Merge branch 'master' of ssh://gitea.c3d2.de:2222/C3D2/nix-config

hosts/containers/spaceapi/configuration.nix

@@ -0,0 +1,28 @@
+{ config, pkgs, lib, ... }:
+
+let
+  spacemsgGit = builtins.fetchGit https://github.com/astro/spacemsg.git;
+in
+{
+  imports =
+    [ ../../../lib/lxc-container.nix
+      ../../../lib/shared.nix
+      ../../../lib/admins.nix
+      "${spacemsgGit}/spaceapi/module.nix"
+    ];
+
+  networking.hostName = "spaceapi";
+  networking.useNetworkd = true;
+  networking.defaultGateway = "172.22.99.4";
+  networking.useDHCP = lib.mkForce true;
+
+  services.spaceapi = {
+    enable = true;
+  };
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "19.03"; # Did you read the comment?
+}

hosts/glotzbert/configuration.nix

@@ -16,7 +16,6 @@ in
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ../../lib/admins.nix
     ];
 
   # Use the systemd-boot EFI boot loader.
@@ -94,10 +93,10 @@ in
       anonymousClients.allowAll = true;
     };
     extraConfig = ''
-      load-module module-tunnel-sink server=cibert.hq.c3d2.de
+      load-module module-tunnel-sink server=pulsebert.hq.c3d2.de
     '';
     extraClientConf = ''
-      default-server = cibert.hq.c3d2.de
+      default-server = pulsebert.hq.c3d2.de
     '';
   };
 
@@ -117,8 +116,8 @@ in
   };
   services.xserver.desktopManager = {
     gnome3.enable = true;
-    kodi.enable = false;
-    default = "gnome";
+    kodi.enable = true;
+    default = "kodi";
   };
 
   security.sudo = {

hosts/glotzbert/hardware-configuration.nix

@@ -11,7 +11,7 @@
   boot.initrd.availableKernelModules = [ "ohci_pci" "ehci_pci" "ahci" "firewire_ohci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
   boot.kernelModules = [ "kvm-intel" "wl" "forcedeth" "b43" ];
   boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
-  boot.kernelParams = [ "irqpoll" ];  # noapic seems to improve things
+  boot.kernelParams = [ "irqpoll" "hpet=off" ];  # noapic seems to improve things
 
   fileSystems."/" =
     { device = "/dev/disk/by-uuid/4568bf11-6e40-4514-9bc9-3194a299c45f";

hosts/glotzbert/x11vnc-service.nix

@@ -0,0 +1,24 @@
+{ stdenv, pkgs, ... }:
+
+with pkgs;
+stdenv.mkDerivation rec {
+  name = "x11vnc-service";
+  version = "0.0.0";
+  src = ./.;
+
+  buildInputs = [ x11vnc ];
+
+  dontBuild = true;
+  installPhase = ''
+    cat > $out/lib/systemd/user/x11vnc.service <<_EOF_
+    [Unit]
+    Description=VNC server
+    
+    [Service]
+    Type=simple
+    ExecStart=${x11vnc}/bin/x11vnc -shared -forever -passwd k-ot
+    Restart=on-failure
+    
+    _EOF_
+  '';
+}

hosts/hydra/adc.nix

@@ -0,0 +1,36 @@
+{ config, pkgs, lib, ... }:
+
+let ncdcPort = 1512;
+in {
+  services.uhub = {
+    enable = true;
+    enableTLS = false;
+    port = 19061;
+    hubConfig = ''
+      hub_name=c3d2
+      hub_description=<<</>>
+      show_banner_sys_info=0
+    '';
+    plugins.history.enable = true;
+    plugins.welcome = {
+      enable = true;
+      motd = ''
+          ______    ______
+         / / / /   / /\ \ \
+        / / / /   / /  \ \ \
+        \ \ \ \  / /   / / /
+         \_\_\_\/_/   /_/_/
+      '';
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ ncdcPort config.services.uhub.port ];
+  networking.firewall.allowedUDPPorts = [ ncdcPort ];
+
+  users.users.ncdc = {
+    isNormalUser = true;
+    uid = 1511;
+    openssh.authorizedKeys.keys =
+      config.users.users.root.openssh.authorizedKeys.keys;
+  };
+}

