
# "email_configs" = [
|
||||
# {
|
||||
|
@ -66,8 +55,7 @@
|
|||
# "send_resolved" = true;
|
||||
# }
|
||||
# ];
|
||||
}
|
||||
];
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -5,8 +5,8 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
imports = [
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
./proxy.nix
|
||||
|
@ -15,7 +15,10 @@
|
|||
networking.hostName = "public-access-proxy";
|
||||
networking.useNetworkd = true;
|
||||
networking.interfaces.eth0 = {
|
||||
ipv4.addresses = [ { address = "172.20.73.45"; prefixLength = 26; } ];
|
||||
ipv4.addresses = [{
|
||||
address = "172.20.73.45";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
};
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
|
||||
|
@ -24,35 +27,55 @@
|
|||
proxyHosts = [
|
||||
{
|
||||
hostNames = [ "cloud.bombenverleih.de" "unifi.arkom.men" ];
|
||||
proxyTo = { host = "172.22.99.192"; httpPort = 80; httpsPort = 443; };
|
||||
proxyTo = {
|
||||
host = "172.22.99.192";
|
||||
httpPort = 80;
|
||||
httpsPort = 443;
|
||||
};
|
||||
}
|
||||
{
|
||||
hostNames = [ "grafana.hq.c3d2.de" ];
|
||||
proxyTo = { host = "grafana.serv.zentralwerk.dn42"; httpPort = 80; httpsPort = 443; };
|
||||
proxyTo = {
|
||||
host = "grafana.serv.zentralwerk.dn42";
|
||||
httpPort = 80;
|
||||
httpsPort = 443;
|
||||
};
|
||||
}
|
||||
{
|
||||
hostNames = [ "kibana.hq.c3d2.de" "kibana-es.hq.c3d2.de" ];
|
||||
proxyTo = { host = "kibana.serv.zentralwerk.dn42"; httpPort = 80; httpsPort = 443; };
|
||||
proxyTo = {
|
||||
host = "kibana.serv.zentralwerk.dn42";
|
||||
httpPort = 80;
|
||||
httpsPort = 443;
|
||||
};
|
||||
}
|
||||
{
|
||||
hostNames = [ "robo1.hq.c3d2.de" ];
|
||||
proxyTo = { host = "172.20.79.62"; httpPort = 80; };
|
||||
proxyTo = {
|
||||
host = "172.20.79.62";
|
||||
httpPort = 80;
|
||||
};
|
||||
}
|
||||
{
|
||||
hostNames = [ "robots.datenspuren.de" ];
|
||||
proxyTo = { host = "172.22.99.170"; httpPort = 80; httpsPort = 443; };
|
||||
proxyTo = {
|
||||
host = "172.22.99.170";
|
||||
httpPort = 80;
|
||||
httpsPort = 443;
|
||||
};
|
||||
}
|
||||
{
|
||||
hostNames = [ "error.hq.c3d2.de" ];
|
||||
proxyTo = { host = "172.20.73.47"; httpPort = 80; httpsPort = 443; };
|
||||
proxyTo = {
|
||||
host = "172.20.73.47";
|
||||
httpPort = 80;
|
||||
httpsPort = 443;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
system.stateVersion = "18.09"; # Did you read the comment?
