flakificaion #5
36
README.md
36
README.md
|
@ -1,7 +1,37 @@
|
||||||
|
# Setup
|
||||||
|
|
||||||
|
Nix with flakes support is required. Run this in a shell…
|
||||||
|
```
|
||||||
|
# Enter a temporary shell with flakes support:
|
||||||
|
nix-shell --packages nixFlakes
|
||||||
|
|
||||||
|
# Set some configuration (do this only once):
|
||||||
|
echo 'experimental-features = nix-command flakes' >> ~/.config/nix/nix.conf
|
||||||
|
|
||||||
|
# Add this repository to your local flake registry:
|
||||||
|
nix registry add c3d2 git+https://gitea.c3d2.de/C3D2/nix-config
|
||||||
|
```
|
||||||
|
|
||||||
|
…or set this to your NixOS configuration:
|
||||||
|
```
|
||||||
|
{ pkgs, ... }: {
|
||||||
|
nix = {
|
||||||
|
package = pkgs.nixFlakes;
|
||||||
|
extraOptions = "experimental-features = nix-command flakes";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
# Deployment
|
# Deployment
|
||||||
|
|
||||||
Beide failen bei Activation des neuen Profils. (TODO)
|
Beide failen bei Activation des neuen Profils. (TODO)
|
||||||
|
|
||||||
|
## Mit flakes
|
||||||
|
|
||||||
|
Use `nix run` with one of the deploy scripts exported by the flake,
|
||||||
|
for example: `nix run c3d2#deploy-glotzbert switch`. Use `nix flake show c3d2`
|
||||||
|
to show what is available. Note that the deploy scripts only work if
|
||||||
|
the target machines already has flakes enabled.
|
||||||
|
|
||||||
## Mit NixOps
|
## Mit NixOps
|
||||||
|
|
||||||
|
@ -83,3 +113,9 @@ in {
|
||||||
}
|
}
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
# Custom packages
|
||||||
|
|
||||||
|
Additional packages can be added to [./nixpkgs-overlay]. These packages are available
|
||||||
|
during NixOS configuration as well as from the flake via `nix shell c3d2#…` (see above
|
||||||
|
for adding this repository to your local nix registry).
|
||||||
|
|
91
flake.lock
91
flake.lock
|
@ -1,77 +1,6 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"hydra": {
|
|
||||||
"inputs": {
|
|
||||||
"nix": "nix",
|
|
||||||
"nixpkgs": [
|
|
||||||
"hydra",
|
|
||||||
"nix",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1603366072,
|
|
||||||
"narHash": "sha256-9dK7Mx9BZHZTeJ/oolS7nMakVnCdXQlsA2ePWNPhQks=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "hydra",
|
|
||||||
"rev": "be709d450b98a384374228db51c14dc958a3a72a",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"id": "hydra",
|
|
||||||
"type": "indirect"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"lowdown-src": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1598695561,
|
|
||||||
"narHash": "sha256-gyH/5j+h/nWw0W8AcR2WKvNBUsiQ7QuxqSJNXAwV+8E=",
|
|
||||||
"owner": "kristapsdz",
|
|
||||||
"repo": "lowdown",
|
|
||||||
"rev": "1705b4a26fbf065d9574dce47a94e8c7c79e052f",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "kristapsdz",
|
|
||||||
"repo": "lowdown",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nix": {
|
|
||||||
"inputs": {
|
|
||||||
"lowdown-src": "lowdown-src",
|
|
||||||
"nixpkgs": "nixpkgs"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1603189103,
|
|
||||||
