flakificaion #5
|
@ -12,9 +12,8 @@ let
|
|||
ddmeshAddrPart = "200.74";
|
||||
rt_table = 7;
|
||||
bmxd = import (toString <lib/pkgs/bmxd.nix>) { inherit pkgs; };
|
||||
sysinfo-json = import <this-host/sysinfo-json.nix> {
|
||||
inherit pkgs bmxd ddmeshNode;
|
||||
};
|
||||
sysinfo-json =
|
||||
import <this-host/sysinfo-json.nix> { inherit pkgs bmxd ddmeshNode; };
|
||||
in {
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||
|
@ -78,23 +77,23 @@ in {
|
|||
"10-bmx" = {
|
||||
enable = true;
|
||||
matchConfig = { Name = meshInterface; };
|
||||
addresses = [ {
|
||||
addresses = [{
|
||||
addressConfig = {
|
||||
Address = "10.201.${ddmeshAddrPart}/16";
|
||||
Broadcast = "10.255.255.255";
|
||||
};
|
||||
} ];
|
||||
}];
|
||||
};
|
||||
# Dummy interface for primary (10.200) address
|
||||
"11-bmx-loopback" = {
|
||||
enable = true;
|
||||
matchConfig = { Name = meshLoopback; };
|
||||
addresses = [ {
|
||||
addresses = [{
|
||||
addressConfig = {
|
||||
Address = "10.200.${ddmeshAddrPart}/32";
|
||||
Broadcast = "10.255.255.255";
|
||||
};
|
||||
} ];
|
||||
}];
|
||||
};
|
||||
# ZW
|
||||
"20-core" = {
|
||||
|
@ -131,7 +130,7 @@ in {
|
|||
-g 500000/50000 \
|
||||
dev=bmx_prime /linklayer 0 \
|
||||
dev=${meshInterface} /linklayer 1
|
||||
'';
|
||||
'';
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
|
@ -141,7 +140,9 @@ in {
|
|||
script = ''
|
||||
${pkgs.curl}/bin/curl \
|
||||
-o /tmp/ddmesh-registration.json \
|
||||
'${ddmeshRegisterUrl}?registerkey=${ddmeshRegisterKey}&node=${toString ddmeshNode}'
|
||||
'${ddmeshRegisterUrl}?registerkey=${ddmeshRegisterKey}&node=${
|
||||
toString ddmeshNode
|
||||
}'
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = "nobody";
|
||||
|
@ -149,8 +150,8 @@ in {
|
|||
};
|
||||
};
|
||||
systemd.timers.ddmesh-register-node = {
|
||||
partOf = [ "ddmesh-register-node.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
partOf = [ "ddmesh-register-node.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "daily";
|
||||
};
|
||||
|
||||
|
@ -162,8 +163,8 @@ in {
|
|||
'';
|
||||
};
|
||||
systemd.timers.sysinfo-json = {
|
||||
partOf = [ "sysinfo-json.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
partOf = [ "sysinfo-json.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "minutely";
|
||||
};
|
||||
|
||||
|
@ -171,49 +172,49 @@ in {
|
|||
services.bird2 = {
|
||||
enable = true;
|
||||
config = ''
|
||||
protocol kernel K4 {
|
||||
ipv4 {
|
||||
export all;
|
||||
};
|
||||
}
|
||||
protocol kernel K6 {
|
||||
ipv6 {
|
||||
export all;
|
||||
};
|
||||
}
|
||||
protocol device {
|
||||
scan time 10;
|
||||
}
|
||||
protocol kernel K4 {
|
||||
ipv4 {
|
||||
export all;
|
||||
};
|
||||
}
|
||||
protocol kernel K6 {
|
||||
ipv6 {
|
||||
export all;
|
||||
};
|
||||
}
|
||||
protocol device {
|
||||
scan time 10;
|
||||
}
|
||||
|
||||
protocol ospf v2 ZW4 {
|
||||
area 0 {
|
||||
networks {
|
||||
172.20.72.0/21;
|
||||
};
|
||||
stubnet 10.200.0.0/15;
|
||||
interface "core" {
|
||||
authentication cryptographic;
|
||||
password "${import <secrets/shared/ospf/message-digest-key.nix>}";
|
||||
