Compare commits
2 Commits
b9a581c63f
...
01560fbcad
Author | SHA1 | Date | |
---|---|---|---|
|
01560fbcad | ||
|
97ebfe5ad2 |
17
README.md
17
README.md
@ -1 +1,18 @@
|
|||||||
# VCP Bundeslager 2022 Nixfiles
|
# VCP Bundeslager 2022 Nixfiles
|
||||||
|
|
||||||
|
## How to deploy
|
||||||
|
```
|
||||||
|
./deploy.sh apply switch --on vpn7
|
||||||
|
```
|
||||||
|
|
||||||
|
or to deploy all gateways:
|
||||||
|
|
||||||
|
```
|
||||||
|
./deploy.sh apply switch --on gateway
|
||||||
|
```
|
||||||
|
|
||||||
|
There is a special case for the nixdeploy-host:
|
||||||
|
```
|
||||||
|
./deploy.sh apply-local switch --sudo --node nixdeploy
|
||||||
|
```
|
||||||
|
|
||||||
|
@ -1,64 +0,0 @@
|
|||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ #
|
|
||||||
];
|
|
||||||
|
|
||||||
# Set your time zone.
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
networking.useDHCP = false;
|
|
||||||
networking.firewall.allowedTCPPorts = [ 19999 ];
|
|
||||||
services.netdata.enable = true;
|
|
||||||
|
|
||||||
# Select internationalisation properties.
|
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
|
||||||
console = {
|
|
||||||
font = "Lat2-Terminus16";
|
|
||||||
keyMap = "de-latin1";
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.zsh = {
|
|
||||||
enable = true;
|
|
||||||
histSize = 10000;
|
|
||||||
autosuggestions.enable = true;
|
|
||||||
enableBashCompletion = true;
|
|
||||||
syntaxHighlighting.enable = true;
|
|
||||||
promptInit = ''
|
|
||||||
source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-''$VENDOR-''$OSTYPE}
|
|
||||||
[[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char
|
|
||||||
[[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char
|
|
||||||
bindkey "''${key[Up]}" up-line-or-search
|
|
||||||
bindkey "''${key[Home]}" beginning-of-line
|
|
||||||
bindkey "''${key[End]}" end-of-line
|
|
||||||
bindkey "''${key[Delete]}" delete-char
|
|
||||||
function command_not_found_handler() { command-not-found $1 }
|
|
||||||
alias cat='bat'
|
|
||||||
eval "$(direnv hook zsh)"
|
|
||||||
eval "$(starship init zsh)"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
programs.starship.enable = true;
|
|
||||||
|
|
||||||
programs.mtr.enable = true;
|
|
||||||
nix.settings = {
|
|
||||||
trusted-users = [ "@wheel" ];
|
|
||||||
auto-optimise-store = true;
|
|
||||||
};
|
|
||||||
nix.gc = {
|
|
||||||
automatic = true;
|
|
||||||
dates = "weekly";
|
|
||||||
options = "--delete-older-than 14d";
|
|
||||||
};
|
|
||||||
nix.extraOptions = ''
|
|
||||||
min-free = ${toString (100 * 1024 * 1024)}
|
|
||||||
max-free = ${toString (1024 * 1024 * 1024)}
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
passwordAuthentication = false;
|
|
||||||
kbdInteractiveAuthentication = false;
|
|
||||||
permitRootLogin = "yes";
|
|
||||||
};
|
|
||||||
}
|
|
76
common/default.nix
Normal file
76
common/default.nix
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ ../users ];
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
# networking.useDHCP = false; TODO: why was this globally disabled?
|
||||||
|
networking.firewall.allowedTCPPorts = [ 19999 ];
|
||||||
|
services.netdata.enable = true;
