From 30d9c20b1bc1bc718bcb93caa2d10971f4c504a0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 15 Feb 2022 22:30:02 +0100
Subject: ma latte.r: run on 1blu

---
 makefu/1systems/latte/1blu/default.nix | 50 ++++++++++++++++++++++++++++++++++
 makefu/1systems/latte/1blu/network.nix | 31 +++++++++++++++++++++
 makefu/1systems/latte/config.nix       | 27 ++++--------------
 makefu/1systems/latte/source.nix       |  1 +
 4 files changed, 88 insertions(+), 21 deletions(-)
 create mode 100644 makefu/1systems/latte/1blu/default.nix
 create mode 100644 makefu/1systems/latte/1blu/network.nix

(limited to 'makefu/1systems/latte')

diff --git a/makefu/1systems/latte/1blu/default.nix b/makefu/1systems/latte/1blu/default.nix
new file mode 100644
index 000000000..50cd9204d
--- /dev/null
+++ b/makefu/1systems/latte/1blu/default.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+
+  imports =
+    [ ./network.nix
+      (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  # Disk
+  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "tank/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "tank/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "tank/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AEF3-A486";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+  boot.loader.grub.device = "/dev/vda";
+
+  networking.hostId = "3150697c"; # required for zfs use
+  boot.tmpOnTmpfs = true;
+  boot.supportedFilesystems = [ "zfs" ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.copyKernels = true;
+  boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
+  boot.kernelParams = [
+    "boot.shell_on_fail"
+    "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
+  ];
+}
diff --git a/makefu/1systems/latte/1blu/network.nix b/makefu/1systems/latte/1blu/network.nix
new file mode 100644
index 000000000..065a69013
--- /dev/null
+++ b/makefu/1systems/latte/1blu/network.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, modulesPath, ... }:
+let
+  external-mac = "c4:37:72:55:4e:1c";
+  external-gw = "178.254.28.1";
+  external-ip = "178.254.30.202";
+  external-ip6 = "2a00:6800:3:18c::2";
+  external-gw6 = "2a00:6800:3::1";
+  external-netmask = 22;
+  external-netmask6 = 64;
+  internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+  ext-if = "et0"; # gets renamed on the fly
+in
+{
+  services.udev.extraRules = ''
+    SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
+  '';
+  networking = {
+    interfaces."${ext-if}" = {
+    ipv4.addresses = [{
+      address = external-ip;
+      prefixLength = external-netmask;
+    }];
+    ipv6.addresses = [{
+        address = external-ip6;
+        prefixLength = external-netmask6;
+      }];
+    };
+    defaultGateway6 = { address = external-gw6; interface = ext-if; };
+    defaultGateway = external-gw;
+  };
+}
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index bec778abc..27df80fbf 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
 
   # external-ip = config.krebs.build.host.nets.internet.ip4.addr;
@@ -10,11 +10,13 @@ let
 in {
 
   imports = [
+    ./1blu
     <stockholm/makefu>
+    #<stockholm/makefu/2configs/home-manager>
     # configure your hw:
-    <stockholm/makefu/2configs/hw/CAC.nix>
+    #<stockholm/makefu/2configs/hw/CAC.nix>
     <stockholm/makefu/2configs/tinc/retiolum.nix>
-    <stockholm/makefu/2configs/save-diskspace.nix>
+    #<stockholm/makefu/2configs/save-diskspace.nix>
 
     # Security
     <stockholm/makefu/2configs/sshd-totp.nix>
@@ -25,29 +27,12 @@ in {
     <stockholm/makefu/2configs/zsh-user.nix>
     # Services
     <stockholm/makefu/2configs/remote-build/slave.nix>
-    <stockholm/makefu/2configs/torrent.nix>
+    # <stockholm/makefu/2configs/torrent.nix>
 
   ];
   krebs = {
     enable = true;
     build.host = config.krebs.hosts.latte;
   };
-  boot.initrd.availableKernelModules = [ "ata_piix" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ];
 
