steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Staging #20

Merged
steveej merged 29 commits from staging into master 2019-03-20 11:28:18 +00:00
Conversation 2 Commits 29 Files changed 30 +482 -65
30 changed files with 482 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

56
Justfile
View file

@ -1,3 +1,6 @@
_DEFAULT_VERSION_TMPL:
echo "{{invocation_directory()}}/nix/variables/versions.tmpl.nix"
_usage:
just -l
@ -21,12 +24,12 @@ _rebuild-device dir rebuildarg="dry-activate" +moreargs="": _render_templates
set -ex
just -v _device rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} {{moreargs}}
rebuild-remote-device dir target rebuildarg="dry-activate" :
rebuild-remote-device device target rebuildarg="dry-activate" :
#!/usr/bin/env bash
set -ex
just -v _rebuild-device {{dir}} {{rebuildarg}} --argstr moreargs "'--target-host\ {{target}}'"
just -v _rebuild-device nix/os/devices/{{device}} {{rebuildarg}} --argstr moreargs "'--target-host\ {{target}}'"
# Rebulid this device's NixOS
# Rebuild this device's NixOS
rebuild-this-device rebuildarg="dry-activate":
#!/usr/bin/env bash
set -e
@ -50,7 +53,8 @@ rebuild-this-device rebuildarg="dry-activate":
echo System rebuild successful
else
cat ${SYSREBUILD_LOG}
echo System rebuild failed
echo ERROR: system rebuild failed
exit 1
fi
if type home-manager > /dev/null 2>&1; then
@ -60,18 +64,44 @@ rebuild-this-device rebuildarg="dry-activate":
echo Home rebuild successful
else
cat ${HOMEREBUILD_LOG}
echo Home rebuild failed
echo ERROR: home rebuild failed
exit 1
fi
fi
# This could be used to inject another channel
# --argstr moreargs "\'-I nixos-unstable=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz\'"
update-remote-device device target rebuildmode='switch':
#!/usr/bin/env bash
set -e
template=nix/os/devices/{{device}}/versions.tmpl.nix
outfile=nix/os/devices/{{device}}/versions.nix
if ! test -e ${template}; then
template="$(just _DEFAULT_VERSION_TMPL)"
fi
esh -o ${outfile} ${template}
if ! test "$(git diff ${outfile})"; then
echo Already on latest versions
exit 0
fi
just -v rebuild-remote-device {{device}} {{target}} dry-activate || {
echo ERROR: rebuild in mode 'dry-active' failed after updating ${outfile}
exit 1
}
just -v rebuild-remote-device {{ device }} {{ target }} {{ rebuildmode }} || {
echo ERROR: rebuild in mode '{{ rebuildmode }}' failed after updating ${outfile}
exit 1
}
git commit -v ${outfile} -m "nix/os/devices/{{ device }}: bump versions"
# Update the channel versions and (by default) switch to new environment
update-this-device rebuild-mode='switch':
#!/usr/bin/env bash
set -xe
set -e
template=nix/os/devices/$(hostname -s)/versions.tmpl.nix
outfile=nix/os/devices/$(hostname -s)/versions.nix
@ -85,16 +115,16 @@ update-this-device rebuild-mode='switch':
export SYSREBUILD_LOG=.$(hostname -s)_sysrebuild.log
just -v rebuild-this-device dry-activate || {
echo ERROR: Update failed, reverting ${outfile}...
git checkout ${outfile}
exit 1
}
just -v rebuild-this-device {{rebuild-mode}} || {
echo ERROR: Rebuilding in {{rebuild-mode}}-mode failed
exit 1
}
git commit -v ${outfile} -m "nix/os/devices/$(hostname -s): bump versions"
just -v rebuild-this-device {{rebuild-mode}} || {
echo WARNING: Rebuilding in {{rebuild-mode}}-mode failed
}
# Iterate on a qtile config by running it inside Xephyr. (un-/grab the mouse with Ctrl + Shift-L)
hm-iterate-qtile:
#!/usr/bin/env bash

