Compare commits
No commits in common. "01560fbcadd3296cce1ea5d8b8167c338fcb9484" and "b9a581c63f898d95f4885a83141edc959c6cfdbd" have entirely different histories.
01560fbcad
...
b9a581c63f
17
README.md
17
README.md
@ -1,18 +1 @@
|
|||||||
# VCP Bundeslager 2022 Nixfiles
|
# VCP Bundeslager 2022 Nixfiles
|
||||||
|
|
||||||
## How to deploy
|
|
||||||
```
|
|
||||||
./deploy.sh apply switch --on vpn7
|
|
||||||
```
|
|
||||||
|
|
||||||
or to deploy all gateways:
|
|
||||||
|
|
||||||
```
|
|
||||||
./deploy.sh apply switch --on gateway
|
|
||||||
```
|
|
||||||
|
|
||||||
There is a special case for the nixdeploy-host:
|
|
||||||
```
|
|
||||||
./deploy.sh apply-local switch --sudo --node nixdeploy
|
|
||||||
```
|
|
||||||
|
|
||||||
|
64
common/common/default.nix
Normal file
64
common/common/default.nix
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ #
|
||||||
|
];
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.firewall.allowedTCPPorts = [ 19999 ];
|
||||||
|
services.netdata.enable = true;
|
||||||
|
|
||||||
|
# Select internationalisation properties.
|
||||||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
console = {
|
||||||
|
font = "Lat2-Terminus16";
|
||||||
|
keyMap = "de-latin1";
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.zsh = {
|
||||||
|
enable = true;
|
||||||
|
histSize = 10000;
|
||||||
|
autosuggestions.enable = true;
|
||||||
|
enableBashCompletion = true;
|
||||||
|
syntaxHighlighting.enable = true;
|
||||||
|
promptInit = ''
|
||||||
|
source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-''$VENDOR-''$OSTYPE}
|
||||||
|
[[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char
|
||||||
|
[[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char
|
||||||
|
bindkey "''${key[Up]}" up-line-or-search
|
||||||
|
bindkey "''${key[Home]}" beginning-of-line
|
||||||
|
bindkey "''${key[End]}" end-of-line
|
||||||
|
bindkey "''${key[Delete]}" delete-char
|
||||||
|
function command_not_found_handler() { command-not-found $1 }
|
||||||
|
alias cat='bat'
|
||||||
|
eval "$(direnv hook zsh)"
|
||||||
|
eval "$(starship init zsh)"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
programs.starship.enable = true;
|
||||||
|
|
||||||
|
programs.mtr.enable = true;
|
||||||
|
nix.settings = {
|
||||||
|
trusted-users = [ "@wheel" ];
|
||||||
|
auto-optimise-store = true;
|
||||||
|
};
|
||||||
|
nix.gc = {
|
||||||
|
automatic = true;
|
||||||
|
dates = "weekly";
|
||||||
|
options = "--delete-older-than 14d";
|
||||||
|
};
|
||||||
|
nix.extraOptions = ''
|
||||||
|
min-free = ${toString (100 * 1024 * 1024)}
|
||||||
|
max-free = ${toString (1024 * 1024 * 1024)}
|
||||||
|
'';
|
||||||
|
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
passwordAuthentication = false;
|
||||||
|
kbdInteractiveAuthentication = false;
|
||||||
|
permitRootLogin = "yes";
|
||||||
|
};
|
||||||
|
}
|
@ -1,76 +0,0 @@
|
|||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [ ../users ];
|
|
||||||
|
|
||||||
# Set your time zone.
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
# networking.useDHCP = false; TODO: why was this globally disabled?
|
|
||||||
networking.firewall.allowedTCPPorts = [ 19999 ];
|
|
||||||
services.netdata.enable = true;
