summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjeschli <jeschli@gmail.com>2019-06-25 22:43:02 +0200
committerjeschli <jeschli@gmail.com>2019-06-25 22:43:02 +0200
commit1cfc265bbfa14b7d9fc6479bcd9cf541e7cdd5eb (patch)
tree18b95faba964f8072d23afcadcadda4f3eb276af
parent8079877eee34d0a658e8419adfa8987e648388a8 (diff)
parent1d23dceb5d2c536790a00fcde30743b958f1018f (diff)
Merge branch 'master' of prism.r:stockholm
Diffstat
-rw-r--r--krebs/0tests/data/secrets/github-hosts-sync.ssh.id_ed255190
-rw-r--r--krebs/0tests/data/secrets/shackspace-gitlab-ci0
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/1systems/puyak/config.nix7
-rw-r--r--krebs/1systems/wolf/config.nix87
-rw-r--r--krebs/2configs/shack/gitlab-runner.nix21
-rw-r--r--krebs/2configs/shack/netbox.nix39
-rw-r--r--krebs/3modules/exim-retiolum.nix92
-rw-r--r--krebs/3modules/exim-smarthost.nix6
-rw-r--r--krebs/3modules/exim.nix2
-rw-r--r--krebs/3modules/external/default.nix187
-rw-r--r--krebs/3modules/external/palo.nix6
-rw-r--r--krebs/3modules/external/ssh/0x4a6f.pub1
-rw-r--r--krebs/3modules/external/tinc/horisa.pub8
-rw-r--r--krebs/3modules/github-hosts-sync.nix28
-rw-r--r--krebs/3modules/github-known-hosts.nix10
-rw-r--r--krebs/3modules/lass/default.nix1
-rw-r--r--krebs/3modules/makefu/default.nix24
-rw-r--r--krebs/3modules/makefu/wiregrill/gum.pub2
-rw-r--r--krebs/3modules/makefu/wiregrill/rockit.pub1
-rw-r--r--krebs/3modules/syncthing.nix99
-rw-r--r--krebs/5pkgs/simple/github-hosts-sync/default.nix39
-rwxr-xr-xkrebs/5pkgs/simple/github-hosts-sync/src/hosts-sync33
-rw-r--r--krebs/krops.nix2
-rw-r--r--krebs/nixpkgs.json6
-rw-r--r--lass/1systems/daedalus/config.nix2
-rw-r--r--lass/1systems/mors/config.nix31
-rw-r--r--lass/1systems/mors/physical.nix2
-rw-r--r--lass/1systems/prism/config.nix15
-rw-r--r--lass/2configs/browsers.nix1
-rw-r--r--lass/2configs/codimd.nix28
-rw-r--r--lass/2configs/exim-smarthost.nix3
-rw-r--r--lass/2configs/network-manager.nix2
-rw-r--r--lass/2configs/radio.nix22
-rw-r--r--lass/2configs/retiolum.nix4
-rw-r--r--lass/2configs/syncthing.nix11
-rw-r--r--lass/2configs/websites/domsen.nix47
-rw-r--r--makefu/2configs/backup/ssh/wbob.pub1
-rw-r--r--makefu/2configs/bureautomation/hass.nix1
-rw-r--r--makefu/2configs/editor/vim.nix1
-rw-r--r--makefu/2configs/editor/vimrc11
-rw-r--r--makefu/2configs/fs/sda-crypto-root-home.nix26
-rw-r--r--makefu/2configs/fs/sda-crypto-root.nix3
-rw-r--r--makefu/2configs/home-manager/zsh.nix4
-rw-r--r--makefu/2configs/mail/mail.euer.nix8
-rw-r--r--makefu/2configs/mqtt.nix3
-rw-r--r--makefu/2configs/nur.nix6
-rw-r--r--makefu/2configs/printer.nix1
-rw-r--r--makefu/2configs/stats/arafetch.nix6
-rw-r--r--makefu/2configs/task-client.nix7
-rw-r--r--makefu/2configs/taskd.nix1
-rw-r--r--makefu/5pkgs/default.nix1
-rw-r--r--makefu/5pkgs/pico2wave/default.nix44
-rw-r--r--makefu/5pkgs/prison-break/default.nix (renamed from krebs/5pkgs/simple/prison-break/default.nix)6
-rw-r--r--makefu/5pkgs/prison-break/straight-plugin.nix (renamed from krebs/5pkgs/simple/prison-break/straight-plugin.nix)0
m---------submodules/krops0
-rw-r--r--tv/2configs/exim-retiolum.nix1
-rw-r--r--tv/2configs/hw/x220.nix5
-rw-r--r--tv/2configs/vim.nix390
-rw-r--r--tv/5pkgs/vim/default.nix7
-rw-r--r--tv/5pkgs/vim/elixir.nix9
-rw-r--r--tv/5pkgs/vim/file-line.nix10
-rw-r--r--tv/5pkgs/vim/fzf.nix11
-rw-r--r--tv/5pkgs/vim/hack.nix46
-rw-r--r--tv/5pkgs/vim/jq.nix10
-rw-r--r--tv/5pkgs/vim/nix.nix223
-rw-r--r--tv/5pkgs/vim/showsyntax.nix26
-rw-r--r--tv/5pkgs/vim/tv.nix53
-rw-r--r--tv/5pkgs/vim/vim.nix16
69 files changed, 1179 insertions, 628 deletions