"narHash": "sha256-KVS/Z6FzMBOl5XCyOLwfiVoX7G2LQRa9HMGNnJRPCoo=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nix",
|
|
||||||
"rev": "e0ca98c2071b815578470e280df8fdb750c7e23b",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"id": "nix",
|
|
||||||
"type": "indirect"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
|
||||||
"lastModified": 1602702596,
|
|
||||||
"narHash": "sha256-fqJ4UgOb4ZUnCDIapDb4gCrtAah5Rnr2/At3IzMitig=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "ad0d20345219790533ebe06571f82ed6b034db31",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"id": "nixpkgs",
|
|
||||||
"ref": "nixos-20.09-small",
|
|
||||||
"type": "indirect"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_2": {
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1603722914,
|
"lastModified": 1603722914,
|
||||||
"narHash": "sha256-V3cst4osjvfsrR5Qpk8CYWRFQiGm1Rm4lanjMWooH2o=",
|
"narHash": "sha256-V3cst4osjvfsrR5Qpk8CYWRFQiGm1Rm4lanjMWooH2o=",
|
||||||
|
@ -89,8 +18,24 @@
|
||||||
},
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"hydra": "hydra",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs": "nixpkgs_2"
|
"secrets": "secrets"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"secrets": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1607473285,
|
||||||
|
"narHash": "sha256-cnilic++Xa2RB8krfNe0/ndZ6jFo2FQWIq8YrZ1pWrE=",
|
||||||
|
"ref": "master",
|
||||||
|
"rev": "0efb7df81d358c033a72fcc0c65016ff86f54858",
|
||||||
|
"revCount": 76,
|
||||||
|
"type": "git",
|
||||||
|
"url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
105
flake.nix
105
flake.nix
|
@ -3,31 +3,106 @@
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/release-20.09";
|
nixpkgs.url = "github:nixos/nixpkgs/release-20.09";
|
||||||
# secrets.url = "git+file:///etc/nixos/secrets";
|
secrets = {
|
||||||
|
url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
|
||||||
|
flake = false;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, hydra }: {
|
outputs = { self, nixpkgs, secrets }:
|
||||||
|
let
|
||||||
|
forAllSystems = f:
|
||||||
|
nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]
|
||||||
|
(system: f system);
|
||||||
|
in {
|
||||||
|
|
||||||
nixosConfigurations = {
|
overlay = import ./nixpkgs-overlay;
|
||||||
|
|
||||||
glotzbert = nixpkgs.lib.nixosSystem {
|
legacyPackages = forAllSystems (system:
|
||||||
modules = [ ./hosts/glotzbert/configuration.nix ];
|
import nixpkgs {
|
||||||
system = "x86_64-linux";
|
inherit system;
|
||||||
|
overlays = [ self.overlay ];
|
||||||
|
});
|
||||||
|
|
||||||
|
packages = forAllSystems (system:
|
||||||
|
let
|
||||||
|
pkgs = self.legacyPackages.${system};
|
||||||
|
|
||||||
|
mkDeploy =
|
||||||
|
# Generate a small script for copying this flake to the
|
||||||
|
# remote machine and bulding and switching there.
|
||||||
|
# Can be run with nix run c3d2#deploy-…
|
||||||
|
name: host:
|
||||||
|
let target = "root@${host}";
|
||||||
|
in pkgs.writeScriptBin "deploy-${name}" ''
|
||||||
|
#!${pkgs.runtimeShell}
|
||||||
|
set -ev
|
||||||
|