};
|
||||
protocol ospf v2 ZW4 {
|
||||
area 0 {
|
||||
networks {
|
||||
172.20.72.0/21;
|
||||
};
|
||||
}
|
||||
|
||||
protocol ospf v3 ZW6 {
|
||||
area 0 {
|
||||
networks {
|
||||
fd23:42:c3d2:500::/56;
|
||||
2a02:8106:208:5200::/56;
|
||||
2a02:8106:211:e900::/56;
|
||||
};
|
||||
interface "core" {
|
||||
#authentication cryptographic;
|
||||
#password "${import <secrets/shared/ospf/message-digest-key.nix>}";
|
||||
};
|
||||
stubnet 10.200.0.0/15;
|
||||
interface "core" {
|
||||
authentication cryptographic;
|
||||
password "${import <secrets/shared/ospf/message-digest-key.nix>}";
|
||||
};
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
router id ${coreAddress};
|
||||
'';
|
||||
protocol ospf v3 ZW6 {
|
||||
area 0 {
|
||||
networks {
|
||||
fd23:42:c3d2:500::/56;
|
||||
2a02:8106:208:5200::/56;
|
||||
2a02:8106:211:e900::/56;
|
||||
};
|
||||
interface "core" {
|
||||
#authentication cryptographic;
|
||||
#password "${import <secrets/shared/ospf/message-digest-key.nix>}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
router id ${coreAddress};
|
||||
'';
|
||||
};
|
||||
|
||||
# HTTP Reverse Proxy to provide services into Freifunk
|
||||
|
@ -229,34 +230,37 @@ in {
|
|||
"c3d2.ffdd" = {
|
||||
default = true;
|
||||
root = <this-host/assets>;
|
||||
locations =
|
||||
let
|
||||
sysinfo-json = {
|
||||
alias = "/run/nginx/sysinfo.json";
|
||||
extraConfig = ''
|
||||
add_header Content-Type "application/json;charset=UTF-8";
|
||||
'';
|
||||
};
|
||||
in {
|
||||
"/" = {
|
||||
index = "index.html";
|
||||
extraConfig = ''
|
||||
etag off;
|
||||
add_header etag "\"${builtins.substring 11 32 (<this-host> + "/assets")}\"";
|
||||
'';
|
||||
};
|
||||
"=/sysinfo-json.cgi" = sysinfo-json;
|
||||
"=/sysinfo.json" = sysinfo-json;
|
||||
locations = let
|
||||
sysinfo-json = {
|
||||
alias = "/run/nginx/sysinfo.json";
|
||||
extraConfig = ''
|
||||
add_header Content-Type "application/json;charset=UTF-8";
|
||||
'';
|
||||
};
|
||||
in {
|
||||
"/" = {
|
||||
index = "index.html";
|
||||
extraConfig = ''
|
||||
etag off;
|
||||
add_header etag "\"${
|
||||
builtins.substring 11 32 (<this-host> + "/assets")
|
||||
}\"";
|
||||
'';
|
||||
};
|
||||
"=/sysinfo-json.cgi" = sysinfo-json;
|
||||
"=/sysinfo.json" = sysinfo-json;
|
||||
};
|
||||
};
|
||||
"storage.hq.c3d2.ffdd".locations."/".proxyPass = "http://storage.hq.c3d2.de/";
|
||||
"storage.hq.c3d2.ffdd".locations."/".proxyPass =
|
||||
"http://storage.hq.c3d2.de/";
|
||||
"grafana.hq.c3d2.ffdd".locations."/" = {
|
||||
proxyPass = "https://grafana.hq.c3d2.de/";
|
||||
extraConfig = ''
|
||||
proxy_ssl_server_name on;
|
||||
'';
|
||||
};
|
||||
"influxdb.hq.c3d2.ffdd".locations."/".proxyPass = "http://grafana.hq.c3d2.de:8086/";
|
||||
"influxdb.hq.c3d2.ffdd".locations."/".proxyPass =
|
||||
"http://grafana.hq.c3d2.de:8086/";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
{ pkgs ? import <nixpkgs> {},
|
||||
ffdd-server ? builtins.fetchGit "https://github.com/Freifunk-Dresden/ffdd-server.git",
|
||||
bmxd,
|
||||
ddmeshNode,
|
||||
... }:
|
||||
{ pkgs ? import <nixpkgs> { }, ffdd-server ?
