diff options
| author | nin <nineinchnade@gmail.com> | 2017-12-14 21:13:46 +0100 |
|---|---|---|
| committer | nin <nineinchnade@gmail.com> | 2017-12-14 21:13:46 +0100 |
| commit | 37771ad34e18e0657636c8d0eb5b7392e3b89ba6 (patch) | |
| tree | 8abda683b425494d2a273fc42d7573499b97a657 | |
| parent | 7ed6fd18bb99884889a76ad9f597193861f44dc9 (diff) | |
| parent | 04f7ae22d6d0720d06f78c712eb9cd245cefce82 (diff) | |
Merge remote-tracking branch 'prism/master'
129 files changed, 2812 insertions, 1959 deletions
diff --git a/jeschli/1systems/reagenzglas/.source.nix.swp b/jeschli/1systems/reagenzglas/.source.nix.swp Binary files differnew file mode 100644 index 000000000..8c1a75f39 --- /dev/null +++ b/jeschli/1systems/reagenzglas/.source.nix.swp diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix new file mode 100644 index 000000000..d65e897ae --- /dev/null +++ b/jeschli/1systems/reagenzglas/config.nix @@ -0,0 +1,146 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + <stockholm/jeschli> + ./hardware-configuration.nix + ]; + + # Use the GRUB 2 boot loader. + # boot.loader.grub.enable = true; + # boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + # Define on which hard drive you want to install Grub. +# boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538844584d30"; # or "nodev" for efi only + + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/disk/by-id/wwn-0x5002538844584d30-part2"; + preLVM = true; + allowDiscards = true; + } + ]; + networking.hostName = "reaganzglas"; # Define your hostname. +# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + nixpkgs.config.allowUnfree = true; + environment.shellAliases = { n = "nix-shell"; }; + environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; + environment.systemPackages = with pkgs; [ + # system helper + ag + curl + copyq + dmenu + git + i3lock + keepass + networkmanagerapplet + rsync + terminator + tmux + wget + rxvt_unicode + # editors + emacs + # internet + thunderbird + chromium + google-chrome + # programming languages + go + gcc + ghc + python35 + python35Packages.pip + # go tools + golint + gotools + # dev tools + gnumake + # document viewer + zathura + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01 markus@reaganzglas" + ]; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + services.xserver.layout = "us"; + services.xserver.xkbOptions = "eurosign:e"; + + # Enable touchpad support. + services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + services.xserver.displayManager.sddm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.xmonad.enableContribAndExtras = true; + + # services.xserver.desktopManager.plasma5.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.jeschli = { + isNormalUser = true; + uid = 1000; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "18.03"; # Did you read the comment? + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + export GOPATH=$HOME/go + export PATH=$PATH:$GOPATH/bin + ''; + }; + + krebs.build.host = config.krebs.hosts.reagenzglas; + + hardware.bluetooth.enable = true; +} diff --git a/jeschli/1systems/reagenzglas/hardware-configuration.nix b/jeschli/1systems/reagenzglas/hardware-configuration.nix new file mode 100644 index 000000000..a6ab3f16e --- /dev/null +++ b/jeschli/1systems/reagenzglas/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/09130cf7-b71b-42ab-9fa3-cb3c745f1fc9"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/8bee50b3-5733-4373-a966-388def141774"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/DA40-AC19"; + fsType = "vfat"; + }; + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 8; +# powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/jeschli/1systems/reagenzglas/source.nix b/jeschli/1systems/reagenzglas/source.nix new file mode 100644 index 000000000..7543de6b9 --- /dev/null +++ b/jeschli/1systems/reagenzglas/source.nix @@ -0,0 +1,4 @@ +import <stockholm/jeschli/source.nix> { + name = "reagenzglas"; + secure = true; +} diff --git a/jeschli/2configs/copy-vim.nix b/jeschli/2configs/copy-vim.nix new file mode 100644 index 000000000..43fcb1956 --- /dev/null +++ b/jeschli/2configs/copy-vim.nix @@ -0,0 +1,102 @@ +{ config, pkgs, ... }: + + +# let +# customPlugins.ultisnips = pkgs.vimUtils.buildVimPlugin { +# name = "ultisnips"; +# src = pkgs.fetchFromGitHub { +# owner = "SirVer"; +# repo = "ultisnips"; +# rev = "3.1"; +# sha256 = "0p9d91h9pm0nx0d77lqsgv6158q052cyj4nm1rd6zvbay9bkkf8b"; +# }; +# }; +# +let + customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { + name = "vim-javascript"; + src = pkgs.fetchFromGitHub { + owner = "pangloss"; + repo = "vim-javascript"; + rev = "1.2.5.1"; + sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7"; + }; + }; + customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { + name = "vim-jsx"; + src = pkgs.fetchFromGitHub { + owner = "mxw"; + repo = "vim-jsx"; + rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + }; + }; +in { +# { + environment.systemPackages = [ + (pkgs.vim_configurable.customize { + name = "vim"; + + vimrcConfig.customRC = '' + :imap jk <Esc> + :vmap v v + :map gr :GoRun<Enter> + :nnoremap <S-TAB> :bnext<CR> + :nnoremap <C-TAB> <c-w><c-w> + set autowrite + set number + set ruler + + noremap x "_x + set clipboard=unnamedplus + + let g:jsx_ext_required = 0 + + let g:go_list_type = "quickfix" + let g:go_test_timeout = '10s' + let g:go_fmt_command = "goimports" + let g:go_snippet_case_type = "camelcase" + let g:go_highlight_types = 1 + let g:go_highlight_fields = 1 + let g:go_highlight_functions = 1 + let g:go_highlight_methods = 1 + let g:go_highlight_extra_types = 1 + autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 + let g:rehash256 = 1 + let g:molokai_original = 1 + colorscheme molokai + let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] + let g:go_metalinter_autosave = 1 + " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] + " let g:go_def_mode = 'godef' + " let g:go_decls_includes = "func,type" + + + " Trigger configuration. Do not use <tab> if you use https://github.com/Valloric/YouCompleteMe. + let g:UltiSnipsExpandTrigger="<c-e>" + let g:UltiSnipsJumpForwardTrigger="<c-t>" + let g:UltiSnipsJumpBackwardTrigger="<c-q>" + + " If you want :UltiSnipsEdit to split your window. + let g:UltiSnipsEditSplit="vertical" + + if has('persistent_undo') "check if your vim version supports it + set undofile "turn on the feature + set undodir=$HOME/.vim/undo "directory where the undo files will be stored + endif + ''; + + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" "molokai" ]; } # wanted: fatih/molokai + # vim-nix handles indentation better but does not perform sanity + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode + { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } + { names = [ "vim-jsx" ]; ft_regex = "^js\$"; } + { names = [ "UltiSnips" ]; ft_regex = "^go\$"; } + ]; + + }) + ]; +} diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix new file mode 100644 index 000000000..7fb240951 --- /dev/null +++ b/jeschli/2configs/default.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + imports = [ + ./vim.nix + ./retiolum.nix + { + environment.variables = { + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; + }; + } + ]; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + #stockholm + git + gnumake + jq + parallel + proot + populate + + #style + most + rxvt_unicode.terminfo + + #monitoring tools + htop + iotop + + #network + iptables + iftop + + #stuff for dl + aria2 + + #neat utils + file + kpaste + krebspaste + mosh + pciutils + psmisc + # q + # rs + tmux + untilport + usbutils + # logify + goify + + #unpack stuff + p7zip + unzip + unrar + + (pkgs.writeDashBin "sshn" '' + ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" + '') + ]; + + krebs.enable = true; +} diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix new file mode 100644 index 000000000..403300b30 --- /dev/null +++ b/jeschli/2configs/retiolum.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + + krebs.tinc.retiolum = { + enable = true; + connectTo = [ + "prism" + "gum" + "ni" + "dishfire" + ]; + }; + + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + }; + + environment.systemPackages = [ + pkgs.tinc + ]; +} diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix new file mode 100644 index 000000000..f6c736fbc --- /dev/null +++ b/jeschli/2configs/vim.nix @@ -0,0 +1,373 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + out = { + environment.systemPackages = [ + (hiPrio vim) + pkgs.python35Packages.flake8 + ]; + + environment.etc.vimrc.source = vimrc; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; + }; + + vimrc = pkgs.writeText "vimrc" '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set mouse=a + set ruler + set pastetoggle=<INS> + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set title + set titleold= + set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile *.hs so ${hs.vim} + + au BufRead,BufNewFile *.nix so ${nix.vim} + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + let g:syntastic_python_flake8_post_args='--ignore=E501' + + nmap <esc>q :buffer + nmap <M-q> :buffer + + cnoremap <C-A> <Home> + + noremap <C-c> :q<cr> + vnoremap < <gv + vnoremap > >gv + + nnoremap <esc>[5^ :tabp<cr> + nnoremap <esc>[6^ :tabn<cr> + nnoremap <esc>[5@ :tabm -1<cr> + nnoremap <esc>[6@ :tabm +1<cr> + + nnoremap <f1> :tabp<cr> + nnoremap <f2> :tabn<cr> + inoremap <f1> <esc>:tabp<cr> + inoremap <f2> <esc>:tabn<cr> + + " <C-{Up,Down,Right,Left> + noremap <esc>Oa <nop> | noremap! <esc>Oa <nop> + noremap <esc>Ob <nop> | noremap! <esc>Ob <nop> + noremap <esc>Oc <nop> | noremap! <esc>Oc <nop> + noremap <esc>Od <nop> | noremap! <esc>Od <nop> + " <[C]S-{Up,Down,Right,Left> + noremap <esc>[a <nop> | noremap! <esc>[a <nop> + noremap <esc>[b <nop> | noremap! <esc>[b <nop> + noremap <esc>[c <nop> | noremap! <esc>[c <nop> + noremap <esc>[d <nop> | noremap! <esc>[d <nop> + + " search with ack + let g:ackprg = 'ag --vimgrep' + cnoreabbrev Ack Ack! + + " copy/paste from/to xclipboard + noremap x "_x + set clipboard=unnamedplus + ''; + + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.ack-vim + pkgs.vimPlugins.Gundo + pkgs.vimPlugins.Syntastic + pkgs.vimPlugins.undotree + pkgs.vimPlugins.vim-go + (pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchFromGitHub { + owner = "bogado"; + repo = "file-line"; + rev = "1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; + }) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${toJSON name} + + hi Normal ctermbg=235 + hi Comment ctermfg=242 + hi Constant ctermfg=062 + hi Identifier ctermfg=068 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=041 + hi Delimiter ctermfg=251 + hi Special ctermfg=062 + + hi Garbage ctermbg=088 + hi TabStop ctermbg=016 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=148 + hi NixData ctermfg=149 + hi NixQuote ctermfg=150 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "vim"; + in { + name = "vim-syntax-${name}-1.0.0"; + destination = "/syntax/${name}.vim"; + text = /* vim */ '' + ${concatMapStringsSep "\n" (s: /* vim */ '' + syn keyword vimColor${s} ${s} + \ containedin=ALLBUT,vimComment,vimLineComment + hi vimColor${s} ctermfg=${s} + '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "showsyntax"; + in { + name = "vim-plugin-${name}-1.0.0"; + destination = "/plugin/${name}.vim"; + text = /* vim */ '' + if exists('g:loaded_showsyntax') + finish + endif + let g:loaded_showsyntax = 0 + + fu! ShowSyntax() + let id = synID(line("."), col("."), 1) + let name = synIDattr(id, "name") + let transName = synIDattr(synIDtrans(id),"name") + if name != transName + let name .= " (" . transName . ")" + endif + echo "Syntax: " . name + endfu + + command! -n=0 -bar ShowSyntax :call ShowSyntax() + ''; + }))) + ]; + + dirs = { + backupdir = "$HOME/.cache/vim/backup"; + swapdir = "$HOME/.cache/vim/swap"; + undodir = "$HOME/.cache/vim/undo"; + }; + files = { + viminfo = "$HOME/.cache/vim/info"; + }; + + mkdirs = let + dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); + in assert out != ""; out; + alldirs = attrValues dirs ++ map dirOf (attrValues files); + in unique (sort lessThan alldirs); + + vim = pkgs.symlinkJoin { + name = "vim"; + paths = [ + (pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + exec ${pkgs.vim}/bin/vim "$@" + '') + pkgs.vim + ]; + }; + + hs.vim = pkgs.writeText "hs.vim" '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + + nix.vim = pkgs.writeText "nix.vim" '' + setf nix + + " Ref <nix/src/libexpr/lexer.l> + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[():/;=.,?\[\]]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + startAlts = filter isString [ + ''/\* ${lang} \*/'' + extraStart + ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + unlet b:current_syntax + + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') { + c = {}; + cabal = {}; + haskell = {}; + sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; + vim.extraStart = + ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; + })} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + ''; +in +out diff --git a/jeschli/default.nix b/jeschli/default.nix new file mode 100644 index 000000000..7886fef49 --- /dev/null +++ b/jeschli/default.nix @@ -0,0 +1,9 @@ +_: +{ + imports = [ + ../krebs + ./2configs +# ./3modules +# ./5pkgs + ]; +} diff --git a/jeschli/source.nix b/jeschli/source.nix new file mode 100644 index 000000000..d5e14a8dc --- /dev/null +++ b/jeschli/source.nix @@ -0,0 +1,22 @@ +with import <stockholm/lib>; +host@{ name, secure ? false, override ? {} }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "jeschli"; + _file = <stockholm> + "/jeschli/1systems/${name}/source.nix"; +in + evalSource (toString _file) [ + { + nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; + nixpkgs.git = { + url = https://github.com/nixos/nixpkgs; + ref = "f9390d6"; + }; + secrets.file = getAttr builder { + buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>; + jeschli = "/home/jeschli/secrets/${name}"; + }; + stockholm.file = toString <stockholm>; + } + override + ] diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 4fdb53ae7..73b5377bd 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -13,7 +13,6 @@ <stockholm/krebs/2configs/gitlab-runner-shackspace.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/reaktor-krebs.nix> <stockholm/krebs/2configs/reaktor-retiolum.nix> ]; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 21ae20ea0..0b21c0b6c 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -26,9 +26,13 @@ in <stockholm/krebs/2configs/shack/share.nix> { systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate - #systemd.services.telegraf.environment = { - # "MIBDIRS" : ""; # extra mibs like ADSL - #}; + systemd.services.telegraf.environment = { + MIBDIRS = pkgs.fetchgit { + url = "http://git.shackspace.de/makefu/modem-mibs.git"; + sha256 = + "1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k"; + }; # extra mibs like ADSL + }; services.telegraf = { enable = true; extraConfig = { diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 38f58952e..b534f9ad4 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -7,6 +7,9 @@ services.charybdis = { enable = true; + motd = '' + hello + ''; config = '' serverinfo { name = "${config.krebs.build.host.name}.irc.retiolum"; diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 6f015d66b..c0b218c15 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -83,6 +83,7 @@ let rsync utillinux ]; + restartIfChanged = false; serviceConfig = rec { ExecStart = start plan; SyslogIdentifier = ExecStart.name; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index adbc1ebe1..b56f5c543 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -104,7 +104,7 @@ in "dummy_secrets": "true", }, command=[ - "nix-shell", "--run", " ".join(["test", + "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test", "--user={}".format(user), "--system={}".format(host), "--force-populate", diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index c89f3229d..caeef2885 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -44,6 +44,7 @@ let ./tinc_graphs.nix ./urlwatch.nix ./repo-sync.nix + ./zones.nix ]; options.krebs = api; config = lib.mkIf cfg.enable imp; @@ -60,6 +61,7 @@ let hosts = mkOption { type = with types; attrsOf host; + default = {}; }; users = mkOption { @@ -171,17 +173,6 @@ let ''; }; - # Implements environment.etc."zones/<zone-name>" - environment.etc = let - stripEmptyLines = s: (concatStringsSep "\n" - (remove "\n" (remove "" (splitString "\n" s)))) + "\n"; - all-zones = foldAttrs (sum: current: sum + "\n" +current ) "" - ([cfg.zone-head-config] ++ combined-hosts); - combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts ); - in lib.mapAttrs' (name: value: nameValuePair - ("zones/" + name) - { text=(stripEmptyLines value); }) all-zones; - krebs.exim-smarthost.internet-aliases = let format = from: to: { inherit from; @@ -234,21 +225,26 @@ let }; }) // - # GitHub's IPv4 address range is 192.30.252.0/22 - # Refs https://help.github.com/articles/github-s-ip-addresses/ - # 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses) - # Because line length is limited by OPENSSH_LINE_MAX (= 8192), - # we split each /24 into its own entry. - listToAttrs (map - (c: { - name = "github${toString c}"; - value = { - hostNames = ["github.com"] ++ - map (d: "192.30.${toString c}.${toString d}") (range 0 255); - publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; - }; - }) - (range 252 255)) + { + github = { + hostNames = [ + "github.com" + # List generated with + # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob + "192.30.253.*" + "192.30.254.*" + "192.30.255.*" + "185.199.108.*" + "185.199.109.*" + "185.199.110.*" + "185.199.111.*" + "18.195.85.27" + "18.194.104.89" + "35.159.8.160" + ]; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; + }; + } // mapAttrs (name: host: { diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 0044f5b32..cfcbbc438 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -42,6 +42,10 @@ in { exim_group = ${cfg.group.name} exim_path = /run/wrappers/bin/exim spool_directory = ${cfg.user.home} + + # https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html + chunking_advertise_hosts = + ${cfg.config} ''; systemPackages = [ pkgs.exim ]; diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 8d4933cb5..f67188122 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -27,7 +27,7 @@ let }; display = mkOption { type = types.str; - default = ":0"; + default = ":${toString config.services.xserver.display}"; }; unitConfig = mkOption { type = types.attrsOf types.str; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3e03e71cb..ecf549df9 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -132,38 +132,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; }; - archprism = rec { - cores = 4; - nets = rec { - retiolum = { - via = internet; - ip4.addr = "10.243.0.104"; - ip6.addr = "42::fa17"; - aliases = [ - "archprism.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl - kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl - JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I - AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5 - jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j - anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - internet = { - ip4.addr = "213.239.205.240"; - aliases = [ - "archprism.i" - ]; - ssh.port = 45621; - }; - }; - ssh.privkey.path = <secrets/ssh.id_rsa>; - ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; - }; domsen-nas = { ci = false; external = true; @@ -374,6 +342,47 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpx9jJnn4QMGO8BOrGOLRN1rgpIkR14sQb8S+otWEL"; }; + littleT = { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.133.77"; + ip6.addr = "42:0:0:0:0:0:717:7137"; + aliases = [ + "littleT.