|
||||
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.my.services.proxy;
|
||||
let cfg = config.my.services.proxy;
|
||||
|
||||
in {
|
||||
|
||||
|
@ -15,8 +14,7 @@ in {
|
|||
};
|
||||
|
||||
proxyHosts = mkOption {
|
||||
type = types.listOf (types.submodule (
|
||||
{
|
||||
type = types.listOf (types.submodule ({
|
||||
options = {
|
||||
hostNames = mkOption {
|
||||
type = types.listOf types.str;
|
||||
|
@ -26,8 +24,7 @@ in {
|
|||
'';
|
||||
};
|
||||
proxyTo = mkOption {
|
||||
type = types.submodule (
|
||||
{
|
||||
type = types.submodule ({
|
||||
options = {
|
||||
host = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
|
@ -62,11 +59,14 @@ in {
|
|||
|
||||
}));
|
||||
default = [ ];
|
||||
example = [
|
||||
{ hostNames = [ "test.hq.c3d2.de" "test.c3d2.de" ];
|
||||
proxyTo = { host = "172.22.99.99"; httpPort = 80; httpsPort = 443; };
|
||||
}
|
||||
];
|
||||
example = [{
|
||||
hostNames = [ "test.hq.c3d2.de" "test.c3d2.de" ];
|
||||
proxyTo = {
|
||||
host = "172.22.99.99";
|
||||
httpPort = 80;
|
||||
httpsPort = 443;
|
||||
};
|
||||
}];
|
||||
};
|
||||
|
||||
};
|
||||
|
@ -91,15 +91,16 @@ in {
|
|||
option forwardfor
|
||||
http-request set-header X-Forwarded-Proto http
|
||||
http-request set-header X-Forwarded-Port 80
|
||||
${concatMapStringsSep "\n" (proxyHost:
|
||||
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
||||
concatMapStringsSep "\n" (hostname: ''
|
||||
${
|
||||
concatMapStringsSep "\n" (proxyHost:
|
||||
optionalString
|
||||
(proxyHost.hostNames != [ ] && proxyHost.proxyTo.host != null)
|
||||
(concatMapStringsSep "\n" (hostname: ''
|
||||
use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
|
||||
server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort}
|
||||
''
|
||||
) (proxyHost.hostNames)
|
||||
)
|
||||
) (cfg.proxyHosts)
|
||||
server ${hostname}-http ${proxyHost.proxyTo.host}:${
|
||||
toString proxyHost.proxyTo.httpPort
|
||||
}
|
||||
'') (proxyHost.hostNames))) (cfg.proxyHosts)
|
||||
}
|
||||
|
||||
frontend https-in
|
||||
|
@ -114,15 +115,16 @@ in {
|
|||
option http-server-close
|
||||
http-request set-header X-Forwarded-Proto https
|
||||
http-request set-header X-Forwarded-Port 443
|
||||
${concatMapStringsSep "\n" (proxyHost:
|
||||
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
||||
concatMapStringsSep "\n" (hostname: ''
|
||||
${
|
||||
concatMapStringsSep "\n" (proxyHost:
|
||||
optionalString
|
||||
(proxyHost.hostNames != [ ] && proxyHost.proxyTo.host != null)
|
||||
(concatMapStringsSep "\n" (hostname: ''
|
||||
use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
|
||||
server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort}
|
||||
''
|
||||
) (proxyHost.hostNames)
|
||||
)
|
||||
) (cfg.proxyHosts)
|
||||
server ${hostname}-https ${proxyHost.proxyTo.host}:${
|
||||
toString proxyHost.proxyTo.httpsPort
|
||||
}
|
||||
'') (proxyHost.hostNames))) (cfg.proxyHosts)
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -5,8 +5,8 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
imports = [
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
@ -37,20 +37,11 @@
|
|||
};
|
||||
|
||||
# Open ports in the firewall.
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
22
|
||||
80
|
||||
443
|
||||
5000
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 22 80 443 5000 ];
|
||||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
vim
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ wget vim ];
|
||||
|
||||
services.dockerRegistry = {
|
||||
enable = true;
|
||||
|
@ -81,4 +72,3 @@
|
|||
system.stateVersion = "19.03"; # Did you read the comment?
