diff options
| author | tv <tv@krebsco.de> | 2019-04-13 14:07:30 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2019-04-13 14:07:30 +0200 |
| commit | 0430fbbbfeef5f7d6188ec70d7f084ffa1cb1a46 (patch) | |
| tree | 38daa64159448bc750de5b3c6692c7e2027ed4c7 | |
| parent | 39fba33bed71c7553da47e56c5e34a0389950c71 (diff) | |
| parent | bb2f8b9b920287df33e194a3b62d86669d8e6ddd (diff) | |
Merge remote-tracking branch 'prism/master'
152 files changed, 1965 insertions, 1799 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1946f269e..6d2f15063 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,5 +15,6 @@ nur-packages makefu: - git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD - git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git - git push --force deploy HEAD:master + - curl -XPOST http://nur-update.herokuapp.com/update?repo=makefu after_script: - rm -f deploy.key diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index ad58226f6..b9bb021b8 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -1,13 +1,15 @@ -# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, lib, ... }: +let + xmonad-jeschli = pkgs.callPackage <stockholm/jeschli/5pkgs/simple/xmonad-jeschli> { inherit config; }; +in { imports = [ <stockholm/jeschli> ./hardware-configuration.nix <stockholm/jeschli/2configs/urxvt.nix> - <stockholm/jeschli/2configs/emacs.nix> - <stockholm/jeschli/2configs/xdg.nix> - <stockholm/jeschli/2configs/xserver> +# <stockholm/jeschli/2configs/emacs.nix> +# <stockholm/jeschli/2configs/xdg.nix> +# <stockholm/jeschli/2configs/xserver> <stockholm/jeschli/2configs/steam.nix> <stockholm/jeschli/2configs/virtualbox.nix> ]; @@ -32,28 +34,31 @@ nixpkgs.config.allowUnfree = true; environment.shellAliases = { - n = "nix-shell"; - stocki = pkgs.writeDash "deploy" '' - cd ~/stockholm - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="brauerei"' - ''; + # emacs aliases + ed = "emacsclient"; + edc = "emacsclient --create-frame"; + # nix aliases + ns = "nix-shell"; + # krops deploy = pkgs.writeDash "deploy" '' set -eu export SYSTEM="$1" $(nix-build $HOME/stockholm/jeschli/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; - }; + }; environment.systemPackages = with pkgs; [ - # system helper + # system helper + acpi ag - curl copyq + curl dmenu git i3lock keepass networkmanagerapplet + pavucontrol rsync terminator tmux @@ -61,16 +66,17 @@ # editors emacs # internet - thunderbird chromium + firefox google-chrome + thunderbird # programming languages elixir elmPackages.elm exercism - go gcc ghc + go python35 python35Packages.pip (vagrant.override { @@ -84,23 +90,28 @@ }); }; }) - # go tools - golint - gotools - # rust - cargo - rustc # dev tools gnumake + jetbrains.goland jetbrains.pycharm-professional jetbrains.webstorm - jetbrains.goland # document viewer evince zathura + # go tools + golint + gotools + # rust + cargo + rustracer + rustup + vscode + # orga tools + taskwarrior # xorg xorg.xbacklight - taskwarrior + # tokei + tokei ]; # Some programs need SUID wrappers, can be configured further or are @@ -113,29 +124,32 @@ # Enable the OpenSSH daemon. services.openssh.enable = true; + services.emacs.enable = true; - services.xserver = { - - # Don't install feh into systemPackages - # refs <nixpkgs/nixos/modules/services/x11/desktop-managers> - desktopManager.session = lib.mkForce []; - displayManager.lightdm.enable = lib.mkForce false; - displayManager.job.execCmd = lib.mkForce "derp"; + virtualisation.docker.enable = true; + services.xserver = { enable = true; - display = lib.mkForce 11; - tty = lib.mkForce 11; - dpi = 144; + desktopManager = { + xfce.enable = true; + gnome3.enable = true; + }; -# videoDrivers = [ "nvidia" ]; - synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; + windowManager = { + session = [{ + name = "xmonad"; + start = '' + ${xmonad-jeschli}/bin/xmonad & + waitPID=$! + ''; + } + ]; }; }; + services.xserver.windowManager.i3.enable = true; + users.extraUsers.jeschli = { # TODO: define as krebs.users isNormalUser = true; extraGroups = ["docker" "vboxusers" "audio"]; @@ -151,6 +165,7 @@ config.krebs.users.lass.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" + "ssh-rsa AAAAB4NzaC1yc2EAAAADAQABAAACAQC1x9+OtNfwv6LxblnLHeBElxoxLfaYUyvqMrBgnrlkaPjylPv711bvPslnt+YgdPsZQLCoQ2t5f0x0j7ZOMYE9eyRrnr67ITO+Od05u3eCypWOZulekkDL0ZDeYdvoZKOWnbKWnQVRfYuLOEL/g5/9E7MLtIdID8e98b/qHzs/+wmuuDR3zHCNic0BKixgET/EgFvLWezWxJ6D/TTv/5sDAfrC+RUN8ad14sxjKIkS3nkAlm8bhrCxQKaHLUcCJWiweW0gPWYSlp64VHS5lchvqCJlPYQdx0XbwolvlLYru0w74ljLbi3eL35GFFyHSeEjQ73EtVwo53uVKTy7SAORU7JNg6xL9H3ChOLOknN9oHs1K7t/maMsATle0HAFcTuaOhELUmHM8dCJh3nPVWIkzHQ4o3fyaogrpt7/V5j6R1/Ozn7P9n4OdqrjiaWqHlz/XHeYNNWte+a0EW+NubC83yS0Cu3uhZ36C3RET2vNM25CyYOBn4ccClAozayQIb6Cif0tCafMRPgkSlogQd8+SqNZpTnmtllIT3VnT5smgrufy6HETDkrHjApDrsqLtMCFY83RFwt4QLv/L93O7IsGifzmEfD9qD7YBSMNs8ihBIUXPk9doHXvYS506YroxWOxe/C0rzzbaogxQT6JMd1ozfXitRD9v7iBIFAT4Kzjw== christopher.kilian@dcso.de" ]; }; diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix deleted file mode 100644 index eb2ba179e..000000000 --- a/jeschli/1systems/reagenzglas/config.nix +++ /dev/null @@ -1,145 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - <stockholm/jeschli> - ./hardware-configuration.nix - ]; - - # Use the GRUB 2 boot loader. - # boot.loader.grub.enable = true; - # boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - # Define on which hard drive you want to install Grub. -# boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538844584d30"; # or "nodev" for efi only - - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-id/wwn-0x5002538844584d30-part2"; - preLVM = true; - allowDiscards = true; - } - ]; -# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.networkmanager.enable = true; - # Select internationalisation properties. - # i18n = { - # consoleFont = "Lat2-Terminus16"; - # consoleKeyMap = "us"; - # defaultLocale = "en_US.UTF-8"; - # }; - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget - nixpkgs.config.allowUnfree = true; - environment.shellAliases = { n = "nix-shell"; }; - environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; - environment.systemPackages = with pkgs; [ - # system helper - ag - curl - copyq - dmenu - git - i3lock - keepass - networkmanagerapplet - rsync - terminator - tmux - wget - rxvt_unicode - # editors - emacs - # internet - thunderbird - chromium - google-chrome - # programming languages - go - gcc - ghc - python35 - python35Packages.pip - # go tools - golint - gotools - # dev tools - gnumake - # document viewer - zathura - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01 markus@reaganzglas" - ]; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable the X11 windowing system. - services.xserver.enable = true; - services.xserver.layout = "us"; - services.xserver.xkbOptions = "eurosign:e"; - - # Enable touchpad support. - services.xserver.libinput.enable = true; - - # Enable the KDE Desktop Environment. - services.xserver.displayManager.sddm.enable = true; - services.xserver.windowManager.xmonad.enable = true; - services.xserver.windowManager.xmonad.enableContribAndExtras = true; - - # services.xserver.desktopManager.plasma5.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.extraUsers.jeschli = { - isNormalUser = true; - uid = 1000; - }; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "18.03"; # Did you read the comment? - - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - export GOPATH=$HOME/go - export PATH=$PATH:$GOPATH/bin - ''; - }; - - krebs.build.host = config.krebs.hosts.reagenzglas; - - hardware.bluetooth.enable = true; -} diff --git a/jeschli/1systems/reagenzglas/hardware-configuration.nix b/jeschli/1systems/reagenzglas/hardware-configuration.nix deleted file mode 100644 index a6ab3f16e..000000000 --- a/jeschli/1systems/reagenzglas/hardware-configuration.nix +++ /dev/null @@ -1,33 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/09130cf7-b71b-42ab-9fa3-cb3c745f1fc9"; - fsType = "ext4"; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/8bee50b3-5733-4373-a966-388def141774"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/DA40-AC19"; - fsType = "vfat"; - }; - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 8; -# powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index 5fc887477..4f5b690f2 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -15,6 +15,7 @@ let (add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/"))) (package-initialize) ''; + evilMode = '' ;; Evil Mode (require 'evil) @@ -25,6 +26,22 @@ let ;; (require 'evil-org-agenda) ;; (evil-org-agenda-set-keys) ''; + + goMode = '' + (add-to-list 'exec-path "~/go/bin") + (add-hook 'go-mode-hook + (lambda () + (setq-default) + (setq tab-width 2) + (setq standard-indent 2) + (setq indent-tabs-mode nil))) + ''; + + ido = '' + (require 'ido) + (ido-mode t) + ''; + windowCosmetics = '' (menu-bar-mode -1) (tool-bar-mode -1) ; Disable the button bar atop screen @@ -37,46 +54,68 @@ let (setq visible-bell nil) ; Disable annoying visual bell graphic (setq ring-bell-function 'ignore) ; Disable super annoying audio bell ''; + orgMode = '' (add-to-list 'auto-mode-alist '("\\.\\(org\\|org_archive\\|txt\\)$" . org-mode)) (global-set-key "\C-cl" 'org-store-link) (global-set-key "\C-ca" 'org-agenda) (global-set-key "\C-cb" 'org-iswitchb) + (global-set-key "\C-c L" 'org-insert-link-global) + (global-set-key "\C-c o" 'org-open-at-point-global) (setq org-link-frame-setup '((file . find-file))) ; open link in same frame. (if (boundp 'org-user-agenda-files) (setq org-agenda-files org-user-agenda-files) (setq org-agenda-files (quote ("~/projects/notes"))) ) ''; + theme = '' - (load-theme 'monokai-alt) + (load-theme 'monokai-alt t) ''; + recentFiles = '' (recentf-mode 1) (setq recentf-max-menu-items 25) (global-set-key "\C-x\ \C-r" 'recentf-open-files) ''; + dotEmacs = pkgs.writeText "dot-emacs" '' ${evilMode} + ${goMode} + ${ido} ${packageRepos} ${orgMode} ${recentFiles} ${theme} ${windowCosmetics} ''; + emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ + epkgs.melpaPackages.ag epkgs.melpaPackages.evil epkgs.melpaStablePackages.magit epkgs.melpaPackages.nix-mode epkgs.melpaPackages.go-mode + epkgs.melpaPackages.haskell-mode epkgs.melpaPackages.google-this epkgs.melpaPackages.monokai-alt-theme + epkgs.melpaPackages.rust-mode ]); + myEmacs = pkgs.writeDashBin "my-emacs" '' exec ${emacsWithCustomPackages}/bin/emacs -q -l ${dotEmacs} "$@" ''; + + myEmacsWithDaemon = pkgs.writeDashBin "my-emacs-daemon" '' + exec ${emacsWithCustomPackages}/bin/emacs -q -l ${dotEmacs} --daemon + ''; + + myEmacsClient = pkgs.writeDashBin "meclient" '' + exec ${emacsWithCustomPackages}/bin/emacsclient --create-frame + ''; + in { environment.systemPackages = [ - myEmacs + myEmacs myEmacsWithDaemon myEmacsClient ]; } diff --git a/jeschli/2configs/xserver/default.nix b/jeschli/2configs/xserver/default.nix index ec3977c7e..44c35ca37 100644 --- a/jeschli/2configs/xserver/default.nix +++ b/jeschli/2configs/xserver/default.nix @@ -51,6 +51,12 @@ in { ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} & ${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} & ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & + ${config.services.xserver.displayManager.sessionCommands} + if test -z "$DBUS_SESSION_BUS_ADDRESS"; then + exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" "" + fi + export DBUS_SESSION_BUS_ADDRESS + ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS wait ''; diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix index 827c77b77..8066984be 100644 --- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix +++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix @@ -73,7 +73,6 @@ main = getArgs >>= \case mainNoArgs :: IO () mainNoArgs = do - workspaces0 <- getWorkspaces0 handleShutdownEvent <- newShutdownEventHandler xmonad -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 } @@ -85,7 +84,7 @@ mainNoArgs = do { terminal = urxvtcPath , modMask = mod4Mask , keys = myKeys - , workspaces = workspaces0 + , workspaces = ["comms", "org", "dev"] , layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent --, handleEventHook = handleTimerEvent @@ -93,7 +92,7 @@ mainNoArgs = do , startupHook = do setWMName "LG3D" whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) - (\path -> forkFile path [] Nothing) <+> setWMName "LG3D" + (\path -> forkFile path [] Nothing) , normalBorderColor = "#1c1c1c" , focusedBorderColor = "#f000b0" , handleEventHook = handleShutdownEvent @@ -152,7 +151,6 @@ myKeys conf = Map.fromList $ , ((0 , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) ) , ((_S , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) ) , ((_C , xK_Print ), toggleWS) - , ((_4 , xK_Print ), rhombus horseConfig (liftIO . hPutStrLn stderr) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] ) -- %! Rotate through the available layout algorithms , ((_4 , xK_space ), sendMessage NextLayout) diff --git a/jeschli/krops.nix b/jeschli/krops.nix index 989abcdd0..dbf94bd0d 100644 --- a/jeschli/krops.nix +++ b/jeschli/krops.nix @@ -12,10 +12,7 @@ secrets = if test then { file = toString ./2configs/tests/dummy-secrets; } else { - pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; + file = "${lib.getEnv "HOME"}/secrets/${name}"; }; } ]; diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 916073375..f68c8ce50 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -21,5 +21,4 @@ boot.isContainer = true; networking.useDHCP = false; - environment.variables.NIX_REMOTE = "daemon"; } diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index e12367b7c..0f00cd381 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -2,10 +2,10 @@ with import <stockholm/lib>; let - gunicorn = pkgs.pythonPackages.gunicorn; + gunicorn = pkgs.python3Packages.gunicorn; bepasty = pkgs.bepasty; - gevent = pkgs.pythonPackages.gevent; - python = pkgs.pythonPackages.python; + gevent = pkgs.python3Packages.gevent; + python = pkgs.python3Packages.python; cfg = config.krebs.bepasty; out = { diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 9c2f53cbe..567c077eb 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -48,6 +48,7 @@ let ./rtorrent.nix ./secret.nix ./setuid.nix + ./syncthing.nix ./tinc.nix ./tinc_graphs.nix ./urlwatch.nix diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 1f80906f8..c9715cb85 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -299,6 +299,33 @@ in { }; }; }; + toastbrot = { + owner = config.krebs.users.jan; + nets = { + retiolum = { + ip4.addr = "10.243.117.12"; + aliases = [ + "toastbrot.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP + 2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc + yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj + DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3 + r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT + PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY + Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO + IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g + fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH + Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3 + uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B + 4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; tpsw = { cores = 2; owner = config.krebs.users.ciko; # main laptop @@ -411,6 +438,9 @@ in { mail = "dickbutt@excogitation.de"; pubkey = ssh-for "exco"; }; + jan = { + mail = "jan.heidbrink@posteo.de"; + }; kmein = { mail = "kieran.meinhardt@gmail.com"; pubkey = ssh-for "kmein"; diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 4a8af435b..9f5b1bd6a 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -47,42 +47,6 @@ in { }; }; }; - reagenzglas = { - nets = { - retiolum = { - ip4.addr = "10.243.27.27"; - aliases = [ - "reagenzglas.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P - bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0 - utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO - 2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5 - hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u - mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW - 8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06 - aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw - pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu - 3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/ - lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5 - +IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz - 9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli - PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0 - ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn - GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE - hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2 - ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX - vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe - G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44 - 5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x - Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; enklave = { nets = rec { internet = { diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 630c14f18..a3b8cab39 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -106,6 +106,7 @@ in { }; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; + syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU"; }; archprism = { cores = 1; @@ -204,6 +205,7 @@ in { secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; + syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH"; }; shodan = { cores = 2; @@ -270,6 +272,7 @@ in { secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj"; + syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4"; }; daedalus = { cores = 2; @@ -324,10 +327,18 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "5ce7"; + aliases = [ + "skynet.w" + ]; + wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU="; + }; }; secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t"; + syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3"; }; littleT = { cores = 2; @@ -365,10 +376,18 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "771e"; + aliases = [ + "littleT.w" + ]; + wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg="; + }; }; secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; + syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD"; }; red = { monitoring = false; @@ -474,7 +493,48 @@ in { }; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; + syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD"; }; + + green = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.66"; + ip6.addr = r6 "12ee"; + aliases = [ + "green.