diff --git a/krebs/0tests/data/secrets/github-hosts-sync.ssh.id_ed25519 b/krebs/0tests/data/secrets/github-hosts-sync.ssh.id_ed25519
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/krebs/0tests/data/secrets/github-hosts-sync.ssh.id_ed25519
diff --git a/krebs/0tests/data/secrets/shackspace-gitlab-ci b/krebs/0tests/data/secrets/shackspace-gitlab-ci
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/krebs/0tests/data/secrets/shackspace-gitlab-ci
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index f68c8ce50..32e416831 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -18,6 +18,7 @@
];
krebs.build.host = config.krebs.hosts.hotdog;
+ krebs.github-hosts-sync.enable = true;
boot.isContainer = true;
networking.useDHCP = false;
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 67257eacd..af11c6944 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -73,6 +73,13 @@
system.activationScripts."disengage fancontrol" = ''
echo level disengaged > /proc/acpi/ibm/fan
'';
+
+ # to access vorstand vm
+ users.users.root.openssh.authorizedKeys.keys = [
+ config.krebs.users.ulrich.pubkey
+ config.krebs.users.raute.pubkey
+ ];
+
users.users.joerg = {
openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ];
isNormalUser = true;
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index ec8830711..7ca0f0ec1 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -11,83 +11,44 @@ in
<stockholm/krebs>
<stockholm/krebs/2configs>
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- <stockholm/krebs/2configs/collectd-base.nix>
- <stockholm/krebs/2configs/stats/wolf-client.nix>
- <stockholm/krebs/2configs/graphite.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
+ # handle the worlddomination map via coap
<stockholm/krebs/2configs/shack/worlddomination.nix>
+
+ # drivedroid.shack for shackphone
<stockholm/krebs/2configs/shack/drivedroid.nix>
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
- <stockholm/krebs/2configs/shack/mqtt_sub.nix>
+ # Say if muell will be collected
<stockholm/krebs/2configs/shack/muell_caller.nix>
- <stockholm/krebs/2configs/shack/radioactive.nix>
+
+ # create samba share for anonymous usage with the laser and 3d printer pc
<stockholm/krebs/2configs/shack/share.nix>
+
+ # mobile.lounge.mpd.shack
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
- {
- systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate
- systemd.services.telegraf.environment = {
- MIBDIRS = pkgs.fetchgit {
- url = "http://git.shackspace.de/makefu/modem-mibs.git";
- sha256 =
- "1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k";
- }; # extra mibs like ADSL
- };
- services.telegraf = {
- enable = true;
- extraConfig = {
- inputs = {
- snmp = {
- agents = [ "10.0.1.3:161" ];
- version = 2;
- community = "shack";
- name = "snmp";
- field = [
- {
- name = "hostname";
- oid = "RFC1213-MIB::sysName.0";
- is_tag = true;
- }
- {
- name = "load-percent"; #cisco
- oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9";
- }
- {
- name = "uptime";
- oid = "DISMAN-EVENT-MIB::sysUpTimeInstance";
- }
- ];
- table = [{
- name = "snmp";
- inherit_tags = [ "hostname" ];
- oid = "IF-MIB::ifXTable";
- field = [{
- name = "ifName";
- oid = "IF-MIB::ifName";
- is_tag = true;
- }];
- }];
- };
- };
- outputs = {
- influxdb = {
- urls = [ "http://${influx-host}:8086" ];
- database = "telegraf";
- write_consistency = "any";
- timeout = "5s";
- };
- };
- };
- };
- }
+ # connect to git.shackspace.de as group runner for rz
+ <stockholm/krebs/2configs/shack/gitlab-runner.nix>
+