9
README.md
View file

@ -4,7 +4,7 @@ This is mostly achieved with the help of [Nix](https://nixos.org).
In the unlikely case that you actually read this and have any questions please don't hesitate to reach out.
## Roadmap
## Initial Roadmap
- All graphical systems (incl. install media) must have
- [x] Full-disk encryption by default
@ -17,11 +17,10 @@ In the unlikely case that you actually read this and have any questions please d
- [x] home-manager
- [x] pkgs-configuration
- [ ] development environments
- [ ] (Semi-) automatic synchronization of important repositories
- [x] (Semi-) automatic synchronization of important repositories
- [x] Modification strategy
The approach is to use vcsh for the dotfiles
- [x] dotfiles
- [ ] password-store
- [ ] this repo
- [x] Toplevel Justfile for simple actions
- [x] mount/umount disks
- [x] install to mounted disk
@ -36,7 +35,7 @@ In the unlikely case that you actually read this and have any questions please d
- [ ] Design disaster recovery
- [ ] Automatic synchronization of other state files - see https://gitlab.com/steveeJ/nix-expressions/issues/2
- [ ] Recycle *\_archived*
- [ ] Maybe make this a nix-overlay
- [x] Maybe make this a nix-overlay
## Bugs
- [ ] home-manager leaves ~/.gnupg at 0755

22
nix/default.nix
View file

@ -3,22 +3,26 @@
{
channelSources =
let
# channelVersions = (import ((builtins.getEnv "PWD")+"/${dir}/versions.nix"));
channelVersions = (import versionsPath);
mkChannelSource = channel: builtins.fetchGit {
# Descriptive name to make the store path easier to identify
url = "https://github.com/NixOS/nixpkgs-channels/";
# Commit hash for nixos-unstable as of 2018-09-12
# `git ls-remote https://github.com/nixos/nixpkgs-channels nixos-unstable`
ref = (builtins.getAttr channel channelVersions)."ref";
rev = (builtins.getAttr channel channelVersions)."rev";
name = "nixpkgs-channels-${channel}";
mkChannelSource = channel:
let
channelVersion = builtins.getAttr channel channelVersions;
in builtins.fetchGit {
# Descriptive name to make the store path easier to identify
name = "nixpkgs-channels-${channel}";
url = if builtins.hasAttr "url" channelVersion
then channelVersion."url"
else "https://github.com/NixOS/nixpkgs-channels/"
;
ref = (builtins.getAttr channel channelVersions)."ref";
rev = (builtins.getAttr channel channelVersions)."rev";
};
nix_path = builtins.foldl' (sum: elem: sum +":" + builtins.concatStringsSep "=" elem) "" [
[ "nixpkgs" (mkChannelSource "channelsNixosStable") ]
[ "nixos" (mkChannelSource "channelsNixosStable" + "/nixos") ]
[ "channels-nixos-stable" (mkChannelSource "channelsNixosStable") ]
[ "channels-nixos-unstable" (mkChannelSource "channelsNixosUnstable") ]
[ "home-manager-module" (mkChannelSource "homeManagerModule") ]
];
in (import (mkChannelSource "channelsNixosStable") {}).writeText "channels.rc" ''
export NIX_PATH=${nix_path}