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF + /m2ZWpKDZyKx17GXQwm8n0NgyvcemvoCVGqSHIsbxvLB6aBF6ZLkeKyx1mZioEDY + 1MWR+yr42dFn+6uVTxJhLPmOxgX0D3pWe31UycoAMSWf4eAhmFIEFUvQCAW43arO + ni1TFSsaHOCxOaLVd/r7tSO0aT72WbOat84zWccwBZXvpqt/V6/o1MGB28JwZ92G + sBMjsCsoiciSg9aAzMCdjOYdM+RSwHEHI9xMineJgZFAbQqwTvK9axyvleJvgaWR + M9906r/17tlqJ/hZ0IwA6X+OT4w/JNGruy/5phxHvZmDgvXmYD9hf2a6JmjOMPp/ + Zn6zYCDYgSYugwJ7GI39GG7f+3Xpmre87O6g6WSaMWCfdOaAeYnj+glP5+YvTLpT + +cdN9HweV27wShRozJAqTGZbD0Nfs+EXd0J/q6kP43lwv6wyZdmXCShPF2NzBlEY + xdtWKhRYKC1cs0Z2nK+XGEyznNzp1f8NC5qvTguj4kDMhoOd6WXwk460HF49Tf/c + aGQTGzgEVMAI7phTJubEmxdBooedvPFamS5wpHTmOt9dZ3qbpCgThaMblVvUu/lm + 7pkPgc60Y2RAk/Rvyy5A8AaxBXPRBNwVkM5TY/5TW+S1zY09600ZCC2GE27qGT9v + k4GHabO42n3wTHk+APodzKDBbEazhOp5Oclg4nNKqgg+IrmheB91oEqBXlfyDj8B + idVoUvbH9WPwBqdh7hoqzrHDur5wCFBphrkjEe98o5iFFFi2C8W04H7iqe+nFqvJ + y/vzKk5kbfpjov71EEje+hNUCLTWF7sjgT4Z2z8LuqjpIq+d2i5dASfTqj4VBs6D + SeiHyyAfCHG/03I9E5eizCCd98Tr30yhu3IKsdFFXsVwxHVFenq2Y1ca7uypCk+i + mDC5q5WQFEK/8SSO25i1teWBawfNVVVI/A1b676VJyafS9ebJs8TmXYRbE6rcBzH + PssdHNwbtEwhbGdQhgQ2pqQg1SIZM3zvjcpgzL9QP29tulubJ05keaw/4p/Yg/mB + ivF8EAIefXYYVxYkRQsHox7UQpSCzjOtj7gvc0KdJxshSLuryM0LxP+gk+x6JPX5 + Ht8x+oE7iL0cqBsIenc/e0XdTZ+4zrBY5hWbGH8a8VJqEYs54WRJhzQf1jzNaCbS + 8328MpRF5lXujv61aveg0i4pvczznlSV7wXmmwNAdhvSUTh34tCpRqabpCJdlRBt + NvVuij6guPKt4XV1TxXNsPCfib1vYjvwX8gUE4UhL69VmM8OBaC3XdroMfNvz9YW + 5ObxDGIEiP53Jp8hiWId0AI/XF5Ct3Gh2wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; + }; iso = { ci = false; cores = 1; @@ -440,8 +449,6 @@ with import <stockholm/lib>; retiolum = rec { via = internet; addrs = [ - # edinburgh university - "129.215.0.0/16" ip4.addr ip6.addr ]; @@ -463,6 +470,10 @@ with import <stockholm/lib>; lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== -----END RSA PUBLIC KEY----- ''; + tinc.subnets = [ + # edinburgh university + "129.215.0.0/16" + ]; }; }; }; @@ -524,6 +535,86 @@ with import <stockholm/lib>; }; }; }; + reagenzglas = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.27.27"; + ip6.addr = "42::27"; + aliases = [ + "reagenzglas.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P + bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0 + utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO + 2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5 + hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u + mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW + 8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06 + aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw + pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu + 3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/ + lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5 + +IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz + 9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli + PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0 + ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn + GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE + hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2 + ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX + vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe + G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44 + 5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x + Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + xerxes = { + cores = 2; + nets = rec { + retiolum = { + ip4.addr = "10.243.1.3"; + ip6.addr = "42::1:3"; + aliases = [ + "xerxes.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U + MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk + gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W + /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb + mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO + X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj + +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim + hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9 + 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4 + H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5 + JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4 + hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe + SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo + 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe + vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3 + Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO + scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv + jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ + Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u + /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0 + bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ + sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; + }; }; users = { lass = { @@ -552,13 +643,13 @@ with import <stockholm/lib>; mail = "lass@icarus.r"; pubkey = builtins.readFile ./ssh/icarus.rsa; }; + lass-xerxes = { + mail = "lass@xerxes.r"; + pubkey = builtins.readFile ./ssh/xerxes.rsa; + }; fritz = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; }; - archprism-repo-sync = { - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C"; - mail = "lass@prism.r"; - }; prism-repo-sync = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe"; mail = "lass@prism.r"; @@ -576,5 +667,8 @@ with import <stockholm/lib>; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; mail = "joerg@higgsboson.tk"; }; + jeschli = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01"; + }; }; } diff --git a/krebs/3modules/lass/ssh/xerxes.rsa b/krebs/3modules/lass/ssh/xerxes.rsa new file mode 100644 index 000000000..2b5da7b25 --- /dev/null +++ b/krebs/3modules/lass/ssh/xerxes.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGjBN0aFs6GxNwMjCvlddbN6+vb6LZuWiWWe+wbAynaGuGbae0TXCLp0/eMNy7fH8poDjpdW9M4mKbBFKOqyG8WJLCPFoQw761tjKl1hccJn0hFSkQAEGKxtfzHlAl/Mz+59yvqNg7/WNSivv41hE7btYltzRy238VQDYFv2eLM7acyxrgGo7tWOtkbpfELj5cM8Qw1j3TF9bGV5pK6IOEtaHbmalS8Iiz77syAu+6E/y6zKBTtGMHI15l6RNJ/Y7A1LM/WwuNL+9dJMYWJFVHy3/4dpaxiioHREiSawUbz9wNHknCrT6vaPCIVVcujhz9Oee1C5UiYUyyfJrFYdlzaTg7FuLNIt2hKMY6NYx1D8/Pwpq1JOsaEfK/K5ytCgaJb115mRevcaUA5s7KYNWHmmZvy08JzCgSM6ZPRtfkQIcha77wVq6DugJ+KgBz+oADQRKiaMrumOMldd0B3q4Oxb71gDTE1XLAbWJnd/0Up1H5GAtZZUUrMUslZiU/23R6SOkyEMLWQTx/KgkWcz8DZLtib5o03uZpfJDVqp2CR+sjmy4x9aa+lSaOzuZP0KRyg+mOKl0o3zL7TNAzrzSCORVBg7nOh+0SPJkDxVRkc6dVY1L3ZOfdm2P/19fhWEr5ECgVrmYYKnDPwWY1iWJlZsiEc3Mj7KB1m44ov0FJg2hiNnydImqcXTCoszp515MBmeHnpqJsqEZuWS8dAnaEiOwZaSKIO1E7lQ7CoP86+eD4yAwLq6fb2tgjHT69LgDMaIha4hMfrO2o4UDVw9OZMfnPtyatI4pxplaQDoQM1p0dej0rZ7uxL1tfoKAyT0UCdtjhxfnNs0x1gOQbML4eGbqyKuyF82eOQRgKRDqH/tParoE4SRBVi7o3s0kILRmXA3ng3n1uhEiGwPTH8JsQ9huM+XOhH8+CzQeg4yb/jCrhsDzvLaW654+ouq9G+kjwqmO4vLNs5eZxfae84rppbS2MJqK1x8rkJixvKBKEfvYJOuDNV+hXyMbToaq8qtGy7cCSq4+UDio3DsSHY0Tpt9e+yEzoOOqFQLQyq6uHv/+u9MY+VADoa4N64U3S2SXul9tE3g6hOAY0F5BYMbxQSuj59kzwghlAmbsyWN2FCmWdsfCQkkZX7wCTj20DtZB/GdVSGNgHGAoU5JZrXKca3A2Yc9hzbYjyNYr0NmQ9NUbkbaOkcYJRIUXtS2OBOHP+FoUkkqL3ieKXR07l5xJbWLzbyVUxN9Zii4Baj5xnDO/RLZPDvTUxbER/0d1orMZztL2EKmfSn4j4uhWqpi04Rg9sWH+WVLAq22EKhAuqcFEOUimjcyZWYKxcAq5Z51NJNBQB7euz55eCJUZkBUYEpNuYr0UDlmBxKB2r6ZWDeNXT7eLxBdwDHCHSqXV7qOG1vMhHtjbbxmQMnkQ4InhO9TdpaN3tj67nGmc6hhgYO4b7NvyL1/pvDPrHrR/3GzkDkwqvt3uESdVdqAJSCk6gFh9V1aGs= lass@xerxes diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 401cba97a..9f1842b88 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -5,7 +5,7 @@ with import <stockholm/lib>; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { cake = rec { - cores = 1; + cores = 4; ci = false; nets = { retiolum = { @@ -107,7 +107,7 @@ with import <stockholm/lib>; ci = true; cores = 1; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; + # ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; nets = { internet = { ip4.addr = "185.215.224.160"; @@ -500,7 +500,7 @@ with import <stockholm/lib>; }; retiolum = { ip4.addr = "10.243.214.15"; - ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; + # ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; aliases = [ "wbob.r" ]; @@ -540,13 +540,14 @@ with import <stockholm/lib>; wiki.euer IN A ${nets.internet.ip4.addr} graph IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr} + dockerhub IN A ${nets.internet.ip4.addr} io IN NS gum.krebsco.de. ''; }; nets = rec { internet = { - ip4.addr = "188.68.40.19"; - ip6.addr = "2a03:4000:17:2df::1"; + ip4.addr = "185.194.143.140"; + ip6.addr = "2a03:4000:1c:43f::1"; aliases = [ "gum.i" ]; diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix index 1b8d092bb..a7a07a8e6 100644 --- a/krebs/3modules/per-user.nix +++ b/krebs/3modules/per-user.nix @@ -1,38 +1,34 @@ -{ config, lib, pkgs, ... }: - with import <stockholm/lib>; - -let +{ config, pkgs, ... }: let cfg = config.krebs.per-user; - - out = { - options.krebs.per-user = api; - config = imp; - }; - - api = mkOption { - type = with types; attrsOf (submodule { +in { + options.krebs.per-user = mkOption { + type = types.attrsOf (types.submodule { options = { packages = mkOption { - type = listOf path; + type = types.listOf types.path; default = []; }; }; }); default = {}; }; - - imp = { + config = { environment = { - etc = flip mapAttrs' cfg (name: { packages, ... }: { - name = "per-user/${name}"; - value.source = pkgs.symlinkJoin { - name = "per-user.${name}"; - paths = packages; - }; - }); + etc = + mapAttrs' + (name: per-user: { + name = "per-user/${name}"; + value.source = pkgs.buildEnv { + name = "per-user.${name}"; + paths = per-user.packages; + pathsToLink = [ + "/bin" + ]; + }; + }) + (filterAttrs (_: per-user: per-user.packages != []) cfg); profiles = ["/etc/per-user/$LOGNAME"]; }; }; - -in out +} diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 0211b31ba..b2e3aa7c5 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -173,6 +173,7 @@ let REPONAME = "${name}.git"; }; + restartIfChanged = false; serviceConfig = { Type = "simple"; PermissionsStartOnly = true; diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index 472accef9..b7ef824b5 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -38,12 +38,12 @@ let ${optionalString (cfg.enableXMLRPC ) '' # prepare socket and set permissions. rtorrent user is part of group nginx # TODO: configure a shared torrent group - execute_nothrow = rm,${cfg.xmlrpc-socket} + execute.nothrow = rm,${cfg.xmlrpc-socket} scgi_local = ${cfg.xmlrpc-socket} schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"ug+w,o=\",${cfg.xmlrpc-socket}" ''} - system.file_allocate.set = ${if cfg.preAllocate then "yes" else "no"} + system.file.allocate.set = ${if cfg.preAllocate then "yes" else "no"} # Prepare systemd logging log.open_file = "rtorrent-systemd", ${systemd-logfile} diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index e80becfa7..98145274c 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -254,6 +254,36 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa"; }; + querel = { + ci = true; + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.22.22"; + ip6.addr = "42::2222"; + aliases = [ + "querel.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEArv9eB8acpUhJwRaLY9kGeM7DEPvInVvoduEbec10p4Y2PFx2MjSz + 2OhyxFRkONC4EMV9oVTKD+NRtpbRGZGLYD8ZPB622SvccgB0XnL6ZZfie1feSgrn + bPyVnX8EnEgtx9IQckHyaxWgtyrluJnY2CbLkCYgD+50KFT12rdHyAa3+QoYU65x + ACQo28i9xIpsl6dm7iWBb+ecHc7fST35OqWywtVxSpHPe1nvwaYm1p3rqqtkCGVh + iXE5ruAscri7Dskc5dGR1p7LquhBaebuylH6sfRKA6kre05+/IkXi+JLeAmAtJ+W + xezYlecEvxhguql9ZmSYAYkR4KknZb56KtvCnm29o0evvEpsaYcbtgq1D0JhoGyk + 4DixS5e+5dg470icVKxPfz1AzejxrTUTtMlI28qjAIx1FcmCBGM+T6yHs/MhNGbf + aqUmN+FwtsJ2QWFYqu9zjxxyAfrAw+gqHm0LnsKK1ttwF/2fYCTRLowY+ItB3axs + UVq7DQxyunyYalKGX2RSJ5BHczREHrfgX43HCSlcAuMuow9jHLOjzul0A49rSZ9E + vOPqbjrki0KEEQj0HN3Ax4UVqZ6mPWaTQzuup+bPQ/2Sjkx6COzMSAPmKo4l6DkA + J++ZonpnOCUkwCeCU6qJgMuHeXn0uh117Ypj/3J9eKYMO/RTSs3x8l0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFM2GdL9yOjSBmYBE07ClywNOADc/zxqXwZuWd7Mael root@querel.r"; + }; xu = { binary-cache = { pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s="; @@ -339,6 +369,8 @@ with import <stockholm/lib>; dv = { mail = "dv@alnus.r"; }; + itak = { + }; mv-ni = { mail = "mv@ni.r"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod"; diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix new file mode 100644 index 000000000..eb1351866 --- /dev/null +++ b/krebs/3modules/zones.nix @@ -0,0 +1,22 @@ +with import <stockholm/lib>; +{ config, ... }: { + + config = { + # Implements environment.etc."zones/<zone-name>" + environment.etc = let + stripEmptyLines = s: (concatStringsSep "\n" + (remove "\n" (remove "" (splitString "\n" s)))) + "\n"; + all-zones = foldAttrs (sum: current: sum + "\n" +current ) "" + ([config.krebs.zone-head-config] ++ combined-hosts); + combined-hosts = + mapAttrsToList (name: getAttr "extraZones") config.krebs.hosts; + in + mapAttrs' + (name: value: { + name = "zones/${name}"; + value.text = stripEmptyLines value; + }) + all-zones; + }; + +} diff --git a/krebs/5pkgs/haskell/nix-diff/default.nix b/krebs/5pkgs/haskell/nix-diff/default.nix new file mode 100644 index 000000000..df0315048 --- /dev/null +++ b/krebs/5pkgs/haskell/nix-diff/default.nix @@ -0,0 +1,25 @@ +{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl +, nix-derivation, optparse-generic, stdenv, system-filepath, text +, unix, vector +}: +mkDerivation { + pname = "nix-diff"; + version = "1.0.0-krebs1"; + src = fetchgit { + url = "https://github.com/Gabriel439/nix-diff"; + sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k"; + rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d"; + }; + patches = [ + ./nixos-system.patch + ]; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + attoparsec base containers Diff mtl nix-derivation optparse-generic + system-filepath text unix vector + ]; + homepage = "https://github.com/Gabriel439/nix-diff"; + description = "Explain why two Nix derivations differ"; + license = stdenv.lib.licenses.bsd3; +} diff --git a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch b/krebs/5pkgs/haskell/nix-diff/nixos-system.patch new file mode 100644 index 000000000..03e186aa9 --- /dev/null +++ b/krebs/5pkgs/haskell/nix-diff/nixos-system.patch @@ -0,0 +1,18 @@ +diff --git a/src/Main.hs b/src/Main.hs +index 959ab8e..d3b6077 100644 +--- a/src/Main.hs ++++ b/src/Main.hs +@@ -95,7 +95,12 @@ pathToText path = + underneath `/nix/store`, but this is the overwhelmingly common use case + -} + derivationName :: FilePath -> Text +-derivationName = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText ++derivationName p = ++ if Data.Text.isPrefixOf "nixos-system" s ++ then "nixos-system" ++ else s ++ where ++ s = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText $ p + + -- | Group input derivations by their name + groupByName :: Map FilePath (Set Text) -> Map Text (Map FilePath (Set Text)) diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix index bf19e7d66..954cfd76a 100644 --- a/krebs/5pkgs/haskell/xmonad-stockholm.nix +++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix @@ -1,13 +1,13 @@ { mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape , xmonad, xmonad-contrib }: -mkDerivation { +mkDerivation rec { pname = "xmonad-stockholm"; - version = "1.1.0"; + version = "1.1.1"; src = fetchgit { url = http://cgit.ni.krebsco.de/xmonad-stockholm; - rev = "179d29fd4c765dee698058ef63295331ac603639"; - sha256 = "0c6mj68xsxxr4j8adkzhjszi7bg6cpisrsmqn587a16sblpbrnkj"; + rev = "refs/tags/v${version}"; + sha256 = "05nnfg6q35z3qgf507qa80bz32jl4k719dl5phlmchplp3769585"; }; libraryHaskellDepends = [ base containers X11 X11-xshape xmonad xmonad-contrib diff --git a/krebs/5pkgs/simple/apt-cacher-ng/default.nix b/krebs/5pkgs/simple/apt-cacher-ng/default.nix deleted file mode 100644 index e3986713b..000000000 --- a/krebs/5pkgs/simple/apt-cacher-ng/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ stdenv, fetchurl, cmake, doxygen, zlib, openssl, bzip2, pkgconfig, libpthreadstubs }: - -stdenv.mkDerivation rec { - name = "apt-cacher-ng-${version}"; - version = "2"; - - src = fetchurl { - url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz"; - sha256 = "0bkc3012vinridl5ch46pwnxjalymx4wf6nxax64nm7bdkcj9azf"; - }; - - NIX_LDFLAGS = "-lpthread"; - buildInputs = [ doxygen cmake zlib openssl bzip2 pkgconfig libpthreadstubs ]; - - meta = { - description = "A caching proxy specialized for linux distribution files"; - homepage = http://www.unix-ag.uni-kl.de/~bloch/acng/; - license = stdenv.lib.licenses.gpl2; - maintainers = [ stdenv.lib.maintainers.makefu ]; - }; -} diff --git a/krebs/5pkgs/simple/cidr2glob.nix b/krebs/5pkgs/simple/cidr2glob.nix new file mode 100644 index 000000000..9b0b3f86b --- /dev/null +++ b/krebs/5pkgs/simple/cidr2glob.nix @@ -0,0 +1,30 @@ +{ python, writeScriptBin, ... }: + +let + pythonEnv = python.withPackages (ps: [ ps.netaddr ]); +in + writeScriptBin "cidr2glob" '' + #! ${pythonEnv}/bin/python + + import netaddr + import re + import sys + + def cidr2glob(cidr): + net = netaddr.IPNetwork(cidr) + + if net.prefixlen <= 8: + return map(lambda subnet: re.sub(r'\.0\.0\.0$', '.*', str(subnet.ip)), net.subnet(8)) + elif net.prefixlen <= 16: + return map(lambda subnet: re.sub(r'\.0\.0$', '.*', str(subnet.ip)), net.subnet(16)) + elif net.prefixlen <= 24: + return map(lambda subnet: re.sub(r'\.0$', '.*', str(subnet.ip)), net.subnet(24)) + else: + return map(lambda ip: str(ip), list(net)) + + if __name__ == "__main__": + for cidr in sys.stdin: + for glob in cidr2glob(cidr): + print glob + + '' diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix new file mode 100644 index 000000000..f5e1bbff3 --- /dev/null +++ b/krebs/5pkgs/simple/internetarchive/default.nix @@ -0,0 +1,38 @@ +{ pkgs, fetchFromGitHub, ... }: +with pkgs.python3Packages; +buildPythonPackage rec { + pname = "internetarchive"; + version = "1.7.3"; + name = "${pname}-${version}"; + propagatedBuildInputs = [ + requests + jsonpatch + docopt + clint + six + schema + backports_csv + ]; + +# check only works when cloned from git repo + doCheck = false; + checkInputs = [ + pytest + responses + ]; + + prePatch = '' + sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py + ''; + + src = fetchPypi { + inherit pname version; + sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g"; + }; + + meta = with stdenv.lib; { + description = "python library and cli for uploading files to internet archive"; + license = licenses.agpl3; + }; + +} diff --git a/krebs/5pkgs/simple/krebszones/default.nix b/krebs/5pkgs/simple/krebszones/default.nix index b54c95d88..32608e7fa 100644 --- a/krebs/5pkgs/simple/krebszones/default.nix +++ b/krebs/5pkgs/simple/krebszones/default.nix @@ -2,7 +2,7 @@ pkgs.writeDashBin "krebszones" '' set -efu - export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf + export OVH_ZONE_CONFIG=''${OVH_ZONE_CONFIG:-$HOME/.secrets/krebs/ovh-zone.conf} case $* in import) set -- import /etc/zones/krebsco.de krebsco.de diff --git a/krebs/5pkgs/simple/slog/default.nix b/krebs/5pkgs/simple/slog/default.nix new file mode 100644 index 000000000..c74a2ad80 --- /dev/null +++ b/krebs/5pkgs/simple/slog/default.nix @@ -0,0 +1,26 @@ +{ pkgs, stdenv, fetchFromGitHub }: + +## use with: +# . $(command -v slog.sh) +stdenv.mkDerivation rec { + name = "slog-${version}"; + version = "2017-10-27"; + + src = fetchFromGitHub { + owner = "makefu"; + repo = "slog"; + rev = "50367c3"; + sha256 = "16wlh8xz430101lrxmgl2wangbbhvyj4pg8k5aibnh76sgj6x77r"; + }; + + installPhase = '' + mkdir -p $out/bin + install -m755 slog.sh $out/bin + ''; + + meta = with stdenv.lib; { + description = "POSIX shell logging"; + license = licenses.mit; + }; + +} diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix new file mode 100644 index 000000000..5705f086d --- /dev/null +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -0,0 +1,291 @@ +{ pkgs }: let + + stockholm-dir = ../../../..; + + lib = import (stockholm-dir + "/lib"); + + # + # high level commands + # + + cmds.deploy = pkgs.withGetopt { + diff = { default = /* sh */ "false"; switch = true; }; + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target.default = /* sh */ "$system"; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeDash "stockholm.deploy" '' + set -efu + + . ${init.env} + . ${init.proxy "deploy" opts} + + if \test ${opts.diff.ref} = true; then + + system_profile=/nix/var/nix/profiles/system + system_drv_cur=/etc/system.drv + + system_drv_new=$( + ${pkgs.nix}/bin/nix-instantiate \ + -Q \ + -I "$target_path" \ + -E ' + (import <nixpkgs/nixos/lib/eval-config.nix> { + modules = [ <nixos-config> ]; + }).config.system.build.toplevel + ' + ) + + if \test -e "$system_drv_cur"; then + + system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur") + system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new") + + if \test "$system_drv_cur_c" = "$system_drv_new_c"; then + echo "$0: system up to date" >&2 + exit 0 + fi + + system_drv_cur=$system_drv_cur_c \ + system_drv_new=$system_drv_new_c \ + ${pkgs.utillinux}/bin/script \ + --command ' + ${pkgs.haskellPackages.nix-diff}/bin/nix-diff \ + "$system_drv_cur" "$system_drv_new" + ' \ + --quiet \ + --return \ + /dev/null + + printf 'deploy? [N/y] ' >&2 + read -r REPLY + if \test "$REPLY" != y; then + echo "$0: abort!" >&2 + exit 1 + fi + else + echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2 + fi + + new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new") + + ${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system" + PATH=${lib.makeBinPath [ + pkgs.systemd + ]} \ + "$system_profile"/bin/switch-to-configuration switch + + ${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur" + exit + fi + + # Use system's nixos-rebuild, which is not self-contained + export PATH=/run/current-system/sw/bin + exec ${utils.with-whatsupnix} \ + nixos-rebuild switch \ + --show-trace \ + -I "$target_path" + ''); + + cmds.install = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target = {}; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeBash "stockholm.install" '' + set -efu + + . ${init.env} + + if \test "''${using_proxy-}" != true; then + ${pkgs.openssh}/bin/ssh \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + "$target_user@$target_host" -p "$target_port" \ + env target_path=$(${pkgs.quote}/bin/quote "$target_path") \ + sh -s prepare \ + < ${stockholm-dir + "/krebs/4lib/infest/prepare.sh"} + # TODO inline prepare.sh? + fi + + . ${init.proxy "install" opts} + + # these variables get defined by nix-shell (i.e. nix-build) from + # XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0), + # which only exists on / and not at /mnt. + export NIX_BUILD_TOP=/tmp + export TEMPDIR=/tmp + export TEMP=/tmp + export TMPDIR=/tmp + export TMP=/tmp + export XDG_RUNTIME_DIR=/tmp + + export NIXOS_CONFIG="$target_path/nixos-config" + + cd + exec nixos-install + ''); + + cmds.test = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target = {}; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeDash "stockholm.test" /* sh */ '' + set -efu + + export dummy_secrets=true + + . ${init.env} + . ${init.proxy "test" opts} + + exec ${utils.build} config.system.build.toplevel + ''); + + # + # low level commands + # + + # usage: get-source SOURCE_FILE + cmds.get-source = pkgs.writeDash "stockholm.get-source" '' + set -efu + exec ${pkgs.nix}/bin/nix-instantiate \ + --eval \ + --json \ + --readonly-mode \ + --show-trace \ + --strict \ + "$1" + ''; + + # usage: parse-target [--default=TARGET] TARGET + # TARGET = [USER@]HOST[:PORT][/PATH] + cmds.parse-target = pkgs.withGetopt { + default_target = { + long = "default"; + short = "d"; + }; + } (opts: pkgs.writeDash "stockholm.parse-target" '' + set -efu + target=$1; shift + for arg; do echo "$0: bad argument: $arg" >&2; done + if \test $# != 0; then exit 2; fi + exec ${pkgs.jq}/bin/jq \ + -enr \ + --arg default_target "$default_target" \ + --arg target "$target" \ + -f ${pkgs.writeText "stockholm.parse-target.jq" '' + def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { + user: .captures[0].string, + host: .captures[1].string, + port: .captures[2].string, + path: .captures[3].string, + }; + def sanitize: with_entries(select(.value != null)); + ($default_target | parse) + ($target | parse | sanitize) | + . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) } + ''} + ''); + + init.env = pkgs.writeText "init.env" /* sh */ '' + + export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" + export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}" + + export quiet + export system + export target + export user + + default_target=root@$system:22/var/src + + export target_object="$( + ${cmds.parse-target} "$target" -d "$default_target" + )" + export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)" + export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)" + export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)" + export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)" + export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" + ''; + + init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ '' + if \test "''${using_proxy-}" != true; then + + source=$(${cmds.get-source} "$source_file") + qualified_target=$target_user@$target_host:$target_port$target_path + if \test "$force_populate" = true; then + echo "$source" | ${pkgs.populate}/bin/populate --force "$qualified_target" + else + echo "$source" | ${pkgs.populate}/bin/populate "$qualified_target" + fi + + if \test "$target_local" != true; then + exec ${pkgs.openssh}/bin/ssh \ + "$target_user@$target_host" -p "$target_port" \ + cd "$target_path/stockholm" \; \ + NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \ + STOCKHOLM_VERSION=$(${pkgs.quote}/bin/quote "$STOCKHOLM_VERSION") \ + nix-shell --run "$(${pkgs.quote}/bin/quote " + ${lib.concatStringsSep " " (lib.mapAttrsToList + (name: opt: /* sh */ + "${opt.varname}=\$(${pkgs.quote}/bin/quote ${opt.ref})") + opts + )} \ + using_proxy=true \ + ${lib.shell.escape command} \ + $WITHGETOPT_ORIG_ARGS \ + ")" + fi + fi + ''; + + utils.build = pkgs.writeDash "utils.build" '' + set -efu + ${utils.with-whatsupnix} \ + ${pkgs.nix}/bin/nix-build \ + --no-out-link \ + --show-trace \ + -E "with import <stockholm>; $1" \ + -I "$target_path" \ + ''; + + utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" '' + set -efu + if \test "$quiet" = true; then + "$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix + else + exec "$@" + fi + ''; + + shell.get-version = pkgs.writeDash "stockholm.get-version" '' + set -efu + version=git.$(${pkgs.git}/bin/git describe --always --dirty) + case $version in (*-dirty) + version=$version@$HOSTNAME + esac + date=$(${pkgs.coreutils}/bin/date +%y.%m) + echo "$date.$version" + ''; + +in + + pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link: + lib.nameValuePair "/bin/${name}" { inherit link; } + ) cmds) diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix index adaefbc4d..ebf872568 100644 --- a/krebs/5pkgs/simple/urlwatch/default.nix +++ b/krebs/5pkgs/simple/urlwatch/default.nix @@ -1,14 +1,18 @@ -{ stdenv, fetchurl, python3Packages }: +{ stdenv, fetchFromGitHub, python3Packages }: -python3Packages.buildPythonPackage rec { - name = "urlwatch-${meta.version}"; +python3Packages.buildPythonApplication rec { + name = "urlwatch-${version}"; + version = "2.7"; - src = fetchurl { - url = "https://github.com/thp/urlwatch/archive/${meta.version}.tar.gz"; - sha256 = "09bn31gn03swi7yr3s1ql8x07hx96gap1ka77kk44kk0lvfxn55b"; + src = fetchFromGitHub { + owner = "thp"; + repo = "urlwatch"; + rev = version; + sha256 = "0fx964z73yv08b1lpymmjsigf6929zx9ax5bp34rcf2c5gk11l5m"; }; propagatedBuildInputs = with python3Packages; [ + appdirs keyring minidb pycodestyle @@ -16,11 +20,10 @@ python3Packages.buildPythonPackage rec { requests ]; - meta = { + meta = with stdenv.lib; { description = "A tool for monitoring webpages for updates"; homepage = https://thp.io/2008/urlwatch/; - license = stdenv.lib.licenses.bsd3; - maintainers = [ stdenv.lib.maintainers.tv ]; - version = "2.6"; + license = licenses.bsd3; + maintainers = with maintainers; [ tv ]; }; } diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix index 179051bdf..d20802fb2 100644 --- a/krebs/5pkgs/simple/withGetopt.nix +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -20,7 +20,7 @@ opt-spec: cmd-spec: let # true if b requires a to define its default value opts-before = a: b: - test ".*[$]${stringAsChars (c: "[${c}]") a.varname}\\>.*" (b.default or ""); + test ".*[$]${stringAsChars (c: "[${c}]") a.varname}([^0-9A-Za-z_].*)?" (b.default or ""); opts-list = let sort-out = toposort opts-before (attrValues opts); diff --git a/krebs/source.nix b/krebs/source.nix index 09edc817b..73e216900 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString <stockholm>; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "07ca7b64d2ff2fa7a79e4eab1aba70ff746fed8c"; # nixos-17.09 @ 2017-10-02 + ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13 }; } diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix deleted file mode 100644 index 6411c423d..000000000 --- a/lass/1systems/archprism/config.nix +++ /dev/null @@ -1,328 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; - -let - ip = config.krebs.build.host.nets.internet.ip4.addr; - -in { - imports = [ - <stockholm/lass> - { - networking.interfaces.et0.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = "213.239.205.225"; - networking.nameservers = [ - "8.8.8.8" - ]; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" - ''; - } - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/exim-smarthost.nix> - #<stockholm/lass/2configs/downloading.nix> - <stockholm/lass/2configs/ts3.nix> - <stockholm/lass/2configs/bitlbee.nix> - <stockholm/lass/2configs/weechat.nix> - <stockholm/lass/2configs/privoxy-retiolum.nix> - <stockholm/lass/2configs/radio.nix> - <stockholm/lass/2configs/repo-sync.nix> - <stockholm/lass/2configs/binary-cache/server.nix> - <stockholm/lass/2configs/iodined.nix> - <stockholm/lass/2configs/libvirt.nix> - <stockholm/lass/2configs/hfos.nix> - <stockholm/lass/2configs/monitoring/server.nix> - <stockholm/lass/2configs/monitoring/monit-alarms.nix> - <stockholm/lass/2configs/paste.nix> - <stockholm/lass/2configs/syncthing.nix> - #<stockholm/lass/2configs/reaktor-coders.nix> - <stockholm/lass/2configs/ciko.nix> - <stockholm/lass/2configs/container-networking.nix> - #<stockholm/lass/2configs/reaktor-krebs.nix> - #{ - # lass.pyload.enable = true; - #} - { - imports = [ - <stockholm/lass/2configs/bepasty.nix> - ]; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { - return 403; - } - ''; - } - { - users.extraGroups = { - # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories - # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) - # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago - # Docs: man:tmpfiles.d(5) - # man:systemd-tmpfiles(8) - # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) - # Main PID: 19272 (code=exited, status=1/FAILURE) - # - # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE - # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. - # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. - # warning: error(s) occured while switching to the new configuration - lock.gid = 10001; - }; - } - { - boot.loader.grub = { - devices = [ - "/dev/sda" - "/dev/sdb" - ]; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - - fileSystems."/" = { - device = "/dev/pool/nix"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36"; - }; - - fileSystems."/var/download" = { - device = "/dev/pool/download"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/http"; - }; - - fileSystems."/srv/o.ubikmedia.de-data" = { - device = "/dev/pool/owncloud-ubik-data"; - }; - - fileSystems."/bku" = { - device = "/dev/pool/bku"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - - } - { - sound.enable = false; - } - { - nixpkgs.config.allowUnfree = true; - } - { - #stuff for juhulian - users.extraUsers.juhulian = { - name = "juhulian"; - uid = 1339; - home = "/home/juhulian"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" - ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} - ]; - } - { - environment.systemPackages = [ - pkgs.perlPackages.Plack - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} - ]; - } - { - time.timeZone = "Europe/Berlin"; - } - { - imports = [ - <stockholm/lass/2configs/websites/domsen.nix> - <stockholm/lass/2configs/websites/lassulus.nix> - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } - { - services.tor = { - enable = true; - }; - } - { - lass.ejabberd = { - enable = true; - hosts = [ "lassul.us" ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } - { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } - ]; - } - { - imports = [ - <stockholm/lass/2configs/realwallpaper.nix> - ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper.png; - ''; - } - { - environment.systemPackages = with pkgs; [ - mk_sql_pair - ]; - } - { - users.users.tv = { - uid = genid "tv"; - inherit (config.krebs.users.tv) home; - group = "users"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - ]; - }; - users.users.makefu = { - uid = genid "makefu"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.makefu.pubkey - ]; - }; - users.users.nin = { - uid = genid "nin"; - inherit (config.krebs.users.nin) home; - group = "users"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - extraGroups = [ - "libvirtd" - ]; - }; - } - { - krebs.repo-sync.timerConfig = { - OnBootSec = "15min"; - OnUnitInactiveSec = "90min"; - RandomizedDelaySec = "30min"; - }; - krebs.repo-sync.repos.stockholm.timerConfig = { - OnBootSec = "5min"; - OnUnitInactiveSec = "2min"; - RandomizedDelaySec = "2min"; - }; - } - { - lass.usershadow = { - enable = true; - }; - } - #{ - # krebs.Reaktor.prism = { - # nickname = "Reaktor|lass"; - # channels = [ "#retiolum" ]; - # extraEnviron = { - # REAKTOR_HOST = "ni.r"; - # }; - # plugins = with pkgs.ReaktorPlugins; [ - # sed-plugin - # ]; - # }; - #} - { - #stuff for dritter - users.extraUsers.dritter = { - name = "dritter"; - uid = genid "dritter"; - home = "/home/dritter"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" - ]; - }; - } - { - #hotdog - containers.hotdog = { - config = { ... }: { - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.1"; - localAddress = "10.233.2.2"; - }; - } - { - #kaepsele - containers.kaepsele = { - config = { ... }: { - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - tv.pubkey - ]; - }; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.3"; - localAddress = "10.233.2.4"; - }; - } - { - #onondaga - containers.onondaga = { - config = { ... }: { - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - config.krebs.users.nin.pubkey - ]; - }; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.4"; - localAddress = "10.233.2.5"; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.archprism; -} diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 7b90ebb63..6674b3db5 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -37,6 +37,9 @@ with import <stockholm/lib>; networkmanagerapplet libreoffice audacity + zathura + skype + wine ]; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; @@ -52,8 +55,10 @@ with import <stockholm/lib>; name = "bitcoin"; description = "user for bitcoin stuff"; home = "/home/bitcoin"; + isNormalUser = true; useDefaultShell = true; createHome = true; + extraGroups = [ "audio" ]; }; }; security.sudo.extraConfig = '' diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index c64789d8d..b14ef2a3e 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -10,8 +10,12 @@ with import <stockholm/lib>; <stockholm/lass/2configs/pass.nix> <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/otp-ssh.nix> - <stockholm/lass/2configs/git.nix> + # TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined + #<stockholm/lass/2configs/git.nix> <stockholm/lass/2configs/dcso-vpn.nix> + <stockholm/lass/2configs/virtualbox.nix> + <stockholm/lass/2configs/dcso-dev.nix> + <stockholm/lass/2configs/steam.nix> { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; @@ -59,6 +63,13 @@ with import <stockholm/lib>; maxTime = 9001; }; } + { + #urban terror port + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 27960"; target = "ACCEPT"; } + { predicate = "-p udp --dport 27960"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.helios; @@ -68,6 +79,16 @@ with import <stockholm/lib>; repo = [ config.krebs.git.repos.stockholm ]; perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ]; } + { + lass.umts = { + enable = true; + modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09"; + initstrings = '' + Init1 = AT+CFUN=1 + Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + ''; + }; + } ]; # Use the systemd-boot EFI boot loader. @@ -80,7 +101,6 @@ with import <stockholm/lib>; environment.systemPackages = with pkgs; [ ag vim - rxvt_unicode git rsync hashPassword @@ -100,11 +120,16 @@ with import <stockholm/lib>; services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.xrandrHeads = [ - { output = "DP-0.8"; } - { output = "DP-4"; monitorConfig = ''Option "Rotate" "right"''; } { output = "DP-2"; primary = true; } + { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; } + { output = "DP-0"; } ]; + services.xserver.displayManager.sessionCommands = '' + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal + ${pkgs.systemd}/bin/systemctl start xresources.service + ''; + networking.hostName = lib.mkForce "BLN02NB0162"; security.pki.certificateFiles = [ @@ -123,8 +148,6 @@ with import <stockholm/lib>; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" ]; - services.printing = { - enable = true; - drivers = [ pkgs.postscript-lexmark ]; - }; + services.printing.drivers = [ pkgs.postscript-lexmark ]; + } diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix new file mode 100644 index 000000000..7211c78eb --- /dev/null +++ b/lass/1systems/littleT/config.nix @@ -0,0 +1,84 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/hw/x220.nix> + <stockholm/lass/2configs/boot/stock-x220.nix> + + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/backups.nix> + <stockholm/lass/2configs/steam.nix> + { + users.users.blacky = { + uid = genid "blacky"; + home = "/home/blacky"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + "video" + ]; + useDefaultShell = true; + }; + networking.networkmanager.enable = true; + networking.wireless.enable = mkForce false; + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + environment.systemPackages = with pkgs; [ + pavucontrol + chromium + hexchat + networkmanagerapplet + vlc + ]; + services.xserver.enable = true; + services.xserver.displayManager.lightdm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + services.xserver.layout = "de"; + users.mutableUsers = mkForce true; + services.xserver.synaptics.enable = true; + } + { + #remote control + environment.systemPackages = with pkgs; [ + x11vnc + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; } + ]; + } + ]; + + time.timeZone = "Europe/Berlin"; + + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 0; + emulateWheel = true; + }; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + + krebs.build.host = config.krebs.hosts.littleT; + + #fileSystems = { + # "/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + # }; + #}; + + #services.udev.extraRules = '' + # SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + #''; +} diff --git a/lass/1systems/archprism/source.nix b/lass/1systems/littleT/source.nix index 3e96c1d38..a86b8fd10 100644 --- a/lass/1systems/archprism/source.nix +++ b/lass/1systems/littleT/source.nix @@ -1,3 +1,4 @@ import <stockholm/lass/source.nix> { - name = "archprism"; + name = "littleT"; + secure = true; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 6a61ce1fa..ad133802f 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -29,7 +29,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/otp-ssh.nix> <stockholm/lass/2configs/c-base.nix> - <stockholm/tv/2configs/br.nix> + <stockholm/lass/2configs/br.nix> { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ @@ -135,6 +135,8 @@ with import <stockholm/lib>; macchanger dpass + + dnsutils ]; #TODO: fix this shit @@ -177,7 +179,7 @@ with import <stockholm/lib>; echo 'secrets are crypted' >&2 exit 23 else - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' + exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"' fi ''; predeploy = pkgs.writeDash "predeploy" '' @@ -192,4 +194,8 @@ with import <stockholm/lib>; exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate' ''; }; + + #nix.package = pkgs.nixUnstable; + programs.adb.enable = true; + users.users.mainUser.extraGroups = [ "adbusers" ]; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a0bc1b900..87270b8b8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -67,6 +67,11 @@ in { fsType = "ext4"; }; + fileSystems."/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; + swapDevices = [ { label = "swap1"; } { label = "swap2"; } @@ -220,8 +225,8 @@ in { }; enableTun = true; privateNetwork = true; - hostAddress = "10.233.2.4"; - localAddress = "10.233.2.5"; + hostAddress = "10.233.2.5"; + localAddress = "10.233.2.6"; }; } <stockholm/lass/2configs/exim-smarthost.nix> @@ -280,6 +285,17 @@ in { { predicate = "-p udp --dport 25565"; target = "ACCEPT"; } ]; } + <stockholm/krebs/2configs/reaktor-krebs.nix> + <stockholm/lass/2configs/dcso-dev.nix> + { + krebs.git.rules = [ + { + user = [ config.krebs.users.jeschli ]; + repo = [ config.krebs.git.repos.stockholm ]; + perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ]; + } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix new file mode 100644 index 000000000..0669748f5 --- /dev/null +++ b/lass/1systems/xerxes/config.