|
|
||||||
|
|
||||||
# Select internationalisation properties.
|
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
|
||||||
console = {
|
|
||||||
font = "Lat2-Terminus16";
|
|
||||||
keyMap = "de-latin1";
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
wget
|
|
||||||
vim
|
|
||||||
tmux
|
|
||||||
screen
|
|
||||||
mtr
|
|
||||||
tcpdump
|
|
||||||
bat
|
|
||||||
direnv
|
|
||||||
starship
|
|
||||||
];
|
|
||||||
|
|
||||||
programs.zsh = {
|
|
||||||
enable = true;
|
|
||||||
histSize = 10000;
|
|
||||||
autosuggestions.enable = true;
|
|
||||||
enableBashCompletion = true;
|
|
||||||
syntaxHighlighting.enable = true;
|
|
||||||
promptInit = ''
|
|
||||||
source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-$VENDOR-$OSTYPE}
|
|
||||||
[[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char
|
|
||||||
[[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char
|
|
||||||
bindkey "''${key[Up]}" up-line-or-search
|
|
||||||
bindkey "''${key[Home]}" beginning-of-line
|
|
||||||
bindkey "''${key[End]}" end-of-line
|
|
||||||
bindkey "''${key[Delete]}" delete-char
|
|
||||||
function command_not_found_handler() { command-not-found $1 }
|
|
||||||
alias cat='bat'
|
|
||||||
eval "$(direnv hook zsh)"
|
|
||||||
eval "$(starship init zsh)"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
programs.starship.enable = true;
|
|
||||||
|
|
||||||
programs.mtr.enable = true;
|
|
||||||
nix.settings = {
|
|
||||||
trusted-users = [ "@wheel" ];
|
|
||||||
auto-optimise-store = true;
|
|
||||||
};
|
|
||||||
nix.gc = {
|
|
||||||
automatic = true;
|
|
||||||
dates = "weekly";
|
|
||||||
options = "--delete-older-than 14d";
|
|
||||||
};
|
|
||||||
nix.extraOptions = ''
|
|
||||||
min-free = ${toString (100 * 1024 * 1024)}
|
|
||||||
max-free = ${toString (1024 * 1024 * 1024)}
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
passwordAuthentication = false;
|
|
||||||
kbdInteractiveAuthentication = false;
|
|
||||||
permitRootLogin = "yes";
|
|
||||||
};
|
|
||||||
|
|
||||||
security.sudo.wheelNeedsPassword = false;
|
|
||||||
}
|
|
@ -1,6 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
DEPLOY_HOST="nixdeploy.bula22.de"
|
|
||||||
|
|
||||||
rsync -r . ${DEPLOY_HOST}:bula-nixfiles/
|
|
||||||
ssh -tA ${DEPLOY_HOST} "cd bula-nixfiles && colmena $@"
|
|
27
flake.lock
27
flake.lock
@ -1,27 +0,0 @@
|
|||||||
{
|
|
||||||
"nodes": {
|
|
||||||
"nixpkgs": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1657114324,
|
|
||||||
"narHash": "sha256-fWuaUNXrHcz/ciHRHlcSO92dvV3EVS0GJQUSBO5JIB4=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "a5c867d9fe9e4380452628e8f171c26b69fa9d3d",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixos-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": "nixpkgs"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": "root",
|
|
||||||
"version": 7
|
|
||||||
}
|
|
62
flake.nix
62
flake.nix
@ -1,41 +1,25 @@
|
|||||||
{
|
{
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||||
};
|
|
||||||
outputs = { nixpkgs, ... }: {
|
|
||||||
colmena = {
|
|
||||||
meta = {
|
|
||||||
nixpkgs = import nixpkgs {
|
|
||||||
system = "x86_64-linux";
|
|
||||||
overlays = [ (final: prev: import ./packages final prev) ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
defaults = { config, lib, name, ... }: {
|
|
||||||
imports = [
|
|
||||||
(./. + "/hosts/${name}/configuration.nix")
|
|
||||||
./modules
|
|
||||||
./common
|
|
||||||
];
|
|
||||||
|
|
||||||
deployment.targetUser = null;
|
|
||||||
};
|
|
||||||
|
|
||||||
nixdeploy = {...}: {
|
|
||||||
deployment.targetHost = "nixdeploy.bula22.de";
|
|
||||||
deployment.allowLocalDeployment = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
pre-router = { config, pkgs, ... }: {
|
|
||||||
deployment.targetHost = "lightbuffet.entr0py.cloud";
|
|
||||||
deployment.keys = {
|
|
||||||
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
pre-yate-n0emis = { config, pkgs, ... }: {
|
|
||||||
deployment.targetHost = "2001:470:7694::5e5";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
outputs = { nixpkgs, ... }: {
|
||||||
}
|
colmena = {
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
nixpkgs = import nixpkgs {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
pre-router = { config, pkgs, ... }:{
|
||||||
|
imports = [./hosts/pre-router/configuration.nix];
|
||||||
|
deployment.targetHost = "lightbuffet.entr0py.cloud";
|
||||||
|
deployment.keys = {
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -1,40 +0,0 @@
|
|||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ # Include the results of the hardware scan.