|
||||||
|
|
||||||
|
# Select internationalisation properties.
|
||||||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
console = {
|
||||||
|
font = "Lat2-Terminus16";
|
||||||
|
keyMap = "de-latin1";
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
wget
|
||||||
|
vim
|
||||||
|
tmux
|
||||||
|
screen
|
||||||
|
mtr
|
||||||
|
tcpdump
|
||||||
|
bat
|
||||||
|
direnv
|
||||||
|
starship
|
||||||
|
];
|
||||||
|
|
||||||
|
programs.zsh = {
|
||||||
|
enable = true;
|
||||||
|
histSize = 10000;
|
||||||
|
autosuggestions.enable = true;
|
||||||
|
enableBashCompletion = true;
|
||||||
|
syntaxHighlighting.enable = true;
|
||||||
|
promptInit = ''
|
||||||
|
source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-$VENDOR-$OSTYPE}
|
||||||
|
[[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char
|
||||||
|
[[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char
|
||||||
|
bindkey "''${key[Up]}" up-line-or-search
|
||||||
|
bindkey "''${key[Home]}" beginning-of-line
|
||||||
|
bindkey "''${key[End]}" end-of-line
|
||||||
|
bindkey "''${key[Delete]}" delete-char
|
||||||
|
function command_not_found_handler() { command-not-found $1 }
|
||||||
|
alias cat='bat'
|
||||||
|
eval "$(direnv hook zsh)"
|
||||||
|
eval "$(starship init zsh)"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
programs.starship.enable = true;
|
||||||
|
|
||||||
|
programs.mtr.enable = true;
|
||||||
|
nix.settings = {
|
||||||
|
trusted-users = [ "@wheel" ];
|
||||||
|
auto-optimise-store = true;
|
||||||
|
};
|
||||||
|
nix.gc = {
|
||||||
|
automatic = true;
|
||||||
|
dates = "weekly";
|
||||||
|
options = "--delete-older-than 14d";
|
||||||
|
};
|
||||||
|
nix.extraOptions = ''
|
||||||
|
min-free = ${toString (100 * 1024 * 1024)}
|
||||||
|
max-free = ${toString (1024 * 1024 * 1024)}
|
||||||
|
'';
|
||||||
|
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
passwordAuthentication = false;
|
||||||
|
kbdInteractiveAuthentication = false;
|
||||||
|
permitRootLogin = "yes";
|
||||||
|
};
|
||||||
|
|
||||||
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
}
|
6
deploy.sh
Executable file
6
deploy.sh
Executable file
@ -0,0 +1,6 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
DEPLOY_HOST="nixdeploy.bula22.de"
|
||||||
|
|
||||||
|
rsync -r . ${DEPLOY_HOST}:bula-nixfiles/
|
||||||
|
ssh -tA ${DEPLOY_HOST} "cd bula-nixfiles && colmena $@"
|
27
flake.lock
Normal file
27
flake.lock
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1657114324,
|
||||||
|
"narHash": "sha256-fWuaUNXrHcz/ciHRHlcSO92dvV3EVS0GJQUSBO5JIB4=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "a5c867d9fe9e4380452628e8f171c26b69fa9d3d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": "nixpkgs"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
22
flake.nix
22
flake.nix
@ -4,22 +4,38 @@
|
|||||||
};
|
};
|
||||||
outputs = { nixpkgs, ... }: {
|
outputs = { nixpkgs, ... }: {
|
||||||
colmena = {
|
colmena = {
|
||||||
|
|
||||||
meta = {
|
meta = {
|
||||||
nixpkgs = import nixpkgs {
|
nixpkgs = import nixpkgs {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
overlays = [ (final: prev: import ./packages final prev) ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
defaults = { config, lib, name, ... }: {
|
||||||
|
imports = [
|
||||||
|
(./. + "/hosts/${name}/configuration.nix")
|
||||||
|
./modules
|
||||||
|
./common
|
||||||
|
];
|
||||||
|
|
||||||
pre-router = { config, pkgs, ... }:{
|
deployment.targetUser = null;
|
||||||
imports = [./hosts/pre-router/configuration.nix];
|
};
|
||||||
|
|
||||||
|
nixdeploy = {...}: {
|
||||||
|
deployment.targetHost = "nixdeploy.bula22.de";
|
||||||
|
deployment.allowLocalDeployment = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
pre-router = { config, pkgs, ... }: {
|
||||||
deployment.targetHost = "lightbuffet.entr0py.cloud";
|
deployment.targetHost = "lightbuffet.entr0py.cloud";
|
||||||
deployment.keys = {
|
deployment.keys = {
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
pre-yate-n0emis = { config, pkgs, ... }: {
|
||||||
|
deployment.targetHost = "2001:470:7694::5e5";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
40
hosts/nixdeploy/configuration.nix
Normal file
40
hosts/nixdeploy/configuration.nix
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ # Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
networking.hostName = "nixdeploy";
|
||||||
|
|
||||||
|
networking.useNetworkd = true;
|
||||||
|
systemd.network = {
|
||||||
|
links."10-eth0" = {
|
||||||
|
matchConfig.MACAddress = "5e:1b:ed:a2:91:d1";
|
||||||
|
linkConfig.Name = "eth0";
|
||||||
|
};
|
||||||
|
networks."10-eth0" = {
|
||||||
|
matchConfig = {
|
||||||
|
Name = "eth0";
|
||||||
|
};
|
||||||
|
DHCP = "yes";
|
||||||
|
address = [ "2a01:4f8:1c0c:8221:1337:42:10:1/64" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [ colmena ];
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "22.05"; # Did you read the comment?
