summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjeschli <jeschli@gmail.com>2018-03-20 15:37:44 +0100
committerjeschli <jeschli@gmail.com>2018-03-20 15:37:44 +0100
commit01358d3947b46c2d9cceb7f6c53855cb536d6efe (patch)
tree194c3c5e346327774603f8948a0fa301a082be90
parent390375cd8a0c745eb6b4df93f3f6f3e5f2985c90 (diff)
parent6267aa42509a4f56dc95dfc2db7773c33ca12522 (diff)
Merge branch 'staging/jeschli' of prism.r:stockholm into staging/jeschli
Diffstat
-rw-r--r--.gitignore1
-rw-r--r--jeschli/1systems/bln/config.nix17
-rw-r--r--jeschli/1systems/brauerei/config.nix2
-rw-r--r--jeschli/1systems/enklave/config.nix10
-rw-r--r--jeschli/1systems/enklave/taskserver.nix10
-rw-r--r--jeschli/2configs/default.nix1
-rw-r--r--jeschli/2configs/urxvt.nix65
-rw-r--r--jeschli/2configs/vim.nix7
-rw-r--r--jeschli/2configs/zsh.nix138
-rw-r--r--jeschli/source.nix6
-rw-r--r--krebs/2configs/go.nix1
-rw-r--r--krebs/2configs/hw/x220.nix1
-rw-r--r--krebs/3modules/default.nix6
-rw-r--r--krebs/3modules/lass/default.nix30
-rw-r--r--krebs/3modules/lass/ssh/daedalus.rsa1
-rw-r--r--krebs/3modules/lass/ssh/icarus.rsa2
-rw-r--r--krebs/3modules/makefu/default.nix5
-rw-r--r--krebs/3modules/os-release.nix6
-rw-r--r--krebs/3modules/repo-sync.nix6
-rw-r--r--krebs/5pkgs/simple/ftb/default.nix21
-rw-r--r--krebs/5pkgs/simple/populate/default.nix4
-rw-r--r--krebs/5pkgs/simple/stockholm/default.nix2
-rw-r--r--krebs/5pkgs/simple/urlwatch/default.nix4
-rw-r--r--krebs/source.nix8
-rw-r--r--lass/1systems/helios/config.nix42
-rw-r--r--lass/1systems/mors/config.nix11
-rw-r--r--lass/1systems/prism/config.nix23
-rw-r--r--lass/1systems/shodan/config.nix4
-rw-r--r--lass/2configs/IM.nix1
-rw-r--r--lass/2configs/baseX.nix12
-rw-r--r--lass/2configs/dcso-dev.nix8
-rw-r--r--lass/2configs/downloading.nix2
-rw-r--r--lass/2configs/dunst.nix277
-rw-r--r--lass/2configs/exim-smarthost.nix21
-rw-r--r--lass/2configs/logf.nix4
-rw-r--r--lass/2configs/mail.nix64
-rw-r--r--lass/2configs/minecraft.nix1
-rw-r--r--lass/2configs/network-manager.nix24
-rw-r--r--lass/2configs/rtl-sdr.nix6
-rw-r--r--lass/2configs/vim.nix6
-rw-r--r--lass/2configs/websites/util.nix1
-rw-r--r--lass/2configs/wine.nix15
-rw-r--r--lass/2configs/zsh.nix7
-rw-r--r--lass/3modules/xserver/default.nix6
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix (renamed from lass/5pkgs/xmonad-lass.nix)28
-rw-r--r--lass/5pkgs/default.nix63
-rw-r--r--lass/5pkgs/xephyrify/default.nix42
-rw-r--r--lass/default.nix4
-rw-r--r--lass/source.nix6
-rw-r--r--lib/types.nix115
-rw-r--r--makefu/1systems/gum/config.nix5
-rw-r--r--makefu/1systems/omo/config.nix16
-rw-r--r--makefu/1systems/sdev/config.nix26
-rw-r--r--makefu/1systems/vbob/config.nix41
-rw-r--r--makefu/1systems/wbob/config.nix132
-rw-r--r--makefu/1systems/x/config.nix88
-rw-r--r--makefu/2configs/deployment/google-muell.nix34
-rw-r--r--makefu/2configs/deployment/led-fader.nix20
-rw-r--r--makefu/2configs/deployment/owncloud.nix50
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix1
-rw-r--r--makefu/2configs/gui/base.nix15
-rw-r--r--makefu/2configs/gui/wbob-kiosk.nix6
-rw-r--r--makefu/2configs/hw/network-manager.nix37
-rw-r--r--makefu/2configs/hw/vbox-guest.nix16
-rw-r--r--makefu/2configs/hw/wwan.nix8
-rw-r--r--makefu/2configs/hydra/stockholm.nix34
-rw-r--r--makefu/2configs/tools/mobility.nix2
-rw-r--r--makefu/2configs/tools/studio.nix4
-rw-r--r--makefu/2configs/urlwatch/default.nix4
-rw-r--r--makefu/3modules/awesome-extra.nix10
-rw-r--r--makefu/3modules/default.nix2
-rw-r--r--makefu/3modules/umts.nix84
-rw-r--r--makefu/3modules/wvdial.nix71
-rw-r--r--makefu/5pkgs/ampel/default.nix27
-rw-r--r--makefu/5pkgs/awesomecfg/default.nix25
-rw-r--r--makefu/5pkgs/awesomecfg/full.cfg14
-rw-r--r--makefu/5pkgs/custom/default.nix3
-rw-r--r--makefu/5pkgs/custom/qcma/default.nix36
-rw-r--r--makefu/5pkgs/default.nix2
-rw-r--r--makefu/5pkgs/dionaea/default.nix50
-rw-r--r--makefu/5pkgs/farpd/default.nix63
-rw-r--r--makefu/5pkgs/mcomix/default.nix4
-rw-r--r--makefu/5pkgs/opl-utils/default.nix3
-rw-r--r--makefu/5pkgs/pfsshell/default.nix27
-rw-r--r--makefu/5pkgs/programs-db/default.nix12
-rw-r--r--makefu/5pkgs/shackie/default.nix33
-rw-r--r--makefu/6tests/data/secrets/torrent-secrets/auth.nix1
-rw-r--r--makefu/source.nix9
-rw-r--r--mv/source.nix6
-rw-r--r--nin/1systems/axon/config.nix4
-rw-r--r--nin/2configs/ableton.nix20
-rw-r--r--nin/2configs/git.nix11
-rw-r--r--nin/2configs/im.nix19
-rw-r--r--nin/source.nix11
-rw-r--r--tv/2configs/gitrepos.nix8
-rw-r--r--tv/source.nix6
96 files changed, 1483 insertions, 764 deletions
diff --git a/.gitignore b/.gitignore
index e1c6ef949..d17552e83 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
/.graveyard
/TODO
+result
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
index 885307b7a..6142933f5 100644
--- a/jeschli/1systems/bln/config.nix
+++ b/jeschli/1systems/bln/config.nix
@@ -3,12 +3,13 @@
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, lib, pkgs, ... }:
-
+# bln config file
{
imports =
[ # Include the results of the hardware scan.
<stockholm/jeschli>
<stockholm/jeschli/2configs/virtualbox.nix>
+ <stockholm/jeschli/2configs/urxvt.nix>
./hardware-configuration.nix
# ./dcso-vpn.nix
];
@@ -16,10 +17,18 @@
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
+ jeschliFontSize = 20;
+ # Use the GRUB 2 boot loader.
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ # boot.loader.grub.efiSupport = true;
+ # boot.loader.grub.efiInstallAsRemovable = true;
+ # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+ # Define on which hard drive you want to install Grub.
environment.shellAliases = {
n = "nix-shell";
- gd = "cd /home/jeschli/go/src/gitlab.dcso.lolcat";
- gh = "cd /home/jeschli/go/src/github.com";
+ gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
+ gh = "cd /home/markus/go/src/github.com";
stocki = pkgs.writeDash "deploy" ''
cd ~/stockholm
LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"'
@@ -33,6 +42,7 @@
nixpkgs.config.allowUnfree = true;
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
environment.systemPackages = with pkgs; [
+ termite
# system helper
ag
copyq
@@ -57,6 +67,7 @@
chromium
google-chrome
# programming languages
+ elmPackages.elm
go
gcc
ghc
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index e4109c638..eb2bb11d2 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -79,6 +79,8 @@
jetbrains.goland
# document viewer
zathura
+ # xorg
+ xorg.xbacklight
];
# Some programs need SUID wrappers, can be configured further or are
diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix
index 76e718699..470566a8b 100644
--- a/jeschli/1systems/enklave/config.nix
+++ b/jeschli/1systems/enklave/config.nix
@@ -40,6 +40,16 @@
};
};
}
+ {
+ services.taskserver = {
+ enable = true;
+ fqdn = "enklave.r";
+ listenHost = "::";
+ listenPort = 53589;
+ organisations.lass.users = [ "jeschli" ];
+ };
+ networking.firewall.allowedTCPPorts = [ 53589 ];
+ }
];
krebs.build.host = config.krebs.hosts.enklave;
diff --git a/jeschli/1systems/enklave/taskserver.nix b/jeschli/1systems/enklave/taskserver.nix
new file mode 100644
index 000000000..23b235d70
--- /dev/null
+++ b/jeschli/1systems/enklave/taskserver.nix
@@ -0,0 +1,10 @@
+ {
+ services.taskserver = {
+ enable = true;
+ fqdn = "enklave.r";
+ listenHost = "::";
+ listenPort = 53589;
+ organisations.lass.users = [ "jeschli" ];
+ };
+ networking.firewall.allowedTCPPorts = [ 53589 ];
+ }
diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix
index 0ac3708bb..5aaabe24b 100644
--- a/jeschli/2configs/default.nix
+++ b/jeschli/2configs/default.nix
@@ -4,6 +4,7 @@ with import <stockholm/lib>;
imports = [
./vim.nix
./retiolum.nix
+ ./zsh.nix
<stockholm/lass/2configs/security-workarounds.nix>
{
environment.variables = {
diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix
index 69811eb0a..014918748 100644
--- a/jeschli/2configs/urxvt.nix
+++ b/jeschli/2configs/urxvt.nix
@@ -1,34 +1,39 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
-
{
- services.urxvtd.enable = true;
- krebs.xresources.enable = true;
- krebs.xresources.resources.urxvt = ''
- *foreground: rgb:a8/a8/a8
- *background: rgb:00/00/00
- *faceName: DejaVu Sans Mono
- *faceSize: 12
- *color0: rgb:00/00/00
- *color1: rgb:a8/00/00
- *color2: rgb:00/a8/00
- *color3: rgb:a8/54/00
- *color4: rgb:00/00/a8
- *color5: rgb:a8/00/a8
- *color6: rgb:00/a8/a8
- *color7: rgb:a8/a8/a8
- *color8: rgb:54/54/54
- *color9: rgb:fc/54/54
- *color10: rgb:54/fc/54
- *color11: rgb:fc/fc/54
- *color12: rgb:54/54/fc
- *color13: rgb:fc/54/fc
- *color14: rgb:54/fc/fc
- *color15: rgb:fc/fc/fc
-
- URxvt*scrollBar: false
- URxvt*urgentOnBell: true
- URxvt*font: xft:DejaVu Sans Mono:pixelsize=12
- URXvt*faceSize: 12
- '';
+ options.jeschliFontSize = mkOption {
+ type = types.int;
+ default = 12;
+ };
+ config = {
+ services.urxvtd.enable = true;
+ krebs.xresources.enable = true;
+ krebs.xresources.resources.urxvt = ''
+ *foreground: rgb:a8/a8/a8
+ *background: rgb:00/00/00
+ *faceName: DejaVu Sans Mono
+ *faceSize: ${toString config.jeschliFontSize}
+ *color0: rgb:00/00/00
+ *color1: rgb:a8/00/00
+ *color2: rgb:00/a8/00
+ *color3: rgb:a8/54/00
+ *color4: rgb:26/8b/d2
+ *color5: rgb:a8/00/a8
+ *color6: rgb:00/a8/a8
+ *color7: rgb:a8/a8/a8
+ *color8: rgb:54/54/54
+ *color9: rgb:fc/54/54
+ *color10: rgb:54/fc/54
+ *color11: rgb:fc/fc/54
+ *color12: rgb:54/54/fc
+ *color13: rgb:fc/54/fc
+ *color14: rgb:54/fc/fc
+ *color15: rgb:fc/fc/fc
+
+ URxvt*scrollBar: false
+ URxvt*urgentOnBell: true
+ URxvt*font: xft:DejaVu Sans Mono:pixelsize=${toString config.jeschliFontSize}
+ URXvt*faceSize: ${toString config.jeschliFontSize}
+ '';
+ };
}
diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix
index 7721b1d40..c13113f1c 100644
--- a/jeschli/2configs/vim.nix
+++ b/jeschli/2configs/vim.nix
@@ -27,6 +27,9 @@ in {
name = "vim";
vimrcConfig.customRC = let
colorscheme = ''colorscheme molokai'';
+ highlightTrailingWhiteSpaces = ''
+ au Syntax * syn match Garbage containedin=ALL /\s\+$/
+ '';
setStatements = ''
set autowrite
set clipboard=unnamedplus
@@ -42,6 +45,7 @@ in {
remapStatements = ''
imap jk <Esc>
map gr :GoRun<Enter> " Map gr to execute go run
+ map tt :GoTest<Enter> " Map tt to execute go test
map nf :NERDTreeToggle<CR>
nnoremap <C-TAB> <c-w><c-w>
nnoremap <S-TAB> :bnext<CR>
@@ -74,11 +78,12 @@ in {
'';
in ''
${colorscheme}
+ ${highlightTrailingWhiteSpaces}
${remapStatements}
${setStatements}
${settingsForElm}
${settingsForGo}
- " I dont know what this line is about
+ " dont expand tabs in go files and show it with four whitespaces.
autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
'';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
diff --git a/jeschli/2configs/zsh.nix b/jeschli/2configs/zsh.nix
new file mode 100644
index 000000000..be5b661b4
--- /dev/null
+++ b/jeschli/2configs/zsh.nix
@@ -0,0 +1,138 @@
+{ config, lib, pkgs, ... }:
+{
+ environment.systemPackages = [ pkgs.fzf ];
+ programs.zsh = {
+ enable = true;
+ shellInit = ''
+ #disable config wizard
+ zsh-newuser-install() { :; }
+ '';
+ interactiveShellInit = ''
+ setopt autocd extendedglob
+ bindkey -e
+
+ #history magic
+ bindkey "" up-line-or-local-history
+ bindkey "" down-line-or-local-history
+
+ up-line-or-local-history() {
+ zle set-local-history 1
+ zle up-line-or-history
+ zle set-local-history 0
+ }
+ zle -N up-line-or-local-history
+ down-line-or-local-history() {
+ zle set-local-history 1
+ zle down-line-or-history
+ zle set-local-history 0
+ }
+ zle -N down-line-or-local-history
+
+ setopt share_history
+ setopt hist_ignore_dups
+ # setopt inc_append_history
+ bindkey '^R' history-incremental-search-backward
+
+ #C-x C-e open line in editor
+ autoload -z edit-command-line
+ zle -N edit-command-line
+ bindkey "^X^E" edit-command-line
+
+ #fzf inclusion
+ source ${pkgs.fzf}/share/fzf/completion.zsh
+ source ${pkgs.fzf}/share/fzf/key-bindings.zsh
+
+ #completion magic
+ autoload -Uz compinit
+ compinit
+ zstyle ':completion:*' menu select
+
+ #enable automatic rehashing of $PATH
+ zstyle ':completion:*' rehash true
+
+ eval $(dircolors -b ${pkgs.fetchFromGitHub {
+ owner = "trapd00r";
+ repo = "LS_COLORS";
+ rev = "master";
+ sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
+ }}/LS_COLORS)
+
+ #beautiful colors
+ alias ls='ls --color'
+ # zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
+
+ #emacs bindings
+ bindkey "[7~" beginning-of-line
+ bindkey "[8~" end-of-line
+ bindkey "Oc" emacs-forward-word
+ bindkey "Od" emacs-backward-word
+
+ #aliases
+ alias ll='ls -l'
+ alias la='ls -la'
+
+ #fancy window title magic
+ '';
+ promptInit = ''
+ # TODO: figure out why we need to set this here
+ HISTSIZE=900001
+ HISTFILESIZE=$HISTSIZE
+ SAVEHIST=$HISTSIZE
+
+ autoload -U promptinit
+ promptinit
+
+ p_error='%(?..%F{red}%?%f )'
+ t_error='%(?..%? )'
+
+ case $UID in
+ 0)
+ p_username='%F{red}root%f'
+ t_username='root'
+ ;;
+ 1337)
+ p_username=""
+ t_username=""
+ ;;
+ *)
+ p_username='%F{blue}%n%f'
+ t_username='%n'
+ ;;
+ esac
+
+ if test -n "$SSH_CLIENT"; then
+ p_hostname='@%F{magenta}%M%f '
+ t_hostname='@%M '
+ else
+ p_hostname=""
+ t_hostname=""
+ fi
+
+ #check if in nix shell
+ if test -n "$buildInputs"; then
+ p_nixshell='%F{green}[s]%f '
+ t_nixshell='[s] '
+ else
+ p_nixshell=""
+ t_nixshell=""
+ fi
+
+ PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ "
+ TITLE="$t_error$t_username$t_hostname$t_nixshell%~"
+ case $TERM in
+ (*xterm* | *rxvt*)
+ function precmd {
+ PROMPT_EVALED="$(print -P $TITLE)"
+ echo -ne "\033]0;$$ $PROMPT_EVALED\007"
+ }
+ # This is seen while the shell waits for a command to complete.