nix-copy-closure --to ${target} ${self}
|
||||||
|
exec ssh -t ${target} \
|
||||||
|
nix shell \
|
||||||
|
${self}#nixosConfigurations.${name}.config.system.build.toplevel \
|
||||||
|
--command switch-to-configuration $@
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
inherit (pkgs) bmxd;
|
||||||
|
inherit (pkgs.pile) ledball;
|
||||||
|
|
||||||
|
deploy-freifunk = mkDeploy "freifunk" "172.20.72.40";
|
||||||
|
deploy-glotzbert = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de";
|
||||||
|
deploy-kibana = mkDeploy "kibana" "172.20.73.44";
|
||||||
|
deploy-ledstripes = mkDeploy "ledstripes" "172.22.99.168";
|
||||||
|
deploy-scrape = mkDeploy "scrape" "172.20.73.32";
|
||||||
|
});
|
||||||
|
|
||||||
|
nixosConfigurations = let
|
||||||
|
|
||||||
|
nixosSystem' =
|
||||||
|
# Our custom NixOS builder
|
||||||
|
{ modules, system ? "x86_64-linux", ... }@args:
|
||||||
|
nixpkgs.lib.nixosSystem (args // {
|
||||||
|
inherit system;
|
||||||
|
modules = modules ++ [
|
||||||
|
self.nixosModules.c3d2
|
||||||
|
({ pkgs, ... }: {
|
||||||
|
nix = {
|
||||||
|
package = pkgs.nixFlakes;
|
||||||
|
extraOptions = "experimental-features = nix-command flakes";
|
||||||
|
};
|
||||||
|
nixpkgs.overlays = [ self.overlay ];
|
||||||
|
})
|
||||||
|
];
|
||||||
|
});
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
freifunk = nixosSystem' {
|
||||||
|
modules = [
|
||||||
|
(import ./hosts/containers/freifunk/configuration.nix {
|
||||||
|
inherit secrets;
|
||||||
|
})
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
hydra = nixpkgs.lib.nixosSystem {
|
glotzbert =
|
||||||
modules = [ ./hosts/hydra/configuration.nix ];
|
nixosSystem' { modules = [ ./hosts/glotzbert/configuration.nix ]; };
|
||||||
system = "x86_64-linux";
|
|
||||||
};
|
|
||||||
|
|
||||||
kibana = nixpkgs.lib.nixosSystem {
|
kibana = nixosSystem' {
|
||||||
modules = [ ./hosts/containers/kibana/configuration.nix ];
|
modules = [ ./hosts/containers/kibana/configuration.nix ];
|
||||||
system = "x86_64-linux";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
pulsebert = nixpkgs.lib.nixosSystem {
|
ledstripes = nixosSystem' {
|
||||||
modules = [ ./hosts/pulsebert/configuration.nix ];
|
modules = [ ./hosts/containers/ledstripes/configuration.nix ];
|
||||||
system = "aarch64-linux";
|
};
|
||||||
|
|
||||||
|
pulsebert =
|
||||||
|
nixosSystem' { modules = [ ./hosts/pulsebert/configuration.nix ]; };
|
||||||
|
|
||||||
|
scrape = nixosSystem' {
|
||||||
|
modules = [
|
||||||
|
(import ./hosts/containers/scrape/configuration.nix {
|
||||||
|
inherit secrets;
|
||||||
|
})
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ secrets }:
|
||||||
|
{ config, pkgs, lib, modulesPath, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
coreAddress = "172.20.72.40";
|
coreAddress = "172.20.72.40";
|
||||||
|
@ -6,20 +7,17 @@ let
|
||||||
meshInterface = "bmx";
|
meshInterface = "bmx";
|
||||||
meshLoopback = "bmx_prime";
|
meshLoopback = "bmx_prime";
|
||||||
ddmeshRegisterUrl = "https://register.freifunk-dresden.de/bot.php";
|
ddmeshRegisterUrl = "https://register.freifunk-dresden.de/bot.php";
