Compare commits
2 Commits
b9a581c63f
...
01560fbcad
Author | SHA1 | Date | |
---|---|---|---|
|
01560fbcad | ||
|
97ebfe5ad2 |
17
README.md
17
README.md
@ -1 +1,18 @@
|
||||
# VCP Bundeslager 2022 Nixfiles
|
||||
|
||||
## How to deploy
|
||||
```
|
||||
./deploy.sh apply switch --on vpn7
|
||||
```
|
||||
|
||||
or to deploy all gateways:
|
||||
|
||||
```
|
||||
./deploy.sh apply switch --on gateway
|
||||
```
|
||||
|
||||
There is a special case for the nixdeploy-host:
|
||||
```
|
||||
./deploy.sh apply-local switch --sudo --node nixdeploy
|
||||
```
|
||||
|
||||
|
@ -1,64 +0,0 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ #
|
||||
];
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
networking.useDHCP = false;
|
||||
networking.firewall.allowedTCPPorts = [ 19999 ];
|
||||
services.netdata.enable = true;
|
||||
|
||||
# Select internationalisation properties.
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
console = {
|
||||
font = "Lat2-Terminus16";
|
||||
keyMap = "de-latin1";
|
||||
};
|
||||
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
histSize = 10000;
|
||||
autosuggestions.enable = true;
|
||||
enableBashCompletion = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
promptInit = ''
|
||||
source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-''$VENDOR-''$OSTYPE}
|
||||
[[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char
|
||||
[[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char
|
||||
bindkey "''${key[Up]}" up-line-or-search
|
||||
bindkey "''${key[Home]}" beginning-of-line
|
||||
bindkey "''${key[End]}" end-of-line
|
||||
bindkey "''${key[Delete]}" delete-char
|
||||
function command_not_found_handler() { command-not-found $1 }
|
||||
alias cat='bat'
|
||||
eval "$(direnv hook zsh)"
|
||||
eval "$(starship init zsh)"
|
||||
'';
|
||||
};
|
||||
programs.starship.enable = true;
|
||||
|
||||
programs.mtr.enable = true;
|
||||
nix.settings = {
|
||||
trusted-users = [ "@wheel" ];
|
||||
auto-optimise-store = true;
|
||||
};
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 14d";
|
||||
};
|
||||
nix.extraOptions = ''
|
||||
min-free = ${toString (100 * 1024 * 1024)}
|
||||
max-free = ${toString (1024 * 1024 * 1024)}
|
||||
'';
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
passwordAuthentication = false;
|
||||
kbdInteractiveAuthentication = false;
|
||||
permitRootLogin = "yes";
|
||||
};
|
||||
}
|
76
common/default.nix
Normal file
76
common/default.nix
Normal file
@ -0,0 +1,76 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [ ../users ];
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
# networking.useDHCP = false; TODO: why was this globally disabled?
|
||||
networking.firewall.allowedTCPPorts = [ 19999 ];
|
||||
services.netdata.enable = true;
|
||||
|
||||
# Select internationalisation properties.
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
console = {
|
||||
font = "Lat2-Terminus16";
|
||||
keyMap = "de-latin1";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
vim
|
||||
tmux
|
||||
screen
|
||||
mtr
|
||||
tcpdump
|
||||
bat
|
||||
direnv
|
||||
starship
|
||||
];
|
||||
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
histSize = 10000;
|
||||
autosuggestions.enable = true;
|
||||
enableBashCompletion = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
promptInit = ''
|
||||
source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-$VENDOR-$OSTYPE}
|
||||
[[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char
|
||||
[[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char
|
||||
bindkey "''${key[Up]}" up-line-or-search
|
||||
bindkey "''${key[Home]}" beginning-of-line
|
||||
bindkey "''${key[End]}" end-of-line
|
||||
bindkey "''${key[Delete]}" delete-char
|
||||
function command_not_found_handler() { command-not-found $1 }
|
||||
alias cat='bat'
|
||||
eval "$(direnv hook zsh)"
|
||||
eval "$(starship init zsh)"
|
||||
'';
|
||||
};
|
||||
programs.starship.enable = true;