|
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
networking.hostName = "nixdeploy";
|
|
||||||
|
|
||||||
networking.useNetworkd = true;
|
|
||||||
systemd.network = {
|
|
||||||
links."10-eth0" = {
|
|
||||||
matchConfig.MACAddress = "5e:1b:ed:a2:91:d1";
|
|
||||||
linkConfig.Name = "eth0";
|
|
||||||
};
|
|
||||||
networks."10-eth0" = {
|
|
||||||
matchConfig = {
|
|
||||||
Name = "eth0";
|
|
||||||
};
|
|
||||||
DHCP = "yes";
|
|
||||||
address = [ "2a01:4f8:1c0c:8221:1337:42:10:1/64" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [ colmena ];
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "22.05"; # Did you read the comment?
|
|
||||||
|
|
||||||
}
|
|
@ -1,37 +0,0 @@
|
|||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "/dev/disk/by-uuid/ab8ef984-07ee-47a4-a92d-59f57aee1018";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/disk/by-uuid/73F5-5E82";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
|
||||||
# still possible to use this option, but it's recommended to use it in conjunction
|
|
||||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
|
||||||
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
|
||||||
|
|
@ -9,7 +9,7 @@
|
|||||||
./dns.nix
|
./dns.nix
|
||||||
./ipv6.nix
|
./ipv6.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
@ -17,12 +17,94 @@
|
|||||||
|
|
||||||
networking.hostName = "pre-router"; # Define your hostname.
|
networking.hostName = "pre-router"; # Define your hostname.
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
# replicates the default behaviour.
|
# replicates the default behaviour.
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
#networking.interfaces.ens18.useDHCP = false;
|
#networking.interfaces.ens18.useDHCP = false;
|
||||||
#networking.interfaces.ens19.useDHCP = false;
|
#networking.interfaces.ens19.useDHCP = false;
|
||||||
|
networking.firewall.allowedTCPPorts = [ 19999 ];
|
||||||
|
services.netdata.enable = true;
|
||||||
|
|
||||||
|
# Select internationalisation properties.
|
||||||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
console = {
|
||||||
|
font = "Lat2-Terminus16";
|
||||||
|
keyMap = "de-latin1";
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
users.users.garionion = {
|
||||||
|
isNormalUser = true;
|
||||||
|
shell = pkgs.zsh;
|
||||||
|
packages = with pkgs; [
|
||||||
|
wget vim screen mtr iperf
|
||||||
|
htop dstat dnsutils nettools tcpdump
|
||||||
|
git bat starship direnv
|
||||||
|
];
|
||||||
|
hashedPassword = "$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80";
|
||||||
|
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||||
|
openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin"];
|
||||||
|
};
|
||||||
|
programs.zsh = {
|
||||||
|
enable = true;
|
||||||
|
histSize = 10000;
|
||||||
|
autosuggestions.enable = true;
|
||||||
|
enableBashCompletion = true;
|
||||||
|
syntaxHighlighting.enable = true;
|
||||||
|
promptInit = ''
|
||||||
|
source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-''$VENDOR-''$OSTYPE}
|
||||||
|
[[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char
|
||||||
|
[[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char
|
||||||
|
bindkey "''${key[Up]}" up-line-or-search
|
||||||
|
bindkey "''${key[Home]}" beginning-of-line
|
||||||
|
bindkey "''${key[End]}" end-of-line
|
||||||
|
bindkey "''${key[Delete]}" delete-char
|
||||||
|
function command_not_found_handler() { command-not-found $1 }
|
||||||
|
alias cat='bat'
|
||||||
|
eval "$(direnv hook zsh)"
|
||||||
|
eval "$(starship init zsh)"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
programs.starship = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
# add_newline = false;
|
||||||
|
# character = {
|
||||||
|
# success_symbol = "[➜](bold green)";
|
||||||
|
# error_symbol = "[➜](bold red)";
|
||||||
|
# };
|
||||||
|
# package.disabled = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.mtr.enable = true;
|
||||||
|
nix.settings = {
|
||||||
|
trusted-users = [ "@wheel" ];
|
||||||
|
auto-optimise-store = true;
|
||||||
|
};
|
||||||
|
nix.gc = {
|
||||||
|
automatic = true;
|
||||||
|
dates = "weekly";
|
||||||
|
options = "--delete-older-than 14d";
|
||||||
|
};
|
||||||
|
nix.extraOptions = ''
|
||||||
|
min-free = ${toString (100 * 1024 * 1024)}
|
||||||
|
max-free = ${toString (1024 * 1024 * 1024)}
|
||||||
|
'';
|
||||||
|
|
||||||
|
# List services that you want to enable:
|
||||||
|
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
passwordAuthentication = false;
|
||||||
|
kbdInteractiveAuthentication = false;
|
||||||
|
permitRootLogin = "yes";
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
@ -32,4 +114,4 @@
|
|||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "21.11"; # Did you read the comment?