11
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -27,8 +27,6 @@ in {
gnutls = true;
};
android_sdk.accept_license = true;
packageOverrides = pkgs: with pkgs; {
myPython36 = python36Full.withPackages (ps: with ps; [
pep8 yapf flake8
@ -152,7 +150,7 @@ in {
# virtualbox
vagrant
rkt
python27Packages.docker_compose
docker_compose
# unstablepkgs.kubernetes
unstablepkgs.minikube
unstablepkgs.openshift
@ -185,8 +183,9 @@ in {
iperf
bind
socat
linssid
# 2019-03-05: broken on 19.03 linssid
iptraf-ng
ipmitool
# samba
iptables
@ -283,7 +282,6 @@ in {
# File Synchronzation
seafile-client
syncthing
grive2
dropbox
# gocryptfs
@ -291,7 +289,6 @@ in {
# s3ql
# rclone
rsync
duplicacy
# Filesystem Tools
ntfs3g
@ -325,7 +322,7 @@ in {
bazel
## Android
androidsdk
androidenv.androidPkgs_9_0.platform-tools
## Java
# jre

5
nix/home-manager/configuration/text-minimal.nix
View file

@ -1,6 +1,6 @@
{ pkgs
, config,
... }:
, config
, ... }:
let
@ -24,5 +24,6 @@ in {
++ (with pkgs; [
iperf3
telnet
speedtest-cli
]);
}

9
nix/home-manager/profiles/common.nix
View file

@ -1,11 +1,12 @@
{ pkgs,
...
{ pkgs
, ...
}:
let
in {
programs.home-manager.enable = true;
programs.home-manager.path = https://github.com/rycee/home-manager/archive/master.tar.gz;
# TODO: re-enable this with the appropriate version
# programs.home-manager.enable = true;
# programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz;
nixpkgs.overlays = [
(import ../../overlay.nix)

2
nix/home-manager/programs/chromium.nix
View file

@ -9,7 +9,7 @@
nixpkgs.config = {
chromium = {
enablePepperPDF = true;
# 2019-03-05: missing on 19.03 enablePepperPDF = true;
enablePepperFlash = false;
};
};

6
nix/home-manager/programs/neovim.nix
View file

@ -93,6 +93,8 @@ in {
"sha256" = "181siphb87yzln9433159ssa6vmm1h2dd0kqhlx7bgsi51gng4rv";
};
};
tlib = vimPlugins.tlib_vim;
};
pluginDictionaries = let
@ -126,7 +128,7 @@ in {
"git-blame"
# Nix
"vim-addon-nix"
"vim-addon-nix" "tlib"
"vim-addon-vim2nix"
# LaTeX
@ -146,7 +148,7 @@ in {
"vim-markdown-toc"
# misc syntax support
"vim-bazel"
"vim-bazel" "maktaba"
];
in [
{ names = default; }