+ # Statistics collection and visualization
+ <stockholm/krebs/2configs/graphite.nix>
+ ## Collect data from mqtt.shack and store in graphite database
+ <stockholm/krebs/2configs/shack/mqtt_sub.nix>
+ ## Collect radioactive data and put into graphite
+ <stockholm/krebs/2configs/shack/radioactive.nix>
+ ## Collect local statistics via collectd and send to collectd
+ <stockholm/krebs/2configs/stats/wolf-client.nix>
+ ## write collectd statistics to wolf.shack
+ <stockholm/krebs/2configs/collectd-base.nix>
+ { services.influxdb.enable = true; }
+ <stockholm/krebs/2configs/shack/netbox.nix>
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
- services.influxdb.enable = true;
# local discovery in shackspace
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
@@ -156,10 +117,10 @@ in
# fallout of ipv6calypse
networking.extraHosts = ''
hass.shack 10.42.2.191
- heidi.shack 10.42.2.135
'';
users.extraUsers.root.openssh.authorizedKeys.keys = [
+ config.krebs.users."0x4a6f".pubkey
config.krebs.users.ulrich.pubkey
config.krebs.users.raute.pubkey
config.krebs.users.makefu-omo.pubkey
diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix
new file mode 100644
index 000000000..0fd06426a
--- /dev/null
+++ b/krebs/2configs/shack/gitlab-runner.nix
@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+let
+ runner-src = builtins.fetchTarball {
+ url = "https://gitlab.com/arianvp/nixos-gitlab-runner/-/archive/master/nixos-gitlab-runner-master.tar.gz";
+ sha256 = "1s0fy5ny2ygcfvx35xws8xz5ih4z4kdfqlq3r6byxpylw7r52fyi";
+ };
+in
+{
+ systemd.services.gitlab-runner.path = [
+ "/run/wrappers" # /run/wrappers/bin/su
+ "/" # /bin/sh
+ ];
+ imports = [
+ "${runner-src}/gitlab-runner.nix"
+ ];
+ services.gitlab-runner2.enable = true;
+ ## registrationConfigurationFile contains:
+ # CI_SERVER_URL=<CI server URL>
+ # REGISTRATION_TOKEN=<registration secret>
+ services.gitlab-runner2.registrationConfigFile = <secrets/shackspace-gitlab-ci>;
+}
diff --git a/krebs/2configs/shack/netbox.nix b/krebs/2configs/shack/netbox.nix
new file mode 100644
index 000000000..4fb5a7dbc
--- /dev/null
+++ b/krebs/2configs/shack/netbox.nix
@@ -0,0 +1,39 @@
+{ pkgs, ... }:
+{
+ environment.systemPackages = [ pkgs.docker-compose ];
+ virtualisation.docker.enable = true;
+ services.nginx = {
+ enable = true;
+ virtualHosts."netbox.shack".locations."/".proxyPass = "http://localhost:18080";
+ };
+ # we store the netbox config there:
+ # state = [ "/var/lib/netbox" ];
+ systemd.services.backup-netbox = {
+ after = [ "netbox-docker-compose.service" ];
+ startAt = "daily";
+ path = with pkgs; [ docker-compose docker gzip coreutils ];
+ script = ''
+ cd /var/lib/netbox
+ mkdir -p backup
+ docker-compose exec -T -upostgres postgres pg_dumpall \
+ | gzip > backup/netdata_$(date -Iseconds).dump.gz
+ '';
+ };
+
+ systemd.services.netbox-docker-compose = {
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network-online.target" "docker.service" ];
+ environment.VERSION = "v2.5.13";
+ serviceConfig = {
+ WorkingDirectory = "/var/lib/netbox";
+ # TODO: grep -q NAPALM_SECRET env/netbox.env
+ # TODO: grep -q NAPALM_SECRET netbox-netprod-importer/switches.yml
+ ExecStartPre = "${pkgs.docker-compose}/bin/docker-compose pull";
+ ExecStart = "${pkgs.docker-compose}/bin/docker-compose up";
+ Restart = "always";
+ RestartSec = "10";
+ StartLimitIntervalSec = 60;
+ StartLimitBurst = 3;
+ };
+ };
+}
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix
index e08024977..118a8b2d5 100644
--- a/krebs/3modules/exim-retiolum.nix
+++ b/krebs/3modules/exim-retiolum.nix
