c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

flakificaion #5

Closed
ehmry wants to merge 2 commits from flake into master
pull from: flake
merge into: c3d2:master
Conversation 0 Commits 2 Files Changed 16 +224 -208
9 changed files with 224 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 27bc1ceec8 - Show all commits

148
hosts/containers/freifunk/configuration.nix
View File

@ -12,9 +12,8 @@ let
ddmeshAddrPart = "200.74";
rt_table = 7;
bmxd = import (toString <lib/pkgs/bmxd.nix>) { inherit pkgs; };
sysinfo-json = import <this-host/sysinfo-json.nix> {
inherit pkgs bmxd ddmeshNode;
};
sysinfo-json =
import <this-host/sysinfo-json.nix> { inherit pkgs bmxd ddmeshNode; };
in {
imports = [
<nixpkgs/nixos/modules/profiles/minimal.nix>
@ -78,23 +77,23 @@ in {
"10-bmx" = {
enable = true;
matchConfig = { Name = meshInterface; };
addresses = [ {
addresses = [{
addressConfig = {
Address = "10.201.${ddmeshAddrPart}/16";
Broadcast = "10.255.255.255";
};
} ];
}];
};
# Dummy interface for primary (10.200) address
"11-bmx-loopback" = {
enable = true;
matchConfig = { Name = meshLoopback; };
addresses = [ {
addresses = [{
addressConfig = {
Address = "10.200.${ddmeshAddrPart}/32";
Broadcast = "10.255.255.255";
};
} ];
}];
};
# ZW
"20-core" = {
@ -131,7 +130,7 @@ in {
-g 500000/50000 \
dev=bmx_prime /linklayer 0 \
dev=${meshInterface} /linklayer 1
'';
'';
Restart = "always";
};
};
@ -141,7 +140,9 @@ in {
script = ''
${pkgs.curl}/bin/curl \
-o /tmp/ddmesh-registration.json \
'${ddmeshRegisterUrl}?registerkey=${ddmeshRegisterKey}&node=${toString ddmeshNode}'
'${ddmeshRegisterUrl}?registerkey=${ddmeshRegisterKey}&node=${
toString ddmeshNode
}'
'';
serviceConfig = {
User = "nobody";
@ -149,8 +150,8 @@ in {
};
};
systemd.timers.ddmesh-register-node = {
partOf = [ "ddmesh-register-node.service" ];
wantedBy = [ "timers.target" ];
partOf = [ "ddmesh-register-node.service" ];
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = "daily";
};
@ -162,8 +163,8 @@ in {
'';
};
systemd.timers.sysinfo-json = {
partOf = [ "sysinfo-json.service" ];
wantedBy = [ "timers.target" ];
partOf = [ "sysinfo-json.service" ];
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = "minutely";
};
@ -171,49 +172,49 @@ in {
services.bird2 = {
enable = true;
config = ''
protocol kernel K4 {
ipv4 {
export all;
};
}
protocol kernel K6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
protocol kernel K4 {
ipv4 {
export all;
};
}
protocol kernel K6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
protocol ospf v2 ZW4 {
area 0 {
networks {
172.20.72.0/21;
};
stubnet 10.200.0.0/15;
interface "core" {
authentication cryptographic;
password "${import <secrets/shared/ospf/message-digest-key.nix>}";
};
protocol ospf v2 ZW4 {
area 0 {
networks {
172.20.72.0/21;
};
}
protocol ospf v3 ZW6 {
area 0 {
networks {
fd23:42:c3d2:500::/56;
2a02:8106:208:5200::/56;
2a02:8106:211:e900::/56;
};
interface "core" {
#authentication cryptographic;
#password "${import <secrets/shared/ospf/message-digest-key.nix>}";
};
stubnet 10.200.0.0/15;
interface "core" {
authentication cryptographic;
password "${import <secrets/shared/ospf/message-digest-key.nix>}";
};
}
};
}
router id ${coreAddress};
'';
protocol ospf v3 ZW6 {
area 0 {
networks {
fd23:42:c3d2:500::/56;
2a02:8106:208:5200::/56;
2a02:8106:211:e900::/56;
};
interface "core" {
#authentication cryptographic;
#password "${import <secrets/shared/ospf/message-digest-key.nix>}";
};
};
}
router id ${coreAddress};
'';
};
# HTTP Reverse Proxy to provide services into Freifunk
@ -229,34 +230,37 @@ in {
"c3d2.ffdd" = {
default = true;
root = <this-host/assets>;
locations =
let
sysinfo-json = {
alias = "/run/nginx/sysinfo.json";
extraConfig = ''
add_header Content-Type "application/json;charset=UTF-8";
'';
};
in {
"/" = {
index = "index.html";
extraConfig = ''
etag off;
add_header etag "\"${builtins.substring 11 32 (<this-host> + "/assets")}\"";
'';
};
"=/sysinfo-json.cgi" = sysinfo-json;
"=/sysinfo.json" = sysinfo-json;
locations = let
sysinfo-json = {
alias = "/run/nginx/sysinfo.json";
extraConfig = ''
add_header Content-Type "application/json;charset=UTF-8";
'';
};
in {
"/" = {
index = "index.html";
extraConfig = ''
etag off;
add_header etag "\"${
builtins.substring 11 32 (<this-host> + "/assets")
}\"";
'';
};
"=/sysinfo-json.cgi" = sysinfo-json;
"=/sysinfo.json" = sysinfo-json;
};
};
"storage.hq.c3d2.ffdd".locations."/".proxyPass = "http://storage.hq.c3d2.de/";
"storage.hq.c3d2.ffdd".locations."/".proxyPass =
"http://storage.hq.c3d2.de/";
"grafana.hq.c3d2.ffdd".locations."/" = {
proxyPass = "https://grafana.hq.c3d2.de/";
extraConfig = ''
proxy_ssl_server_name on;
'';
};
"influxdb.hq.c3d2.ffdd".locations."/".proxyPass = "http://grafana.hq.c3d2.de:8086/";
"influxdb.hq.c3d2.ffdd".locations."/".proxyPass =
"http://grafana.hq.c3d2.de:8086/";
};
};