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/hw/gpd-pocket.nix> + <stockholm/lass/2configs/boot/stock-x220.nix> + + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + ]; + + krebs.build.host = config.krebs.hosts.xerxes; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0" + ''; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/16C8-D053"; + fsType = "vfat"; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ]; + networking.wireless.enable = true; +} diff --git a/lass/1systems/xerxes/source.nix b/lass/1systems/xerxes/source.nix new file mode 100644 index 000000000..11f5bf796 --- /dev/null +++ b/lass/1systems/xerxes/source.nix @@ -0,0 +1,11 @@ +with import <stockholm/lib>; +import <stockholm/lass/source.nix> { + name = "xerxes"; + secure = true; + override = { + nixpkgs.git = mkForce { + url = https://github.com/lassulus/nixpkgs; + ref = "3eccd0b"; + }; + }; +} diff --git a/lass/2configs/audit.nix b/lass/2configs/audit.nix deleted file mode 100644 index 644741a5b..000000000 --- a/lass/2configs/audit.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - security.audit = { - rules = [ - "-a task,never" - ]; - }; -} diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index a8bb8693f..9712bafff 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -7,9 +7,9 @@ in { ./mpv.nix ./power-action.nix ./copyq.nix - ./xresources.nix ./livestream.nix ./dns-stuff.nix + ./urxvt.nix { hardware.pulseaudio = { enable = true; @@ -41,6 +41,11 @@ in { default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; }; }; + config.services.xresources.resources.X = '' + *.font: ${config.lass.fonts.regular} + *.boldFont: ${config.lass.fonts.bold} + *.italicFont: ${config.lass.fonts.italic} + ''; } ]; @@ -64,9 +69,11 @@ in { dic dmenu gi + git-preview gitAndTools.qgit - lm_sensors haskellPackages.hledger + lm_sensors + mpv-poll much ncdu nix-repl @@ -74,21 +81,20 @@ in { pavucontrol powertop push + rxvt_unicode_with-plugins + screengrab slock sxiv + termite xclip xorg.xbacklight xorg.xhost xsel - zathura - - mpv-poll - yt-next - youtube-tools + yt-next + zathura - rxvt_unicode - termite + cabal2nix ]; fonts.fonts = with pkgs; [ @@ -98,42 +104,15 @@ in { xlibs.fontschumachermisc ]; + lass.xserver.enable = true; services.xserver = { - enable = true; - - desktopManager.xterm.enable = false; - desktopManager.default = "none"; - displayManager.lightdm.enable = true; - displayManager.lightdm.autoLogin = { - enable = true; - user = "lass"; - }; - windowManager.default = "xmonad"; - windowManager.session = [{ - name = "xmonad"; - start = '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - ${pkgs.xmonad-lass}/bin/xmonad & - waitPID=$! - ''; - }]; - layout = "us"; xkbModel = "evdev"; xkbVariant = "altgr-intl"; xkbOptions = "caps:backspace"; }; - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - }; - services.urxvtd.enable = true; + services.xresources.enable = true; lass.screenlock.enable = true; } diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix index 35bac8fee..ad307c797 100644 --- a/lass/2configs/br.nix +++ b/lass/2configs/br.nix @@ -18,7 +18,7 @@ with import <stockholm/lib>; netDevices = { bra = { model = "MFCL2700DN"; - ip = "10.23.42.221"; + ip = "10.42.23.221"; }; }; }; diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 6c381863c..9459cfd6f 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -5,19 +5,23 @@ let mainUser = config.users.extraUsers.mainUser; - browser-select = pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "${concatStringsSep "\\n" (attrNames config.lass.browser.paths)}" | ${pkgs.dmenu}/bin/dmenu) + browser-select = let + sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) + (mapAttrsToList (name: value: { inherit name value; }) + config.lass.browser.paths); + in pkgs.writeScriptBin "browser-select" '' + BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) case $BROWSER in ${concatMapStringsSep "\n" (n: '' - ${n}) - export BIN=${config.lass.browser.paths.${n}}/bin/${n} + ${n.name}) + export BIN=${n.value.path}/bin/${n.name} ;; - '') (attrNames config.lass.browser.paths)} + '') (sortedPaths)} esac $BIN "$@" ''; - createChromiumUser = name: extraGroups: + createChromiumUser = name: extraGroups: precedence: let bin = pkgs.writeScriptBin name '' /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ @@ -31,7 +35,7 @@ let useDefaultShell = true; createHome = true; }; - lass.browser.paths.${name} = bin; + lass.browser.paths.${name}.path = bin; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; @@ -40,10 +44,10 @@ let ]; }; - createFirefoxUser = name: extraGroups: + createFirefoxUser = name: extraGroups: precedence: let bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ + /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@ ''; in { users.extraUsers.${name} = { @@ -54,7 +58,10 @@ let useDefaultShell = true; createHome = true; }; - lass.browser.paths.${name} = bin; + lass.browser.paths.${name} = { + path = bin; + inherit precedence; + }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; @@ -79,14 +86,24 @@ in { type = types.path; }; options.lass.browser.paths = mkOption { - type = with types; attrsOf path; + type = types.attrsOf (types.submodule ({ + options = { + path = mkOption { + type = types.path; + }; + precedence = mkOption { + type = types.int; + default = 0; + }; + }; + })); }; } - ( createFirefoxUser "ff" [ "audio" ] ) - ( createChromiumUser "cr" [ "video" "audio" ] ) + ( createFirefoxUser "ff" [ "audio" ] 10 ) + ( createChromiumUser "cr" [ "video" "audio" ] 9 ) + ( createChromiumUser "gm" [ "video" "audio" ] 8 ) ( createChromiumUser "wk" [ "video" "audio" ] ) ( createChromiumUser "fb" [ "video" "audio" ] ) - ( createChromiumUser "gm" [ "video" "audio" ] ) ( createChromiumUser "com" [ "video" "audio" ] ) ]; } diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index fa01a99c9..cd10313fc 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -21,9 +21,9 @@ let in { systemd.services.copyq = { wantedBy = [ "multi-user.target" ]; - requires = [ "display-manager.service" ]; + requires = [ "xserver.service" ]; environment = { - DISPLAY = ":0"; + DISPLAY = ":${toString config.services.xserver.display}"; }; path = with pkgs; [ qt5.full diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix new file mode 100644 index 000000000..2b91f91d6 --- /dev/null +++ b/lass/2configs/dcso-dev.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + inherit (import <stockholm/lib>) genid; + +in { + users.extraUsers = { + dev = { + name = "dev"; + uid = genid "dev"; + description = "user for collaborative development"; + home = "/home/dev"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + config.krebs.users.lass-android.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost" + ]; + packages = with pkgs; [ + emacs25-nox + + (pkgs.symlinkJoin { + name = "tmux"; + paths = [ + (pkgs.writeDashBin "tmux" '' + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' + set-option -g default-terminal screen-256color + + #use session instead of windows + bind-key c new-session + bind-key p switch-client -p + bind-key n switch-client -n + bind-key C-s switch-client -l + ''} "$@" + '') + pkgs.tmux + ]; + }) + ]; + }; + }; + + krebs.per-user.dev.packages = [ + pkgs.go + ]; + + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(dev) NOPASSWD: ALL + ''; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 180647a6d..0e00dc2fd 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,7 +2,6 @@ with import <stockholm/lib>; { imports = [ - ../2configs/audit.nix ../2configs/binary-cache/client.nix ../2configs/gc.nix ../2configs/mc.nix @@ -23,6 +22,7 @@ with import <stockholm/lib>; config.krebs.users.lass.pubkey config.krebs.users.lass-shodan.pubkey config.krebs.users.lass-icarus.pubkey + config.krebs.users.lass-xerxes.pubkey ]; }; mainUser = { diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index f9c8f8ebc..2d848773f 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -46,6 +46,9 @@ with import <stockholm/lib>; { from = "apple@lassul.us"; to = lass.mail; } { from = "coinbase@lassul.us"; to = lass.mail; } { from = "tomtop@lassul.us"; to = lass.mail; } + { from = "aliexpress@lassul.us"; to = lass.mail; } + { from = "business@lassul.us"; to = lass.mail; } + { from = "payeer@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index d114a826d..6cea271c1 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -57,7 +57,7 @@ let in { environment.systemPackages = with pkgs; [ - dwarf_fortress + (dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; }) doom1 doom2 vdoom1 diff --git a/lass/2configs/hw/gpd-pocket.nix b/lass/2configs/hw/gpd-pocket.nix new file mode 100644 index 000000000..87b4c518b --- /dev/null +++ b/lass/2configs/hw/gpd-pocket.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: + +let + dummy_firmware = pkgs.writeTextFile { + name = "brcmfmac4356-pcie.txt"; + text = builtins.readFile ./brcmfmac4356-pcie.txt; + destination = "/lib/firmware/brcm/brcmfmac4356-pcie.txt"; + }; +in { + #imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ]; + hardware.firmware = [ dummy_firmware ]; + hardware.enableRedistributableFirmware = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" "sdhci_pci" ]; + boot.kernelPackages = pkgs.linuxPackages_4_14; + boot.kernelParams = [ + "fbcon=rotate:1" + ]; + services.xserver.displayManager.sessionCommands = '' + (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right) + (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1) + ''; + services.xserver.dpi = 200; + fonts.fontconfig.dpi = 200; + lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola"; + lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola"; + lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol"; +} diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index bf7decc40..f5651da13 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -29,4 +29,9 @@ options = ["nosuid" "nodev" "noatime"]; }; }; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 91127f737..962efaf3f 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -76,6 +76,7 @@ let "INBOX" "notmuch://?query=tag:inbox \ and NOT to:nix-devel\ and NOT to:shackspace\ + and NOT to:security\ and NOT to:c-base" \ "shack" "notmuch://?query=to:shackspace"\ "c-base" "notmuch://?query=to:c-base"\ diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index f3ef23e67..98dbdc227 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -22,15 +22,22 @@ let }); }; in { - rules = with git; singleton { - user = with config.krebs.users; [ - config.krebs.users."${config.networking.hostName}-repo-sync" - lass - lass-shodan - ]; - repo = [ repo ]; - perm = push ''refs/*'' [ non-fast-forward create delete merge ]; - }; + rules = with git; [ + { + user = with config.krebs.users; [ + config.krebs.users."${config.networking.hostName}-repo-sync" + lass + lass-shodan + ]; + repo = [ repo ]; + perm = push ''refs/*'' [ non-fast-forward create delete merge ]; + } + { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } + ]; repos."${name}" = repo; }; diff --git a/lass/2configs/urxvt.nix b/lass/2configs/urxvt.nix index 1358dde7a..ee50b3381 100644 --- a/lass/2configs/urxvt.nix +++ b/lass/2configs/urxvt.nix @@ -1,40 +1,32 @@ { config, pkgs, ... }: - -let - inherit (config.users.extraUsers) mainUser; - -in +with import <stockholm/lib>; { - imports = [ - ../3modules/urxvtd.nix - ../3modules/xresources.nix - ]; - - services.urxvtd = { - enable = true; - users = [ mainUser.name ]; - urxvtPackage = pkgs.rxvt_unicode_with-plugins; - }; - services.xresources.enable = true; + services.urxvtd.enable = true; + services.xresources.resources.urxvt = '' - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* - URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* + URxvt*SaveLines: 4096 + URxvt*scrollBar: false + URxvt*urgentOnBell: true URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - URxvt.url-select.launcher: browser-select + + ${optionalString (hasAttr "browser" config.lass) + "URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select" + } + URxvt.url-select.underline: true URxvt.keysym.M-u: perl:url-select:select_next URxvt.keysym.M-Escape: perl:keyboard-select:activate URxvt.keysym.M-s: perl:keyboard-select:search - URxvt.intensityStyles: false + URxvt.intensityStyles: false - URxvt*background: #000000 - URxvt*foreground: #ffffff + URxvt*background: #000000 + URxvt*foreground: #ffffff !change unreadable blue - URxvt*color4: #268bd2 + URxvt*color4: #268bd2 + + URxvt*color0: #232342 ''; } diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 698344b09..f6c736fbc 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -98,8 +98,13 @@ let noremap <esc>[c <nop> | noremap! <esc>[c <nop> noremap <esc>[d <nop> | noremap! <esc>[d <nop> + " search with ack let g:ackprg = 'ag --vimgrep' cnoreabbrev Ack Ack! + + " copy/paste from/to xclipboard + noremap x "_x + set clipboard=unnamedplus ''; extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 6e185a4d6..25ca1f455 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -147,12 +147,32 @@ in { in '' alias ${initscript}; ''; + locations."/pub".extraConfig = '' + alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; + ''; + }; + + security.acme.certs."cgit.lassul.us" = { + email = "lassulus@lassul.us"; + webroot = "/var/lib/acme/acme-challenge"; + plugins = [ + "account_key.json" + "fullchain.pem" + "key.pem" + ]; + group = "nginx"; + user = "nginx"; }; + services.nginx.virtualHosts.cgit = { serverName = "cgit.lassul.us"; addSSL = true; - enableACME = true; + sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; + locations."/.well-known/acme-challenge".extraConfig = '' + root /var/lib/acme/acme-challenge; + ''; }; users.users.blog = { diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 0d2b731ca..d60b1feea 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -4,10 +4,6 @@ let mainUser = config.users.extraUsers.mainUser; in { - krebs.per-user.wine.packages = with pkgs; [ - wine - #(wineFull.override { wineBuild = "wine64"; }) - ]; users.users= { wine = { name = "wine"; @@ -19,9 +15,27 @@ in { "video" ]; createHome = true; + packages = [ + pkgs.wine + ]; + }; + wine64 = { + name = "wine64"; + description = "user for running wine in 64bit"; + home = "/home/wine64"; + useDefaultShell = true; + extraGroups = [ + "audio" + "video" + ]; + createHome = true; + packages = [ + (pkgs.wine.override { wineBuild = "wineWow"; }) + ]; }; }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(wine) NOPASSWD: ALL + ${mainUser.name} ALL=(wine64) NOPASSWD: ALL ''; } diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix deleted file mode 100644 index a3c54f3a1..000000000 --- a/lass/2configs/xresources.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ config, pkgs, ... }: - -with import <stockholm/lib>; - -let - - xresources = pkgs.writeText "Xresources" '' - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt*SaveLines: 4096 - - URxvt.font: ${config.lass.fonts.regular} - URxvt.boldFont: ${config.lass.fonts.bold} - URxvt.italicFont: ${config.lass.fonts.italic} - - ! ref https://github.com/muennich/urxvt-perls - URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl - URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - ${optionalString (hasAttr "browser" config.lass) - "URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select" - } - URxvt.url-select.underline: true - URxvt.keysym.M-u: perl:url-select:select_next - URxvt.keysym.M-Escape: perl:keyboard-select:activate - URxvt.keysym.M-s: perl:keyboard-select:search - - URxvt.intensityStyles: false - - URxvt*background: #000000 - URxvt*foreground: #d0d7d0 - - URxvt*cursorColor: #f042b0 - URxvt*cursorColor2: #f0b000 - URxvt*cursorBlink: off - - URxvt*.pointerBlank: true - URxvt*.pointerBlankDelay: 987654321 - URxvt*.pointerColor: #f042b0 - URxvt*.pointerColor2: #050505 - - URxvt*color0: #232342 - ''; - -in { - systemd.services.xresources = { - description = "xresources"; - wantedBy = [ "multi-user.target" ]; - after = [ "display-manager.service" ]; - - environment = { - DISPLAY = ":0"; - }; - - restartIfChanged = true; - - serviceConfig = { - Type = "simple"; - ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}"; - Restart = "on-failure"; - User = "lass"; - }; - }; -} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index e14e39bc2..81b52c306 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -11,6 +11,7 @@ _: ./screenlock.nix ./umts.nix ./usershadow.nix + ./xserver ./xresources.nix ]; } diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix index 06ca1f27d..e16ce9868 100644 --- a/lass/3modules/screenlock.nix +++ b/lass/3modules/screenlock.nix @@ -23,7 +23,7 @@ let before = [ "sleep.target" ]; wantedBy = [ "sleep.target" ]; environment = { - DISPLAY = ":0"; + DISPLAY = ":${toString config.services.xserver.display}"; }; serviceConfig = { SyslogIdentifier = "screenlock"; diff --git a/lass/3modules/xresources.nix b/lass/3modules/xresources.nix index 074963022..017dbff2b 100644 --- a/lass/3modules/xresources.nix +++ b/lass/3modules/xresources.nix @@ -4,16 +4,13 @@ #prefix with Attribute Name #ex: urxvt -# -# with builtins; with lib; let - inherit (import ../../tv/4lib { inherit pkgs lib; }) shell-escape; - inherit (pkgs) writeScript; + inherit (pkgs) writeScript writeText; in @@ -46,12 +43,16 @@ in config = let cfg = config.services.xresources; - xres = concatStringsSep "\n" (attrValues cfg.resources); + xres = writeText "xresources" (concatStringsSep "\n" (attrValues cfg.resources)); in mkIf cfg.enable { services.xserver.displayManager.sessionCommands = '' - echo ${shell-escape xres} | xrdb -merge + ${pkgs.xorg.xrdb}/bin/xrdb -merge ${xres} ''; + environment.systemPackages = [ + (pkgs.writeDashBin "updateXresources" '' + ${pkgs.xorg.xrdb}/bin/xrdb -merge ${xres} + '') + ]; }; - } diff --git a/lass/3modules/xserver/default.nix b/lass/3modules/xserver/default.nix new file mode 100644 index 000000000..462c6deef --- /dev/null +++ b/lass/3modules/xserver/default.nix @@ -0,0 +1,101 @@ +{ config, pkgs, ... }@args: +with import <stockholm/lib>; +let + + out = { + options.lass.xserver = api; + config = mkIf cfg.enable imp; + }; + + user = config.krebs.build.user; + + cfg = config.lass.xserver; + xcfg = config.services.xserver; + api = { + enable = mkEnableOption "lass xserver"; + }; + imp = { + + services.xserver = { + # Don't install feh into systemPackages + # refs <nixpkgs/nixos/modules/services/x11/desktop-managers> + desktopManager.session = mkForce []; + + enable = true; + display = 11; + tty = 11; + }; + + systemd.services.display-manager.enable = false; + + systemd.services.xmonad = { + wantedBy = [ "multi-user.target" ]; + requires = [ "xserver.service" ]; + environment = { + DISPLAY = ":${toString xcfg.display}"; + + XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & + ${xcfg.displayManager.sessionCommands} + wait + ''; + + XMONAD_DATA_DIR = "/tmp"; + }; + serviceConfig = { + SyslogIdentifier = "xmonad"; + ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; + ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown"; + User = user.name; + WorkingDirectory = user.home; + }; + }; + + systemd.services.xserver = { + after = [ + "systemd-udev-settle.service" + "local-fs.target" + "acpid.service" + ]; + reloadIfChanged = true; + environment = { + XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. + XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. + LD_LIBRARY_PATH = concatStringsSep ":" ( + [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] + ++ concatLists (catAttrs "libPath" xcfg.drivers)); + }; + serviceConfig = { + SyslogIdentifier = "xserver"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = toString [ + "${pkgs.xorg.xorgserver}/bin/X" + ":${toString xcfg.display}" + "vt${toString xcfg.tty}" + "-config ${import ./xserver.conf.nix args}" + "-logfile /dev/null -logverbose 0 -verbose 3" + "-nolisten tcp" + "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" + (optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}") + ]; + }; + }; + services.xresources.resources.dpi = '' + ${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"} + ''; + systemd.services.urxvtd = { + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + serviceConfig = { + SyslogIdentifier = "urxvtd"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd"; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = user.name; + }; + }; + }; + +in out diff --git a/lass/3modules/xserver/xserver.conf.nix b/lass/3modules/xserver/xserver.conf.nix new file mode 100644 index 000000000..6f34e0150 --- /dev/null +++ b/lass/3modules/xserver/xserver.conf.