@@ -1,15 +1,17 @@
-{ config, pkgs, lib, ... }:
-
with import <stockholm/lib>;
-let
+{ config, pkgs, lib, ... }: let
cfg = config.krebs.exim-retiolum;
- out = {
- options.krebs.exim-retiolum = api;
- config = lib.mkIf cfg.enable imp;
- };
+ # Due to improvements to the JSON notation, braces around top-level objects
+ # are not necessary^Wsupported by rspamd's parser when including files:
+ # https://github.com/rspamd/rspamd/issues/2674
+ toMostlyJSON = value:
+ assert typeOf value == "set";
+ (s: substring 1 (stringLength s - 2) s)
+ (toJSON value);
- api = {
+in {
+ options.krebs.exim-retiolum = {
enable = mkEnableOption "krebs.exim-retiolum";
local_domains = mkOption {
type = with types; listOf hostname;
@@ -28,22 +30,70 @@ let
"*.r"
];
};
+ rspamd = {
+ enable = mkEnableOption "krebs.exim-retiolum.rspamd" // {
+ default = false;
+ };
+ locals = {
+ logging = {
+ level = mkOption {
+ type = types.enum [
+ "error"
+ "warning"
+ "notice"
+ "info"
+ "debug"
+ "silent"
+ ];
+ default = "notice";
+ };
+ };
+ options = {
+ local_networks = mkOption {
+ type = types.listOf types.cidr;
+ default = [
+ config.krebs.build.host.nets.retiolum.ip4.prefix
+ config.krebs.build.host.nets.retiolum.ip6.prefix
+ ];
+ };
+ };
+ };
+ };
};
-
- imp = {
+ imports = [
+ {
+ config = lib.mkIf cfg.rspamd.enable {
+ services.rspamd.enable = true;
+ services.rspamd.locals =
+ mapAttrs'
+ (name: value: nameValuePair "${name}.inc" {
+ text = toMostlyJSON value;
+ })
+ cfg.rspamd.locals;
+ users.users.${config.krebs.exim.user.name}.extraGroups = [
+ config.services.rspamd.group
+ ];
+ };
+ }
+ ];
+ config = lib.mkIf cfg.enable {
krebs.exim = {
enable = true;
config =
# This configuration makes only sense for retiolum-enabled hosts.
# TODO modular configuration
assert config.krebs.tinc.retiolum.enable;
- ''
+ /* exim */ ''
keep_environment =
primary_hostname = ${cfg.primary_hostname}
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
+ ${optionalString cfg.rspamd.enable /* exim */ ''
+ spamd_address = /run/rspamd/rspamd.sock variant=rspamd
+ ''}
+
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
@@ -72,6 +122,24 @@ let
acl_check_data:
+ ${optionalString cfg.rspamd.enable /* exim */ ''
+ accept condition = ''${if eq{$interface_port}{587}}
+
+ warn remove_header = ${concatStringsSep " : " [
+ "x-spam"
+ "x-spam-report"
+ "x-spam-score"
+ ]}
+
+ warn
+ spam = nobody:true
+
+ warn
+ condition = ''${if !eq{$spam_action}{no action}}
+ add_header = X-Spam: Yes
+ add_header = X-Spam-Report: $spam_report
+ add_header = X-Spam-Score: $spam_score
+ ''}
accept
@@ -118,4 +186,4 @@ let
'';
};
};
-in out
+}
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index 5f93ae937..e988fb563 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -121,7 +121,7 @@ let
};
krebs.exim = {
enable = true;
- config = ''
+ config = /* exim */ ''
keep_environment =
primary_hostname = ${cfg.primary_hostname}
@@ -233,7 +233,7 @@ let
remote_smtp:
driver = smtp
- ${optionalString (cfg.dkim != []) (indent ''
+ ${optionalString (cfg.dkim != []) (indent /* exim */ ''
dkim_canon = relaxed
dkim_domain = $sender_address_domain
dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}}
@@ -262,7 +262,7 @@ let
begin rewrite
begin authenticators
- ${concatStringsSep "\n" (mapAttrsToList (name: text: ''
+ ${concatStringsSep "\n" (mapAttrsToList (name: text: /* exim */ ''
${name}:
${indent text}
'') cfg.authenticators)}
diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix
index cfcbbc438..83d88cb0d 100644
--- a/krebs/3modules/exim.nix
+++ b/krebs/3modules/exim.nix