|
||||||
|
|
||||||
|
}
|
37
hosts/nixdeploy/hardware-configuration.nix
Normal file
37
hosts/nixdeploy/hardware-configuration.nix
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/ab8ef984-07ee-47a4-a92d-59f57aee1018";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "/dev/disk/by-uuid/73F5-5E82";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
||||||
|
|
@ -17,94 +17,12 @@
|
|||||||
|
|
||||||
networking.hostName = "pre-router"; # Define your hostname.
|
networking.hostName = "pre-router"; # Define your hostname.
|
||||||
|
|
||||||
# Set your time zone.
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
|
|
||||||
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
# replicates the default behaviour.
|
# replicates the default behaviour.
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
#networking.interfaces.ens18.useDHCP = false;
|
#networking.interfaces.ens18.useDHCP = false;
|
||||||
#networking.interfaces.ens19.useDHCP = false;
|
#networking.interfaces.ens19.useDHCP = false;
|
||||||
networking.firewall.allowedTCPPorts = [ 19999 ];
|
|
||||||
services.netdata.enable = true;
|
|
||||||
|
|
||||||
# Select internationalisation properties.
|
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
|
||||||
console = {
|
|
||||||
font = "Lat2-Terminus16";
|
|
||||||
keyMap = "de-latin1";
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
users.users.garionion = {
|
|
||||||
isNormalUser = true;
|
|
||||||
shell = pkgs.zsh;
|
|
||||||
packages = with pkgs; [
|
|
||||||
wget vim screen mtr iperf
|
|
||||||
htop dstat dnsutils nettools tcpdump
|
|
||||||
git bat starship direnv
|
|
||||||
];
|
|
||||||
hashedPassword = "$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80";
|
|
||||||
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
|
||||||
openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin"];
|
|
||||||
};
|
|
||||||
programs.zsh = {
|
|
||||||
enable = true;
|
|
||||||
histSize = 10000;
|
|
||||||
autosuggestions.enable = true;
|
|
||||||
enableBashCompletion = true;
|
|
||||||
syntaxHighlighting.enable = true;
|
|
||||||
promptInit = ''
|
|
||||||
source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-''$VENDOR-''$OSTYPE}
|
|
||||||
[[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char
|
|
||||||
[[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char
|
|
||||||
bindkey "''${key[Up]}" up-line-or-search
|
|
||||||
bindkey "''${key[Home]}" beginning-of-line
|
|
||||||
bindkey "''${key[End]}" end-of-line
|
|
||||||
bindkey "''${key[Delete]}" delete-char
|
|
||||||
function command_not_found_handler() { command-not-found $1 }
|
|
||||||
alias cat='bat'
|
|
||||||
eval "$(direnv hook zsh)"
|
|
||||||
eval "$(starship init zsh)"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
programs.starship = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
# add_newline = false;
|
|
||||||
# character = {
|
|
||||||
# success_symbol = "[➜](bold green)";
|
|
||||||
# error_symbol = "[➜](bold red)";
|
|
||||||
# };
|
|
||||||
# package.disabled = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.mtr.enable = true;
|
|
||||||
nix.settings = {
|
|
||||||
trusted-users = [ "@wheel" ];
|
|
||||||
auto-optimise-store = true;
|
|
||||||
};
|
|
||||||
nix.gc = {
|
|
||||||
automatic = true;
|
|
||||||
dates = "weekly";
|
|
||||||
options = "--delete-older-than 14d";
|
|
||||||
};
|
|
||||||
nix.extraOptions = ''
|
|
||||||
min-free = ${toString (100 * 1024 * 1024)}
|
|
||||||
max-free = ${toString (1024 * 1024 * 1024)}
|
|
||||||
'';
|
|
||||||
|
|
||||||
# List services that you want to enable:
|
|
||||||
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
passwordAuthentication = false;
|
|
||||||
kbdInteractiveAuthentication = false;
|
|
||||||
permitRootLogin = "yes";
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
|
38
hosts/pre-yate-n0emis/configuration.nix
Normal file
38
hosts/pre-yate-n0emis/configuration.nix
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ # Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Use the GRUB 2 boot loader.