hosts/hydra/c3d2.svg

@@ -0,0 +1,140 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="594.28000pt"
+   height="194.89000pt"
+   id="svg1"
+   sodipodi:version="0.32"
+   inkscape:version="0.92.4 (5da689c313, 2019-01-14)"
+   sodipodi:docname="c3d2-hydra.svg"
+   version="1.1">
+  <defs
+     id="defs3" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="0.86831672"
+     inkscape:cx="352.96715"
+     inkscape:cy="96.614901"
+     inkscape:current-layer="svg1"
+     showgrid="false"
+     inkscape:grid-bbox="true"
+     inkscape:grid-points="true"
+     inkscape:guide-bbox="true"
+     inkscape:guide-points="true"
+     guidetolerance="2.0000000px"
+     inkscape:window-width="1362"
+     inkscape:window-height="729"
+     inkscape:window-x="0"
+     inkscape:window-y="18"
+     inkscape:window-maximized="0">
+    <inkscape:grid
+       id="GridFromPre046Settings"
+       type="xygrid"
+       originx="0"
+       originy="0"
+       spacingx="1.3333333"
+       spacingy="1.3333333"
+       color="#3f3fff"
+       empcolor="#3f3fff"
+       opacity="0.15"
+       empopacity="0.38"
+       empspacing="5" />
+  </sodipodi:namedview>
+  <metadata
+     id="metadata4">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1" />
+  <path
+     d="M 5,123.6125 80,4.8625031 c 0,0 68.75,0 68.75,0 0,0 -68.75,118.7499969 -68.75,118.7499969 0,0 68.75,116.25 68.75,116.25 h -75 z"
+     id="path4772"
+     style="fill:#5175c0;fill-opacity:1" />
+  <path
+     d="M 92.5,123.6125 161.25,4.8625031 c 0,0 75,0 75,0 0,0 -68.75,118.7499969 -68.75,118.7499969 l 68.75,116.25 h -75 z"
+     id="path4770"
+     style="fill:#7eb3de;fill-opacity:1" />
+  <path
+     d="M 180,123.6125 248.75,4.8625031 c 0,0 75,0 75,0 0,0 -67.5,118.7499969 -67.5,118.7499969 l 67.5,116.25 h -75 z"
+     id="path4768"
+     style="fill:#5175c0;fill-opacity:1" />
+  <path
+     d="m 423.75,4.8625031 c 0,0 68.75,0 68.75,0 L 405,239.8625 h -68.75 z"
+     id="path4766"
+     style="fill:#7eb3de;fill-opacity:1" />
+  <path
+     d="m 573.75,123.6125 c 0,0 -68.75,-118.7499969 -68.75,-118.7499969 0,0 75,0 75,0 0,0 68.75,118.7499969 68.75,118.7499969 L 580,239.8625 h -75 c 0,0 68.75,-116.25 68.75,-116.25 z"
+     id="path4764"
+     style="fill:#5175c0;fill-opacity:1" />
+  <path
+     d="m 592.5,239.8625 c 0,0 68.75,-116.25 68.75,-116.25 0,0 -68.75,-118.7499969 -68.75,-118.7499969 h 75 L 736.25,123.6125 667.5,239.8625 c 0,0 -75,0 -75,0 z"
+     id="path1103"
+     style="fill:#7eb3de;fill-opacity:1" />
+  <path
+     style="opacity:0;fill:#ffffff;fill-opacity:1;stroke-width:1.15165353"
+     d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
+     id="path4748"
+     inkscape:connector-curvature="0" />
+  <path
+     style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
+     d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
+     id="path4750"
+     inkscape:connector-curvature="0" />
+  <path
+     style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
+     d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
+     id="path4752"
+     inkscape:connector-curvature="0" />
+  <path
+     style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
+     d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
+     id="path4754"
+     inkscape:connector-curvature="0" />
+  <path
+     style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
+     d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
+     id="path4756"
+     inkscape:connector-curvature="0" />
+  <path
+     style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
+     d="M 39.798247,182.97391 C 21.194881,151.51668 5.8549221,124.95667 5.7094473,123.95167 5.5639725,122.94667 22.182803,95.693953 42.640183,63.390072 L 79.835419,4.6557429 114.01929,4.3506923 c 22.26699,-0.1987067 34.18387,0.097179 34.18387,0.8487563 0,0.6345938 -15.27869,27.5376884 -33.95263,59.7846534 l -33.952629,58.630848 33.952629,57.40622 c 18.67394,31.57343 33.95263,57.79806 33.95263,58.27697 0,0.47891 -16.78064,0.87075 -37.29031,0.87075 H 73.622545 Z"
+     id="path4758" />
+  <path
+     style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
+     d="M 39.798247,182.97391 C 21.194881,151.51668 5.8549221,124.95667 5.7094473,123.95167 5.5639725,122.94667 22.182803,95.693953 42.640183,63.390072 L 79.835419,4.6557429 114.01929,4.3506923 c 22.26699,-0.1987067 34.18387,0.097179 34.18387,0.8487563 0,0.6345938 -15.27869,27.5376884 -33.95263,59.7846534 l -33.952629,58.630848 33.952629,57.40622 c 18.67394,31.57343 33.95263,57.79806 33.95263,58.27697 0,0.47891 -16.78064,0.87075 -37.29031,0.87075 H 73.622545 Z"
+     id="path4774"
+     inkscape:connector-curvature="0" />
+  <path
+     style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
+     d="m 336.47317,238.17057 c 0.44551,-1.11786 18.66473,-49.97005 40.48715,-108.56042 C 398.78275,71.019777 418.2387,18.806685 420.19578,13.581058 l 3.55833,-9.5011418 h 34.39672 c 18.9182,0 34.38454,0.388683 34.36966,0.8637401 -0.0148,0.4750571 -19.62584,53.4655147 -43.57989,117.7565737 l -43.55283,116.89283 -34.86232,0.30499 c -32.91995,0.28801 -34.81718,0.19175 -34.05228,-1.72748 z"
+     id="path4776"
+     inkscape:connector-curvature="0" />
+  <path
+     style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
+     d="m 336.47317,238.17057 c 0.44551,-1.11786 18.66473,-49.97005 40.48715,-108.56042 C 398.78275,71.019777 418.2387,18.806685 420.19578,13.581058 l 3.55833,-9.5011418 h 34.39672 c 18.9182,0 34.38454,0.388683 34.36966,0.8637401 -0.0148,0.4750571 -19.62584,53.4655147 -43.57989,117.7565737 l -43.55283,116.89283 -34.86232,0.30499 c -32.91995,0.28801 -34.81718,0.19175 -34.05228,-1.72748 z"
+     id="path4778"
+     inkscape:connector-curvature="0" />
+</svg>