|
||||
|
||||
programs.mtr.enable = true;
|
||||
nix.settings = {
|
||||
trusted-users = [ "@wheel" ];
|
||||
auto-optimise-store = true;
|
||||
};
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 14d";
|
||||
};
|
||||
nix.extraOptions = ''
|
||||
min-free = ${toString (100 * 1024 * 1024)}
|
||||
max-free = ${toString (1024 * 1024 * 1024)}
|
||||
'';
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
passwordAuthentication = false;
|
||||
kbdInteractiveAuthentication = false;
|
||||
permitRootLogin = "yes";
|
||||
};
|
||||
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
}
|
6
deploy.sh
Executable file
6
deploy.sh
Executable file
@ -0,0 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
DEPLOY_HOST="nixdeploy.bula22.de"
|
||||
|
||||
rsync -r . ${DEPLOY_HOST}:bula-nixfiles/
|
||||
ssh -tA ${DEPLOY_HOST} "cd bula-nixfiles && colmena $@"
|
27
flake.lock
Normal file
27
flake.lock
Normal file
@ -0,0 +1,27 @@
|
||||
{
|
||||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1657114324,
|
||||
"narHash": "sha256-fWuaUNXrHcz/ciHRHlcSO92dvV3EVS0GJQUSBO5JIB4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a5c867d9fe9e4380452628e8f171c26b69fa9d3d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
60
flake.nix
60
flake.nix
@ -1,25 +1,41 @@
|
||||
{
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
};
|
||||
outputs = { nixpkgs, ... }: {
|
||||
colmena = {
|
||||
|
||||
meta = {
|
||||
nixpkgs = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
pre-router = { config, pkgs, ... }:{
|
||||
imports = [./hosts/pre-router/configuration.nix];
|
||||
deployment.targetHost = "lightbuffet.entr0py.cloud";
|
||||
deployment.keys = {
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
};
|
||||
outputs = { nixpkgs, ... }: {
|
||||
colmena = {
|
||||
meta = {
|
||||
nixpkgs = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
overlays = [ (final: prev: import ./packages final prev) ];
|
||||
};
|
||||
};
|
||||
|
||||
defaults = { config, lib, name, ... }: {
|
||||
imports = [
|
||||
(./. + "/hosts/${name}/configuration.nix")
|
||||
./modules
|
||||
./common
|
||||
];
|
||||
|
||||
deployment.targetUser = null;
|
||||
};
|
||||
|
||||
nixdeploy = {...}: {
|
||||
deployment.targetHost = "nixdeploy.bula22.de";
|
||||
deployment.allowLocalDeployment = true;
|
||||
};
|
||||
|
||||
pre-router = { config, pkgs, ... }: {
|
||||
deployment.targetHost = "lightbuffet.entr0py.cloud";
|
||||
deployment.keys = {
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
pre-yate-n0emis = { config, pkgs, ... }: {
|
||||
deployment.targetHost = "2001:470:7694::5e5";
|
||||
};
|
||||
};
|
||||
}
|
||||
};
|
||||
}
|
||||
|
40
hosts/nixdeploy/configuration.nix
Normal file
40
hosts/nixdeploy/configuration.nix
Normal file
@ -0,0 +1,40 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostName = "nixdeploy";
|
||||
|
||||
networking.useNetworkd = true;
|
||||
systemd.network = {
|
||||
links."10-eth0" = {
|
||||
matchConfig.MACAddress = "5e:1b:ed:a2:91:d1";
|
||||
linkConfig.Name = "eth0";
|
||||
};
|
||||
networks."10-eth0" = {
|
||||
matchConfig = {
|
||||
Name = "eth0";
|
||||
};
|
||||
DHCP = "yes";
|
||||
address = [ "2a01:4f8:1c0c:8221:1337:42:10:1/64" ];
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [ colmena ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "22.05"; # Did you read the comment?
|
||||
|
||||
}
|
37
hosts/nixdeploy/hardware-configuration.nix
Normal file
37
hosts/nixdeploy/hardware-configuration.nix
Normal file
@ -0,0 +1,37 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/ab8ef984-07ee-47a4-a92d-59f57aee1018";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/73F5-5E82";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
@ -9,7 +9,7 @@
|
||||
./dns.nix
|
||||
./ipv6.nix
|
||||
./nginx.nix
|
||||
];
|
||||
];
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
@ -17,94 +17,12 @@
|
||||
|
||||
networking.hostName = "pre-router"; # Define your hostname.
