diff --git a/README.md b/README.md index 777ad6b8..7fc55081 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,37 @@ +# Setup + +Nix with flakes support is required. Run this in a shell… +``` +# Enter a temporary shell with flakes support: +nix-shell --packages nixFlakes + +# Set some configuration (do this only once): +echo 'experimental-features = nix-command flakes' >> ~/.config/nix/nix.conf + +# Add this repository to your local flake registry: +nix registry add c3d2 git+https://gitea.c3d2.de/C3D2/nix-config +``` + +…or set this to your NixOS configuration: +``` +{ pkgs, ... }: { + nix = { + package = pkgs.nixFlakes; + extraOptions = "experimental-features = nix-command flakes"; + }; +} +``` + # Deployment Beide failen bei Activation des neuen Profils. (TODO) +## Mit flakes + +Use `nix run` with one of the deploy scripts exported by the flake, +for example: `nix run c3d2#deploy-glotzbert switch`. Use `nix flake show c3d2` +to show what is available. Note that the deploy scripts only work if +the target machines already has flakes enabled. ## Mit NixOps @@ -55,10 +85,10 @@ This is necessary, so you can login to any machine with your gpg key. # Laptops / Desktops -This repository contains a NixOS module that can be used with personal machines -as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of -registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6 -addresses local to HQ. Simply import the `lib` directory to use the module. As +This repository contains a NixOS module that can be used with personal machines +as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of +registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6 +addresses local to HQ. Simply import the `lib` directory to use the module. As an example: ```nix @@ -83,3 +113,9 @@ in { } ``` + +# Custom packages + +Additional packages can be added to [./nixpkgs-overlay]. These packages are available +during NixOS configuration as well as from the flake via `nix shell c3d2#…` (see above +for adding this repository to your local nix registry). diff --git a/flake.lock b/flake.lock index 44910a7f..11360cec 100644 --- a/flake.lock +++ b/flake.lock @@ -1,77 +1,6 @@ { "nodes": { - "hydra": { - "inputs": { - "nix": "nix", - "nixpkgs": [ - "hydra", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1603366072, - "narHash": "sha256-9dK7Mx9BZHZTeJ/oolS7nMakVnCdXQlsA2ePWNPhQks=", - "owner": "NixOS", - "repo": "hydra", - "rev": "be709d450b98a384374228db51c14dc958a3a72a", - "type": "github" - }, - "original": { - "id": "hydra", - "type": "indirect" - } - }, - "lowdown-src": { - "flake": false, - "locked": { - "lastModified": 1598695561, - "narHash": "sha256-gyH/5j+h/nWw0W8AcR2WKvNBUsiQ7QuxqSJNXAwV+8E=", - "owner": "kristapsdz", - "repo": "lowdown", - "rev": "1705b4a26fbf065d9574dce47a94e8c7c79e052f", - "type": "github" - }, - "original": { - "owner": "kristapsdz", - "repo": "lowdown", - "type": "github" - } - }, - "nix": { - "inputs": { - "lowdown-src": "lowdown-src", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1603189103, - "narHash": "sha256-KVS/Z6FzMBOl5XCyOLwfiVoX7G2LQRa9HMGNnJRPCoo=", - "owner": "NixOS", - "repo": "nix", - "rev": "e0ca98c2071b815578470e280df8fdb750c7e23b", - "type": "github" - }, - "original": { - "id": "nix", - "type": "indirect" - } - }, "nixpkgs": { - "locked": { - "lastModified": 