@@ -37,7 +37,7 @@ in {
};
config = lib.mkIf cfg.enable {
environment = {
- etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" ''
+ etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" /* exim */ ''
exim_user = ${cfg.user.name}
exim_group = ${cfg.group.name}
exim_path = /run/wrappers/bin/exim
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 9bfc920a3..1720811d9 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -43,6 +43,31 @@ in {
};
};
};
+ wilde = {
+ owner = config.krebs.users.kmein;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.2.4";
+ aliases = [ "wilde.r" ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtz/MY5OSxJqrEMv6Iwjk
+ g/V58MATljj+2bmOuOuPui/AUYHEZX759lHW4MgLjYdNbZEoVq8UgkxNk0KPGlSg
+ 2lsJ7FneCU7jBSE2iLT1aHuNFFa56KzSThFUl6Nj6Vyg5ghSmDF2tikurtG2q+Ay
+ uxf5/yEhFUPc1ZxmvJDqVHMeW5RZkuKXH00C7yN+gdcPuuFEFq+OtHNkBVmaxu7L
+ a8Q6b/QbrwQJAR9FAcm5WSQIj2brv50qnD8pZrU4loVu8dseQIicWkRowC0bzjAo
+ IHZTbF/S+CK0u0/q395sWRQJISkD+WAZKz5qOGHc4djJHBR3PWgHWBnRdkYqlQYM
+ C9zA/n4I+Y2BEfTWtgkD2g0dDssNGP5dlgFScGmRclR9pJ/7dsIbIeo9C72c6q3q
+ sg0EIWggQ8xyWrUTXIMoDXt37htlTSnTgjGsuwRzjotAEMJmgynWRf3br3yYChrq
+ 10Exq8Lej+iOuKbdAXlwjKEk0qwN7JWft3OzVc2DMtKf7rcZQkBoLfWKzaCTQ4xo
+ 1Y7d4OlcjbgrkLwHltTaShyosm8kbttdeinyBG1xqQcK11pMO43GFj8om+uKrz57
+ lQUVipu6H3WIVGnvLmr0e9MQfThpC1em/7Aq2exn1JNUHhCdEho/mK2x/doiiI+0
+ QAD64zPmuo9wsHnSMR2oKs0CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ };
dpdkm = {
owner = config.krebs.users.Mic92;
nets = rec {
@@ -167,6 +192,20 @@ in {
};
};
};
+ horisa = {
+ cores = 2;
+ owner = config.krebs.users.ulrich; # main laptop
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.226.213";
+ ip6.addr = "42:0:e644:9099:4f8:b9aa:3856:4e85";
+ aliases = [
+ "horisa.r"
+ ];
+ tinc.pubkey = tinc-for "horisa";
+ };
+ };
+ };
idontcare = {
owner = config.krebs.users.Mic92;
nets = rec {
@@ -190,6 +229,35 @@ in {
};
};
};
+ inspector = {
+ owner = config.krebs.users.Mic92;
+ nets = rec {
+ internet = {
+ ip4.addr = "141.76.44.154";
+ aliases = [ "inspector.i" ];
+ };
+ retiolum = {
+ via = internet;
+ ip4.addr = "10.243.29.172";
+ aliases = [ "inspector.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
+ EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
+ 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
+ m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
+ WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
+ eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
+ OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
+ ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
+ B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
+ q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
+ 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
justraute = {
owner = config.krebs.users.raute; # laptop
nets = {
@@ -202,6 +270,30 @@ in {
};
};
};
+ matchbox = {
+ owner = config.krebs.users.Mic92;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.29.176";
+ aliases = [ "matchbox.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m
+ VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w
+ nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u
+ TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE
+ TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1
+ yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO
+ 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4
+ Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/
+ bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4
+ nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