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; + +let + cfg = config.services.xserver; +in + +pkgs.stdenv.mkDerivation { + name = "xserver.conf"; + + xfs = optionalString (cfg.useXFS != false) + ''FontPath "${toString cfg.useXFS}"''; + + inherit (cfg) config; + + buildCommand = + '' + echo 'Section "Files"' >> $out + echo $xfs >> $out + + for i in ${toString config.fonts.fonts}; do + if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then + for j in $(find $i -name fonts.dir); do + echo " FontPath \"$(dirname $j)\"" >> $out + done + fi + done + + for i in $(find ${toString cfg.modules} -type d); do + if test $(echo $i/*.so* | wc -w) -ne 0; then + echo " ModulePath \"$i\"" >> $out + fi + done + + echo 'EndSection' >> $out + + echo "$config" >> $out + ''; +} diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index d04833255..10df08e7f 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -20,5 +20,10 @@ xml2json = pkgs.callPackage ./xml2json/default.nix {}; xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; }; yt-next = pkgs.callPackage ./yt-next/default.nix {}; + + screengrab = pkgs.writeDashBin "screengrab" '' + resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')" + ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1 + ''; }; } diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 12c078940..d3f76903d 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -3,6 +3,7 @@ pkgs.writeHaskell "xmonad-lass" { executables.xmonad = { extra-depends = [ "containers" + "extra" "unix" "X11" "xmonad" @@ -20,18 +21,16 @@ module Main where import XMonad import qualified XMonad.StackSet as W -import Control.Exception +import Control.Monad.Extra (whenJustM) import Data.List (isInfixOf) -import System.Environment (getArgs, withArgs) -import System.IO (hPutStrLn, stderr) +import System.Environment (getArgs, lookupEnv) import System.Posix.Process (executeFile) -import Text.Read (readEither) import XMonad.Actions.CopyWindow (copy, kill1) import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace) import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch) -import XMonad.Actions.UpdatePointer (updatePointer) +import XMonad.Hooks.EwmhDesktops (ewmh) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) @@ -41,59 +40,45 @@ import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin)) import XMonad.Layout.NoBorders (smartBorders) +import XMonad.Layout.SimplestFloat (simplestFloat) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Util.EZConfig (additionalKeysP) -import XMonad.Layout.SimpleFloat (simpleFloat) import XMonad.Stockholm.Shutdown myTerm :: FilePath -myTerm = "${pkgs.rxvt_unicode}/bin/urxvtc" +myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc" myFont :: String myFont = "${config.lass.fonts.regular}" main :: IO () main = getArgs >>= \case - ["--shutdown"] -> sendShutdownEvent - _ -> mainNoArgs + ["--shutdown"] -> sendShutdownEvent + _ -> main' -mainNoArgs :: IO () -mainNoArgs = do - xmonad' +main' :: IO () +main' = do + xmonad $ ewmh $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook - , logHook = updatePointer (0.25, 0.25) (0.25, 0.25) , manageHook = placeHook (smart (1,0)) <+> floatNextHook + , startupHook = + whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) + (\path -> forkFile path [] Nothing) , normalBorderColor = "#1c1c1c" - , focusedBorderColor = "#f000b0" + , focusedBorderColor = "#ff0000" , handleEventHook = handleShutdownEvent , workspaces = [ "dashboard", "sys", "wp" ] } `additionalKeysP` myKeyMap myLayoutHook = defLayout where - defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1) ||| simpleFloat - - -xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO () -xmonad' conf = do - let path = "/tmp/xmonad.state" - try (readFile path) >>= \case - Right content -> do - hPutStrLn stderr ("resuming from " ++ path) - withArgs ("--resume" : lines content) (xmonad conf) - Left e -> do - hPutStrLn stderr (displaySomeException e) - xmonad conf - -displaySomeException :: SomeException -> String -displaySomeException = displayException - + defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat) myKeyMap :: [([Char], X ())] myKeyMap = @@ -102,6 +87,8 @@ myKeyMap = , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") + + , ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") , ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%") diff --git a/lass/source.nix b/lass/source.nix index 738504228..710bfdf2d 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "e53e9a2"; + ref = "cb751f9"; }; secrets.file = getAttr builder { buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>; diff --git a/lib/types.nix b/lib/types.nix index 08dc0974e..c3b14d807 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -92,7 +92,7 @@ rec { default = null; }; addrs = mkOption { - type = listOf cidr; + type = listOf addr; default = optional (config.ip4 != null) config.ip4.addr ++ optional (config.ip6 != null) config.ip6.addr; @@ -155,6 +155,8 @@ rec { ++ (map (a: "Subnet = ${a}") net.addrs) ++ + (map (a: "Subnet = ${a}") config.subnets) + ++ [config.extraConfig] ++ [config.pubkey] @@ -173,6 +175,11 @@ rec { description = "tinc port to use to connect to host"; default = 655; }; + subnets = mkOption { + type = listOf cidr; + description = "tinc subnets"; + default = []; + }; }; })); default = null; diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix index c287c28df..1a617e52d 100644 --- a/makefu/1systems/cake/config.nix +++ b/makefu/1systems/cake/config.nix @@ -6,9 +6,6 @@ # configure your hw: # <stockholm/makefu/2configs/save-diskspace.nix> ]; - users.extraUsers.root.openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - ]; krebs = { enable = true; tinc.retiolum.enable = true; @@ -23,6 +20,7 @@ programs.man.enable = false; services.nixosManual.enable = false; boot.tmpOnTmpfs = lib.mkForce false; + sound.enable = false; hardware.enableRedistributableFirmware = true; hardware.firmware = [ diff --git a/makefu/1systems/darth/config.nix b/makefu/1systems/darth/config.nix index 7accb13d3..046c1574c 100644 --- a/makefu/1systems/darth/config.nix +++ b/makefu/1systems/darth/config.nix @@ -2,6 +2,8 @@ with import <stockholm/lib>; let + # all the good stuff resides in /data + byid = dev: "/dev/disk/by-id/" + dev; rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN"; bootPart = rootDisk + "-part1"; @@ -21,44 +23,23 @@ in { <stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tools/core.nix> <stockholm/makefu/2configs/stats/client.nix> - <stockholm/makefu/2configs/nsupdate-data.nix> - - # SIEM - #<stockholm/makefu/2configs/tinc/siem.nix> - # {services.tinc.networks.siem = { - # name = "sdarth"; - # extraConfig = "ConnectTo = sjump"; - # }; - # } + # <stockholm/makefu/2configs/nsupdate-data.nix> - # { - # makefu.forward-journal = { - # enable = true; - # src = "10.8.10.2"; - # dst = "10.8.10.6"; - # }; - # } - - ## Sharing - # <stockholm/makefu/2configs/share/temp-share-samba.nix> - #{ - # services.samba.shares = { - # isos = { - # path = "/data/isos/"; - # "read only" = "yes"; - # browseable = "yes"; - # "guest ok" = "yes"; - # }; - # }; - #} <stockholm/makefu/2configs/share/anon-ftp.nix> + + # lan party + <stockholm/makefu/2configs/lanparty/lancache.nix> + <stockholm/makefu/2configs/lanparty/lancache-dns.nix> + <stockholm/makefu/2configs/lanparty/samba.nix> + <stockholm/makefu/2configs/lanparty/mumble-server.nix> + <stockholm/makefu/2configs/virtualisation/libvirt.nix> ]; #networking.firewall.enable = false; makefu.server.primary-itf = "enp0s25"; - krebs.hidden-ssh.enable = true; + # krebs.hidden-ssh.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index e769b1e22..b66ef1ab8 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -2,16 +2,22 @@ with import <stockholm/lib>; let - external-mac = "3a:66:48:8e:82:b2"; + # hw-specific + external-mac = "2a:c5:6e:d2:fc:7f"; + main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + external-gw = "185.194.140.1"; + # single partition, label "nixos" + # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate + + + # static external-ip = config.krebs.build.host.nets.internet.ip4.addr; external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; - external-gw = "188.68.40.1"; external-gw6 = "fe80::1"; external-netmask = 22; external-netmask6 = 64; - ext-if = "et0"; # gets renamed on the fly internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + ext-if = "et0"; # gets renamed on the fly in { imports = [ <stockholm/makefu> @@ -19,6 +25,7 @@ in { <stockholm/makefu/2configs/headless.nix> <stockholm/makefu/2configs/fs/single-partition-ext4.nix> # <stockholm/makefu/2configs/smart-monitor.nix> + <stockholm/makefu/2configs/git/cgit-retiolum.nix> <stockholm/makefu/2configs/backup.nix> # <stockholm/makefu/2configs/mattermost-docker.nix> @@ -39,7 +46,7 @@ in { # services <stockholm/makefu/2configs/share/gum.nix> - <stockholm/makefu/2configs/sabnzbd.nix> + # <stockholm/makefu/2configs/sabnzbd.nix> <stockholm/makefu/2configs/torrent.nix> <stockholm/makefu/2configs/iodined.nix> <stockholm/makefu/2configs/vpn/openvpn-server.nix> @@ -58,6 +65,8 @@ in { <stockholm/makefu/2configs/deployment/graphs.nix> <stockholm/makefu/2configs/deployment/owncloud.nix> <stockholm/makefu/2configs/deployment/boot-euer.nix> + <stockholm/makefu/2configs/deployment/bgt/hidden_service.nix> + { services.taskserver.enable = true; services.taskserver.fqdn = config.krebs.build.host.name; @@ -76,14 +85,41 @@ in { # <stockholm/makefu/2configs/logging/client.nix> # Temporary: - <stockholm/makefu/2configs/temp/rst-issue.nix> + # <stockholm/makefu/2configs/temp/rst-issue.nix> + <stockholm/makefu/2configs/virtualisation/docker.nix> + + #{ + # services.dockerRegistry.enable = true; + # networking.firewall.allowedTCPPorts = [ 8443 ]; + + # services.nginx.virtualHosts."euer.krebsco.de" = { + # forceSSL = true; + # enableACME = true; + # extraConfig = '' + # client_max_body_size 1000M; + # ''; + # locations."/".proxyPass = "http://localhost:5000"; + # }; + #} + { # wireguard server + networking.firewall.allowedUDPPorts = [ 51820 ]; + #networking.wireguard.interfaces.wg0 = { + # ips = [ "10.244.0.1/24" ]; + # privateKeyFile = (toString <secrets>) + "/wireguard.key"; + # allowedIPsAsRoutes = true; + # peers = [{ + # allowedIPs = [ "0.0.0.0/0" "::/0" ]; + # publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + # }]; + #}; + } ]; makefu.dl-dir = "/var/download"; services.openssh.hostKeys = [ - { bits = 4096; path = <secrets/ssh_host_rsa_key>; type = "rsa"; } - { path = <secrets/ssh_host_ed25519_key>; type = "ed25519"; } ]; + { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; } + { path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ]; ###### stable services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; krebs.build.host = config.krebs.hosts.gum; diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix index 3b06660c6..5352b029f 100644 --- a/makefu/1systems/latte/config.nix +++ b/makefu/1systems/latte/config.nix @@ -18,7 +18,7 @@ in { # Security <stockholm/makefu/2configs/sshd-totp.nix> - <stockholm/makefu/2configs/stats/client.nix> + # <stockholm/makefu/2configs/stats/client.nix> # Tools <stockholm/makefu/2configs/tools/core.nix> diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index a22ff10bd..4af87dc10 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -61,6 +61,7 @@ in { # logs to influx <stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/telegraf> + <stockholm/makefu/2configs/stats/telegraf/europastats.nix> # services <stockholm/makefu/2configs/syncthing.nix> @@ -82,7 +83,7 @@ in { # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload # Temporary: - <stockholm/makefu/2configs/temp/rst-issue.nix> + # <stockholm/makefu/2configs/temp/rst-issue.nix> ]; makefu.full-populate = true; makefu.server.primary-itf = primaryInterface; diff --git a/makefu/1systems/tsp/config.nix b/makefu/1systems/tsp/config.nix index 75a11d3a7..680fa2cbc 100644 --- a/makefu/1systems/tsp/config.nix +++ b/makefu/1systems/tsp/config.nix @@ -1,20 +1,20 @@ # # # -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { imports = [ # Include the results of the hardware scan. <stockholm/makefu> - <stockholm/makefu/2configs/gui/base.nix> + <stockholm/makefu/2configs/main-laptop.nix> + <stockholm/makefu/2configs/tools/all.nix> <stockholm/makefu/2configs/fs/sda-crypto-root.nix> # hardware specifics are in here # imports tp-x2x0.nix - <stockholm/makefu/2configs/hw/tp-x200.nix> + # <stockholm/makefu/2configs/hw/tp-x200.nix> - <stockholm/makefu/2configs/disable_v6.nix> - <stockholm/makefu/2configs/rad1o.nix> + # <stockholm/makefu/2configs/rad1o.nix> <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/exim-retiolum.nix> @@ -22,9 +22,43 @@ ]; # not working in vm krebs.build.host = config.krebs.hosts.tsp; + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; + boot.loader.grub.copyKernels = true; networking.firewall.allowedTCPPorts = [ 25 ]; + # acer aspire + networking.wireless.enable = lib.mkDefault true; + + services.xserver.synaptics.enable = true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.cpu.intel.updateMicrocode = true; + + zramSwap.enable = true; + zramSwap.numDevices = 2; + + services.tlp.enable = true; + services.tlp.extraConfig = '' + # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery + START_CHARGE_THRESH_BAT0=67 + STOP_CHARGE_THRESH_BAT0=100 + + + CPU_SCALING_GOVERNOR_ON_AC=performance + CPU_SCALING_GOVERNOR_ON_BAT=ondemand + CPU_MIN_PERF_ON_AC=0 + CPU_MAX_PERF_ON_AC=100 + CPU_MIN_PERF_ON_BAT=0 + CPU_MAX_PERF_ON_BAT=30 + ''; + + powerManagement.resumeCommands = '' + ${pkgs.rfkill}/bin/rfkill unblock all + ''; + } diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 3a53b70cb..c30ee4c58 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -3,6 +3,7 @@ let rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115"; datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F"; user = config.makefu.gui.user; + primaryIP = "192.168.8.11"; in { imports = @@ -10,23 +11,63 @@ in { <stockholm/makefu> <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/tools/core-gui.nix> - <stockholm/makefu/2configs/tools/extra-gui.nix> - <stockholm/makefu/2configs/tools/media.nix> + <stockholm/makefu/2configs/disable_v6.nix> + # <stockholm/makefu/2configs/tools/core-gui.nix> + # <stockholm/makefu/2configs/tools/extra-gui.nix> + # <stockholm/makefu/2configs/tools/media.nix> <stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/mqtt.nix> - <stockholm/makefu/2configs/deployment/led-fader.nix> # <stockholm/makefu/2configs/gui/wbob-kiosk.nix> + <stockholm/makefu/2configs/stats/client.nix> + # <stockholm/makefu/2configs/gui/studio-virtual.nix> # <stockholm/makefu/2configs/audio/jack-on-pulse.nix> # <stockholm/makefu/2configs/audio/realtime-audio.nix> # <stockholm/makefu/2configs/vncserver.nix> - <stockholm/makefu/2configs/temp/rst-issue.nix> + # Services <stockholm/makefu/2configs/remote-build/slave.nix> + <stockholm/makefu/2configs/share/wbob.nix> + + <stockholm/makefu/2configs/stats/telegraf> + <stockholm/makefu/2configs/deployment/led-fader.nix> + <stockholm/makefu/2configs/stats/external/aralast.nix> + <stockholm/makefu/2configs/stats/telegraf/airsensor.nix> + <stockholm/makefu/2configs/deployment/bureautomation> + (let + collectd-port = 25826; + influx-port = 8086; + grafana-port = 3000; # TODO nginx forward + db = "collectd_db"; + logging-interface = "enp0s25"; + in { + services.grafana.enable = true; + services.grafana.addr = "0.0.0.0"; + + services.influxdb.enable = true; + services.influxdb.extraConfig = { + meta.hostname = config.krebs.build.host.name; + # meta.logging-enabled = true; + http.bind-address = ":${toString influx-port}"; + admin.bind-address = ":8083"; + collectd = [{ + enabled = true; + typesdb = "${pkgs.collectd}/share/collectd/types.db"; + database = db; + bind-address = ":${toString collectd-port}"; + }]; + }; + + networking.firewall.extraCommands = '' + iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + ''; + }) + + # temporary + # <stockholm/makefu/2configs/temp/rst-issue.nix> ]; krebs = { diff --git a/makefu/1systems/wbob/source.nix b/makefu/1systems/wbob/source.nix index 6f079d712..b768aa87d 100644 --- a/makefu/1systems/wbob/source.nix +++ b/makefu/1systems/wbob/source.nix @@ -1,4 +1,4 @@ import <stockholm/makefu/source.nix> { name="wbob"; - musnix = true; + # musnix = true; } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index f7db75564..1dd1a070f 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -23,8 +23,6 @@ with import <stockholm/lib>; # <stockholm/makefu/2configs/deployment/wiki-irc-bot> # <stockholm/makefu/2configs/torrent.nix> - # <stockholm/makefu/2configs/lanparty/lancache.nix> - # <stockholm/makefu/2configs/lanparty/lancache-dns.nix> # <stockholm/makefu/2configs/deployment/dirctator.nix> # <stockholm/makefu/2configs/vncserver.nix> # <stockholm/makefu/2configs/deployment/led-fader> @@ -64,7 +62,7 @@ with import <stockholm/lib>; <stockholm/makefu/2configs/hw/rtl8812au.nix> <stockholm/makefu/2configs/hw/exfat-nofuse.nix> <stockholm/makefu/2configs/hw/wwan.nix> - <stockholm/makefu/2configs/hw/stk1160.nix> + # <stockholm/makefu/2configs/hw/stk1160.nix> # <stockholm/makefu/2configs/rad1o.nix> # Filesystem @@ -75,6 +73,11 @@ with import <stockholm/lib>; { programs.adb.enable = true; } + # temporary + # <stockholm/makefu/2configs/lanparty/lancache.nix> + # <stockholm/makefu/2configs/lanparty/lancache-dns.nix> + # <stockholm/makefu/2configs/lanparty/samba.nix> + # <stockholm/makefu/2configs/lanparty/mumble-server.nix> ]; @@ -84,7 +87,6 @@ with import <stockholm/lib>; nixpkgs.config.allowUnfree = true; - environment.systemPackages = [ pkgs.passwdqc-utils ]; # configure pulseAudio to provide a HDMI sink as well @@ -102,4 +104,7 @@ with import <stockholm/lib>; ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; + + nix.package = pkgs.nixUnstable; + environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; } diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix index 166365ba0..a4d02af6b 100644 --- a/makefu/2configs/backup.nix +++ b/makefu/2configs/backup.nix @@ -31,6 +31,19 @@ in { krebs.backup.plans = { # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; gum-to-omo_root = defaultPull config.krebs.hosts.gum "/"; + gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )// + { + dst.path = "/media/cryptX/backup/gum/var-download"; + dst.host = defaultBackupServer; + startAt = "19:00"; + }; + gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )// + { + dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de"; + dst.host = defaultBackupServer; + + startAt = "05:00"; + }; # wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/"; }; environment.systemPackages = [ diff --git a/makefu/2configs/deployment/bgt/hidden_service.nix b/makefu/2configs/deployment/bgt/hidden_service.nix new file mode 100644 index 000000000..c1a31b8dc --- /dev/null +++ b/makefu/2configs/deployment/bgt/hidden_service.nix @@ -0,0 +1,48 @@ +{ pkgs, lib, ... }: + +with lib; +let + name = "bgt_cyberwar_hidden_service"; + sec = (toString <secrets>) + "/"; + secdir = sec + name; + srvdir = "/var/lib/tor/onion/"; + basedir = srvdir + name; + hn = builtins.readFile (secdir + "/hostname"); +in +{ + systemd.services.prepare-hidden-service = { + wantedBy = [ "local-fs.target" ]; + before = [ "tor.service" ]; + serviceConfig = { + ExecStart = pkgs.writeScript "prepare-euer-blog-service" '' + #!/bin/sh + set -euf + if ! test -d "${basedir}" ;then + mkdir -p "${srvdir}" + cp -r "${secdir}" "${srvdir}" + chown -R tor:tor "${srvdir}" + chmod -R 700 "${basedir}" + else + echo "not overwriting ${basedir}" + fi + ''; + Type = "oneshot"; + RemainAfterExit = "yes"; + TimeoutSec = "0"; + }; + }; + services.nginx.virtualHosts."${hn}".locations."/" = { + proxyPass = "https://blog.binaergewitter.de"; + extraConfig = '' + proxy_set_header Host blog.binaergewitter.de; + proxy_ssl_server_name on; + ''; + }; + services.tor = { + enable = true; + hiddenServices."