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
boot.loader.grub.device = "/dev/sda";
|
||||||
|
|
||||||
|
networking.hostName = "pre-yate-n0emis";
|
||||||
|
|
||||||
|
networking.useNetworkd = true;
|
||||||
|
systemd.network = {
|
||||||
|
links."10-eth0" = {
|
||||||
|
matchConfig.MACAddress = "4a:a6:0d:b9:3b:82";
|
||||||
|
linkConfig.Name = "eth0";
|
||||||
|
};
|
||||||
|
networks."10-eth0" = {
|
||||||
|
matchConfig = {
|
||||||
|
Name = "eth0";
|
||||||
|
};
|
||||||
|
DHCP = "yes";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "22.05"; # Did you read the comment?
|
||||||
|
|
||||||
|
}
|
31
hosts/pre-yate-n0emis/hardware-configuration.nix
Normal file
31
hosts/pre-yate-n0emis/hardware-configuration.nix
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/d3e87ae2-fb17-44f0-b113-14b185a2c845";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
7
modules/default.nix
Normal file
7
modules/default.nix
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./yate
|
||||||
|
];
|
||||||
|
}
|
61
modules/yate/default.nix
Normal file
61
modules/yate/default.nix
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let cfg = config.services.yate;
|
||||||
|
in {
|
||||||
|
options = {
|
||||||
|
services.yate = {
|
||||||
|
enable = mkEnableOption "yate";
|
||||||
|
config = mkOption {
|
||||||
|
type = with types; attrsOf anything;
|
||||||
|
default = { };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = let
|
||||||
|
mkCfgFile = name: config:
|
||||||
|
let
|
||||||
|
content =
|
||||||
|
if (isString config) then config else generators.toINI { } config;
|
||||||
|
in { "yate/${name}.conf".text = content; };
|
||||||
|
environmentFiles = mkMerge
|
||||||
|
(map (key: mkCfgFile key (getAttr key cfg.config))
|
||||||
|
(attrNames cfg.config));
|
||||||
|
in mkIf cfg.enable {
|
||||||
|
environment.etc = environmentFiles;
|
||||||
|
systemd.services.yate = {
|
||||||
|
description = "YATE Telephony Server";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network-online.target" "postgresql.service" ];
|
||||||
|
|
||||||
|
environment = { PWLIB_ASSERT_ACTION = "C"; };
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "forking";
|
||||||
|
ExecStart =
|
||||||
|
"${pkgs.yate}/bin/yate -d -p /run/yate/yate.pid -c /etc/yate -F -s -q -DF -r -l /var/lib/yate/yate.log";
|
||||||
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||||
|
User = "yate";
|
||||||
|
Group = "yate";
|
||||||
|
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||||
|
RuntimeDirectory = "yate";
|
||||||
|
RuntimeDirectoryMode = "0755";
|
||||||
|
StateDirectory = "yate";
|
||||||
|
StateDirectoryMode = "0700";
|
||||||
|
PIDFile = "/run/yate/yate.pid";
|
||||||
|
TimeoutSec = 30;
|
||||||
|
};
|
||||||
|
|
||||||
|
reloadTriggers =
|
||||||
|
map (name: config.environment.etc."yate/${name}.conf".source)
|
||||||
|
(attrNames cfg.config);
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.yate = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "yate";
|
||||||
|
};
|
||||||
|
users.groups.yate = { };
|
||||||
|
};
|
||||||
|
}
|
18
packages/default.nix
Normal file
18