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk + uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx + ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477 + n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI + hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6 + m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6 + BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1 + pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy + 2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk + UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA + udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT + 3MVh92sFyMVYkJcL7SISk80CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "12ee"; + aliases = [ + "green.w" + ]; + wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk="; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 "; + syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM"; + }; + phone = { nets = { wiregrill = { @@ -482,11 +542,12 @@ in { aliases = [ "phone.w" ]; - wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw="; + wireguard.pubkey = "MRicxap2VxPnzmXoOqqjQNGWJ54cQC8Tfy28+IXXsxM="; }; }; external = true; ci = false; + syncthing.id = "DUFMX7V-HNR6WXM-LZB5LJE-TM6QIOH-MTGHEUJ-QSD3XIY-YRFJLOR-G6Y3XQB"; }; morpheus = { cores = 1; diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa index 3d35b76e4..675ba8df2 100644 --- a/krebs/3modules/lass/ssh/android.rsa +++ b/krebs/3modules/lass/ssh/android.rsa @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPH4c2zQCaCmus4T9GvaY1lrgVR9CKV3Fx1vRn1K1XB u0_a194@android +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPF7RHU4q6w1f3xWcfeAD6u23jDs2fd/H3IuxdT5G1ZL diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e60bbee70..b38c9104f 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -5,442 +5,104 @@ with import <stockholm/lib>; { config, ... }: let - hostDefaults = hostName: host: flip recursiveUpdate host ({ - owner = config.krebs.users.makefu; - } // optionalAttrs (host.nets?retiolum) { - nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; - }); + hostDefaults = hostName: host: foldl' recursiveUpdate {} [ + { + owner = config.krebs.users.makefu; + } + # Retiolum defaults + (let + pubkey-path = ./retiolum + "/${hostName}.pub"; + in optionalAttrs (pathExists pubkey-path) { + nets.retiolum = { + tinc.pubkey = readFile pubkey-path; + aliases = [ + "${hostName}.r" + ]; + ip6.addr = + (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; + }; + }) + # Wiregrill defaults + (let + pubkey-path = ./wiregrill + "/${hostName}.pub"; + in optionalAttrs (pathExists pubkey-path) { + nets.wiregrill = { + aliases = [ + "${hostName}.w" + ]; + ip6.addr = + (krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address; + wireguard.pubkey = readFile pubkey-path; + }; + }) + # SSHD defaults + (let + pubkey-path = ./sshd + "/${hostName}.pub"; + in optionalAttrs (pathExists pubkey-path) { + ssh.pubkey = readFile pubkey-path; + # We assume that if the sshd pubkey exits then there must be a privkey in + # the screts store as well + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + }) + host + ]; pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); - + w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address; in { hosts = mapAttrs hostDefaults { cake = rec { cores = 4; ci = false; nets = { - retiolum = { - ip4.addr = "10.243.136.236"; - aliases = [ - "cake.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu - jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+ - MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq - 6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7 - 36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP - MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.136.236"; }; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake"; }; crapi = rec { # raspi1 cores = 1; ci = false; nets = { - retiolum = { - ip4.addr = "10.243.136.237"; - aliases = [ - "crapi.r" - ]; - tinc.pubkey = '' - Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66 - OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L - R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk - OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME - di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl - bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.136.237"; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi"; }; - drop = rec { - ci = false; - cores = 1; + firecracker = { + cores = 4; nets = { - retiolum = { - ip4.addr = "10.243.177.9"; - aliases = [ - "drop.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl - 6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI - GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW - 0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C - Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT - F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.12.12"; }; }; + studio = rec { ci = false; cores = 4; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; nets = { - retiolum = { - ip4.addr = "10.243.227.163"; - aliases = [ - "studio.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti - cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk - GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI - jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1 - 78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu - 8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.227.163"; }; }; - fileleech = rec { ci = false; cores = 4; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; nets = { - retiolum = { - ip4.addr = "10.243.113.98"; - aliases = [ - "fileleech.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF - 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K - YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait - nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z - e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V - UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - latte = rec { - ci = false; - cores = 1; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - # ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; - nets = { - internet = { - ip4.addr = "185.215.224.160"; - aliases = [ - "latte.i" - ]; - }; - retiolum = { - ip4.addr = "10.243.80.249"; - aliases = [ - "latte.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU - 5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo - r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf - 43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4 - GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6 - vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - pnp = { - ci = false; - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.0.210"; - aliases = [ - "pnp.r" - "cgit.pnp.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAugkgEK4iy2C5+VZHwhjj/q3IOhhazE3TYHuipz37KxHWX8ZbjH+g - Ewtm79dVysujAOX8ZqV8nD8JgDAvkIZDp8FCIK0/rgckhpTsy1HVlHxa7ECrOS8V - pGz4xOxgcPFRbv5H2coHtbnfQc4GdA5fcNedQ3BP3T2Tn7n/dbbVs30bOP5V0EMR - SqZwNmtqaDQxOvjpPg9EoHvAYTevrpbbIst9UzCyvmNli9R+SsiDrzEPgB7zOc4T - TG12MT+XQr6JUu4jPpzdhb6H/36V6ADCIkBjzWh0iSfWGiFDQFinD+YSWbA1NOTr - Qtd1I3Ov+He7uc2Z719mb0Og2kCGnCnPIwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - darth = { - ci = false; - cores = 4; - nets = { - retiolum = { - ip4.addr = "10.243.0.84"; - aliases = [ - "darth.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA1pWNU+FY9XpQxw6srUb5mvGFgqSyJQAelFoufZng6EFeTnAzQOdq - qT7IWN+o3kSbQQsC2tQUnRYFoPagsgFP610D+LGwmeJlNgAf23gBI9ar1agUAvYX - yzYBj7R9OgGXHm6ECKwsxUJoGxM4L0l6mk/rTMVFnzgYPbpVJk1o6NPmiZhW8xIi - 3BfxJUSt8rEQ1OudCirvdSr9uYv/WMR5B538wg4JeQK715yKEYbYi8bqOPnTvGD8 - q5HRwXszWzCYYnqrdlmXzoCA1fT4vQdtov+63CvHT2RV7o42ruGZbHy7JIX9X3IE - u0nA8nZhZ5byhWGCpDyr6bTkvwJpltJypQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - siem = { - ip4.addr = "10.8.10.2"; - ip4.prefix = "10.8.10.0/24"; - aliases = [ - "darth.siem" - ]; - tinc.pubkey = '' - Ed25519PublicKey = 24t9ye4gRLg6UbVxBvuuDlvU/cnByxMjYjym4LO6GkK - -----BEGIN RSA PUBLIC KEY----- - MIIBCQKCAQEApcUeTecVahqNIfLEkfgNiaW+eHQ9Y90DxHhy9vdPZh8dmLqoFBoW - TCPcZIRpyj7hxRkNIhh34Ewpul0oQ1tzrUGcT2xvMNwaCupRDmhZn9jR9aFFEYKb - fUOplCxb4y2UKbWAA6hie3PKH9wnPfbwSsexb2BSQAqSt4iNIVCV6j7LXpiopbGS - Exs3/Pz+IeMtGyuMYA3rUmJsVRKR1o7axLtlhYK7JSMbqdYhaQJ4NZrvIXw//w21 - kM/TJTPZ4j47ME18jQInO62X5h+xVch6DtvwvjBMMMKbS0am9qw1P3qo7MP3PmQh - rvVQRth8L63q4NLOnT29XmnxPSVGL1PBQQICEAE= - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - ossim = { # vm on darth - nets = { - siem = { - ip4.addr = "10.8.10.6"; - ip4.prefix = "10.8.10.0/24"; - aliases = [ - "ossim.siem" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl - RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL - cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand - mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd - dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL - WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - honeydrive = { # vm on darth - nets = { - internet = { # via shoney - ip4.addr = "64.137.234.232"; - aliases = [ - "honeydrive.i" - ]; - }; + retiolum.ip4.addr = "10.243.113.98"; }; }; tsp = { ci = true; cores = 1; nets = { - retiolum = { - ip4.addr = "10.243.0.212"; - aliases = [ - "tsp.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi - HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3 - mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+ - n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG - R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr - Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi - aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo - ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE - KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v - XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ - teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.0.212"; }; }; x = { ci = true; cores = 4; nets = { - retiolum = { - ip4.addr = "10.243.0.91"; - aliases = [ - "x.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG - RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA - kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD - JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2 - 2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf - +h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - siem = { - ip4.addr = "10.8.10.4"; - ip4.prefix = "10.8.10.0/24"; - aliases = [ - "makefu.siem" - ]; - tinc.pubkey = '' - Ed25519PublicKey = rFTglGxm563e/w82Q9Qqy/E+V/ipT4DOTyTuYrWrtmI - -----BEGIN RSA PUBLIC KEY----- - MIIBCQKCAQEAx+OQXQj6rlXIByo48JZXSexRz5G5oJVZTHAJ0GF5f70U65C0x83p - XtNp4LGYti+cyyzmQjf/N7jr2CxUlOATN2nRO4CT+JaMM2MoqnPWqTZBPMDiHq2y - ce0zjLPPl0hVc5mg+6F0tgolbUvTIo2CgAIl5lNvJiVfmXRSehmMprf1NPkxJd/O - vAOD7mgnCjkEAWElf1cfxSGZqSLbNltRK340nE5x6A5tY7iEueP/r9chEmOnVjKm - t+GJAJIe1PClWJHJYAXF8I7R3g+XQIqgw+VTN3Ng5cS5W/mbTFIzLWMZpdZaAhWR - 56pthtZAE5FZ+4vxMpDQ4yeDu0b6gajWNQICEAE= - -----END RSA PUBLIC KEY----- - ''; - }; - #wiregrill = { - # aliases = [ - # "x.w" - # ]; - # wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - #}; - }; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x"; - - }; - - vbob = { - ci = true; - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.1.91"; - aliases = [ - "vbob.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr - 4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI - AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP - hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o - Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s - AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB - -----END RSA PUBLIC KEY----- - ''; + retiolum.ip4.addr = "10.243.0.91"; + wiregrill = { + # defaults }; }; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPLTMl+thSq77cjYa2XF7lz5fA7JMftrLo8Dy/OBXSg root@nixos"; - }; - pigstarter = rec { - cores = 1; - extraZones = { - "krebsco.de" = '' - euer IN MX 1 aspmx.l.google.com. - nixos.unstable IN CNAME krebscode.github.io. - boot IN A ${nets.internet.ip4.addr} - ''; - }; - nets = { - internet = { - ip4.addr = "192.40.56.122"; - ip6.addr = "2604:2880::841f:72c"; - aliases = [ - "pigstarter.i" - ]; - }; - retiolum = { - ip4.addr = "10.243.0.153"; - aliases = [ - "pigstarter.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA/efJuJRLUIZROe3QE8WYTD/zyNGRh9I2/yw+5It9HSNVDMIOV1FZ - 9PaspsC+YQSBUQRN8SJ95G4RM6TIn/+ei7LiUYsf1Ik+uEOpP5EPthXqvdJEeswv - 3QFwbpBeOMNdvmGvQLeR1uJKVyf39iep1wWGOSO1sLtUA+skUuN38QKc1BPASzFG - 4ATM6rd2Tkt8+9hCeoePJdLr3pXat9BBuQIxImgx7m5EP02SH1ndb2wttQeAi9cE - DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv - sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - wry = rec { - ci = false; - cores = 1; - extraZones = { - "krebsco.de" = '' - wry IN A ${nets.internet.ip4.addr} - tinc IN A ${nets.internet.ip4.addr} - ''; - }; - nets = rec { - internet = { - ip4.addr = "104.233.87.86"; - aliases = [ - "wry.i" - ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.169"; - aliases = [ - "wry.r" - "graph.wry.r" - "paste.wry.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAs9bq++H4HF8EpZMfWGfoIsh/C+YNO2pg74UPBsP/tFFe71yzWwUn - U9LW0n3bBqCMQ/oDthbSMwCkS9JzcUi22QJEdjbQs/aay9gZR115b+UxWPocw0Ms - ZoREKo3Oe0hETk7Ing8NdBDI0kCBh9QnvqQ3iKd0rBae3DYvcWlDsY93GLGMddgA - 7E9oa3EHVYH/MPZaeJtTknaJduanBSbiEb/xQOqxTadHoQASKU6DQD1czMH3hLG2 - 8Wn4MBj9fgKBAoIy092tIzPtE2QwAHO73yz4mSW/3r190hREgVbjuEPiw4w5mEyQ - j+NeN3f3heFKx+GCgdWH9xPw6m6qPdqUiGUPq91KXMOhNa8lLcTp95mHdCMesZCF - TFj7hf6y+SVt17Vo+YUL7UqnMtAm3eZZmwyDu0DfKFrdgz6MtDD+5dQp9g8VHpqw - RfbaB1Srlr24EUYYoOBEF9CcIacFbsr+MKh+hQk5R0uEMSeAWARzxvvr69iMgdEC - zDiu0rrRLN+CrfgkDir7pkRKxeA1lz8KpySyIZRziNg6mSHjKjih4++Bbu4N2ack - 86h84qBrA8lq2xsub4+HgKZGH2l5Y8tvlr+rx0mQKEJkT6XDKCXZFPfl2N0QrWGT - Dv7l2vn0QMj9E6+BdRhYaO/m3+cIZ9faM851nRj/gq2OOtzW3ekrne0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry"; }; filepimp = rec { ci = false; @@ -452,22 +114,7 @@ in { "filepimp.lan" ]; }; - retiolum = { - ip4.addr = "10.243.153.102"; - aliases = [ - "filepimp.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg - 3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS - wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR - oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X - UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB - 8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.153.102"; }; }; @@ -489,68 +136,27 @@ in { "dcpp.omo.r" "torrent.omo.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM - ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn - sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm - s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6 - GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6 - 5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB - -----END RSA PUBLIC KEY----- - ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH"; }; wbob = rec { ci = true; cores = 4; nets = { - siem = { - ip4.addr = "10.8.10.7"; - ip4.prefix = "10.8.10.0/24"; - aliases = [ "display.siem" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA+/TpxsVIBL9J9QAe/+jB6sgu/O6J+KY4YrAzZ6dM4kbFv5JA64f5 - 6znv8EFqn6loS9Aez3e08P5scyGjiwWytdKN5Yztlffc0xDD7MUU2RiCsQF1X74J - +1i8NhSq3PJ6UeUURxYYnAYzBlFvsxev4vpniFTsIR9tmcAYX9NT9420D6nV7xq7 - FdkoBlYj4eUQqQzHH1T/Lmt+BGmf+BufIJas+Oo/Sg59vIk9OM08WyAjHVT2iNbg - LXDhzVaeGOOM3GOa0YGG0giM3Rd245YPaPiVbwrMy8HQRBpMzXOPjcC1nYZSjxrW - LQxtRS+dmfEMG7MJ8T2T2bseX6z6mONc1QIDAQAB - -----END RSA PUBLIC KEY----- - -----BEGIN ED25519 PUBLIC KEY----- - 3JGeGnADWR+hfb4TEoHDyopEYgkfGNJKwy71bqcsNrO - -----END ED25519 PUBLIC KEY----- - ''; - }; retiolum = { ip4.addr = "10.243.214.15"; aliases = [ "wbob.r" "hydra.wbob.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e - QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal - cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8 - khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs - rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9 - TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB - -----END RSA PUBLIC KEY----- - ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; gum = rec { ci = true; extraZones = { "krebsco.de" = '' + boot IN A ${nets.internet.ip4.addr} boot.euer IN A ${nets.internet.ip4.addr} cache.euer IN A ${nets.internet.ip4.addr} cache.gum IN A ${nets.internet.ip4.addr} @@ -558,6 +164,7 @@ in { dl.euer IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr} euer IN A ${nets.internet.ip4.addr} + euer IN MX 1 aspmx.l.google.com. ghook IN A ${nets.internet.ip4.addr} git.euer IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} @@ -566,6 +173,7 @@ in { iso.euer IN A ${nets.internet.ip4.addr} mon.euer IN A ${nets.internet.ip4.addr} netdata.euer IN A ${nets.internet.ip4.addr} + nixos.unstable IN CNAME krebscode.github.io. o.euer IN A ${nets.internet.ip4.addr} photostore IN A ${nets.internet.ip4.addr} pigstarter IN A ${nets.internet.ip4.addr} @@ -586,17 +194,21 @@ in { "nextgum.i" ]; }; - #wiregrill = { - # via = internet; - # aliases = [ - # "gum.w" - # ]; - # wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; - #}; + wiregrill = { + via = internet; + ip6.addr = w6 "1"; + wireguard = { + subnets = [ + (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR + (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR + ]; + }; + }; retiolum = { via = internet; ip4.addr = "10.243.0.213"; aliases = [ + "gum.r" "backup.makefu.r" "blog.gum.r" "blog.makefu.r" @@ -605,7 +217,6 @@ in { "dcpp.gum.r" "dcpp.nextgum.r" "graph.r" - "gum.r" "logs.makefu.r" "netdata.makefu.r" "nextgum.r" @@ -617,91 +228,15 @@ in { "wiki.gum.r" "wiki.makefu.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY - BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 - i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 - 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS - u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa - OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB - -----END RSA PUBLIC KEY----- - ''; }; }; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; - shoney = rec { - ci = false; - cores = 1; - nets = rec { - siem = { - via = internet; - ip4.addr = "10.8.10.1"; - ip4.prefix = "10.8.10.0/24"; - aliases = [ - "shoney.siem" - "graph.siem" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0OK28PHsMGMxAqVRiRGv93zzEWJgV3hMFquWrpbYC3OZwHDYcNHu - 74skwRRwwnbcq0ZtWroEvUTmZczuPt2FewdtuEutT7uZJnAYnzSOrB9lmmdoXKQU - l4ho1LEf/J0sMBi7RU/OJosuruQTAl53ca5KQbRCXkcPlmq4KzUpvgPINpEpYQjB - CGC3ErOvw2jXESbDnWomYZgJl3uilJUEYlyQEwyWVG+fO8uxlz9qKLXMlkoJTbs4 - fTIcxh7y6ZA7QfMN3Ruq1R66smfXQ4xu1hybvqL66RLiDQgH3BRyKIgobS1UxI4z - L+xhIsiMXQIo2hv8aOUnf/7Ac9DXNR83GwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.port = 1655; - }; - internet = { - ip4.addr = "64.137.234.215"; - aliases = [ - "shoney.i" - ]; - }; - retiolum = { - ip4.addr = "10.243.205.131"; - aliases = [ - "shoney.