30
hosts/containers/freifunk/sysinfo-json.nix
View File

@ -1,8 +1,6 @@
{ pkgs ? import <nixpkgs> {},
ffdd-server ? builtins.fetchGit "https://github.com/Freifunk-Dresden/ffdd-server.git",
bmxd,
ddmeshNode,
... }:
{ pkgs ? import <nixpkgs> { }, ffdd-server ?
builtins.fetchGit "https://github.com/Freifunk-Dresden/ffdd-server.git", bmxd
, ddmeshNode, ... }:
with pkgs;
let
@ -18,8 +16,7 @@ let
gps_longitude = "13.7285866";
gps_altitude = "100";
};
in
stdenv.mkDerivation {
in stdenv.mkDerivation {
name = "sysinfo-json";
src = "${ffdd-server}/salt/freifunk/base/ddmesh/";
buildPhase = ''
@ -50,14 +47,21 @@ stdenv.mkDerivation {
--replace '"node_type":"server"' '"node_type":"node"' \
--replace ddmesh-ipcalc.sh $out/bin/ddmesh-ipcalc.sh \
--replace lsb_release $out/bin/lsb_release \
--replace ${lib.strings.escapeShellArg "$(sudo /sbin/iptables -w -xvn -L stat_from_ovpn | awk '/RETURN/{print $2}')"} 0 \
--replace ${lib.strings.escapeShellArg "$(sudo /sbin/iptables -w -xvn -L stat_to_ovpn | awk '/RETURN/{print $2}')"} 0 \
--replace ${
lib.strings.escapeShellArg
"$(sudo /sbin/iptables -w -xvn -L stat_from_ovpn | awk '/RETURN/{print $2}')"
} 0 \
--replace ${
lib.strings.escapeShellArg
"$(sudo /sbin/iptables -w -xvn -L stat_to_ovpn | awk '/RETURN/{print $2}')"
} 0 \
--replace 'nettype_lookup[$2]' '"lan"' \
--replace awk ${gawk}/bin/awk
'' +
lib.strings.concatStrings (lib.attrsets.mapAttrsToList (
var: value: "substituteInPlace sysinfo-json.cgi --replace ${lib.strings.escapeShellArg "$(uci -qX get ffdd.sys.${var})"} '${value}'\n"
) nvram);
'' + lib.strings.concatStrings (lib.attrsets.mapAttrsToList (var: value: ''
substituteInPlace sysinfo-json.cgi --replace ${
lib.strings.escapeShellArg "$(uci -qX get ffdd.sys.${var})"
} '${value}'
'') nvram);
installPhase = ''
pwd
mkdir -p $out/bin