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -24,24 +24,24 @@ in {
|
|||
enableHail = false;
|
||||
};
|
||||
|
||||
|
||||
networking.hostName = "scrape";
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.32"; prefixLength = 26; } ];
|
||||
networking.interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.32";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
|
||||
# Required for krops
|
||||
services.openssh.enable = true;
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
|
||||
systemd.services =
|
||||
let
|
||||
scrapers = import (
|
||||
builtins.fetchGit { url = "https://gitea.c3d2.de/astro/scrapers.git"; }
|
||||
) {
|
||||
inherit pkgs;
|
||||
};
|
||||
systemd.services = let
|
||||
scrapers = import (builtins.fetchGit {
|
||||
url = "https://gitea.c3d2.de/astro/scrapers.git";
|
||||
}) { inherit pkgs; };
|
||||
makeService = { script, host, user ? "", password ? "" }: {
|
||||
script = "${scrapers.${script}}/bin/${script} ${host} ${user} ${password}";
|
||||
script =
|
||||
"${scrapers.${script}}/bin/${script} ${host} ${user} ${password}";
|
||||
};
|
||||
xeriLogin = import <secrets/hosts/scrape/xeri.nix>;
|
||||
fhemLogin = import <secrets/hosts/scrape/fhem.nix>;
|
||||
|
@ -73,18 +73,17 @@ in {
|
|||
host = "matemat.hq.c3d2.de";
|
||||
inherit (matematLogin) user password;
|
||||
};
|
||||
} // builtins.listToAttrs (map makeNodeScraper (builtins.attrNames freifunkNodes));
|
||||
} // builtins.listToAttrs
|
||||
(map makeNodeScraper (builtins.attrNames freifunkNodes));
|
||||
|
||||
systemd.timers =
|
||||
let
|
||||
systemd.timers = let
|
||||
makeTimer = service: interval: {
|
||||
partOf = [ "${service}.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = interval;
|
||||
};
|
||||
makeNodeScraperTimer = nodeId:
|
||||
let
|
||||
name = "scrape-node${nodeId}";
|
||||
let name = "scrape-node${nodeId}";
|
||||
in {
|
||||
inherit name;
|
||||
value = makeTimer name "minutely";
|
||||
|
@ -94,7 +93,8 @@ in {
|
|||
scrape-roxi = makeTimer "scrape-roxi.service" "minutely";
|
||||
scrape-fhem = makeTimer "scrape-fhem.service" "minutely";
|
||||
scrape-matemat = makeTimer "scrape-matemat.service" "minutely";
|
||||
} // builtins.listToAttrs (map makeNodeScraperTimer (builtins.attrNames freifunkNodes));
|
||||
} // builtins.listToAttrs
|
||||
(map makeNodeScraperTimer (builtins.attrNames freifunkNodes));
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
|
|
|
@ -1,24 +1,23 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
spacemsgGit = builtins.fetchGit https://github.com/astro/spacemsg.git;
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
let spacemsgGit = builtins.fetchGit "https://github.com/astro/spacemsg.git";
|
||||
in {
|
||||
imports = [
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
"${spacemsgGit}/spaceapi/module.nix"
|
||||
];
|
||||
|
||||
networking.hostName = "spaceapi";
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.25"; prefixLength = 26; } ];
|
||||
networking.interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.25";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
networking.firewall.enable = false;
|
||||
|
||||
services.spaceapi = {
|
||||
enable = true;
|
||||
};
|
||||
services.spaceapi = { enable = true; };
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
|
|
|
@ -44,9 +44,15 @@
|
|||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget vim git tmux screen
|
||||
chromium firefox
|
||||
mpv kodi
|
||||
wget
|
||||
vim
|
||||
git
|
||||
tmux
|
||||
screen
|
||||
chromium
|
||||
firefox
|
||||
mpv
|