${name}".map = [ + { port = "80"; } + # { port = "443"; toHost = "blog.binaergewitter.de"; } + ]; + }; +} diff --git a/makefu/2configs/deployment/bureautomation/default.nix b/makefu/2configs/deployment/bureautomation/default.nix new file mode 100644 index 000000000..3897537ea --- /dev/null +++ b/makefu/2configs/deployment/bureautomation/default.nix @@ -0,0 +1,41 @@ +{ pkgs, lib, ... }: + +with lib; +let + port = 3001; + runit = pkgs.writeDash "runit" '' + set -xeuf + PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin + name=''${1?must provide name as first arg} + state=''${2?must provide state as second arg} + # val=''${3?must provide val as third arg} + + # we ignore non-alerting events + test $state = alerting || exit 0 + + echo $name - $state + curl 'http://bauarbeiterlampe/ay?o=1' + sleep 5 + curl 'http://bauarbeiterlampe/ay?o=1' + ''; +in { + services.logstash = { + package = pkgs.logstash5; + enable = true; + inputConfig = '' + http { + port => ${toString port} + host => "127.0.0.1" + } + ''; + filterConfig = '' + ''; + outputConfig = '' + stdout { codec => json } + exec { command => "${runit} '%{ruleName}' '%{state}'" } + ''; + extraSettings = '' + path.plugins: [ "${pkgs.logstash-output-exec}" ] + ''; + }; +} diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index 4c17a1d50..292b6679d 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -1,27 +1,25 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, buildPythonPackage, ... }: -with import <stockholm/lib>; let mq = "192.168.8.11"; - pkg = pkgs.stdenv.mkDerivation { + pkg = pkgs.python3Packages.buildPythonPackage { name = "ampel-master"; + src = pkgs.fetchgit { url = "http://cgit.euer.krebsco.de/ampel"; - rev = "07a6791de368e16cc0864d2676fd255eba522cee"; - sha256 = "1jxjapvkfglvgapy7gjbr1nra3ay418nvz70bvypcmv7wc8d4h8q"; + rev = "531741b"; + sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c"; }; - buildInputs = [ - (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [ + propagatedBuildInputs = with pkgs.python3Packages; [ docopt paho-mqtt - ])) + requests + pytz + influxdb + httplib2 + google_api_python_client ]; - installPhase = '' - install -m755 -D fade.py $out/bin/fade.py - install -m755 -D ampel.py $out/bin/ampel - install -m755 -D times.json $out/share/times.json - ''; }; in { systemd.services.led-fader = { @@ -34,7 +32,9 @@ in { serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2"; - ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; + ExecStart = "${pkg}/bin/ampel 4"; + Restart = "always"; + RestartSec = 10; PrivateTmp = true; }; }; diff --git a/makefu/2configs/deployment/scrape/default.nix b/makefu/2configs/deployment/scrape/default.nix new file mode 100644 index 000000000..c7a5b5c14 --- /dev/null +++ b/makefu/2configs/deployment/scrape/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./elkstack.nix + ./selenium.nix + ]; +} diff --git a/makefu/2configs/temp/elkstack.nix b/makefu/2configs/deployment/scrape/elkstack.nix index c6bf1c6d8..c6bf1c6d8 100644 --- a/makefu/2configs/temp/elkstack.nix +++ b/makefu/2configs/deployment/scrape/elkstack.nix diff --git a/makefu/2configs/deployment/scrape/selenium.nix b/makefu/2configs/deployment/scrape/selenium.nix new file mode 100644 index 000000000..d700259ba --- /dev/null +++ b/makefu/2configs/deployment/scrape/selenium.nix @@ -0,0 +1,65 @@ +{config, pkgs, lib, ...}: +with <stockholm/lib>; +let + selenium-pw = <secrets/selenium-vncpasswd>; +in { + services.jenkinsSlave.enable = true; + users.users.selenium = { + uid = genid "selenium"; + extraGroups = [ "plugdev" ]; + }; + + fonts.enableFontDir = true; + + # networking.firewall.allowedTCPPorts = [ 5910 ]; + + systemd.services.selenium-X11 = + { + description = "X11 vnc for selenium"; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.xorg.xorgserver pkgs.tightvnc pkgs.dwm ]; + environment = + { + DISPLAY = ":10"; + }; + script = '' + set -ex + [ -e /tmp/.X10-lock ] && ( set +e ; chmod u+w /tmp/.X10-lock ; rm /tmp/.X10-lock ) + [ -e /tmp/.X11-unix/X10 ] && ( set +e ; chmod u+w /tmp/.X11-unix/X10 ; rm /tmp/.X11-unix/X10 ) + mkdir -p ~/.vnc + cp -f ${selenium-pw} ~/.vnc/passwd + chmod go-rwx ~/.vnc/passwd + echo > ~/.vnc/xstartup + chmod u+x ~/.vnc/xstartup + vncserver $DISPLAY -geometry 1280x1024 -depth 24 -name jenkins -ac + dwm + ''; + preStop = '' + vncserver -kill $DISPLAY + ''; + serviceConfig = { + User = "selenium"; + }; + }; + + systemd.services.selenium-server = + { + description = "selenium-server"; + wantedBy = [ "multi-user.target" ]; + requires = [ "selenium-X11.service" ]; + path = [ pkgs.chromium + pkgs.firefoxWrapper ]; + environment = + { + DISPLAY = ":10"; + }; + script = '' + ${pkgs.selenium-server-standalone}/bin/selenium-server -Dwebdriver.enable.native.events=1 + ''; + serviceConfig = { + User = "selenium"; + }; + }; + + +} diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix deleted file mode 100644 index b3a9e1a5a..000000000 --- a/makefu/2configs/hw/stk1160.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: -{ - # TODO: un-pin linuxPackages somehow - boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages; - nixpkgs.config.packageOverrides = pkgs: { - linux_4_9 = pkgs.linux_4_9.override { - extraConfig = '' - MEDIA_ANALOG_TV_SUPPORT y - VIDEO_STK1160_COMMON m - VIDEO_STK1160_AC97 y - VIDEO_STK1160 m - ''; - }; - }; -} diff --git a/makefu/2configs/lanparty/lancache-dns.nix b/makefu/2configs/lanparty/lancache-dns.nix index 4b4ebf0a0..c9da7c4c4 100644 --- a/makefu/2configs/lanparty/lancache-dns.nix +++ b/makefu/2configs/lanparty/lancache-dns.nix @@ -1,6 +1,19 @@ { pkgs, lib, config, ... }: with import <stockholm/lib>; let + upstream-server = "8.8.8.8"; + # make sure the router pins the ip address to the deployed host + # and set it as dns server ( dhcp option 6,192.168.10.10 ) + local_ip = "192.168.10.10"; + + extra-config = pkgs.writeText "local.conf" '' + server: + local-data: "piratebox. A ${local_ip}" + local-data: "store. A ${local_ip}" + local-data: "share. A ${local_ip}" + ''; + + # see https://github.com/zeropingheroes/lancache for full docs lancache-dns = pkgs.stdenv.mkDerivation rec { name = "lancache-dns-2017-06-28"; @@ -11,8 +24,9 @@ let rev = "420aa62"; sha256 = "0ik7by7ripdv2avyy5kk9jp1i7rz9ksc8xmg7n9iik365q9pv94m"; }; + phases = [ "unpackPhase" "installPhase" ]; - # here we can chance to edit `includes/proxy-cache-paths.conf` + # here we have the chance to edit `includes/proxy-cache-paths.conf` installPhase = '' mkdir -p $out cp -r * $out/ @@ -20,7 +34,6 @@ let }; stateDir = "/var/lib/unbound"; user = "unbound"; - upstream-server = "8.8.8.8"; in { services.unbound = { enable = true; @@ -29,6 +42,7 @@ in { forwardAddresses = [ upstream-server ]; extraConfig = '' include: "${stateDir}/lancache/*.conf" + include: "${extra-config}" ''; }; services.dnscrypt-proxy.enable = lib.mkForce false; @@ -42,7 +56,8 @@ in { path = [ pkgs.gawk pkgs.iproute pkgs.gnused ]; script = '' set -xeu - current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}') + # current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}') + current_ip=${local_ip} old_ip=10.1.1.250 mkdir -p ${stateDir} rm -rvf ${stateDir}/lancache diff --git a/makefu/2configs/lanparty/lancache.nix b/makefu/2configs/lanparty/lancache.nix index 3df2e3f59..bcacf2e15 100644 --- a/makefu/2configs/lanparty/lancache.nix +++ b/makefu/2configs/lanparty/lancache.nix @@ -17,15 +17,21 @@ let installPhase = '' mkdir -p $out cp -r * $out/ + rm $out/caches-enabled/* sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \ -e '1 idaemon off;' \ + -e 's#/var/lancache#${cfg.statedir}#g' \ $out/nginx.conf + sed -i -e 's#/var/lancache#${cfg.statedir}#g' \ + $out/*/*.conf + ln -s $out/caches-available/* $out/caches-enabled/ ''; }; cfg = { + statedir = "/data/cache"; + group = "nginx-lancache"; user = "nginx-lancache"; - statedir = "/var/lancache"; package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{ configureFlags = old.configureFlags ++ [ "--with-http_slice_module" @@ -43,6 +49,7 @@ in { preStart = '' mkdir -p ${cfg.statedir} && cd ${cfg.statedir} + chmod 700 ${cfg.statedir} PATH_CACHE=$PATH_BASE/cache PATH_LOGS=$PATH_BASE/logs diff --git a/makefu/2configs/lanparty/mumble-server.nix b/makefu/2configs/lanparty/mumble-server.nix new file mode 100644 index 000000000..5b9631cd1 --- /dev/null +++ b/makefu/2configs/lanparty/mumble-server.nix @@ -0,0 +1,12 @@ +{ config, ... }: +{ + networking.firewall.allowedTCPPorts = [ 64738 ]; + networking.firewall.allowedUDPPorts = [ 64738 ]; + services.murmur = { + enable = true; + welcometext = "Welcome to the LANest Party mumble server"; + bonjour = true; + hostName = "0.0.0.0"; + sendVersion = true; + }; +} diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index de834ab16..4176d7b35 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -10,9 +10,16 @@ }; services.samba = { enable = true; + enableNmbd = true; shares = { - share-home = { + lanparty = { path = "/data/lanparty/"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + share = { + path = "/data/incoming"; "read only" = "no"; browseable = "yes"; "guest ok" = "yes"; diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 7d7a4ec57..e4fef7c3c 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -30,20 +30,14 @@ in { browseable = "yes"; "guest ok" = "yes"; }; - usenet = { - path = "/media/crypt0/usenet/dst"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - pyload = { - path = "/media/crypt0/pyload"; + crypt0 = { + path = "/media/crypt0"; "read only" = "yes"; browseable = "yes"; "guest ok" = "yes"; }; - crypt0 = { - path = "/media/crypt0"; + crypX-games = { + path = "/media/cryptX/games"; "read only" = "yes"; browseable = "yes"; "guest ok" = "yes"; diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix new file mode 100644 index 000000000..7d3fc38fe --- /dev/null +++ b/makefu/2configs/share/wbob.nix @@ -0,0 +1,38 @@ +{config, ... }:{ + networking.firewall.allowedUDPPorts = [ 137 138 ]; + networking.firewall.allowedTCPPorts = [ 139 445 ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + services.samba = { + enable = true; + enableNmbd = true; + shares = { + incoming = { + path = "/data/incoming"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + data = { + path = "/data/"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} diff --git a/makefu/2configs/stats/telegraf/airsensor.nix b/makefu/2configs/stats/telegraf/airsensor.nix new file mode 100644 index 000000000..09d23e7d4 --- /dev/null +++ b/makefu/2configs/stats/telegraf/airsensor.nix @@ -0,0 +1,19 @@ +{ pkgs, ...}: + +{ + services.udev.extraRules = '' + SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input" + ''; + users.users.telegraf.extraGroups = [ "input" ]; + services.telegraf.extraConfig.inputs.exec = [ + { + commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"]; + timeout = "10s"; + data_format = "value"; + data_type = "integer"; + name_override = "airquality"; + interval = "10s"; + tags.unit="VOC"; + } + ]; +} diff --git a/makefu/2configs/stats/telegraf/default.nix b/makefu/2configs/stats/telegraf/default.nix index 4da6561d6..049a9c037 100644 --- a/makefu/2configs/stats/telegraf/default.nix +++ b/makefu/2configs/stats/telegraf/default.nix @@ -2,9 +2,6 @@ let url = "http://localhost:8086"; in { - imports = [ - ./europastats.nix - ]; services.telegraf = { enable = true; extraConfig = { diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix index 8a15ae2e7..7e9a459c3 100644 --- a/makefu/2configs/tools/core.nix +++ b/makefu/2configs/tools/core.nix @@ -5,38 +5,44 @@ # # essentially `nix-env -q` of the main user { - krebs.per-user.makefu.packages = with pkgs; [ + environment.systemPackages = with pkgs; [ at_spi2_core acpi bc rsync exif file + lsof + which + binutils + # fs - ntfs3g + cifs-utils dosfstools + ntfs3g + smartmontools + + # io pv sshpass usbutils p7zip hdparm + + # net + wget + curl inetutils ncftp - mutt tcpdump sysstat - which - weechat wol - tmux iftop + mkpasswd - # storage - smartmontools - cifs-utils - # net - wget - curl + mutt + weechat + tmux # stockholm git diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index d3d50c433..26e9808b2 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -2,7 +2,8 @@ { users.users.makefu.packages = with pkgs;[ - python35Packages.virtualenv + python3Packages.virtualenv + python3Packages.pyserial # embedded gi flashrom @@ -12,10 +13,12 @@ esptool cac-api cac-panel + krebszones ovh-zone whatsupnix brain gen-oath-safe cdrtools + stockholm ]; } diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index bcc068d82..e25290297 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -14,5 +14,6 @@ saleae-logic arduino-user-env gitAndTools.gitFull + signal-desktop ]; } diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 8e815da5e..40ea4523d 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -6,5 +6,7 @@ ]; users.users.makefu.packages = with pkgs; [ games-user-env + wine + pkg2zip ]; } diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 817cd9ead..3dc02937d 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -13,6 +13,6 @@ thc-hydra borgbackup ledger - u3_tool + u3-tool ]; } diff --git a/makefu/2configs/tools/studio.nix b/makefu/2configs/tools/studio.nix index add021acd..0356ba391 100644 --- a/makefu/2configs/tools/studio.nix +++ b/makefu/2configs/tools/studio.nix @@ -5,6 +5,13 @@ obs-studio studio-link audacity - owncloudclient + darkice + # owncloudclient + (pkgs.writeScriptBin "prepare-pulseaudio" '' + pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming" + pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream latency_msec=1 + pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream latency_msec=1 + darkice -c ~/lol.conf + '') ]; } diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index f280fc852..6be078f6a 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -8,11 +8,12 @@ in users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh"; programs.zsh= { enable = true; - enableCompletion = false ; #manually at the end + enableCompletion = true ; #manually at the end interactiveShellInit = '' HISTSIZE=900001 HISTFILESIZE=$HISTSIZE SAVEHIST=$HISTSIZE + HISTFILE=$HOME/.zsh_history setopt HIST_IGNORE_ALL_DUPS setopt HIST_IGNORE_SPACE @@ -65,13 +66,15 @@ in zle -N fzf-file-widget bindkey '^T' fzf-file-widget - # Auto-Completion - for p in ''${(z)NIX_PROFILES}; do - fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions) - done - autoload -U compinit && compinit compdef _pass brain zstyle ':completion::complete:brain::' prefix "$HOME/brain" + + # ctrl-x ctrl-e + autoload -U edit-command-line + zle -N edit-command-line + bindkey '^xe' edit-command-line + bindkey '^x^e' edit-command-line + ''; promptInit = '' diff --git a/makefu/5pkgs/PkgDecrypt/default.nix b/makefu/5pkgs/PkgDecrypt/default.nix new file mode 100644 index 000000000..80bcbcac1 --- /dev/null +++ b/makefu/5pkgs/PkgDecrypt/default.nix @@ -0,0 +1,27 @@ +{ stdenv, lib, pkgs, fetchFromGitHub, ... }: +stdenv.mkDerivation rec { + name = "PkgDecrypt-2017-12-01"; + rev = "e2f9518"; + + src = fetchFromGitHub { + owner = "St4rk"; + repo = "PkgDecrypt"; + inherit rev; + sha256 = "0dk13qamxyny0vc990s06vqddxwwc6xmikb1pkc3rnys98yda29p"; + }; + + installPhase = '' + install -m755 -D pkg_dec $out/bin/pkg_dec + install -m755 -D make_key $out/bin/make_key + ''; + + buildInputs = with pkgs;[ + zlib + ]; + + meta = { + homepage = https://github.com/St4rk/PkgDecrypt; + description = "St4rk's Vita pkg decrypter"; + license = lib.licenses.gpl2; + }; +} diff --git a/makefu/5pkgs/airsensor-py/default.nix b/makefu/5pkgs/airsensor-py/default.nix new file mode 100644 index 000000000..4eae26c0d --- /dev/null +++ b/makefu/5pkgs/airsensor-py/default.nix @@ -0,0 +1,17 @@ +{ pkgs, fetchFromGitHub, ... }: +with pkgs.python3Packages; +buildPythonApplication rec { + name = "airsensor-py-${version}"; + version = "2017-12-05"; + propagatedBuildInputs = [ + pyusb + click + ]; + + src = fetchFromGitHub { + owner = "makefu"; + repo = "airsensor-py"; + rev = "7ac5f185dc848fca1b556e4c0396dd73f6a93995"; + sha256 = "0387b025y8kb0zml7916p70hmzc3y18kqh46b9xv5qayljxymq2w"; + }; +} diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index e99aa696b..80a0d33cd 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -24,14 +24,17 @@ in { alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { }; - inherit (callPackage ./devpi {}) devpi-web devpi-server; + inherit (callPackage ./devpi {}) devpi-web ; nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {}; inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: { patches = [ ./custom/inkscape/dxf_fix.patch ]; }); pwqgen-ger = callPackage <stockholm/krebs/5pkgs/simple/passwdqc-utils> { wordset-file = super.pkgs.fetchurl { - url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ; + urls = [ + https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c + https://archive.org/download/nixos-stockholm-tarballs/pviar5j1gxiqcf3l34b4n2pil06xc8zf-wordset_4k.c + ]; sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; }; }; diff --git a/makefu/5pkgs/devpi/default.nix b/makefu/5pkgs/devpi/default.nix index e7c26da55..3ddcd9641 100644 --- a/makefu/5pkgs/devpi/default.nix +++ b/makefu/5pkgs/devpi/default.nix @@ -14,18 +14,6 @@ let propagatedBuildInputs = with pkgs.python3Packages; [ docutils bleach pygments ]; }; - devpi-client = pkgs.python3Packages.buildPythonPackage rec { - name = "devpi-client"; - version = "2.7.0"; - - src = pkgs.fetchurl { - url = "mirror://pypi/d/devpi-client/devpi-client-${version}.tar.gz"; - sha256 = "0z7vaf0a66n82mz0vx122pbynjvkhp2mjf9lskgyv09y3bxzzpj3"; - }; - patches = [ ./py3-fix-encoding.patch ]; - buildInputs = with pkgs.python3Packages; [ tox check-manifest pkginfo ]; - propagatedBuildInputs = with pkgs.python3Packages; [ devpi-common py ]; - }; devpi-web = pkgs.python3Packages.buildPythonPackage rec { name = "devpi-web"; version = "3.1.1"; @@ -37,7 +25,7 @@ let }; propagatedBuildInputs = with pkgs.python3Packages; - [ devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ]; + [ pkgs.devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ]; meta = { homepage = https://bitbucket.org/hpk42/devpi; @@ -47,53 +35,7 @@ let }; }; - devpi-common-3 = pkgs.python3Packages.buildPythonPackage rec { - name = "devpi-common"; - version = "3.0.1"; - - src = pkgs.fetchurl { - url = "mirror://pypi/d/devpi-common/devpi-common-${version}.tar.gz"; - sha256 = "0l3a7iyk596x6pvzg7604lzzi012qszr804fqn6f517zcy1xz23j"; - }; - - propagatedBuildInputs = with pkgs.python3Packages; [ requests py ]; - - meta = { - homepage = https://bitbucket.org/hpk42/devpi; - description = "Utilities jointly used by devpi-server and devpi-client"; - license = licenses.mit; - maintainers = with maintainers; [ lewo makefu ]; - }; - }; - - devpi-server = pkgs.python3Packages.buildPythonPackage rec { - name = "devpi-server"; - version = "4.1.1"; - - # original postFixup adds "import sys; sys.argv[0] = 'devpi-server'" to - # `.devpi-server-wrapped` which - # results in "not existing devpi-server: 'devpi-server'" - postFixup = ""; - - src = pkgs.fetchurl { - url = "mirror://pypi/d/devpi-server/devpi-server-${version}.tar.gz"; - sha256 = "1icbn1nw6w0sc5150fr69rlhs0j5ldnnxfzl2qabq2wi0dbar8hf"; - }; - - propagatedBuildInputs = with pkgs.python3Packages; - [ devpi-common-3 execnet itsdangerous pluggy waitress pyramid ]; - buildInputs = with pkgs.python3Packages; [ pytest beautifulsoup4 webtest ]; - - meta = { - homepage = https://bitbucket.org/hpk42/devpi; - description = "Devpi Server"; - license = licenses.mit; - maintainers = with maintainers; [ makefu ]; - }; - }; - in { - inherit devpi-server devpi-client; devpi-web = pkgs.python3.buildEnv.override { extraLibs = [ devpi-web devpi-server ]; }; diff --git a/makefu/5pkgs/pkg2zip/default.nix b/makefu/5pkgs/pkg2zip/default.nix new file mode 100644 index 000000000..36c3d7176 --- /dev/null +++ b/makefu/5pkgs/pkg2zip/default.nix @@ -0,0 +1,29 @@ +{ stdenv, lib, pkgs, fetchFromGitHub, ... }: +stdenv.mkDerivation rec { + name = "pkg2zip-2017-12-01"; + rev = "fccad26"; + + src = fetchFromGitHub { + owner = "mmozeiko"; + repo = "pkg2zip"; + inherit rev; + sha256 = "1sq9yx5cbllmc0yyxhvb6c0yq1mkd1mn8njgkkgxz8alw9zwlarp"; + }; + + installPhase = '' + install -m755 -D pkg2zip $out/bin/pkg2zip + + install -m755 -D rif2zrif.py $out/bin/rif2zrif + install -m755 -D zrif2rif.py $out/bin/zrif2rif + ''; + + buildInputs = with pkgs;[ + python3 + ]; + + meta = { + homepage = https://github.com/St4rk/PkgDecrypt; + description = "St4rk's Vita pkg decrypter"; + license = lib.licenses.gpl2; + }; +} diff --git a/makefu/5pkgs/u3_tool/default.nix b/makefu/5pkgs/u3_tool/default.nix deleted file mode 100644 index e8c5573a8..000000000 --- a/makefu/5pkgs/u3_tool/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - proj = "u3-tool"; - name = "${proj}-${version}"; - version = "0.3"; - - enableParallelBuilding = true; - - src = fetchurl { - url = "mirror://sourceforge/${proj}/${name}.tar.gz"; - sha256 = "1p9c9kibd1pdbdfa0nd0i3n7bvzi3xg0chm38jg3xfl8gsn0390f"; - }; - - meta = { - description = "Tool for controlling the special features of a 'U3 smart drive' USB Flash disk."; - homepage = https://sourceforge.net/projects/u3-tool/ ; - license = stdenv.lib.licenses.gpl2; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ makefu ]; - }; -} diff --git a/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname b/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname new file mode 100644 index 000000000..2ae3807f1 --- /dev/null +++ b/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname @@ -0,0 +1 @@ +dickbutt2342.onion diff --git a/makefu/source.nix b/makefu/source.nix