51
hosts/containers/kibana/configuration.nix
View File

@ -9,7 +9,10 @@
];
networking.hostName = "kibana";
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.44"; prefixLength = 26; } ];
networking.interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.44";
prefixLength = 26;
}];
networking.defaultGateway = "172.20.73.1";
networking.firewall.allowedTCPPorts = [ 80 443 ];
@ -31,32 +34,30 @@
acceptTerms = true;
email = "mail@c3d2.de";
};
services.nginx =
let
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
vhost = url: {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = url;
extraConfig = ''
auth_basic "Chaos";
auth_basic_user_file ${authFile};
'';
};
};
in
{
enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"kibana.hq.c3d2.de" =
vhost "http://127.0.0.1:${toString config.services.kibana.port}";
"kibana-es.hq.c3d2.de" =
vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
services.nginx = let
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
vhost = url: {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = url;
extraConfig = ''
auth_basic "Chaos";
auth_basic_user_file ${authFile};
'';
};
};
in {
enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"kibana.hq.c3d2.de" =
vhost "http://127.0.0.1:${toString config.services.kibana.port}";
"kibana-es.hq.c3d2.de" =
vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
};
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database

122
hosts/containers/scrape/configuration.nix
View File

@ -24,77 +24,77 @@ in {
enableHail = false;
};
networking.hostName = "scrape";
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.32"; prefixLength = 26; } ];
networking.interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.32";
prefixLength = 26;
}];
networking.defaultGateway = "172.20.73.1";
# Required for krops
services.openssh.enable = true;
environment.systemPackages = [ pkgs.git ];
systemd.services =
let
scrapers = import (
builtins.fetchGit { url = "https://gitea.c3d2.de/astro/scrapers.git"; }
) {
inherit pkgs;
systemd.services = let
scrapers = import (builtins.fetchGit {
url = "https://gitea.c3d2.de/astro/scrapers.git";
}) { inherit pkgs; };
makeService = { script, host, user ? "", password ? "" }: {
script =
"${scrapers.${script}}/bin/${script} ${host} ${user} ${password}";
};
xeriLogin = import <secrets/hosts/scrape/xeri.nix>;
fhemLogin = import <secrets/hosts/scrape/fhem.nix>;
matematLogin = import <secrets/hosts/scrape/matemat.nix>;
makeNodeScraper = nodeId: {
name = "scrape-node${nodeId}";
value = makeService {
script = "freifunk_node";
host = freifunkNodes.${nodeId};
};
makeService = { script, host, user ? "", password ? "" }: {
script = "${scrapers.${script}}/bin/${script} ${host} ${user} ${password}";
};
xeriLogin = import <secrets/hosts/scrape/xeri.nix>;
fhemLogin = import <secrets/hosts/scrape/fhem.nix>;
matematLogin = import <secrets/hosts/scrape/matemat.nix>;
makeNodeScraper = nodeId: {
name = "scrape-node${nodeId}";
value = makeService {
script = "freifunk_node";
host = freifunkNodes.${nodeId};
};
};
in {
scrape-xeri = makeService {
script = "xerox";
host = "xeri.hq.c3d2.de";
inherit (xeriLogin) user password;
};
scrape-roxi = makeService {
script = "xerox";
host = "roxi.hq.c3d2.de";
};
scrape-fhem = makeService {
script = "fhem";
host = "fhem.hq.c3d2.de";
inherit (fhemLogin) user password;
};
scrape-matemat = makeService {
script = "matemat";
host = "matemat.hq.c3d2.de";
inherit (matematLogin) user password;
};
} // builtins.listToAttrs (map makeNodeScraper (builtins.attrNames freifunkNodes));
};
in {
scrape-xeri = makeService {
script = "xerox";
host = "xeri.hq.c3d2.de";
inherit (xeriLogin) user password;
};
scrape-roxi = makeService {
script = "xerox";
host = "roxi.hq.c3d2.de";
};
scrape-fhem = makeService {
script = "fhem";
host = "fhem.hq.c3d2.de";
inherit (fhemLogin) user password;
};
scrape-matemat = makeService {
script = "matemat";
host = "matemat.hq.c3d2.de";
inherit (matematLogin) user password;
};
} // builtins.listToAttrs
(map makeNodeScraper (builtins.attrNames freifunkNodes));
systemd.timers =
let
makeTimer = service: interval: {
partOf = [ "${service}.service" ];
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = interval;
systemd.timers = let
makeTimer = service: interval: {
partOf = [ "${service}.service" ];
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = interval;
};
makeNodeScraperTimer = nodeId:
let name = "scrape-node${nodeId}";
in {
inherit name;
value = makeTimer name "minutely";
};
makeNodeScraperTimer = nodeId:
let
name = "scrape-node${nodeId}";
in {
inherit name;
value = makeTimer name "minutely";
};
in {
scrape-xeri = makeTimer "scrape-xeri.service" "minutely";
scrape-roxi = makeTimer "scrape-roxi.service" "minutely";
scrape-fhem = makeTimer "scrape-fhem.service" "minutely";
scrape-matemat = makeTimer "scrape-matemat.service" "minutely";
} // builtins.listToAttrs (map makeNodeScraperTimer (builtins.attrNames freifunkNodes));
in {
scrape-xeri = makeTimer "scrape-xeri.service" "minutely";
scrape-roxi = makeTimer "scrape-roxi.service" "minutely";
scrape-fhem = makeTimer "scrape-fhem.service" "minutely";
scrape-matemat = makeTimer "scrape-matemat.service" "minutely";
} // builtins.listToAttrs
(map makeNodeScraperTimer (builtins.attrNames freifunkNodes));
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database