|
system.stateVersion = "21.11"; # Did you read the comment?
|
||||||
|
|
||||||
}
|
}
|
@ -1,38 +0,0 @@
|
|||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ # Include the results of the hardware scan.
|
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
# Use the GRUB 2 boot loader.
|
|
||||||
boot.loader.grub.enable = true;
|
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.device = "/dev/sda";
|
|
||||||
|
|
||||||
networking.hostName = "pre-yate-n0emis";
|
|
||||||
|
|
||||||
networking.useNetworkd = true;
|
|
||||||
systemd.network = {
|
|
||||||
links."10-eth0" = {
|
|
||||||
matchConfig.MACAddress = "4a:a6:0d:b9:3b:82";
|
|
||||||
linkConfig.Name = "eth0";
|
|
||||||
};
|
|
||||||
networks."10-eth0" = {
|
|
||||||
matchConfig = {
|
|
||||||
Name = "eth0";
|
|
||||||
};
|
|
||||||
DHCP = "yes";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "22.05"; # Did you read the comment?
|
|
||||||
|
|
||||||
}
|
|
@ -1,31 +0,0 @@
|
|||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "/dev/disk/by-uuid/d3e87ae2-fb17-44f0-b113-14b185a2c845";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
|
||||||
# still possible to use this option, but it's recommended to use it in conjunction
|
|
||||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
|
||||||
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
|
@ -1,7 +0,0 @@
|
|||||||
{ ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./yate
|
|
||||||
];
|
|
||||||
}
|
|
@ -1,61 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
let cfg = config.services.yate;
|
|
||||||
in {
|
|
||||||
options = {
|
|
||||||
services.yate = {
|
|
||||||
enable = mkEnableOption "yate";
|
|
||||||
config = mkOption {
|
|
||||||
type = with types; attrsOf anything;
|
|
||||||
default = { };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
config = let
|
|
||||||
mkCfgFile = name: config:
|
|
||||||
let
|
|
||||||
content =
|
|
||||||
if (isString config) then config else generators.toINI { } config;
|
|
||||||
in { "yate/${name}.conf".text = content; };
|
|
||||||
environmentFiles = mkMerge
|
|
||||||
(map (key: mkCfgFile key (getAttr key cfg.config))
|
|
||||||
(attrNames cfg.config));
|
|
||||||
in mkIf cfg.enable {
|
|
||||||
environment.etc = environmentFiles;
|
|
||||||
systemd.services.yate = {
|
|
||||||
description = "YATE Telephony Server";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "network-online.target" "postgresql.service" ];
|
|
||||||
|
|
||||||
environment = { PWLIB_ASSERT_ACTION = "C"; };
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "forking";
|
|
||||||
ExecStart =
|
|
||||||
"${pkgs.yate}/bin/yate -d -p /run/yate/yate.pid -c /etc/yate -F -s -q -DF -r -l /var/lib/yate/yate.log";
|
|
||||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
|
||||||
User = "yate";
|
|
||||||
Group = "yate";
|
|
||||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
|
||||||
RuntimeDirectory = "yate";
|
|
||||||
RuntimeDirectoryMode = "0755";
|
|
||||||
StateDirectory = "yate";