packages/default.nix
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
self: super: {
|
||||||
|
freeradius = super.freeradius.override {
|
||||||
|
withJson = true;
|
||||||
|
withRest = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
python3 = let packageOverrides = final: prev: import ./python final prev;
|
||||||
|
in super.python3.override { inherit packageOverrides; };
|
||||||
|
|
||||||
|
yate = super.yate.overrideAttrs (old: {
|
||||||
|
configureFlags =
|
||||||
|
[ "--with-libpq=${self.postgresql.withPackages (ps: [ ])}" ];
|
||||||
|
});
|
||||||
|
|
||||||
|
t38modem = self.callPackage ./t38modem.nix { };
|
||||||
|
ptlib = self.callPackage ./ptlib.nix { };
|
||||||
|
opal = self.callPackage ./opal.nix { };
|
||||||
|
}
|
19
packages/opal.nix
Normal file
19
packages/opal.nix
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{ stdenv, fetchurl, pkg-config, ptlib, openssl, libopus, spandsp }:
|
||||||
|
|
||||||
|
let
|
||||||
|
pname = "opal";
|
||||||
|
version = "3.18.6";
|
||||||
|
hash = "sha256-L/0784mYza2p866Fal5pvvQ4IJjC9b5VSFwQ89jSYUw=";
|
||||||
|
|
||||||
|
in stdenv.mkDerivation {
|
||||||
|
inherit pname version;
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url =
|
||||||
|
"mirror://sourceforge/project/opalvoip/v3.18%20Cygni/Stable%206/opal-${version}.tar.bz2";
|
||||||
|
inherit hash;
|
||||||
|
};
|
||||||
|
|
||||||
|
buildInputs = [ pkg-config ];
|
||||||
|
nativeBuildInputs = [ ptlib openssl libopus spandsp ];
|
||||||
|
}
|
43
packages/ptlib-pidfile.patch
Normal file
43
packages/ptlib-pidfile.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
diff --git a/src/ptlib/unix/channel.cxx b/src/ptlib/unix/channel.cxx
|
||||||
|
index 2935644..80c8d09 100644
|
||||||
|
--- a/src/ptlib/unix/channel.cxx
|
||||||
|
+++ b/src/ptlib/unix/channel.cxx
|
||||||
|
@@ -34,6 +34,7 @@
|
||||||
|
#pragma implementation "channel.h"
|
||||||
|
#pragma implementation "indchan.h"
|
||||||
|
|
||||||
|
+#include <sys/uio.h>
|
||||||
|
#include <ptlib.h>
|
||||||
|
#include <sys/ioctl.h>
|
||||||
|
|
||||||
|
diff --git a/src/ptlib/unix/svcproc.cxx b/src/ptlib/unix/svcproc.cxx
|
||||||
|
index 4f21025..2c957ef 100644
|
||||||
|
--- a/src/ptlib/unix/svcproc.cxx
|
||||||
|
+++ b/src/ptlib/unix/svcproc.cxx
|
||||||
|
@@ -217,7 +217,7 @@ int PServiceProcess::InitialiseService()
|
||||||
|
pid_t pid;
|
||||||
|
|
||||||
|
{
|
||||||
|
- ifstream pidfile(pidfilename);
|
||||||
|
+ ifstream pidfile((const char *)pidfilename);
|
||||||
|
if (!pidfile.is_open()) {
|
||||||
|
cout << "Could not open pid file: \"" << pidfilename << "\""
|
||||||
|
" - " << strerror(errno) << endl;
|
||||||
|
@@ -384,7 +384,7 @@ int PServiceProcess::InitialiseService()
|
||||||
|
// Run as a daemon, ie fork
|
||||||
|
|
||||||
|
if (!pidfilename) {
|
||||||
|
- ifstream pidfile(pidfilename);
|
||||||
|
+ ifstream pidfile((const char *)pidfilename);
|
||||||
|
if (pidfile.is_open()) {
|
||||||
|
pid_t pid;
|
||||||
|
pidfile >> pid;
|
||||||
|
@@ -412,7 +412,7 @@ int PServiceProcess::InitialiseService()
|
||||||
|
cout << "Daemon started with pid " << pid << endl;
|
||||||
|