|
||||||
secrets = import <secrets/hosts/freifunk>;
|
secrets' = import "${secrets}/hosts/freifunk";
|
||||||
ddmeshRegisterKey = secrets.ddmeshRegisterKey;
|
ddmeshRegisterKey = secrets'.ddmeshRegisterKey;
|
||||||
ddmeshNode = 51073;
|
ddmeshNode = 51073;
|
||||||
ddmeshAddrPart = "200.74";
|
ddmeshAddrPart = "200.74";
|
||||||
rt_table = 7;
|
rt_table = 7;
|
||||||
bmxd = import (toString <lib/pkgs/bmxd.nix>) { inherit pkgs; };
|
sysinfo-json = import ./sysinfo-json.nix { inherit pkgs ddmeshNode; };
|
||||||
sysinfo-json =
|
|
||||||
import <this-host/sysinfo-json.nix> { inherit pkgs bmxd ddmeshNode; };
|
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
"${modulesPath}/profiles/minimal.nix"
|
||||||
<lib>
|
../../../lib/lxc-container.nix
|
||||||
<lib/lxc-container.nix>
|
../../../lib/shared.nix
|
||||||
<lib/shared.nix>
|
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.tmpOnTmpfs = true;
|
boot.tmpOnTmpfs = true;
|
||||||
|
@ -119,7 +117,7 @@ in {
|
||||||
wantedBy = [ "network.target" ];
|
wantedBy = [ "network.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${bmxd}/sbin/bmxd \
|
${pkgs.bmxd}/sbin/bmxd \
|
||||||
--rt_table_offset=${toString rt_table} \
|
--rt_table_offset=${toString rt_table} \
|
||||||
--no_fork 1 \
|
--no_fork 1 \
|
||||||
--throw-rules 0 \
|
--throw-rules 0 \
|
||||||
|
@ -194,7 +192,9 @@ in {
|
||||||
stubnet 10.200.0.0/15;
|
stubnet 10.200.0.0/15;
|
||||||
interface "core" {
|
interface "core" {
|
||||||
authentication cryptographic;
|
authentication cryptographic;
|
||||||
password "${import <secrets/shared/ospf/message-digest-key.nix>}";
|
password "${
|
||||||
|
import "${secrets}/shared/ospf/message-digest-key.nix"
|
||||||
|
}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -208,7 +208,9 @@ in {
|
||||||
};
|
};
|
||||||
interface "core" {
|
interface "core" {
|
||||||
#authentication cryptographic;
|
#authentication cryptographic;
|
||||||
#password "${import <secrets/shared/ospf/message-digest-key.nix>}";
|
#password "${
|
||||||
|
import "${secrets}/shared/ospf/message-digest-key.nix"
|
||||||
|
}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -229,7 +231,7 @@ in {
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"c3d2.ffdd" = {
|
"c3d2.ffdd" = {
|
||||||
default = true;
|
default = true;
|
||||||
root = <this-host/assets>;
|
root = ./assets;
|
||||||
locations = let
|
locations = let
|
||||||
sysinfo-json = {
|
sysinfo-json = {
|
||||||
alias = "/run/nginx/sysinfo.json";
|
alias = "/run/nginx/sysinfo.json";
|
||||||
|
@ -242,9 +244,7 @@ in {
|
||||||
index = "index.html";
|
index = "index.html";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
etag off;
|
etag off;
|
||||||
add_header etag "\"${
|
add_header etag "\"${builtins.substring 11 32 (./assets)}\"";
|
||||||
builtins.substring 11 32 (<this-host> + "/assets")
|
|
||||||
}\"";
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"=/sysinfo-json.cgi" = sysinfo-json;
|
"=/sysinfo-json.cgi" = sysinfo-json;
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
{ pkgs ? import <nixpkgs> { }, ffdd-server ?