||||
kodi
|
||||
];
|
||||
|
||||
systemd.user.services.x11vnc = {
|
||||
|
@ -108,9 +114,7 @@
|
|||
services.xserver.xkbOptions = "eurosign:e";
|
||||
|
||||
services.xserver.displayManager = {
|
||||
lightdm = {
|
||||
enable = true;
|
||||
};
|
||||
lightdm = { enable = true; };
|
||||
autoLogin = {
|
||||
enable = true;
|
||||
user = "k-ot";
|
||||
|
|
|
@ -6,17 +6,18 @@
|
|||
{
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/3a8ddd25-0c5d-4fec-b957-bdcea1c52db4";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/3a8ddd25-0c5d-4fec-b957-bdcea1c52db4";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/6490-45A0";
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/6490-45A0";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,11 +1,7 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hydra.nix
|
||||
./cache.nix
|
||||
../../lib
|
||||
];
|
||||
imports = [ ./hydra.nix ./cache.nix ../../lib ];
|
||||
|
||||
c3d2 = {
|
||||
users = {
|
||||
|
|
|
@ -2,10 +2,8 @@
|
|||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = [
|
||||
"https://cache.nixos.org"
|
||||
"https://genodepkgs.cachix.org"
|
||||
];
|
||||
binaryCaches =
|
||||
[ "https://cache.nixos.org" "https://genodepkgs.cachix.org" ];
|
||||
binaryCachePublicKeys = [
|
||||
"genodepkgs.cachix.org-1:j6xcYrUP9Q9c+WbS+MbkJR26cqeytOVdC4SmhOYj2Sw="
|
||||
];
|
||||
|
|
|
@ -3,11 +3,10 @@
|
|||
with lib;
|
||||
|
||||
let
|
||||
tickerSrc = builtins.fetchGit {
|
||||
url = "https://gitea.c3d2.de/astro/ticker.git";
|
||||
};
|
||||
in
|
||||
{ boot.isContainer = true;
|
||||
tickerSrc =
|
||||
builtins.fetchGit { url = "https://gitea.c3d2.de/astro/ticker.git"; };
|
||||
in {
|
||||
boot.isContainer = true;
|
||||
#boot.loader.initScript.enable = true;
|
||||
networking.hostName = mkDefault "ticker";
|
||||
networking.useDHCP = false;
|
||||
|
@ -38,7 +37,8 @@ in
|
|||
color = "#FF3F3F";
|
||||
};
|
||||
hicknhack = {
|
||||
url = "https://www.google.com/calendar/ical/grhnk1uaotql6gv2dkf9ldmqjc%40group.calendar.google.com/public/basic.ics";
|
||||
url =
|
||||
"https://www.google.com/calendar/ical/grhnk1uaotql6gv2dkf9ldmqjc%40group.calendar.google.com/public/basic.ics";
|
||||
color = "#A700A7";
|
||||
};
|
||||
palaissommer = {
|
||||
|
@ -58,15 +58,18 @@ in
|
|||
color = "#FF7F00";
|
||||
};
|
||||
rosenwerk-home = {
|
||||
url = "https://www.google.com/calendar/ical/bj85d742g31mgkblbaiusmk3s8%40group.calendar.google.com/public/basic.ics";
|
||||
url =
|
||||
"https://www.google.com/calendar/ical/bj85d742g31mgkblbaiusmk3s8%40group.calendar.google.com/public/basic.ics";
|
||||
color = "#BF003F";
|
||||
};
|
||||
rosenwerk-extern = {
|
||||
url = "https://www.google.com/calendar/ical/ogo94kraeq5ckmu3jsr0uus2mo%40group.calendar.google.com/private-8d048bfa99cca84705ffa675aacfe22a/basic.ics";
|
||||
url =
|
||||
"https://www.google.com/calendar/ical/ogo94kraeq5ckmu3jsr0uus2mo%40group.calendar.google.com/private-8d048bfa99cca84705ffa675aacfe22a/basic.ics";
|
||||
color = "#BF002F";
|
||||
};
|
||||
rosenwerk-kultur = {
|
||||
url = "https://www.google.com/calendar/ical/93enn926ddhgr79hnqp83ipj3g%40group.calendar.google.com/public/basic.ics";
|
||||
url =
|
||||
"https://www.google.com/calendar/ical/93enn926ddhgr79hnqp83ipj3g%40group.calendar.google.com/public/basic.ics";
|
||||
color = "#BF001F";
|
||||
};
|
||||
haengemathe = {
|
||||
|
|
|
@ -7,15 +7,18 @@
|
|||
let
|
||||
octoprintPort = 8080;
|
||||
espCam = "http://172.20.78.164:81";
|
||||
in
|
||||
{
|
||||
in {
|
||||
imports = [ # Include the results of the hardware scan.