1602702596, - "narHash": "sha256-fqJ4UgOb4ZUnCDIapDb4gCrtAah5Rnr2/At3IzMitig=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ad0d20345219790533ebe06571f82ed6b034db31", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-20.09-small", - "type": "indirect" - } - }, - "nixpkgs_2": { "locked": { "lastModified": 1603722914, "narHash": "sha256-V3cst4osjvfsrR5Qpk8CYWRFQiGm1Rm4lanjMWooH2o=", @@ -89,8 +18,24 @@ }, "root": { "inputs": { - "hydra": "hydra", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs", + "secrets": "secrets" + } + }, + "secrets": { + "flake": false, + "locked": { + "lastModified": 1607473285, + "narHash": "sha256-cnilic++Xa2RB8krfNe0/ndZ6jFo2FQWIq8YrZ1pWrE=", + "ref": "master", + "rev": "0efb7df81d358c033a72fcc0c65016ff86f54858", + "revCount": 76, + "type": "git", + "url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git" + }, + "original": { + "type": "git", + "url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git" } } }, diff --git a/flake.nix b/flake.nix index a669c59f..47e7f727 100644 --- a/flake.nix +++ b/flake.nix @@ -3,36 +3,111 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/release-20.09"; - # secrets.url = "git+file:///etc/nixos/secrets"; + secrets = { + url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"; + flake = false; + }; }; - outputs = { self, nixpkgs, hydra }: { + outputs = { self, nixpkgs, secrets }: + let + forAllSystems = f: + nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ] + (system: f system); + in { - nixosConfigurations = { + overlay = import ./nixpkgs-overlay; + + legacyPackages = forAllSystems (system: + import nixpkgs { + inherit system; + overlays = [ self.overlay ]; + }); + + packages = forAllSystems (system: + let + pkgs = self.legacyPackages.${system}; + + mkDeploy = + # Generate a small script for copying this flake to the + # remote machine and bulding and switching there. + # Can be run with nix run c3d2#deploy-… + name: host: + let target = "root@${host}"; + in pkgs.writeScriptBin "deploy-${name}" '' + #!${pkgs.runtimeShell} + set -ev + nix-copy-closure --to ${target} ${self} + exec ssh -t ${target} \ + nix shell \ + ${self}#nixosConfigurations.${name}.config.system.build.toplevel \ + --command switch-to-configuration $@ + ''; + in { + inherit (pkgs) bmxd; + inherit (pkgs.pile) ledball; + + deploy-freifunk = mkDeploy "freifunk" "172.20.72.40"; + deploy-glotzbert = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de"; + deploy-kibana = mkDeploy "kibana" "172.20.73.44"; + deploy-ledstripes = mkDeploy "ledstripes" "172.22.99.168"; + deploy-scrape = mkDeploy "scrape" "172.20.73.32"; + }); + + nixosConfigurations = let + + nixosSystem' = + # Our custom NixOS builder + { modules, system ? "x86_64-linux", ... }@args: + nixpkgs.lib.nixosSystem (args // { + inherit system; + modules = modules ++ [ + self.nixosModules.c3d2 + ({ pkgs, ... }: { + nix = { + package = pkgs.nixFlakes; + extraOptions = "experimental-features = nix-command flakes"; + }; + nixpkgs.overlays = [ self.overlay ]; + }) + ]; + }); + + in { + + freifunk = nixosSystem' { + modules = [ + (import ./hosts/containers/freifunk/configuration.nix { + inherit secrets; + }) + ]; + }; + + glotzbert = + nixosSystem' { modules = [ ./hosts/glotzbert/configuration.nix ]; }; + + kibana = nixosSystem' { + modules = [ ./hosts/containers/kibana/configuration.nix ]; + }; + + ledstripes = nixosSystem' { + modules = [ ./hosts/containers/ledstripes/configuration.nix ]; + }; + + pulsebert = + nixosSystem' { modules = [ ./hosts/pulsebert/configuration.nix ]; }; + + scrape = nixosSystem' { + modules = [ + (import ./hosts/containers/scrape/configuration.nix { + inherit secrets; + }) + ]; + }; - glotzbert = nixpkgs.lib.nixosSystem { - modules = [ ./hosts/glotzbert/configuration.nix ]; - system = "x86_64-linux"; }; - hydra = nixpkgs.lib.nixosSystem { - modules = [ ./hosts/hydra/configuration.nix ]; - system = "x86_64-linux"; - }; - - kibana = nixpkgs.lib.nixosSystem { - modules = [ ./hosts/containers/kibana/configuration.nix ]; - system = "x86_64-linux"; - }; - - pulsebert = nixpkgs.lib.nixosSystem { - modules = [ ./hosts/pulsebert/configuration.nix ]; - system = "aarch64-linux"; - }; + nixosModules.c3d2 = import ./lib; }; - - nixosModules.c3d2 = import ./lib; - - }; } diff --git a/hosts/containers/freifunk/configuration.nix b/hosts/containers/freifunk/configuration.nix index f526e6d5..9cea70df 100644 --- a/hosts/containers/freifunk/configuration.nix +++ b/hosts/containers/freifunk/configuration.nix @@ -1,4 +1,5 @@ -{ config, pkgs, lib, ... }: +{ secrets }: +{ config, pkgs, lib, modulesPath, ... }: let coreAddress = "172.20.72.40"; @@ -6,21 +7,17 @@ let meshInterface = "bmx"; meshLoopback = "bmx_prime"; ddmeshRegisterUrl = "https://register.freifunk-dresden.de/bot.php"; - secrets = import ; - ddmeshRegisterKey = secrets.ddmeshRegisterKey; + secrets' = import "${secrets}/hosts/freifunk"; + ddmeshRegisterKey = secrets'.ddmeshRegisterKey; ddmeshNode = 51073; ddmeshAddrPart = "200.74"; rt_table = 7; - bmxd = import (toString ) { inherit pkgs; }; - sysinfo-json = import { - inherit pkgs bmxd ddmeshNode; - }; + sysinfo-json = import ./sysinfo-json.nix { inherit pkgs ddmeshNode; }; in { imports = [ - - - - + "${modulesPath}/profiles/minimal.nix" + ../../../lib/lxc-container.nix + ../../../lib/shared.nix ]; boot.tmpOnTmpfs = true; @@ -78,23 +75,23 @@ in { "10-bmx" = { enable = true; matchConfig = { Name = meshInterface; }; - addresses = [ { + addresses = [{ addressConfig = { Address = "10.201.${ddmeshAddrPart}/16"; Broadcast = "10.255.255.255"; }; - } ]; + }]; }; # Dummy interface for primary (10.200) address "11-bmx-loopback" = { enable = true; matchConfig = { Name = meshLoopback; }; - addresses = [ { + addresses = [{ addressConfig = { Address = "10.200.${ddmeshAddrPart}/32"; Broadcast = "10.255.255.255"; }; - } ]; + }]; }; # ZW "20-core" = { @@ -120,7 +117,7 @@ in { wantedBy = [ "network.target" ]; serviceConfig = { ExecStart = '' - ${bmxd}/sbin/bmxd \ + ${pkgs.bmxd}/sbin/bmxd \ --rt_table_offset=${toString rt_table} \ --no_fork 1 \ --throw-rules 0 \ @@ -131,7 +128,7 @@ in { -g 500000/50000 \ dev=bmx_prime /linklayer 0 \ dev=${meshInterface} /linklayer 1 - ''; + ''; Restart = "always"; }; }; @@ -141,7 +138,9 @@ in { script = '' ${pkgs.curl}/bin/curl \ -o /tmp/ddmesh-registration.json \ - '${ddmeshRegisterUrl}?registerkey=${ddmeshRegisterKey}&node=${toString ddmeshNode}' + '${ddmeshRegisterUrl}?registerkey=${ddmeshRegisterKey}&node=${ + toString ddmeshNode + }' ''; serviceConfig = { User = "nobody"; @@ -149,8 +148,8 @@ in { }; }; systemd.timers.ddmesh-register-node = { - partOf = [ "ddmesh-register-node.service" ]; - wantedBy = [ "timers.target" ]; + partOf = [ "ddmesh-register-node.service" ]; + wantedBy = [ "timers.target" ]; timerConfig.OnCalendar = "daily"; }; @@ -162,8 +161,8 @@ in { ''; }; systemd.timers.sysinfo-json = { - partOf = [ "sysinfo-json.service" ]; - wantedBy = [ "timers.target" ]; + partOf = [ "sysinfo-json.service" ]; + wantedBy = [ "timers.target" ]; timerConfig.OnCalendar = "minutely"; }; @@ -171,49 +170,53 @@ in { services.bird2 = { enable = true; config = '' - protocol kernel K4 { - ipv4 { - export all; - }; - } - protocol kernel K6 { - ipv6 { - export all; - }; - } - protocol device { - scan time 10; - } + protocol kernel K4 { + ipv4 { + export all; + }; + } + protocol kernel K6 { + ipv6 { + export all; + }; + } + protocol device { + scan time 10; + } - protocol ospf v2 ZW4 { - area 0 { - networks { - 172.20.72.0/21; - }; - stubnet 10.200.0.0/15; - interface "core" { - authentication cryptographic; - password "${import }"; - }; + protocol ospf v2 ZW4 { + area 0 { + networks { + 172.20.72.0/21; }; - } - - protocol ospf v3 ZW6 { - area 0 { - networks { - fd23:42:c3d2:500::/56; - 2a02:8106:208:5200::/56; - 2a02:8106:211:e900::/56; - }; - interface "core" { - #authentication cryptographic; - #password "${import }"; - }; + stubnet 10.200.0.0/15; + interface "core" { + authentication cryptographic; + password "${ + import "${secrets}/shared/ospf/message-digest-key.nix" + }"; }; - } + }; + } - router id ${coreAddress}; - ''; + protocol ospf v3 ZW6 { + area 0 { + networks { + fd23:42:c3d2:500::/56; + 2a02:8106:208:5200::/56; + 2a02:8106:211:e900::/56; + }; + interface "core" { + #authentication cryptographic; + #password "${ + import "${secrets}/shared/ospf/message-digest-key.nix" + }"; + }; + }; + } + + router id ${coreAddress}; + ''; }; # HTTP Reverse Proxy to provide services into Freifunk @@ -228,35 +231,36 @@ in { virtualHosts = { "c3d2.ffdd" = { default = true; - root = ; - locations = - let - sysinfo-json = { - alias = "/run/nginx/sysinfo.json"; - extraConfig = '' - add_header Content-Type "application/json;charset=UTF-8"; - ''; - }; - in { - "/" = { - index = "index.html"; - extraConfig = '' - etag off; - add_header etag "\"${builtins.substring 11 32 ( + "/assets")}\""; - ''; - }; - "=/sysinfo-json.cgi" = sysinfo-json; - "=/sysinfo.json" = sysinfo-json; + root = ./assets; + locations = let + sysinfo-json = { + alias = "/run/nginx/sysinfo.json"; + extraConfig = '' + add_header Content-Type "application/json;charset=UTF-8"; + ''; }; + in { + "/" = { + index = "index.html"; + extraConfig = '' + etag off; + add_header etag "\"${builtins.substring 11 32 (./assets)}\""; + ''; + }; + "=/sysinfo-json.cgi" = sysinfo-json; + "=/sysinfo.json" = sysinfo-json; + }; }; - "storage.hq.c3d2.ffdd".locations."/".proxyPass = "http://storage.hq.c3d2.de/"; + "storage.hq.c3d2.ffdd".locations."