-  boot.loader.grub.device = "/dev/vda";
-  boot.loader.grub.copyKernels = true;
-  fileSystems."/" = {
-    device = "/dev/vda1";
-    fsType = "ext4";
-  };
-  networking = {
-    firewall = {
-      allowPing = true;
-      logRefusedConnections = false;
-      allowedTCPPorts = [ ];
-      allowedUDPPorts = [ 655 ];
-    };
-    # network interface receives dhcp address
-    nameservers = [ "8.8.8.8" ];
-  };
 }
diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix
index ab0a454c0..41abecf36 100644
--- a/makefu/1systems/latte/source.nix
+++ b/makefu/1systems/latte/source.nix
@@ -1,4 +1,5 @@
 {
   name = "latte";
   torrent = true;
+  home-manager = true;
 }
-- 
cgit v1.3.1


From ee9c23c4bb5737b77df0fed9385e7b30604da0de Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 18 Feb 2022 09:22:59 +0100
Subject: ma latte.r: continue migration of gum services

---
 makefu/1systems/latte/1blu/network.nix |  1 +
 makefu/1systems/latte/config.nix       | 51 ++++++++++++++++++++++------------
 2 files changed, 34 insertions(+), 18 deletions(-)

(limited to 'makefu/1systems/latte')

diff --git a/makefu/1systems/latte/1blu/network.nix b/makefu/1systems/latte/1blu/network.nix
index 065a69013..0a0eac972 100644
--- a/makefu/1systems/latte/1blu/network.nix
+++ b/makefu/1systems/latte/1blu/network.nix
@@ -27,5 +27,6 @@ in
     };
     defaultGateway6 = { address = external-gw6; interface = ext-if; };
     defaultGateway = external-gw;
+    nameservers = [ "1.1.1.1" ];
   };
 }
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index 27df80fbf..fdd3df192 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -10,24 +10,39 @@ let
 in {
 
   imports = [
-    ./1blu
-    <stockholm/makefu>
-    #<stockholm/makefu/2configs/home-manager>
-    # configure your hw:
-    #<stockholm/makefu/2configs/hw/CAC.nix>
-    <stockholm/makefu/2configs/tinc/retiolum.nix>
-    #<stockholm/makefu/2configs/save-diskspace.nix>
-
-    # Security
-    <stockholm/makefu/2configs/sshd-totp.nix>
-    # <stockholm/makefu/2configs/stats/client.nix>
-
-    # Tools
-    <stockholm/makefu/2configs/tools/core.nix>
-    <stockholm/makefu/2configs/zsh-user.nix>
-    # Services
-    <stockholm/makefu/2configs/remote-build/slave.nix>
-    # <stockholm/makefu/2configs/torrent.nix>
+      ./1blu
+      <stockholm/makefu>
+
+      # common
+      <stockholm/makefu/2configs/nur.nix>
+      <stockholm/makefu/2configs/home-manager>
+      <stockholm/makefu/2configs/home-manager/cli.nix>
+
+      # Security
+      <stockholm/makefu/2configs/sshd-totp.nix>
+
+      # Tools
+      <stockholm/makefu/2configs/tools/core.nix>
+      <stockholm/makefu/2configs/zsh-user.nix>
+
+      # NixOS Build
+      <stockholm/makefu/2configs/remote-build/slave.nix>
+
+      # Storage
+      <stockholm/makefu/2configs/share/hetzner-client.nix>
+
+      # Services:
+      <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
+
+      # Supervision
+      <stockholm/makefu/2configs/nix-community/supervision.nix>
+
+      # Krebs
+      <stockholm/makefu/2configs/tinc/retiolum.nix>
+
+      #<stockholm/makefu/2configs/home-manager>
+      # configure your hw:
+      # <stockholm/makefu/2configs/torrent.nix>
 