|
||||
<this-host/hardware-configuration.nix>
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.generic-extlinux-compatible.enable = false;
|
||||
boot.loader.raspberryPi = { enable = true; version = 4; uboot.enable = false; };
|
||||
boot.loader.raspberryPi = {
|
||||
enable = true;
|
||||
version = 4;
|
||||
uboot.enable = false;
|
||||
};
|
||||
#boot.kernelPackages = pkgs.linuxPackages_rpi4;
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
|
@ -49,10 +52,7 @@ in
|
|||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget vim git
|
||||
raspberrypi-tools
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ wget vim git raspberrypi-tools ];
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
|
@ -83,7 +83,6 @@ in
|
|||
extraGroups = [ "wheel" "audio" ];
|
||||
};
|
||||
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
|
@ -111,10 +110,13 @@ in
|
|||
systemWide = true;
|
||||
tcp.enable = true;
|
||||
tcp.anonymousClients.allowedIpRanges = [
|
||||
"127.0.0.0/8" "::1/128"
|
||||
"127.0.0.0/8"
|
||||
"::1/128"
|
||||
"fd23:42:c3d2:500::/56"
|
||||
"172.22.99.0/24" "2a02:8106:208:5200::/56"
|
||||
"172.20.72.0/21" "2a02:8106:211:e900::/56"
|
||||
"172.22.99.0/24"
|
||||
"2a02:8106:208:5200::/56"
|
||||
"172.20.72.0/21"
|
||||
"2a02:8106:211:e900::/56"
|
||||
];
|
||||
zeroconf.publish.enable = true;
|
||||
package = pkgs.pulseaudioFull;
|
||||
|
@ -190,11 +192,11 @@ in
|
|||
};
|
||||
|
||||
# Allow access to printer serial port and GPIO
|
||||
users.users.${config.services.octoprint.user}.extraGroups = [ "dialout" "gpio" ];
|
||||
users.users.${config.services.octoprint.user}.extraGroups =
|
||||
[ "dialout" "gpio" ];
|
||||
|
||||
systemd.services.mjpeg-stream =
|
||||
let
|
||||
mjpeg-proxy = pkgs.callPackage <lib/pkgs/mjpeg-proxy.nix> {};
|
||||
let mjpeg-proxy = pkgs.callPackage <lib/pkgs/mjpeg-proxy.nix> { };
|
||||
in {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
|
|
@ -12,17 +12,15 @@
|
|||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
boot.kernelParams = [
|
||||
"snd_bcm2835.enable_headphones=1"
|
||||
];
|
||||
boot.kernelParams = [ "snd_bcm2835.enable_headphones=1" ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-label/FIRMWARE";
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-label/FIRMWARE";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
|
|
|
@ -4,27 +4,24 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
];
|
||||
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/vda1";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/vda1";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/vda3";
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/vda3";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/vda2"; }
|
||||
];
|
||||
swapDevices = [{ device = "/dev/vda2"; }];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
}
|
||||
|
|
12
krops.nix
12
krops.nix
|
@ -1,7 +1,5 @@
|
|||
let
|
||||
krops = builtins.fetchGit {
|
||||
url = "https://cgit.krebsco.de/krops/";
|
||||
};
|
||||
krops = builtins.fetchGit { url = "https://cgit.krebsco.de/krops/"; };
|
||||
lib = import "${krops}/lib";
|
||||
pkgs = import "${krops}/pkgs" { };
|
||||
|
||||
|
@ -31,14 +29,10 @@ in {
|
|||
|
||||
glotzbert = pkgs.krops.writeDeploy "glotzbert" {
|
||||
source = hostSource "glotzbert" "nixos-20.09";
|
||||
target = lib.mkTarget "k-ot@glotzbert.hq.c3d2.de" // {
|
||||
sudo = true;
|
||||
};
|
||||