+ /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
qubasa = {
owner = config.krebs.users.qubasa;
nets = {
@@ -227,6 +319,13 @@ in {
};
};
};
+ rilke = {
+ owner = config.krebs.users.kmein;
+ nets.wiregrill = {
+ aliases = [ "rilke.w" ];
+ wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ=";
+ };
+ };
rock = {
owner = config.krebs.users.Mic92;
nets = {
@@ -365,56 +464,53 @@ in {
};
};
};
- inspector = {
- owner = config.krebs.users.Mic92;
- nets = rec {
- internet = {
- ip4.addr = "141.76.44.154";
- aliases = [ "inspector.i" ];
- };
+ uppreisn = {
+ owner = config.krebs.users.ilmu;
+ nets = {
retiolum = {
- via = internet;
- ip4.addr = "10.243.29.172";
- aliases = [ "inspector.r" ];
+ ip4.addr = "10.243.42.13";
+ aliases = [ "ilmu.r" ];
tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
- EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
- 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
- m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
- WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
- eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
- OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
- ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
- B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
- q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
- 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
- -----END RSA PUBLIC KEY-----
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAweAz7KtgYVuAfqP7Zoax
+ BrQ++qig30Aabnou5C62bYIf1Fn8Z9RbDROTmkGeF7No7mZ7wH0hNpRXo1N/sLNt
+ gr4bX7fXAvQ3NeeoMmM6VcC+pExnE4NMMnu0Dm3Z/WcQkCsJukkcvpC1gWkjPXea
+ gn3ODl2wbKMiRBhQDA2Ro0zDQ+gAIsgtS9fDA85Rb0AToLwifHHavz81SXF+9piv
+ qIl3rJZVBo1kOiolv5BCh4/O+R5boiFfPGAiqEcob0cTcmSCXaMqis8UNorlm08j
+ ytNG7kazeRQb9olJ/ovCA1b+6iAZ4251twuQkHfNdfC3VM32jbGq7skMyhX3qN/b
+ WoHHeBZR8eH5MpTTIODI+r4cLswAJqlCk816bGMmg6MuZutTlQCRTy1S/wXY/8ei
+ STAZ1IZH6dnwCJ9HXgMC6hcYuOs/KmvSdaa7F+yTEq83IAASewbRgn/YHsMksftI
+ d8db17rEOT5uC1jOGKF98d7e30MX5saTJZLB6XmNDsql/lFoooGzTz/L80JUYiJ0
+ fQFADznZpA+NE+teOH9aXsucDQkX6BOPSO4XKXV86RIejHUSEx5WdaqGOUfmhFUo
+ 9hZhr0qiiKNlXlP8noM9n+hPNKNkOlctQcpnatgdU3uQMtITPyKSLMUDoQIJlSgq
+ lak5LCqzwU9qa9EQSU4nLZ0CAwEAAQ==
+ -----END PUBLIC KEY-----
'';
};
};
};
- matchbox = {
- owner = config.krebs.users.Mic92;
+ unnamed = {
+ owner = config.krebs.users.pie_;
nets = {
retiolum = {
- ip4.addr = "10.243.29.176";
- aliases = [ "matchbox.r" ];
+ ip4.addr = "10.243.3.14";
+ aliases = [ "unnamed.r" ];
tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m
- VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w
- nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u
- TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE
- TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1
- yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO
- 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4
- Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/
- bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4
- nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
- /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvGXVl+WV/bDxFAnYnAhZ
+ 2rHCU5dqtBvSg0sywV1j++lEuELBx4Zq14qyjDRGkkIGdgzCZBLK2cCgxPJ3MRFx
+ ZwiO3jPscTu3I7zju7ULO/LqGQG+Yf86estfGh394zFJ2rnFSwegeMNqCpOaurOH
+ GuYtNdjkxn/2wj00s+JEJjCNRMg8bkTMT3czuTr2k+6ICI8SgLZMDH7TjRfePHEW
+ X9/v4O3kMSZccT/wZWmezXuYlO7CJs7f4VV98z+sgubmIZz3uLfQFY8y9gmGp46y
+ 5n5QyD0iIqkLNGIldNnToVJPToRaW5OdNKtZFayU4pWZ296sEcJI0NWLYqy7yZfD
+ PG2FlCQmebUxMYk+iK0cYRLFzOgnr14uXihXxhuHYJ8R1VIbWuto1YFGUv5J/Jct