   ];
   krebs = {
-- 
cgit v1.3.1


From 036289a0a119159901e20c272b97c00412e41676 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 28 Feb 2022 21:31:52 +0100
Subject: ma omo.r: enable more services

---
 makefu/1systems/latte/config.nix     | 18 +++++++--
 makefu/1systems/omo/config.nix       |  7 ++++
 makefu/2configs/torrent.nix          | 73 ------------------------------------
 makefu/2configs/torrent/rtorrent.nix | 73 ++++++++++++++++++++++++++++++++++++
 4 files changed, 95 insertions(+), 76 deletions(-)
 delete mode 100644 makefu/2configs/torrent.nix
 create mode 100644 makefu/2configs/torrent/rtorrent.nix

(limited to 'makefu/1systems/latte')

diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index fdd3df192..5332fadf5 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -29,10 +29,19 @@ in {
       <stockholm/makefu/2configs/remote-build/slave.nix>
 
       # Storage
+      <stockholm/makefu/2configs/share>
       <stockholm/makefu/2configs/share/hetzner-client.nix>
 
       # Services:
       <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
+      # <stockholm/makefu/2configs/torrent.nix>
+      # <stockholm/makefu/2configs/torrent/deluge.nix>
+      <stockholm/makefu/2configs/torrent/rtorrent.nix>
+      <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix>
+
+      # local usage:
+      <stockholm/makefu/2configs/mosh.nix>
+      <stockholm/makefu/2configs/bitlbee.nix>
 
       # Supervision
       <stockholm/makefu/2configs/nix-community/supervision.nix>
@@ -40,9 +49,9 @@ in {
       # Krebs
       <stockholm/makefu/2configs/tinc/retiolum.nix>
 
-      #<stockholm/makefu/2configs/home-manager>
-      # configure your hw:
-      # <stockholm/makefu/2configs/torrent.nix>
+      # backup
+      <stockholm/makefu/2configs/backup/state.nix>
+
 
   ];
   krebs = {
@@ -50,4 +59,7 @@ in {
     build.host = config.krebs.hosts.latte;
   };
 
+  makefu.dl-dir = "/media/cloud/download";
+  networking.firewall.allowedTCPPorts = [ 80 ];
+
 }
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 3a216ea76..42f335264 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -43,14 +43,18 @@ in {
       <stockholm/makefu/2configs/tools/dev.nix>
       <stockholm/makefu/2configs/tools/desktop.nix>
       <stockholm/makefu/2configs/tools/mobility.nix>
+      <stockholm/makefu/2configs/tools/consoles.nix>
       #<stockholm/makefu/2configs/graphite-standalone.nix>
       #<stockholm/makefu/2configs/share-user-sftp.nix>
 
       <stockholm/makefu/2configs/urlwatch>
       # <stockholm/makefu/2configs/legacy_only.nix>
 
+      <stockholm/makefu/2configs/share>
       <stockholm/makefu/2configs/share/omo.nix>
       <stockholm/makefu/2configs/share/gum-client.nix>
+      <stockholm/makefu/2configs/share/hetzner-client.nix>
+      <stockholm/makefu/2configs/sync>
       <stockholm/makefu/2configs/dcpp/airdcpp.nix>
       { krebs.airdcpp.dcpp.shares = let
           d = path: "/media/cryptX/${path}";
@@ -96,6 +100,8 @@ in {
 
       <stockholm/makefu/2configs/home/music.nix>
       <stockholm/makefu/2configs/home/photoprism.nix>
+      <stockholm/makefu/2configs/home/tonie.nix>
+      <stockholm/makefu/2configs/home/ps4srv.nix>
       # <stockholm/makefu/2configs/home/metube.nix>
       <stockholm/makefu/2configs/home/ham>
       <stockholm/makefu/2configs/home/zigbee2mqtt>
@@ -104,6 +110,7 @@ in {
           enable = true;
           servedir = "/media/cryptX/emu/ps3";
         };
+        users.users.makefu.packages = [ pkgs.pkgrename ];
       }
 