185
nix/os/containers/backup.nix Normal file
View file

@ -0,0 +1,185 @@
{ config, ... } @ args:
let
unstablepkgs = import <channels-nixos-unstable> { config = config.nixpkgs.config; };
passwords = import ../../variables/passwords.crypt.nix;
bucket = "bkp";
subvolumeParentDir = "/var/lib";
subvolumeDir = "/var/lib/container-volumes";
subvolumeSnapshot = "/var/lib/container-volumes.snapshot";
bkpSource = subvolumeSnapshot;
bkpDestination = "/container/backup";
cacheDir = "/var/lib/rclone-cachedir";
wasabiRc = pkgs: pkgs.writeText "rc" ''
[wasabi-${bucket}]
type = s3
provider = Wasabi
env_auth = false
#bkp user
access_key_id = ${passwords.storage.wasabi.bkp.key}
secret_access_key = ${passwords.storage.wasabi.bkp.secret}
region = us-east-1
endpoint = s3.wasabisys.com
location_constraint =
acl =
server_side_encryption =
storage_class =
'';
bkp-mount-rclone-manual = pkgs: {
enable = true;
description = "bkp-mount-rclone-manual service";
path = with pkgs; [ unstablepkgs.rclone utillinux ];
serviceConfig = {
Type = "notify";
};
script = ''
export PATH="$PATH:/run/wrappers/bin"
exec rclone --config ${wasabiRc pkgs} mount wasabi-${bucket}:${bucket} ${bkpDestination} \
--stats=1m --stats-log-level=NOTICE \
--cache-dir=${cacheDir} \
--vfs-cache-mode=full
'';
preStart = ''
mkdir -p ${bkpDestination}
mkdir -p ${cacheDir}
'';
postStop = ''
sync
umount ${bkpDestination} \
|| umount -l ${bkpDestination} \
|| :
rmdir ${bkpDestination}
'';
};
in args // {
config = { pkgs, ... }: {
imports = [
../profiles/containers/configuration.nix
];
environment.systemPackages = with pkgs; [
btrfs-progs
rdup rdedup
iptraf-ng nethogs
rclone
];
networking.firewall.enable = true;
systemd.services."bkp-mount-rclone-manual" = bkp-mount-rclone-manual pkgs;
systemd.services."bkp-sync-rclone" = {
enable = true;
description = "bkp-sync-rclone service";
serviceConfig = {
Type = "oneshot";
};
after = [
"bkp-run.service"
];
requires = [
"bkp-run.service"
];
path = with pkgs; [ unstablepkgs.rclone utillinux ];
script = ''
set -x
echo Starting rclone sync...
rclone --config ${wasabiRc pkgs} sync \
${bkpDestination}/rdedup/ wasabi-${bucket}:${bucket}/rdedup/ \
--stats=1m --stats-log-level=NOTICE
echo Finished rclone sync...
'';
};
systemd.services."bkp-run" = {
enable = true;
description = "bkp-run";
serviceConfig = {
Type = "oneshot";
};
partOf = [
"bkp-sync-rclone.service"
];
path = with pkgs; [ btrfs-progs rdup rdedup coreutils ];
preStart = ''
echo Creating new btrfs snapshot of ${subvolumeDir} at ${subvolumeSnapshot}
btrfs subvolume snapshot -r ${subvolumeDir} ${subvolumeSnapshot}
'';
script = ''
#! ${pkgs.bash}/bin/bash
export RUST_BACKTRACE=1
export TIMESTAMP=$(date +"%Y%m%d.%H%M%S")
echo Starting rdup/rdedup backup...
for d in `ls -1 ${bkpSource}`; do
echo Determining backup source size ${bkpSource}/$d...
du -hs ${bkpSource}/$d
set -x
rdup -x /dev/null ${bkpSource}/$d | rdedup -v -ttt --dir=${bkpDestination}/rdedup store $d-''${TIMESTAMP}
set +x
done
sync
echo Finished rdup/rdedup backup...
echo Determining backup destination size ${bkpDestination}/rdedup...
du -hs ${bkpDestination}/rdedup
'';
postStop = ''
btrfs subvolume delete ${subvolumeSnapshot}
'';
};
systemd.timers."bkp" = {
description = "Timer to trigger bkp periodically";
enable = true;
wantedBy = [ "timer.target" "multi-user.target" ];
timerConfig = {
OnCalendar = "23:00";
Unit = "bkp-sync-rclone.service";
# OnActiveSec="1s";
# OnUnitInactiveSec="12h";
# AccuracySec="5s";
};
};
};
autoStart = true;
bindMounts = {
"${subvolumeParentDir}" = {
hostPath = "/var/lib/";
isReadOnly = false;
};
"/dev/fuse" = {
hostPath = "/dev/fuse";
isReadOnly = false;
};
};
allowedDevices = [
{ node = "/dev/fuse"; modifier = "rw"; }
];
privateNetwork = true;
forwardPorts = [
];
}