if (!pidfilename) {
|
||||||
|
// Write out the child pid to magic file in /var/run (at least for linux)
|
||||||
|
- ofstream pidfile(pidfilename);
|
||||||
|
+ ofstream pidfile((const char *)pidfilename);
|
||||||
|
if (pidfile.is_open())
|
||||||
|
pidfile << pid;
|
||||||
|
else
|
26
packages/ptlib.nix
Normal file
26
packages/ptlib.nix
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
{ stdenv, fetchurl, pkg-config, flex, bison }:
|
||||||
|
|
||||||
|
let
|
||||||
|
pname = "ptlib";
|
||||||
|
version = "2.18.6";
|
||||||
|
hash = "sha256-31HndbsCS73uU0yvJW7/YA7s56+9V2itafuLPqllE2Y=";
|
||||||
|
|
||||||
|
in stdenv.mkDerivation {
|
||||||
|
inherit pname version;
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url =
|
||||||
|
"mirror://sourceforge/project/opalvoip/v3.18%20Cygni/Stable%206/ptlib-${version}.tar.bz2";
|
||||||
|
inherit hash;
|
||||||
|
};
|
||||||
|
|
||||||
|
#patches = [
|
||||||
|
# ./ptlib-pidfile.patch
|
||||||
|
#];
|
||||||
|
|
||||||
|
buildInputs = [ pkg-config ];
|
||||||
|
nativeBuildInputs = [ flex bison ];
|
||||||
|
|
||||||
|
#NIX_CFLAGS_COMPILE = [ "-fpermissive" ];
|
||||||
|
#CXXFLAGS = "-std=gnu++98";
|
||||||
|
}
|
4
packages/python/default.nix
Normal file
4
packages/python/default.nix
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
self: super: {
|
||||||
|
python-yate = self.callPackage ./python-yate { };
|
||||||
|
ywsd = self.callPackage ./ywsd { };
|
||||||
|
}
|
15
packages/python/python-yate/default.nix
Normal file
15
packages/python/python-yate/default.nix
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
{ lib, buildPythonPackage, fetchPypi, async-timeout }:
|
||||||
|
|
||||||
|
buildPythonPackage rec {
|
||||||
|
pname = "python-yate";
|
||||||
|
version = "0.3.1";
|
||||||
|
|
||||||
|
src = fetchPypi {
|
||||||
|
inherit pname version;
|
||||||
|
sha256 = "5e806802dc47a35c855b60cd459a2c98fb0109c7fc099f3e9f83a1a38abf9f90";
|
||||||
|
};
|
||||||
|
|
||||||
|
propagatedBuildInputs = [ async-timeout ];
|
||||||
|
|
||||||
|
pythonImportsCheck = [ "yate" ];
|
||||||
|
}
|
14
packages/python/ywsd/count.patch
Normal file
14
packages/python/ywsd/count.patch
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
diff --git a/ywsd/objects.py b/ywsd/objects.py
|
||||||
|
index 4ce29fb..a535e76 100644
|
||||||
|
--- a/ywsd/objects.py
|
||||||
|
+++ b/ywsd/objects.py
|
||||||
|
@@ -178,7 +178,8 @@ class ActiveCall:
|
||||||
|
async def is_active_call(cls, username, x_eventphone_id, db_connection):
|
||||||
|
return (
|
||||||
|
await db_connection.scalar(
|
||||||
|
- cls.table.count()
|
||||||
|
+ sa.select(sa.func.count('*'))
|
||||||
|
+ .select_from(cls.table)
|
||||||
|
.where(cls.table.c.username == username)
|
||||||
|
.where(cls.table.c.x_eventphone_id == x_eventphone_id)
|
||||||
|
)
|
20
packages/python/ywsd/default.nix
Normal file
20
packages/python/ywsd/default.nix
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
{ lib, buildPythonApplication, fetchFromGitHub, aiopg, aiohttp, python-yate
|
||||||
|
, pyyaml, sqlalchemy }:
|
||||||
|
|
||||||
|
buildPythonApplication rec {
|
||||||
|
pname = "ywsd";
|
