From 4f55e3862c942d8d05591873f587cc767aef3a0d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:42:13 +0200
Subject: ma 1 darth: add virtualization

---
 makefu/1systems/darth.nix | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix
index ad3ac4f22..2f2358ddc 100644
--- a/makefu/1systems/darth.nix
+++ b/makefu/1systems/darth.nix
@@ -10,15 +10,27 @@ let
   allDisks = [ rootDisk auxDisk ];
 in {
   imports = [
-        ../.
-        ../2configs/fs/single-partition-ext4.nix
-        ../2configs/zsh-user.nix
-        ../2configs/smart-monitor.nix
+      ../.
+      ../2configs/fs/single-partition-ext4.nix
+      ../2configs/zsh-user.nix
+      ../2configs/smart-monitor.nix
+      ../2configs/exim-retiolum.nix
+      ../2configs/virtualization.nix
   ];
 
+  networking.firewall.allowedUDPPorts = [ 80 655 67 ];
+  networking.firewall.allowedTCPPorts = [ 80 655 ];
+  networking.firewall.checkReversePath = false;
+  #networking.firewall.enable = false;
   # virtualisation.nova.enableSingleNode = true;
   krebs.retiolum.enable = true;
 
+  boot.kernelModules = [ "coretemp" "f71882fg" ];
+
+  hardware.enableAllFirmware = true;
+  nixpkgs.config.allowUnfree = true;
+  networking.wireless.enable = true;
+
   # TODO smartd omo darth gum all-in-one
   services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
   zramSwap.enable = true;
-- 
cgit v1.3.1


From bc72bad6e22eeae9fa138be1583e742eec1e162f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:43:31 +0200
Subject: ma 1 vbob: remove obsolete source

---
 makefu/1systems/vbob.nix | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 748b08ef1..5e2382f37 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -15,11 +15,6 @@
     ];
   nixpkgs.config.allowUnfree = true;
 
-  krebs.build.source.upstream-nixpkgs = {
-    url = https://github.com/makefu/nixpkgs;
-    # HTTP Everywhere + libredir
-    rev = "8239ac6";
-  };
   fileSystems."/nix" = {
     device ="/dev/disk/by-label/nixstore";
     fsType = "ext4";
-- 
cgit v1.3.1


From ac7cece1d27422ce6b17540618cacc90ac4bfdb0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:52:16 +0200
Subject: ma 1 omo: cleanup

---
 makefu/1systems/omo.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index f0f1d3088..fbd06a9c7 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -44,16 +44,21 @@ in {
       ../2configs/smart-monitor.nix
       ../2configs/mail-client.nix
       ../2configs/share-user-sftp.nix
+      ../2configs/graphite-standalone.nix
       ../2configs/omo-share.nix
     ];
+
   krebs.retiolum.enable = true;
   networking.firewall.trustedInterfaces = [ "enp3s0" ];
   # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
   # tcp:80          - nginx for sharing files
   # tcp:655 udp:655 - tinc
-  # tcp:8080        - sabnzbd
+  # tcp:8111        - graphite
+  # tcp:9090        - sabnzbd
+  # tcp:9200        - elasticsearch
+  # tcp:5601        - kibana
   networking.firewall.allowedUDPPorts = [ 655 ];
-  networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
+  networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
 
   # services.openssh.allowSFTP = false;
 
-- 
cgit v1.3.1


From 6f4bc4b34c3cbac56f6a23740dca566980823990 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 10 Apr 2016 23:24:15 +0200
Subject: makefu: init taskserver, keep an eye on
 https://github.com/NixOS/nixpkgs/pull/14476

---
 makefu/1systems/gum.nix        |  4 +++
 makefu/3modules/default.nix    |  1 +
 makefu/3modules/taskserver.nix | 60 ++++++++++++++++++++++++++++++++++++++++++
 makefu/5pkgs/default.nix       |  2 +-
 4 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 makefu/3modules/taskserver.nix

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 710421659..96a5f4854 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -41,6 +41,8 @@ in {
     ];
   };
 
+  makefu.taskserver.enable = true;
+
   krebs.nginx.servers.cgit = {
     server-names = [ "cgit.euer.krebsco.de" ];
     listen = [ "${external-ip}:80" "${internal-ip}:80" ];
@@ -86,6 +88,8 @@ in {
           21032
           # tinc-retiolum
           21031
+          # taskserver
+          53589
         ];
         allowedUDPPorts = [
           # tinc
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index f007a8418..0a10b1532 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -4,6 +4,7 @@ _:
   imports = [
     ./snapraid.nix
     ./umts.nix
+    ./taskserver.nix
   ];
 }
 
diff --git a/makefu/3modules/taskserver.nix b/makefu/3modules/taskserver.nix
new file mode 100644
index 000000000..41247fff3
--- /dev/null
+++ b/makefu/3modules/taskserver.nix
@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+  cfg = config.makefu.taskserver;
+
+  out = {
+    options.makefu.taskserver = api;
+    config = lib.mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "taskserver";
+
+    workingDir = mkOption {
+      type = types.str;
+      default = "/var/lib/taskserver";
+    };
+
+    package = mkOption {
+      type = types.package;
+      default = pkgs.taskserver;
+    };
+
+
+  };
+
+  imp = {
+    environment.systemPackages = [ cfg.package ];
+    systemd.services.taskserver = {
+      description = "taskd server";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      restartIfChanged = true;
+      unitConfig = {
+        Documentation = "http://taskwarrior.org/docs/#taskd" ;
+        # https://taskwarrior.org/docs/taskserver/configure.html
+        ConditionPathExists = "${cfg.workingDir}/config";
+      };
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}";
+        WorkingDirectory = cfg.workingDir;
+        PrivateTmp = true;
+        InaccessibleDirectories = "/home /boot /opt /mnt /media";
+        User = "taskd";
+      };
+    };
+
+    users.users.taskd = {
+      uid = genid "taskd";
+      home = cfg.workingDir;
+      createHome = true;
+    };
+    users.groups.taskd.gid = genid "taskd";
+  };
+
+in
+out
+
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index c64ee036e..fff92725e 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -9,8 +9,8 @@ in
     alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
     alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
     awesomecfg = callPackage ./awesomecfg {};
-    nodemcu-uploader = callPackage ./nodemcu-uploader {};
     mycube-flask = callPackage ./mycube-flask {};
+    nodemcu-uploader = callPackage ./nodemcu-uploader {};
     tw-upload-plugin = callPackage ./tw-upload-plugin {};
     taskserver = callPackage ./taskserver {};
   };
-- 
cgit v1.3.1

[cgit] Unable to lock slot /tmp/cgit/42000000.lock: No such file or directory (2)