16
nix/os/containers/mailserver.nix
View file

@ -41,6 +41,10 @@ in args // {
args = scheme=CRYPT username_format=%u /etc/dovecot/users
}
protocol lda {
postmaster_address = "mail@stefanjunker.de"
mail_plugins = $mail_plugins sieve
}
'';
};
@ -53,7 +57,9 @@ in args // {
enable = true;
wantedBy = [ "multi-user.target" ];
serviceConfig.User = "steveej";
serviceConfig.Group = "users";
serviceConfig.Group = "dovecot2";
serviceConfig.RestartSec = 600;
serviceConfig.Restart = "always";
description = "Getmail service";
path = [ pkgs.getmail ];
script = let
@ -72,8 +78,8 @@ in args // {
mailboxes = ('INBOX',)
[destination]
type = Maildir
path = ~/.maildir/
type = MDA_external
path = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda
'';
in ''
getmail --rcfile=${rc} --idle=INBOX
@ -84,10 +90,10 @@ in args // {
enable = true;
wantedBy = [ "multi-user.target" ];
serviceConfig.User = "steveej";
serviceConfig.Group = "users";
serviceConfig.Group = "dovecot2";
description = "Getmail service";
path = [ pkgs.getmail ];
serviceConfig.RestartSec = 900;
serviceConfig.RestartSec = 1000;
serviceConfig.Restart = "always";
script = let
rc = pkgs.writeText "schtifATweb.de.getmail.rc" ''

41
nix/os/containers/syncthing.nix Normal file
View file

@ -0,0 +1,41 @@
{ ... } @ args:
let
in args // {
config = { config, pkgs, ... }: {
imports = [
../profiles/containers/configuration.nix
];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
# syncthing gui
8384
];
services.syncthing = {
enable = true;
openDefaultPorts = true;
guiAddress = "0.0.0.0:8384";
};
};
autoStart = true;
bindMounts = {
"/var/lib/syncthing/" = {
hostPath = "/var/lib/container-volumes/syncthing/var-lib-syncthing";
isReadOnly = false;
};
};
privateNetwork = true;
forwardPorts = [
{
containerPort = 22000;
hostPort = 22000;
protocol = "tcp";
}
];
}

11
nix/os/devices/steveej-t480s-work/versions.nix
View file

@ -1,10 +1,15 @@
{
channelsNixosStable = {
ref = "nixos-18.09";
rev = "97e0d53d669cd07f0750a42fd535524b3cdd46d1";
ref = "nixos-19.03";
rev = "07e2b59812de95deeedde95fb6ba22d581d12fbc";
};
channelsNixosUnstable = {
ref = "nixos-unstable";
rev = "be445a9074f139d63e704fa82610d25456562c3d";
rev = "34aa254f9ebf5899636a9927ceefbc9df80230f4";
};
homeManagerModule = {
url = "https://github.com/rycee/home-manager";
ref = "master";
rev = "52fdf5b7ecab93eaf2a2ee83777b73f8ee126614";
};
}

9
nix/os/devices/steveej-t480s-work/versions.tmpl.nix
View file

@ -1,10 +1,15 @@
{
channelsNixosStable = {
ref = "nixos-18.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-18.09 | awk '{ print $1 }' | tr -d '\n' -%>";
ref = "nixos-19.03";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-19.03 | awk '{ print $1 }' | tr -d '\n' -%>";
};
channelsNixosUnstable = {
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
};
homeManagerModule = {
url = "https://github.com/rycee/home-manager";
ref = "master";
rev = "<% git ls-remote https://github.com/rycee/home-manager.git master | awk '{ print $1 }' | tr -d '\n' -%>";
};
}

5
nix/os/devices/vmd32387.contaboserver.net/pkg.nix
View file

@ -7,11 +7,6 @@
{
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix;
services.syncthing = {
enable = true;
openDefaultPorts = true;
};
services.hydra = {
enable = false;
hydraURL = "http://localhost:3000"; # externally visible URL