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||
# replicates the default behaviour.
|
||||
networking.useDHCP = false;
|
||||
#networking.interfaces.ens18.useDHCP = false;
|
||||
#networking.interfaces.ens19.useDHCP = false;
|
||||
networking.firewall.allowedTCPPorts = [ 19999 ];
|
||||
services.netdata.enable = true;
|
||||
|
||||
# Select internationalisation properties.
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
console = {
|
||||
font = "Lat2-Terminus16";
|
||||
keyMap = "de-latin1";
|
||||
};
|
||||
|
||||
|
||||
users.users.garionion = {
|
||||
isNormalUser = true;
|
||||
shell = pkgs.zsh;
|
||||
packages = with pkgs; [
|
||||
wget vim screen mtr iperf
|
||||
htop dstat dnsutils nettools tcpdump
|
||||
git bat starship direnv
|
||||
];
|
||||
hashedPassword = "$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80";
|
||||
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||
openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin"];
|
||||
};
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
histSize = 10000;
|
||||
autosuggestions.enable = true;
|
||||
enableBashCompletion = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
promptInit = ''
|
||||
source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-''$VENDOR-''$OSTYPE}
|
||||
[[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char
|
||||
[[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char
|
||||
bindkey "''${key[Up]}" up-line-or-search
|
||||
bindkey "''${key[Home]}" beginning-of-line
|
||||
bindkey "''${key[End]}" end-of-line
|
||||
bindkey "''${key[Delete]}" delete-char
|
||||
function command_not_found_handler() { command-not-found $1 }
|
||||
alias cat='bat'
|
||||
eval "$(direnv hook zsh)"
|
||||
eval "$(starship init zsh)"
|
||||
'';
|
||||
};
|
||||
programs.starship = {
|
||||
enable = true;
|
||||
settings = {
|
||||
# add_newline = false;
|
||||
# character = {
|
||||
# success_symbol = "[➜](bold green)";
|
||||
# error_symbol = "[➜](bold red)";
|
||||
# };
|
||||
# package.disabled = true;
|
||||
};
|
||||
};
|
||||
|
||||
programs.mtr.enable = true;
|
||||
nix.settings = {
|
||||
trusted-users = [ "@wheel" ];
|
||||
auto-optimise-store = true;
|
||||
};
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 14d";
|
||||
};
|
||||
nix.extraOptions = ''
|
||||
min-free = ${toString (100 * 1024 * 1024)}
|
||||
max-free = ${toString (1024 * 1024 * 1024)}
|
||||
'';
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
passwordAuthentication = false;
|
||||
kbdInteractiveAuthentication = false;
|
||||
permitRootLogin = "yes";
|
||||
};
|
||||
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
@ -114,4 +32,4 @@
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "21.11"; # Did you read the comment?
|
||||
|
||||
}
|
||||
}
|
||||
|
38
hosts/pre-yate-n0emis/configuration.nix
Normal file
38
hosts/pre-yate-n0emis/configuration.nix
Normal file
@ -0,0 +1,38 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
# Use the GRUB 2 boot loader.
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
|
||||
networking.hostName = "pre-yate-n0emis";
|
||||
|
||||
networking.useNetworkd = true;
|
||||
systemd.network = {
|
||||
links."10-eth0" = {
|
||||
matchConfig.MACAddress = "4a:a6:0d:b9:3b:82";
|
||||
linkConfig.Name = "eth0";
|
||||
};
|
||||
networks."10-eth0" = {
|
||||
matchConfig = {
|
||||
Name = "eth0";
|
||||
};
|
||||
DHCP = "yes";
|
||||
};
|
||||
};
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "22.05"; # Did you read the comment?