|
||||
builtins.fetchGit "https://github.com/Freifunk-Dresden/ffdd-server.git", bmxd
|
||||
, ddmeshNode, ... }:
|
||||
|
||||
with pkgs;
|
||||
let
|
||||
|
@ -18,8 +16,7 @@ let
|
|||
gps_longitude = "13.7285866";
|
||||
gps_altitude = "100";
|
||||
};
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
in stdenv.mkDerivation {
|
||||
name = "sysinfo-json";
|
||||
src = "${ffdd-server}/salt/freifunk/base/ddmesh/";
|
||||
buildPhase = ''
|
||||
|
@ -50,14 +47,21 @@ stdenv.mkDerivation {
|
|||
--replace '"node_type":"server"' '"node_type":"node"' \
|
||||
--replace ddmesh-ipcalc.sh $out/bin/ddmesh-ipcalc.sh \
|
||||
--replace lsb_release $out/bin/lsb_release \
|
||||
--replace ${lib.strings.escapeShellArg "$(sudo /sbin/iptables -w -xvn -L stat_from_ovpn | awk '/RETURN/{print $2}')"} 0 \
|
||||
--replace ${lib.strings.escapeShellArg "$(sudo /sbin/iptables -w -xvn -L stat_to_ovpn | awk '/RETURN/{print $2}')"} 0 \
|
||||
--replace ${
|
||||
lib.strings.escapeShellArg
|
||||
"$(sudo /sbin/iptables -w -xvn -L stat_from_ovpn | awk '/RETURN/{print $2}')"
|
||||
} 0 \
|
||||
--replace ${
|
||||
lib.strings.escapeShellArg
|
||||
"$(sudo /sbin/iptables -w -xvn -L stat_to_ovpn | awk '/RETURN/{print $2}')"
|
||||
} 0 \
|
||||
--replace 'nettype_lookup[$2]' '"lan"' \
|
||||
--replace awk ${gawk}/bin/awk
|
||||
'' +
|
||||
lib.strings.concatStrings (lib.attrsets.mapAttrsToList (
|
||||
var: value: "substituteInPlace sysinfo-json.cgi --replace ${lib.strings.escapeShellArg "$(uci -qX get ffdd.sys.${var})"} '${value}'\n"
|
||||
) nvram);
|
||||
'' + lib.strings.concatStrings (lib.attrsets.mapAttrsToList (var: value: ''
|
||||
substituteInPlace sysinfo-json.cgi --replace ${
|
||||
lib.strings.escapeShellArg "$(uci -qX get ffdd.sys.${var})"
|
||||
} '${value}'
|
||||
'') nvram);
|
||||
installPhase = ''
|
||||
pwd
|
||||
mkdir -p $out/bin
|
||||
|
|
|
@ -9,7 +9,10 @@
|
|||
];
|
||||
|
||||
networking.hostName = "kibana";
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.44"; prefixLength = 26; } ];
|
||||
networking.interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.44";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
|
@ -31,32 +34,30 @@
|
|||
acceptTerms = true;
|
||||
email = "mail@c3d2.de";
|
||||
};
|
||||
services.nginx =
|
||||
let
|
||||
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
||||
vhost = url: {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = url;
|
||||
extraConfig = ''
|
||||
auth_basic "Chaos";
|
||||
auth_basic_user_file ${authFile};
|
||||
'';
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
virtualHosts = {
|
||||
"kibana.hq.c3d2.de" =
|
||||
vhost "http://127.0.0.1:${toString config.services.kibana.port}";
|
||||
"kibana-es.hq.c3d2.de" =
|
||||
vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
|
||||
services.nginx = let
|
||||
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
||||
vhost = url: {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = url;
|
||||
extraConfig = ''