/".proxyPass = + "http://storage.hq.c3d2.de/"; "grafana.hq.c3d2.ffdd".locations."/" = { proxyPass = "https://grafana.hq.c3d2.de/"; extraConfig = '' proxy_ssl_server_name on; ''; }; - "influxdb.hq.c3d2.ffdd".locations."/".proxyPass = "http://grafana.hq.c3d2.de:8086/"; + "influxdb.hq.c3d2.ffdd".locations."/".proxyPass = + "http://grafana.hq.c3d2.de:8086/"; }; }; diff --git a/hosts/containers/freifunk/sysinfo-json.nix b/hosts/containers/freifunk/sysinfo-json.nix index d374b5a0..2bf4bd50 100644 --- a/hosts/containers/freifunk/sysinfo-json.nix +++ b/hosts/containers/freifunk/sysinfo-json.nix @@ -1,8 +1,7 @@ -{ pkgs ? import {}, - ffdd-server ? builtins.fetchGit "https://github.com/Freifunk-Dresden/ffdd-server.git", - bmxd, - ddmeshNode, - ... }: +{ pkgs ? import { }, ffdd-server ? pkgs.fetchgit { + url = "https://github.com/Freifunk-Dresden/ffdd-server.git"; + sha256 = "15iijpywfp0zd785na5ry0g8z41x3zg238piih5rp8khc5xis09c"; +}, ddmeshNode, ... }: with pkgs; let @@ -18,8 +17,7 @@ let gps_longitude = "13.7285866"; gps_altitude = "100"; }; -in -stdenv.mkDerivation { +in stdenv.mkDerivation { name = "sysinfo-json"; src = "${ffdd-server}/salt/freifunk/base/ddmesh/"; buildPhase = '' @@ -50,14 +48,21 @@ stdenv.mkDerivation { --replace '"node_type":"server"' '"node_type":"node"' \ --replace ddmesh-ipcalc.sh $out/bin/ddmesh-ipcalc.sh \ --replace lsb_release $out/bin/lsb_release \ - --replace ${lib.strings.escapeShellArg "$(sudo /sbin/iptables -w -xvn -L stat_from_ovpn | awk '/RETURN/{print $2}')"} 0 \ - --replace ${lib.strings.escapeShellArg "$(sudo /sbin/iptables -w -xvn -L stat_to_ovpn | awk '/RETURN/{print $2}')"} 0 \ + --replace ${ + lib.strings.escapeShellArg + "$(sudo /sbin/iptables -w -xvn -L stat_from_ovpn | awk '/RETURN/{print $2}')" + } 0 \ + --replace ${ + lib.strings.escapeShellArg + "$(sudo /sbin/iptables -w -xvn -L stat_to_ovpn | awk '/RETURN/{print $2}')" + } 0 \ --replace 'nettype_lookup[$2]' '"lan"' \ --replace awk ${gawk}/bin/awk - '' + - lib.strings.concatStrings (lib.attrsets.mapAttrsToList ( - var: value: "substituteInPlace sysinfo-json.cgi --replace ${lib.strings.escapeShellArg "$(uci -qX get ffdd.sys.${var})"} '${value}'\n" - ) nvram); + '' + lib.strings.concatStrings (lib.attrsets.mapAttrsToList (var: value: '' + substituteInPlace sysinfo-json.cgi --replace ${ + lib.strings.escapeShellArg "$(uci -qX get ffdd.sys.${var})" + } '${value}' + '') nvram); installPhase = '' pwd mkdir -p $out/bin diff --git a/hosts/containers/kibana/configuration.nix b/hosts/containers/kibana/configuration.nix index ce543d4c..3c1a3a2e 100644 --- a/hosts/containers/kibana/configuration.nix +++ b/hosts/containers/kibana/configuration.nix @@ -3,7 +3,6 @@ { imports = [ (modulesPath + "/profiles/minimal.nix") - ../../../lib ../../../lib/lxc-container.nix ../../../lib/shared.nix ]; diff --git a/hosts/containers/ledstripes/configuration.nix b/hosts/containers/ledstripes/configuration.nix index e549161e..306e78f7 100644 --- a/hosts/containers/ledstripes/configuration.nix +++ b/hosts/containers/ledstripes/configuration.nix @@ -3,7 +3,6 @@ { imports = [ (modulesPath + "/profiles/minimal.nix") - ../../../lib ../../../lib/lxc-container.nix ../../../lib/shared.nix ]; @@ -21,16 +20,14 @@ services.openssh.enable = true; environment.systemPackages = [ pkgs.git ]; - systemd.services.ledball = - let pile = import ../../../lib/pkgs/pile.nix { inherit pkgs; }; - in { - after = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pile.ledball}/bin/rows"; - Restart = "always"; - }; + systemd.services.ledball = { + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.pile.ledball}/bin/rows"; + Restart = "always"; }; + }; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database diff --git a/hosts/containers/scrape/configuration.nix b/hosts/containers/scrape/configuration.nix index e1aa115e..aa272f81 100644 --- a/hosts/containers/scrape/configuration.nix +++ b/hosts/containers/scrape/configuration.nix @@ -1,3 +1,4 @@ +{ secrets }: { config, pkgs, lib, modulesPath, ... }: let @@ -13,7 +14,6 @@ let in { imports = [ (modulesPath + "/profiles/minimal.nix") - ../../../lib ../../../lib/lxc-container.nix ../../../lib/shared.nix ]; @@ -24,77 +24,78 @@ in { enableHail = false; }; - networking.hostName = "scrape"; - networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.32"; prefixLength = 26; } ]; + networking.interfaces.eth0.ipv4.addresses = [{ + address = "172.20.73.32"; + prefixLength = 26; + }]; networking.defaultGateway = "172.20.73.1"; # Required for krops services.openssh.enable = true; environment.systemPackages = [ pkgs.git ]; - systemd.services = - let - scrapers = import ( - builtins.fetchGit { url = "https://gitea.c3d2.de/astro/scrapers.git"; } - ) { - inherit pkgs; + systemd.services = let + scrapers = import (pkgs.fetchgit { + url = "https://gitea.c3d2.de/astro/scrapers.git"; + sha256 = "0fnq58gz7lgn615jn7fqkk5wmn7mv7nkk5zayifhwyybagi9nvlr"; + }) { inherit pkgs; }; + makeService = { script, host, user ? "", password ? "" }: { + script = + "${scrapers.${script}}/bin/${script} ${host} ${user} ${password}"; + }; + xeriLogin = import "${secrets}/hosts/scrape/xeri.nix"; + fhemLogin = import "${secrets}/hosts/scrape/fhem.nix"; + matematLogin = import "${secrets}/hosts/scrape/matemat.nix"; + makeNodeScraper = nodeId: { + name = "scrape-node${nodeId}"; + value = makeService { + script = "freifunk_node"; + host = freifunkNodes.${nodeId}; }; - makeService = { script, host, user ? "", password ? "" }: { - script = "${scrapers.${script}}/bin/${script} ${host} ${user} ${password}"; - }; - xeriLogin = import ; - fhemLogin = import ; - matematLogin = import ; - makeNodeScraper = nodeId: { - name = "scrape-node${nodeId}"; - value = makeService { - script = "freifunk_node"; - host = freifunkNodes.${nodeId}; - }; - }; - in { - scrape-xeri = makeService { - script = "xerox"; - host = "xeri.hq.c3d2.de"; - inherit (xeriLogin) user password; - }; - scrape-roxi = makeService { - script = "xerox"; - host = "roxi.hq.c3d2.de"; - }; - scrape-fhem = makeService { - script = "fhem"; - host = "fhem.hq.c3d2.de"; - inherit (fhemLogin) user password; - }; - scrape-matemat = makeService { - script = "matemat"; - host = "matemat.hq.c3d2.de"; - inherit (matematLogin) user password; - }; - } // builtins.listToAttrs (map makeNodeScraper (builtins.attrNames freifunkNodes)); + }; + in { + scrape-xeri = makeService { + script = "xerox"; + host = "xeri.hq.c3d2.de"; + inherit (xeriLogin) user password; + }; + scrape-roxi = makeService { + script = "xerox"; + host = "roxi.hq.c3d2.de"; + }; + scrape-fhem = makeService { + script = "fhem"; + host = "fhem.hq.c3d2.de"; + inherit (fhemLogin) user password; + }; + scrape-matemat = makeService { + script = "matemat"; + host = "matemat.hq.c3d2.de"; + inherit (matematLogin) user password; + }; + } // builtins.listToAttrs + (map makeNodeScraper (builtins.attrNames freifunkNodes)); - systemd.timers = - let - makeTimer = service: interval: { - partOf = [ "${service}.service" ]; - wantedBy = [ "timers.target" ]; - timerConfig.OnCalendar = interval; + systemd.timers = let + makeTimer = service: interval: { + partOf = [ "${service}.service" ]; + wantedBy = [ "timers.target" ]; + timerConfig.OnCalendar = interval; + }; + makeNodeScraperTimer = nodeId: + let name = "scrape-node${nodeId}"; + in { + inherit name; + value = makeTimer name "minutely"; }; - makeNodeScraperTimer = nodeId: - let - name = "scrape-node${nodeId}"; - in { - inherit name; - value = makeTimer name "minutely"; - }; - in { - scrape-xeri = makeTimer "scrape-xeri.service" "minutely"; - scrape-roxi = makeTimer "scrape-roxi.service" "minutely"; - scrape-fhem = makeTimer "scrape-fhem.service" "minutely"; - scrape-matemat = makeTimer "scrape-matemat.service" "minutely"; - } // builtins.listToAttrs (map makeNodeScraperTimer (builtins.attrNames freifunkNodes)); + in { + scrape-xeri = makeTimer "scrape-xeri.service" "minutely"; + scrape-roxi = makeTimer "scrape-roxi.service" "minutely"; + scrape-fhem = makeTimer "scrape-fhem.service" "minutely"; + scrape-matemat = makeTimer "scrape-matemat.service" "minutely"; + } // builtins.listToAttrs + (map makeNodeScraperTimer (builtins.attrNames freifunkNodes)); # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database diff --git a/hosts/glotzbert/configuration.nix b/hosts/glotzbert/configuration.nix index daad353e..35b6297a 100644 --- a/hosts/glotzbert/configuration.nix +++ b/hosts/glotzbert/configuration.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - imports = [ ]; + imports = [ ./hardware-configuration.nix ]; c3d2 = { users.k-ot = true; diff --git a/hosts/pulsebert/configuration.nix b/hosts/pulsebert/configuration.nix index d43cd6cc..6a0e63a0 100644 --- a/hosts/pulsebert/configuration.nix +++ b/hosts/pulsebert/configuration.nix @@ -10,7 +10,7 @@ let in { imports = [ # Include the results of the hardware scan. - + ./hardware-configuration.nix ]; boot.loader.grub.enable = false; @@ -194,7 +194,7 @@ in systemd.services.mjpeg-stream = let - mjpeg-proxy = pkgs.callPackage {}; + mjpeg-proxy = pkgs.callPackage ../../lib/pkgs/mjpeg-proxy.nix {}; in { wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; diff --git a/hosts/storage-ng/configuration.nix b/hosts/storage-ng/configuration.nix index a6c3c378..fd8c3247 100644 --- a/hosts/storage-ng/configuration.nix +++ b/hosts/storage-ng/configuration.nix @@ -8,7 +8,6 @@ let eth0 = "ens18"; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ../../lib # ../../lib/hq.nix ../../lib/shared.nix ../../lib/default-gateway.nix diff --git a/lib/default.nix b/lib/default.nix index 7b1b4961..19f261a7 