hosts/hydra/cache.nix

@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+{
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = "/var/cache-priv-key.pem";
+  };
+
+  networking.firewall.allowedTCPPorts = [ config.services.nix-serve.port ];
+
+  services.nginx.virtualHosts."nix-serve.hq.c3d2.de" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/".extraConfig = ''
+      proxy_pass http://localhost:${toString config.services.nix-serve.port};
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    '';
+  };
+}

hosts/hydra/configuration.nix

@@ -0,0 +1,56 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports = [
+    <nixpkgs/nixos/modules/profiles/minimal.nix>
+    ./adc.nix
+    ./hydra.nix
+    ./cache.nix
+    ./../../lib/common/c3d2.nix
+  ];
+
+  security.pam.enableSSHAgentAuth = true;
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
+  ];
+  services.openssh.enable = true;
+
+  nix.useSandbox = false;
+  nix.maxJobs = lib.mkDefault 4;
+
+  boot.isContainer = true;
+  boot.loader.initScript.enable = true;
+  boot.loader.grub.enable = false;
+
+  fileSystems."/" = {
+    fsType = "rootfs";
+    device = "rootfs";
+  };
+
+  networking.hostName = "192";
+  networking.useNetworkd = true;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
+  };
+
+  environment.systemPackages = with pkgs; [ tmux htop vim ];
+
+  # Create a few files early before packing tarball for Proxmox
+  # architecture/OS detection.
+  system.extraSystemBuilderCmds = ''
+    mkdir -m 0755 -p $out/bin
+    ln -s ${pkgs.bash}/bin/bash $out/bin/sh
+    mkdir -m 0755 -p $out/sbin
+    ln -s ../init $out/sbin/init
+  '';
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "19.03"; # Did you read the comment?
+}