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL - ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4 - okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht - M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO - +DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5 - uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; sdev = rec { ci = true; cores = 1; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev"; nets = { - retiolum = { - ip4.addr = "10.243.83.237"; - aliases = [ - "sdev.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA8BwHwQ4pLZpskVnQONJsmzRPll4ZKMjAC56sY5p+GfT9ZBMkVDn+ - LeH9wuTRiX/ehgtBiyu8w37cz62hz/71H+3mnWJlTm9bbBTc5N0y8l9b+YYeExW4 - XPm4bUbJWKNRG9tHQAns/OREYDsHLsY6UoyNFmB0wTDpgs7egDCoe7E2eT+pG428 - ysCDYlaZaigOyW+bj/HFLj8FSfpF5C/ug7NE/D7QocadsRUiLtVYrJsfmT+KHWf+ - f5rLWLvuFiz1SWf7wZ9sICF3RCaC9Qhz7zplgHbvwbOHtF+Z/6DxduRMkggZUsUD - nm+40Ex1XJTe+s4V4GKLgh/fDKBTS6JwewIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.83.237"; }; }; @@ -725,19 +260,6 @@ in { }; retiolum = { ip4.addr = "10.243.211.172"; - aliases = [ - "flap.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy - 2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM - 8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn - 3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL - hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr - Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB - -----END RSA PUBLIC KEY----- - ''; }; }; }; @@ -747,108 +269,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.231.219"; - aliases = [ - "nukular.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/ - gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97 - gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP - H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4 - tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P - meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - heidi = rec { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.124.21"; - aliases = [ - "heidi.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqRLnAJNZ1OoO1bTS58DQgxi1VKgITHIuTW0fVGDvbXnsjPUB3cgx - 1GEVtLc0LN6R9wrPKDaqHS6mkiRSDVScaW/FqkdFhTDaBJy8LfomL9ZmkU9DzkvQ - jncDjr0WoR+49rJHYsUULp1fe98Ev+y3VwVdJOOH92pAj1CAAUdtfG7XcGyHznYY - ZNLriGZe3l1AwsWMEflzHLeXcKQ/ZPOrjZ4EFVvfGfdQdJ24UUF3r4sBypYnasmA - q8lCw9rCrFh1OS6mHLC9qsvGfal6X4x2/xKc5VxZD4MQ/Bp7pBi1kwfHpKoREFKo - w/Jr3oG/uDxMGIzphGX185ObIkZ1wl/9DwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - - lariat = rec { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.64.7"; - aliases = [ - "lariat.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqiDzxADQYY8cWBH+R5aKSoxaFHLvPvVMgB7R1Y6QVTqD5YUCuINX - eBLFV9idHnHzdZU+xo/c8EFQf0hvyP0z3bcXaiw+RlpEYdK6tuaypJ3870toqWmA - 269H8ufA3DA0hxlY7dwnhg8Rb7KGIlNN8fy4RMGe73PupF5aAmiDiEhPalv4E0qJ - unmk5y1OHQFPxYm++yLo5SVFlcO89jDtGpvg5papp8JvtxTkrshby1lXf/sph3Cv - d1z6h7S+HgT+BMwTZY5dIrwYAcob/t1sRmWsY62P1n02RbiJFm27wg0t/ZcfsI2o - yBjRTiK5ACJaIdpM99/902gJsuJASPGB2QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - soundflower = rec { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.69.184"; - aliases = [ - "soundflower.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0a0oenAy9MDa2M6NoLtB8elduGgc3oLtUwsm3iUu6w8L+Je5TndN - H8dPn3sByUk1Jkd8tGGRk/vSFj/mtUn7xXKCnFXfKDqVowu/0KS3Q+6o4mcoATeb - Ax7e6Cz1YH5+qhQjR7apuase9X9Dzp56//5VW2gaScvWevvzrij2x7eNvJRF+W/l - FDXc8zBPkFW5TLFHOizRoLl4mK1hz2NrUiqcq5Ghs2yPsFxl/o5+e2MOwtdI49T6 - lMkeshAeNOSMKYfP9nmHZoKI/MIpGak0EF3ZQtLvyv+tM2Q0nuwH3RvxlK/Xf6U+ - 8SoQu4yRIeK+pMiLEHhFPzBpk+sblUlG7QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - falk = rec { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.120.19"; - aliases = [ - "falk.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+ - 4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA - 9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI - 2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9 - 0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb - FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB - -----END RSA PUBLIC KEY----- - ''; }; }; }; @@ -858,91 +278,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.189.130"; - aliases = [ - "filebitch.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d - fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs - e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1 - KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99 - oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf - wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - bridge = rec { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.26.29"; - aliases = [ - "excobridge.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEApeeMSYMuXg4o/fNHnG2ftp2WskZLrt63zhRag7U1HqYUnuPqY60d - VVy9MBTawm6N02nC2Svm3V07ZXaRp/XsXQLx+evZcDjPjnDYgl2ZGX0ir5Cn50bm - UzhJiMW6/J7AYvucgeAaVJ0YmIwRw6ndYGcxmXWi4TK0jSzhuSLgookWM6iJfbdB - oaYsjiXisEvNxt7rBlCfacaHMlPhz3gr1gc4IDCwF+RAMM29NUN3OinI+/f56d7b - /hLZWbimiwtvGVsGLiA2EIcfxQ7aD/LINu+XXMaq7f8QByXj/Lzi7456tDi3pdJg - lyg9yqRJYt4Zle5PVejn08qiofTUmlEhnwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - horisa = rec { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.226.213"; - aliases = [ - "horisa.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA1hhBqCku98gimv0yXr6DFwE2HUemigyqX8o7IsPOW5XT/K8o+V40 - Oxk3r0+c7IYREvug/raxoullf5TMJFzTzqzX4njgsiTs25V8D7hVT4jcRKTcXmBn - XpjtD+tIeDW1E6dIMMDbxKCyfd/qaeg83G7gPobeFYr4JNqQLXrnotlWMO9S13UT - +EgSP2pixv/dGIqX8WRg23YumO8jZKbso/sKKFMIEOJvnh/5EcWb24+q2sDRCitP - sWJ5j/9M1Naec/Zl27Ac2HyMWRk39F9Oo+iSbc47QvjKTEmn37P4bBg3hY9FSSFo - M90wG/NRbw1Voz6BgGlwOAoA+Ln0rVKqDQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - tahoe = rec { - cores = 1; - nets = { - internet = { - ip4.addr = "148.251.47.69"; - aliases = [ - "wooki.i" - ]; - }; - retiolum = { - ip4.addr = "10.243.57.85"; - aliases = [ - "wooki.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAx6R+CuJu4Bql+DgGPpE7wI+iasRY6ltxW0/L04uW9XiOKiEjx66y - QMMaW18bcb0SOfTE8qYo8pOsZ5E9FFPY6cKH4DGi8g1FpaODle9V8RrVg3F7RuZ8 - dXDXeZxvYvJ2LwPBvlr1aisqJqgxAwF2ipPPX97rAYbp46a/vkgU5bPF1OFlTDaH - 9jjThuidiEwY4EMtJGKisnTGx8yS5iQibDMqzrcRpCxCLcl68FgFNKCTtSIj1mo6 - hgO1ZKmHw73ysmrL2tImmalHYcqDJnq/KInG2ZkCZI/2ZqfJyrRSTk86t5ubfD6p - egC5N0Y5dQHJd66AytNwXxymiAcWuYth9QIDAQAB - -----END RSA PUBLIC KEY----- - ''; }; }; }; @@ -952,43 +287,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.163"; - aliases = [ - "senderechner.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7 - lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X - rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL - inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT - BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO - OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - tcac-0-1 = rec { - cores = 1; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1 - "; - nets = { - retiolum = { - ip4.addr = "10.243.144.142"; - aliases = [ - "tcac-0-1.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j - 7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs - zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO - Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs - QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl - HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB - -----END RSA PUBLIC KEY----- - ''; }; }; }; diff --git a/krebs/3modules/makefu/retiolum/cake.pub b/krebs/3modules/makefu/retiolum/cake.pub new file mode 100644 index 000000000..8a1e4b933 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/cake.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu +jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+ +MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq +6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7 +36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP +MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/crapi.pub b/krebs/3modules/makefu/retiolum/crapi.pub new file mode 100644 index 000000000..2b6104468 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/crapi.pub @@ -0,0 +1,9 @@ +Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66 +OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L +R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk +OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME +di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl +bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/filebitch.pub b/krebs/3modules/makefu/retiolum/filebitch.pub new file mode 100644 index 000000000..fe31accda --- /dev/null +++ b/krebs/3modules/makefu/retiolum/filebitch.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d +fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs +e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1 +KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99 +oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf +wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/fileleech.pub b/krebs/3modules/makefu/retiolum/fileleech.pub new file mode 100644 index 000000000..1dc6a5b1f --- /dev/null +++ b/krebs/3modules/makefu/retiolum/fileleech.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF +8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K +YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait +nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z +e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V +UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/filepimp.pub b/krebs/3modules/makefu/retiolum/filepimp.pub new file mode 100644 index 000000000..007806230 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/filepimp.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg +3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS +wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR +oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X +UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB +8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/firecracker.pub b/krebs/3modules/makefu/retiolum/firecracker.pub new file mode 100644 index 000000000..6f7907829 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/firecracker.pub @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuZaPnN4pQVpKWKG1Yylx +JghzOphuQMuzstedqKFo3MTUtgra27ul8IyqljJxVH+hnpObhDwzYS3Zz1BAp/WF +SFAslLbpPEG7UrwmvZHa3jqE4m/uIMtgYK65iIfB8bs17lkvRchfTfzTvwdtPSkM +zbgjq4HttI2aMoNggadfMSGdzv7hEhxFpRBAiXxJHOFTNa//ov/DehrW88blYQ3l +lSS2ZR+WHNVYfRPvfejDnstGenNCJXkpMYPe5YD9CZa0sy639ejTGs+nluU5+uId +lp+0QW5i8E3JvZDiIu9NF9cT+GZhKcgWyvwoA/yRFqRVWHUcK7w8MN1hmbExXFub +pS3GW2/f50USjT2jvK6zg2/KzTio2yEfd/FpQwTmyzAUJbwBkJNyD1YmFGv54tWS +/xDyn3+OsKT4VztfTPrH59MVZZd12WMavB3Y0VIEkVHhrK2BNIoMuJ9e96VDFZ14 +9N6ouRAchIydQweESiBzHr0DUXeZO1jNLlNM0q8+aaS/bONkiFzRrKkYnbqB6ION +Ln6pg+5NtrZ/Cb7/UWwSNeooiiOnjzVLsZv3mEzt3IjcJO5iW3IOZhT29S9E3CwG +0rqK7CiByJJXPB/LqwKZdN3WtZgCfPJ48abmzobHhEKTsVG230G4jMF/dLpV3sZT +tIsbd9vYVSSP0Rg/K4hmsOMCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/flap.pub b/krebs/3modules/makefu/retiolum/flap.pub new file mode 100644 index 000000000..8906e659b --- /dev/null +++ b/krebs/3modules/makefu/retiolum/flap.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy +2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM +8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn +3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL +hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr +Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/gum.pub b/krebs/3modules/makefu/retiolum/gum.pub new file mode 100644 index 000000000..73f8563d0 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/gum.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY +BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 +i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 +09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS +u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa +OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/nukular.pub b/krebs/3modules/makefu/retiolum/nukular.pub new file mode 100644 index 000000000..eb5891b1b --- /dev/null +++ b/krebs/3modules/makefu/retiolum/nukular.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/ +gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97 +gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP +H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4 +tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P +meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/omo.pub b/krebs/3modules/makefu/retiolum/omo.pub new file mode 100644 index 000000000..ce558d10a --- /dev/null +++ b/krebs/3modules/makefu/retiolum/omo.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM +ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn +sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm +s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6 +GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6 +5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/sdev.pub b/krebs/3modules/makefu/retiolum/sdev.pub new file mode 100644 index 000000000..be500bbab --- /dev/null +++ b/krebs/3modules/makefu/retiolum/sdev.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA8BwHwQ4pLZpskVnQONJsmzRPll4ZKMjAC56sY5p+GfT9ZBMkVDn+ +LeH9wuTRiX/ehgtBiyu8w37cz62hz/71H+3mnWJlTm9bbBTc5N0y8l9b+YYeExW4 +XPm4bUbJWKNRG9tHQAns/OREYDsHLsY6UoyNFmB0wTDpgs7egDCoe7E2eT+pG428 +ysCDYlaZaigOyW+bj/HFLj8FSfpF5C/ug7NE/D7QocadsRUiLtVYrJsfmT+KHWf+ +f5rLWLvuFiz1SWf7wZ9sICF3RCaC9Qhz7zplgHbvwbOHtF+Z/6DxduRMkggZUsUD +nm+40Ex1XJTe+s4V4GKLgh/fDKBTS6JwewIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/senderechner.pub b/krebs/3modules/makefu/retiolum/senderechner.pub new file mode 100644 index 000000000..a6cbabc28 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/senderechner.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7 +lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X +rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL +inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT +BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO +OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/studio.pub b/krebs/3modules/makefu/retiolum/studio.pub new file mode 100644 index 000000000..b8fe8ee23 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/studio.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti +cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk +GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI +jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1 +78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu +8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/tsp.pub b/krebs/3modules/makefu/retiolum/tsp.pub new file mode 100644 index 000000000..48533da58 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/tsp.pub @@ -0,0 +1,13 @@ +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi +HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3 +mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+ +n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG +R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr +Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi +aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo +ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE +KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v +XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ +teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/wbob.pub b/krebs/3modules/makefu/retiolum/wbob.pub new file mode 100644 index 000000000..8abfa34d4 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/wbob.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e +QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal +cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8 +khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs +rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9 +TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/x.pub b/krebs/3modules/makefu/retiolum/x.pub new file mode 100644 index 000000000..da6482eed --- /dev/null +++ b/krebs/3modules/makefu/retiolum/x.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG +RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA +kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD +JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2 +2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf ++h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/sshd/cake.pub b/krebs/3modules/makefu/sshd/cake.pub new file mode 100644 index 000000000..8eab57ab7 --- /dev/null +++ b/krebs/3modules/makefu/sshd/cake.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake diff --git a/krebs/3modules/makefu/sshd/crapi.pub b/krebs/3modules/makefu/sshd/crapi.pub new file mode 100644 index 000000000..5361111a5 --- /dev/null +++ b/krebs/3modules/makefu/sshd/crapi.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi diff --git a/krebs/3modules/makefu/sshd/fileleech.pub b/krebs/3modules/makefu/sshd/fileleech.pub new file mode 100644 index 000000000..22a3c7534 --- /dev/null +++ b/krebs/3modules/makefu/sshd/fileleech.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech diff --git a/krebs/3modules/makefu/sshd/firecracker.pub b/krebs/3modules/makefu/sshd/firecracker.pub new file mode 100644 index 000000000..8e9ef5a37 --- /dev/null +++ b/krebs/3modules/makefu/sshd/firecracker.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGk+QqJEPoBNP9KbPiivCI5YJ9psAKnujRrUL4bNqxwe firecracker diff --git a/krebs/3modules/makefu/sshd/gum.pub b/krebs/3modules/makefu/sshd/gum.pub new file mode 100644 index 000000000..c79e3cbee --- /dev/null +++ b/krebs/3modules/makefu/sshd/gum.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum diff --git a/krebs/3modules/makefu/sshd/omo.pub b/krebs/3modules/makefu/sshd/omo.pub new file mode 100644 index 000000000..63bbbc709 --- /dev/null +++ b/krebs/3modules/makefu/sshd/omo.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH diff --git a/krebs/3modules/makefu/sshd/sdev.pub b/krebs/3modules/makefu/sshd/sdev.pub new file mode 100644 index 000000000..972e9b6d4 --- /dev/null +++ b/krebs/3modules/makefu/sshd/sdev.