+ function preexec {
+ PROMPT_EVALED="$(print -P $TITLE)"
+ echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
+ }
+ ;;
+ esac
+ '';
+ };
+ users.defaultUserShell = "/run/current-system/sw/bin/zsh";
+}
diff --git a/jeschli/source.nix b/jeschli/source.nix
index d5cc32a9f..91ff5514f 100644
--- a/jeschli/source.nix
+++ b/jeschli/source.nix
@@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
then "buildbot"
else "jeschli";
_file = <stockholm> + "/jeschli/1systems/${name}/source.nix";
+ pkgs = import <nixpkgs> {
+ overlays = map import [
+ <stockholm/krebs/5pkgs>
+ ];
+ };
in
evalSource (toString _file) [
{
@@ -17,6 +22,7 @@ in
jeschli = "${getEnv "HOME"}/secrets/${name}";
};
stockholm.file = toString <stockholm>;
+ stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
}
override
]
diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix
index b75233871..f4c1290c2 100644
--- a/krebs/2configs/go.nix
+++ b/krebs/2configs/go.nix
@@ -8,6 +8,7 @@ with import <stockholm/lib>;
krebs.go = {
enable = true;
};
+ networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts.go = {
diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix
index 90a1a111f..3780e0d7d 100644
--- a/krebs/2configs/hw/x220.nix
+++ b/krebs/2configs/hw/x220.nix
@@ -14,7 +14,6 @@ with import <stockholm/lib>;
boot = {
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
- extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
kernelParams = [ "acpi_backlight=none" ];
};
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 9c343309a..6fe01e466 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -233,6 +233,7 @@ let
"github.com"
# List generated with
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
+ "192.30.252.*"
"192.30.253.*"
"192.30.254.*"
"192.30.255.*"
@@ -240,9 +241,12 @@ let
"185.199.109.*"
"185.199.110.*"
"185.199.111.*"
- "18.195.85.27"
+ "13.229.188.59"
+ "13.250.177.223"
"18.194.104.89"
+ "18.195.85.27"
"35.159.8.160"
+ "52.74.223.119"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 1634a62ac..e269d1fa1 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -551,6 +551,32 @@ with import <stockholm/lib>;
};
};
};
+ dpdkm = {
+ ci = false;
+ external = true;
+ nets = rec {
+ retiolum = {
+ ip4.addr = "10.243.29.173";
+ ip6.addr = "42:4992:6a6d:900::1";
+ aliases = [ "dpdkm.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
+ NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
+ qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
+ X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
+ f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
+ bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
+ Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
+ B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
+ tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
+ dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
+ mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
xerxes = {
cores = 2;
nets = rec {
@@ -624,6 +650,10 @@ with import <stockholm/lib>;
mail = "lass@xerxes.r";
pubkey = builtins.readFile ./ssh/xerxes.rsa;
};
+ lass-daedalus = {
+ mail = "lass@daedalus.r";
+ pubkey = builtins.readFile ./ssh/daedalus.rsa;
+ };
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};
diff --git a/krebs/3modules/lass/ssh/daedalus.rsa b/krebs/3modules/lass/ssh/daedalus.rsa
new file mode 100644
index 000000000..ad4847974
--- /dev/null
+++ b/krebs/3modules/lass/ssh/daedalus.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgF3311cZ/JV7lOzo/Crmy6pi0oBYu5klbTb8lU/Yic55XVRyYFtm+KGrNvqkcFgOx803aS7jogJ1N6HCdUAaEl5MzlkOX++h97ihZ/NeQZKDjYEEQYl4ElmIbCRiddpDm0HVX1OGSCtUzhlyDHJ8ieMCb+QVNrpwovlQnp53c/+Z6rGSZWgBMrzP7stlw+XjC1Alhi1M5L+bJfroa7cEcF+J5ZN+J2mWSmkPiQ6+iuk9zRkc5ELO1Vz4MsLoeKwbJrz+uuNVsY7u070pHtsLwbAsYU5vOWJeN/vtEwy51SY/so30FowvivTD9jIJ0xcmAdC56XjWaxttKuqUVBjJqhwqsUI6+AxLESekFXzkfghmG+AJPPkb2pvpVF3k0Ivn14bFBuFv0T2qPHq68Fs19WLTZn+dK3V+RfVkI6bEZaMOUezyBv59yFEY42wMISPw53jkaWqKIxyGCBECi3XlbeQ61FkwE9TElSY+NmoeMu6jPWw7XGDY4Jt6mtKiYu3hVqI5pg4hq3bxB8r2W7LnkDiYfArbzwmrc2zAmgJtY60/Pcwq7hP3LSDEuDDc4gYgpkLNwHjs+CLWqpbQffCFv+oOZj8G92if+dMBOUSBCr6FDqH6wLxZp2cfhud0p/0kLz09nv/PcRohOHdaQSEW7OAhJ5kgg3DuxhwUwOf/3UX5iLvm4WwE/mb7Iki4U3AENKHUWQ7TOrXcQq9AJX57e9CTI+N4phtzp9qur8vjVl2OpYl2Qb/0yQSGM+4wQ/nM4acePMk80oXLb3OJBlPp0CswzoI7kFBD0TUOnFTCkrJWPaZhgjQXyvCzgFKAvXgqWy4riczqLhdBAhc1vT3a18HsqKXE3mhJa6Kjl6r/ZQaDl2zw7uLmWTHhGuUI9w487L36extGuC3Tv8zEvu2UHqhdEcaSDzRQYcv1kRobfhTWjzFHzdA97Kkc+HuFfJk3MzchsjCxqIuDP4r5YauMBMHAIsUlP7Ar/t29WreAGJbCCd2oulkFL+P+8Sp6SksMMhKQvuRcj74n6BETfailv64z2FjT+qzkCsr/gzvWD08EJRZUCpidX2WfMoL396nBf+EgwhFykqoFg2jlJJ7Vggod8CSHUSeBkslhNk/tkv4y+NnsAIgNluVZlxIeKj1UgazohSNQVRHozs2lkuK0Ytl4TsFrE0X3ar7LpwEVvCLj3eh2kg4kNKNN/vOwWxvMlF9uCBq5FUHaBCst/OXeigjfGZ0ZK5iHsZN+R/iIlG+3V3VN1Rm29aPJPSuAgwl/lfPUfUP5c8QiwnDgdHqMi7VcuCpEtcTLjqDHBssqosRTLodcIZY6qLepm5kQgJ2FfcTPi+ZwT3Z/IFH6p/H7NeVbb8rVYeF/zqDJiWbI+gDy0xFnGgOLpFSBdHq679FjtjZk7Exgz3rVD+QsoSB8VYVOSqpHB1LQyQ2qBry+33CNpxlX5GaaLx5sbEKEguaJ+9R7Mbf8zQMa8EAXhqoT96kIj66IEk= lass@daedalus
diff --git a/krebs/3modules/lass/ssh/icarus.rsa b/krebs/3modules/lass/ssh/icarus.rsa
index e3cb74081..1126c331e 100644
--- a/krebs/3modules/lass/ssh/icarus.rsa
+++ b/krebs/3modules/lass/ssh/icarus.rsa
@@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm4qnRU8/Zyb+7x/QxW1grN+i1qcN39Sr/TSkBdccAPyfPdk8ph/G+wZKgsyr9sl5CgbA4hOsqDBN97dp4dKghKARuk0GldHDgo+2odWwBTa4EOSmE4Bfj3z7r9tW33Y+ujy55L4w5Qw21lj51mbhc0qvC/03xypEeKsLM0RtNAf8TsdGMPGmbha7uCF75VjFJvrHysbjonh6ZQ+Or8N0MSNABZ9oawJQxxBUqtLFhnq20zCJmm281f9GS/EaGYwcpOjiHd4fj3XWyfEIJRK/LRBZXkidvVDN7mhOQY3G+qiGZfPeyged9CRDRFoc5QbZ43NtrmPS+yUtjHQZKynkjI0lA00fegRzb0FkEJmYSy1Vdqgj338CjNwcuTaKJTw2EotMqMuHyk1FllnphafJtgMTMLIGoZRTpJpC91gbP0MGTnRoCwD4McZcz1YD3cxng101QsLsDv/FPxzbyxr+P6rjBB6eP6IhP4k4ALjWzoMURdCo1BW4//zt+PXImUpcX2+urtAMmVBQ8BwZry1hsEcR+r6C1Yb+jzeWGnvtfjXSFv+ZjpA0eEnqeKeh3LDCxybjkok51zdTe97EZ0sDAnKcnrVzpXJwehY02E2N9Sw1HhvWIUUulr09a2bC2rYR7HWryOjaEzT2aKmUyrxPkflCawB8gn2iSbVMWK74VJw== lass@icarus
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgEuFS5MwYQRF+0MKAQvyv6O+0ky0QnOKGMVZgFXE4g2JrByTCXQAeQmyJquM1wl9IRD63res8ZguMoAz2PkHfNbRSSsR7pH/G3DaJRl0VGf14zO3bjBbogQ45j1Bwxi78h44SDmuBAkp0t76ca16kWGhwEVt03+8sqmbLV90RjHZlrFw2sDgTu35SDz1q/ZzkdyFP3xSIBUnsQD64qRLMx64yLcBp0uu2h7gBBCVyA1T+VR3Nc1yIOyv0nUaqEHz+CDATtFlgGTgT6cCXoIPN0QAuIa3pDxt7htD/POsWuFbpbqrBQVcgun5s3J5X0OmNyoqGqqubcycvuYipZUjBCxyTb7RxCqj2oR8alSaeGZm64I0VSGX/iSCtXKaEJqBbxwNUgDH6B2oUeZbRwgPl/SG8vBku1oKzt/36IBoY8HttcosqLkfTquyyO7KVtOBu04geCmmiqJpSV4j5iYMxvrD0AQ3JJmrcbzUYoCGxlYO19TPsa+Ybhn/E8suach75+DIPj5LacYAh9Wjirw67Kg5QyYEt8XGTR2xxF78CFi0JGBRcyorPfFPLznmVntqJLe6dGNL3njgdD0Ocz8V5ktk1pjY5D2nG8GXfd45NQl2QjTLYnYX4dGuudBXth0nEJMv/MRHZrXVViIqwazdq4mA5z1Yu4Tb3l17d2cAZobzdut6JuZbd7itXAPIiY0vEWXr8lpEuE8Uz9mz8aPxZlhmHSXvNcwhq+i2+cFO8OPwUGbnE2cAHpymlQ3aDRgpptAIMU2LjIAblqsvA72asJpuRqu7ZOoy0vVRCOhktIzZXWR9hF5/CM/7NZ5skvHzYlmgkvnuu4jDDGusF32Zyiip0WJg+Iijqe8VpOqCup5UEF5QG32yQwaZDrKd71hq7Z1xNe0vEPN8yCxpes8hWafYY9m8YRrUduDVlOon7SzmdU76RPn2oF6udCGP7A/hEeRiwrDaRuIwchh99Xw3LioxXNzLYB1aXd+yKuZyhW+witC20ISdyZz7JPIrb49JCGH8FtbcDzD1B8Xd1By34POfhxriSr9UG5Hj9LGbA3/aKMOajZdcbrKXorUrKdhAuZv1z4rjW5iwYgXF2G/nseeCOw+DPEcB3GexsyCTUzSjJ6fy3Aqlzppwttx5MfkbNhPZWRCfDX3i0g8e0aFlgvlj99aGgUQeEpYg8peZhe1lxl25Ftc0R7pYmXPDeCY1yWxZiXZ3YtVVr43c/FEaQHXfkZ2I+t5lG6CmgJhhYjUry5Sx4/NgfBvpmU22cIBWNmyTn9q3gDFmeoIiTwlF654K7NnsWrdKr2L2fGI10Xe/J/GYkkzX39e5bToQPXh23gUfIr7faYEPBsVU/SaEkWNHojzf/NKjPT0utvlFr0HqnFYSdk4wpWzcrhii7E/UhgKvpA/k2Vlj4ZhkejfZXQWxRbJzejkVSJcUGim+Dt1WUZJXVOgEkJ3WA6z+ha2FN2sBDdvRKlad55aelvRrbu3/vPzEuE= lass@icarus
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 56e5c6b82..e137da7ca 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -503,6 +503,7 @@ with import <stockholm/lib>;
# ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
aliases = [
"wbob.r"
+ "hydra.wbob.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -1038,6 +1039,10 @@ with import <stockholm/lib>;
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x";
};
+ makefu-remote-builder = {
+ inherit (makefu) mail pgp;
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild";
+ };
makefu-bob = {
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";
diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix
index 0779feede..8f71a357f 100644
--- a/krebs/3modules/os-release.nix
+++ b/krebs/3modules/os-release.nix
@@ -5,7 +5,11 @@ let
nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})";
nixos-pretty-name = "NixOS ${nixos-version}";
- stockholm-version-id = maybeEnv "STOCKHOLM_VERSION" "unknown";
+ stockholm-version-id = let
+ eval = tryEval (removeSuffix "\n" (readFile <stockholm-version>));
+ in
+ if eval.success then eval.value else "unknown";
+
stockholm-version = "${stockholm-version-id}";
stockholm-pretty-name = "stockholm ${stockholm-version}";
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
index b2e3aa7c5..45d9d81c3 100644
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@@ -18,10 +18,10 @@ let
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
origin = mkOption {
- type = types.git-source;
+ type = types.source-types.git;
};
mirror = mkOption {
- type = types.git-source;
+ type = types.source-types.git;
};
};
config = {
@@ -31,7 +31,7 @@ let
}));
};
latest = mkOption {
- type = types.nullOr types.git-source;
+ type = types.nullOr types.source-types.git;
default = null;
};
timerConfig = mkOption {
diff --git a/krebs/5pkgs/simple/ftb/default.nix b/krebs/5pkgs/simple/ftb/default.nix
index 199c12b44..c2e83c9f4 100644
--- a/krebs/5pkgs/simple/ftb/default.nix
+++ b/krebs/5pkgs/simple/ftb/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, makeDesktopItem
+{ stdenv, fetchurl
, jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm
, openjdk
, mesa, openal
@@ -7,23 +7,12 @@ with stdenv.lib;
assert useAlsa -> alsaOss != null;
-let
- desktopItem = makeDesktopItem {
- name = "minecraft";
- exec = "minecraft";
- icon = "minecraft";
- comment = "A sandbox-building game";
- desktopName = "Minecraft";
- genericName = "minecraft";
- categories = "Game;";
- };
-
-in stdenv.mkDerivation {
+stdenv.mkDerivation {
name = "ftb";
src = fetchurl {
url = "http://ftb.cursecdn.com/FTB2/launcher/FTB_Launcher.jar";
- sha256 = "10ga4jgyfsj5dy4rj2rla0fpnfpnxv8r3bmxpqpwn7fsry4il79v";
+ sha256 = "0pyh83hhni97ryvz6yy8lyiagjrlx67cwr780s2bja92rxc1sqpj";
};
phases = "installPhase";
@@ -36,6 +25,7 @@ in stdenv.mkDerivation {
cat > $out/bin/ftb << EOF
#!${stdenv.shell}
+ export _JAVA_AWT_WM_NONREPARENTING=1
export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]}
${if useAlsa then "${alsaOss}/bin/aoss" else "" } \
${jre}/bin/java -jar $out/ftb.jar
@@ -43,9 +33,6 @@ in stdenv.mkDerivation {
chmod +x $out/bin/ftb
- mkdir -p $out/share/applications
- ln -s ${desktopItem}/share/applications/* $out/share/applications/
-
${openjdk}/bin/jar xf $out/ftb.jar favicon.png
'';
}
diff --git a/krebs/5pkgs/simple/populate/default.nix b/krebs/5pkgs/simple/populate/default.nix
index 62e3ab216..e35423b49 100644
--- a/krebs/5pkgs/simple/populate/default.nix
+++ b/krebs/5pkgs/simple/populate/default.nix
@@ -16,12 +16,12 @@ in
stdenv.mkDerivation rec {
name = "populate";
- version = "2.1.0";
+ version = "2.3.0";
src = fetchgit {
url = http://cgit.ni.krebsco.de/populate;
rev = "refs/tags/v${version}";
- sha256 = "0cr50y6h6nps0qgpmi01h0z9wzpv2704y5zgx2salk1grkmvcfmh";
+ sha256 = "05zr132k1s3a1cc879lvhb83hax7dbfmsbrnxmh7dxjcdg3yhxd7";
};
phases = [
diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix
index 53c1ca5ba..4d15e7ac2 100644
--- a/krebs/5pkgs/simple/stockholm/default.nix
+++ b/krebs/5pkgs/simple/stockholm/default.nix
@@ -216,7 +216,6 @@
init.env = pkgs.writeText "init.env" /* sh */ ''
export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
- export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${cmds.get-version})}"
export quiet
export system
@@ -251,7 +250,6 @@
"$target_user@$target_host" -p "$target_port" \
cd "$target_path/stockholm" \; \
NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \
- STOCKHOLM_VERSION=$(${pkgs.quote}/bin/quote "$STOCKHOLM_VERSION") \
nix-shell --run "$(${pkgs.quote}/bin/quote "
${lib.concatStringsSep " " (lib.mapAttrsToList
(name: opt: /* sh */
diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix
index ebf872568..64f3ad1ac 100644
--- a/krebs/5pkgs/simple/urlwatch/default.nix
+++ b/krebs/5pkgs/simple/urlwatch/default.nix
@@ -2,13 +2,13 @@
python3Packages.buildPythonApplication rec {
name = "urlwatch-${version}";
- version = "2.7";
+ version = "2.8";
src = fetchFromGitHub {
owner = "thp";
repo = "urlwatch";
rev = version;
- sha256 = "0fx964z73yv08b1lpymmjsigf6929zx9ax5bp34rcf2c5gk11l5m";
+ sha256 = "1nja7n6pc45azd3l1xyvav89855lvcgwabrvf34rps81dbl8cnl4";
};
propagatedBuildInputs = with python3Packages; [
diff --git a/krebs/source.nix b/krebs/source.nix
index fcc7fb74f..7e0ea7e47 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
then "buildbot"
else "krebs";
_file = <stockholm> + "/krebs/1systems/${name}/source.nix";
+ pkgs = import <nixpkgs> {
+ overlays = map import [
+ <stockholm/krebs/5pkgs>
+ ];
+ };
in
evalSource (toString _file) [
{
@@ -16,9 +21,10 @@ in
};
};
stockholm.file = toString <stockholm>;
+ stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "b222a0713f4a689519686421b3fbf5ca0c9bd3da"; # nixos-17.09 @ 2018-01-23
+ ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27
};
}
override
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index f53e93f26..c4d99cb2c 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -16,6 +16,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
+ <stockholm/lass/2configs/rtl-sdr.nix>
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
@@ -136,24 +137,47 @@ with import <stockholm/lib>;
networking.hostName = lib.mkForce "BLN02NB0162";
security.pki.certificateFiles = [
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
-
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
+
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
+ (pkgs.writeText "minio.cert" ''
+ -----BEGIN CERTIFICATE-----
+ MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS
+ MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1
+ OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+ AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL
+ 8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV
+ YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C
+ ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM
+ CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw
+ hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk
+ MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw
+ I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB
+ CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30
+ hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox
+ jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY
+ EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM
+ zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a
+ qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa
+ -----END CERTIFICATE-----
+ '')
];
lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
programs.adb.enable = true;
- users.users.mainUser.extraGroups = [ "adbusers" ];
+ users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
services.printing.drivers = [ pkgs.postscript-lexmark ];
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
+
+ virtualisation.docker.enable = true;
}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 936666a73..cbb71ab24 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -31,6 +31,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/c-base.nix>
<stockholm/lass/2configs/br.nix>
<stockholm/lass/2configs/ableton.nix>
+ <stockholm/lass/2configs/dunst.nix>
+ <stockholm/lass/2configs/rtl-sdr.nix>
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@@ -89,6 +91,10 @@ with import <stockholm/lib>;
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
+ "/home/virtual" = {
+ device = "/dev/mapper/pool-virtual";
+ fsType = "ext4";
+ };
};
services.udev.extraRules = ''
@@ -176,7 +182,7 @@ with import <stockholm/lib>;
echo 'secrets are crypted' >&2
exit 23
else
- exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"'
+ exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
fi
'';
predeploy = pkgs.writeDash "predeploy" ''
@@ -194,5 +200,6 @@ with import <stockholm/lib>;
nix.package = pkgs.nixUnstable;
programs.adb.enable = true;
- users.users.mainUser.extraGroups = [ "adbusers" ];
+ users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
+ virtualisation.docker.enable = true;
}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 087aaab06..c0e4620cc 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -292,11 +292,22 @@ in {
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/lass/2configs/dcso-dev.nix>
{
+ users.users.jeschli = {
+ uid = genid "jeschli";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = with config.krebs.users; [
+ jeschli.pubkey
+ jeschli-bln.pubkey
+ jeschli-bolide.pubkey
+ jeschli-brauerei.pubkey
+ ];
+ };
krebs.git.rules = [
{
user = with config.krebs.users; [
jeschli
jeschli-bln
+ jeschli-bolide
jeschli-brauerei
];
repo = [ config.krebs.git.repos.stockholm ];
@@ -313,6 +324,18 @@ in {
}
<stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix>
+ {
+ services.taskserver = {
+ enable = true;
+ fqdn = "lassul.us";
+ listenHost = "::";
+ listenPort = 53589;
+ organisations.lass.users = [ "lass" "android" ];
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index ef015aebc..7fb57544f 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -61,4 +61,8 @@ with import <stockholm/lib>;
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
'';
+
+ services.logind.extraConfig = ''
+ HandleLidSwitch=ignore
+ '';
}
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
index 51512955e..7d3dfd428 100644
--- a/lass/2configs/IM.nix
+++ b/lass/2configs/IM.nix
@@ -41,6 +41,7 @@ in {
lass-shodan.pubkey
lass-icarus.pubkey
lass-android.pubkey
+ lass-helios.pubkey
];
};
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 5ca024574..ed179ded6 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -2,6 +2,7 @@
with import <stockholm/lib>;
let
user = config.krebs.build.user;
+ xmonad-lass = pkgs.callPackage <stockholm/lass/5pkgs/custom/xmonad-lass> { inherit config; };
in {
imports = [
./mpv.nix
@@ -10,6 +11,7 @@ in {
./livestream.nix
./dns-stuff.nix
./urxvt.nix
+ ./network-manager.nix
{
hardware.pulseaudio = {
enable = true;
@@ -83,7 +85,6 @@ in {
powertop
push
rxvt_unicode_with-plugins
- screengrab
slock
sxiv
timewarrior
@@ -98,6 +99,7 @@ in {
zathura
cabal2nix
+ xephyrify
];
fonts.fonts = with pkgs; [
@@ -121,13 +123,13 @@ in {
name = "xmonad";
start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
- ${pkgs.coreutils}/bin/sleep infinity
+ ${pkgs.systemd}/bin/systemctl --user start xmonad
+ exec ${pkgs.coreutils}/bin/sleep infinity
'';
}];
};
systemd.user.services.xmonad = {
- wantedBy = [ "graphical-session.target" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
RXVT_SOCKET = "%t/urxvtd-socket";
@@ -135,8 +137,8 @@ in {
};
serviceConfig = {
SyslogIdentifier = "xmonad";
- ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
- ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
+ ExecStart = "${xmonad-lass}/bin/xmonad";
+ ExecStop = "${xmonad-lass}/bin/xmonad --shutdown";
};
restartIfChanged = false;
};
diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix
index cbf853d64..ae1c7bc8d 100644
--- a/lass/2configs/dcso-dev.nix
+++ b/lass/2configs/dcso-dev.nix
@@ -17,6 +17,7 @@ in {
config.krebs.users.lass.pubkey
config.krebs.users.lass-android.pubkey
config.krebs.users.jeschli-bln.pubkey
+ config.krebs.users.jeschli-brauerei.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB"
];
@@ -44,6 +45,11 @@ in {
};
};
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 8000"; target = "ACCEPT";}
+ { predicate = "-p tcp --dport 9000"; target = "ACCEPT";}
+ ];
+
krebs.per-user.dev.packages = [
pkgs.go
];
@@ -51,4 +57,6 @@ in {
security.sudo.extraConfig = ''
${mainUser.name} ALL=(dev) NOPASSWD: ALL
'';
+
+ services.minio.enable = true;
}
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 9582413ed..8d0fb0d02 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -16,6 +16,8 @@ with import <stockholm/lib>;
lass.pubkey
lass-shodan.pubkey
lass-icarus.pubkey
+ lass-daedalus.pubkey
+ lass-helios.pubkey
makefu.pubkey
wine-mors.pubkey
];
diff --git a/lass/2configs/dunst.nix b/lass/2configs/dunst.nix
new file mode 100644
index 000000000..6d3d839bc
--- /dev/null
+++ b/lass/2configs/dunst.nix
@@ -0,0 +1,277 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+let
+ dunstConfig = pkgs.writeText "dunst-config" ''
+ [global]
+ font = Iosevka Term 11
+
+ # Allow a small subset of html markup:
+ # <b>bold</b>
+ # <i>italic</i>
+ # <s>strikethrough</s>
+ # <u>underline</u>
+ #
+ # For a complete reference see
+ # <http://developer.gnome.org/pango/stable/PangoMarkupFormat.html>.
+ # If markup is not allowed, those tags will be stripped out of the
+ # message.
+ markup = yes
+ plain_text = no
+
+ # The format of the message. Possible variables are:
+ # %a appname
+ # %s summary
+ # %b body
+ # %i iconname (including its path)
+ # %I iconname (without its path)
+ # %p progress value if set ([ 0%] to [100%]) or nothing
+ # Markup is allowed
+ format = "%a\n<b>%s</b>\n%b"
+
+ # Sort messages by urgency.
+ sort = yes
+
+ # Show how many messages are currently hidden (because of geometry).
+ indicate_hidden = yes
+
+ # Alignment of message text.
+ # Possible values are "left", "center" and "right".
+ alignment = center
+
+ # The frequency with wich text that is longer than the notification
+ # window allows bounces back and forth.
+ # This option conflicts with "word_wrap".
+ # Set to 0 to disable.
+ bounce_freq = 0
+
+ # Show age of message if message is older than show_age_threshold
+ # seconds.
+ # Set to -1 to disable.
+ show_age_threshold = 1
+
+ # Split notifications into multiple lines if they don't fit into
+ # geometry.
+ word_wrap = yes
+
+ # Ignore newlines '\n' in notifications.
+ ignore_newline = no
+
+ # Hide duplicate's count and stack them
+ stack_duplicates = yes
+ hide_duplicates_count = no
+
+
+ # The geometry of the window:
+ # [{width}]x{height}[+/-{x}+/-{y}]
+ # The geometry of the message window.
+ # The height is measured in number of notifications everything else
+ # in pixels. If the width is omitted but the height is given
+ # ("-geometry x2"), the message window expands over the whole screen
+ # (dmenu-like). If width is 0, the window expands to the longest
+ # message displayed. A positive x is measured from the left, a
+ # negative from the right side of the screen. Y is measured from
+ # the top and down respectevly.
+ # The width can be negative. In this case the actual width is the
+ # screen width minus the width defined in within the geometry option.
+ geometry = "500x10-0+0"
+
+ # Shrink window if it's smaller than the width. Will be ignored if
+ # width is 0.
+ shrink = no
+
+ # The transparency of the window. Range: [0; 100].
+ # This option will only work if a compositing windowmanager is
+ # present (e.g. xcompmgr, compiz, etc.).
+ # transparency = 5
+
+ # Don't remove messages, if the user is idle (no mouse or keyboard input)
+ # for longer than idle_threshold seconds.
+ # Set to 0 to disable.
+ idle_threshold = 0
+
+ # Which monitor should the notifications be displayed on.
+ monitor = keyboard
+
+ # Display notification on focused monitor. Possible modes are:
+ # mouse: follow mouse pointer
+ # keyboard: follow window with keyboard focus
+ # none: don't follow anything
+ #
+ # "keyboard" needs a windowmanager that exports the
+ # _NET_ACTIVE_WINDOW property.
+ # This should be the case for almost all modern windowmanagers.
+ #
+ # If this option is set to mouse or keyboard, the monitor option
+ # will be ignored.
+ follow = none
+
+ # Should a notification popped up from history be sticky or timeout
+ # as if it would normally do.
+ sticky_history = yes
+
+ # Maximum amount of notifications kept in history
+ history_length = 15
+
+ # Display indicators for URLs (U) and actions (A).
+ show_indicators = no
+
+ # The height of a single line. If the height is smaller than the
+ # font height, it will get raised to the font height.
+ # This adds empty space above and under the text.