 
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
deleted file mode 100644
index 74f1e5fe8..000000000
--- a/makefu/2configs/torrent.nix
+++ /dev/null
@@ -1,73 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
-  basicAuth = import <torrent-secrets/auth.nix>;
-  peer-port = 51412;
-  web-port = 8112;
-  daemon-port = 58846;
-  base-dir = config.krebs.rtorrent.workDir;
-in {
-
-  users.users = {
-    download = {
-      name = "download";
-      home = base-dir;
-      uid = mkDefault (genid "download");
-      createHome = true;
-      useDefaultShell = true;
-      group = "download";
-      openssh.authorizedKeys.keys = [ ];
-    };
-  };
-
-  users.extraGroups = {
-    download = {
-      gid = lib.mkDefault (genid "download");
-      members = [
-        config.krebs.build.user.name
-        "download"
-        "rtorrent"
-        "nginx"
-      ];
-    };
-    rtorrent.members = [ "download" ];
-  };
-
-  krebs.rtorrent = let
-    d = config.makefu.dl-dir;
-  in {
-    enable = true;
-    web = {
-      enable = true;
-      port = web-port;
-      inherit basicAuth;
-    };
-    rutorrent.enable = true;
-    enableXMLRPC = true;
-    listenPort = peer-port;
-    downloadDir = d + "/finished/incoming";
-    watchDir = d + "/watch";
-    # TODO: maybe test out multiple watch dirs with tags: https://github.com/rakshasa/rtorrent/wiki/TORRENT-Watch-directories
-    extraConfig = ''
-      # log.add_output = "debug", "rtorrent-systemd"
-      # log.add_output = "dht_debug", "rtorrent-systemd"
-      # log.add_output = "tracker_debug", "rtorrent-systemd"
-      log.add_output = "rpc_events", "rtorrent-systemd"
-      # log.add_output = "rpc_dump", "rtorrent-systemd"
-      system.daemon.set = true
-    '';
-    # dump old torrents into watch folder to have them re-added
-  };
-
-  services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; };
-
-  networking.firewall.extraCommands = ''
-    iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
-  '';
-
-  networking.firewall.allowedTCPPorts = [ peer-port ];
-  networking.firewall.allowedUDPPorts = [ peer-port ];
-  state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded
-}
diff --git a/makefu/2configs/torrent/rtorrent.nix b/makefu/2configs/torrent/rtorrent.nix
new file mode 100644
index 000000000..74f1e5fe8
--- /dev/null
+++ b/makefu/2configs/torrent/rtorrent.nix
@@ -0,0 +1,73 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+  basicAuth = import <torrent-secrets/auth.nix>;
+  peer-port = 51412;
+  web-port = 8112;
+  daemon-port = 58846;
+  base-dir = config.krebs.rtorrent.workDir;
+in {
+
+  users.users = {
+    download = {
+      name = "download";
+      home = base-dir;
+      uid = mkDefault (genid "download");
+      createHome = true;
+      useDefaultShell = true;
+      group = "download";
+      openssh.authorizedKeys.keys = [ ];
+    };
+  };
+
+  users.extraGroups = {
+    download = {
+      gid = lib.mkDefault (genid "download");
+      members = [
+        config.krebs.build.user.name
+        "download"
+        "rtorrent"
+        "nginx"
+      ];
+    };
+    rtorrent.members = [ "download" ];
+  };
+
+  krebs.rtorrent = let
+    d = config.makefu.dl-dir;
+  in {
+    enable = true;
+    web = {
+      enable = true;
+      port = web-port;
+      inherit basicAuth;
+    };
+    rutorrent.enable = true;
+    enableXMLRPC = true;
+    listenPort = peer-port;
+    downloadDir = d + "/finished/incoming";
+    watchDir = d + "/watch";
+    # TODO: maybe test out multiple watch dirs with tags: https://github.com/rakshasa/rtorrent/wiki/TORRENT-Watch-directories
+    extraConfig = ''
+      # log.add_output = "debug", "rtorrent-systemd"
+      # log.add_output = "dht_debug", "rtorrent-systemd"
+      # log.add_output = "tracker_debug", "rtorrent-systemd"
+      log.add_output = "rpc_events", "rtorrent-systemd"
+      # log.add_output = "rpc_dump", "rtorrent-systemd"
+      system.daemon.set = true
+    '';
+    # dump old torrents into watch folder to have them re-added
+  };
+
+  services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; };
+
+  networking.firewall.extraCommands = ''
+    iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
+  '';
+
+  networking.firewall.allowedTCPPorts = [ peer-port ];
+  networking.firewall.allowedUDPPorts = [ peer-port ];
+  state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded
+}
-- 
cgit v1.3.1