|
||||
auth_basic "Chaos";
|
||||
auth_basic_user_file ${authFile};
|
||||
'';
|
||||
};
|
||||
};
|
||||
in {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
virtualHosts = {
|
||||
"kibana.hq.c3d2.de" =
|
||||
vhost "http://127.0.0.1:${toString config.services.kibana.port}";
|
||||
"kibana-es.hq.c3d2.de" =
|
||||
vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
|
||||
};
|
||||
};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
|
|
|
@ -24,77 +24,77 @@ in {
|
|||
enableHail = false;
|
||||
};
|
||||
|
||||
|
||||
networking.hostName = "scrape";
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.32"; prefixLength = 26; } ];
|
||||
networking.interfaces.eth0.ipv4.addresses = [{
|
||||
address = "172.20.73.32";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
|
||||
# Required for krops
|
||||
services.openssh.enable = true;
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
|
||||
systemd.services =
|
||||
let
|
||||
scrapers = import (
|
||||
builtins.fetchGit { url = "https://gitea.c3d2.de/astro/scrapers.git"; }
|
||||
) {
|
||||
inherit pkgs;
|
||||
systemd.services = let
|
||||
scrapers = import (builtins.fetchGit {
|
||||
url = "https://gitea.c3d2.de/astro/scrapers.git";
|
||||
}) { inherit pkgs; };
|
||||
makeService = { script, host, user ? "", password ? "" }: {
|
||||
script =
|
||||
"${scrapers.${script}}/bin/${script} ${host} ${user} ${password}";
|
||||
};
|
||||
xeriLogin = import <secrets/hosts/scrape/xeri.nix>;
|
||||
fhemLogin = import <secrets/hosts/scrape/fhem.nix>;
|
||||
matematLogin = import <secrets/hosts/scrape/matemat.nix>;
|
||||
makeNodeScraper = nodeId: {
|
||||
name = "scrape-node${nodeId}";
|
||||
value = makeService {
|
||||
script = "freifunk_node";
|
||||
host = freifunkNodes.${nodeId};
|
||||
};
|
||||
makeService = { script, host, user ? "", password ? "" }: {
|
||||
script = "${scrapers.${script}}/bin/${script} ${host} ${user} ${password}";
|
||||
};
|
||||
xeriLogin = import <secrets/hosts/scrape/xeri.nix>;
|
||||
fhemLogin = import <secrets/hosts/scrape/fhem.nix>;
|
||||
matematLogin = import <secrets/hosts/scrape/matemat.nix>;
|
||||
makeNodeScraper = nodeId: {
|
||||
name = "scrape-node${nodeId}";
|
||||
value = makeService {
|
||||
script = "freifunk_node";
|
||||
host = freifunkNodes.${nodeId};
|
||||
};
|
||||
};
|
||||
in {
|
||||
scrape-xeri = makeService {
|
||||
script = "xerox";
|
||||
host = "xeri.hq.c3d2.de";
|
||||
inherit (xeriLogin) user password;
|
||||
};
|
||||
scrape-roxi = makeService {
|
||||
script = "xerox";
|
||||
host = "roxi.hq.c3d2.de";
|
||||
};
|
||||
scrape-fhem = makeService {
|
||||
script = "fhem";
|
||||
host = "fhem.hq.c3d2.de";
|
||||
inherit (fhemLogin) user password;
|
||||
};
|
||||
scrape-matemat = makeService {
|
||||
script = "matemat";
|
||||
host = "matemat.hq.c3d2.de";
|
||||
inherit (matematLogin) user password;
|
||||
};
|
||||
} // builtins.listToAttrs (map makeNodeScraper (builtins.attrNames freifunkNodes));