+ 3vgjwOlHwZKC9FTqnRjgp58QtnKneXGNZ446eKHUCmSRDKl8fc/m9ePHrISnGROY
+ gXMieAmOZtsQIxwRpBGCLjrr3sx8RRNY8ROycqPaQWp3upp61jAvvQW3SIvkp1+M
+ jGvfebJOSkEZurwGcWUar9w9t/oDfsV+R9Nm9n2IkdkNlnvXD1rcj7KqbFPtGf1a
+ MmB3AmwyIVv9Rk1Vpjkz4EtL4kPqiuhPrf1bHQhAdcwqwFGyo8HXsoMedb3Irhwm
+ OxwCRYLtEweku7HLhUVTnDkCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
};
};
};
@@ -449,6 +545,9 @@ in {
mail = "dickbutt@excogitation.de";
pubkey = ssh-for "exco";
};
+ ilmu = {
+ mail = "ilmu@rishi.is";
+ };
jan = {
mail = "jan.heidbrink@posteo.de";
};
@@ -473,10 +572,14 @@ in {
mail = "shackspace.de@myvdr.de";
pubkey = ssh-for "ulrich";
};
+ "0x4a6f" = {
+ mail = "0x4a6f@shackspace.de";
+ pubkey = ssh-for "0x4a6f";
+ };
miaoski = {
};
filly = {
};
+ pie_ = {};
};
}
-
diff --git a/krebs/3modules/external/palo.nix b/krebs/3modules/external/palo.nix
index cefac0959..05808714c 100644
--- a/krebs/3modules/external/palo.nix
+++ b/krebs/3modules/external/palo.nix
@@ -34,7 +34,10 @@ in {
retiolum = {
ip4.addr = "10.243.23.3";
tinc.port = 720;
- aliases = [ "kruck.r" ];
+ aliases = [
+ "kruck.r"
+ "video.kruck.r"
+ ];
tinc.pubkey = tinc-for "palo";
};
};
@@ -49,6 +52,7 @@ in {
tinc.pubkey = tinc-for "palo";
};
};
+ syncthing.id = "FLY7DHI-TJLEQBJ-JZNC4YV-NBX53Z2-ZBRWADL-BKSFXYZ-L4FMDVH-MOSEVAQ";
};
workhorse = {
owner = config.krebs.users.palo;
diff --git a/krebs/3modules/external/ssh/0x4a6f.pub b/krebs/3modules/external/ssh/0x4a6f.pub
new file mode 100644
index 000000000..1ea084bad
--- /dev/null
+++ b/krebs/3modules/external/ssh/0x4a6f.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMoQSUz0wcV8tnTKsYO3sO6XG6EHap8R63ihfMHkxPS
diff --git a/krebs/3modules/external/tinc/horisa.pub b/krebs/3modules/external/tinc/horisa.pub
new file mode 100644
index 000000000..06d686ce3
--- /dev/null
+++ b/krebs/3modules/external/tinc/horisa.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA1hhBqCku98gimv0yXr6DFwE2HUemigyqX8o7IsPOW5XT/K8o+V40
+Oxk3r0+c7IYREvug/raxoullf5TMJFzTzqzX4njgsiTs25V8D7hVT4jcRKTcXmBn
+XpjtD+tIeDW1E6dIMMDbxKCyfd/qaeg83G7gPobeFYr4JNqQLXrnotlWMO9S13UT
++EgSP2pixv/dGIqX8WRg23YumO8jZKbso/sKKFMIEOJvnh/5EcWb24+q2sDRCitP
+sWJ5j/9M1Naec/Zl27Ac2HyMWRk39F9Oo+iSbc47QvjKTEmn37P4bBg3hY9FSSFo
+M90wG/NRbw1Voz6BgGlwOAoA+Ln0rVKqDQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index 3b626dc46..0b7d56098 100644
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -11,17 +11,25 @@ let
api = {
enable = mkEnableOption "krebs.github-hosts-sync";
- port = mkOption {
- type = types.int; # TODO port type
- default = 1028;
- };
dataDir = mkOption {
type = types.str; # TODO path (but not just into store)
default = "/var/lib/github-hosts-sync";
};
+ srcDir = mkOption {
+ type = types.str;
+ default = "${config.krebs.tinc.retiolum.confDir}/hosts";
+ };
ssh-identity-file = mkOption {
type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"];
- default = toString <secrets/github-hosts-sync.ssh.id_rsa>;
+ default = toString <secrets/github-hosts-sync.ssh.id_ed25519>;
+ };
+ url = mkOption {
+ type = types.str;
+ default = "git@github.com:krebs/hosts.git";
+ };
+ workTree = mkOption {
+ type = types.absolute-pathname;
+ default = "${cfg.dataDir}/cache";
};
};
@@ -30,13 +38,18 @@ let
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
- port = toString cfg.port;
+ GITHUB_HOST_SYNC_USER_MAIL = user.mail;
+ GITHUB_HOST_SYNC_USER_NAME = user.name;
+ GITHUB_HOST_SYNC_SRCDIR = cfg.srcDir;
+ GITHUB_HOST_SYNC_WORKTREE = cfg.workTree;
+ GITHUB_HOST_SYNC_URL = cfg.url;
};
serviceConfig = {
PermissionsStartOnly = "true";
SyslogIdentifier = "github-hosts-sync";
User = user.name;