+ line_height = 3
+
+ # Draw a line of "separatpr_height" pixel height between two
+ # notifications.
+ # Set to 0 to disable.
+ separator_height = 1
+
+ # Padding between text and separator.
+ padding = 1
+
+ # Horizontal padding.
+ horizontal_padding = 1
+
+ # Define a color for the separator.
+ # possible values are:
+ # * auto: dunst tries to find a color fitting to the background;
+ # * foreground: use the same color as the foreground;
+ # * frame: use the same color as the frame;
+ # * anything else will be interpreted as a X color.
+ separator_color = frame
+
+ # Print a notification on startup.
+ # This is mainly for error detection, since dbus (re-)starts dunst
+ # automatically after a crash.
+ startup_notification = true
+
+ # dmenu path.
+ dmenu = ${pkgs.dmenu}/bin/dmenu -p dunst:
+
+ # Browser for opening urls in context menu.
+ browser = /usr/bin/firefox -new-tab
+
+ # Align icons left/right/off
+ icon_position = off
+ max_icon_size = 80
+
+ # Paths to default icons.
+ icon_folders = /usr/share/icons/Paper/16x16/mimetypes/:/usr/share/icons/Paper/48x48/status/:/usr/share/icons/Paper/16x16/devices/:/usr/share/icons/Paper/48x48/notifications/:/usr/share/icons/Paper/48x48/emblems/
+
+ frame_width = 2
+ frame_color = "#8EC07C"
+
+ [shortcuts]
+
+ # Shortcuts are specified as [modifier+][modifier+]...key
+ # Available modifiers are "ctrl", "mod1" (the alt-key), "mod2",
+ # "mod3" and "mod4" (windows-key).
+ # Xev might be helpful to find names for keys.
+
+ # Close notification.
+ close = ctrl+space
+
+ # Close all notifications.
+ close_all = ctrl+shift+space
+
+ # Redisplay last message(s).
+ # On the US keyboard layout "grave" is normally above TAB and left
+ # of "1".
+ history = ctrl+grave
+
+ # Context menu.
+ context = mod4+u
+
+ [urgency_low]
+ # IMPORTANT: colors have to be defined in quotation marks.
+ # Otherwise the "#" and following would be interpreted as a comment.
+ frame_color = "#3B7C87"
+ foreground = "#3B7C87"
+ background = "#191311"
+ #background = "#2B313C"
+ timeout = 0
+
+ [urgency_normal]
+ frame_color = "#5B8234"
+ foreground = "#5B8234"
+ background = "#191311"
+ #background = "#2B313C"
+ timeout = 0
+
+ [urgency_critical]
+ frame_color = "#B7472A"
+ foreground = "#B7472A"
+ background = "#191311"
+ #background = "#2B313C"
+ timeout = 0
+
+
+ # Every section that isn't one of the above is interpreted as a rules to
+ # override settings for certain messages.
+ # Messages can be matched by "appname", "summary", "body", "icon", "category",
+ # "msg_urgency" and you can override the "timeout", "urgency", "foreground",
+ # "background", "new_icon" and "format".
+ # Shell-like globbing will get expanded.
+ #
+ # SCRIPTING
+ # You can specify a script that gets run when the rule matches by
+ # setting the "script" option.
+ # The script will be called as follows:
+ # script appname summary body icon urgency
+ # where urgency can be "LOW", "NORMAL" or "CRITICAL".
+ #
+ # NOTE: if you don't want a notification to be displayed, set the format
+ # to "".
+ # NOTE: It might be helpful to run dunst -print in a terminal in order
+ # to find fitting options for rules.
+
+ #[espeak]
+ # summary = "*"
+ # script = dunst_espeak.sh
+
+ #[script-test]
+ # summary = "*script*"
+ # script = dunst_test.sh
+
+ #[ignore]
+ # # This notification will not be displayed
+ # summary = "foobar"
+ # format = ""
+
+ #[signed_on]
+ # appname = Pidgin
+ # summary = "*signed on*"
+ # urgency = low
+ #
+ #[signed_off]
+ # appname = Pidgin
+ # summary = *signed off*
+ # urgency = low
+ #
+ #[says]
+ # appname = Pidgin
+ # summary = *says*
+ # urgency = critical
+ #
+ #[twitter]
+ # appname = Pidgin
+ # summary = *twitter.com*
+ # urgency = normal
+ #
+ # vim: ft=cfg
+ '';
+in {
+ systemd.user.services.dunst = {
+ wantedBy = [ "graphical-session.target" ];
+ requires = [ "xmonad.service" ];
+ environment = {
+ DISPLAY = ":${toString config.services.xserver.display}";
+ };
+ serviceConfig = {
+ SyslogIdentifier = "dunst";
+ ExecStart = "${pkgs.dunst}/bin/dunst -conf ${dunstConfig}";
+ Restart = "always";
+ RestartSec = "15s";
+ StartLimitBurst = 0;
+ };
+ };
+}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 0219f5216..ae652722a 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -11,7 +11,6 @@ with import <stockholm/lib>;
primary_hostname = "lassul.us";
sender_domains = [
"lassul.us"
- "aidsballs.de"
];
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
@@ -59,6 +58,26 @@ with import <stockholm/lib>;
{ from = "coinexchange@lassul.us"; to = lass.mail; }
{ from = "verwaltung@lassul.us"; to = lass.mail; }
{ from = "gearbest@lassul.us"; to = lass.mail; }
+ { from = "binance@lassul.us"; to = lass.mail; }
+ { from = "bitfinex@lassul.us"; to = lass.mail; }
+ { from = "alternate@lassul.us"; to = lass.mail; }
+ { from = "redacted@lassul.us"; to = lass.mail; }
+ { from = "mytaxi@lassul.us"; to = lass.mail; }
+ { from = "pizza@lassul.us"; to = lass.mail; }
+ { from = "robinhood@lassul.us"; to = lass.mail; }
+ { from = "drivenow@lassul.us"; to = lass.mail; }
+ { from = "aws@lassul.us"; to = lass.mail; }
+ { from = "reddit@lassul.us"; to = lass.mail; }
+ { from = "banggood@lassul.us"; to = lass.mail; }
+ { from = "immoscout@lassul.us"; to = lass.mail; }
+ { from = "gmail@lassul.us"; to = lass.mail; }
+ { from = "amazon@lassul.us"; to = lass.mail; }
+ { from = "humblebundle@lassul.us"; to = lass.mail; }
+ { from = "meetup@lassul.us"; to = lass.mail; }
+ { from = "gebfrei@lassul.us"; to = lass.mail; }
+ { from = "github@lassul.us"; to = lass.mail; }
+ { from = "ovh@lassul.us"; to = lass.mail; }
+ { from = "hetzner@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/logf.nix b/lass/2configs/logf.nix
index 03414a745..24b806efa 100644
--- a/lass/2configs/logf.nix
+++ b/lass/2configs/logf.nix
@@ -10,9 +10,13 @@ let
echelon = "197";
cloudkrebs = "119";
};
+ urgent = [
+ "\\blass@mors\\b"
+ ];
in {
environment.systemPackages = [
(pkgs.writeDashBin "logf" ''
+ export LOGF_URGENT=${pkgs.writeJSON "urgent" urgent}
export LOGF_HOST_COLORS=${pkgs.writeJSON "host-colors" host-colors}
${pkgs.logf}/bin/logf ${concatMapStringsSep " " (name: "root@${name}") (attrNames config.lass.hosts)}
'')
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 7c58e8c5f..03d39ef75 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -21,13 +21,46 @@ let
'';
mailboxes = {
- wireguard = [ "wireguard@lists.zx2c4" ];
- c-base = [ "c-base.org" ];
- security = [ "seclists.org" "security" "bugtraq" ];
- nix-devel = [ "nix-devel@googlegroups.com" ];
- shack = [ "shackspace.de" ];
+ c-base = [ "to:c-base.org" ];
+ coins = [
+ "to:btce@lassul.us"
+ "to:coinbase@lassul.us"
+ "to:polo@lassul.us"
+ "to:bitwala@lassul.us"
+ "to:payeer@lassul.us"
+ "to:gatehub@lassul.us"
+ "to:bitfinex@lassul.us"
+ "to:binance@lassul.us"
+ "to:bitcoin.de@lassul.us"
+ "to:robinhood@lassul.us"
+ ];
+ dezentrale = [ "to:dezentrale.space" ];
+ dhl = [ "to:dhl@lassul.us" ];
+ github = [ "to:github@lassul.us" ];
+ gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
+ kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
+ nix-devel = [ "to:nix-devel@googlegroups.com" ];
+ patreon = [ "to:patreon@lassul.us" ];
+ paypal = [ "to:paypal@lassul.us" ];
+ ptl = [ "to:ptl@posttenebraslab.ch" ];
+ retiolum = [ "to:lass@mors.r" ];
+ security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ];
+ shack = [ "to:shackspace.de" ];
+ steam = [ "to:steam@lassul.us" ];
+ tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ];
+ wireguard = [ "to:wireguard@lists.zx2c4" ];
+ zzz = [ "to:pizza@lassul.us" "to:spam@krebsco.de" ];
};
+ tag-new-mails = pkgs.writeDashBin "nm-tag-init" ''
+ ${pkgs.notmuch}/bin/notmuch new
+ ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
+ '';
+
+ tag-old-mails = pkgs.writeDashBin "nm-tag-old" ''
+ ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
+ '';
+
muttrc = pkgs.writeText "muttrc" ''
# gpg
source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
@@ -80,16 +113,15 @@ let
# V
''} %r |"
- virtual-mailboxes \
- "Unread" "notmuch://?query=tag:unread"\
- "INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT to:${f}") (flatten (attrValues mailboxes))}"\
- ${concatMapStringsSep "\n" (i: ''${" "}"${i.name}" "notmuch://?query=${concatMapStringsSep " or " (f: "to:${f}") i.value}"\'') (mapAttrsToList nameValuePair mailboxes)}
- "BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT to:${f}") (flatten (attrValues mailboxes))}"\
- "TODO" "notmuch://?query=tag:TODO"\
- "Starred" "notmuch://?query=tag:*"\
- "Archive" "notmuch://?query=tag:archive"\
- "Sent" "notmuch://?query=tag:sent"\
- "Junk" "notmuch://?query=tag:junk"
+ virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox"
+ virtual-mailboxes "Unread" "notmuch://?query=tag:unread"
+ ${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)}
+ virtual-mailboxes "TODO" "notmuch://?query=tag:TODO"
+ virtual-mailboxes "Starred" "notmuch://?query=tag:*"
+ virtual-mailboxes "Archive" "notmuch://?query=tag:archive"
+ virtual-mailboxes "Sent" "notmuch://?query=tag:sent"
+ virtual-mailboxes "Junk" "notmuch://?query=tag:junk"
+ virtual-mailboxes "All" "notmuch://?query=*"
tag-transforms "junk" "k" \
"unread" "u" \
@@ -163,5 +195,7 @@ in {
mutt
pkgs.much
pkgs.notmuch
+ tag-new-mails
+ tag-old-mails
];
}
diff --git a/lass/2configs/minecraft.nix b/lass/2configs/minecraft.nix
index aa33dcccc..6f8ceb358 100644
--- a/lass/2configs/minecraft.nix
+++ b/lass/2configs/minecraft.nix
@@ -17,5 +17,6 @@
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 25565"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; }
];
}
diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix
new file mode 100644
index 000000000..c4f757de1
--- /dev/null
+++ b/lass/2configs/network-manager.nix
@@ -0,0 +1,24 @@
+{ pkgs, lib, ... }:
+{
+ networking.wireless.enable = lib.mkForce false;
+
+ systemd.services.modemmanager = {
+ description = "ModemManager";
+ after = [ "network-manager.service" ];
+ bindsTo = [ "network-manager.service" ];
+ wantedBy = [ "network-manager.service" ];
+ serviceConfig = {
+ ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
+ PrivateTmp = true;
+ Restart = "always";
+ RestartSec = "5";
+ };
+ };
+ networking.networkmanager.enable = true;
+ users.users.mainUser = {
+ extraGroups = [ "networkmanager" ];
+ packages = with pkgs; [
+ gnome3.gnome_keyring gnome3.dconf
+ ];
+ };
+}
diff --git a/lass/2configs/rtl-sdr.nix b/lass/2configs/rtl-sdr.nix
new file mode 100644
index 000000000..7d640ea6c
--- /dev/null
+++ b/lass/2configs/rtl-sdr.nix
@@ -0,0 +1,6 @@
+{
+ boot.blacklistedKernelModules = [ "dvb_usb_rtl28xxu" ];
+ services.udev.extraRules = ''
+ SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="adm", MODE="0666", SYMLINK+="rtl_sdr"
+ '';
+}
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index 5fe9e1450..6014fd082 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -6,6 +6,9 @@ let
environment.systemPackages = [
(hiPrio vim)
pkgs.python35Packages.flake8
+ (pkgs.writeDashBin "govet" ''
+ go vet "$@"
+ '')
];
environment.etc.vimrc.source = vimrc;
@@ -68,6 +71,9 @@ let
let g:syntastic_python_checkers=['flake8']
let g:syntastic_python_flake8_post_args='--ignore=E501'
+ let g:go_metalinter_autosave = 1
+ let g:go_metalinter_deadline = "10s"
+
nmap <esc>q :buffer
nmap <M-q> :buffer
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 36ae1a904..62055d0fd 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -32,7 +32,6 @@ rec {
let
domain = head domains;
in {
- services.phpfpm.phpPackage = pkgs.php56;
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
enableSSL = true;
diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix
index d60b1feea..dd82b34eb 100644
--- a/lass/2configs/wine.nix
+++ b/lass/2configs/wine.nix
@@ -19,23 +19,8 @@ in {
pkgs.wine
];
};
- wine64 = {
- name = "wine64";
- description = "user for running wine in 64bit";
- home = "/home/wine64";
- useDefaultShell = true;
- extraGroups = [
- "audio"
- "video"
- ];
- createHome = true;
- packages = [
- (pkgs.wine.override { wineBuild = "wineWow"; })
- ];
- };
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(wine) NOPASSWD: ALL
- ${mainUser.name} ALL=(wine64) NOPASSWD: ALL
'';
}
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index add30fbf1..aa3e6731d 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -50,16 +50,15 @@
#enable automatic rehashing of $PATH
zstyle ':completion:*' rehash true
+ #beautiful colors
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";
repo = "LS_COLORS";
rev = "master";
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
}}/LS_COLORS)
-
- #beautiful colors
alias ls='ls --color'
- # zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
+ zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
#emacs bindings
bindkey "[7~" beginning-of-line
@@ -109,7 +108,7 @@
fi
#check if in nix shell
- if test -n "$buildInputs"; then
+ if test -n "$IN_NIX_SHELL"; then
p_nixshell='%F{green}[s]%f '
t_nixshell='[s] '
else
diff --git a/lass/3modules/xserver/default.nix b/lass/3modules/xserver/default.nix
index d16f89f45..cdd80857a 100644
--- a/lass/3modules/xserver/default.nix
+++ b/lass/3modules/xserver/default.nix
@@ -33,6 +33,11 @@ let
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${xcfg.displayManager.sessionCommands}
+ if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
+ exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
+ fi
+ export DBUS_SESSION_BUS_ADDRESS
+ ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
wait
'';
@@ -74,6 +79,7 @@ let
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
(optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
];
+ User = user.name;
};
};
krebs.xresources.resources.dpi = ''
diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index 2dd352bd4..e658897da 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -23,6 +23,7 @@ import XMonad
import qualified XMonad.StackSet as W
import Control.Monad.Extra (whenJustM)
import Data.List (isInfixOf)
+import Data.Monoid (Endo)
import System.Environment (getArgs, lookupEnv)
import System.Posix.Process (executeFile)
import XMonad.Actions.CopyWindow (copy, kill1)
@@ -36,7 +37,7 @@ import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.UrgencyHook (focusUrgent)
-import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
+import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
import XMonad.Layout.NoBorders (smartBorders)
@@ -44,9 +45,20 @@ import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
import XMonad.Util.EZConfig (additionalKeysP)
+import XMonad.Util.NamedWindows (getName)
+import XMonad.Util.Run (safeSpawn)
import XMonad.Stockholm.Shutdown
+data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
+
+instance UrgencyHook LibNotifyUrgencyHook where
+ urgencyHook LibNotifyUrgencyHook w = do
+ name <- getName w
+ Just idx <- fmap (W.findTag w) $ gets windowset
+
+ safeSpawn "${pkgs.libnotify}/bin/notify-send" [show name, "workspace " ++ idx]
+
myTerm :: FilePath
myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc"
@@ -61,7 +73,7 @@ main = getArgs >>= \case
main' :: IO ()
main' = do
xmonad $ ewmh
- $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
+ $ withUrgencyHook LibNotifyUrgencyHook
$ def
{ terminal = myTerm
, modMask = mod4Mask
@@ -80,11 +92,12 @@ myLayoutHook = defLayout
where
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
+floatHooks :: Query (Endo WindowSet)
floatHooks = composeAll . concat $
[ [ title =? t --> doFloat | t <- myTitleFloats]
, [ className =? c --> doFloat | c <- myClassFloats ] ]
where
- myTitleFloats = [] -- for the KDE "open link" popup from konsole
+ myTitleFloats = []
myClassFloats = ["Pinentry"] -- for gpg passphrase entry
@@ -130,12 +143,21 @@ myKeyMap =
, ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
+ , ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" ''
+ export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
+ exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"
+ ''}")
+
, ("M4-<F5>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1")
, ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10")
, ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
, ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
+
+ --, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView))
+ --, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView))
+ --, ("M4-r", screenWorkspace 2 >>= (windows . W.greedyView))
]
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index a158cd3c6..28482eb91 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -1,40 +1,39 @@
-{ config, pkgs, ... }@args:
+with import <stockholm/lib>;
+self: super: let
-{
- nixpkgs.config.packageOverrides = rec {
- acronym = pkgs.callPackage ./acronym/default.nix {};
- dpass = pkgs.callPackage ./dpass {};
- firefoxPlugins = {
- noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {};
- ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
- vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
- };
- init = pkgs.callPackage ./init/default.nix args;
- logify = pkgs.callPackage ./logify/default.nix {};
- mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
- mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
- pop = pkgs.callPackage ./pop/default.nix {};
- q = pkgs.callPackage ./q {};
- rs = pkgs.callPackage ./rs/default.nix {};
- urban = pkgs.callPackage ./urban/default.nix {};
- xml2json = pkgs.callPackage ./xml2json/default.nix {};
- xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; };
- yt-next = pkgs.callPackage ./yt-next/default.nix {};
+ # This callPackage will try to detect obsolete overrides.