hosts/hydra/hydra.nix

@@ -0,0 +1,38 @@
+{ config, pkgs, ... }:
+
+{
+  nix = {
+    binaryCaches = [ "https://cache.nixos.org" "https://cache.dhall-lang.org" ];
+    binaryCachePublicKeys =
+      [ "cache.dhall-lang.org:I9/H18WHd60olG5GsIjolp7CtepSgJmM2CsO813VTmM=" ];
+    buildMachines = [{
+      hostName = "localhost";
+      system = "x86_64-linux";
+      maxJobs = 2;
+    }];
+  };
+
+  services.hydra = {
+    enable = true;
+    hydraURL = "https://hydra.hq.c3d2.de";
+    logo = ./c3d2.svg;
+    notificationSender = "hydra@spam.works";
+    useSubstitutes = false;
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedGzipSettings = true;
+    virtualHosts = {
+      "hydra.hq.c3d2.de" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/".proxyPass =
+          "http://localhost:${toString config.services.hydra.port}";
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}

hosts/pulsebert/configuration.nix

@@ -12,9 +12,9 @@ in {
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
       ../../lib/admins.nix
-      ../../common.nix
-      ../../users.nix
-      ../../mpd.nix
+      ../../lib/common/common.nix
+      ../../lib/users.nix
+      ../../lib/mpd.nix
     ];
 
   # Use the systemd-boot EFI boot loader.
@@ -192,12 +192,6 @@ in {
 		type "pulse"
 		name "/proc"
 	}
-
-	audio_output {
-		type "pulse"
-		name "SDK"
-		server "dacbert.hq.c3d2.de"
-	}
     '';
 
   services.caddy = {

hq.nixops

@@ -127,5 +127,16 @@
 			};
 	  };
 
+    "spaceapi" =
+    { ... }:
+		{
+			imports = [
+				hosts/containers/spaceapi/configuration.nix
+			];
+			deployment = {
+				targetHost = "2a02:8106:208:5282:1457:adff:fe93:62e9";
+				storeKeysOnMachine = true;
+			};
+	  };
 
 }

lib/common/c3d2.nix

@@ -1,11 +1,18 @@
 { config, pkgs, ... }:
 
 {
-  imports = [./common.nix];
+  imports = [ ./common.nix ];
 
-  networking = {
-    domain = "hq.c3d2.de";
-    defaultGateway.address = "172.22.99.1";
+  users.motd = builtins.readFile ./motd;
+
+  networking.domain = "hq.c3d2.de";
+
+  nix = if config.services.nix-serve.enable then
+    { }
+  else {
+    binaryCaches = [ "https://nix-serve.hq.c3d2.de" ];
+    binaryCachePublicKeys =
+      [ "nix-serve.hq.c3d2.de:FEi9GyFkou1Ua8INaEKmuGaww9E5y3XwrNGNRfKYeLo=" ];
   };
 
 }

lib/common/motd

@@ -0,0 +1,6 @@
+  ______    ______  
+ / / / /   / /\ \ \ 
+/ / / /   / /  \ \ \
+\ \ \ \  / /   / / /
+ \_\_\_\/_/   /_/_/ 
+                    

lib/mpd.nix

@@ -1,28 +1,30 @@
 { config, pkgs, lib, ... }:
 
 let
-  hostMpd = if config.networking.hostName == "storage-ng" then
-    {
-      musicDirectory = "/mnt/cephfs/c3d2/rpool/Music";
-    }
-    else
-    {
-      dbFile = null;
-      musicDirectory = "/mnt/storage/Music";
-      extraConfig = ''
-        database {
-          plugin "proxy"
-          host "storage-ng.hq.c3d2.de"
-        }
-      '';
-    };
-in
-{
+  hostMpd = if config.networking.hostName == "storage-ng" then {
+    musicDirectory = "/mnt/cephfs/c3d2/rpool/Music";
+    extraConfig = ''
+      audio_output {
+        name "null"
+        type "null"
+      }
+    '';
+  } else {
+    dbFile = null;
+    musicDirectory = "/mnt/storage/Music";
+    playlistDirectory = "/home/k-ot/Playlists";
+    extraConfig = ''
+      database {
+        plugin "proxy"
+        host "storage-ng.hq.c3d2.de"
+      }
+    '';
+  };
+in {
   services.mpd = (hostMpd // {
-    enable=true;
+    enable = true;
     network.listenAddress = "any";
   });
 
-  networking.firewall.allowedTCPPorts =
-   [ config.services.mpd.network.port ];
+  networking.firewall.allowedTCPPorts = [ config.services.mpd.network.port ];
 }