|
|
||||||
StateDirectoryMode = "0700";
|
|
||||||
PIDFile = "/run/yate/yate.pid";
|
|
||||||
TimeoutSec = 30;
|
|
||||||
};
|
|
||||||
|
|
||||||
reloadTriggers =
|
|
||||||
map (name: config.environment.etc."yate/${name}.conf".source)
|
|
||||||
(attrNames cfg.config);
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.yate = {
|
|
||||||
isSystemUser = true;
|
|
||||||
group = "yate";
|
|
||||||
};
|
|
||||||
users.groups.yate = { };
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,18 +0,0 @@
|
|||||||
self: super: {
|
|
||||||
freeradius = super.freeradius.override {
|
|
||||||
withJson = true;
|
|
||||||
withRest = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
python3 = let packageOverrides = final: prev: import ./python final prev;
|
|
||||||
in super.python3.override { inherit packageOverrides; };
|
|
||||||
|
|
||||||
yate = super.yate.overrideAttrs (old: {
|
|
||||||
configureFlags =
|
|
||||||
[ "--with-libpq=${self.postgresql.withPackages (ps: [ ])}" ];
|
|
||||||
});
|
|
||||||
|
|
||||||
t38modem = self.callPackage ./t38modem.nix { };
|
|
||||||
ptlib = self.callPackage ./ptlib.nix { };
|
|
||||||
opal = self.callPackage ./opal.nix { };
|
|
||||||
}
|
|
@ -1,19 +0,0 @@
|
|||||||
{ stdenv, fetchurl, pkg-config, ptlib, openssl, libopus, spandsp }:
|
|
||||||
|
|
||||||
let
|
|
||||||
pname = "opal";
|
|
||||||
version = "3.18.6";
|
|
||||||
hash = "sha256-L/0784mYza2p866Fal5pvvQ4IJjC9b5VSFwQ89jSYUw=";
|
|
||||||
|
|
||||||
in stdenv.mkDerivation {
|
|
||||||
inherit pname version;
|
|
||||||
|
|
||||||
src = fetchurl {
|
|
||||||
url =
|
|
||||||
"mirror://sourceforge/project/opalvoip/v3.18%20Cygni/Stable%206/opal-${version}.tar.bz2";
|
|
||||||
inherit hash;
|
|
||||||
};
|
|
||||||
|
|
||||||
buildInputs = [ pkg-config ];
|
|
||||||
nativeBuildInputs = [ ptlib openssl libopus spandsp ];
|
|
||||||
}
|
|
@ -1,43 +0,0 @@
|
|||||||
diff --git a/src/ptlib/unix/channel.cxx b/src/ptlib/unix/channel.cxx
|
|
||||||
index 2935644..80c8d09 100644
|
|
||||||
--- a/src/ptlib/unix/channel.cxx
|
|
||||||
+++ b/src/ptlib/unix/channel.cxx
|
|
||||||
@@ -34,6 +34,7 @@
|
|
||||||
#pragma implementation "channel.h"
|
|
||||||
#pragma implementation "indchan.h"
|
|
||||||
|
|
||||||
+#include <sys/uio.h>
|
|
||||||
#include <ptlib.h>
|
|
||||||
#include <sys/ioctl.h>
|
|
||||||
|
|
||||||
diff --git a/src/ptlib/unix/svcproc.cxx b/src/ptlib/unix/svcproc.cxx
|
|
||||||
index 4f21025..2c957ef 100644
|
|
||||||
--- a/src/ptlib/unix/svcproc.cxx
|
|
||||||
+++ b/src/ptlib/unix/svcproc.cxx
|
|
||||||
@@ -217,7 +217,7 @@ int PServiceProcess::InitialiseService()
|
|
||||||
pid_t pid;
|
|
||||||
|
|
||||||
{
|
|
||||||
- ifstream pidfile(pidfilename);
|
|
||||||
+ ifstream pidfile((const char *)pidfilename);
|
|
||||||
if (!pidfile.is_open()) {
|
|
||||||
cout << "Could not open pid file: \"" << pidfilename << "\""
|
|
||||||
" - " << strerror(errno) << endl;
|
|
||||||
@@ -384,7 +384,7 @@ int PServiceProcess::InitialiseService()
|
|
||||||