|
{ pkgs ? import <nixpkgs> { }, ffdd-server ? pkgs.fetchgit {
|
||||||
builtins.fetchGit "https://github.com/Freifunk-Dresden/ffdd-server.git", bmxd
|
url = "https://github.com/Freifunk-Dresden/ffdd-server.git";
|
||||||
, ddmeshNode, ... }:
|
sha256 = "15iijpywfp0zd785na5ry0g8z41x3zg238piih5rp8khc5xis09c";
|
||||||
|
}, ddmeshNode, ... }:
|
||||||
|
|
||||||
with pkgs;
|
with pkgs;
|
||||||
let
|
let
|
||||||
|
|
|
@ -3,16 +3,12 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/profiles/minimal.nix")
|
(modulesPath + "/profiles/minimal.nix")
|
||||||
../../../lib
|
|
||||||
../../../lib/lxc-container.nix
|
../../../lib/lxc-container.nix
|
||||||
../../../lib/shared.nix
|
../../../lib/shared.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "kibana";
|
networking.hostName = "kibana";
|
||||||
networking.interfaces.eth0.ipv4.addresses = [{
|
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.44"; prefixLength = 26; } ];
|
||||||
address = "172.20.73.44";
|
|
||||||
prefixLength = 26;
|
|
||||||
}];
|
|
||||||
networking.defaultGateway = "172.20.73.1";
|
networking.defaultGateway = "172.20.73.1";
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
@ -34,7 +30,8 @@
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
email = "mail@c3d2.de";
|
email = "mail@c3d2.de";
|
||||||
};
|
};
|
||||||
services.nginx = let
|
services.nginx =
|
||||||
|
let
|
||||||
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
||||||
vhost = url: {
|
vhost = url: {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
@ -47,7 +44,8 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
enable = true;
|
enable = true;
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/profiles/minimal.nix")
|
(modulesPath + "/profiles/minimal.nix")
|
||||||
../../../lib
|
|
||||||
../../../lib/lxc-container.nix
|
../../../lib/lxc-container.nix
|
||||||
../../../lib/shared.nix
|
../../../lib/shared.nix
|
||||||
];
|
];
|
||||||
|
@ -21,13 +20,11 @@
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
environment.systemPackages = [ pkgs.git ];
|
environment.systemPackages = [ pkgs.git ];
|
||||||
|
|
||||||
systemd.services.ledball =
|
systemd.services.ledball = {
|
||||||
let pile = import ../../../lib/pkgs/pile.nix { inherit pkgs; };
|
|
||||||
in {
|
|
||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pile.ledball}/bin/rows";
|
ExecStart = "${pkgs.pile.ledball}/bin/rows";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
{ secrets }:
|
||||||
{ config, pkgs, lib, modulesPath, ... }:
|
{ config, pkgs, lib, modulesPath, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
@ -13,7 +14,6 @@ let
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/profiles/minimal.nix")
|
(modulesPath + "/profiles/minimal.nix")
|
||||||
../../../lib
|
|
||||||
../../../lib/lxc-container.nix
|
../../../lib/lxc-container.nix
|
||||||
../../../lib/shared.nix
|
../../../lib/shared.nix
|
||||||
];
|
];
|
||||||
|
@ -36,16 +36,17 @@ in {
|
||||||
environment.systemPackages = [ pkgs.git ];
|
environment.systemPackages = [ pkgs.git ];
|
||||||
|
|
||||||
systemd.services = let
|
systemd.services = let
|
||||||
scrapers = import (builtins.fetchGit {
|
scrapers = import (pkgs.fetchgit {
|
||||||
url = "https://gitea.c3d2.de/astro/scrapers.git";
|
url = "https://gitea.c3d2.de/astro/scrapers.git";
|
||||||
|
sha256 = "0fnq58gz7lgn615jn7fqkk5wmn7mv7nkk5zayifhwyybagi9nvlr";
|
||||||
}) { inherit pkgs; };
|
}) { inherit pkgs; };
|
||||||
makeService = { script, host, user ? "", password ? "" }: {
|
makeService = { script, host, user ? "", password ? "" }: {
|
||||||
script =
|
script =
|
||||||