|
||||
|
||||
}
|
31
hosts/pre-yate-n0emis/hardware-configuration.nix
Normal file
31
hosts/pre-yate-n0emis/hardware-configuration.nix
Normal file
@ -0,0 +1,31 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/d3e87ae2-fb17-44f0-b113-14b185a2c845";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
7
modules/default.nix
Normal file
7
modules/default.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./yate
|
||||
];
|
||||
}
|
61
modules/yate/default.nix
Normal file
61
modules/yate/default.nix
Normal file
@ -0,0 +1,61 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let cfg = config.services.yate;
|
||||
in {
|
||||
options = {
|
||||
services.yate = {
|
||||
enable = mkEnableOption "yate";
|
||||
config = mkOption {
|
||||
type = with types; attrsOf anything;
|
||||
default = { };
|
||||
};
|
||||
};
|
||||
};
|
||||
config = let
|
||||
mkCfgFile = name: config:
|
||||
let
|
||||
content =
|
||||
if (isString config) then config else generators.toINI { } config;
|
||||
in { "yate/${name}.conf".text = content; };
|
||||
environmentFiles = mkMerge
|
||||
(map (key: mkCfgFile key (getAttr key cfg.config))
|
||||
(attrNames cfg.config));
|
||||
in mkIf cfg.enable {
|
||||
environment.etc = environmentFiles;
|
||||
systemd.services.yate = {
|
||||
description = "YATE Telephony Server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-online.target" "postgresql.service" ];
|
||||
|
||||
environment = { PWLIB_ASSERT_ACTION = "C"; };
|
||||
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
ExecStart =
|
||||
"${pkgs.yate}/bin/yate -d -p /run/yate/yate.pid -c /etc/yate -F -s -q -DF -r -l /var/lib/yate/yate.log";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
User = "yate";
|
||||
Group = "yate";
|
||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
RuntimeDirectory = "yate";
|
||||
RuntimeDirectoryMode = "0755";
|
||||
StateDirectory = "yate";
|
||||
StateDirectoryMode = "0700";
|
||||
PIDFile = "/run/yate/yate.pid";
|
||||
TimeoutSec = 30;
|
||||
};
|
||||
|
||||
reloadTriggers =
|
||||
map (name: config.environment.etc."yate/${name}.conf".source)
|
||||
(attrNames cfg.config);
|
||||
};
|
||||
|
||||
users.users.yate = {
|
||||
isSystemUser = true;
|
||||
group = "yate";
|
||||
};
|
||||
users.groups.yate = { };
|
||||
};
|
||||
}
|
18
packages/default.nix
Normal file
18
packages/default.nix
Normal file
@ -0,0 +1,18 @@
|
||||
self: super: {
|
||||
freeradius = super.freeradius.override {
|
||||
withJson = true;
|
||||
withRest = true;
|
||||
};
|
||||
|
||||
python3 = let packageOverrides = final: prev: import ./python final prev;
|
||||
in super.python3.override { inherit packageOverrides; };
|
||||
|
||||
yate = super.yate.overrideAttrs (old: {
|
||||
configureFlags =
|
||||
[ "--with-libpq=${self.postgresql.withPackages (ps: [ ])}" ];
|
||||
});
|
||||
|
||||
t38modem = self.callPackage ./t38modem.nix { };
|
||||
ptlib = self.callPackage ./ptlib.nix { };
|
||||
opal = self.callPackage ./opal.nix { };
|
||||
}
|
19
packages/opal.nix
Normal file
19
packages/opal.nix
Normal file
@ -0,0 +1,19 @@
|
||||
{ stdenv, fetchurl, pkg-config, ptlib, openssl, libopus, spandsp }:
|
||||
|
||||
let
|
||||
pname = "opal";
|
||||
version = "3.18.6";
|
||||
hash = "sha256-L/0784mYza2p866Fal5pvvQ4IJjC9b5VSFwQ89jSYUw=";
|
||||
|
||||
in stdenv.mkDerivation {
|
||||
inherit pname version;
|
||||
|
||||
src = fetchurl {
|
||||
url =
|
||||
"mirror://sourceforge/project/opalvoip/v3.18%20Cygni/Stable%206/opal-${version}.tar.bz2";
|
||||
inherit hash;
|
||||
};
|
||||
|
||||
buildInputs = [ pkg-config ];
|
||||
nativeBuildInputs = [ ptlib openssl libopus spandsp ];