|
||||
};
|
||||
in {
|
||||
scrape-xeri = makeService {
|
||||
script = "xerox";
|
||||
host = "xeri.hq.c3d2.de";
|
||||
inherit (xeriLogin) user password;
|
||||
};
|
||||
scrape-roxi = makeService {
|
||||
script = "xerox";
|
||||
host = "roxi.hq.c3d2.de";
|
||||
};
|
||||
scrape-fhem = makeService {
|
||||
script = "fhem";
|
||||
host = "fhem.hq.c3d2.de";
|
||||
inherit (fhemLogin) user password;
|
||||
};
|
||||
scrape-matemat = makeService {
|
||||
script = "matemat";
|
||||
host = "matemat.hq.c3d2.de";
|
||||
inherit (matematLogin) user password;
|
||||
};
|
||||
} // builtins.listToAttrs
|
||||
(map makeNodeScraper (builtins.attrNames freifunkNodes));
|
||||
|
||||
systemd.timers =
|
||||
let
|
||||
makeTimer = service: interval: {
|
||||
partOf = [ "${service}.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = interval;
|
||||
systemd.timers = let
|
||||
makeTimer = service: interval: {
|
||||
partOf = [ "${service}.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = interval;
|
||||
};
|
||||
makeNodeScraperTimer = nodeId:
|
||||
let name = "scrape-node${nodeId}";
|
||||
in {
|
||||
inherit name;
|
||||
value = makeTimer name "minutely";
|
||||
};
|
||||
makeNodeScraperTimer = nodeId:
|
||||
let
|
||||
name = "scrape-node${nodeId}";
|
||||
in {
|
||||
inherit name;
|
||||
value = makeTimer name "minutely";
|
||||
};
|
||||
in {
|
||||
scrape-xeri = makeTimer "scrape-xeri.service" "minutely";
|
||||
scrape-roxi = makeTimer "scrape-roxi.service" "minutely";
|
||||
scrape-fhem = makeTimer "scrape-fhem.service" "minutely";
|
||||
scrape-matemat = makeTimer "scrape-matemat.service" "minutely";
|
||||
} // builtins.listToAttrs (map makeNodeScraperTimer (builtins.attrNames freifunkNodes));
|
||||
in {
|
||||
scrape-xeri = makeTimer "scrape-xeri.service" "minutely";
|
||||
scrape-roxi = makeTimer "scrape-roxi.service" "minutely";
|
||||
scrape-fhem = makeTimer "scrape-fhem.service" "minutely";
|
||||
scrape-matemat = makeTimer "scrape-matemat.service" "minutely";
|
||||
} // builtins.listToAttrs
|
||||
(map makeNodeScraperTimer (builtins.attrNames freifunkNodes));
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
|
|
|
@ -44,9 +44,15 @@
|
|||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget vim git tmux screen
|
||||
chromium firefox
|
||||
mpv kodi
|
||||
wget
|
||||
vim
|
||||
git
|
||||
tmux
|
||||
screen
|
||||
chromium
|
||||
firefox
|
||||
mpv
|
||||
kodi
|
||||
];
|
||||
|
||||
systemd.user.services.x11vnc = {
|
||||
|
@ -108,9 +114,7 @@
|
|||
services.xserver.xkbOptions = "eurosign:e";
|
||||
|
||||
services.xserver.displayManager = {
|
||||
lightdm = {
|
||||
enable = true;
|
||||
};
|
||||
lightdm = { enable = true; };
|
||||
autoLogin = {
|
||||
enable = true;
|
||||
user = "k-ot";
|
||||
|
|
|
@ -7,15 +7,18 @@
|
|||
let
|
||||
octoprintPort = 8080;
|
||||
espCam = "http://172.20.78.164:81";
|
||||
in
|
||||
{
|
||||
in {
|
||||
imports = [ # Include the results of the hardware scan.