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -162,12 +162,10 @@ in { host.ip6 else toHqPrivateAddress hostName; - in [ - { - name = ip6; - value = [ "${hostName}.hq" hostName ]; - } - ] ++ lib.optional (hasAttr "ip4" host) { + in [{ + name = ip6; + value = [ "${hostName}.hq" hostName ]; + }] ++ lib.optional (hasAttr "ip4" host) { name = host.ip4; value = [ "${hostName}.hq" hostName ]; }; @@ -191,6 +189,7 @@ in { { } else { "${cfg.hq.interface}" = { + tempAddress = lib.mkDefault "disabled"; ipv6.addresses = [{ address = toHqPrivateAddress config.networking.hostName; prefixLength = 64; diff --git a/lib/lxc-container.nix b/lib/lxc-container.nix index a70daeda..75d3b395 100644 --- a/lib/lxc-container.nix +++ b/lib/lxc-container.nix @@ -19,7 +19,7 @@ networking.interfaces.eth0 = { useDHCP = false; - preferTempAddress = false; + tempAddress = "disabled"; }; systemd.network.networks."40-eth0" = { networkConfig = { diff --git a/lib/pkgs/bmxd.nix b/nixpkgs-overlay/bmdx.nix similarity index 51% rename from lib/pkgs/bmxd.nix rename to nixpkgs-overlay/bmdx.nix index bf287e99..890661bc 100644 --- a/lib/pkgs/bmxd.nix +++ b/nixpkgs-overlay/bmdx.nix @@ -1,19 +1,24 @@ -{ pkgs ? import {}, - src ? builtins.fetchGit "https://gitlab.freifunk-dresden.de/firmware-developer/firmware.git", -}: +{ stdenv, fetchgit, fetchpatch, }: -with pkgs; let + src = fetchgit { + url = "https://gitlab.freifunk-dresden.de/firmware-developer/firmware.git"; + sha256 = "sha256-3sV59uqFp+TZKrDf7kmksLvz+5ZKriwFyXZMBH2Sdws="; + }; path = "feeds/19.07/feeds-own/bmxd"; makefile = builtins.readFile "${src}/${path}/Makefile"; makeDef = name: - builtins.elemAt (builtins.match ".*?${name}:=([^\n]+).*?" makefile) 0; + builtins.elemAt (builtins.match '' + .*?${name}:=([^ + ]+).*?'' makefile) 0; name = makeDef "PKG_NAME"; version = makeDef "PKG_VERSION"; release = makeDef "PKG_RELEASE"; - patch = fetchurl { - url = "https://gitlab.freifunk-dresden.de/firmware-developer/firmware/merge_requests/36.patch"; - sha256 = "10gm1fqg2s8c261i0j1py3sfyyzr0h5b6wwdsgg3icn7lfjd6k75"; + patch = fetchpatch { + name = "timercpy.patch"; + url = + "https://gitlab.freifunk-dresden.de/firmware-developer/firmware/merge_requests/36.patch"; + sha256 = "sha256-40BbcCZ10cQzvkfsAi8ApCgmC4hGMh2J8xU6gjD3cng="; }; in stdenv.mkDerivation { name = "${name}-${version}-${release}"; diff --git a/nixpkgs-overlay/default.nix b/nixpkgs-overlay/default.nix new file mode 100644 index 00000000..4499c2e1 --- /dev/null +++ b/nixpkgs-overlay/default.nix @@ -0,0 +1,9 @@ +final: prev: + +{ + + bmxd = prev.callPackage ./bmdx.nix { }; + + pile = prev.callPackage ./pile.nix { }; + +} diff --git a/lib/pkgs/pile.nix b/nixpkgs-overlay/pile.nix similarity index 72% rename from lib/pkgs/pile.nix rename to nixpkgs-overlay/pile.nix index 7da6079e..2dab5b06 100644 --- a/lib/pkgs/pile.nix +++ b/nixpkgs-overlay/pile.nix @@ -1,8 +1,10 @@ -{ pkgs ? import {} }: +{ fetchgit, rustPlatform }: -with pkgs; let - pile = builtins.fetchGit "https://github.com/astro/pile.git"; + pile = fetchgit { + url = "https://github.com/astro/pile.git"; + sha256 = "sha256-z4xNUGmP35ZBZUpgozQHANZniADfmwEoclnEwNlvAC4="; + }; in { ledball = rustPlatform.buildRustPackage { name = "ledball";