target = lib.mkTarget "k-ot@glotzbert.hq.c3d2.de" // { sudo = true; };
|
||||
};
|
||||
pulsebert = pkgs.krops.writeDeploy "pulsebert" {
|
||||
source = hostSource "pulsebert" "nixos-20.09";
|
||||
target = lib.mkTarget "k-ot@pulsebert.hq.c3d2.de" // {
|
||||
sudo = true;
|
||||
};
|
||||
target = lib.mkTarget "k-ot@pulsebert.hq.c3d2.de" // { sudo = true; };
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
../secrets/lib/authorized_keys
|
||||
];
|
||||
}
|
||||
{ config, ... }: { imports = [ ../secrets/lib/authorized_keys ]; }
|
||||
|
|
|
@ -162,12 +162,10 @@ in {
|
|||
host.ip6
|
||||
else
|
||||
toHqPrivateAddress hostName;
|
||||
in [
|
||||
{
|
||||
in [{
|
||||
name = ip6;
|
||||
value = [ "${hostName}.hq" hostName ];
|
||||
}
|
||||
] ++ lib.optional (hasAttr "ip4" host) {
|
||||
}] ++ lib.optional (hasAttr "ip4" host) {
|
||||
name = host.ip4;
|
||||
value = [ "${hostName}.hq" hostName ];
|
||||
};
|
||||
|
|
|
@ -22,8 +22,7 @@ let
|
|||
error_log syslog:server=graylog.server.org:12302;
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
in {
|
||||
|
||||
# add central logging
|
||||
services.journalbeat = {
|
||||
|
|
|
@ -15,7 +15,8 @@
|
|||
networking.useNetworkd = true;
|
||||
networking.useDHCP = false;
|
||||
services.resolved.enable = false;
|
||||
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||
networking.nameservers =
|
||||
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||
|
||||
networking.interfaces.eth0 = {
|
||||
useDHCP = false;
|
||||
|
@ -36,15 +37,17 @@
|
|||
|
||||
# Create a few files early before packing tarball for Proxmox
|
||||
# architecture/OS detection.
|
||||
system.extraSystemBuilderCmds =
|
||||
''
|
||||
system.extraSystemBuilderCmds = ''
|
||||
mkdir -m 0755 -p $out/bin
|
||||
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
|
||||
mkdir -m 0755 -p $out/sbin
|
||||
ln -s ../init $out/sbin/init
|
||||
'';
|
||||
|
||||
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
|
||||
fileSystems."/" = {
|
||||
fsType = "rootfs";
|
||||
device = "rootfs";
|
||||
};
|
||||
|
||||
# add central logging
|
||||
services.journalbeat = {
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ config, lib, pkgs,
|
||||
... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
@ -9,31 +8,25 @@ let
|
|||
rev = "3a0767f0536fac811065eb87e6342f27eac085aa";
|
||||
sha256 = "vC0vBu+0HchrevuWsmE7giouKnSt/q4F0TffwhuNJv8=";
|
||||
};
|
||||
nixcloud = (
|
||||
import "${nixcloud-webservices}/pkgs" { inherit pkgs; }
|
||||
).nixcloud;
|
||||
nixcloud = (import "${nixcloud-webservices}/pkgs" { inherit pkgs; }).nixcloud;
|
||||
|
||||
profilesDir = "/nix/var/nix/profiles/lxc";
|
||||
containers = config.lxc.containers;
|
||||
nixPath = config.nix.nixPath;
|
||||
|
||||
toLxcConfig' = path: a:
|
||||
if builtins.isString a
|
||||
then "${path} = ${a}\n"
|
||||
else if builtins.isInt a
|
||||
then "${path} = ${toString a}\n"
|
||||
else if builtins.isAttrs a
|
||||
then lib.concatMapStrings (name:
|
||||
let
|
||||
path' = if path == ""
|
||||
then name
|
||||
else "${path}.${name}";
|
||||
in
|
||||
toLxcConfig' path' (builtins.getAttr name a)
|
||||
) (builtins.attrNames a)
|
||||
else if builtins.isList a
|
||||
then lib.concatMapStrings (toLxcConfig' path) a
|
||||
else throw "Invalid LXC config value";
|
||||
if builtins.isString a then ''
|
||||
${path} = ${a}
|
||||
'' else if builtins.isInt a then ''
|