36
nix/os/devices/vmd32387.contaboserver.net/system.nix
View file

@ -52,6 +52,31 @@ in {
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
systemd.services."sshd-status" = {
enable = true;
description = "sshd-status service";
path = [ pkgs.systemd ];
script = ''
systemctl status sshd | grep -i tasks
'';
};
systemd.services.sshd.serviceConfig = {
TasksMax = 32;
};
systemd.timers."sshd-status" = {
description = "Timer to trigger sshd-status periodically";
enable = true;
wantedBy = [ "timer.target" "multi-user.target" ];
timerConfig = {
OnActiveSec="5s";
OnUnitActiveSec="5s";
AccuracySec="1s";
Unit = "sshd-status.service";
};
};
boot.initrd.network = {
enable = true;
udhcpc.extraArgs = [ "-x hostname:${config.networking.hostName}" ];
@ -80,5 +105,16 @@ in {
hostAddress = "192.168.100.12";
localAddress = "192.168.100.13";
};
syncthing = import ../../containers/syncthing.nix {
hostAddress = "192.168.100.14";
localAddress = "192.168.100.15";
};
backup = import ../../containers/backup.nix {
inherit config;
hostAddress = "192.168.100.16";
localAddress = "192.168.100.17";
};
};
}

11
nix/os/devices/vmd32387.contaboserver.net/versions.nix
View file

@ -1,10 +1,15 @@
{
channelsNixosStable = {
ref = "nixos-18.09";
rev = "c2950341d038995bf46a7b72db961bb3d3e9ac12";
ref = "nixos-19.03";
rev = "07e2b59812de95deeedde95fb6ba22d581d12fbc";
};
channelsNixosUnstable = {
ref = "nixos-unstable";
rev = "44b02b52ea6a49674f124f50009299f192ed78bb";
rev = "34aa254f9ebf5899636a9927ceefbc9df80230f4";
};
homeManagerModule = {
url = "https://github.com/rycee/home-manager";
ref = "master";
rev = "465d08d99f5b72b38cecb7ca1865b7255de3ee86";
};
}

1
nix/os/lib/default.nix
View file

@ -22,6 +22,7 @@
"audio"
"video"
"cdrom"
"adbusers"
];
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
} // args;

6
nix/os/profiles/common/pkg.nix
View file

@ -1,8 +1,10 @@
{ config, pkgs, ... }:
{ config
, pkgs
, ... }:
{
imports = [
"${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos"
"${<home-manager-module>}/nixos"
];
home-manager.users.root = import ../../../home-manager/configuration/text-minimal.nix;

2
nix/os/profiles/common/user.nix
View file

@ -13,6 +13,6 @@ in {
uid = 1000;
};
security.pam.enableU2F = true;
security.pam.u2f.enable = true;
security.pam.services.steveej.u2fAuth = true;
}

1
nix/os/profiles/graphical/system.nix
View file

@ -91,6 +91,7 @@
services.udev.packages = [
pkgs.libu2f-host
pkgs.yubikey-personalization
pkgs.android-udev-rules
];
services.udev.extraRules = ''
# OnePlusOne

2
nix/overlay.nix
View file

@ -48,4 +48,6 @@ in {
inherit sha256;
};
});
rdedup = super.callPackages ./pkgs/rdedup {};
}

35
nix/pkgs/rdedup/default.nix Normal file
View file

@ -0,0 +1,35 @@
{ stdenv, fetchFromGitHub, rustPlatform, pkgconfig, openssl, libsodium
, llvmPackages, clang_39, lzma }:
rustPlatform.buildRustPackage rec {
name = "rdedup-${version}";
version = "3.1.1";
src = fetchFromGitHub {
owner = "dpc";
repo = "rdedup";
rev = "rdedup-v${version}";
sha256 = "0y34a3mpghdmcb2rx4z62q0s351bfmy1287d75mm07ryfgglgsd7";
};
patches = [
./v3.1.1-fix-Cargo.lock.patch
];
cargoSha256 = "0p19qcz2ph6axfccjwc6z72hrlb48l7sf1n0hc1gfq8hj2s3k2s1";
nativeBuildInputs = [ pkgconfig llvmPackages.libclang clang_39 ];
buildInputs = [ openssl libsodium lzma ];
configurePhase = ''
export LIBCLANG_PATH="${llvmPackages.libclang}/lib"
'';
meta = with stdenv.lib; {
description = "Data deduplication with compression and public key encryption";
homepage = https://github.com/dpc/rdedup;
license = licenses.mpl20;
maintainers = with maintainers; [ dywedir ];
platforms = platforms.all;
};
}