+ callPackage = path: args: let
+ override = super.callPackage path args;
+ upstream = optionalAttrs (override ? "name")
+ (super.${(parseDrvName override.name).name} or {});
+ in if upstream ? "name" &&
+ override ? "name" &&
+ compareVersions upstream.name override.name != -1
+ then
+ trace
+ "Upstream `${upstream.name}' gets overridden by `${override.name}'."
+ override
+ else override;
- bank = pkgs.writeDashBin "bank" ''
+ subdirsOf = path:
+ mapAttrs (name: _: path + "/${name}")
+ (filterAttrs (_: eq "directory") (readDir path));
+
+in {
+ bank = self.writeDashBin "bank" ''
tmp=$(mktemp)
- ${pkgs.pass}/bin/pass show hledger > $tmp
- ${pkgs.hledger}/bin/hledger --file=$tmp "$@"
- ${pkgs.pass}/bin/pass show hledger | if ${pkgs.diffutils}/bin/diff $tmp -; then
+ ${self.pass}/bin/pass show hledger > $tmp
+ ${self.hledger}/bin/hledger --file=$tmp "$@"
+ ${self.pass}/bin/pass show hledger | if ${self.diffutils}/bin/diff $tmp -; then
exit 0
else
- ${pkgs.coreutils}/bin/cat $tmp | ${pkgs.pass}/bin/pass insert -m hledger
+ ${self.coreutils}/bin/cat $tmp | ${self.pass}/bin/pass insert -m hledger
fi
- ${pkgs.coreutils}/bin/rm $tmp
- '';
- screengrab = pkgs.writeDashBin "screengrab" ''
- resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')"
- ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1
+ ${self.coreutils}/bin/rm $tmp
'';
- };
+ rtl8814au = callPackage ./custom/rtl8814au { kernel = self.linux; };
}
+
+// mapAttrs (_: flip callPackage {})
+ (filterAttrs (_: dir: pathExists (dir + "/default.nix"))
+ (subdirsOf ./.))
diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix
new file mode 100644
index 000000000..8b18ea949
--- /dev/null
+++ b/lass/5pkgs/xephyrify/default.nix
@@ -0,0 +1,42 @@
+{ writeDashBin, writeHaskell, coreutils, xorg, virtualgl, ... }:
+
+let
+
+ minimalXmonad = writeHaskell "minimalXmonad" {
+ executables.xmonad = {
+ extra-depends = [
+ "containers"
+ "xmonad"
+ ];
+ text = /* haskell */ ''
+ module Main where
+ import XMonad
+ import qualified Data.Map as Map
+
+ main :: IO ()
+ main = do
+ xmonad def
+ { workspaces = [ "1" ]
+ , layoutHook = myLayoutHook
+ , keys = myKeys
+ , normalBorderColor = "#000000"
+ , focusedBorderColor = "#000000"
+ }
+
+ myLayoutHook = Full
+ myKeys _ = Map.fromList []
+ '';
+ };
+ };
+
+in writeDashBin "xephyrify" ''
+ NDISPLAY=:$(${coreutils}/bin/shuf -i 100-65536 -n 1)
+ echo "using DISPLAY $NDISPLAY"
+ ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable $NDISPLAY &
+ XEPHYR_PID=$!
+ DISPLAY=$NDISPLAY ${minimalXmonad}/bin/xmonad &
+ XMONAD_PID=$!
+ DISPLAY=$NDISPLAY ${virtualgl}/bin/vglrun "$@"
+ kill $XMONAD_PID
+ kill $XEPHYR_PID
+''
diff --git a/lass/default.nix b/lass/default.nix
index b1c7c1be8..d077cc09f 100644
--- a/lass/default.nix
+++ b/lass/default.nix
@@ -1,9 +1,9 @@
-_:
+{ pkgs, ... }:
{
imports = [
../krebs
./2configs
./3modules
- ./5pkgs
];
+ nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
}
diff --git a/lass/source.nix b/lass/source.nix
index e3332c5de..1d840f38f 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
then "buildbot"
else "lass";
_file = <stockholm> + "/lass/1systems/${name}/source.nix";
+ pkgs = import <nixpkgs> {
+ overlays = map import [
+ <stockholm/krebs/5pkgs>
+ ];
+ };
in
evalSource (toString _file) [
{
@@ -17,6 +22,7 @@ in
};
};
stockholm.file = toString <stockholm>;
+ stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
}
override
]
diff --git a/lib/types.nix b/lib/types.nix
index b85794925..1cf2d96c9 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -2,7 +2,7 @@
let
inherit (lib)
- all any concatMapStringsSep concatStringsSep const filter flip
+ all any attrNames concatMapStringsSep concatStringsSep const filter flip
genid hasSuffix head isInt isString length mergeOneOption mkOption
mkOptionType optional optionalAttrs optionals range splitString
stringLength substring test testString typeOf;
@@ -231,90 +231,93 @@ rec {
source = submodule ({ config, ... }: {
options = {
type = let
- types = [
- "file"
- "git"
- "pass"
- "symlink"
- ];
+ known-types = attrNames source-types;
+ type-candidates = filter (k: config.${k} != null) known-types;
in mkOption {
- type = enum types;
- default = let
- cands = filter (k: config.${k} != null) types;
- in
- if length cands == 1
- then head cands
- else throw "cannot determine type";
- };
- file = let
- file-path = (file-source.getSubOptions "FIXME").path.type;
- in mkOption {
- type = nullOr (either file-source file-path);
- default = null;
+ default = if length type-candidates == 1
+ then head type-candidates
+ else throw "cannot determine type";
+ type = enum known-types;
+ };
+ file = mkOption {
apply = x:
- if file-path.check x
+ if absolute-pathname.check x
then { path = x; }
else x;
+ default = null;
+ type = nullOr (either absolute-pathname source-types.file);
};
git = mkOption {
- type = nullOr git-source;
default = null;
+ type = nullOr source-types.git;
};
pass = mkOption {
- type = nullOr pass-source;
default = null;
+ type = nullOr source-types.pass;
};
- symlink = let
- symlink-target = (symlink-source.getSubOptions "FIXME").target.type;
- in mkOption {
- type = nullOr (either symlink-source symlink-target);
+ pipe = mkOption {
+ apply = x:
+ if absolute-pathname.check x
+ then { command = x; }
+ else x;
+ default = null;
+ type = nullOr (either absolute-pathname source-types.pipe);
+ };
+ symlink = mkOption {
+ type = nullOr (either pathname source-types.symlink);
default = null;
apply = x:
- if symlink-target.check x
+ if pathname.check x
then { target = x; }
else x;
};
};
});
- file-source = submodule {
- options = {
- path = mkOption {
- type = absolute-pathname;
+ source-types = {
+ file = submodule {
+ options = {
+ path = mkOption {
+ type = absolute-pathname;
+ };
};
};
- };
-
- git-source = submodule {
- options = {
- ref = mkOption {
- type = str; # TODO types.git.ref
- };
- url = mkOption {
- type = str; # TODO types.git.url
+ git = submodule {
+ options = {
+ ref = mkOption {
+ type = str; # TODO types.git.ref
+ };
+ url = mkOption {
+ type = str; # TODO types.git.url
+ };
};
};
- };
-
- pass-source = submodule {
- options = {
- dir = mkOption {
- type = absolute-pathname;
+ pass = submodule {
+ options = {
+ dir = mkOption {
+ type = absolute-pathname;
+ };
+ name = mkOption {
+ type = pathname; # TODO relative-pathname
+ };
};
- name = mkOption {
- type = pathname; # TODO relative-pathname
+ };
+ pipe = submodule {
+ options = {
+ command = mkOption {
+ type = absolute-pathname;
+ };
};
};
- };
-
- symlink-source = submodule {
- options = {
- target = mkOption {
- type = pathname; # TODO relative-pathname
+ symlink = submodule {
+ options = {
+ target = mkOption {
+ type = pathname; # TODO relative-pathname
+ };
};
};
- };
+ };
suffixed-str = suffs:
mkOptionType {
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index a656fdce3..b859efc94 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -148,6 +148,11 @@ in {
allowedIPs = [ "10.244.0.5/32" ];
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
}
+ {
+ # workr
+ allowedIPs = [ "10.244.0.6/32" ];
+ publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
+ }
];
};
}
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index ce3ffbcf3..01438397e 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -19,22 +19,24 @@ let
# __FRONT_
# |* d0 |
# | |
- # |* d3 |
+ # |* d1 |
# | |
# |* d3 |
# | |
# |* |
# |* d2 |
- # | * r0 |
+ # | * |
+ # | * |
# |_______|
cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
+ cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4";
# cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
# all physical disks
# TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
- dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ];
+ dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ];
allDisks = [ rootDisk ] ++ dataDisks;
in {
imports =
@@ -68,6 +70,8 @@ in {
<stockholm/makefu/2configs/syncthing.nix>
<stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/remote-build/slave.nix>
+ <stockholm/makefu/2configs/deployment/google-muell.nix>
+ <stockholm/makefu/2configs/virtualisation/docker.nix>
# security
@@ -116,7 +120,6 @@ in {
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
- virtualisation.docker.enable = true;
makefu.ps3netsrv = {
enable = true;
servedir = "/media/cryptX/emu/ps3";
@@ -126,6 +129,7 @@ in {
makefu.snapraid = {
enable = true;
+ # TODO: 3 is not protected
disks = map toMapper [ 0 1 ];
parity = toMapper 2;
};
@@ -138,7 +142,7 @@ in {
'';
environment.systemPackages = with pkgs;[
mergerfs # hard requirement for mount
- wol # wake up filepimp
+ wol # wake up filepimp
f3
];
fileSystems = let
@@ -150,6 +154,7 @@ in {
in cryptMount "crypt0"
// cryptMount "crypt1"
// cryptMount "crypt2"
+ // cryptMount "crypt3"
// { "/media/cryptX" = {
device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]);
fsType = "mergerfs";
@@ -178,6 +183,7 @@ in {
(usbkey "crypt0" cryptDisk0)
(usbkey "crypt1" cryptDisk1)
(usbkey "crypt2" cryptDisk2)
+ (usbkey "crypt3" cryptDisk3)
];
};
loader.grub.device = lib.mkForce rootDisk;
diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix
index 38c044be4..c2cd23d1e 100644
--- a/makefu/1systems/sdev/config.nix
+++ b/makefu/1systems/sdev/config.nix
@@ -5,32 +5,35 @@
imports =
[ # Include the results of the hardware scan.