||||
${path} = ${toString a}
|
||||
'' else if builtins.isAttrs a then
|
||||
lib.concatMapStrings (name:
|
||||
let path' = if path == "" then name else "${path}.${name}";
|
||||
in toLxcConfig' path' (builtins.getAttr name a)) (builtins.attrNames a)
|
||||
else if builtins.isList a then
|
||||
lib.concatMapStrings (toLxcConfig' path) a
|
||||
else
|
||||
throw "Invalid LXC config value";
|
||||
toLxcConfig = toLxcConfig' "";
|
||||
|
||||
lxc-rootfs = pkgs.runCommand "lxc-rootfs" { } ''
|
||||
|
@ -55,14 +48,18 @@ in {
|
|||
lxc.id_map = u 0 100000 65536
|
||||
lxc.id_map = g 0 100000 65536
|
||||
'';
|
||||
users.users.root.subGidRanges = [
|
||||
{ count = 65536; startGid = 100000; }
|
||||
];
|
||||
users.users.root.subUidRanges = [
|
||||
{ count = 65536; startUid = 100000; }
|
||||
];
|
||||
users.users.root.subGidRanges = [{
|
||||
count = 65536;
|
||||
startGid = 100000;
|
||||
}];
|
||||
users.users.root.subUidRanges = [{
|
||||
count = 65536;
|
||||
startUid = 100000;
|
||||
}];
|
||||
|
||||
systemd.services = if true then {} else
|
||||
systemd.services = if true then
|
||||
{ }
|
||||
else
|
||||
builtins.foldl' (services: name:
|
||||
let
|
||||
systemDir = "/${profilesDir}/${name}/system";
|
||||
|
@ -94,9 +91,8 @@ in {
|
|||
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.RemainAfterExit = true;
|
||||
serviceConfig.Environment = [
|
||||
''NIX_PATH=${builtins.concatStringsSep ":" nixPath}''
|
||||
];
|
||||
serviceConfig.Environment =
|
||||
[ "NIX_PATH=${builtins.concatStringsSep ":" nixPath}" ];
|
||||
|
||||
script = ''
|
||||
mkdir -p ${profilesDir}/${name}
|
||||
|
@ -123,7 +119,6 @@ in {
|
|||
in services // {
|
||||
"lxc-container-${name}-builder" = builder;
|
||||
"lxc-container-${name}" = starter;
|
||||
}
|
||||
) {} (builtins.attrNames containers);
|
||||
}) { } (builtins.attrNames containers);
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,18 +1,20 @@
|
|||
{ pkgs ? import <nixpkgs> {},
|
||||
src ? builtins.fetchGit "https://gitlab.freifunk-dresden.de/firmware-developer/firmware.git",
|
||||
}:
|
||||
{ pkgs ? import <nixpkgs> { }, src ? builtins.fetchGit
|
||||
"https://gitlab.freifunk-dresden.de/firmware-developer/firmware.git", }:
|
||||
|
||||
with pkgs;
|
||||
let
|
||||
path = "feeds/19.07/feeds-own/bmxd";
|
||||
makefile = builtins.readFile "${src}/${path}/Makefile";
|
||||
makeDef = name:
|
||||
builtins.elemAt (builtins.match ".*?${name}:=([^\n]+).*?" makefile) 0;
|
||||
builtins.elemAt (builtins.match ''
|
||||
.*?${name}:=([^
|
||||
]+).*?'' makefile) 0;
|
||||
name = makeDef "PKG_NAME";
|
||||
version = makeDef "PKG_VERSION";
|
||||
release = makeDef "PKG_RELEASE";
|
||||
patch = fetchurl {
|
||||
url = "https://gitlab.freifunk-dresden.de/firmware-developer/firmware/merge_requests/36.patch";
|
||||
url =
|
||||
"https://gitlab.freifunk-dresden.de/firmware-developer/firmware/merge_requests/36.patch";
|
||||
sha256 = "10gm1fqg2s8c261i0j1py3sfyyzr0h5b6wwdsgg3icn7lfjd6k75";
|
||||
};
|
||||
in stdenv.mkDerivation {
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
{ pkgs ? import <nixpkgs> { } }:
|
||||
|
||||
with pkgs;
|
||||
let
|
||||
pile = builtins.fetchGit "https://github.com/astro/pile.git";
|
||||
let pile = builtins.fetchGit "https://github.com/astro/pile.git";
|
||||
in {
|
||||
ledball = rustPlatform.buildRustPackage {
|
||||
name = "ledball";
|
||||
|
|
Loading…
Reference in New Issue