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev diff --git a/krebs/3modules/makefu/sshd/studio.pub b/krebs/3modules/makefu/sshd/studio.pub new file mode 100644 index 000000000..be5a4e6d3 --- /dev/null +++ b/krebs/3modules/makefu/sshd/studio.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio diff --git a/krebs/3modules/makefu/sshd/wbob.pub b/krebs/3modules/makefu/sshd/wbob.pub new file mode 100644 index 000000000..8b1789f21 --- /dev/null +++ b/krebs/3modules/makefu/sshd/wbob.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr diff --git a/krebs/3modules/makefu/sshd/x.pub b/krebs/3modules/makefu/sshd/x.pub new file mode 100644 index 000000000..085f7f490 --- /dev/null +++ b/krebs/3modules/makefu/sshd/x.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x diff --git a/krebs/3modules/makefu/wiregrill/gum.pub b/krebs/3modules/makefu/wiregrill/gum.pub new file mode 100644 index 000000000..4a5f666cc --- /dev/null +++ b/krebs/3modules/makefu/wiregrill/gum.pub @@ -0,0 +1 @@ +yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo= diff --git a/krebs/3modules/makefu/wiregrill/x.pub b/krebs/3modules/makefu/wiregrill/x.pub new file mode 100644 index 000000000..cfa9eb254 --- /dev/null +++ b/krebs/3modules/makefu/wiregrill/x.pub @@ -0,0 +1 @@ +fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g= diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix index f405482de..78f2b8ebd 100644 --- a/krebs/3modules/power-action.nix +++ b/krebs/3modules/power-action.nix @@ -1,7 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; - +with lib; let cfg = config.krebs.power-action; diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix new file mode 100644 index 000000000..bfbac1db9 --- /dev/null +++ b/krebs/3modules/syncthing.nix @@ -0,0 +1,161 @@ +{ config, pkgs, ... }: with import <stockholm/lib>; + +let + + cfg = config.krebs.syncthing; + + devices = mapAttrsToList (name: peer: { + name = name; + deviceID = peer.id; + addresses = peer.addresses; + }) cfg.peers; + + folders = map (folder: { + inherit (folder) path id type; + devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers; + rescanIntervalS = folder.rescanInterval; + fsWatcherEnabled = folder.watch; + fsWatcherDelayS = folder.watchDelay; + ignorePerms = folder.ignorePerms; + }) cfg.folders; + + getApiKey = pkgs.writeDash "getAPIKey" '' + ${pkgs.libxml2}/bin/xmllint \ + --xpath 'string(configuration/gui/apikey)'\ + ${config.services.syncthing.dataDir}/config.xml + ''; + + updateConfig = pkgs.writeDash "merge-syncthing-config" '' + set -efu + # wait for service to restart + ${pkgs.untilport}/bin/untilport localhost 8384 + API_KEY=$(${getApiKey}) + CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config) + echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * { + "devices": ${builtins.toJSON devices}, + "folders": ${builtins.toJSON folders} + }' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @- + ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST + ''; + +in + +{ + options.krebs.syncthing = { + + enable = mkEnableOption "syncthing-init"; + + id = mkOption { + type = types.str; + default = config.krebs.build.host.name; + }; + + cert = mkOption { + type = types.nullOr types.absolute-pathname; + default = null; + }; + + key = mkOption { + type = types.nullOr types.absolute-pathname; + default = null; + }; + + peers = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ + options = { + + # TODO make into addr + port submodule + addresses = mkOption { + type = types.listOf types.str; + default = []; + }; + + #TODO check + id = mkOption { + type = types.str; + }; + + }; + })); + }; + + folders = mkOption { + default = []; + type = types.listOf (types.submodule ({ config, ... }: { + options = { + + path = mkOption { + type = types.absolute-pathname; + }; + + id = mkOption { + type = types.str; + default = config.path; + }; + + peers = mkOption { + type = types.listOf types.str; + default = []; + }; + + rescanInterval = mkOption { + type = types.int; + default = 3600; + }; + + type = mkOption { + type = types.enum [ "sendreceive" "sendonly" "receiveonly" ]; + default = "sendreceive"; + }; + + watch = mkOption { + type = types.bool; + default = true; + }; + + watchDelay = mkOption { + type = types.int; + default = 10; + }; + + ignorePerms = mkOption { + type = types.bool; + default = true; + }; + + }; + })); + }; + }; + + config = (mkIf cfg.enable) { + + systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) { + preStart = '' + ${optionalString (cfg.cert != null) '' + cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem + chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem + chmod 400 ${config.services.syncthing.dataDir}/cert.pem + ''} + ${optionalString (cfg.key != null) '' + cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem + chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem + chmod 400 ${config.services.syncthing.dataDir}/key.pem + ''} + ''; + }; + + systemd.services.syncthing-init = { + after = [ "syncthing.service" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + User = config.services.syncthing.user; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = updateConfig; + }; + }; + }; +} diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix index f730cc72b..c35706ebf 100644 --- a/krebs/5pkgs/haskell/blessings.nix +++ b/krebs/5pkgs/haskell/blessings.nix @@ -10,6 +10,10 @@ with import <stockholm/lib>; version = "2.2.0"; sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; }; + "19.03" = { + version = "2.2.0"; + sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; + }; }.${versions.majorMinor nixpkgsVersion}; in mkDerivation { diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix index 4049168c1..6689f1d2c 100644 --- a/krebs/5pkgs/haskell/email-header.nix +++ b/krebs/5pkgs/haskell/email-header.nix @@ -15,6 +15,11 @@ with import <stockholm/lib>; rev = "refs/tags/v${cfg.version}"; sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; }; + "19.03" = { + version = "0.4.1-tv1"; + rev = "refs/tags/v${cfg.version}"; + sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; + }; }.${versions.majorMinor nixpkgsVersion}; in mkDerivation { diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 2fd2839b9..de6403bd0 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "b01a89d58f117c485f16c97a388da6227d8f0103", - "date": "2019-02-08T10:50:49+01:00", - "sha256": "1s2jdfvqjviiiq897sd6fkmc8ffyca7agmxynp4w873rfjdz10yi", + "rev": "5c52b25283a6cccca443ffb7a358de6fe14b4a81", + "date": "2019-04-09T21:48:56+02:00", + "sha256": "0fhbl6bgabhi1sw1lrs64i0hibmmppy1bh256lq8hxy3a2p1haip", "fetchSubmodules": false } diff --git a/krebs/update-channel.sh b/krebs/update-channel.sh index 7f24cd31a..08354357a 100755 --- a/krebs/update-channel.sh +++ b/krebs/update-channel.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs-channels \ - --rev refs/heads/nixos-18.09' \ + --rev refs/heads/nixos-19.03' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index a84bb37f6..a287f548b 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -8,21 +8,29 @@ with import <stockholm/lib>; <stockholm/lass/2configs/exim-retiolum.nix> <stockholm/lass/2configs/blue.nix> + <stockholm/lass/2configs/syncthing.nix> ]; krebs.build.host = config.krebs.hosts.blue; + krebs.syncthing.folders = [ + { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + ]; + environment.shellAliases = { deploy = pkgs.writeDash "deploy" '' set -eu export SYSTEM="$1" - $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) + $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; }; networking.nameservers = [ "1.1.1.1" ]; - lass.restic = genAttrs [ + services.restic.backups = genAttrs [ "daedalus" "icarus" "littleT" @@ -30,20 +38,19 @@ with import <stockholm/lib>; "shodan" "skynet" ] (dest: { - dirs = [ - "/home/" - "/var/lib" + initialize = true; + extraOptions = [ + "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" ]; + repository = "sftp:backup@${dest}.r:/backups/blue"; passwordFile = (toString <secrets>) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/blue"; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" + timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; + paths = [ + "/home/" + "/var/lib" ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; }); + time.timeZone = "Europe/Berlin"; users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ]; } diff --git a/lass/1systems/blue/physical.nix b/lass/1systems/blue/physical.nix index 7499ff723..b6aa3a894 100644 --- a/lass/1systems/blue/physical.nix +++ b/lass/1systems/blue/physical.nix @@ -4,5 +4,4 @@ ]; boot.isContainer = true; networking.useDHCP = false; - environment.variables.NIX_REMOTE = "daemon"; } diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index a52771a4d..21f3a8bd5 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,20 +1,14 @@ { lib, pkgs, ... }: { nixpkgs = lib.mkForce { - derivation = let - rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; - sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; - in '' - with import (builtins.fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; - sha256 = "${sha256}"; - }) {}; - pkgs.fetchFromGitHub { + file = { + path = toString (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs"; - rev = "${rev}"; - sha256 = "${sha256}"; - } - ''; + rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; + sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; + }); + useChecksum = true; + }; }; } diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix index 33a0cb473..d10ced7da 100644 --- a/lass/1systems/daedalus/physical.nix +++ b/lass/1systems/daedalus/physical.nix @@ -11,6 +11,10 @@ fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; + "/backups" = { + device = "/dev/pool/backup"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix new file mode 100644 index 000000000..6ae157e38 --- /dev/null +++ b/lass/1systems/green/config.nix @@ -0,0 +1,28 @@ +with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/mail.nix> + + #<stockholm/lass/2configs/blue.nix> + <stockholm/lass/2configs/syncthing.nix> + ]; + + krebs.build.host = config.krebs.hosts.green; + + krebs.syncthing.folders = [ + { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + ]; + + + #networking.nameservers = [ "1.1.1.1" ]; + + #time.timeZone = "Europe/Berlin"; +} diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix new file mode 100644 index 000000000..b6aa3a894 --- /dev/null +++ b/lass/1systems/green/physical.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = false; +} diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix new file mode 100644 index 000000000..21f3a8bd5 --- /dev/null +++ b/lass/1systems/green/source.nix @@ -0,0 +1,14 @@ +{ lib, pkgs, ... }: +{ + nixpkgs = lib.mkForce { + file = { + path = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; + sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; + }); + useChecksum = true; + }; + }; +} diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index d2d4bd3eb..06b1e7366 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -17,6 +17,9 @@ <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/wine.nix> <stockholm/lass/2configs/blue-host.nix> + <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/nfs-dl.nix> + <stockholm/lass/2configs/prism-share.nix> ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix index 6cc77a47d..d764dabc1 100644 --- a/lass/1systems/icarus/physical.nix +++ b/lass/1systems/icarus/physical.nix @@ -17,4 +17,6 @@ SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; + + services.thinkfan.enable = true; } diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index 7fe143c3c..eee23ee60 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -7,6 +7,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/blue-host.nix> + <stockholm/lass/2configs/syncthing.nix> ]; networking.networkmanager.enable = true; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index f35ebff56..fa5fb5518 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -36,7 +36,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/network-manager.nix> <stockholm/lass/2configs/nfs-dl.nix> - <stockholm/lass/2configs/hardening.nix> + #<stockholm/lass/2configs/hardening.nix> { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain @@ -49,6 +49,16 @@ with import <stockholm/lib>; ]; } { + krebs.syncthing.folders = [ + { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } + ]; + } + { lass.umts = { enable = true; modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09"; diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix index 680dc9bde..25425f146 100644 --- a/lass/1systems/mors/physical.nix +++ b/lass/1systems/mors/physical.nix @@ -15,6 +15,10 @@ device = "/dev/mapper/pool-virtual"; fsType = "ext4"; }; + "/backups" = { + device = "/dev/pool/backup"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 23746d210..b3b7ac0df 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -109,25 +109,6 @@ with import <stockholm/lib>; localAddress = "10.233.2.2"; }; } - { - #onondaga - systemd.services."container@onondaga".reloadIfChanged = mkForce false; - containers.onondaga = { - config = { ... }: { - imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.5"; - localAddress = "10.233.2.6"; - }; - } <stockholm/lass/2configs/exim-smarthost.nix> <stockholm/lass/2configs/ts3.nix> <stockholm/lass/2configs/privoxy-retiolum.nix> @@ -139,7 +120,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/reaktor-coders.nix> <stockholm/lass/2configs/ciko.nix> <stockholm/lass/2configs/container-networking.nix> - <stockholm/lass/2configs/monitoring/prometheus-server.nix> { # quasi bepasty.nix imports = [ <stockholm/lass/2configs/bepasty.nix> @@ -286,6 +266,7 @@ with import <stockholm/lib>; "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbsRjUwOMnxAt/K6A2M/33PbwQCEYVfqfmkXBwkw/L+ZLCnVxfdxJ79ds1k6kyUVcxfHcvxGvUCcM0wr4T7aaP79fsfSf3lcOgySeAtkQjfQL+IdMk0FQVz612cTPg2uWhMFvHGkGSBvSbKNw72RnUaw9qlF8fBx22FozrlmnbY4APTXeqwiF0VeBMq8qr4H9NdIoIFIcq398jn/Na8gYLUfmuDw18AWCt+u7Eg0B/qIU0hi/gK40Lk9+g8Nn19SCad1YOgNDG7aNpEwgT7I7BNXC5oLD31QKKuXmBa/mCLqRLAGW2sJ2ZhBR4tPLMgNrxtn2jxzVVjY+v3bWQnPocB9H9PsdtdNrULLfeJ4y9a3p3kfOzOgYMrnPAjasrkiIyOBBNEFAn/bbvpH01glbF8tVMcPOSD+W89oxTBEgqk6w34QAfySDMW34dIUHeq82v+X0wN9SK6xbBRBsjSpAC4ZcNyzl1JLIMcdZ5mbQXakD3kzDFs5kfjxlkrp3S5gqiSmCp5w/osykjxSH6wnPPCcgzpCBNGRULKw5vbzDSnLAQ3nSYB9tIj4Hp62XymsxVnY+6MsVVy206BYAXrKJomK7sIeLL2wIMYNnAUdSBjqQ5IEE2m+5+YaK0NMNsk2munNrN96ZE3r5xe/BDqfaLMpPfosOTXBtT7tLMlV6zkQ== palo@workout" ]; } { @@ -386,6 +367,7 @@ with import <stockholm/lib>; lass-icarus.pubkey lass-daedalus.pubkey lass-helios.pubkey + lass-android.pubkey makefu.pubkey wine-mors.pubkey ]; diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix index 7499ff723..b6aa3a894 100644 --- a/lass/1systems/red/physical.nix +++ b/lass/1systems/red/physical.nix @@ -4,5 +4,4 @@ ]; boot.isContainer = true; networking.useDHCP = false; - environment.variables.NIX_REMOTE = "daemon"; } diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 4a550d0a4..41508127c 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -38,6 +38,10 @@ device = "/dev/pool/bku"; fsType = "btrfs"; }; + "/backups" = { + device = "/dev/pool/backup"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 4b806af7b..0bf3e6b4d 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -7,6 +7,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/power-action.nix> + <stockholm/lass/2configs/syncthing.nix> { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 9d8bcd7be..8b3b2814f 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -11,7 +11,8 @@ with import <stockholm/lib>; system.activationScripts.downloadFolder = '' mkdir -p /var/download - chown download:download /var/download + chown transmission:download /var/download + chown transmission:download /var/download/finished chmod 775 /var/download ''; @@ -43,7 +44,7 @@ with import <stockholm/lib>; fancyindex ]; }; - virtualHosts."dl" = { + virtualHosts.default = { default = true; locations."/Nginx-Fancyindex-Theme-dark" = { extraConfig = '' diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix index 7499ff723..b6aa3a894 100644 --- a/lass/1systems/yellow/physical.nix +++ b/lass/1systems/yellow/physical.nix @@ -4,5 +4,4 @@ ]; boot.isContainer = true; networking.useDHCP = false; - environment.variables.NIX_REMOTE = "daemon"; } diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix index d23cf9a43..94272fdb0 100644 --- a/lass/2configs/backup.nix +++ b/lass/2configs/backup.nix @@ -2,19 +2,11 @@ with import <stockholm/lib>; { - fileSystems = { - "/backups" = { - device = "/dev/pool/backup"; - fsType = "ext4"; - }; - }; users.users.backup = { useDefaultShell = true; home = "/backups"; createHome = true; openssh.authorizedKeys.keys = with config.krebs.hosts; [ - mors.ssh.pubkey - prism.ssh.pubkey blue.ssh.pubkey ]; }; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1d2d1173d..26d6622ae 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -79,6 +79,7 @@ in { taskwarrior termite xclip + xephyrify xorg.xbacklight xorg.xhost xsel diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index cdd77e847..aad8411b1 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -23,8 +23,8 @@ with (import <stockholm/lib>); krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";} - { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";} - { predicate = "-i wiregrill -p tcp --dport 9999"; target = "ACCEPT";} + { predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";} + { predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";} ]; systemd.services.chat = let diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 2547e8bac..972b4760a 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -4,10 +4,10 @@ with import <stockholm/lib>; imports = [ <stockholm/krebs/2configs/nscd-fix.nix> ./binary-cache/client.nix + ./backup.nix ./gc.nix ./mc.nix ./vim.nix - ./monitoring/node-exporter.nix ./zsh.nix ./htop.nix ./security-workarounds.nix @@ -42,8 +42,6 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey - config.krebs.users.lass-shodan.pubkey - config.krebs.users.lass-icarus.pubkey ]; }; }; @@ -211,6 +209,7 @@ with import <stockholm/lib>; { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } { predicate = "-i retiolum -p udp -m udp --dport 53"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 19999"; target = "ACCEPT"; } ]; }; }; @@ -218,4 +217,7 @@ with import <stockholm/lib>; networking.dhcpcd.extraConfig = '' noipv4ll ''; + services.netdata = { + enable = true; + }; } diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 555295422..aec59261c 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -97,6 +97,9 @@ with import <stockholm/lib>; { from = "csv-direct@lassul.us"; to = lass.mail; } { from = "nintendo@lassul.us"; to = lass.mail; } { from = "overleaf@lassul.us"; to = lass.mail; } + { from = "box@lassul.us"; to = lass.mail; } + { from = "paloalto@lassul.us"; to = lass.mail; } + { from = "subtitles@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 52d380b7c..0803846aa 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -60,7 +60,10 @@ let paypal = [ "to:paypal@lassul.us" ]; ptl = [ "to:ptl@posttenebraslab.ch" ]; retiolum = [ "to:lass@mors.r" ]; - security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ]; + security = [ + "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" + "to:security-announce@lists.apple.com" + ]; shack = [ "to:shackspace.de" ]; steam = [ "to:steam@lassul.us" ]; tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ]; @@ -225,6 +228,7 @@ in { msmtp mutt pkgs.notmuch + pkgs.muchsync pkgs.haskellPackages.much tag-new-mails tag-old-mails diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix deleted file mode 100644 index 561e3a25c..000000000 --- a/lass/2configs/monitoring/node-exporter.