|
||||
<this-host/hardware-configuration.nix>
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.generic-extlinux-compatible.enable = false;
|
||||
boot.loader.raspberryPi = { enable = true; version = 4; uboot.enable = false; };
|
||||
boot.loader.raspberryPi = {
|
||||
enable = true;
|
||||
version = 4;
|
||||
uboot.enable = false;
|
||||
};
|
||||
#boot.kernelPackages = pkgs.linuxPackages_rpi4;
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
|
@ -49,10 +52,7 @@ in
|
|||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget vim git
|
||||
raspberrypi-tools
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ wget vim git raspberrypi-tools ];
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
|
@ -83,7 +83,6 @@ in
|
|||
extraGroups = [ "wheel" "audio" ];
|
||||
};
|
||||
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
|
@ -111,10 +110,13 @@ in
|
|||
systemWide = true;
|
||||
tcp.enable = true;
|
||||
tcp.anonymousClients.allowedIpRanges = [
|
||||
"127.0.0.0/8" "::1/128"
|
||||
"127.0.0.0/8"
|
||||
"::1/128"
|
||||
"fd23:42:c3d2:500::/56"
|
||||
"172.22.99.0/24" "2a02:8106:208:5200::/56"
|
||||
"172.20.72.0/21" "2a02:8106:211:e900::/56"
|
||||
"172.22.99.0/24"
|
||||
"2a02:8106:208:5200::/56"
|
||||
"172.20.72.0/21"
|
||||
"2a02:8106:211:e900::/56"
|
||||
];
|
||||
zeroconf.publish.enable = true;
|
||||
package = pkgs.pulseaudioFull;
|
||||
|
@ -190,11 +192,11 @@ in
|
|||
};
|
||||
|
||||
# Allow access to printer serial port and GPIO
|
||||
users.users.${config.services.octoprint.user}.extraGroups = [ "dialout" "gpio" ];
|
||||
users.users.${config.services.octoprint.user}.extraGroups =
|
||||
[ "dialout" "gpio" ];
|
||||
|
||||
systemd.services.mjpeg-stream =
|
||||
let
|
||||
mjpeg-proxy = pkgs.callPackage <lib/pkgs/mjpeg-proxy.nix> {};
|
||||
let mjpeg-proxy = pkgs.callPackage <lib/pkgs/mjpeg-proxy.nix> { };
|
||||
in {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
|
|
@ -100,8 +100,8 @@ in {
|
|||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
allowSFTP = true;
|
||||
enable = true;
|
||||
allowSFTP = true;
|
||||
};
|
||||
|
||||
services.atftpd = {
|
||||
|
|
|
@ -162,12 +162,10 @@ in {
|
|||
host.ip6
|
||||
else
|
||||
toHqPrivateAddress hostName;
|
||||
in [
|
||||
{
|
||||
name = ip6;
|
||||
value = [ "${hostName}.hq" hostName ];
|
||||
}
|
||||
] ++ lib.optional (hasAttr "ip4" host) {
|
||||
in [{
|
||||
name = ip6;
|
||||
value = [ "${hostName}.hq" hostName ];
|
||||
}] ++ lib.optional (hasAttr "ip4" host) {
|
||||
name = host.ip4;
|
||||
value = [ "${hostName}.hq" hostName ];
|
||||
};
|
||||
|
|
|
@ -15,7 +15,8 @@
|
|||
networking.useNetworkd = true;
|
||||
networking.useDHCP = false;
|
||||
services.resolved.enable = false;
|
||||
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||
networking.nameservers =
|
||||
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||
|
||||
networking.interfaces.eth0 = {
|
||||
useDHCP = false;
|
||||
|
@ -36,15 +37,17 @@
|
|||
|
||||
# Create a few files early before packing tarball for Proxmox
|
||||
# architecture/OS detection.
|
||||
system.extraSystemBuilderCmds =
|
||||
''
|
||||
mkdir -m 0755 -p $out/bin
|
||||
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
|
||||
mkdir -m 0755 -p $out/sbin
|
||||
ln -s ../init $out/sbin/init
|
||||
'';
|
||||
system.extraSystemBuilderCmds = ''
|
||||
mkdir -m 0755 -p $out/bin
|
||||
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
|
||||
mkdir -m 0755 -p $out/sbin
|
||||
ln -s ../init $out/sbin/init
|
||||
'';
|
||||
|
||||
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
|
||||
fileSystems."/" = {
|
||||
fsType = "rootfs";
|
||||
device = "rootfs";
|
||||
};
|
||||
|
||||
# add central logging
|
||||
services.journalbeat = {
|
||||
|
|
Loading…
Reference in New Issue