28
nix/pkgs/rdedup/v3.1.1-fix-Cargo.lock.patch Normal file
View file

@ -0,0 +1,28 @@
diff --git a/Cargo.lock b/Cargo.lock
index 96be83a..fe07471 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -880,12 +880,12 @@ dependencies = [
[[package]]
name = "rdedup"
-version = "3.1.0"
+version = "3.1.1"
dependencies = [
"clap 2.32.0 (registry+https://github.com/rust-lang/crates.io-index)",
"hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
- "rdedup-lib 3.0.0",
+ "rdedup-lib 3.1.0",
"rpassword 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
"slog 2.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
"slog-async 2.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -900,7 +900,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
[[package]]
name = "rdedup-lib"
-version = "3.0.0"
+version = "3.1.0"
dependencies = [
"backblaze-b2 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)",
"base64 0.9.2 (registry+https://github.com/rust-lang/crates.io-index)",

2
nix/scripts/pre-eval-fixed.sh
View file

@ -2,5 +2,5 @@
set -xe
INFILE="${1:?Please set arg1 to INFILE}"
OUTFILE="${2:?Please set arg2 to OUTFILE}"
hash=$(nix-build ${INFILE} --arg pkgs 'import <channels-nixos-stable> {}' --arg config 'null' 2>&1 | grep -oE '[0-9a-z]{52}' | head -n1)
hash=$(nix-build ${INFILE} --arg pkgs 'import <channels-nixos-stable> {}' --arg config 'null' 2>&1 | rg -o 'got.*sha256:([0-9a-z]{52})' -r '$1')
sed -E "s/0{52}/${hash}/" ${INFILE} > ${OUTFILE}

BIN
nix/variables/passwords.crypt.nix
View file

Binary file not shown.

5
nix/variables/versions.nix
View file

@ -7,4 +7,9 @@
ref = "nixos-unstable";
rev = "44b02b52ea6a49674f124f50009299f192ed78bb";
};
homeManagerModule = {
url = "https://github.com/rycee/home-manager/";
ref = "release-18.09";
rev = "dd94a849df69fe62fe2cb23a74c2b9330f1189ed";
};
}

15
nix/variables/versions.tmpl.nix Normal file
View file

@ -0,0 +1,15 @@
{
channelsNixosStable = {
ref = "nixos-19.03";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-19.03 | awk '{ print $1 }' | tr -d '\n' -%>";
};
channelsNixosUnstable = {
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
};
homeManagerModule = {
url = "https://github.com/rycee/home-manager";
ref = "master";
rev = "<% git ls-remote https://github.com/rycee/home-manager.git master | awk '{ print $1 }' | tr -d '\n' -%>";
};
}

2
services/ffld/router-wan.lan/Justfile Normal file
View file

@ -0,0 +1,2 @@
post-setup:
ansible-playbook -i hosts openwrt-post-setup.yaml --verbose

1
services/ffld/router-wan.lan/hosts Normal file
View file

@ -0,0 +1 @@
router-wan.lan ansible_ssh_user=root

13
services/ffld/router-wan.lan/openwrt-post-setup.yaml Normal file
View file

@ -0,0 +1,13 @@
# * https://openwrt.org/docs/guide-user/services/nas/usb-storage-samba-webinterface
- hosts: router-wan.lan
gather_facts: no
tasks:
- name: udpate pkg database
raw: opkg update
- name: install packages
raw: opkg install {{ item }}
loop:
- luci-ssl
- luci-app-samba samba36-server
- block-mount blockd kmod-fs-vmod kmod-fs-vfat kmod-usb-storage usbutils