<stockholm/makefu>
- (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
- (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
+
+ # <stockholm/makefu/2configs/hw/vbox-guest.nix>
+ { # until virtualbox-image is fixed
+ imports = [
+ <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
+ ];
+ boot.loader.grub.device = "/dev/sda";
+ }
<stockholm/makefu/2configs/main-laptop.nix>
# <secrets/extra-hosts.nix>
# environment
<stockholm/makefu/2configs/tinc/retiolum.nix>
+ <stockholm/makefu/2configs/virtualisation/docker.nix>
];
- # workaround for https://github.com/NixOS/nixpkgs/issues/16641
- services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
-
- nixpkgs.config.allowUnfree = true;
-
# allow sdev to deploy self
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
};
+ # corefonts
+ nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[
ppp xclip
get
passwdqc-utils
- docker
gnupg
populate
(pkgs.writeScriptBin "tor-browser" ''
@@ -39,18 +42,11 @@
'')
];
- virtualisation.docker.enable = true;
-
networking.firewall.allowedTCPPorts = [
25
80
8010
];
- fileSystems."/media/share" = {
- fsType = "vboxsf";
- device = "share";
- options = [ "rw" "uid=9001" "gid=9001" ];
- };
}
diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix
index ffd9deaee..208dd1ff7 100644
--- a/makefu/1systems/vbob/config.nix
+++ b/makefu/1systems/vbob/config.nix
@@ -8,30 +8,9 @@
{
imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
boot.loader.grub.device = "/dev/sda";
- virtualisation.virtualbox.guest.enable = true;
}
- # {
- # imports = [
- # <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
- # ];
- # virtualbox.baseImageSize = 35 * 1024;
- # fileSystems."/media/share" = {
- # fsType = "vboxsf";
- # device = "share";
- # options = [ "rw" "uid=9001" "gid=9001" ];
- # };
- # }
-
- # {
- # imports = [
- # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- # ];
- # fileSystems."/nix" = {
- # device ="/dev/disk/by-label/nixstore";
- # fsType = "ext4";
- # };
- # }
-
+ # <stockholm/makefu/2configs/hw/vbox-guest.nix>
+ # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
# base gui
# <stockholm/makefu/2configs/main-laptop.nix>
@@ -75,14 +54,8 @@
];
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
- nixpkgs.config.allowUnfree = true;
-
# allow vbob to deploy self
- users.extraUsers = {
- root = {
- openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
- };
- };
+ users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
environment.shellAliases = {
forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
@@ -94,16 +67,18 @@
ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
'';
+
+ # for forticlient
+ nixpkgs.config.allowUnfree = true;
+
environment.systemPackages = with pkgs;[
fortclientsslvpn ppp xclip
get
logstash
- # docker
#devpi-web
#devpi-client
ansible
];
- # virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [
@@ -111,6 +86,6 @@
80
8010
];
-
+ # required for qemu
systemd.services."serial-getty@ttyS0".enable = true;
}
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index f44211b93..637d8e2d8 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -18,7 +18,7 @@ in {
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix>
- # <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
+ <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
<stockholm/makefu/2configs/stats/client.nix>
@@ -29,8 +29,69 @@ in {
# <stockholm/makefu/2configs/vncserver.nix>
# Services
- <stockholm/makefu/2configs/remote-build/slave.nix>
+ <stockholm/makefu/2configs/hydra/stockholm.nix>
+
<stockholm/makefu/2configs/share/wbob.nix>
+ (let
+ musicDirectory = "/data/music";
+ in {
+ services.mpd = {
+ enable = true;
+ inherit musicDirectory;
+ # dataDir = "/home/anders/.mpd";
+ network.listenAddress = "any";
+ extraConfig = ''
+ audio_output {
+ type "pulse"
+ name "Local MPD"
+ server "127.0.0.1"
+ }
+ '';
+ };
+ # open because of truestedInterfaces
+ # networking.firewall.allowedTCPPorts = [ 6600 4713 ];
+ services.samba.shares.music = {
+ path = musicDirectory;
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+
+ sound.enable = true;
+ hardware.pulseaudio = {
+ enable = true;
+ package = pkgs.pulseaudioFull;
+ # systemWide = true;
+ support32Bit = true;
+ zeroconf.discovery.enable = true;
+ zeroconf.publish.enable = true;
+ tcp = {
+ enable = true;
+ anonymousClients.allowAll = true;
+ anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ];
+ };
+ configFile = pkgs.writeText "default.pa" ''
+ load-module module-udev-detect
+ load-module module-bluetooth-policy
+ load-module module-bluetooth-discover
+ load-module module-native-protocol-unix
+ load-module module-always-sink
+ load-module module-console-kit
+ load-module module-systemd-login
+ load-module module-intended-roles
+ load-module module-position-event-sounds
+ load-module module-filter-heuristics
+ load-module module-filter-apply
+ load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
+ load-module module-switch-on-connect
+ # may be required for "system-wide" pulse to connect to bluetooth
+ #module-bluez5-device
+ #module-bluez5-discover
+ '';
+ };
+ # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
+ hardware.bluetooth.enable = true;
+ })
# Sensors
<stockholm/makefu/2configs/stats/telegraf>
@@ -147,7 +208,10 @@ in {
boot.loader.grub.device = rootdisk;
hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
- boot.kernelModules = [ "kvm-intel" ];
+
+ boot.kernelModules = [ "kvm-intel"
+ "snd-seq" "snd-rawmidi"
+ ];
fileSystems = {
"/" = {
device = rootdisk + "-part1";
@@ -174,66 +238,4 @@ in {
serverAddress = "x.r";
};
};
- security.wrappers.fping = {
- source = "${pkgs.fping}/bin/fping";
- setuid = true;
- };
- services.smokeping = {
- enable = true;
- targetConfig = ''
- probe = FPing
- menu = Top
- title = Network Latency Grapher
- remark = Welcome to this SmokePing website.
-
- + network
- menu = Net latency
- title = Network latency (ICMP pings)
-
- ++ google
- probe = FPing
- host = google.de
- ++ webde
- probe = FPing
- host = web.de
-
- + services
- menu = Service latency
- title = Service latency (DNS, HTTP)
-
- ++ HTTP
- menu = HTTP latency
- title = Service latency (HTTP)
-
- +++ webdeping
- probe = EchoPingHttp
- host = web.de
-
- +++ googwebping
- probe = EchoPingHttp
- host = google.de
-
- #+++ webwww
- #probe = Curl
- #host = web.de
-
- #+++ googwebwww
- #probe = Curl
- #host = google.de
- '';
- probeConfig = ''
- + FPing
- binary = /run/wrappers/bin/fping
- + EchoPingHttp
- pings = 5
- url = /
-
- #+ Curl
- ## probe-specific variables
- #binary = ${pkgs.curl}/bin/curl
- #step = 60
- ## a default for this target-specific variable
- #urlformat = http://%host%/
- '';
- };
}
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index a32db91e1..ad2ad8779 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -40,7 +40,7 @@ with import <stockholm/lib>;
# Virtualization
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
- <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
+ # <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
{
networking.firewall.allowedTCPPorts = [ 8080 ];
networking.nat = {
@@ -59,8 +59,9 @@ with import <stockholm/lib>;
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
- <stockholm/makefu/2configs/hw/rtl8812au.nix>
- <stockholm/makefu/2configs/hw/wwan.nix>
+ # <stockholm/makefu/2configs/hw/tpm.nix>
+ # <stockholm/makefu/2configs/hw/rtl8812au.nix>
+ <stockholm/makefu/2configs/hw/network-manager.nix>
<stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix>
@@ -77,18 +78,82 @@ with import <stockholm/lib>;
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
# <stockholm/makefu/2configs/lanparty/samba.nix>
# <stockholm/makefu/2configs/lanparty/mumble-server.nix>
+ # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
+
+ {
+ networking.wireguard.interfaces.wg0 = {
+ ips = [ "10.244.0.2/24" ];
+ privateKeyFile = (toString <secrets>) + "/wireguard.key";
+ allowedIPsAsRoutes = true;
+ peers = [
+ {
+ # gum
+ endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820";
+ allowedIPs = [ "10.244.0.0/24" ];
+ publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
+ }
+ #{
+ # # vbob
+ # allowedIPs = [ "10.244.0.3/32" ];
+ # publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
+ #}
+ ];
+ };
+ }
+ { # bluetooth+pulse config
+ # for blueman-applet
+ users.users.makefu.packages = [
+ pkgs.blueman
+ ];
+ hardware.pulseaudio = {
+ enable = true;
+ package = pkgs.pulseaudioFull;
+ # systemWide = true;
+ support32Bit = true;
+ configFile = pkgs.writeText "default.pa" ''
+ load-module module-udev-detect
+ load-module module-bluetooth-policy
+ load-module module-bluetooth-discover
+ load-module module-native-protocol-unix
+ load-module module-always-sink
+ load-module module-console-kit
+ load-module module-systemd-login
+ load-module module-intended-roles
+ load-module module-position-event-sounds
+ load-module module-filter-heuristics
+ load-module module-filter-apply
+ load-module module-switch-on-connect
+ '';
+ };
+
+ # presumably a2dp Sink
+ # Enable profile:
+ ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink
+ hardware.bluetooth.extraConfig = '';
+ [general]
+ Enable=Source,Sink,Media,Socket
+ '';
+
+ # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
+ hardware.bluetooth.enable = true;
+ }
+ { # auto-mounting
+ services.udisks2.enable = true;
+ services.devmon.enable = true;
+ # services.gnome3.gvfs.enable = true;
+ users.users.makefu.packages = with pkgs;[
+ gvfs pcmanfm lxmenu-data
+ ];
+ environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
+ }
];
makefu.server.primary-itf = "wlp3s0";
makefu.full-populate = true;
- makefu.umts.apn = "web.vodafone.de";
nixpkgs.config.allowUnfree = true;
- environment.systemPackages = [ pkgs.passwdqc-utils ];
-
-
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
@@ -100,8 +165,15 @@ with import <stockholm/lib>;
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
networking.extraHosts = ''
- 192.168.1.11 omo.local
+ 192.168.1.11 omo.local
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
+
+ nix.package = pkgs.nixUnstable;
+ environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
+ nixpkgs.overlays = [ (import <python/overlay.nix>) ];
+
+ # environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
+
}
diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix
new file mode 100644
index 000000000..f23789ee5
--- /dev/null
+++ b/makefu/2configs/deployment/google-muell.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, buildPythonPackage, ... }:
+with import <stockholm/lib>;
+let
+ pkg = pkgs.ampel;
+ home = "/var/lib/ampel";
+ sec = "${toString <secrets>}/google-muell.json";
+ ampelsec = "${home}/google-muell.json";
+ esp = "192.168.1.23";
+ sleepval = "1800";
+in {
+ users.users.ampel = {
+ uid = genid "ampel";
+ createHome = true;
+ isSystemUser = true;
+ inherit home;
+ };
+ systemd.services.google-muell-ampel = {
+ description = "Send led change to rgb cubes";
+ after = [ "network-online.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = "ampel";
+ ExecStartPre = pkgs.writeDash "copy-ampel-secrets" ''
+ cp ${sec} ${ampelsec}
+ chown ampel ${ampelsec}
+ '';
+ ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}";
+ PermissionsStartOnly = true;
+ Restart = "always";
+ RestartSec = 10;
+ PrivateTmp = true;
+ };
+ };
+}
diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix
index 292b6679d..d34b66125 100644
--- a/makefu/2configs/deployment/led-fader.nix
+++ b/makefu/2configs/deployment/led-fader.nix
@@ -2,25 +2,7 @@
let
mq = "192.168.8.11";
-
- pkg = pkgs.python3Packages.buildPythonPackage {
- name = "ampel-master";
-
- src = pkgs.fetchgit {
- url = "http://cgit.euer.krebsco.de/ampel";
- rev = "531741b";
- sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c";
- };
- propagatedBuildInputs = with pkgs.python3Packages; [
- docopt
- paho-mqtt
- requests
- pytz
- influxdb
- httplib2
- google_api_python_client
- ];
- };
+ pkg = pkgs.ampel;
in {
systemd.services.led-fader = {
description = "Send led change to message queue";
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index 3a9d57dbb..e9d4b18e0 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -1,6 +1,18 @@
{ lib, pkgs, config, ... }:
with lib;
+# imperative in config.php:
+# #local memcache:
+# 'memcache.local' => '\\OC\\Memcache\\APCu',
+# #local locking:
+# 'memcache.locking' => '\\OC\\Memcache\\Redis',
+# 'redis' =>
+# array (
+# 'host' => 'localhost',
+# 'port' => 6379,
+# ),
+
+
let
# TODO: copy-paste from lass/2/websites/util.nix
serveCloud = domains:
@@ -124,20 +136,48 @@ let
env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
catch_workers_output = yes
'';
+ services.phpfpm.phpOptions = ''
+ opcache.enable=1
+ opcache.enable_cli=1
+ opcache.interned_strings_buffer=8
+ opcache.max_accelerated_files=10000
+ opcache.memory_consumption=128
+ opcache.save_comments=1
+ opcache.revalidate_freq=1
+
+ display_errors = on
+ display_startup_errors = on
+ always_populate_raw_post_data = -1
+ error_reporting = E_ALL | E_STRICT
+ html_errors = On
+ date.timezone = "Europe/Berlin"
+ # extension=${pkgs.phpPackages.memcached}/lib/php/extensions/memcached.so
+ extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
+ extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ '';
};
in {
imports = [
( serveCloud [ "o.euer.krebsco.de" ] )
];
- services.mysql = { # TODO: currently nextcloud uses sqlite
+ services.redis.enable = true;
+ services.mysql = {
enable = false;
package = pkgs.mariadb;
rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
- };
- services.mysqlBackup = {
- enable = false;
- databases = [ "nextcloud" ];
+ initialDatabases = [
+ # Or use writeText instead of literalExample?