index 8c880a8e2..ce5855430 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,9 +11,8 @@ let then "buildbot" else "makefu"; _file = <stockholm> + "/makefu/1systems/${name}/source.nix"; - ref = "809cf38"; # unstable @ 2017-10-07 - # + ruby stuff (2f0b17e4be9,55a952be5b5) - # + mitmproxy fix (360a5efd,ef52c95b) + ref = "3874de4"; # unstable @ 2017-12-08 + # + do_sqlite3 ruby: 55a952be5b5 in evalSource (toString _file) [ diff --git a/mv/1systems/stro/config.nix b/mv/1systems/stro/config.nix index 669655eec..941b3f69e 100644 --- a/mv/1systems/stro/config.nix +++ b/mv/1systems/stro/config.nix @@ -14,7 +14,6 @@ with import <stockholm/lib>; imports = [ <secrets> <stockholm/krebs> - <stockholm/tv/2configs/audit.nix> <stockholm/tv/2configs/bash> <stockholm/tv/2configs/exim-retiolum.nix> <stockholm/tv/2configs/hw/x220.nix> @@ -2,239 +2,16 @@ let lib = import ./lib; pkgs = import <nixpkgs> { overlays = [(import ./krebs/5pkgs)]; }; - # - # high level commands - # - - cmds.deploy = pkgs.withGetopt { - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target.default = /* sh */ "$system"; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeDash "cmds.deploy" '' - set -efu - - . ${init.env} - . ${init.proxy "deploy" opts} - - # Use system's nixos-rebuild, which is not self-contained - export PATH=/run/current-system/sw/bin - exec ${utils.with-whatsupnix} \ - nixos-rebuild switch \ - --show-trace \ - -I "$target_path" - ''); - - cmds.install = pkgs.withGetopt { - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target = {}; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeBash "cmds.install" '' - set -efu - - . ${init.env} - - if \test "''${using_proxy-}" != true; then - ${pkgs.openssh}/bin/ssh \ - -o StrictHostKeyChecking=no \ - -o UserKnownHostsFile=/dev/null \ - "$target_user@$target_host" -p "$target_port" \ - env target_path=$(quote "$target_path") \ - sh -s prepare < ${./krebs/4lib/infest/prepare.sh} - # TODO inline prepare.sh? - fi - - . ${init.proxy "install" opts} - - # Reset PATH because we need access to nixos-install. - # TODO provide nixos-install instead of relying on prepare.sh - export PATH="$OLD_PATH" - - # these variables get defined by nix-shell (i.e. nix-build) from - # XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0), - # which only exists on / and not at /mnt. - export NIX_BUILD_TOP=/tmp - export TEMPDIR=/tmp - export TEMP=/tmp - export TMPDIR=/tmp - export TMP=/tmp - export XDG_RUNTIME_DIR=/tmp - - export NIXOS_CONFIG="$target_path/nixos-config" - - cd - exec nixos-install - ''); - - cmds.test = pkgs.withGetopt { - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target = {}; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeDash "cmds.test" /* sh */ '' - set -efu - - export dummy_secrets=true - - . ${init.env} - . ${init.proxy "test" opts} - - exec ${utils.build} config.system.build.toplevel - ''); - - # - # low level commands - # - - # usage: get-source SOURCE_FILE - cmds.get-source = pkgs.writeDash "cmds.get-source" '' - set -efu - exec ${pkgs.nix}/bin/nix-instantiate \ - --eval \ - --json \ - --readonly-mode \ - --show-trace \ - --strict \ - "$1" - ''; - - # usage: parse-target [--default=TARGET] TARGET - # TARGET = [USER@]HOST[:PORT][/PATH] - cmds.parse-target = pkgs.withGetopt { - default_target = { - long = "default"; - short = "d"; - }; - } (opts: pkgs.writeDash "cmds.parse-target" '' - set -efu - target=$1; shift - for arg; do echo "$0: bad argument: $arg" >&2; done - if \test $# != 0; then exit 2; fi - exec ${pkgs.jq}/bin/jq \ - -enr \ - --arg default_target "$default_target" \ - --arg target "$target" \ - -f ${pkgs.writeText "cmds.parse-target.jq" '' - def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { - user: .captures[0].string, - host: .captures[1].string, - port: .captures[2].string, - path: .captures[3].string, - }; - def sanitize: with_entries(select(.value != null)); - ($default_target | parse) + ($target | parse | sanitize) | - . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) } - ''} - ''); - - init.env = pkgs.writeText "init.env" /* sh */ '' - export quiet - export system - export target - export user - - default_target=root@$system:22/var/src - - export target_object="$(parse-target "$target" -d "$default_target")" - export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)" - export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)" - export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)" - export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)" - export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" - ''; - - init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ '' - if \test "''${using_proxy-}" != true; then - - source=$(get-source "$source_file") - qualified_target=$target_user@$target_host:$target_port$target_path - if \test "$force_populate" = true; then - echo "$source" | populate --force "$qualified_target" - else - echo "$source" | populate "$qualified_target" - fi - - if \test "$target_local" != true; then - exec ${pkgs.openssh}/bin/ssh \ - "$target_user@$target_host" -p "$target_port" \ - cd "$target_path/stockholm" \; \ - NIX_PATH=$(quote "$target_path") \ - STOCKHOLM_VERSION=$(quote "$STOCKHOLM_VERSION") \ - nix-shell --run "$(quote " - ${lib.concatStringsSep " " (lib.mapAttrsToList - (name: opt: /* sh */ "${opt.varname}=\$(quote ${opt.ref})") - opts - )} \ - using_proxy=true \ - ${lib.shell.escape command} \ - $WITHGETOPT_ORIG_ARGS \ - ")" - fi - fi - ''; - - utils.build = pkgs.writeDash "utils.build" '' - set -efu - ${utils.with-whatsupnix} \ - ${pkgs.nix}/bin/nix-build \ - --no-out-link \ - --show-trace \ - -E "with import <stockholm>; $1" \ - -I "$target_path" \ - ''; - - utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" '' - set -efu - if \test "$quiet" = true; then - "$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix - else - exec "$@" - fi - ''; - - shell.get-version = pkgs.writeDash "shell.get-version" '' - set -efu - version=git.$(${pkgs.git}/bin/git describe --always --dirty) - case $version in (*-dirty) - version=$version@$HOSTNAME - esac - date=$(${pkgs.coreutils}/bin/date +%y.%m) - echo "$date.$version" - ''; - - shell.cmdspkg = pkgs.writeOut "shell.cmdspkg" (lib.mapAttrs' (name: link: - lib.nameValuePair "/bin/${name}" { inherit link; } - ) cmds); - in pkgs.stdenv.mkDerivation { name = "stockholm"; shellHook = /* sh */ '' - export OLD_PATH="$PATH" export NIX_PATH=stockholm=${toString ./.}:nixpkgs=${toString <nixpkgs>} if test -e /nix/var/nix/daemon-socket/socket; then export NIX_REMOTE=daemon fi export PATH=${lib.makeBinPath [ - pkgs.populate - pkgs.quote - shell.cmdspkg - ]} + pkgs.stockholm + ]}''${PATH+:$PATH} eval "$(declare -F | ${pkgs.gnused}/bin/sed s/declare/unset/)" shopt -u no_empty_cmd_completion @@ -251,9 +28,6 @@ in pkgs.stdenv.mkDerivation { : } - export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" - export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}" - PS1='\[\e[38;5;162m\]\w\[\e[0m\] ' ''; } diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix index 71302d594..001ad0bc4 100644 --- a/tv/1systems/alnus/config.nix +++ b/tv/1systems/alnus/config.nix @@ -26,8 +26,9 @@ with import <stockholm/lib>; chromium firefoxWrapper networkmanagerapplet - pidginotr - pidgin-with-plugins + (pkgs.pidgin-with-plugins.override { + plugins = [ pkgs.pidginotr ]; + }) ]; fileSystems = { diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 10d7b2197..6c22971bf 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -57,8 +57,9 @@ with import <stockholm/lib>; gimp iptables libreoffice - pidginotr - pidgin-with-plugins + (pkgs.pidgin-with-plugins.override { + plugins = [ pkgs.pidginotr ]; + }) skype slock tinc_pre diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix new file mode 100644 index 000000000..b564383d7 --- /dev/null +++ b/tv/1systems/querel/config.nix @@ -0,0 +1,95 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: { + + imports = [ + <stockholm/krebs> + <stockholm/tv/2configs> + <stockholm/tv/3modules> + <stockholm/tv/2configs/retiolum.nix> + ]; + + krebs.build.host = config.krebs.hosts.querel; + krebs.build.user = mkForce config.krebs.users.itak; + + boot.initrd.availableKernelModules = [ "ahci" ]; + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices.querel-luks1 = { + allowDiscards = true; + device = "/dev/sda2"; + }; + }; + boot.kernelModules = [ "kvm-intel" ]; + boot.loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + + environment.systemPackages = with pkgs; [ + firefoxWrapper + gimp + kate + libreoffice + (pkgs.pidgin-with-plugins.override { + plugins = [ pkgs.pidginotr ]; + }) + sxiv + texlive.combined.scheme-full + vim + zathura + ]; + + fileSystems = { + "/" = { + device = "/dev/mapper/querel-root"; + fsType = "ext4"; + options = [ "defaults" "discard" ]; + }; + "/home" = { + device = "/dev/mapper/querel-home"; + fsType = "ext4"; + options = [ "defaults" "discard" ]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + }; + + hardware.enableRedistributableFirmware = true; + hardware.pulseaudio.enable = true; + + i18n.defaultLocale = "de_DE.UTF-8"; + + networking.networkmanager.enable = true; + + programs.ssh.startAgent = false; + + services.printing = { + enable = true; + }; + + services.xserver.enable = true; + services.xserver.layout = "de"; + services.xserver.xkbOptions = "eurosign:e"; + + services.xserver.synaptics = { + enable = true; + twoFingerScroll = true; + }; + + services.xserver.desktopManager.plasma5.enable = true; + services.xserver.displayManager.auto = { + enable = true; + user = "itak"; + }; + + users.users.itak = { + inherit (config.krebs.users.itak) home uid; + isNormalUser = true; + extraGroups = [ + "audio" + "video" + "networkmanager" + ]; + }; +} diff --git a/tv/1systems/querel/source.nix b/tv/1systems/querel/source.nix new file mode 100644 index 000000000..74eab51e4 --- /dev/null +++ b/tv/1systems/querel/source.nix @@ -0,0 +1,3 @@ +import <stockholm/tv/source.nix> { + name = "querel"; +} diff --git a/tv/2configs/audit.nix b/tv/2configs/audit.nix deleted file mode 100644 index 644741a5b..000000000 --- a/tv/2configs/audit.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - security.audit = { - rules = [ - "-a task,never" - ]; - }; -} diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index f76fb2e01..14d381568 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -22,6 +22,12 @@ with import <stockholm/lib>; dst = { host = config.krebs.hosts.zu; path = "/bku/nomic-home"; }; startAt = "04:20"; }; + nomic-pull-querel-home = { + method = "pull"; + src = { host = config.krebs.hosts.querel; path = "/home"; }; + dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; }; + startAt = "00:00"; + }; wu-home-xu = { method = "push"; src = { host = config.krebs.hosts.wu; path = "/home"; }; diff --git a/tv/2configs/bash/completion.sh b/tv/2configs/bash/completion.sh deleted file mode 100644 index 537484fb9..000000000 --- a/tv/2configs/bash/completion.sh +++ /dev/null @@ -1,779 +0,0 @@ - -# Expand variable starting with tilde (~) -# We want to expand ~foo/... to /home/foo/... to avoid problems when -# word-to-complete starting with a tilde is fed to commands and ending up -# quoted instead of expanded. -# Only the first portion of the variable from the tilde up to the first slash -# (~../) is expanded. The remainder of the variable, containing for example -# a dollar sign variable ($) or asterisk (*) is not expanded. -# Example usage: -# -# $ v="~"; __expand_tilde_by_ref v; echo "$v" -# -# Example output: -# -# v output -# -------- ---------------- -# ~ /home/user -# ~foo/bar /home/foo/bar -# ~foo/$HOME /home/foo/$HOME -# ~foo/a b /home/foo/a b -# ~foo/* /home/foo/* -# -# @param $1 Name of variable (not the value of the variable) to expand -__expand_tilde_by_ref() -{ - # Does $1 start with tilde (~)? - if [[ ${!1} == \~* ]]; then - # Does $1 contain slash (/)? - if [[ ${!1} == */* ]]; then - # Yes, $1 contains slash; - # 1: Remove * including and after first slash (/), i.e. "~a/b" - # becomes "~a". Double quotes allow eval. - # 2: Remove * before the first slash (/), i.e. "~a/b" - # becomes "b". Single quotes prevent eval. - # +-----1----+ +---2----+ - eval $1="${!1/%\/*}"/'${!1#*/}' - else - # No, $1 doesn't contain slash - eval $1="${!1}" - fi - fi -} # __expand_tilde_by_ref() - - -# Get the word to complete. -# This is nicer than ${COMP_WORDS[$COMP_CWORD]}, since it handles cases -# where the user is completing in the middle of a word. -# (For example, if the line is "ls foobar", -# and the cursor is here --------> ^ -# @param $1 string Characters out of $COMP_WORDBREAKS which should NOT be -# considered word breaks. This is useful for things like scp where -# we want to return host:path and not only path, so we would pass the -# colon (:) as $1 in this case. -# @param $2 integer Index number of word to return, negatively offset to the -# current word (default is 0, previous is 1), respecting the exclusions -# given at $1. For example, `_get_cword "=:" 1' returns the word left of -# the current word, respecting the exclusions "=:". -# @deprecated Use `_get_comp_words_by_ref cur' instead -# @see _get_comp_words_by_ref() -_get_cword() -{ - local LC_CTYPE=C - local cword words - __reassemble_comp_words_by_ref "$1" words cword - - # return previous word offset by $2 - if [[ ${2//[^0-9]/} ]]; then - printf "%s" "${words[cword-$2]}" - elif [[ "${#words[cword]}" -eq 0 || "$COMP_POINT" == "${#COMP_LINE}" ]]; then - printf "%s" "${words[cword]}" - else - local i - local cur="$COMP_LINE" - local index="$COMP_POINT" - for (( i = 0; i <= cword; ++i )); do - while [[ - # Current word fits in $cur? - "${#cur}" -ge ${#words[i]} && - # $cur doesn't match cword? - "${cur:0:${#words[i]}}" != "${words[i]}" - ]]; do - # Strip first character - cur="${cur:1}" - # Decrease cursor position - ((index--)) - done - - # Does found word matches cword? - if [[ "$i" -lt "$cword" ]]; then - # No, cword lies further; - local old_size="${#cur}" - cur="${cur#${words[i]}}" - local new_size="${#cur}" - index=$(( index - old_size + new_size )) - fi - done - - if [[ "${words[cword]:0:${#cur}}" != "$cur" ]]; then - # We messed up! At least return the whole word so things - # keep working - printf "%s" "${words[cword]}" - else - printf "%s" "${cur:0:$index}" - fi - fi -} # _get_cword() - - -# Get word previous to the current word. -# This is a good alternative to `prev=${COMP_WORDS[COMP_CWORD-1]}' because bash4 -# will properly return the previous word with respect to any given exclusions to -# COMP_WORDBREAKS. -# @deprecated Use `_get_comp_words_by_ref cur prev' instead -# @see _get_comp_words_by_ref() -# -_get_pword() -{ - if [[ $COMP_CWORD -ge 1 ]]; then - _get_cword "${@:-}" 1 - fi -} - - - -# Complete variables. -# @return True (0) if variables were completed, -# False (> 0) if not. -_variables() -{ - if [[ $cur =~ ^(\$\{?)([A-Za-z0-9_]*)$ ]]; then - [[ $cur == *{* ]] && local suffix=} || local suffix= - COMPREPLY+=( $( compgen -P ${BASH_REMATCH[1]} -S "$suffix" -v -- \ - "${BASH_REMATCH[2]}" ) ) - return 0 - fi - return 1 -} - -# Assign variable one scope above the caller -# Usage: local "$1" && _upvar $1 "value(s)" -# Param: $1 Variable name to assign value to -# Param: $* Value(s) to assign. If multiple values, an array is -# assigned, otherwise a single value is assigned. -# NOTE: For assigning multiple variables, use '_upvars'. Do NOT -# use multiple '_upvar' calls, since one '_upvar' call might -# reassign a variable to be used by another '_upvar' call. -# See: http://fvue.nl/wiki/Bash:_Passing_variables_by_reference -_upvar() -{ - if unset -v "$1"; then # Unset & validate varname - if (( $# == 2 )); then - eval $1=\"\$2\" # Return single value - else - eval $1=\(\"\${@:2}\"\) # Return array - fi - fi -} - -# Assign variables one scope above the caller -# Usage: local varname [varname ...] && -# _upvars [-v varname value] | [-aN varname [value ...]] ... -# Available OPTIONS: -# -aN Assign next N values to varname as array -# -v Assign single value to varname -# Return: 1 if error occurs -# See: http://fvue.nl/wiki/Bash:_Passing_variables_by_reference -_upvars() -{ - if ! (( $# )); then - echo "${FUNCNAME[0]}: usage: ${FUNCNAME[0]} [-v varname"\ - "value] | [-aN varname [value ...]] ..." 1>&2 - return 2 - fi - while (( $# )); do - case $1 in - -a*) - # Error checking - [[ ${1#-a} ]] || { echo "bash: ${FUNCNAME[0]}: \`$1': missing"\ - "number specifier" 1>&2; return 1; } - printf %d "${1#-a}" &> /dev/null || { echo "bash:"\ - "${FUNCNAME[0]}: \`$1': invalid number specifier" 1>&2 - return 1; } - # Assign array of -aN elements - [[ "$2" ]] && unset -v "$2" && eval $2=\(\"\${@:3:${1#-a}}\"\) && - shift $((${1#-a} + 2)) || { echo "bash: ${FUNCNAME[0]}:"\ - "\`$1${2+ }$2': missing argument(s)" 1>&2; return 1; } - ;; - -v) - # Assign single value - [[ "$2" ]] && unset -v "$2" && eval $2=\"\$3\" && - shift 3 || { echo "bash: ${FUNCNAME[0]}: $1: missing"\ - "argument(s)" 1>&2; return 1; } - ;; - *) - echo "bash: ${FUNCNAME[0]}: $1: invalid option" 1>&2 - return 1 ;; - esac - done -} - -# @param $1 exclude Characters out of $COMP_WORDBREAKS which should NOT be -# considered word breaks. This is useful for things like scp where -# we want to return host:path and not only path, so we would pass the -# colon (:) as $1 in this case. -# @param $2 words Name of variable to return words to -# @param $3 cword Name of variable to return cword to -# @param $4 cur Name of variable to return current word to complete to -# @see __reassemble_comp_words_by_ref() -__get_cword_at_cursor_by_ref() -{ - local cword words=() - __reassemble_comp_words_by_ref "$1" words cword - - local i cur index=$COMP_POINT lead=${COMP_LINE:0:$COMP_POINT} - # Cursor not at position 0 and not leaded by just space(s)? - if [[ $index -gt 0 && ( $lead && ${lead//[[:space:]]} ) ]]; then - cur=$COMP_LINE - for (( i = 0; i <= cword; ++i )); do - while [[ - # Current word fits in $cur? - ${#cur} -ge ${#words[i]} && - # $cur doesn't match cword? - "${cur:0:${#words[i]}}" != "${words[i]}" - ]]; do - # Strip first character - cur="${cur:1}" - # Decrease cursor position - ((index--)) - done - - # Does found word match cword? - if [[ $i -lt $cword ]]; then - # No, cword lies further; - local old_size=${#cur} - cur="${cur#"${words[i]}"}" - local new_size=${#cur} - index=$(( index - old_size + new_size )) - fi - done - # Clear $cur if just space(s) - [[ $cur && ! ${cur//[[:space:]]} ]] && cur= - # Zero $index if negative - [[ $index -lt 0 ]] && index=0 - fi - - local "$2" "$3" "$4" && _upvars -a${#words[@]} $2 "${words[@]}" \ - -v $3 "$cword" -v $4 "${cur:0:$index}" -} - -# Reassemble command line words, excluding specified characters from the -# list of word completion separators (COMP_WORDBREAKS). -# @param $1 chars Characters out of $COMP_WORDBREAKS which should -# NOT be considered word breaks. This is useful for things like scp where -# we want to return host:path and not only path, so we would pass the -# colon (:) as $1 here. -# @param $2 words Name of variable to return words to -# @param $3 cword Name of variable to return cword to -# -__reassemble_comp_words_by_ref() -{ - local exclude i j line ref - # Exclude word separator characters? - if [[ $1 ]]; then - # Yes, exclude word separator characters; - # Exclude only those characters, which were really included - exclude="${1//[^$COMP_WORDBREAKS]}" - fi - - # Default to cword unchanged - eval $3=$COMP_CWORD - # Are characters excluded which were former included? - if [[ $exclude ]]; then - # Yes, list of word completion separators has shrunk; - line=$COMP_LINE - # Re-assemble words to complete - for (( i=0, j=0; i < ${#COMP_WORDS[@]}; i++, j++)); do - # Is current word not word 0 (the command itself) and is word not - # empty and is word made up of just word separator characters to - # be excluded and is current word not preceded by whitespace in - # original line? - while [[ $i -gt 0 && ${COMP_WORDS[$i]} == +([$exclude]) ]]; do - # Is word separator not preceded by whitespace in original line - # and are we not going to append to word 0 (the command - # itself), then append to current word. - [[ $line != [$' \t']* ]] && (( j >= 2 )) && ((j--)) - # Append word separator to current or new word - ref="$2[$j]" - eval $2[$j]=\${!ref}\${COMP_WORDS[i]} - # Indicate new cword - [[ $i == $COMP_CWORD ]] && eval $3=$j - # Remove optional whitespace + word separator from line copy - line=${line#*"${COMP_WORDS[$i]}"} - # Start new word if word separator in original line is - # followed by whitespace. - [[ $line == [$' \t']* ]] && ((j++)) - # Indicate next word if