||||||
|
version = "0.11.0";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "eventphone";
|
||||||
|
repo = pname;
|
||||||
|
rev = "v${version}";
|
||||||
|
sha256 = "sha256-9DloJSKR3Ck4Bsc0ICcAAD6LHIMeOHTe2rCx6nPINT4=";
|
||||||
|
};
|
||||||
|
|
||||||
|
patches = [ ./count.patch ];
|
||||||
|
|
||||||
|
propagatedBuildInputs = [ aiopg aiohttp python-yate pyyaml sqlalchemy ];
|
||||||
|
|
||||||
|
doCheck = false;
|
||||||
|
}
|
33
packages/t38modem.nix
Normal file
33
packages/t38modem.nix
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
{ stdenv, fetchFromGitHub, pkg-config, opal, ptlib }:
|
||||||
|
|
||||||
|
let
|
||||||
|
pname = "t38modem";
|
||||||
|
version = "4.6.0";
|
||||||
|
hash = "sha256-631xF1Q9Nd0sMBEHtqgqn1SEUEZweneqLJMNVEO2DJo=";
|
||||||
|
|
||||||
|
in stdenv.mkDerivation {
|
||||||
|
inherit pname version;
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "T38modem";
|
||||||
|
repo = pname;
|
||||||
|
rev = "v${version}";
|
||||||
|
inherit hash;
|
||||||
|
};
|
||||||
|
|
||||||
|
buildInputs = [ pkg-config ];
|
||||||
|
|
||||||
|
nativeBuildInputs = [ ptlib opal ];
|
||||||
|
|
||||||
|
buildFlags = [
|
||||||
|
"PTLIBDIR=${ptlib}/share/ptlib"
|
||||||
|
"USE_OPAL=1"
|
||||||
|
"OPALDIR=${opal}/share/opal"
|
||||||
|
];
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin
|
||||||
|
cp t38modem $out/bin
|
||||||
|
'';
|
||||||
|
|
||||||
|
NIX_CFLAGS_COMPILE = [ "-Wno-narrowing" ];
|
||||||
|
}
|
8
users/default.nix
Normal file
8
users/default.nix
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./garionion
|
||||||
|
./n0emis
|
||||||
|
];
|
||||||
|
}
|
@ -1,15 +1,21 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }: {
|
||||||
{
|
|
||||||
users.users.garionion = {
|
users.users.garionion = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
wget vim screen mtr iperf
|
iperf
|
||||||
htop dstat dnsutils nettools tcpdump
|
htop
|
||||||
git bat starship direnv
|
dstat
|
||||||
|
dnsutils
|
||||||
|
nettools
|
||||||
|
tcpdump
|
||||||
|
git
|
||||||
];
|
];
|
||||||
hashedPassword = "$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80";
|
hashedPassword =
|
||||||
|
"$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80";
|
||||||
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||||
openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin"];
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
16
users/n0emis/default.nix
Normal file
16
users/n0emis/default.nix
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
users.users.n0emis = {
|
||||||
|
isNormalUser = true;
|
||||||
|
shell = pkgs.zsh;
|
||||||
|
packages = with pkgs; [ htop dnsutils nettools tcpdump git jq tree ];
|
||||||
|
hashedPassword =
|
||||||
|
"$6$ZvdWexF9y28IrjyW$lxz27/eFjDZWUPY7Lox0aDXO0.TgMBzygZqNSp1HU7itaMI0KbtAOX2H3uZ9hlEo21z.K.JEE.V/b.HpmN.4y1";
|
||||||
|
extraGroups = [ "wheel" ];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcOPtW5FWNIdlMQFoqeyA1vHw+cA8ft8oXSbXPzQNL9 n0emis@n0emis.eu"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== n0emis@noemis.me (OLD)"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user