|
||||
}
|
43
packages/ptlib-pidfile.patch
Normal file
43
packages/ptlib-pidfile.patch
Normal file
@ -0,0 +1,43 @@
|
||||
diff --git a/src/ptlib/unix/channel.cxx b/src/ptlib/unix/channel.cxx
|
||||
index 2935644..80c8d09 100644
|
||||
--- a/src/ptlib/unix/channel.cxx
|
||||
+++ b/src/ptlib/unix/channel.cxx
|
||||
@@ -34,6 +34,7 @@
|
||||
#pragma implementation "channel.h"
|
||||
#pragma implementation "indchan.h"
|
||||
|
||||
+#include <sys/uio.h>
|
||||
#include <ptlib.h>
|
||||
#include <sys/ioctl.h>
|
||||
|
||||
diff --git a/src/ptlib/unix/svcproc.cxx b/src/ptlib/unix/svcproc.cxx
|
||||
index 4f21025..2c957ef 100644
|
||||
--- a/src/ptlib/unix/svcproc.cxx
|
||||
+++ b/src/ptlib/unix/svcproc.cxx
|
||||
@@ -217,7 +217,7 @@ int PServiceProcess::InitialiseService()
|
||||
pid_t pid;
|
||||
|
||||
{
|
||||
- ifstream pidfile(pidfilename);
|
||||
+ ifstream pidfile((const char *)pidfilename);
|
||||
if (!pidfile.is_open()) {
|
||||
cout << "Could not open pid file: \"" << pidfilename << "\""
|
||||
" - " << strerror(errno) << endl;
|
||||
@@ -384,7 +384,7 @@ int PServiceProcess::InitialiseService()
|
||||
// Run as a daemon, ie fork
|
||||
|
||||
if (!pidfilename) {
|
||||
- ifstream pidfile(pidfilename);
|
||||
+ ifstream pidfile((const char *)pidfilename);
|
||||
if (pidfile.is_open()) {
|
||||
pid_t pid;
|
||||
pidfile >> pid;
|
||||
@@ -412,7 +412,7 @@ int PServiceProcess::InitialiseService()
|
||||
cout << "Daemon started with pid " << pid << endl;
|
||||
if (!pidfilename) {
|
||||
// Write out the child pid to magic file in /var/run (at least for linux)
|
||||
- ofstream pidfile(pidfilename);
|
||||
+ ofstream pidfile((const char *)pidfilename);
|
||||
if (pidfile.is_open())
|
||||
pidfile << pid;
|
||||
else
|
26
packages/ptlib.nix
Normal file
26
packages/ptlib.nix
Normal file
@ -0,0 +1,26 @@
|
||||
{ stdenv, fetchurl, pkg-config, flex, bison }:
|
||||
|
||||
let
|
||||
pname = "ptlib";
|
||||
version = "2.18.6";
|
||||
hash = "sha256-31HndbsCS73uU0yvJW7/YA7s56+9V2itafuLPqllE2Y=";
|
||||
|
||||
in stdenv.mkDerivation {
|
||||
inherit pname version;
|
||||
|
||||
src = fetchurl {
|
||||
url =
|
||||
"mirror://sourceforge/project/opalvoip/v3.18%20Cygni/Stable%206/ptlib-${version}.tar.bz2";
|
||||
inherit hash;
|
||||
};
|
||||
|
||||
#patches = [
|
||||
# ./ptlib-pidfile.patch
|
||||
#];
|
||||
|
||||
buildInputs = [ pkg-config ];
|
||||
nativeBuildInputs = [ flex bison ];
|
||||
|
||||
#NIX_CFLAGS_COMPILE = [ "-fpermissive" ];
|
||||
#CXXFLAGS = "-std=gnu++98";
|
||||
}
|
4
packages/python/default.nix
Normal file
4
packages/python/default.nix
Normal file
@ -0,0 +1,4 @@
|
||||
self: super: {
|
||||
python-yate = self.callPackage ./python-yate { };
|
||||
ywsd = self.callPackage ./ywsd { };
|
||||
}
|
15
packages/python/python-yate/default.nix
Normal file
15
packages/python/python-yate/default.nix
Normal file
@ -0,0 +1,15 @@
|
||||
{ lib, buildPythonPackage, fetchPypi, async-timeout }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "python-yate";
|
||||
version = "0.3.1";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "5e806802dc47a35c855b60cd459a2c98fb0109c7fc099f3e9f83a1a38abf9f90";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [ async-timeout ];
|
||||
|
||||
pythonImportsCheck = [ "yate" ];
|
||||
}
|
14
packages/python/ywsd/count.patch
Normal file
14
packages/python/ywsd/count.patch
Normal file
@ -0,0 +1,14 @@
|
||||
diff --git a/ywsd/objects.py b/ywsd/objects.py
|
||||
index 4ce29fb..a535e76 100644
|
||||
--- a/ywsd/objects.py
|
||||
+++ b/ywsd/objects.py
|
||||
@@ -178,7 +178,8 @@ class ActiveCall:
|
||||