"${scrapers.${script}}/bin/${script} ${host} ${user} ${password}";
|
"${scrapers.${script}}/bin/${script} ${host} ${user} ${password}";
|
||||||
};
|
};
|
||||||
xeriLogin = import <secrets/hosts/scrape/xeri.nix>;
|
xeriLogin = import "${secrets}/hosts/scrape/xeri.nix";
|
||||||
fhemLogin = import <secrets/hosts/scrape/fhem.nix>;
|
fhemLogin = import "${secrets}/hosts/scrape/fhem.nix";
|
||||||
matematLogin = import <secrets/hosts/scrape/matemat.nix>;
|
matematLogin = import "${secrets}/hosts/scrape/matemat.nix";
|
||||||
makeNodeScraper = nodeId: {
|
makeNodeScraper = nodeId: {
|
||||||
name = "scrape-node${nodeId}";
|
name = "scrape-node${nodeId}";
|
||||||
value = makeService {
|
value = makeService {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ <this-host/hardware-configuration.nix> <lib> ];
|
imports = [ ./hardware-configuration.nix ];
|
||||||
|
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
users.k-ot = true;
|
users.k-ot = true;
|
||||||
|
@ -44,15 +44,9 @@
|
||||||
# List packages installed in system profile. To search, run:
|
# List packages installed in system profile. To search, run:
|
||||||
# $ nix search wget
|
# $ nix search wget
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
wget
|
wget vim git tmux screen
|
||||||
vim
|
chromium firefox
|
||||||
git
|
mpv kodi
|
||||||
tmux
|
|
||||||
screen
|
|
||||||
chromium
|
|
||||||
firefox
|
|
||||||
mpv
|
|
||||||
kodi
|
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.user.services.x11vnc = {
|
systemd.user.services.x11vnc = {
|
||||||
|
@ -114,7 +108,9 @@
|
||||||
services.xserver.xkbOptions = "eurosign:e";
|
services.xserver.xkbOptions = "eurosign:e";
|
||||||
|
|
||||||
services.xserver.displayManager = {
|
services.xserver.displayManager = {
|
||||||
lightdm = { enable = true; };
|
lightdm = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
autoLogin = {
|
autoLogin = {
|
||||||
enable = true;
|
enable = true;
|
||||||
user = "k-ot";
|
user = "k-ot";
|
||||||
|
|
|
@ -7,18 +7,15 @@
|
||||||
let
|
let
|
||||||
octoprintPort = 8080;
|
octoprintPort = 8080;
|
||||||
espCam = "http://172.20.78.164:81";
|
espCam = "http://172.20.78.164:81";
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
imports = [ # Include the results of the hardware scan.
|
imports = [ # Include the results of the hardware scan.
|
||||||
<this-host/hardware-configuration.nix>
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.grub.enable = false;
|
boot.loader.grub.enable = false;
|
||||||
boot.loader.generic-extlinux-compatible.enable = false;
|
boot.loader.generic-extlinux-compatible.enable = false;
|
||||||
boot.loader.raspberryPi = {
|
boot.loader.raspberryPi = { enable = true; version = 4; uboot.enable = false; };
|
||||||
enable = true;
|
|
||||||
version = 4;
|
|
||||||
uboot.enable = false;
|
|
||||||
};
|
|
||||||
#boot.kernelPackages = pkgs.linuxPackages_rpi4;
|
#boot.kernelPackages = pkgs.linuxPackages_rpi4;
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
|
||||||
|
@ -52,7 +49,10 @@ in {
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
# List packages installed in system profile. To search, run:
|
||||||
# $ nix search wget
|
# $ nix search wget
|
||||||
environment.systemPackages = with pkgs; [ wget vim git raspberrypi-tools ];
|
environment.systemPackages = with pkgs; [
|
||||||
|
wget vim git
|
||||||
|
raspberrypi-tools
|
||||||
|
];
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
# started in user sessions.
|
# started in user sessions.
|
||||||
|
@ -83,6 +83,7 @@ in {
|
||||||
extraGroups = [ "wheel" "audio" ];
|
extraGroups = [ "wheel" "audio" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