available, else end *both* while and - # for loop - (( $i < ${#COMP_WORDS[@]} - 1)) && ((i++)) || break 2 - done - # Append word to current word - ref="$2[$j]" - eval $2[$j]=\${!ref}\${COMP_WORDS[i]} - # Remove optional whitespace + word from line copy - line=${line#*"${COMP_WORDS[i]}"} - # Indicate new cword - [[ $i == $COMP_CWORD ]] && eval $3=$j - done - [[ $i == $COMP_CWORD ]] && eval $3=$j - else - # No, list of word completions separators hasn't changed; - eval $2=\( \"\${COMP_WORDS[@]}\" \) - fi -} # __reassemble_comp_words_by_ref() - - -# If the word-to-complete contains a colon (:), left-trim COMPREPLY items with -# word-to-complete. -# With a colon in COMP_WORDBREAKS, words containing -# colons are always completed as entire words if the word to complete contains -# a colon. This function fixes this, by removing the colon-containing-prefix -# from COMPREPLY items. -# The preferred solution is to remove the colon (:) from COMP_WORDBREAKS in -# your .bashrc: -# -# # Remove colon (:) from list of word completion separators -# COMP_WORDBREAKS=${COMP_WORDBREAKS//:} -# -# See also: Bash FAQ - E13) Why does filename completion misbehave if a colon -# appears in the filename? - http://tiswww.case.edu/php/chet/bash/FAQ -# @param $1 current word to complete (cur) -# @modifies global array $COMPREPLY -# -__ltrim_colon_completions() -{ - if [[ "$1" == *:* && "$COMP_WORDBREAKS" == *:* ]]; then - # Remove colon-word prefix from COMPREPLY items - local colon_word=${1%"${1##*:}"} - local i=${#COMPREPLY[*]} - while [[ $((--i)) -ge 0 ]]; do - COMPREPLY[$i]=${COMPREPLY[$i]#"$colon_word"} - done - fi -} # __ltrim_colon_completions() - - -# NOTE: Using this function as a helper function is deprecated. Use -# `_known_hosts_real' instead. -_known_hosts() -{ - local cur prev words cword - _init_completion -n : || return - - # NOTE: Using `_known_hosts' as a helper function and passing options - # to `_known_hosts' is deprecated: Use `_known_hosts_real' instead. - local options - [[ "$1" == -a || "$2" == -a ]] && options=-a - [[ "$1" == -c || "$2" == -c ]] && options+=" -c" - _known_hosts_real $options -- "$cur" -} # _known_hosts() - - -# Helper function for completing _known_hosts. -# This function performs host completion based on ssh's config and known_hosts -# files, as well as hostnames reported by avahi-browse if -# COMP_KNOWN_HOSTS_WITH_AVAHI is set to a non-empty value. Also hosts from -# HOSTFILE (compgen -A hostname) are added, unless -# COMP_KNOWN_HOSTS_WITH_HOSTFILE is set to an empty value. -# Usage: _known_hosts_real [OPTIONS] CWORD -# Options: -a Use aliases -# -c Use `:' suffix -# -F configfile Use `configfile' for configuration settings -# -p PREFIX Use PREFIX -# Return: Completions, starting with CWORD, are added to COMPREPLY[] -_known_hosts_real() -{ - local configfile flag prefix - local cur curd awkcur user suffix aliases i host - local -a kh khd config - - local OPTIND=1 - while getopts "acF:p:" flag "$@"; do - case $flag in - a) aliases='yes' ;; - c) suffix=':' ;; - F) configfile=$OPTARG ;; - p) prefix=$OPTARG ;; - esac - done - [[ $# -lt $OPTIND ]] && echo "error: $FUNCNAME: missing mandatory argument CWORD" - cur=${!OPTIND}; let "OPTIND += 1" - [[ $# -ge $OPTIND ]] && echo "error: $FUNCNAME("$@"): unprocessed arguments:"\ - $(while [[ $# -ge $OPTIND ]]; do printf '%s\n' ${!OPTIND}; shift; done) - - [[ $cur == *@* ]] && user=${cur%@*}@ && cur=${cur#*@} - kh=() - - # ssh config files - if [[ -n $configfile ]]; then - [[ -r $configfile ]] && config+=( "$configfile" ) - else - for i in /etc/ssh/ssh_config ~/.ssh/config ~/.ssh2/config; do - [[ -r $i ]] && config+=( "$i" ) - done - fi - - # Known hosts files from configs - if [[ ${#config[@]} -gt 0 ]]; then - local OIFS=$IFS IFS=$'\n' j - local -a tmpkh - # expand paths (if present) to global and user known hosts files - # TODO(?): try to make known hosts files with more than one consecutive - # spaces in their name work (watch out for ~ expansion - # breakage! Alioth#311595) - tmpkh=( $( awk 'sub("^[ \t]*([Gg][Ll][Oo][Bb][Aa][Ll]|[Uu][Ss][Ee][Rr])[Kk][Nn][Oo][Ww][Nn][Hh][Oo][Ss][Tt][Ss][Ff][Ii][Ll][Ee][ \t]+", "") { print $0 }' "${config[@]}" | sort -u ) ) - IFS=$OIFS - for i in "${tmpkh[@]}"; do - # First deal with quoted entries... - while [[ $i =~ ^([^\"]*)\"([^\"]*)\"(.*)$ ]]; do - i=${BASH_REMATCH[1]}${BASH_REMATCH[3]} - j=${BASH_REMATCH[2]} - __expand_tilde_by_ref j # Eval/expand possible `~' or `~user' - [[ -r $j ]] && kh+=( "$j" ) - done - # ...and then the rest. - for j in $i; do - __expand_tilde_by_ref j # Eval/expand possible `~' or `~user' - [[ -r $j ]] && kh+=( "$j" ) - done - done - fi - - - if [[ -z $configfile ]]; then - # Global and user known_hosts files - for i in /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2 \ - /etc/known_hosts /etc/known_hosts2 ~/.ssh/known_hosts \ - ~/.ssh/known_hosts2; do - [[ -r $i ]] && kh+=( "$i" ) - done - for i in /etc/ssh2/knownhosts ~/.ssh2/hostkeys; do - [[ -d $i ]] && khd+=( "$i"/*pub ) - done - fi - - # If we have known_hosts files to use - if [[ ${#kh[@]} -gt 0 || ${#khd[@]} -gt 0 ]]; then - # Escape slashes and dots in paths for awk - awkcur=${cur//\//\\\/} - awkcur=${awkcur//\./\\\.} - curd=$awkcur - - if [[ "$awkcur" == [0-9]*[.:]* ]]; then - # Digits followed by a dot or a colon - just search for that - awkcur="^$awkcur[.:]*" - elif [[ "$awkcur" == [0-9]* ]]; then - # Digits followed by no dot or colon - search for digits followed - # by a dot or a colon - awkcur="^$awkcur.*[.:]" - elif [[ -z $awkcur ]]; then - # A blank - search for a dot, a colon, or an alpha character - awkcur="[a-z.:]" - else - awkcur="^$awkcur" - fi - - if [[ ${#kh[@]} -gt 0 ]]; then - # FS needs to look for a comma separated list - COMPREPLY+=( $( awk 'BEGIN {FS=","} - /^\s*[^|\#]/ { - sub("^@[^ ]+ +", ""); \ - sub(" .*$", ""); \ - for (i=1; i<=NF; ++i) { \ - sub("^\\[", "", $i); sub("\\](:[0-9]+)?$", "", $i); \ - if ($i !~ /[*?]/ && $i ~ /'"$awkcur"'/) {print $i} \ - }}' "${kh[@]}" 2>/dev/null ) ) - fi - if [[ ${#khd[@]} -gt 0 ]]; then - # Needs to look for files called - # .../.ssh2/key_22_<hostname>.pub - # dont fork any processes, because in a cluster environment, - # there can be hundreds of hostkeys - for i in "${khd[@]}" ; do - if [[ "$i" == *key_22_$curd*.pub && -r "$i" ]]; then - host=${i/#*key_22_/} - host=${host/%.pub/} - COMPREPLY+=( $host ) - fi - done - fi - - # apply suffix and prefix - for (( i=0; i < ${#COMPREPLY[@]}; i++ )); do - COMPREPLY[i]=$prefix$user${COMPREPLY[i]}$suffix - done - fi - - # append any available aliases from config files - if [[ ${#config[@]} -gt 0 && -n "$aliases" ]]; then - local hosts=$( sed -ne 's/^[ \t]*[Hh][Oo][Ss][Tt]\([Nn][Aa][Mm][Ee]\)\{0,1\}['"$'\t '"']\{1,\}\([^#*?]*\)\(#.*\)\{0,1\}$/\2/p' "${config[@]}" ) - COMPREPLY+=( $( compgen -P "$prefix$user" \ - -S "$suffix" -W "$hosts" -- "$cur" ) ) - fi - - # Add hosts reported by avahi-browse, if desired and it's available. - if [[ ${COMP_KNOWN_HOSTS_WITH_AVAHI:-} ]] && \ - type avahi-browse &>/dev/null; then - # The original call to avahi-browse also had "-k", to avoid lookups - # into avahi's services DB. We don't need the name of the service, and - # if it contains ";", it may mistify the result. But on Gentoo (at - # least), -k wasn't available (even if mentioned in the manpage) some - # time ago, so... - COMPREPLY+=( $( compgen -P "$prefix$user" -S "$suffix" -W \ - "$( avahi-browse -cpr _workstation._tcp 2>/dev/null | \ - awk -F';' '/^=/ { print $7 }' | sort -u )" -- "$cur" ) ) - fi - - # Add hosts reported by ruptime. - COMPREPLY+=( $( compgen -W \ - "$( ruptime 2>/dev/null | awk '!/^ruptime:/ { print $1 }' )" \ - -- "$cur" ) ) - - # Add results of normal hostname completion, unless - # `COMP_KNOWN_HOSTS_WITH_HOSTFILE' is set to an empty value. - if [[ -n ${COMP_KNOWN_HOSTS_WITH_HOSTFILE-1} ]]; then - COMPREPLY+=( - $( compgen -A hostname -P "$prefix$user" -S "$suffix" -- "$cur" ) ) - fi - - __ltrim_colon_completions "$prefix$user$cur" - - return 0 -} # _known_hosts_real() - - -# Get the word to complete and optional previous words. -# This is nicer than ${COMP_WORDS[$COMP_CWORD]}, since it handles cases -# where the user is completing in the middle of a word. -# (For example, if the line is "ls foobar", -# and the cursor is here --------> ^ -# Also one is able to cross over possible wordbreak characters. -# Usage: _get_comp_words_by_ref [OPTIONS] [VARNAMES] -# Available VARNAMES: -# cur Return cur via $cur -# prev Return prev via $prev -# words Return words via $words -# cword Return cword via $cword -# -# Available OPTIONS: -# -n EXCLUDE Characters out of $COMP_WORDBREAKS which should NOT be -# considered word breaks. This is useful for things like scp -# where we want to return host:path and not only path, so we -# would pass the colon (:) as -n option in this case. -# -c VARNAME Return cur via $VARNAME -# -p VARNAME Return prev via $VARNAME -# -w VARNAME Return words via $VARNAME -# -i VARNAME Return cword via $VARNAME -# -# Example usage: -# -# $ _get_comp_words_by_ref -n : cur prev -# -_get_comp_words_by_ref() -{ - local exclude flag i OPTIND=1 - local cur cword words=() - local upargs=() upvars=() vcur vcword vprev vwords - - while getopts "c:i:n:p:w:" flag "$@"; do - case $flag in - c) vcur=$OPTARG ;; - i) vcword=$OPTARG ;; - n) exclude=$OPTARG ;; - p) vprev=$OPTARG ;; - w) vwords=$OPTARG ;; - esac - done - while [[ $# -ge $OPTIND ]]; do - case ${!OPTIND} in - cur) vcur=cur ;; - prev) vprev=prev ;; - cword) vcword=cword ;; - words) vwords=words ;; - *) echo "bash: $FUNCNAME(): \`${!OPTIND}': unknown argument" \ - 1>&2; return 1 - esac - let "OPTIND += 1" - done - - __get_cword_at_cursor_by_ref "$exclude" words cword cur - - [[ $vcur ]] && { upvars+=("$vcur" ); upargs+=(-v $vcur "$cur" ); } - [[ $vcword ]] && { upvars+=("$vcword"); upargs+=(-v $vcword "$cword"); } - [[ $vprev && $cword -ge 1 ]] && { upvars+=("$vprev" ); upargs+=(-v $vprev - "${words[cword - 1]}"); } - [[ $vwords ]] && { upvars+=("$vwords"); upargs+=(-a${#words[@]} $vwords - "${words[@]}"); } - - (( ${#upvars[@]} )) && local "${upvars[@]}" && _upvars "${upargs[@]}" -} - -# Initialize completion and deal with various general things: do file -# and variable completion where appropriate, and adjust prev, words, -# and cword as if no redirections exist so that completions do not -# need to deal with them. Before calling this function, make sure -# cur, prev, words, and cword are local, ditto split if you use -s. -# -# Options: -# -n EXCLUDE Passed to _get_comp_words_by_ref -n with redirection chars -# -e XSPEC Passed to _filedir as first arg for stderr redirections -# -o XSPEC Passed to _filedir as first arg for other output redirections -# -i XSPEC Passed to _filedir as first arg for stdin redirections -# -s Split long options with _split_longopt, implies -n = -# @return True (0) if completion needs further processing, -# False (> 0) no further processing is necessary. -# -_init_completion() -{ - local exclude= flag outx errx inx OPTIND=1 - - while getopts "n:e:o:i:s" flag "$@"; do - case $flag in - n) exclude+=$OPTARG ;; - e) errx=$OPTARG ;; - o) outx=$OPTARG ;; - i) inx=$OPTARG ;; - s) split=false ; exclude+== ;; - esac - done - - # For some reason completion functions are not invoked at all by - # bash (at least as of 4.1.7) after the command line contains an - # ampersand so we don't get a chance to deal with redirections - # containing them, but if we did, hopefully the below would also - # do the right thing with them... - - COMPREPLY=() - local redir="@(?([0-9])<|?([0-9&])>?(>)|>&)" - _get_comp_words_by_ref -n "$exclude<>&" cur prev words cword - - # Complete variable names. - _variables && return 1 - - # Complete on files if current is a redirect possibly followed by a - # filename, e.g. ">foo", or previous is a "bare" redirect, e.g. ">". - if [[ $cur == $redir* || $prev == $redir ]]; then - local xspec - case $cur in - 2'>'*) xspec=$errx ;; - *'>'*) xspec=$outx ;; - *'<'*) xspec=$inx ;; - *) - case $prev in - 2'>'*) xspec=$errx ;; - *'>'*) xspec=$outx ;; - *'<'*) xspec=$inx ;; - esac - ;; - esac - cur="${cur##$redir}" - _filedir $xspec - return 1 - fi - - # Remove all redirections so completions don't have to deal with them. - local i skip - for (( i=1; i < ${#words[@]}; )); do - if [[ ${words[i]} == $redir* ]]; then - # If "bare" redirect, remove also the next word (skip=2). - [[ ${words[i]} == $redir ]] && skip=2 || skip=1 - words=( "${words[@]:0:i}" "${words[@]:i+skip}" ) - [[ $i -le $cword ]] && cword=$(( cword - skip )) - else - i=$(( ++i )) - fi - done - - [[ $cword -le 0 ]] && return 1 - prev=${words[cword-1]} - - [[ ${split-} ]] && _split_longopt && split=true - - return 0 -} - -# Try to complete -o SubOptions= -# -# Returns 0 if the completion was handled or non-zero otherwise. -_ssh_suboption_check() -{ - # Get prev and cur words without splitting on = - local cureq=`_get_cword :=` preveq=`_get_pword :=` - if [[ $cureq == *=* && $preveq == -o ]]; then - _ssh_suboption $cureq - return $? - fi - return 1 -} - -_complete_ssh() -{ - local cur prev words cword - _init_completion -n : || return - - local configfile - local -a config - - _ssh_suboption_check && return 0 - - case $prev in - -F|-i|-S) - _filedir - return 0 - ;; - -c) - _ssh_ciphers - return 0 - ;; - -m) - _ssh_macs - return 0 - ;; - -l) - COMPREPLY=( $( compgen -u -- "$cur" ) ) - return 0 - ;; - -O) - COMPREPLY=( $( compgen -W 'check forward exit stop' -- "$cur" ) ) - return 0 - ;; - -o) - _ssh_options - return 0 - ;; - -w) - _available_interfaces - return 0 - ;; - -b) - _ip_addresses - return 0 - ;; - -D|-e|-I|-L|-p|-R|-W) - return 0 - ;; - esac - - if [[ "$cur" == -F* ]]; then - cur=${cur#-F} - _filedir - # Prefix completions with '-F' - COMPREPLY=( "${COMPREPLY[@]/#/-F}" ) - cur=-F$cur # Restore cur - elif [[ "$cur" == -* ]]; then - COMPREPLY=( $( compgen -W '$( _parse_usage "$1" )' -- "$cur" ) ) - else - # Search COMP_WORDS for '-F configfile' or '-Fconfigfile' argument - set -- "${words[@]}" - while [[ $# -gt 0 ]]; do - if [[ $1 == -F* ]]; then - if [[ ${#1} -gt 2 ]]; then - configfile="$(dequote "${1:2}")" - else - shift - [[ $1 ]] && configfile="$(dequote "$1")" - fi - break - fi - shift - done - _known_hosts_real -a -F "$configfile" "$cur" - if [[ $cword -ne 1 ]]; then - compopt -o filenames - COMPREPLY+=( $( compgen -c -- "$cur" ) ) - fi - fi - - return 0 -} && -shopt -u hostcomplete && complete -F _complete_ssh ssh diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index f418b9ff0..280552fe4 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -11,7 +11,6 @@ with import <stockholm/lib>; imports = [ <secrets> - ./audit.nix ./backup.nix ./bash ./htop.nix @@ -142,6 +141,7 @@ with import <stockholm/lib>; environment.systemPackages = [ pkgs.get pkgs.git + pkgs.git-preview pkgs.hashPassword pkgs.htop pkgs.kpaste diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 515f8996f..509257c48 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -13,8 +13,16 @@ with import <stockholm/lib>; http://www.exim.org/ + { + url = https://api.github.com/repos/Gabriel439/nix-diff/git/refs/heads/master; + filter = "system:${pkgs.jq}/bin/jq -r .object.sha"; + } + # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix - https://api.github.com/repos/simple-evcorr/sec/tags + { + url = https://api.github.com/repos/simple-evcorr/sec/tags; + filter = "system:${pkgs.jq}/bin/jq ."; + } # ref src/nixpkgs/pkgs/tools/networking/urlwatch/default.nix https://thp.io/2008/urlwatch/ @@ -47,11 +55,13 @@ with import <stockholm/lib>; #http://hackage.haskell.org/package/web-page # ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github* - https://help.github.com/articles/github-s-ip-addresses/ + https://api.github.com/meta # <stockholm/tv/2configs/xserver/xserver.conf.nix> # is derived from `configFile` in: https://raw.githubusercontent.com/NixOS/nixpkgs/master/nixos/modules/services/x11/xserver.nix + + https://www.rabbitmq.com/changelog.html ]; hooksFile = toFile "hooks.py" '' import subprocess diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index ca4718646..8a27b606a 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -173,9 +173,13 @@ let { syn cluster nix_ind_strings contains=NixIND_STRING syn cluster nix_strings contains=NixSTRING - ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + ${concatStringsSep "\n" (mapAttrsToList (name: { + extraStart ? null, + lang ? name + }: + let startAlts = filter isString [ - ''/\* ${lang} \*/'' + ''/\* ${name} \*/'' extraStart ]; sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 8f3ee5966..7ba78b974 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -1,7 +1,12 @@ { config, pkgs, ... }@args: with import <stockholm/lib>; let - user = config.krebs.build.user; + cfg = { + cacheDir = cfg.dataDir; + configDir = "/var/empty"; + dataDir = "/run/xdg/${cfg.user.name}/xmonad"; + user = config.krebs.build.user; + }; in { environment.systemPackages = [ @@ -25,7 +30,7 @@ in { group = "wheel"; envp = { DISPLAY = ":${toString config.services.xserver.display}"; - USER = user.name; + USER = cfg.user.name; }; }; @@ -54,6 +59,10 @@ in { environment = { DISPLAY = ":${toString config.services.xserver.display}"; + XMONAD_CACHE_DIR = cfg.cacheDir; + XMONAD_CONFIG_DIR = cfg.configDir; + XMONAD_DATA_DIR = cfg.dataDir; + XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} & @@ -62,8 +71,6 @@ in { wait ''; - XMONAD_STATE = "/tmp/xmonad.state"; - # XXX JSON is close enough :) XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ "Dashboard" # we start here @@ -79,10 +86,15 @@ in { }; serviceConfig = { SyslogIdentifier = "xmonad"; + ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [ + "\${XMONAD_CACHE_DIR}" + "\${XMONAD_CONFIG_DIR}" + "\${XMONAD_DATA_DIR}" + ]}"; ExecStart = "${pkgs.xmonad-tv}/bin/xmonad"; ExecStop = "${pkgs.xmonad-tv}/bin/xmonad --shutdown"; - User = user.name; - WorkingDirectory = user.home; + User = cfg.user.name; + WorkingDirectory = cfg.user.home; }; }; @@ -125,7 +137,7 @@ in { Restart = "always"; RestartSec = "2s"; StartLimitBurst = 0; - User = user.name; + User = cfg.user.name; }; }; } diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 261871e62..82474ade5 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -33,13 +33,4 @@ foldl' mergeAttrs {} ''; gnupg = self.gnupg22; - - # https://github.com/NixOS/nixpkgs/issues/16113 - wvdial = let - nixpkgs-1509 = import (self.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs-channels"; - rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; - sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; - }) {}; - in nixpkgs-1509.wvdial; } diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index f73175bb1..94c70153d 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -3,6 +3,7 @@ pkgs.writeHaskell "xmonad-tv" { executables.xmonad = { extra-depends = [ "containers" + "extra" "unix" "X11" "xmonad" @@ -19,11 +20,12 @@ pkgs.writeHaskell "xmonad-tv" { module Main where import Control.Exception +import Control.Monad.Extra (whenJustM) import Graphics.X11.ExtraTypes.XF86 import Text.Read (readEither) import XMonad import System.IO (hPutStrLn, stderr) -import System.Environment (getArgs, withArgs, getEnv, getEnvironment) +import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv) import System.Posix.Process (executeFile) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace , removeEmptyWorkspace) @@ -69,7 +71,7 @@ main = getArgs >>= \case mainNoArgs :: IO () mainNoArgs = do workspaces0 <- getWorkspaces0 - xmonad' + xmonad -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 } -- urgencyConfig { remindWhen = Every 1 } -- $ withUrgencyHook borderUrgencyHook "magenta" @@ -84,26 +86,15 @@ mainNoArgs = do -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent --, handleEventHook = handleTimerEvent , manageHook = placeHook (smart (1,0)) <+> floatNextHook - , startupHook = do - path <- liftIO (getEnv "XMONAD_STARTUP_HOOK") - forkFile path [] Nothing + , startupHook = + whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) + (\path -> forkFile path [] Nothing) , normalBorderColor = "#1c1c1c" , focusedBorderColor = "#f000b0" , handleEventHook = handleShutdownEvent } -xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO () -xmonad' conf = do - path <- getEnv "XMONAD_STATE" - try (readFile path) >>= \case - Right content -> do - hPutStrLn stderr ("resuming from " ++ path) - withArgs ("--resume" : lines content) (xmonad conf) - Left e -> do - hPutStrLn stderr (displaySomeException e) - xmonad conf - getWorkspaces0 :: IO [String] getWorkspaces0 = try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case |