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; } - { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; } - ]; - services.prometheus.exporters = { - node = { - enable = true; - enabledCollectors = [ - "systemd" - ]; - }; - }; -} diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix deleted file mode 100644 index b7083c776..000000000 --- a/lass/2configs/monitoring/prometheus-server.nix +++ /dev/null @@ -1,217 +0,0 @@ -{ pkgs, lib, config, ... }: -{ - #networking = { - # firewall.allowedTCPPorts = [ - # 3000 # grafana - # 9090 # prometheus - # 9093 # alertmanager - # ]; - # useDHCP = true; - #}; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; } - ]; - - services = { - prometheus = { - enable = true; - extraFlags = [ - "-storage.local.retention 8760h" - "-storage.local.series-file-shrink-ratio 0.3" - "-storage.local.memory-chunks 2097152" - "-storage.local.max-chunks-to-persist 1048576" - "-storage.local.index-cache-size.fingerprint-to-metric 2097152" - "-storage.local.index-cache-size.fingerprint-to-timerange 1048576" - "-storage.local.index-cache-size.label-name-to-label-values 2097152" - "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040" - ]; - alertmanagerURL = [ "http://localhost:9093" ]; - rules = [ - '' - ALERT node_down - IF up == 0 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Node is down.", - description = "{{$labels.alias}} has been down for more than 5 minutes." - } - ALERT node_systemd_service_failed - IF node_systemd_unit_state{state="failed"} == 1 - FOR 4m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.", - description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}." - } - ALERT node_filesystem_full_90percent - IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Filesystem is running out of space soon.", - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem." - } - ALERT node_filesystem_full_in_4h - IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.", - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours" - } - ALERT node_filedescriptors_full_in_3h - IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum - FOR 20m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.", - description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours" - } - ALERT node_load1_90percent - IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9 - FOR 1h - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Running on high load.", - description = "{{$labels.alias}} is running with > 90% total load for at least 1h." - } - ALERT node_cpu_util_90percent - IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90 - FOR 1h - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: High CPU utilization.", - description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h." - } - ALERT node_ram_using_90percent - IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1 - FOR 30m - LABELS { - severity="page" - } - ANNOTATIONS { - summary="{{$labels.alias}}: Using lots of RAM.", - description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.", - } - ALERT node_swap_using_80percent - IF node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached) > node_memory_SwapTotal * 0.8 - FOR 10m - LABELS { - severity="page" - } - ANNOTATIONS { - summary="{{$labels.alias}}: Running out of swap soon.", - description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now." - } - '' - ]; - scrapeConfigs = [ - { - job_name = "node"; - scrape_interval = "10s"; - static_configs = [ - { - targets = [ - ] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts)); - #labels = { - # alias = "prometheus.example.com"; - #}; - } - ]; - } - ]; - alertmanager = { - enable = true; - listenAddress = "0.0.0.0"; - configuration = { - "global" = { - "smtp_smarthost" = "smtp.example.com:587"; - "smtp_from" = "alertmanager@example.com"; - }; - "route" = { - "group_by" = [ "alertname" "alias" ]; - "group_wait" = "30s"; - "group_interval" = "2m"; - "repeat_interval" = "4h"; - "receiver" = "team-admins"; - }; - "receivers" = [ - { - "name" = "team-admins"; - "email_configs" = [ - { - "to" = "devnull@example.com"; - } - ]; - "webhook_configs" = [ - { - "url" = "http://127.0.0.1:14813/prometheus-alerts"; - "send_resolved" = true; - } - ]; - } - ]; - }; - }; - }; - grafana = { - enable = true; - addr = "0.0.0.0"; - domain = "grafana.example.com"; - rootUrl = "https://grafana.example.com/"; - auth.anonymous.enable = true; - auth.anonymous.org_role = "Admin"; - }; - }; - services.logstash = { - enable = true; - inputConfig = '' - http { - port => 14813 - host => "127.0.0.1" - } - ''; - filterConfig = '' - if ([alerts]) { - ruby { - code => ' - lines = [] - event["alerts"].each {|p| - lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}" - } - event["output"] = lines.join("\n") - ' - } - } - ''; - outputConfig = '' - file { path => "/tmp/logs.json" codec => "json_lines" } - irc { - channels => [ "#noise" ] - host => "irc.r" - nick => "alarm" - codec => "json_lines" - format => "%{output}" - } - ''; - #plugins = [ ]; - }; -} diff --git a/lass/2configs/prism-share.nix b/lass/2configs/prism-share.nix new file mode 100644 index 000000000..70e616ec6 --- /dev/null +++ b/lass/2configs/prism-share.nix @@ -0,0 +1,39 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: + +{ + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 139"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 445"; target = "ACCEPT"; } + { predicate = "-p udp --dport 137"; target = "ACCEPT"; } + { predicate = "-p udp --dport 138"; target = "ACCEPT"; } + ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + services.samba = { + enable = true; + enableNmbd = true; + shares = { + incoming = { + path = "/mnt/prism"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 4baec1976..7fd6a2a29 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -29,7 +29,7 @@ in { hooks.url-title { activate = "match"; - pattern = ''@([^ ]+) (.*)$''; + pattern = ''^@([^ ]+) (.*)$''; command = 1; arguments = [2]; env.HOME = config.krebs.reaktor2.coders.stateDir; @@ -66,7 +66,7 @@ in { } { activate = "match"; - pattern = ''!([^ ]+)(?:\s*(.*))?''; + pattern = ''^!([^ ]+)(?:\s*(.*))?''; command = 1; arguments = [2]; commands = { diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 17debf822..842abc195 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -3,9 +3,27 @@ with import <stockholm/lib>; { services.syncthing = { enable = true; + group = "syncthing"; }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} { predicate = "-p udp --dport 21027"; target = "ACCEPT";} ]; + krebs.syncthing = { + enable = true; + cert = toString <secrets/syncthing.cert>; + key = toString <secrets/syncthing.key>; + peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); + folders = [ + { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism"]; } + ]; + }; + + system.activationScripts.syncthing-home = '' + ${pkgs.coreutils}/bin/chmod a+x /home/lass + ''; + + lass.ensure-permissions = [ + { folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; } + ]; } diff --git a/lass/2configs/tests/dummy-secrets/syncthing.cert b/lass/2configs/tests/dummy-secrets/syncthing.cert new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/syncthing.cert diff --git a/lass/2configs/tests/dummy-secrets/syncthing.key b/lass/2configs/tests/dummy-secrets/syncthing.key new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/syncthing.key diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index cfb835d78..cd270bdf8 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -6,7 +6,6 @@ let in { #services.virtualboxHost.enable = true; virtualisation.virtualbox.host.enable = true; - nixpkgs.config.virtualbox.enableExtensionPack = true; virtualisation.virtualbox.host.enableHardening = false; users.extraUsers = { diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 7fb248139..5bd5a7cac 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -94,7 +94,7 @@ in { config = { adminpassFile = toString <secrets> + "/nextcloud_pw"; }; - #https = true; + https = true; nginx.enable = true; }; services.nginx.virtualHosts."o.xanf.org" = { @@ -234,11 +234,13 @@ in { createHome = true; }; + krebs.on-failure.plans.restic-backups-domsen = {}; services.restic.backups.domsen = { initialize = true; - extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ]; - repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; + extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ]; + repository = "sftp:efOVcMWSZ@wilhelmstr2.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; passwordFile = toString <secrets> + "/domsen_backup_pw"; + timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; paths = [ "/srv/http" "/home/domsen/Mail" diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 71a5cdda9..02d7ffc8c 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -6,8 +6,6 @@ let in { users.users= { wine = { - name = "wine"; - description = "user for running wine"; home = "/home/wine"; useDefaultShell = true; extraGroups = [ diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 76cac9f56..53106b03b 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -28,8 +28,8 @@ } zle -N down-line-or-local-history - setopt share_history - setopt hist_ignore_dups + setopt SHARE_HISTORY + setopt HIST_IGNORE_ALL_DUPS # setopt inc_append_history bindkey '^R' history-incremental-search-backward diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 613c7c8ac..59043aeb1 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -3,6 +3,7 @@ _: imports = [ ./dnsmasq.nix ./ejabberd + ./ensure-permissions.nix ./folderPerms.nix ./hosts.nix ./mysql-backup.nix diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix new file mode 100644 index 000000000..36edc1127 --- /dev/null +++ b/lass/3modules/ensure-permissions.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: with import <stockholm/lib>; + +let + + cfg = config.lass.ensure-permissions; + +in + +{ + options.lass.ensure-permissions = mkOption { + default = []; + type = types.listOf (types.submodule ({ + options = { + + folder = mkOption { + type = types.absolute-pathname; + }; + + owner = mkOption { + # TODO user type + type = types.str; + default = "root"; + }; + + group = mkOption { + # TODO group type + type = types.str; + default = "root"; + }; + + permission = mkOption { + # TODO permission type + type = types.str; + default = "u+rw,g+rw"; + }; + + }; + })); + }; + + config = mkIf (cfg != []) { + + system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: '' + ${pkgs.coreutils}/bin/mkdir -p ${plan.folder} + ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder} + ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder} + '') cfg; + systemd.services = + listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "always"; + RestartSec = 10; + ExecStart = pkgs.writeDash "ensure-perms" '' + ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \ + | while IFS= read -r FILE; do + ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null + ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null + done + ''; + }; + }) cfg) + ; + + }; +} diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix index 29c3861f2..b5c69b65a 100644 --- a/lass/3modules/screenlock.nix +++ b/lass/3modules/screenlock.nix @@ -13,15 +13,18 @@ let api = { enable = mkEnableOption "screenlock"; command = mkOption { - type = types.str; - default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1"; + type = types.path; + default = pkgs.writeDash "screenlock" '' + ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 + sleep 3 + ''; }; }; imp = { systemd.services.screenlock = { before = [ "sleep.target" ]; - wantedBy = [ "sleep.target" ]; + requiredBy = [ "sleep.target" ]; environment = { DISPLAY = ":${toString config.services.xserver.display}"; }; diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 1f2e7110e..9d6f8e00c 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -133,7 +133,7 @@ myKeyMap = , ("M4-f", floatNext True) , ("M4-b", sendMessage ToggleStruts) - , ("M4-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) ) + , ("M4-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.greedyView) ) , ("M4-S-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) ) , ("M4-C-v", withWorkspace autoXPConfig (windows . copy)) @@ -169,6 +169,7 @@ myKeyMap = , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") , ("M4-s", spawn "${pkgs.knav}/bin/knav") + , ("<Print>", spawn "${pkgs.flameshot-once}/bin/flameshot-once") --, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView)) --, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView)) @@ -220,7 +221,7 @@ gridConfig = def allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] allWorkspaceNames ws = - return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws] + return $ map W.tag (W.hidden ws ++ (map W.workspace $ W.visible ws)) ++ [W.tag $ W.workspace $ W.current ws] ''; }; } diff --git a/lass/krops.nix b/lass/krops.nix index d64454ea5..12652216a 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -11,7 +11,7 @@ {} ; - source = { test }: lib.evalSource [ + source = { test }: lib.evalSource ([ (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; @@ -24,8 +24,7 @@ }; }; } - host-source - ]; + ] ++ (lib.optional (! test) host-source)); in { diff --git a/lib/types.nix b/lib/types.nix index 45c009893..23919af38 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -86,6 +86,12 @@ rec { type = nullOr ssh-privkey; default = null; }; + + syncthing.id = mkOption { + # TODO syncthing id type + type = nullOr str; + default = null; + }; }; }); diff --git a/makefu/0tests/data/secrets/hass/adbkey b/makefu/0tests/data/secrets/hass/adbkey new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/secrets/hass/adbkey diff --git a/makefu/0tests/data/secrets/hass/router.nix b/makefu/0tests/data/secrets/hass/router.nix new file mode 100644 index 000000000..e16c76dff --- /dev/null +++ b/makefu/0tests/data/secrets/hass/router.nix @@ -0,0 +1 @@ +"" diff --git a/makefu/0tests/data/secrets/hass/telegram-bot.json b/makefu/0tests/data/secrets/hass/telegram-bot.json new file mode 100644 index 000000000..1e1857df9 --- /dev/null +++ b/makefu/0tests/data/secrets/hass/telegram-bot.json @@ -0,0 +1,5 @@ +{ + "platform": "polling", + "api_key": "1:A", + "allowed_chat_ids": [ 0, 1 ] +} diff --git a/makefu/0tests/data/secrets/id_nixBuild b/makefu/0tests/data/secrets/id_nixBuild new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/secrets/id_nixBuild diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix index e40042b2d..8617578f0 100644 --- a/makefu/1systems/cake/config.nix +++ b/makefu/1systems/cake/config.nix @@ -1,9 +1,16 @@ { config, lib, pkgs, ... }: -{ +let + primaryInterface = "eth0"; +in { imports = [ <stockholm/makefu> ./hardware-config.nix - <stockholm/makefu/2configs/tools/core.nix> + # <stockholm/makefu/2configs/tools/core.nix> + { environment.systemPackages = with pkgs;[ rsync screen curl git ];} + <stockholm/makefu/2configs/binary-cache/nixos.nix> + #<stockholm/makefu/2configs/support-nixos.nix> + <stockholm/makefu/2configs/homeautomation/default.nix> + <stockholm/makefu/2configs/homeautomation/google-muell.nix> # configure your hw: # <stockholm/makefu/2configs/save-diskspace.nix> ]; @@ -12,7 +19,7 @@ tinc.retiolum.enable = true; build.host = config.krebs.hosts.cake; }; - + networking.firewall.trustedInterfaces = [ primaryInterface ]; documentation.info.enable = false; documentation.man.enable = false; services.nixosManual.enable = false; diff --git a/makefu/1systems/crapi/config.nix b/makefu/1systems/crapi/config.nix index d96b872d5..e7c6c3666 100644 --- a/makefu/1systems/crapi/config.nix +++ b/makefu/1systems/crapi/config.nix @@ -1,46 +1,15 @@ { config, pkgs, lib, ... }: { - # :l <nixpkgs> - # builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; }) imports = [ <stockholm/makefu> + ./hardware-config.nix <stockholm/makefu/2configs> <stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/save-diskspace.nix> ]; krebs.build.host = config.krebs.hosts.crapi; - # NixOS wants to enable GRUB by default - boot.loader.grub.enable = false; - # Enables the generation of /boot/extlinux/extlinux.conf - boot.loader.generic-extlinux-compatible.enable = true; - - boot.kernelPackages = pkgs.linuxPackages_rpi; - - nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ]; - nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ]; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-label/NIXOS_BOOT"; - fsType = "vfat"; - }; - "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - }; - }; - - system.activationScripts.create-swap = '' - if [ ! -e /swapfile ]; then - fallocate -l 2G /swapfile - mkswap /swapfile - fi - ''; - swapDevices = [ { device = "/swapfile"; size = 2048; } ]; - - nix.package = lib.mkForce pkgs.nixStable; services.openssh.enable = true; } diff --git a/makefu/1systems/crapi/hardware-config.nix b/makefu/1systems/crapi/hardware-config.nix new file mode 100644 index 000000000..bba31dabd --- /dev/null +++ b/makefu/1systems/crapi/hardware-config.nix @@ -0,0 +1,39 @@ +{ pkgs, lib, ... }: +{ + #raspi1 + boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ]; + + boot.loader.grub.enable = false; + boot.loader.raspberryPi.enable = true; + boot.loader.raspberryPi.version = 1; + boot.loader.raspberryPi.uboot.enable = true; + boot.loader.raspberryPi.uboot.configurationLimit = 1; + boot.loader.generationsDir.enable = lib.mkDefault false; + hardware.enableRedistributableFirmware = true; + boot.cleanTmpDir = true; + environment.systemPackages = [ pkgs.raspberrypi-tools ]; + boot.kernelPackages = pkgs.linuxPackages_rpi; + + nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ]; + nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ]; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-label/NIXOS_BOOT"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + }; + + system.activationScripts.create-swap = '' + if [ ! -e /swapfile ]; then + fallocate -l 2G /swapfile + mkswap /swapfile + chmod 600 /swapfile + fi + ''; + swapDevices = [ { device = "/swapfile"; size = 4096; } ]; +} diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index e274b4bf8..7bc06f833 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -84,6 +84,7 @@ in { <stockholm/makefu/2configs/shack/events-publisher> <stockholm/makefu/2configs/shack/gitlab-runner> <stockholm/makefu/2configs/remote-build/slave.nix> + <stockholm/makefu/2configs/remote-build/aarch64-community.nix> <stockholm/makefu/2configs/taskd.nix> # services diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix index 542b79fe7..857fad7aa 100644 --- a/makefu/1systems/gum/hardware-config.nix +++ b/makefu/1systems/gum/hardware-config.nix @@ -41,36 +41,36 @@ in { boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.devices = [ main-disk ]; - boot.initrd.kernelModules = [ "dm-raid" ]; + boot.initrd.kernelModules = [ "dm-raid" "dm_cache" ]; boot.initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" "xhci_pci" "ehci_pci" "ahci" "sd_mod" ]; - boot.kernelModules = [ "dm-thin-pool" "kvm-intel" ]; + boot.