# Open ports in the firewall.
|
# Open ports in the firewall.
|
||||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
@ -110,13 +111,10 @@ in {
|
||||||
systemWide = true;
|
systemWide = true;
|
||||||
tcp.enable = true;
|
tcp.enable = true;
|
||||||
tcp.anonymousClients.allowedIpRanges = [
|
tcp.anonymousClients.allowedIpRanges = [
|
||||||
"127.0.0.0/8"
|
"127.0.0.0/8" "::1/128"
|
||||||
"::1/128"
|
|
||||||
"fd23:42:c3d2:500::/56"
|
"fd23:42:c3d2:500::/56"
|
||||||
"172.22.99.0/24"
|
"172.22.99.0/24" "2a02:8106:208:5200::/56"
|
||||||
"2a02:8106:208:5200::/56"
|
"172.20.72.0/21" "2a02:8106:211:e900::/56"
|
||||||
"172.20.72.0/21"
|
|
||||||
"2a02:8106:211:e900::/56"
|
|
||||||
];
|
];
|
||||||
zeroconf.publish.enable = true;
|
zeroconf.publish.enable = true;
|
||||||
package = pkgs.pulseaudioFull;
|
package = pkgs.pulseaudioFull;
|
||||||
|
@ -192,11 +190,11 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
# Allow access to printer serial port and GPIO
|
# Allow access to printer serial port and GPIO
|
||||||
users.users.${config.services.octoprint.user}.extraGroups =
|
users.users.${config.services.octoprint.user}.extraGroups = [ "dialout" "gpio" ];
|
||||||
[ "dialout" "gpio" ];
|
|
||||||
|
|
||||||
systemd.services.mjpeg-stream =
|
systemd.services.mjpeg-stream =
|
||||||
let mjpeg-proxy = pkgs.callPackage <lib/pkgs/mjpeg-proxy.nix> { };
|
let
|
||||||
|
mjpeg-proxy = pkgs.callPackage ../../lib/pkgs/mjpeg-proxy.nix {};
|
||||||
in {
|
in {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
|
|
@ -8,7 +8,6 @@ let eth0 = "ens18";
|
||||||
in {
|
in {
|
||||||
imports = [ # Include the results of the hardware scan.
|
imports = [ # Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../lib
|
|
||||||
# ../../lib/hq.nix
|
# ../../lib/hq.nix
|
||||||
../../lib/shared.nix
|
../../lib/shared.nix
|
||||||
../../lib/default-gateway.nix
|
../../lib/default-gateway.nix
|
||||||
|
|
|
@ -189,6 +189,7 @@ in {
|
||||||
{ }
|
{ }
|
||||||
else {
|
else {
|
||||||
"${cfg.hq.interface}" = {
|
"${cfg.hq.interface}" = {
|
||||||
|
tempAddress = lib.mkDefault "disabled";
|
||||||
ipv6.addresses = [{
|
ipv6.addresses = [{
|
||||||
address = toHqPrivateAddress config.networking.hostName;
|
address = toHqPrivateAddress config.networking.hostName;
|
||||||
prefixLength = 64;
|
prefixLength = 64;
|
||||||
|
|
|
@ -15,12 +15,11 @@
|
||||||
networking.useNetworkd = true;
|
networking.useNetworkd = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
services.resolved.enable = false;
|
services.resolved.enable = false;
|
||||||
networking.nameservers =
|
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||||
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
|
||||||
|
|
||||||
networking.interfaces.eth0 = {
|
networking.interfaces.eth0 = {
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
preferTempAddress = false;
|
tempAddress = "disabled";
|
||||||
};
|
};