+ #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
+ {
+ name = "nextcloud";
+ schema = pkgs.writeText "nextcloud.sql"
+ ''
+ create user if not exists 'nextcloud'@'localhost' identified by 'password';
+ grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
+ '';
+ }
+ ];
};
# dataDir is only defined after mysql is enabled
# krebs.secret.files.mysql_rootPassword = {
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index eacbd99cf..1109e2519 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -28,6 +28,7 @@ let
init-stockholm = {
cgit.desc = "Init stuff for stockholm";
};
+ hydra-stockholm = { };
};
priv-repos = mapAttrs make-priv-repo {
diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix
index daa0282b8..861a9327e 100644
--- a/makefu/2configs/gui/base.nix
+++ b/makefu/2configs/gui/base.nix
@@ -48,13 +48,14 @@ in
fonts = [ pkgs.terminus_font ];
};
- environment.systemPackages = with pkgs;[
- pavucontrol
- xlockmore
- rxvt_unicode-with-plugins
- firefox
- ];
- users.extraUsers.${mainUser}.extraGroups = [ "audio" ];
+ users.users.${mainUser} = {
+ extraGroups = [ "audio" ];
+ packages = with pkgs;[
+ pavucontrol
+ xlockmore
+ rxvt_unicode-with-plugins
+ ];
+ };
hardware.pulseaudio = {
enable = true;
diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix
index 4b7a0c333..7db749227 100644
--- a/makefu/2configs/gui/wbob-kiosk.nix
+++ b/makefu/2configs/gui/wbob-kiosk.nix
@@ -1,11 +1,13 @@
-{ lib, ... }:
+{ pkgs, lib, ... }:
{
imports = [
./base.nix
];
+ users.users.makefu.packages = [ pkgs.chromium ];
services.xserver = {
layout = lib.mkForce "de";
+ xkbVariant = lib.mkForce "";
windowManager = lib.mkForce {
awesome.enable = false;
@@ -16,7 +18,7 @@
# xrandrHeads = [ "HDMI1" "HDMI2" ];
# prevent screen from turning off, disable dpms
displayManager.sessionCommands = ''
- xset s off -dpms
+ xset -display :0 s off -dpms
xrandr --output HDMI2 --right-of HDMI1
'';
};
diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix
new file mode 100644
index 000000000..7e29849b1
--- /dev/null
+++ b/makefu/2configs/hw/network-manager.nix
@@ -0,0 +1,37 @@
+{ pkgs, lib, ... }:
+{
+ users.users.makefu = {
+ extraGroups = [ "networkmanager" ];
+ packages = with pkgs;[
+ networkmanagerapplet
+ gnome3.gnome_keyring gnome3.dconf
+ ];
+ };
+ networking.wireless.enable = lib.mkForce false;
+
+ systemd.services.modemmanager = {
+ description = "ModemManager";
+ after = [ "network-manager.service" ];
+ bindsTo = [ "network-manager.service" ];
+ wantedBy = [ "network-manager.service" ];
+ serviceConfig = {
+ ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
+ PrivateTmp = true;
+ Restart = "always";
+ RestartSec = "5";
+ };
+ };
+ networking.networkmanager.enable = true;
+
+ # TODO: put somewhere else
+ services.xserver.displayManager.sessionCommands = ''
+ ${pkgs.clipit}/bin/clipit &
+ ${pkgs.networkmanagerapplet}/bin/nm-applet &
+ '';
+
+# nixOSUnstable
+# networking.networkmanager.wifi = {
+# powersave = true;
+# scanRandMacAddress = true;
+# };
+}
diff --git a/makefu/2configs/hw/vbox-guest.nix b/makefu/2configs/hw/vbox-guest.nix
new file mode 100644
index 000000000..65f915a2f
--- /dev/null
+++ b/makefu/2configs/hw/vbox-guest.nix
@@ -0,0 +1,16 @@
+{ lib, ...}:
+{
+ ## Guest Extensions are currently broken
+ imports = [
+ (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
+ ];
+ virtualisation.virtualbox.guest.enable = true;
+ services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
+
+ fileSystems."/media/share" = {
+ fsType = "vboxsf";
+ device = "share";
+ options = [ "rw" "uid=9001" "gid=9001" "nofail" ];
+ };
+ # virtualbox.baseImageSize = 35 * 1024;
+}
diff --git a/makefu/2configs/hw/wwan.nix b/makefu/2configs/hw/wwan.nix
deleted file mode 100644
index 0eb0c97d7..000000000
--- a/makefu/2configs/hw/wwan.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-_:
-
-{
- makefu.umts = {
- enable = true;
- modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
- };
-}
diff --git a/makefu/2configs/hydra/stockholm.nix b/makefu/2configs/hydra/stockholm.nix
new file mode 100644
index 000000000..4bdb09213
--- /dev/null
+++ b/makefu/2configs/hydra/stockholm.nix
@@ -0,0 +1,34 @@
+# iterative:
+# $ hydra-create-user krebs --password derp --role admin
+# curl 'http://hydra.wbob.r/project/.new' -X PUT -H 'Host: hydra.wbob.r' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: redirect_to=%252F; hydra_session=abcdefghijklmnopqrstuvwxyz' -H 'Connection: keep-alive' --data 'enabled=on&visible=on&name=stockholm&displayname=Stockholm&description=make+all+systems+into+1systems&homepage=https%3A%2F%2Fkrebsco.de&owner=krebs&declfile=spec.json&decltype=git&declvalue=http%3A%2F%2Fcgit.euer.krebsco.de%2Fhydra-stockholm'
+
+{
+
+ # TODO postgres backup
+ services.postgresql.enable = true;
+
+ services.hydra = {
+ enable = true;
+ hydraURL = "http://hydra.wbob.r"; # externally visible URL
+ notificationSender = "hydra@wbob.r";
+ # you will probably also want, otherwise *everything* will be built from scratch
+ useSubstitutes = true;
+ port = 3030;
+ buildMachinesFiles = [];
+ };
+
+ networking.firewall.allowedTCPPorts = [ 80 ];
+ services.nginx = {
+ enable = true;
+ virtualHosts."hydra.wbob.r" = {
+ locations."/" = {
+ proxyPass = "http://localhost:3030/";
+ extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ '';
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix
index f2676f11c..1993a5212 100644
--- a/makefu/2configs/tools/mobility.nix
+++ b/makefu/2configs/tools/mobility.nix
@@ -5,5 +5,5 @@
mosh
];
- # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
+ boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
}
diff --git a/makefu/2configs/tools/studio.nix b/makefu/2configs/tools/studio.nix
index 0356ba391..e0c68167f 100644
--- a/makefu/2configs/tools/studio.nix
+++ b/makefu/2configs/tools/studio.nix
@@ -9,8 +9,8 @@
# owncloudclient
(pkgs.writeScriptBin "prepare-pulseaudio" ''
pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming"
- pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream latency_msec=1
- pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream latency_msec=1
+ pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream
+ pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream
darkice -c ~/lol.conf
'')
];
diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix
index 677950f43..d0fb4fe41 100644
--- a/makefu/2configs/urlwatch/default.nix
+++ b/makefu/2configs/urlwatch/default.nix
@@ -34,7 +34,7 @@ in {
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
- https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack
+
http://www.iozone.org/src/current/
{
@@ -51,6 +51,8 @@ in {
"embray/d2to1"
"dorimanx/exfat-nofuse"
"rapid7/metasploit-framework"
+ "GothenburgBitFactory/taskserver"
+ "GothenburgBitFactory/taskwarrior"
];
};
}
diff --git a/makefu/3modules/awesome-extra.nix b/makefu/3modules/awesome-extra.nix
index 0561c15a8..e4a79aa87 100644
--- a/makefu/3modules/awesome-extra.nix
+++ b/makefu/3modules/awesome-extra.nix
@@ -29,15 +29,7 @@ let
nixpkgs.config.packageOverrides = pkgs: rec {
awesome = pkgs.stdenv.lib.overrideDerivation pkgs.awesome (oldAttrs : {
postFixup = let
- rclua = pkgs.substituteAll {
- src = cfg.baseConfig;
- modkey = cfg.modkey;
- # inherit (cfg) modkey;
- amixer = "${pkgs.alsaUtils}/bin/amixer";
- xlock = "${pkgs.xlockmore}/bin/xlock";
- xbacklight = "${pkgs.xorg.xbacklight}/bin/xbacklight";
-
- };
+ rclua = cfg.baseConfig.override { inherit (cfg) modkey; };
in "cp ${rclua} $out/etc/xdg/awesome/rc.lua";
});
};
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index af0e81df5..fa4eb827c 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -14,8 +14,6 @@ _:
./snapraid.nix
./torrent.nix
./udpt.nix
- ./umts.nix
- ./wvdial.nix
];
}
diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix
deleted file mode 100644
index 86669945a..000000000
--- a/makefu/3modules/umts.nix
+++ /dev/null
@@ -1,84 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
- nixpkgs-1509 = import (pkgs.fetchFromGitHub {
- owner = "NixOS"; repo = "nixpkgs-channels";
- rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
- sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
- }) {};
-
- wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113
-
- # TODO: currently it is only netzclub
- umts-bin = pkgs.writeScriptBin "umts" ''
- #!/bin/sh
- set -euf
- systemctl start umts
- trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
- echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
- journalctl -xfu umts
- '';
-
- wvdial-defaults = ''
- Phone = *99***1#
- Dial Command = ATDT
- Modem = ${cfg.modem-device}
- Baud = 460800
- Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0
- Init2 = ATZ
- Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
- ISDN = 0
- Modem Type = Analog Modem
- Username = netzclub
- Password = netzclub
- Stupid Mode = 1
- Idle Seconds = 0'';
-
- cfg = config.makefu.umts;
-
- out = {
- options.makefu.umts = api;
- config = lib.mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "umts";
-
- modem-device = mkOption {
- default = "/dev/ttyUSB0";
- type = types.str;
- description = ''
- path to modem device, use <filename>/dev/serial/by-id/...</filename>
- to avoid race conditions.
- '';
- };
- apn = mkOption {
- default = "pinternet.interkom.de";
- type = types.str;
- description = ''
- apn to use for dailing
- '';
- };
- };
-
- imp = {
- environment.shellAliases = {
- umts = "sudo ${umts-bin}/bin/umts";
- };
- environment.systemPackages = [ ];
-
- environment.wvdial.dialerDefaults = wvdial-defaults;
-
- systemd.services.umts = {
- description = "UMTS wvdial Service";
- serviceConfig = {
- Type = "simple";
- Restart = "always";
- RestartSec = "10s";
- ExecStart = "${wvdial}/bin/wvdial -n";
- };
- };
- };
-in out
diff --git a/makefu/3modules/wvdial.nix b/makefu/3modules/wvdial.nix
deleted file mode 100644
index 1ed929ed4..000000000
--- a/makefu/3modules/wvdial.nix
+++ /dev/null
@@ -1,71 +0,0 @@
-# Global configuration for wvdial.
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
- configFile = ''
- [Dialer Defaults]
- PPPD PATH = ${pkgs.ppp}/sbin/pppd
- ${config.environment.wvdial.dialerDefaults}
- '';
-
- cfg = config.environment.wvdial;
-
-in
-{
- ###### interface
-
- options = {
-
- environment.wvdial = {
-
- dialerDefaults = mkOption {
- default = "";
- type = types.str;
- example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
- description = ''
- Contents of the "Dialer Defaults" section of
- <filename>/etc/wvdial.conf</filename>.
- '';
- };
-
- pppDefaults = mkOption {
- default = ''
- noipdefault
- usepeerdns
- defaultroute
- persist
- noauth
- '';
- type = types.str;
- description = "Default ppp settings for wvdial.";
- };
-
- };
-
- };
-
- ###### implementation
-
- config = mkIf (cfg.dialerDefaults != "") {
-
- environment = {
-
- etc =
- [
- { source = pkgs.writeText "wvdial.conf" configFile;
- target = "wvdial.conf";
- }
- { source = pkgs.writeText "wvdial" cfg.pppDefaults;
- target = "ppp/peers/wvdial";
- }
- ];
-
- };
-
- };
-
-}
diff --git a/makefu/5pkgs/ampel/default.nix b/makefu/5pkgs/ampel/default.nix
new file mode 100644
index 000000000..86518b9b8
--- /dev/null
+++ b/makefu/5pkgs/ampel/default.nix
@@ -0,0 +1,27 @@
+{ lib, pkgs, fetchFromGitHub, ... }:
+
+with pkgs.python3Packages;buildPythonPackage rec {
+ name = "ampel-${version}";
+ version = "0.2";
+
+ propagatedBuildInputs = [
+ docopt
+ paho-mqtt
+ requests
+ pytz
+ influxdb
+ httplib2
+ google_api_python_client
+ ];
+
+ src = pkgs.fetchgit {
+ url = "http://cgit.euer.krebsco.de/ampel";
+ rev = "d8a0250";
+ sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f";
+ };
+ meta = {
+ homepage = http://cgit.euer.krebsco.de/ampel;
+ description = "change colors of rgb cubes";
+ license = lib.licenses.asl20;
+ };
+}
diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix
index 3c9340692..7e9724ec8 100644
--- a/makefu/5pkgs/awesomecfg/default.nix
+++ b/makefu/5pkgs/awesomecfg/default.nix
@@ -1,7 +1,24 @@
-_:
+{ pkgs
+, lib
+, alsaUtils
+, xlockmore
+, xbacklight
+, modkey?"Mod4"
+, ... }:
{
- # replace: @amixer@ @xlock@ @xbacklight@
- full = ./full.cfg;
- kiosk = ./kiosk.lua;
+ # replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@
+ full = lib.makeOverridable pkgs.substituteAll {
+ name = "awesome_full_config";
+ inherit alsaUtils xlockmore xbacklight modkey;
+ isExecutable = false;
+ src = ./full.cfg;
+ };
+
+ kiosk = lib.makeOverridable pkgs.substituteAll {
+ name = "awesome_kiosk_config";
+ inherit alsaUtils xlockmore xbacklight modkey;
+ isExecutable = false;
+ src = ./kiosk.lua;
+ };
}
diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg
index 993942771..3488d0102 100644
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@@ -365,22 +365,22 @@ globalkeys = awful.util.table.join(
{description = "restore minimized", group = "client"}),
awful.key({ }, "XF86MonBrightnessUp", function ()
- awful.util.spawn("@xbacklight@ -inc 5", false) end),
+ awful.util.spawn("@xbacklight@/bin/xbacklight -inc 5", false) end),
awful.key({ }, "XF86MonBrightnessDown", function ()
- awful.util.spawn("@xbacklight@ -dec 5", false) end),
+ awful.util.spawn("@xbacklight@/bin/xbacklight -dec 5", false) end),
awful.key({ }, "XF86AudioRaiseVolume", function ()
- awful.util.spawn("@amixer@ set Master 5%+", false) end),
+ awful.util.spawn("@alsaUtils@/bin/amixer set Master 5%+", false) end),
awful.key({ }, "XF86AudioLowerVolume", function ()
- awful.util.spawn("@amixer@ set Master 5%-", false) end),
+ awful.util.spawn("@alsaUtils@/bin/amixer set Master 5%-", false) end),
awful.key({ }, "XF86AudioMute", function ()
- awful.util.spawn("@amixer@ -q -D default sset Master toggle", false) end),
+ awful.util.spawn("@alsaUtils@/bin/amixer -q -D default sset Master toggle", false) end),
-- Prompt
awful.key({ modkey }, "r", function () awful.screen.focused().mypromptbox:run() end,
{description = "run prompt", group = "launcher"}),
- awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@xlock@ -mode blank") end),
- awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@xlock@ -mode blank") end),
+ awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@xlockmore@/bin/xlock -mode blank") end),
+ awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@xlockmore@/bin/xlock -mode blank") end),
awful.key({ modkey }, "x",
function ()
diff --git a/makefu/5pkgs/custom/default.nix b/makefu/5pkgs/custom/default.nix
deleted file mode 100644
index 626938cdc..000000000
--- a/makefu/5pkgs/custom/default.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{}:
-{
-}
diff --git a/makefu/5pkgs/custom/qcma/default.nix b/makefu/5pkgs/custom/qcma/default.nix
index d67cda142..dfb57c880 100644
--- a/makefu/5pkgs/custom/qcma/default.nix
+++ b/makefu/5pkgs/custom/qcma/default.nix
@@ -1,6 +1,9 @@
{ lib, stdenv, fetchFromGitHub, fetchgit, libusb, libtool, autoconf, pkgconfig, git,
-gettext, automake, libxml2 , qmake,
-qtbase, qttools, qtmultimedia, libnotify, ffmpeg, gdk_pixbuf }:
+gettext, automake, libxml2
+, autoreconfHook
+, qmake4Hook
+, qmake
+, qtbase, qttools, qtmultimedia, libnotify, ffmpeg, gdk_pixbuf }:
let
libvitamtp = stdenv.mkDerivation rec {
name = "libvitamtp-${version}";
@@ -13,8 +16,8 @@ let
sha256 = "09c9f7gqpyicfpnhrfb4r67s2hci6hh31bzmqlpds4fywv5mzaf8";
};
- buildInputs = [ libusb libxml2 libtool autoconf automake gettext pkgconfig ];
- preConfigure = "sh ./autogen.sh";
+ buildInputs = [ libusb libxml2 libtool autoconf automake gettext pkgconfig
+ autoreconfHook ];
meta = {
description = "Content Manager Assistant for the PS Vita";
@@ -26,40 +29,29 @@ let
};
in stdenv.mkDerivation rec {
name = "qcma-${version}";
- version = "0.3.13";
+ version = "8e6cafedc0f47733f33323f829624e3fc847a176";
- src = fetchgit {
- url = "git://github.com/codestation/qcma.git";
- rev = "refs/tags/v"+version;
- leaveDotGit = true;
- sha256 = "164abjwlw2nw2i30wlwpsavz1zjkp6a14yprvinma5hflkw4yj6i";
+ src = fetchFromGitHub {
+ owner = "codestation";
+ repo = "qcma";
+ rev = version;
+ sha256 = "1l95kx3x4pf5iwmwigbch5c6n2h27lls5qiy4xh15v59p5442yw5";
};
preConfigure = ''
lrelease common/resources/translations/*.ts
'';
- # TODO: manually adding qtbase and qtmultimedia to the library path is shit,
- # this should be done somewhere before when building the project, idk.