16
hosts/glotzbert/configuration.nix
View File

@ -44,9 +44,15 @@
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget vim git tmux screen
chromium firefox
mpv kodi
wget
vim
git
tmux
screen
chromium
firefox
mpv
kodi
];
systemd.user.services.x11vnc = {
@ -108,9 +114,7 @@
services.xserver.xkbOptions = "eurosign:e";
services.xserver.displayManager = {
lightdm = {
enable = true;
};
lightdm = { enable = true; };
autoLogin = {
enable = true;
user = "k-ot";

30
hosts/pulsebert/configuration.nix
View File

@ -7,15 +7,18 @@
let
octoprintPort = 8080;
espCam = "http://172.20.78.164:81";
in
{
in {
imports = [ # Include the results of the hardware scan.
<this-host/hardware-configuration.nix>
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = false;
boot.loader.raspberryPi = { enable = true; version = 4; uboot.enable = false; };
boot.loader.raspberryPi = {
enable = true;
version = 4;
uboot.enable = false;
};
#boot.kernelPackages = pkgs.linuxPackages_rpi4;
boot.kernelPackages = pkgs.linuxPackages_latest;
@ -49,10 +52,7 @@ in
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget vim git
raspberrypi-tools
];
environment.systemPackages = with pkgs; [ wget vim git raspberrypi-tools ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
@ -83,7 +83,6 @@ in
extraGroups = [ "wheel" "audio" ];
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
@ -111,10 +110,13 @@ in
systemWide = true;
tcp.enable = true;
tcp.anonymousClients.allowedIpRanges = [
"127.0.0.0/8" "::1/128"
"127.0.0.0/8"
"::1/128"
"fd23:42:c3d2:500::/56"
"172.22.99.0/24" "2a02:8106:208:5200::/56"
"172.20.72.0/21" "2a02:8106:211:e900::/56"
"172.22.99.0/24"
"2a02:8106:208:5200::/56"
"172.20.72.0/21"
"2a02:8106:211:e900::/56"
];
zeroconf.publish.enable = true;
package = pkgs.pulseaudioFull;
@ -190,11 +192,11 @@ in
};
# Allow access to printer serial port and GPIO
users.users.${config.services.octoprint.user}.extraGroups = [ "dialout" "gpio" ];
users.users.${config.services.octoprint.user}.extraGroups =
[ "dialout" "gpio" ];
systemd.services.mjpeg-stream =
let
mjpeg-proxy = pkgs.callPackage <lib/pkgs/mjpeg-proxy.nix> {};
let mjpeg-proxy = pkgs.callPackage <lib/pkgs/mjpeg-proxy.nix> { };
in {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];

4
hosts/storage-ng/configuration.nix
View File

@ -100,8 +100,8 @@ in {
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
allowSFTP = true;
enable = true;
allowSFTP = true;
};
services.atftpd = {

10
lib/default.nix
View File

@ -162,12 +162,10 @@ in {
host.ip6
else
toHqPrivateAddress hostName;
in [
{
name = ip6;
value = [ "${hostName}.hq" hostName ];
}
] ++ lib.optional (hasAttr "ip4" host) {
in [{
name = ip6;
value = [ "${hostName}.hq" hostName ];
}] ++ lib.optional (hasAttr "ip4" host) {
name = host.ip4;
value = [ "${hostName}.hq" hostName ];
};

21
lib/lxc-container.nix
View File

@ -15,7 +15,8 @@
networking.useNetworkd = true;
networking.useDHCP = false;
services.resolved.enable = false;
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
networking.nameservers =
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
networking.interfaces.eth0 = {
useDHCP = false;
@ -36,15 +37,17 @@
# Create a few files early before packing tarball for Proxmox
# architecture/OS detection.
system.extraSystemBuilderCmds =
''
mkdir -m 0755 -p $out/bin
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
mkdir -m 0755 -p $out/sbin
ln -s ../init $out/sbin/init
'';
system.extraSystemBuilderCmds = ''
mkdir -m 0755 -p $out/bin
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
mkdir -m 0755 -p $out/sbin
ln -s ../init $out/sbin/init
'';
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
fileSystems."/" = {
fsType = "rootfs";
device = "rootfs";
};
# add central logging
services.journalbeat = {