|
||||||
systemd.network.networks."40-eth0" = {
|
systemd.network.networks."40-eth0" = {
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
|
@ -37,17 +36,15 @@
|
||||||
|
|
||||||
# Create a few files early before packing tarball for Proxmox
|
# Create a few files early before packing tarball for Proxmox
|
||||||
# architecture/OS detection.
|
# architecture/OS detection.
|
||||||
system.extraSystemBuilderCmds = ''
|
system.extraSystemBuilderCmds =
|
||||||
|
''
|
||||||
mkdir -m 0755 -p $out/bin
|
mkdir -m 0755 -p $out/bin
|
||||||
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
|
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
|
||||||
mkdir -m 0755 -p $out/sbin
|
mkdir -m 0755 -p $out/sbin
|
||||||
ln -s ../init $out/sbin/init
|
ln -s ../init $out/sbin/init
|
||||||
'';
|
'';
|
||||||
|
|
||||||
fileSystems."/" = {
|
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
|
||||||
fsType = "rootfs";
|
|
||||||
device = "rootfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
# add central logging
|
# add central logging
|
||||||
services.journalbeat = {
|
services.journalbeat = {
|
||||||
|
|
|
@ -1,19 +1,24 @@
|
||||||
{ pkgs ? import <nixpkgs> {},
|
{ stdenv, fetchgit, fetchpatch, }:
|
||||||
src ? builtins.fetchGit "https://gitlab.freifunk-dresden.de/firmware-developer/firmware.git",
|
|
||||||
}:
|
|
||||||
|
|
||||||
with pkgs;
|
|
||||||
let
|
let
|
||||||
|
src = fetchgit {
|
||||||
|
url = "https://gitlab.freifunk-dresden.de/firmware-developer/firmware.git";
|
||||||
|
sha256 = "sha256-3sV59uqFp+TZKrDf7kmksLvz+5ZKriwFyXZMBH2Sdws=";
|
||||||
|
};
|
||||||
path = "feeds/19.07/feeds-own/bmxd";
|
path = "feeds/19.07/feeds-own/bmxd";
|
||||||
makefile = builtins.readFile "${src}/${path}/Makefile";
|
makefile = builtins.readFile "${src}/${path}/Makefile";
|
||||||
makeDef = name:
|
makeDef = name:
|
||||||
builtins.elemAt (builtins.match ".*?${name}:=([^\n]+).*?" makefile) 0;
|
builtins.elemAt (builtins.match ''
|
||||||
|
.*?${name}:=([^
|
||||||
|
]+).*?'' makefile) 0;
|
||||||
name = makeDef "PKG_NAME";
|
name = makeDef "PKG_NAME";
|
||||||
version = makeDef "PKG_VERSION";
|
version = makeDef "PKG_VERSION";
|
||||||
release = makeDef "PKG_RELEASE";
|
release = makeDef "PKG_RELEASE";
|
||||||
patch = fetchurl {
|
patch = fetchpatch {
|
||||||
url = "https://gitlab.freifunk-dresden.de/firmware-developer/firmware/merge_requests/36.patch";
|
name = "timercpy.patch";
|
||||||
sha256 = "10gm1fqg2s8c261i0j1py3sfyyzr0h5b6wwdsgg3icn7lfjd6k75";
|
url =
|
||||||
|
"https://gitlab.freifunk-dresden.de/firmware-developer/firmware/merge_requests/36.patch";
|
||||||
|
sha256 = "sha256-40BbcCZ10cQzvkfsAi8ApCgmC4hGMh2J8xU6gjD3cng=";
|
||||||
};
|
};
|
||||||
in stdenv.mkDerivation {
|
in stdenv.mkDerivation {
|
||||||
name = "${name}-${version}-${release}";
|
name = "${name}-${version}-${release}";
|
9
nixpkgs-overlay/default.nix
Normal file
9
nixpkgs-overlay/default.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
final: prev:
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
bmxd = prev.callPackage ./bmdx.nix { };
|
||||||
|
|
||||||
|
pile = prev.callPackage ./pile.nix { };
|
||||||
|
|
||||||
|
}
|
|
@ -1,8 +1,10 @@
|
||||||
{ pkgs ? import <nixpkgs> {} }:
|
{ fetchgit, rustPlatform }:
|
||||||
|
|
||||||
with pkgs;
|
|
||||||
let
|
let
|
||||||
pile = builtins.fetchGit "https://github.com/astro/pile.git";
|
pile = fetchgit {
|
||||||
|
url = "https://github.com/astro/pile.git";
|
||||||
|
sha256 = "sha256-z4xNUGmP35ZBZUpgozQHANZniADfmwEoclnEwNlvAC4=";
|
||||||
|
};
|
||||||
in {
|
in {
|
||||||
ledball = rustPlatform.buildRustPackage {
|
ledball = rustPlatform.buildRustPackage {
|
||||||
name = "ledball";
|
name = "ledball";
|
Loading…
Reference in New Issue
Block a user