From 859a1c2101e5c0b3b519d359a75f6f3086737843 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 1 Mar 2022 23:19:44 +0100
Subject: ma latte.r: continue migration from gum

---
 makefu/1systems/gum/config.nix   | 32 ++++++++++++++++----------------
 makefu/1systems/latte/config.nix | 14 +++++++++++---
 2 files changed, 27 insertions(+), 19 deletions(-)

(limited to 'makefu/1systems/latte')

diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index a9d9b661f..9ee00c1de 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -23,11 +23,12 @@ in {
       }
       <stockholm/makefu/2configs/nur.nix>
       <stockholm/makefu/2configs/support-nixos.nix>
-      <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
       <stockholm/makefu/2configs/nix-community/supervision.nix>
       <stockholm/makefu/2configs/home-manager>
       <stockholm/makefu/2configs/home-manager/cli.nix>
       # <stockholm/makefu/2configs/stats/client.nix>
+      <stockholm/makefu/2configs/share>
+      <stockholm/makefu/2configs/share/hetzner-client.nix>
       # <stockholm/makefu/2configs/stats/netdata-server.nix>
 
       <stockholm/makefu/2configs/headless.nix>
@@ -56,13 +57,13 @@ in {
       <stockholm/makefu/2configs/tinc/retiolum.nix>
       { # bonus retiolum config for connecting more hosts
         krebs.tinc.retiolum = {
-          extraConfig = lib.mkForce ''
-            ListenAddress = ${external-ip} 53
-            ListenAddress = ${external-ip} 655
-            ListenAddress = ${external-ip} 21031
-            StrictSubnets = yes
-            LocalDiscovery = no
-          '';
+          #extraConfig = lib.mkForce ''
+          #  ListenAddress = ${external-ip} 53
+          #  ListenAddress = ${external-ip} 655
+          #  ListenAddress = ${external-ip} 21031
+          #  StrictSubnets = yes
+          #  LocalDiscovery = no
+          #'';
           connectTo = [
             "prism" "ni" "enklave" "eve" "dishfire"
           ];
@@ -106,7 +107,7 @@ in {
 
       # sharing
       <stockholm/makefu/2configs/share/gum.nix> # samba sahre
-      <stockholm/makefu/2configs/torrent.nix>
+      <stockholm/makefu/2configs/torrent/rtorrent.nix>
       # <stockholm/makefu/2configs/sickbeard>
       <stockholm/makefu/2configs/bitwarden.nix>
 
@@ -114,7 +115,7 @@ in {
       #<stockholm/makefu/2configs/retroshare.nix>
       ## <stockholm/makefu/2configs/ipfs.nix>
       #<stockholm/makefu/2configs/syncthing.nix>
-      <stockholm/makefu/2configs/sync>
+      # <stockholm/makefu/2configs/sync>
       # <stockholm/makefu/2configs/opentracker.nix>
 