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" "kvm-intel" ]; hardware.enableRedistributableFirmware = true; fileSystems."/" = { - device = "/dev/mapper/nixos-root"; + device = "/dev/nixos/root"; fsType = "ext4"; }; fileSystems."/var/lib" = { - device = "/dev/mapper/nixos-lib"; + device = "/dev/nixos/lib"; fsType = "ext4"; }; fileSystems."/var/log" = { - device = "/dev/mapper/nixos-log"; + device = "/dev/nixos/log"; fsType = "ext4"; }; fileSystems."/var/download" = { - device = "/dev/mapper/nixos-download"; + device = "/dev/nixos/download"; fsType = "ext4"; }; fileSystems."/var/www/binaergewitter" = { - device = "/dev/mapper/nixos-binaergewitter"; + device = "/dev/nixos/binaergewitter"; fsType = "ext4"; - options = [ "nofail" ]; + options = [ "nofail" "x-systemd.automount" "x-systemd.device-timeout=5s" "x-systemd.mount-timeout=5s" ]; }; fileSystems."/var/lib/borgbackup" = { - device = "/dev/mapper/nixos-backup"; + device = "/dev/nixos/backup"; fsType = "ext4"; }; fileSystems."/boot" = { diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 3930406b1..ab77f16dd 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -9,6 +9,7 @@ in { imports = [ # Include the results of the hardware scan. <stockholm/makefu> + <stockholm/makefu/2configs/support-nixos.nix> <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/tools/core.nix> # <stockholm/makefu/2configs/disable_v6.nix> @@ -39,7 +40,6 @@ in { <stockholm/makefu/2configs/stats/telegraf/europastats.nix> <stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/arafetch.nix> - <stockholm/makefu/2configs/deployment/led-fader.nix> <stockholm/makefu/2configs/hw/mceusb.nix> # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix> { environment.systemPackages = [ pkgs.vlc ]; } @@ -51,6 +51,7 @@ in { ]; } <stockholm/makefu/2configs/bureautomation> + <stockholm/makefu/2configs/bureautomation/led-fader.nix> <stockholm/makefu/2configs/bureautomation/mpd.nix> <stockholm/makefu/2configs/bureautomation/hass.nix> (let diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 138735d91..de55e9e89 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -15,6 +15,13 @@ <stockholm/makefu/2configs/extra-fonts.nix> <stockholm/makefu/2configs/tools/all.nix> <stockholm/makefu/2configs/dict.nix> + #<stockholm/makefu/3modules/netboot_server.nix> + #{ + # netboot_server = { + # network.wan = "wlp3s0"; + # network.lan = "enp0s25"; + # }; + #} <stockholm/makefu/2configs/backup/state.nix> # <stockholm/makefu/2configs/dnscrypt/client.nix> @@ -53,20 +60,22 @@ <stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/virtualisation/docker.nix> <stockholm/makefu/2configs/virtualisation/virtualbox.nix> - { - networking.firewall.allowedTCPPorts = [ 8080 ]; - networking.nat = { - enable = true; - externalInterface = "wlp3s0"; - internalInterfaces = [ "vboxnet0" ]; - }; - } + #{ + # networking.firewall.allowedTCPPorts = [ 8080 ]; + # networking.nat = { + # enable = true; + # externalInterface = "wlp3s0"; + # internalInterfaces = [ "vboxnet0" ]; + # }; + #} # Services <stockholm/makefu/2configs/git/brain-retiolum.nix> <stockholm/makefu/2configs/tor.nix> <stockholm/makefu/2configs/vpn/vpngate.nix> # <stockholm/makefu/2configs/buildbot-standalone.nix> <stockholm/makefu/2configs/remote-build/aarch64-community.nix> + <stockholm/makefu/2configs/remote-build/gum.nix> + { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; } # Hardware <stockholm/makefu/2configs/hw/tp-x230.nix> @@ -162,7 +171,6 @@ "/home/makefu/docs" "/home/makefu/.password-store" "/home/makefu/.secrets-pass" - "/home/makefu/autosync/Database.kdb" ]; services.syncthing.user = lib.mkForce "makefu"; diff --git a/makefu/2configs/bureautomation/automation/10h_timer.nix b/makefu/2configs/bureautomation/automation/10h_timer.nix new file mode 100644 index 000000000..dd747114e --- /dev/null +++ b/makefu/2configs/bureautomation/automation/10h_timer.nix @@ -0,0 +1,154 @@ +[ + { alias = "start Felix 10h"; + trigger = { + platform = "state"; + entity_id = [ "device_tracker.felix_phone" "device_tracker.felix_laptop" ]; + from = "not_home"; + to = "home"; + }; + condition = { + condition = "and"; + conditions = [ + { + condition = "state"; + entity_id = "timer.felix_10h"; + state = "idle"; + } + { + condition = "time"; + after = "06:00:00"; + before = "12:00:00"; + } + ]; + }; + action = [ + { service = "timer.start"; + entity_id = [ "timer.felix_10h" "timer.felix_8_30h" "timer.felix_7h" ] ; + } + { service = "homeassistant.turn_on"; + entity_id = [ + "script.buzz_red_led_fast" + "script.blitz_10s" + ]; + } + { service = "light.turn_on"; + data = { + effect = "2"; + entity_id = [ "light.status_felix" ]; + }; + } + ]; + } + + { alias = "Disable Felix timer at button press"; + trigger = { + platform = "state"; + entity_id = "binary_sensor.redbutton"; + to = "on"; + }; + condition = { + condition = "and"; + conditions = [ + { + condition = "state"; + entity_id = "timer.felix_10h"; + state = "active"; + } + { + condition = "time"; + after = "12:00:00"; + before = "22:00:00"; + } + ]; + }; + action = + [ + { + service = "timer.cancel"; + entity_id = [ "timer.felix_10h" "timer.felix_8_30h" "timer.felix_7h" ]; + } + { + service = "homeassistant.turn_on"; + entity_id = [ "script.buzz_red_led_fast" ]; + } + { + service = "homeassistant.turn_off"; + entity_id = [ "light.status_felix" ]; + } + ]; + } + + { + alias = "Genug gearbeitet Felix"; + trigger = + { + platform = "event"; + event_type = "timer.finished"; + event_data.entity_id = "timer.felix_7h"; + }; + action = + [ + { service = "light.turn_on"; + data = { + rgb_color= [0 255 0]; + # effect = "0"; + entity_id = [ "light.status_felix" ]; + }; + } + ]; + } + + { + alias = "nun aber nach hause"; + trigger = + { + platform = "event"; + event_type = "timer.finished"; + event_data.entity_id = "timer.felix_8_30h"; + }; + action = + [ + { service = "light.turn_on"; + data = { + rgb_color= [255 255 0]; + # effect = "0"; + entity_id = [ "light.status_felix" ]; + }; + } + ]; + } + + { + alias = "Zu lange Felix!"; + trigger = + { + platform = "event"; + event_type = "timer.finished"; + event_data.entity_id = "timer.felix_10h"; + }; + action = + [ + { + service = "notify.telegrambot"; + data = { + title = "Zu lange Felix!"; + message = "Du bist schon 10 Stunden auf Arbeit, geh jetzt gefälligst nach Hause!"; + }; + } + { + service = "homeassistant.turn_on"; + entity_id = [ + "script.buzz_red_led" + "script.blitz_10s" + ]; + } + { service = "light.turn_on"; + data = { + rgb_color= [255 0 0]; + effect = "0"; + entity_id = [ "light.status_felix" ]; + }; + } + ]; + } +] diff --git a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix new file mode 100644 index 000000000..c632a9e69 --- /dev/null +++ b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix @@ -0,0 +1,66 @@ +[ + { alias = "Turn on Fernseher on group home"; + trigger = { + platform = "state"; + entity_id = "group.team"; + from = "not_home"; + to = "home"; + }; + action = { + service = "homeassistant.turn_on"; + entity_id = [ + "switch.fernseher" + "switch.feuer" + ]; + }; + } + { alias = "Turn off Fernseher after last in group left"; + trigger = [ + { # trigger when movement was detected at the time + platform = "state"; + entity_id = "group.team"; + from = "home"; + to = "not_home"; + } + { # trigger at 18:00 no matter what + # to avoid 'everybody left before 18:00:00' + platform = "time"; + at = "18:00:00"; + } + ]; + action = [ + { + service = "homeassistant.turn_off"; + entity_id = [ + "switch.fernseher" + "switch.feuer" + "light.status_felix" + "light.status_daniel" + ]; + } + { + service = "notify.telegrambot"; + data = { + title = "Bureau Shutdown"; + message = "All devices are turned off due to {{ trigger.platform }} - {{ trigger }}"; + }; + } + ]; + condition = + { condition = "and"; + conditions = [ + { + condition = "time"; + before = "06:30:00"; #only turn off between 6:30 and 18:00 + after = "18:00:00"; + # weekday = [ "mon" "tue" "wed" "thu" "fri" ]; + } + { # if anybody is still there + condition = "state"; + entity_id = "group.team"; + state = "not_home"; + } + ]; + }; + } +] diff --git a/makefu/2configs/bureautomation/automation/nachtlicht.nix b/makefu/2configs/bureautomation/automation/nachtlicht.nix new file mode 100644 index 000000000..2becd4a39 --- /dev/null +++ b/makefu/2configs/bureautomation/automation/nachtlicht.nix @@ -0,0 +1,43 @@ +[ + { + alias = "Turn off Nachtlicht on sunrise"; + trigger = + { + platform = "sun"; + event = "sunrise"; + }; + action = + { + service = "homeassistant.turn_off"; + entity_id = [ "group.nachtlicht" ]; + }; + } + + { + alias = "Turn on Nachtlicht on motion and dusk"; + trigger = + { + platform = "state"; + entity_id = "binary_sensor.motion"; + to = "on"; + }; + condition = # 'when dark' + { + condition = "or"; + conditions = [ + { condition = "sun"; + after = "sunset"; + after_offset = "-00:45:00"; # on dusk + } + { condition = "sun"; + before = "sunrise"; + } + ]; + }; + action = + { + service = "homeassistant.turn_on"; + entity_id = [ "group.nachtlicht" ]; + }; + } +] diff --git a/makefu/2configs/bureautomation/binary_sensor/buttons.nix b/makefu/2configs/bureautomation/binary_sensor/buttons.nix new file mode 100644 index 000000000..e23c4a362 --- /dev/null +++ b/makefu/2configs/bureautomation/binary_sensor/buttons.nix @@ -0,0 +1,17 @@ +let + tasmota_button = name: topic: + # detects a pushbutton press from tasmota + { platform = "mqtt"; + inherit name; + state_topic = "/bam/${topic}/cmnd/POWER"; + availability_topic = "/bam/${topic}/tele/LWT"; + payload_on = "ON"; + payload_off = "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + # expire_after = "5"; #expire after 5 seconds + qos = 1; + }; +in [ + (tasmota_button "RedButton" "redbutton") +] diff --git a/makefu/2configs/bureautomation/binary_sensor/motion.nix b/makefu/2configs/bureautomation/binary_sensor/motion.nix new file mode 100644 index 000000000..ad8fab038 --- /dev/null +++ b/makefu/2configs/bureautomation/binary_sensor/motion.nix @@ -0,0 +1,12 @@ +[ + { platform = "mqtt"; + device_class = "motion"; + name = "Motion"; + state_topic = "/bam/easy2/movement/Switch"; + payload_on = "1"; + payload_off = "0"; + availability_topic = "/bam/easy2/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + } +] diff --git a/makefu/2configs/bureautomation/camera/verkehrskamera.nix b/makefu/2configs/bureautomation/camera/verkehrskamera.nix new file mode 100644 index 000000000..f2dfdcd91 --- /dev/null +++ b/makefu/2configs/bureautomation/camera/verkehrskamera.nix @@ -0,0 +1,14 @@ +[ + { name = "Baumarkt"; + platform = "generic"; + still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt + } + { name = "Autobahn Heilbronn"; + platform = "generic"; + still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ; + } + { name = "Autobahn Singen"; + platform = "generic"; + still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ; + } +] diff --git a/makefu/2configs/bureautomation/device_tracker/openwrt.nix b/makefu/2configs/bureautomation/device_tracker/openwrt.nix new file mode 100644 index 000000000..0db9821a1 --- /dev/null +++ b/makefu/2configs/bureautomation/device_tracker/openwrt.nix @@ -0,0 +1,14 @@ +[ + { platform = "luci"; + name = "router"; + host = "192.168.8.1"; + username = "root"; + password = import <secrets/hass/router.nix>; + interval_seconds = 30; # instead of 12seconds + consider_home = 300; # 5 minutes timeout + new_device_defaults = { + track_new_devices = true; + hide_if_away = false; + }; + } +] diff --git a/makefu/2configs/bureautomation/devices/users.nix b/makefu/2configs/bureautomation/devices/users.nix new file mode 100644 index 000000000..305c0ca86 --- /dev/null +++ b/makefu/2configs/bureautomation/devices/users.nix @@ -0,0 +1,17 @@ +{ + thorsten-phone = { + name = "Thorsten"; + mac = "8c:f5:a3:bc:83:a0"; + track = true; + hide_if_away = true; + }; + felix-laptop = { + name = "Felix"; + mac = "6c:88:14:b4:43:9c"; + track = true; + hide_if_away = true; + }; + # b0:e5:ed:52:ee:43 - honor8 + # 38:94:96:b0:13:c7 - android-4ef03e4f4a14b6b9 + # ac:5f:3e:cc:b8:5e - Galaxy S7 +} diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix index b70c9b030..4e5fe7b63 100644 --- a/makefu/2configs/bureautomation/hass.nix +++ b/makefu/2configs/bureautomation/hass.nix @@ -1,79 +1,9 @@ { pkgs, lib, ... }: let - tasmota_rgb = name: topic: -# LED WS2812b -# effect_state_topic: "stat/led/Scheme" -# effect_command_topic: "cmnd/led/Scheme" -# effect_value_template: "{{ value_json.Scheme }}" - { platform = "mqtt"; - inherit name; - retain = false; - qos = 1; - optimistic = false; - # state - # TODO: currently broken, will not use the custom state topic - state_topic = "/bam/${topic}/stat/POWER"; - command_topic = "/bam/${topic}/cmnd/POWER"; - availability_topic = "/bam/${topic}/tele/LWT"; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - # brightness - brightness_state_topic = "/bam/${topic}/stat/Dimmer"; - brightness_command_topic = "/bam/${topic}/cmnd/Dimmer"; - brightness_value_template = "{{ value_json.Dimmer }}"; - brightness_scale = 100; - # color - rgb_state_topic = "/bam/${topic}/stat/Color"; - rgb_command_topic = "/bam/${topic}/cmnd/Color2"; - rgb_command_mode = "hex"; - rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}"; - # effects - effect_state_topic = "/bam/${topic}/stat/Scheme"; - effect_command_topic = "/bam/${topic}/cmnd/Scheme"; - effect_value_template = "{{ value_json.Scheme }}"; - effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ]; -}; - tasmota_plug = name: topic: - { platform = "mqtt"; - inherit name; - state_topic = "/bam/${topic}/stat/POWER"; - command_topic = "/bam/${topic}/cmnd/POWER"; - availability_topic = "/bam/${topic}/tele/LWT"; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - }; - espeasy_dht22 = name: [ - { platform = "mqtt"; - name = "${name} DHT22 Temperature"; - device_class = "temperature"; - state_topic = "/bam/${name}/dht22/Temperature"; - availability_topic = "/bam/${name}/tele/LWT"; - payload_available = "Online"; - payload_not_available = "Offline"; - } - { platform = "mqtt"; - device_class = "humidity"; - name = "${name} DHT22 Humidity"; - state_topic = "/bam/${name}/dht22/Humidity"; - availability_topic = "/bam/${name}/tele/LWT"; - payload_available = "Online"; - payload_not_available = "Offline"; - }]; - espeasy_ds18 = name: - { platform = "mqtt"; - name = "${name} DS18 Temperature"; - state_topic = "/bam/${name}/ds18/Temperature"; - availability_topic = "/bam/${name}/tele/LWT"; - payload_available = "Online"; - payload_not_available = "Offline"; - }; + kodi-host = "192.168.8.11"; in { networking.firewall.allowedTCPPorts = [ 8123 ]; - + state = [ "/var/lib/hass/known_devices.yaml" ]; services.home-assistant = { enable = true; config = { @@ -104,90 +34,60 @@ in { retain = true; }; }; - switch = [ - (tasmota_plug "Bauarbeiterlampe" "plug") - (tasmota_plug "Blitzdings" "plug2") - (tasmota_plug "Fernseher" "plug3") - (tasmota_plug "Feuer" "plug4") - (tasmota_plug "Nachtlicht" "plug5") - ]; - light = [ - (tasmota_rgb "Status Felix" "status1") + switch = (import ./switch/tasmota_switch.nix) ++ + (import ./switch/rfbridge.nix); + light = (import ./light/statuslight.nix) ++ + (import ./light/buzzer.nix); + timer = { + felix_10h = { + name = "Felix 10h Timer"; + duration = "10:00:00"; + }; + felix_8_30h = { + name = "Felix 8_30h Timer"; + duration = "08:30:00"; + }; + felix_7h = { + name = "Felix 7h Timer"; + duration = "07:00:00"; + }; + }; + notify = [ + { + platform = "kodi"; + name = "wbob-kodi"; + host = kodi-host; + } + { + platform = "telegram"; + name = "telegrambot"; + chat_id = builtins.elemAt + (builtins.fromJSON (builtins.readFile + <secrets/hass/telegram-bot.json>)).allowed_chat_ids 0; + } ]; - binary_sensor = [ - { platform = "mqtt"; - device_class = "motion"; - name = "Motion"; - state_topic = "/bam/easy2/movement/Switch"; - payload_on = "1"; - payload_off = "0"; - availability_topic = "/bam/easy2/tele/LWT"; - payload_available = "Online"; - payload_not_available = "Offline"; + media_player = [ + { platform = "kodi"; + host = kodi-host; } ]; + script = (import ./script/multi_blink.nix) {inherit lib;}; + binary_sensor = + (import ./binary_sensor/buttons.nix) ++ + (import ./binary_sensor/motion.nix); + sensor = - (espeasy_dht22 "easy1") ++ - (espeasy_dht22 "easy2") ++ - [ (espeasy_ds18 "easy3" ) - { platform = "luftdaten"; - name = "Ditzingen"; - sensorid = "5341"; - monitored_conditions = [ "P1" "P2" ]; - } + (import ./sensor/espeasy.nix) ++ + ((import ./sensor/outside.nix) {inherit lib;}) ++ + (import ./sensor/influxdb.nix); + + camera = + (import ./camera/verkehrskamera.nix); + + # not yet released + #person = + # (import ./person/team.nix ); - { platform = "darksky"; - api_key = lib.removeSuffix "\n" - (builtins.readFile <secrets/hass/darksky.apikey>); - language = "de"; - monitored_conditions = [ "summary" "icon" - "nearest_storm_distance" "precip_probability" - "precip_intensity" - "temperature" # "temperature_high" "temperature_low" - "apparent_temperature" - "hourly_summary" # next 24 hours text - "humidity" - "pressure" - "uv_index" ]; - units = "si" ; - update_interval = { - days = 0; - hours = 0; - minutes = 30; - seconds = 0; - }; - } - #{ platform = "influxdb"; - # queries = [ - # { name = "mean value of feinstaub P1"; - # where = '' "node" = 'esp8266-1355142' ''; - # measurement = "feinstaub"; - # database = "telegraf"; - # field = "P1"; - # } - # { name = "mean value of feinstaub P2"; - # where = '' "node" = 'esp8266-1355142' ''; - # measurement = "feinstaub"; - # database = "telegraf"; - # field = "P2"; - # } - # ]; - #} - ]; - camera = [ - { name = "Baumarkt"; - platform = "generic"; - still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt - } - { name = "Autobahn Heilbronn"; - platform = "generic"; - still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ; - } - { name = "Autobahn Singen"; - platform = "generic"; - still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ; - } - ]; frontend = { }; http = { }; conversation = {}; @@ -195,148 +95,82 @@ in { logbook = {}; tts = [ { platform = "google";} ]; recorder = {}; + telegram_bot = [ + (builtins.fromJSON + (builtins.readFile <secrets/hass/telegram-bot.json>)) + ]; group = { default_view = { view = "yes"; entities = [ "group.sensors" + "group.camera" "group.outside" + "group.team" + "group.nachtlicht" "group.switches" - "group.automation" - "group.camera" ]; }; automation = [ - "automation.turn_off_fernseher_10_minutes_after_last_movement" - "automation.turn_off_nachtlicht_on_sunrise" - "automation.turn_on_nachtlicht_on_motion_and_dusk" ]; switches = [ "switch.bauarbeiterlampe" "switch.blitzdings" "switch.fernseher" "switch.feuer" - "switch.nachtlicht" "light.status_felix" + "light.status_daniel" + "light.buslicht" + ]; + team = [ + "device_tracker.thorsten_phone" + "device_tracker.felix_phone" + "device_tracker.ecki_tablet" + "device_tracker.daniel_phone" + "device_tracker.carsten_phone" + # "person.thorsten" + # "person.felix" + # "person.ecki" + # "person.daniel" ]; camera = [ "camera.Baumarkt" "camera.Autobahn_Heilbronn" "camera.Autobahn_Singen" ]; + nachtlicht = [ + "switch.nachtlicht_a" + "switch.nachtlicht_b" + "switch.nachtlicht_c" + "switch.nachtlicht_d" + ]; sensors = [ - "binary_sensor.motion" + "media_player.kodi" + "script.blitz_10s" + "script.buzz_red_led_fast" + "timer.felix_10h" "sensor.easy2_dht22_humidity" "sensor.easy2_dht22_temperature" + # "binary_sensor.redbutton" ]; outside = [ - "sensor.ditzingen_pm10" - "sensor.ditzingen_pm25" + # "sensor.ditzingen_pm10" + # "sensor.ditzingen_pm25" "sensor.dark_sky_temperature" "sensor.dark_sky_humidity" - "sensor.dark_sky_pressure" + # "sensor.dark_sky_pressure" "sensor.dark_sky_hourly_summary" - "sensor.dark_sky_minutely_summary" + "device_tracker.router" ]; }; # only for automation # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; - automation = [ - { alias = "Turn on Fernseher on movement"; - trigger = { - platform = "state"; - entity_id = "binary_sensor.motion"; - to = "on"; - }; - action = { - service = "homeassistant.turn_on"; - entity_id = [ - "switch.fernseher" - "switch.feuer" - "light.status_felix" - ]; - }; - } - { - alias = "Turn off Nachtlicht on sunrise"; - trigger = - { - platform = "sun"; - event = "sunrise"; - }; - action = - { - service = "homeassistant.turn_off"; - entity_id = [ "switch.nachtlicht" ]; - }; - } - { - alias = "Turn on Nachtlicht on motion and dusk"; - trigger = - { - platform = "state"; - entity_id = "binary_sensor.motion"; - to = "on"; - }; - condition = # 'when dark' - { - condition = "or"; - conditions = [ - { condition = "sun"; - after = "sunset"; - after_offset = "-00:45:00"; # on dusk - } - { condition = "sun"; - before = "sunrise"; - } - ]; - }; - action = - { - service = "homeassistant.turn_on"; - entity_id = [ "switch.nachtlicht" ]; - }; - } - { alias = "Turn off Fernseher 10 minutes after last movement"; - trigger = [ - { # trigger when movement was detected at the time - platform = "state"; - entity_id = "binary_sensor.motion"; - to = "off"; - for.minutes = 10; - } - { # trigger at 20:00 no matter what - # to avoid 'everybody left before 18:00:00' - platform = "time"; - at = "18:00:00"; - } - ]; - action = { - service = "homeassistant.turn_off"; - entity_id = [ - "switch.fernseher" - "switch.feuer" - "light.status_felix" - ]; - }; - condition = - { condition = "and"; - conditions = [ - { - condition = "time"; - before = "06:30:00"; #only turn off between 6:30 and 18:00 - after = "18:00:00"; - # weekday = [ "mon" "tue" "wed" "thu" "fri" ]; - } - { - condition = "state"; - entity_id = "binary_sensor.motion"; - state = "off"; - } - ]; - }; - } - ]; + # we don't use imports because the expressions do not merge in + # home-assistant + automation = (import ./automation/bureau-shutdown.nix) ++ + (import ./automation/nachtlicht.nix) ++ + (import ./automation/10h_timer.nix); + device_tracker = (import ./device_tracker/openwrt.nix ); }; }; } diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/bureautomation/led-fader.nix index d34b66125..d7f728534 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/bureautomation/led-fader.nix @@ -14,7 +14,7 @@ in { serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2"; - ExecStart = "${pkg}/bin/ampel 4"; + ExecStart = "${pkg}/bin/ampel"; Restart = "always"; RestartSec = 10; PrivateTmp = true; diff --git a/makefu/2configs/bureautomation/light/buzzer.nix b/makefu/2configs/bureautomation/light/buzzer.nix new file mode 100644 index 000000000..2067e47bf --- /dev/null +++ b/makefu/2configs/bureautomation/light/buzzer.nix @@ -0,0 +1,28 @@ +let + tasmota_pwm = name: topic: pwmid: max: + let + id = "PWM${toString pwmid}"; + in { platform = "mqtt"; + inherit name; + state_topic = "/bam/${topic}/stat/RESULT"; + state_value_template = ''{%- if value_json["PWM"]["${id}"]| int > 0 -%} ${toString max} {%- else -%} 0 {%- endif -%}''; + + command_topic = "/bam/${topic}/cmnd/${id}"; + on_command_type = "brightness"; + brightness_command_topic = "/bam/${topic}/cmnd/${id}"; + brightness_value_template = ''{{value_json["PWM"]["${id}"]}}''; + brightness_scale = max; + payload_on = "${toString max}"; + payload_off = "0"; + availability_topic = "/bam/${topic}/tele/LWT"; + payload_available= "Online"; + payload_not_available= "Offline"; + retain = true; + optimistic = false; + qos = 0; + }; +in +[ +# (tasmota_pwm "RedButton LED" "redbutton" 1 1023) #LED PWM1 + (tasmota_pwm "RedButton Buzzer" "redbutton" 2 512) #buzzer PWM2 +] diff --git a/makefu/2configs/bureautomation/light/statuslight.nix b/makefu/2configs/bureautomation/light/statuslight.nix new file mode 100644 index 000000000..0acab7281 --- /dev/null +++ b/makefu/2configs/bureautomation/light/statuslight.nix @@ -0,0 +1,57 @@ +let + tasmota_rgb = name: topic: +# LED WS2812b +# effect_state_topic: "stat/led/Scheme" +# effect_command_topic: "cmnd/led/Scheme" +# effect_value_template: "{{ value_json.Scheme }}" + { platform = "mqtt"; + inherit name; + retain = false; + qos = 1; + #optimistic = true; + # state + command_topic = "/bam/${topic}/cmnd/POWER"; + state_topic = "/bam/${topic}/tele/STATE"; + value_template = "{{ value_json.POWER }}"; + availability_topic = "/bam/${topic}/tele/LWT"; + payload_on = "ON"; + payload_off = "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + # brightness + brightness_state_topic = "/bam/${topic}/tele/STATE"; + brightness_value_template = "{{value_json.Dimmer}}"; + brightness_command_topic = "/bam/${topic}/cmnd/Dimmer"; + brightness_scale = 100; + # color + rgb_state_topic = "/bam/${topic}/stat/Color"; + rgb_command_topic = "/bam/${topic}/cmnd/Color2"; + rgb_command_mode = "hex"; + rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}"; + # effects + effect_state_topic = "/bam/${topic}/tele/STATE"; + effects_value_template = "{{value_json.Scheme}}"; + effect_command_topic = "/bam/${topic}/cmnd/Scheme"; + effect_value_template = "{{ value_json.Scheme }}"; + effect_list = [ + 0 # single color for LED light + 1 # start wake up sequence (same as Wakeup) + 2 # cycle up through colors using Speed option + 3 # cycle down through colors using Speed option + 4 # random cycle through colors using Speed and Fade + 5 # clock mode (example) + 6 # candlelight pattern + 7 # RGB pattern + 8 # Christmas pattern + 9 # Hannukah pattern + 10 # Kwanzaa pattern + 11 # rainbow pattern + 12 # fire pattern + ]; + }; +in +[ + (tasmota_rgb "Status Felix" "status1") + (tasmota_rgb "Status Daniel" "status2") + (tasmota_rgb "Buslicht" "buslicht") +] diff --git a/makefu/2configs/bureautomation/person/team.nix b/makefu/2configs/bureautomation/person/team.nix new file mode 100644 index 000000000..e18c42194 --- /dev/null +++ b/makefu/2configs/bureautomation/person/team.nix @@ -0,0 +1,29 @@ +[ + { name = "Thorsten"; + id = 1; + device_trackers = [ + "device_tracker.thorsten_phone" + "device_tracker.thorsten_arbeitphone" + ]; + } + { name = "Felix"; + id = 2; + device_trackers = [ + "device_tracker.felix_phone" + "device_tracker.felix_laptop" + ]; + } + { name = "Ecki"; + id = 3; + device_trackers = [ + "device_tracker.ecki_phone" + "device_tracker.ecki_tablet" + ]; + } + { name = "Daniel"; + id = 4; + device_trackers = [ + "device_tracker.daniel_phone" + ]; + } +] diff --git a/makefu/2configs/bureautomation/script/multi_blink.nix b/makefu/2configs/bureautomation/script/multi_blink.nix new file mode 100644 index 000000000..bb28dd46f --- /dev/null +++ b/makefu/2configs/bureautomation/script/multi_blink.nix @@ -0,0 +1,37 @@ +{lib, ... }: +let + # let an entity blink for X times with a delay of Y milliseconds + flash_entity = { entity, delay ? 500, count ? 4, alias ? "${entity}_blink_${toString count}_${toString delay}" }: + { + inherit alias; + sequence = lib.flatten (builtins.genList (i: [ + { service = "homeassistant.turn_on"; + data.entity_id = entity; + } + { delay.milliseconds = delay; } + { service = "homeassistant.turn_off"; + data.entity_id = entity; + } + { delay.milliseconds = delay; } + ] + ) count); + }; +in { + buzz_red_led = (flash_entity { + entity = "light.redbutton_buzzer"; + alias = "Red Button Buzz"; + count = 4; + }); + buzz_red_led_fast = (flash_entity { + entity = "light.redbutton_buzzer"; + delay = 250; + count = 2; + alias = "Red Button Buzz fast"; + }); + blitz_10s = (flash_entity { + entity = "switch.blitzdings"; + delay = 10000; + count = 1; + alias = "blitz for 10 seconds"; + }); +} diff --git a/makefu/2configs/bureautomation/sensor/espeasy.nix b/makefu/2configs/bureautomation/sensor/espeasy.nix new file mode 100644 index 000000000..4b78ee84e --- /dev/null +++ b/makefu/2configs/bureautomation/sensor/espeasy.nix @@ -0,0 +1,31 @@ +let + espeasy_dht22 = name: [ + { platform = "mqtt"; + name = "${name} DHT22 Temperature"; + device_class = "temperature"; + state_topic = "/bam/${name}/dht22/Temperature"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + } + { platform = "mqtt"; + device_class = "humidity"; + name = "${name} DHT22 Humidity"; + state_topic = "/bam/${name}/dht22/Humidity"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }]; + espeasy_ds18 = name: + { platform = "mqtt"; + name = "${name} DS18 Temperature"; + state_topic = "/bam/${name}/ds18/Temperature"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; +in +(espeasy_dht22 "easy1") ++ +(espeasy_dht22 "easy2") ++ [ + (espeasy_ds18 "easy3" ) +] diff --git a/makefu/2configs/bureautomation/sensor/influxdb.nix b/makefu/2configs/bureautomation/sensor/influxdb.nix new file mode 100644 index 000000000..820a56c4d --- /dev/null +++ b/makefu/2configs/bureautomation/sensor/influxdb.nix @@ -0,0 +1,18 @@ +[ + #{ platform = "influxdb"; + # queries = [ + # { name = "mean value of feinstaub P1"; + # where = '' "node" = 'esp8266-1355142' ''; + # measurement = "feinstaub"; + # database = "telegraf"; + # field = "P1"; + # } + # { name = "mean value of feinstaub P2"; + # where = '' "node" = 'esp8266-1355142' ''; + # measurement = "feinstaub"; + # database = "telegraf"; + # field = "P2"; + # } + # ]; + #} +] diff --git a/makefu/2configs/bureautomation/sensor/outside.nix b/makefu/2configs/bureautomation/sensor/outside.nix new file mode 100644 index 000000000..7dbc192a4 --- /dev/null +++ b/makefu/2configs/bureautomation/sensor/outside.nix @@ -0,0 +1,25 @@ +{lib,...}: [ + { platform = "darksky"; + api_key = lib.removeSuffix "\n" + (builtins.readFile <secrets/hass/darksky.apikey>); + language = "de"; + monitored_conditions = [ + "summary" "icon" + "nearest_storm_distance" "precip_probability" + "precip_intensity" + "temperature" # "temperature_high" "temperature_low" + "apparent_temperature" + "hourly_summary" # next 24 hours text + "humidity" + "pressure" + "uv_index" + ]; + units = "si" ; + update_interval = { days = 0; hours = 0; minutes = 30; seconds = 0; }; + } + { platform = "luftdaten"; + name = "Ditzingen"; + sensorid = "5341"; + monitored_conditions = [ "P1" "P2" ]; + } + ] diff --git a/makefu/2configs/bureautomation/switch/rfbridge.nix b/makefu/2configs/bureautomation/switch/rfbridge.nix new file mode 100644 index 000000000..1336549a3 --- /dev/null +++ b/makefu/2configs/bureautomation/switch/rfbridge.nix @@ -0,0 +1,17 @@ +let + topic = "rfbridge"; + bridge = name: payload_on: payload_off: + { platform = "mqtt"; + inherit name payload_on payload_off; + command_topic = "/bam/${topic}/cmnd/rfcode"; + availability_topic = "/bam/${topic}/tele/LWT"; + payload_available= "Online"; + payload_not_available= "Offline"; + }; +in +[ + (bridge "Nachtlicht A" "#414551" "#414554") + (bridge "Nachtlicht B" "#415151" "#415154") + (bridge "Nachtlicht C" "#415451" "#415454") + (bridge "Nachtlicht D" "#41551F" "#415514") +] diff --git a/makefu/2configs/bureautomation/switch/tasmota_switch.nix b/makefu/2configs/bureautomation/switch/tasmota_switch.nix new file mode 100644 index 000000000..115bae0cc --- /dev/null +++ b/makefu/2configs/bureautomation/switch/tasmota_switch.nix @@ -0,0 +1,22 @@ +let + tasmota_plug = name: topic: + { platform = "mqtt"; + inherit name; + state_topic = "/bam/${topic}/tele/STATE"; + value_template = "{{ value_json.POWER }}"; + command_topic = "/bam/${topic}/cmnd/POWER"; + availability_topic = "/bam/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + retain = false; + qos = 1; + }; +in [ + (tasmota_plug "Bauarbeiterlampe" "plug") + (tasmota_plug "Blitzdings" "plug2") + (tasmota_plug "Fernseher" "plug3") + (tasmota_plug "Feuer" "plug4") + (tasmota_plug "Blaulicht" "plug5") +] diff --git a/makefu/2configs/dict.nix b/makefu/2configs/dict.nix index 6db9102ba..08f1f8502 100644 --- a/makefu/2configs/dict.nix +++ b/makefu/2configs/dict.nix @@ -1,5 +1,6 @@ { pkgs, ... }: { + environment.shellAliases.dict = "dict -h 127.0.0.1"; services.dictd.enable = true; services.dictd.DBs = with pkgs.dictdDBs; [ wiktionary wordnet deu2eng eng2deu ]; } diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix index d14a611b4..8a58e44de 100644 --- a/makefu/2configs/editor/vim.nix +++ b/makefu/2configs/editor/vim.nix @@ -23,6 +23,7 @@ in { vimrcConfig.vam.pluginDictionaries = [ { names = [ "undotree" # "YouCompleteMe" + "LanguageClient-neovim" "vim-better-whitespace" ]; } # vim-nix handles indentation better but does not perform sanity { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc index 8cdab55db..96c505ba8 100644 --- a/makefu/2configs/editor/vimrc +++ b/makefu/2configs/editor/vimrc @@ -96,3 +96,14 @@ augroup Binary au BufWritePost *.bin if &bin | %!xxd au BufWritePost *.bin set nomod | endif augroup END + +let g:LanguageClient_serverCommands = { +\ 'python': ['pyls'] +\ } +nnoremap <F6> :call LanguageClient_contextMenu()<CR> +nnoremap <silent> gh :call LanguageClient_textDocument_hover()<CR> +nnoremap <silent> gd :call LanguageClient_textDocument_definition()<CR> +nnoremap <silent> gr :call LanguageClient_textDocument_references()<CR> +nnoremap <silent> gs :call LanguageClient_textDocument_documentSymbol()<CR> +nnoremap <silent> <F2> :call LanguageClient_textDocument_rename()<CR> +nnoremap <silent> gf :call LanguageClient_textDocument_formatting()<CR> diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 4890e4afe..0ff855980 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -62,6 +62,15 @@ let make-krebs-repo = with git; name: { cgit ? {}, ... }: { inherit cgit name; public = true; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + nick = config.networking.hostName; + verbose = config.krebs.build.host.name == "gum"; + channel = "#xxx"; + # TODO remove the hardcoded hostname + server = "irc.r"; + }; + }; }; diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix index 3be020faa..63a5cdbef 100644 --- a/makefu/2configs/home-manager/desktop.nix +++ b/makefu/2configs/home-manager/desktop.nix @@ -11,6 +11,15 @@ services.network-manager-applet.enable = true; services.blueman-applet.enable = true; services.pasystray.enable = true; + services.flameshot.enable = true; + home.file.".config/Dharkael/flameshot.ini".text = '' + [General] + disabledTrayIcon=false + drawColor=@Variant(\0\0\0\x43\x1\xff\xff\0\0\0\0\xff\xff\0\0) + drawThickness=0 + filenamePattern=%F_%T_shot + ''; + systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) ); programs.chromium = { enable = true; diff --git a/makefu/2configs/home-manager/taskwarrior.nix b/makefu/2configs/home-manager/taskwarrior.nix new file mode 100644 index 000000000..8ad16dcf2 --- /dev/null +++ b/makefu/2configs/home-manager/taskwarrior.nix @@ -0,0 +1,25 @@ +{pkgs, ... }: +let + loc = "/home/makefu/.task"; +in { + state = [ "${loc}/keys" ]; + home-manager.users.makefu.programs.taskwarrior = { + enable = true; + dataLocation = loc; + config = { + default.command = "list"; + taskd = { + server = "gum:53589"; + certificate = "${loc}/keys/public.crt"; + key = "${loc}/keys/private.key"; + ca = "${loc}/keys/ca.crt"; + credentials = "home/makefu/0e6c8146-1ddb-4906-9369-8f77e34cdf84"; + }; + context = { + work = "tags:work"; + shack = "tags:shack"; + home = "tags:home"; + }; + }; + }; +} diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index 