async def is_active_call(cls, username, x_eventphone_id, db_connection):
|
||||
return (
|
||||
await db_connection.scalar(
|
||||
- cls.table.count()
|
||||
+ sa.select(sa.func.count('*'))
|
||||
+ .select_from(cls.table)
|
||||
.where(cls.table.c.username == username)
|
||||
.where(cls.table.c.x_eventphone_id == x_eventphone_id)
|
||||
)
|
20
packages/python/ywsd/default.nix
Normal file
20
packages/python/ywsd/default.nix
Normal file
@ -0,0 +1,20 @@
|
||||
{ lib, buildPythonApplication, fetchFromGitHub, aiopg, aiohttp, python-yate
|
||||
, pyyaml, sqlalchemy }:
|
||||
|
||||
buildPythonApplication rec {
|
||||
pname = "ywsd";
|
||||
version = "0.11.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "eventphone";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-9DloJSKR3Ck4Bsc0ICcAAD6LHIMeOHTe2rCx6nPINT4=";
|
||||
};
|
||||
|
||||
patches = [ ./count.patch ];
|
||||
|
||||
propagatedBuildInputs = [ aiopg aiohttp python-yate pyyaml sqlalchemy ];
|
||||
|
||||
doCheck = false;
|
||||
}
|
33
packages/t38modem.nix
Normal file
33
packages/t38modem.nix
Normal file
@ -0,0 +1,33 @@
|
||||
{ stdenv, fetchFromGitHub, pkg-config, opal, ptlib }:
|
||||
|
||||
let
|
||||
pname = "t38modem";
|
||||
version = "4.6.0";
|
||||
hash = "sha256-631xF1Q9Nd0sMBEHtqgqn1SEUEZweneqLJMNVEO2DJo=";
|
||||
|
||||
in stdenv.mkDerivation {
|
||||
inherit pname version;
|
||||
src = fetchFromGitHub {
|
||||
owner = "T38modem";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
inherit hash;
|
||||
};
|
||||
|
||||
buildInputs = [ pkg-config ];
|
||||
|
||||
nativeBuildInputs = [ ptlib opal ];
|
||||
|
||||
buildFlags = [
|
||||
"PTLIBDIR=${ptlib}/share/ptlib"
|
||||
"USE_OPAL=1"
|
||||
"OPALDIR=${opal}/share/opal"
|
||||
];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
cp t38modem $out/bin
|
||||
'';
|
||||
|
||||
NIX_CFLAGS_COMPILE = [ "-Wno-narrowing" ];
|
||||
}
|
8
users/default.nix
Normal file
8
users/default.nix
Normal file
@ -0,0 +1,8 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./garionion
|
||||
./n0emis
|
||||
];
|
||||
}
|
@ -1,15 +1,21 @@
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
{ config, pkgs, ... }: {
|
||||
users.users.garionion = {
|
||||
isNormalUser = true;
|
||||
shell = pkgs.zsh;
|
||||
packages = with pkgs; [
|
||||
wget vim screen mtr iperf
|
||||
htop dstat dnsutils nettools tcpdump
|
||||
git bat starship direnv
|
||||
];
|
||||
hashedPassword = "$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80";
|
||||
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||
openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin"];
|
||||
};
|
||||
}
|
||||
isNormalUser = true;
|
||||
shell = pkgs.zsh;
|
||||
packages = with pkgs; [
|
||||
iperf
|
||||
htop
|
||||
dstat
|
||||
dnsutils
|
||||
nettools
|
||||
tcpdump
|
||||
git
|
||||
];
|
||||
hashedPassword =
|
||||
"$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80";
|
||||
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
16
users/n0emis/default.nix
Normal file
16
users/n0emis/default.nix
Normal file
@ -0,0 +1,16 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
users.users.n0emis = {
|
||||
isNormalUser = true;
|
||||
shell = pkgs.zsh;
|
||||
packages = with pkgs; [ htop dnsutils nettools tcpdump git jq tree ];
|
||||
hashedPassword =
|
||||
"$6$ZvdWexF9y28IrjyW$lxz27/eFjDZWUPY7Lox0aDXO0.TgMBzygZqNSp1HU7itaMI0KbtAOX2H3uZ9hlEo21z.K.JEE.V/b.HpmN.4y1";
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcOPtW5FWNIdlMQFoqeyA1vHw+cA8ft8oXSbXPzQNL9 n0emis@n0emis.eu"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== n0emis@noemis.me (OLD)"
|
||||
];
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user