// Run as a daemon, ie fork
|
|
||||||
|
|
||||||
if (!pidfilename) {
|
|
||||||
- ifstream pidfile(pidfilename);
|
|
||||||
+ ifstream pidfile((const char *)pidfilename);
|
|
||||||
if (pidfile.is_open()) {
|
|
||||||
pid_t pid;
|
|
||||||
pidfile >> pid;
|
|
||||||
@@ -412,7 +412,7 @@ int PServiceProcess::InitialiseService()
|
|
||||||
cout << "Daemon started with pid " << pid << endl;
|
|
||||||
if (!pidfilename) {
|
|
||||||
// Write out the child pid to magic file in /var/run (at least for linux)
|
|
||||||
- ofstream pidfile(pidfilename);
|
|
||||||
+ ofstream pidfile((const char *)pidfilename);
|
|
||||||
if (pidfile.is_open())
|
|
||||||
pidfile << pid;
|
|
||||||
else
|
|
@ -1,26 +0,0 @@
|
|||||||
{ stdenv, fetchurl, pkg-config, flex, bison }:
|
|
||||||
|
|
||||||
let
|
|
||||||
pname = "ptlib";
|
|
||||||
version = "2.18.6";
|
|
||||||
hash = "sha256-31HndbsCS73uU0yvJW7/YA7s56+9V2itafuLPqllE2Y=";
|
|
||||||
|
|
||||||
in stdenv.mkDerivation {
|
|
||||||
inherit pname version;
|
|
||||||
|
|
||||||
src = fetchurl {
|
|
||||||
url =
|
|
||||||
"mirror://sourceforge/project/opalvoip/v3.18%20Cygni/Stable%206/ptlib-${version}.tar.bz2";
|
|
||||||
inherit hash;
|
|
||||||
};
|
|
||||||
|
|
||||||
#patches = [
|
|
||||||
# ./ptlib-pidfile.patch
|
|
||||||
#];
|
|
||||||
|
|
||||||
buildInputs = [ pkg-config ];
|
|
||||||
nativeBuildInputs = [ flex bison ];
|
|
||||||
|
|
||||||
#NIX_CFLAGS_COMPILE = [ "-fpermissive" ];
|
|
||||||
#CXXFLAGS = "-std=gnu++98";
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
self: super: {
|
|
||||||
python-yate = self.callPackage ./python-yate { };
|
|
||||||
ywsd = self.callPackage ./ywsd { };
|
|
||||||
}
|
|
@ -1,15 +0,0 @@
|
|||||||
{ lib, buildPythonPackage, fetchPypi, async-timeout }:
|
|
||||||
|
|
||||||
buildPythonPackage rec {
|
|
||||||
pname = "python-yate";
|
|
||||||
version = "0.3.1";
|
|
||||||
|
|
||||||
src = fetchPypi {
|
|
||||||
inherit pname version;
|
|
||||||
sha256 = "5e806802dc47a35c855b60cd459a2c98fb0109c7fc099f3e9f83a1a38abf9f90";
|
|
||||||
};
|
|
||||||
|
|
||||||
propagatedBuildInputs = [ async-timeout ];
|
|
||||||
|
|
||||||
pythonImportsCheck = [ "yate" ];
|
|
||||||
}
|
|
@ -1,14 +0,0 @@
|
|||||||
diff --git a/ywsd/objects.py b/ywsd/objects.py
|
|
||||||
index 4ce29fb..a535e76 100644
|
|
||||||
--- a/ywsd/objects.py
|
|
||||||
+++ b/ywsd/objects.py
|
|
||||||
@@ -178,7 +178,8 @@ class ActiveCall:
|
|
||||||
async def is_active_call(cls, username, x_eventphone_id, db_connection):
|
|
||||||
return (
|
|
||||||
await db_connection.scalar(
|
|
||||||
- cls.table.count()
|
|
||||||
+ sa.select(sa.func.count('*'))
|
|
||||||
+ .select_from(cls.table)
|
|
||||||
.where(cls.table.c.username == username)
|
|
||||||
.where(cls.table.c.x_eventphone_id == x_eventphone_id)
|
|
||||||
)
|
|
@ -1,20 +0,0 @@
|
|||||||
{ lib, buildPythonApplication, fetchFromGitHub, aiopg, aiohttp, python-yate
|
|
||||||
, pyyaml, sqlalchemy }:
|
|
||||||
|
|
||||||
buildPythonApplication rec {
|
|
||||||