 
@@ -125,9 +126,8 @@ in {
       { makefu.backup.server.repo = "/var/backup/borg"; }
       <stockholm/makefu/2configs/backup/server.nix>
       <stockholm/makefu/2configs/backup/state.nix>
-      <stockholm/makefu/2configs/bitlbee.nix>
       <stockholm/makefu/2configs/wireguard/server.nix>
-      <stockholm/makefu/2configs/wireguard/wiregrill.nix>
+      # <stockholm/makefu/2configs/wireguard/wiregrill.nix>
 
       { # recent changes mediawiki bot
         networking.firewall.allowedUDPPorts = [ 5005 5006 ];
@@ -152,11 +152,10 @@ in {
       <stockholm/makefu/2configs/deployment/graphs.nix>
       <stockholm/makefu/2configs/deployment/owncloud.nix>
       <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix>
-      <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix>
       #<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de>
       <stockholm/makefu/2configs/deployment/boot-euer.nix>
       <stockholm/makefu/2configs/deployment/gecloudpad>
-      <stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
+      #<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
       <stockholm/makefu/2configs/deployment/mediengewitter.de.nix>
       <stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix>
       # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
@@ -182,14 +181,15 @@ in {
 
       ## Temporary:
       # <stockholm/makefu/2configs/temp/rst-issue.nix>
-      <stockholm/makefu/2configs/virtualisation/docker.nix>
+      # <stockholm/makefu/2configs/virtualisation/docker.nix>
       #<stockholm/makefu/2configs/virtualisation/libvirt.nix>
 
       # krebs infrastructure services
       # <stockholm/makefu/2configs/stats/server.nix>
     ];
 
-  makefu.dl-dir = "/var/download";
+  # makefu.dl-dir = "/var/download";
+  makefu.dl-dir = "/media/cloud/download";
 
   services.openssh.hostKeys = lib.mkForce [
     { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index 5332fadf5..c493541fb 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -34,10 +34,18 @@ in {
 
       # Services:
       <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
-      # <stockholm/makefu/2configs/torrent.nix>
-      # <stockholm/makefu/2configs/torrent/deluge.nix>
       <stockholm/makefu/2configs/torrent/rtorrent.nix>
+      ## Web
       <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix>
+      <stockholm/makefu/2configs/deployment/owncloud.nix>
+      ### Moving owncloud data dir to /media/cloud/nextcloud-data
+      {
+        users.users.nextcloud.extraGroups = [ "download" ];
+        fileSystems."/var/lib/nextcloud/data" = {
+          device = "/media/cloud/nextcloud-data";
+          options = [ "bind" ];
+        };
+      }
 
       # local usage:
       <stockholm/makefu/2configs/mosh.nix>
@@ -60,6 +68,6 @@ in {
   };
 
   makefu.dl-dir = "/media/cloud/download";
-  networking.firewall.allowedTCPPorts = [ 80 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 
 }
-- 
cgit v1.3.1


From 26e2bc72ab89c9e2d0ca02fed632c982beb73322 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 2 Mar 2022 13:23:44 +0100
Subject: ma latte.r: un-fail nextcloud-setup

---
 makefu/1systems/gum/config.nix   | 2 +-
 makefu/1systems/latte/config.nix | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'makefu/1systems/latte')

diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 9ee00c1de..089fc8e9f 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -150,7 +150,7 @@ in {
 
       # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
       <stockholm/makefu/2configs/deployment/graphs.nix>
-      <stockholm/makefu/2configs/deployment/owncloud.nix>
+      #<stockholm/makefu/2configs/deployment/owncloud.nix>
       <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix>
       #<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de>
       <stockholm/makefu/2configs/deployment/boot-euer.nix>
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index c493541fb..2828aea08 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -41,6 +41,8 @@ in {
       ### Moving owncloud data dir to /media/cloud/nextcloud-data
       {
         users.users.nextcloud.extraGroups = [ "download" ];
+        # nextcloud-setup fails as it cannot set permissions for nextcloud
+        systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1";
         fileSystems."/var/lib/nextcloud/data" = {
           device = "/media/cloud/nextcloud-data";
           options = [ "bind" ];
-- 
cgit v1.3.1