- installPhase = ''
- make INSTALL_ROOT="$(out)" install
- for i in qcma qcma_cli; do
- wrapQtProgram $out/bin/$i --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [
- qtbase qtmultimedia ]}
- done
- '';
-
enableParallelBuilding = true;
buildInputs = [ gdk_pixbuf ffmpeg libnotify libvitamtp git qtmultimedia qtbase ];
- nativeBuildInputs = [ qmake qttools pkgconfig ];
+ nativeBuildInputs = [ qttools pkgconfig qmake ];
meta = {
description = "Content Manager Assistant for the PS Vita";
homepage = https://github.com/codestation/qcma;
license = stdenv.lib.licenses.gpl2;
platforms = stdenv.lib.platforms.linux;
- broken = true;
maintainers = with stdenv.lib.maintainers; [ makefu ];
};
}
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 80a0d33cd..b1d6df67e 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -3,7 +3,7 @@ self: super: let
# This callPackage will try to detect obsolete overrides.
callPackage = path: args: let
- override = super.callPackage path args;
+ override = super.callPackage path args;
upstream = optionalAttrs (override ? "name")
(super.${(parseDrvName override.name).name} or {});
in if upstream ? "name" &&
diff --git a/makefu/5pkgs/dionaea/default.nix b/makefu/5pkgs/dionaea/default.nix
deleted file mode 100644
index fef197c20..000000000
--- a/makefu/5pkgs/dionaea/default.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub,
- libpcap, libdnet, libevent, readline, autoconf, automake, libtool, zlib, pcre,
- libev,
- ... }:
-let
- liblcfg = stdenv.mkDerivation rec {
- name = "liblcfg-${version}";
- version = "750bc90";
- src = fetchFromGitHub {
- owner = "ThomasAdam";
- repo = "liblcfg";
- rev = version;
- sha256 = "1k3r47p81paw5802jklx9xqbjrxr26pahipxn9nq3177qhxxibkr";
- };
- buildInputs = with pkgs;[ autoconf automake ];
- preConfigure = ''autoreconf -fi'';
- sourceRoot = "${name}-src/code";
- };
-in stdenv.mkDerivation rec {
- name = "liblcfg-${version}";
-
- #version = "1.5c"; #original, does not compile due to libc errors
- #src = fetchurl {
- # url = "http://www.honeyd.org/uploads/honeyd-${version}.tar.gz";
- # sha256 = "0vcih16fk5pir5ssfil8x79nvi62faw0xvk8s5klnysv111db1ii";
- #};
-
- #version = "64d087c"; # honeyd-1.6.7
- # sha256 = "0zhnn13r24y1q494xcfx64vyp84zqk8qmsl41fq2674230bn0p31";
-
- version = "6756787f94c4f1ac53d1e5545d052774a0446c04";
- src = fetchFromGitHub {
- owner = "rep";
- repo = "dionaea";
- rev = version;
- sha256 = "04zjr9b7x0rqwzgb9gfxq6pclb817gz4qaghdl8xa79bqf9vv2p7";
- };
-
- buildInputs = with pkgs;[ libtool automake autoconf ];
- configureFlags = [
- "--with-liblcfg=${liblcfg}"
- "--with-libpcap=${libpcap}"
- ];
-
- meta = {
- homepage = http://www.honeyd.org/;
- description = "virtual Honeypots";
- license = lib.licenses.gpl2;
- };
-}
diff --git a/makefu/5pkgs/farpd/default.nix b/makefu/5pkgs/farpd/default.nix
deleted file mode 100644
index 8dfcee90c..000000000
--- a/makefu/5pkgs/farpd/default.nix
+++ /dev/null
@@ -1,63 +0,0 @@
-{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub,
- libpcap, libdnet, libevent, readline, autoconf, automake, libtool, zlib, pcre,
- ... }:
-stdenv.mkDerivation rec {
- name = "farpd-${version}";
-
-
- version = "0.2";
- src = fetchurl {
- url = https://launchpad.net/ubuntu/+archive/primary/+files/farpd_0.2.orig.tar.gz ;
- sha256 = "1m3pynvynr4vgkwh7z5i0yqlang2y0ph32cys3vbi2hx2apk9abd";
- };
-
- buildInputs = with pkgs;[
- automake
- gnugrep
- libpcap
- libdnet
- pcre
- libevent.out # requires .so and .h
- readline
- autoconf
- libtool
- zlib
- coreutils
- python
- pythonPackages.pysqlite
- ];
- patches = [
- ( fetchurl {
- url = https://launchpad.net/ubuntu/+archive/primary/+files/farpd_0.2-11.diff.gz;
- sha256 = "2c246b37de8aab9c73f955fb77101adefd90637d03f582b9f8ffae2903af2f94";
- })
- ];
- # removes user install script from Makefile before automake
- #patches = [ ./autoconf.patch ];
- preConfigure = ''
- autoreconf -fi
-
- substituteInPlace configure \
- --replace "dumbnet" "dnet" \
- --replace "libpcap.a" "libpcap.so" \
- --replace "libevent.a" "libevent.so" \
- --replace "net/bpf.h" "pcap/bpf.h"
- '';
-
- makeFlags = [ "LIBS=-lz" ];
- configureFlags = [
- "--with-libpcap=${libpcap}"
- "--with-libevent=${libevent}"
- "--with-libdnet=${libdnet}"
- ];
- postInstall = ''
- mv $out/sbin/arpd $out/sbin/farpd
- mv $out/share/man/man8/arpd.8 $out/share/man/man8/farpd.8
- '';
-
- meta = {
- homepage = https://launchpad.net/ubuntu/+source/farpd/ ;
- description = "fake arp";
- license = lib.licenses.gpl2;
- };
-}
diff --git a/makefu/5pkgs/mcomix/default.nix b/makefu/5pkgs/mcomix/default.nix
index a12e2e821..7fb9cd375 100644
--- a/makefu/5pkgs/mcomix/default.nix
+++ b/makefu/5pkgs/mcomix/default.nix
@@ -11,6 +11,10 @@ python2Packages.buildPythonPackage rec {
propagatedBuildInputs = with python2Packages;
[ python2Packages.pygtk gtk3 python2Packages.pillow ];
+ # for module in sys.modules.itervalues():
+ # RuntimeError: dictionary changed size during iteration
+ doCheck = false;
+
meta = {
homepage = https://github.com/pyload/pyload;
description = "Free and Open Source download manager written in Python";
diff --git a/makefu/5pkgs/opl-utils/default.nix b/makefu/5pkgs/opl-utils/default.nix
index f4430f333..5799b8e0f 100644
--- a/makefu/5pkgs/opl-utils/default.nix
+++ b/makefu/5pkgs/opl-utils/default.nix
@@ -22,6 +22,7 @@ stdenv.mkDerivation rec {
meta = {
homepage = https://github.com/ifcaro/Open-PS2-Loader;
description = "open-ps2-loader utils (opl2iso,iso2opl,genvmc)";
- license = lib.licenses.afl3;
+ ## not yet in stable
+ # license = lib.licenses.afl3;
};
}
diff --git a/makefu/5pkgs/pfsshell/default.nix b/makefu/5pkgs/pfsshell/default.nix
new file mode 100644
index 000000000..fc6b37069
--- /dev/null
+++ b/makefu/5pkgs/pfsshell/default.nix
@@ -0,0 +1,27 @@
+{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }:
+stdenv.mkDerivation rec {
+ pname = "pfsshell";
+ version = "64f8c2";
+ name = "${pname}-${version}";
+
+ src = fetchFromGitHub {
+ owner = "makefu";
+ repo = "pfsshell";
+ rev = version;
+ sha256 = "01lbqf8s91p8id58xa16fp555i03vfycqvhv7qzpnrjy6yvp9dm8";
+ };
+
+ buildInputs = [ ];
+
+ makeFlags = [ ];
+
+ installPhase = ''
+ mkdir -p $out/bin
+ cp pfsshell $out/bin
+ '';
+
+ meta = {
+ homepage = https://github.com/uyjulian/pfsshell ;
+ description = "browse and transfer files to/from PFS filesystems";
+ };
+}
diff --git a/makefu/5pkgs/programs-db/default.nix b/makefu/5pkgs/programs-db/default.nix
deleted file mode 100644
index f40b1b96e..000000000
--- a/makefu/5pkgs/programs-db/default.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ stdenv }:
-
-stdenv.mkDerivation rec {
- name = "programs-db";
- src = builtins.fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz ;
-
- phases = [ "unpackPhase" "installPhase" ];
- installPhase = ''
- cp programs.sqlite $out
- '';
-
-}
diff --git a/makefu/5pkgs/shackie/default.nix b/makefu/5pkgs/shackie/default.nix
deleted file mode 100644
index b6cf8afe6..000000000
--- a/makefu/5pkgs/shackie/default.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ pkgs, fetchFromGitHub, ... }:
-with pkgs.python3Packages;
-let
- asyncio-irc = buildPythonPackage rec {
- name = "asyncio-irc-${version}";
- version = "2016-09-02";
- src = fetchFromGitHub {
- owner = "watchtower";
- repo = "asyncirc";
- rev = "5384d19";
- sha256 = "0xgzdvp0ig0im7r3vbqd3a9rzac0lkk2mvf7y4fw56p8k61df8nv";
- };
- propagatedBuildInputs = [ blinker ];
- };
-in
-buildPythonPackage rec {
- name = "shackie-${version}";
- version = "2017-04-24";
- propagatedBuildInputs = [
- asyncio-irc
- beautifulsoup4
- lxml
- pytz
- redis
- requests
- ];
- src = fetchFromGitHub {
- owner = "shackspace";
- repo = "shackie";
- rev = "e717ec7";
- sha256 = "1ffbjm3x2xcyxl42hfsjs5xg1pm0xsprdi5if9zxa5ycqydmiw3l";
- };
-}
diff --git a/makefu/6tests/data/secrets/torrent-secrets/auth.nix b/makefu/6tests/data/secrets/torrent-secrets/auth.nix
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/makefu/6tests/data/secrets/torrent-secrets/auth.nix
@@ -0,0 +1 @@
+{}
diff --git a/makefu/source.nix b/makefu/source.nix
index c22c82f32..79a2c535f 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -13,7 +13,13 @@ let
then "buildbot"
else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
- ref = "0f19bee"; # nixos-17.09 @ 2018-01-05
+ pkgs = import <nixpkgs> {
+ overlays = map import [
+ <stockholm/krebs/5pkgs>
+ ];
+ };
+ # TODO: automate updating of this ref + cherry-picks
+ ref = "51810e0"; # nixos-17.09 @ 2018-02-14
# + do_sqlite3 ruby: 55a952be5b5
# + signal: 0f19beef3
@@ -41,6 +47,7 @@ in
};
stockholm.file = toString <stockholm>;
+ stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
}
(mkIf ( musnix ) {
musnix.git = {
diff --git a/mv/source.nix b/mv/source.nix
index 5f6b2fe36..1a7b83961 100644
--- a/mv/source.nix
+++ b/mv/source.nix
@@ -4,6 +4,11 @@ host@{ name, override ? {} }: let
then "buildbot"
else "mv";
_file = <stockholm> + "/mv/1systems/${name}/source.nix";
+ pkgs = import <nixpkgs> {
+ overlays = map import [
+ <stockholm/krebs/5pkgs>
+ ];
+ };
in
evalSource (toString _file) [
{
@@ -18,6 +23,7 @@ in
mv = "/home/mv/secrets/${name}";
};
stockholm.file = toString <stockholm>;
+ stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
}
override
]
diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix
index c5f38c1f3..483a4f84b 100644
--- a/nin/1systems/axon/config.nix
+++ b/nin/1systems/axon/config.nix
@@ -11,6 +11,7 @@ with lib;
<stockholm/nin>
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
#../2configs/copyq.nix
+ <stockholm/nin/2configs/ableton.nix>
<stockholm/nin/2configs/games.nix>
<stockholm/nin/2configs/git.nix>
<stockholm/nin/2configs/retiolum.nix>
@@ -98,6 +99,9 @@ with lib;
enable = true;
};
+ services.xserver.displayManager.sessionCommands = ''
+ ${pkgs.xorg.xhost}/bin/xhost + local:
+ '';
services.xserver.desktopManager.xfce = let
xbindConfig = pkgs.writeText "xbindkeysrc" ''
diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix
new file mode 100644
index 000000000..343a9089d
--- /dev/null
+++ b/nin/2configs/ableton.nix
@@ -0,0 +1,20 @@
+{ config, pkgs, ... }: let
+ mainUser = config.users.extraUsers.nin;
+in {
+ users.users= {
+ ableton = {
+ isNormalUser = true;
+ extraGroups = [
+ "audio"
+ "video"
+ ];
+ packages = [
+ pkgs.wine
+ pkgs.winetricks
+ ];
+ };
+ };
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(ableton) NOPASSWD: ALL
+ '';
+}
diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix
index 9ebbaabd2..aed4a9f48 100644
--- a/nin/2configs/git.nix
+++ b/nin/2configs/git.nix
@@ -36,17 +36,6 @@ let
make-public-repo = name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
- hooks = {
- post-receive = pkgs.git-hooks.irc-announce {
- # TODO make nick = config.krebs.build.host.name the default
- nick = config.krebs.build.host.name;
- channel = "#xxx";
- server = "irc.r";
- verbose = config.krebs.build.host.name == "onondaga";
- # TODO define branches in some kind of option per repo
- branches = [ "master" ];
- };
- };
};
make-rules =
diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix
new file mode 100644
index 000000000..b078dbd53
--- /dev/null
+++ b/nin/2configs/im.nix
@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ environment.systemPackages = with pkgs; [
+ (pkgs.writeDashBin "im" ''
+ export PATH=${makeSearchPath "bin" (with pkgs; [
+ tmux
+ gnugrep
+ weechat
+ ])}
+ ssh chat@onondaga
+ if tmux list-sessions -F\#S | grep -q '^im''$'; then
+ exec tmux attach -t im
+ else
+ exec tmux new -s im weechat
+ fi
+ '')
+ ];
+}
diff --git a/nin/source.nix b/nin/source.nix
index ccf5e6acc..9fb2cb390 100644
--- a/nin/source.nix
+++ b/nin/source.nix
@@ -4,6 +4,11 @@ host@{ name, secure ? false }: let
then "buildbot"
else "nin";
_file = <stockholm> + "/nin/1systems/${name}/source.nix";
+ pkgs = import <nixpkgs> {
+ overlays = map import [
+ <stockholm/krebs/5pkgs>
+ ];
+ };
in
evalSource (toString _file) {
nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix";
@@ -12,8 +17,6 @@ in
nin = "/home/nin/secrets/${name}";
};
stockholm.file = toString <stockholm>;
- nixpkgs.git = {
- url = https://github.com/nixos/nixpkgs;
- ref = "afe9649";
- };
+ stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
+ nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
}
diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 2c4b4868e..c3418e7ee 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -42,6 +42,9 @@ let {
kirk = {
cgit.desc = "IRC tools";
};
+ kops = {
+ cgit.desc = "deployment tools";
+ };
load-env = {};
loldns = {
cgit.desc = "toy DNS server";
@@ -128,11 +131,6 @@ let {
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
- optional repo.public {
- user = attrValues config.krebs.users;
- repo = [ repo ];
- perm = fetch;
- } ++
optional (repo.collaborators or [] != []) {
user = repo.collaborators;
repo = [ repo ];
diff --git a/tv/source.nix b/tv/source.nix
index b5e3f7cd7..e5e5e0413 100644
--- a/tv/source.nix
+++ b/tv/source.nix
@@ -6,6 +6,11 @@ with import <stockholm/lib>;
}@host: let
builder = if dummy_secrets then "buildbot" else "tv";
_file = <stockholm> + "/tv/1systems/${name}/source.nix";
+ pkgs = import <nixpkgs> {
+ overlays = map import [
+ <stockholm/krebs/5pkgs>
+ ];
+ };
in
evalSource (toString _file) [
{
@@ -20,6 +25,7 @@ in
tv = "/home/tv/secrets/${name}";
};
stockholm.file = toString <stockholm>;
+ stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
}
(mkIf (builder == "tv") {
secrets-common.file = "/home/tv/secrets/common";
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 07:38:28 +0000
[cgit] Unable to lock slot /tmp/cgit/d5000000.lock: No such file or directory (2)