59658e667..6c7b632e1 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -86,7 +86,8 @@ share = true; }; sessionVariables = { - TERM = "rxvt-unicode-256color"; + # TERM = "rxvt-unicode-256color"; + TERM = "xterm"; LANG = "en_US.UTF8"; LS_COLORS = ":di=1;31:"; EDITOR = "vim"; diff --git a/makefu/2configs/homeautomation/default.nix b/makefu/2configs/homeautomation/default.nix index 596d0002a..4e9ac0ee3 100644 --- a/makefu/2configs/homeautomation/default.nix +++ b/makefu/2configs/homeautomation/default.nix @@ -55,7 +55,8 @@ let payload_not_available = "Offline"; }; - firetv = "192.168.1.238"; + firetv = "192.168.1.183"; + hassdir = "/var/lib/hass"; tasmota_plug = name: topic: { platform = "mqtt"; inherit name; @@ -105,13 +106,7 @@ in { imports = [ ./mqtt.nix ]; - #systemd.services.firetv = { - # wantedBy = [ "multi-user.target" ]; - # serviceConfig = { - # User = "nobody"; - # ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; - # }; - #}; + services.home-assistant = { config = { homeassistant = { @@ -133,9 +128,11 @@ in { { platform = "kodi"; host = firetv; } - #{ platform = "firetv"; - # # assumes python-firetv running - #} + { platform = "firetv"; + name = "FireTV Stick"; + host = firetv; + adbkey = <secrets/hass/adbkey>; + } ]; mqtt = { broker = "localhost"; @@ -211,9 +208,12 @@ in { flur = [ "light.flurlicht" "binary_sensor.flur_bewegung" + "automation.dunkel_bei_sonnenuntergang" + "automation.hell_bei_sonnenaufgang" ]; wohnzimmer = [ "media_player.kodi" + "media_player.firetv_stick" ]; draussen = [ "sensor.dark_sky_temperature" @@ -240,6 +240,47 @@ in { ]; light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ]; automation = [ + { alias = "Dunkel bei Sonnenuntergang"; + trigger = { + platform = "sun"; + event = "sunset"; + # offset: "-00:45:00" + }; + action = [ + { + service= "light.turn_on"; + data = { + entity_id= "light.flurlicht"; + # rgb_color = [ 0,0,0 ]; <-- TODO default color + brightness_pct = 15; + }; + } + { + service= "light.turn_off"; + entity_id= "light.flurlicht"; + } + ]; + } + { alias = "Hell bei Sonnenaufgang"; + trigger = { + platform = "sun"; + event = "sunrise"; + # offset: "-00:00:00" + }; + action = [ + { + service= "light.turn_on"; + data = { + entity_id= "light.flurlicht"; + brightness_pct = 85; + }; + } + { + service= "light.turn_off"; + entity_id= "light.flurlicht"; + } + ]; + } { alias = "Staubsauger Strom aus nach 6h"; trigger = { platform = "state"; @@ -255,6 +296,10 @@ in { ]; }; enable = true; - #configDir = "/var/lib/hass"; + configDir = hassdir; }; + nixpkgs.config.permittedInsecurePackages = [ + "homeassistant-0.77.2" + ]; + } diff --git a/makefu/2configs/homeautomation/google-muell.nix b/makefu/2configs/homeautomation/google-muell.nix index 235cc1546..c81eae201 100644 --- a/makefu/2configs/homeautomation/google-muell.nix +++ b/makefu/2configs/homeautomation/google-muell.nix @@ -3,13 +3,21 @@ with import <stockholm/lib>; let pkg = pkgs.ampel; home = "/var/lib/ampel"; - sec = "${toString <secrets>}/google-muell.json"; + sec = "${toString <secrets>}/ampel/google-muell.json"; ampelsec = "${home}/google-muell.json"; - cred = "${toString <secrets>}/google-muell-creds.json"; + cred = "${toString <secrets>}/ampel/google-muell-creds.json"; # TODO: generate this credential file locally ampelcred = "${home}/google-muell-creds.json"; - esp = "192.168.8.204"; sleepval = "1800"; + # default-color = "18,63,40"; + default-color = "255,127,0"; + config_json = toFile "config.json" (toJSON { + mq_hostname = "localhost"; + mq_port = 1883; + mq_username = "sensor"; + mq_topic = "/ham/flurlicht/cmnd/MEM1"; + mq_password = replaceChars ["\n"] [""] (readFile "${toString <secrets>}/mqtt/sensor"); + }); in { users.users.ampel = { uid = genid "ampel"; @@ -27,7 +35,7 @@ in { install -m600 -o ampel ${sec} ${ampelsec} install -m600 -o ampel ${cred} ${ampelcred} ''; - ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}"; + ExecStart = "${pkg}/bin/google-muell --config ${config_json} --default-color=${default-color} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}"; PermissionsStartOnly = true; Restart = "always"; RestartSec = 10; diff --git a/makefu/2configs/remote-build/gum.nix b/makefu/2configs/remote-build/gum.nix new file mode 100644 index 000000000..98e2e58b5 --- /dev/null +++ b/makefu/2configs/remote-build/gum.nix @@ -0,0 +1,15 @@ +{ + nix = { + distributedBuilds = true; + buildMachines = [ + { + hostName = "gum.krebsco.de"; + maxJobs = 8; + sshKey = toString <secrets/id_nixBuild>; + sshUser = "nixBuild"; + system = "x86_64-linux"; + supportedFeatures = [ ]; + } + ]; + }; +} diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix index 89121ffd6..0227f512a 100644 --- a/makefu/2configs/remote-build/slave.nix +++ b/makefu/2configs/remote-build/slave.nix @@ -5,6 +5,7 @@ useDefaultShell = true; openssh.authorizedKeys.keys = [ config.krebs.users.buildbotSlave.pubkey + config.krebs.users.makefu-remote-builder.pubkey ]; }; } diff --git a/makefu/2configs/save-diskspace.nix b/makefu/2configs/save-diskspace.nix index 4fd569768..b6725e730 100644 --- a/makefu/2configs/save-diskspace.nix +++ b/makefu/2configs/save-diskspace.nix @@ -4,8 +4,8 @@ _: environment.noXlibs = true; nix.gc.automatic = true; nix.gc.dates = "03:10"; - programs.info.enable = false; - programs.man.enable = false; + documentation.info.enable = false; + documentation.man.enable = false; services.journald.extraConfig = "SystemMaxUse=50M"; services.nixosManual.enable = false; } diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index b6554e040..6844fdfe4 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -10,6 +10,7 @@ ./games.nix ./media.nix ./mobility.nix + ./pcmanfm-extra.nix ./scanner-tools.nix ./sec.nix ./sec-gui.nix diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 1e85da53c..41bfef270 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -2,10 +2,11 @@ { users.users.makefu.packages = with pkgs; [ + at_spi2_core chromium feh clipit - firefox + # firefox keepassx pcmanfm evince diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix index 33e896d4c..b4c3a431e 100644 --- a/makefu/2configs/tools/core.nix +++ b/makefu/2configs/tools/core.nix @@ -8,7 +8,6 @@ ( pkgs.writeScriptBin "unknow" ''#!/bin/sh ${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts '') - at_spi2_core acpi bc rsync @@ -17,6 +16,7 @@ ${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts lsof which binutils + screen # fs cifs-utils diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 0c877fc7b..23da9d577 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -2,10 +2,15 @@ { users.users.makefu.packages = with pkgs;[ - python3 - python3Packages.pyserial + (python3.withPackages(ps: [ + ps.python-language-server + # the following plugins are optional, they provide type checking, import sorting and code formatting + ps.pyls-mypy ps.pyls-isort ps.pyls-black + ps.virtualenv + ])) picocom - python3Packages.virtualenv + python3.pkgs.pyserial + python3.pkgs.virtualenv # embedded gi flashrom @@ -26,5 +31,6 @@ nix-review # git-related tig + (pkgs.callPackage ./init-host {}) ]; } diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 3d26cc574..dfb4183df 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -14,5 +14,6 @@ saleae-logic gitAndTools.gitFull signal-desktop + rambox ]; } diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 40ea4523d..0f1e61791 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -2,7 +2,7 @@ { imports = [ - ./steam.nix + # ./steam.nix ]; users.users.makefu.packages = with pkgs; [ games-user-env diff --git a/makefu/2configs/tools/init-host/default.nix b/makefu/2configs/tools/init-host/default.nix new file mode 100644 index 000000000..d1d3f7195 --- /dev/null +++ b/makefu/2configs/tools/init-host/default.nix @@ -0,0 +1,47 @@ +{ pkgs }: +pkgs.writeDashBin "generate-secrets" '' + set -euf + HOSTNAME="''${1?must provide hostname}" + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1) + HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null + + ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null + ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null + ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null + cat <<EOF > $TMPDIR/hashedPasswords.nix + { + root = "$HASHED_PASSWORD"; + } + EOF + + cd $TMPDIR + for x in *; do + ${pkgs.coreutils}/bin/cat $x | secrets insert -m $HOSTNAME/$x > /dev/null + done + echo $PASSWORD | secrets insert -m $HOSTNAME/root > /dev/null + + cat <<EOF + $HOSTNAME = { + cores = 1; + owner = config.krebs.users.makefu; + nets = { + retiolum = { + ip4.addr = "10.243.0.changeme"; + ip6.addr = "42:0:0:0:0:0:0:changeme"; + aliases = [ + "$HOSTNAME.r" + ]; + tinc.pubkey = ${"''"} + $(cat $TMPDIR/retiolum.rsa_key.pub) + ${"''"}; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; + }; + EOF + + rm -rf $TMPDIR +'' + diff --git a/makefu/2configs/tools/pcmanfm-extra.nix b/makefu/2configs/tools/pcmanfm-extra.nix new file mode 100644 index 000000000..2d5d20f80 --- /dev/null +++ b/makefu/2configs/tools/pcmanfm-extra.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: +{ + users.users.makefu.packages = with pkgs; [ + pcmanfm + lxqt.lxqt-policykit + shared_mime_info + lxmenu-data + ]; + environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; + services.gnome3.gvfs.enable = true; +} diff --git a/makefu/5pkgs/Fluffy/default.nix b/makefu/5pkgs/Fluffy/default.nix new file mode 100644 index 000000000..59a04a52d --- /dev/null +++ b/makefu/5pkgs/Fluffy/default.nix @@ -0,0 +1,42 @@ +{ lib, pkgs, python3Packages, ... }: + +with python3Packages; buildPythonApplication rec { + name = "Fluffy-${version}"; + format = "other"; + version = "2.7"; + + src = pkgs.fetchFromGitHub { + owner = "fourminute"; + repo = "Fluffy"; + rev = "v${version}"; + sha256 = "1l346bklidcl40q91cfdszrfskdwlmfjbmsc3mgs0i8wi1yhvq99"; + }; + + prePatch = '' + sed -e "s|/tmp|$HOME/.config/fluffy|" -i linux/fluffy.desktop + ''; + + installPhase = '' + env + install -Dm 644 linux/80-fluffy-switch.rules "$out/etc/udev/rules.d/80-fluffy-switch.rules" + install -Dm 644 linux/fluffy.desktop "$out/usr/share/applications/fluffy.desktop" + install -Dm 644 icons/16x16/fluffy.png "$out/share/icons/hicolor/16x16/apps/fluffy.png" + install -Dm 644 icons/24x24/fluffy.png "$out/share/icons/hicolor/24x24/apps/fluffy.png" + install -Dm 644 icons/32x32/fluffy.png "$out/share/icons/hicolor/32x32/apps/fluffy.png" + install -Dm 644 icons/48x48/fluffy.png "$out/share/icons/hicolor/48x48/apps/fluffy.png" + install -Dm 644 icons/64x64/fluffy.png "$out/share/icons/hicolor/64x64/apps/fluffy.png" + install -Dm 644 icons/128x128/fluffy.png "$out/share/icons/hicolor/128x128/apps/fluffy.png" + install -Dm 755 fluffy.pyw "$out/bin/fluffy" + wrapProgram "$out/bin/fluffy" --set PYTHONPATH "$PYTHONPATH" + ''; + + propagatedBuildInputs = [ + pyqt5 pyusb libusb1 configparser tkinter + ]; + + meta = { + homepage = https://github.com/fourminute/Fluffy; + description = "A feature-rich tool for installing NSPs"; + license = lib.licenses.gpl3; + }; +} diff --git a/makefu/5pkgs/ampel/default.nix b/makefu/5pkgs/ampel/default.nix index 9792c2c59..fb722a52f 100644 --- a/makefu/5pkgs/ampel/default.nix +++ b/makefu/5pkgs/ampel/default.nix @@ -2,7 +2,7 @@ with pkgs.python3Packages;buildPythonPackage rec { name = "ampel-${version}"; - version = "0.2.1"; + version = "0.2.5"; propagatedBuildInputs = [ docopt @@ -16,8 +16,8 @@ with pkgs.python3Packages;buildPythonPackage rec { src = pkgs.fetchgit { url = "http://cgit.euer.krebsco.de/ampel"; - rev = "92321d7"; - sha256 = "0mvpbpf1rx8sc589qjb73gl8z6fir2zs3gl3br1pbhg5jgn0ij4n"; + rev = "ce239876820699f02054e71b4fd0950509833379"; + sha256 = "1ja32lr04lwq4shi49kppa1zzjw0zlqaqy71pr5sbajgp4zj7kh8"; }; meta = { homepage = http://cgit.euer.krebsco.de/ampel; diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix index 486c0ddf6..1ae2f50d9 100644 --- a/makefu/5pkgs/awesomecfg/default.nix +++ b/makefu/5pkgs/awesomecfg/default.nix @@ -5,6 +5,7 @@ , networkmanagerapplet , blueman , clipit +, flameshot , modkey ? "Mod4" , locker? "${pkgs.xlock}/bin/xlock -mode blank" , ... }: @@ -13,7 +14,7 @@ # replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@ full = lib.makeOverridable pkgs.substituteAll { name = "awesome_full_config"; - inherit alsaUtils locker xbacklight modkey networkmanagerapplet blueman clipit; + inherit alsaUtils locker xbacklight modkey networkmanagerapplet blueman clipit flameshot ; isExecutable = false; src = ./full.cfg; }; diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index 11f9f59b8..83dd79b4d 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -410,6 +410,7 @@ clientkeys = awful.util.table.join( -- minimized, since minimized clients can't have the focus. c.minimized = true end), + awful.key({ }, "Print", function () awful.util.spawn("@flameshot@/bin/flameshot gui") end), awful.key({ modkey, }, "m", function (c) c.maximized = not c.maximized diff --git a/makefu/5pkgs/bento4/default.nix b/makefu/5pkgs/bento4/default.nix deleted file mode 100644 index 6f5f1deba..000000000 --- a/makefu/5pkgs/bento4/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ stdenv, fetchFromGitHub -, cmake -}: -stdenv.mkDerivation rec { - name = "bento4-${version}"; - version = "1.5.1-624"; - - src = fetchFromGitHub { - owner = "axiomatic-systems"; - repo = "Bento4"; - rev = "v${version}"; - sha256 = "1cq6vhrq3n3lc1n454slbc66qdyqam2srxgdhfpyfxbq5c4y06nf"; - }; - - nativeBuildInputs = [ cmake ]; - installPhase = '' - mkdir -p $out/{lib,bin} - find -iname '*.so' -exec mv --target-directory="$out/lib" {} \; - find -maxdepth 1 -executable -type f -exec mv --target-directory="$out/bin" {} \; - ''; - - meta = with stdenv.lib; { - description = "Full-featured MP4 format and MPEG DASH library and tools"; - homepage = http://bento4.com; - license = licenses.gpl3; - maintainers = with maintainers; [ makefu ]; - platforms = with platforms; linux; - }; -} diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 8ae41427c..1ae10459f 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -1,4 +1,4 @@ -self: super: +self: super: with super.lib; with builtins; let # This callPackage will try to detect obsolete overrides. callPackage = path: args: let diff --git a/makefu/5pkgs/prison-break/default.nix b/makefu/5pkgs/prison-break/default.nix new file mode 100644 index 000000000..f86ac3762 --- /dev/null +++ b/makefu/5pkgs/prison-break/default.nix @@ -0,0 +1,20 @@ +{pkgs, fetchFromGitHub}: +with pkgs.python3.pkgs; + +buildPythonPackage rec { + pname = "prison-break"; + version = "0.1.0"; + src = fetchFromGitHub { + owner = "makefu"; + repo = pname; + rev = "5eed6371e151e716faafa054e005bd98d77b4b5d"; + sha256 = "170zs9grbgkx83ghg6pm13v7vhi604y44j550ypp2x26nidaw63j"; + }; + propagatedBuildInputs = [ + docopt + requests + beautifulsoup4 + (callPackage ./straight-plugin.nix {}) + ]; + checkInputs = [ black ]; +} diff --git a/makefu/5pkgs/prison-break/straight-plugin.nix b/makefu/5pkgs/prison-break/straight-plugin.nix new file mode 100644 index 000000000..606c60b5d --- /dev/null +++ b/makefu/5pkgs/prison-break/straight-plugin.nix @@ -0,0 +1,22 @@ +{ lib +, buildPythonPackage +, fetchPypi +}: + +buildPythonPackage rec { + pname = "straight-plugin"; + version = "1.5.0"; + + src = fetchPypi { + pname = "straight.plugin"; + inherit version; + sha256 = "818a7641068932ed6436d0af0a3bb77bbbde29df0a7142c8bd1a249e7c2f0d38"; + }; + + meta = with lib; { + description = "A simple namespaced plugin facility"; + homepage = https://github.com/ironfroggy/straight.plugin; + license = licenses.mit; + maintainers = [ maintainers.makefu ]; + }; +} diff --git a/makefu/5pkgs/targetcli/default.nix b/makefu/5pkgs/targetcli/default.nix deleted file mode 100644 index 927c34c5a..000000000 --- a/makefu/5pkgs/targetcli/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ pkgs, fetchFromGitHub, ... }: -with pkgs.python2Packages; -let - version = "2.1"; - rtslib = buildPythonPackage rec { - pname = "rtslib"; - inherit version; - src = fetchFromGitHub { - owner = "datera"; - repo = "rtslib"; - rev = version; - sha256 = "1d58k9i4xigfqgycyismsqzkz65ssjdri2v9fg0wpica1klyyv22"; - }; - propagatedBuildInputs = [ ipaddr netifaces configobj ]; - }; - configshell = buildPythonPackage rec { - pname = "configshell"; - version = "1.6"; - src = fetchFromGitHub { - owner = "datera"; - repo = "configshell"; - rev = version; - sha256 = "14n7xbcaicsvwajv1aihz727dlkn6zfaqjbnn7mcpns83c2hms7y"; - }; - propagatedBuildInputs = [ pyparsing ]; - }; - - tcm-py = buildPythonPackage rec { - pname = "tcm-py"; - version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; - src = fetchFromGitHub { - owner = "datera"; - repo = "lio-utils"; - rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; - sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0"; - } + "/tcm-py"; - propagatedBuildInputs = [ ]; - }; - - lio-py = buildPythonPackage rec { - pname = "lio-py"; - version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; - src = fetchFromGitHub { - owner = "datera"; - repo = "lio-utils"; - rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; - sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0"; - } + "/lio-py"; - propagatedBuildInputs = [ ]; - }; - -in buildPythonApplication rec { - pname = "targetcli"; - inherit version; - - propagatedBuildInputs = [ rtslib configshell lio-py tcm-py ]; - - src = fetchFromGitHub { - owner = "datera"; - repo = "targetcli"; - rev = version; - sha256 = "10nax7761g93qzky01y3hra8i4s11cgyy9w5w6l8781lj21lgi3d"; - }; -} diff --git a/makefu/krops.nix b/makefu/krops.nix index 57a3b3bbf..7c3fbcf4a 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -23,6 +23,7 @@ # nixos-18.09 @ 2018-09-18 # + uhub/sqlite: 5dd7610401747 # + hovercraft: 7134801b17d72 + # + PR#53934: eac6797380af1 nixpkgs = if host-src.arm6 then { # TODO: we want to track the unstable channel symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/"; diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json index d62fd65ca..08dd7156e 100644 --- a/makefu/nixpkgs.json +++ b/makefu/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/makefu/nixpkgs", - "rev": "125873064a6eabd2896833d00aede7778a453fdf", - "date": "2019-01-11T14:24:21+01:00", - "sha256": "1ki50426m9simqvxdzckfgycibz5rdhwl6hzi31i72dqiafl8j6s", + "rev": "cba65c1ab2aec20f0eaa77d6747f16798688e1bb", + "date": "2019-02-25T00:04:17+01:00", + "sha256": "1h6d9kghs7n7nql7fw5v9fpmpgdq6xq62npc7cfvyam8g4ma9iwn", "fetchSubmodules": false } |