pname = "ywsd";
|
|
||||||
version = "0.11.0";
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "eventphone";
|
|
||||||
repo = pname;
|
|
||||||
rev = "v${version}";
|
|
||||||
sha256 = "sha256-9DloJSKR3Ck4Bsc0ICcAAD6LHIMeOHTe2rCx6nPINT4=";
|
|
||||||
};
|
|
||||||
|
|
||||||
patches = [ ./count.patch ];
|
|
||||||
|
|
||||||
propagatedBuildInputs = [ aiopg aiohttp python-yate pyyaml sqlalchemy ];
|
|
||||||
|
|
||||||
doCheck = false;
|
|
||||||
}
|
|
@ -1,33 +0,0 @@
|
|||||||
{ stdenv, fetchFromGitHub, pkg-config, opal, ptlib }:
|
|
||||||
|
|
||||||
let
|
|
||||||
pname = "t38modem";
|
|
||||||
version = "4.6.0";
|
|
||||||
hash = "sha256-631xF1Q9Nd0sMBEHtqgqn1SEUEZweneqLJMNVEO2DJo=";
|
|
||||||
|
|
||||||
in stdenv.mkDerivation {
|
|
||||||
inherit pname version;
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "T38modem";
|
|
||||||
repo = pname;
|
|
||||||
rev = "v${version}";
|
|
||||||
inherit hash;
|
|
||||||
};
|
|
||||||
|
|
||||||
buildInputs = [ pkg-config ];
|
|
||||||
|
|
||||||
nativeBuildInputs = [ ptlib opal ];
|
|
||||||
|
|
||||||
buildFlags = [
|
|
||||||
"PTLIBDIR=${ptlib}/share/ptlib"
|
|
||||||
"USE_OPAL=1"
|
|
||||||
"OPALDIR=${opal}/share/opal"
|
|
||||||
];
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out/bin
|
|
||||||
cp t38modem $out/bin
|
|
||||||
'';
|
|
||||||
|
|
||||||
NIX_CFLAGS_COMPILE = [ "-Wno-narrowing" ];
|
|
||||||
}
|
|
@ -1,8 +0,0 @@
|
|||||||
{ ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./garionion
|
|
||||||
./n0emis
|
|
||||||
];
|
|
||||||
}
|
|
@ -1,21 +1,15 @@
|
|||||||
{ config, pkgs, ... }: {
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
users.users.garionion = {
|
users.users.garionion = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
iperf
|
wget vim screen mtr iperf
|
||||||
htop
|
htop dstat dnsutils nettools tcpdump
|
||||||
dstat
|
git bat starship direnv
|
||||||
dnsutils
|
];
|
||||||
nettools
|
hashedPassword = "$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80";
|
||||||
tcpdump
|
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||||
git
|
openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin"];
|
||||||
];
|
};
|
||||||
hashedPassword =
|
}
|
||||||
"$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80";
|
|
||||||
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,16 +0,0 @@
|
|||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
users.users.n0emis = {
|
|
||||||
isNormalUser = true;
|
|
||||||
shell = pkgs.zsh;
|
|
||||||
packages = with pkgs; [ htop dnsutils nettools tcpdump git jq tree ];
|
|
||||||
hashedPassword =
|
|
||||||
"$6$ZvdWexF9y28IrjyW$lxz27/eFjDZWUPY7Lox0aDXO0.TgMBzygZqNSp1HU7itaMI0KbtAOX2H3uZ9hlEo21z.K.JEE.V/b.HpmN.4y1";
|
|
||||||
extraGroups = [ "wheel" ];
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcOPtW5FWNIdlMQFoqeyA1vHw+cA8ft8oXSbXPzQNL9 n0emis@n0emis.eu"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== n0emis@noemis.me (OLD)"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user