- Restart = "always";
+ Type = "oneshot";
+ RemainAfterExit = true;
ExecStartPre = pkgs.writeDash "github-hosts-sync-init" ''
set -euf
install -m 0711 -o ${user.name} -d ${cfg.dataDir}
@@ -56,6 +69,7 @@ let
};
user = rec {
+ mail = "${name}@${config.krebs.build.host.name}";
name = "github-hosts-sync";
uid = genid_uint31 name;
};
diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix
index def06f17a..bae8b96bf 100644
--- a/krebs/3modules/github-known-hosts.nix
+++ b/krebs/3modules/github-known-hosts.nix
@@ -28,12 +28,22 @@
"140.82.125.*"
"140.82.126.*"
"140.82.127.*"
+ "13.114.40.48"
"13.229.188.59"
+ "13.234.176.102"
+ "13.234.210.38"
+ "13.236.229.21"
+ "13.237.44.5"
"13.250.177.223"
+ "15.164.81.167"
"18.194.104.89"
"18.195.85.27"
"35.159.8.160"
+ "52.192.72.89"
+ "52.64.108.95"
+ "52.69.186.44"
"52.74.223.119"
+ "52.78.231.108"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 41f3852b9..f4c8f5c6a 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -35,6 +35,7 @@ in {
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
io 60 IN NS ions.lassul.us.
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index b38c9104f..601762b93 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -143,11 +143,19 @@ in {
ci = true;
cores = 4;
nets = {
+ lan = {
+ ip4.addr = "192.168.8.11";
+ aliases = [
+ "wbob.lan"
+ "log.wbob.lan"
+ ];
+ };
retiolum = {
ip4.addr = "10.243.214.15";
aliases = [
"wbob.r"
"hydra.wbob.r"
+ "log.wbob.r"
];
};
};
@@ -182,6 +190,7 @@ in {
wiki.euer IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr}
io IN NS gum.krebsco.de.
+ mediengewitter IN CNAME over.dose.io.
'';
};
cores = 8;
@@ -196,13 +205,13 @@ in {
};
wiregrill = {
via = internet;
+ ip4.addr = "10.244.245.1";
ip6.addr = w6 "1";
- wireguard = {
- subnets = [
- (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
+ wireguard.port = 51821;
+ wireguard.subnets = [
(krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
- ];
- };
+ "10.244.245.0/24" # required for routing directly to gum via rockit
+ ];
};
retiolum = {
via = internet;
@@ -247,7 +256,6 @@ in {
cores = 1;
extraZones = {
"krebsco.de" = ''
- mediengewitter IN A ${nets.internet.ip4.addr}
flap IN A ${nets.internet.ip4.addr}
'';
};
@@ -281,6 +289,10 @@ in {
};
};
};
+ rockit = rec { # router@home
+ cores = 1;
+ nets.wiregrill.ip4.addr = "10.244.245.2";
+ };
senderechner = rec {
cores = 2;
diff --git a/krebs/3modules/makefu/wiregrill/gum.pub b/krebs/3modules/makefu/wiregrill/gum.pub
index 4a5f666cc..67d6c7216 100644
--- a/krebs/3modules/makefu/wiregrill/gum.pub
+++ b/krebs/3modules/makefu/wiregrill/gum.pub
@@ -1 +1 @@
-yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=
+A7UPKSUaCZaJ9hXv6X4jvcZ+5X+PlS1EmCwxlLBAKH0=
diff --git a/krebs/3modules/makefu/wiregrill/rockit.pub b/krebs/3modules/makefu/wiregrill/rockit.pub
new file mode 100644
index 000000000..6cb0d960d
--- /dev/null
+++ b/krebs/3modules/makefu/wiregrill/rockit.pub
@@ -0,0 +1 @@
+YmvTL4c13WS6f88ZAz2m/2deL2pnPXI0Ay3edCPE1Qc=
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index 897ba1e7f..939c8fddf 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -2,40 +2,69 @@
let
- cfg = config.krebs.syncthing;
+ kcfg = config.krebs.syncthing;
+ scfg = config.services.syncthing;
devices = mapAttrsToList (name: peer: {
name = name;
deviceID = peer.id;
addresses = peer.addresses;
- }) cfg.peers;
+ }) kcfg.peers;
folders = mapAttrsToList ( _: folder: {
inherit (folder) path id type;
- devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
+ devices = map (peer: { deviceId = kcfg.peers.${peer}.id; }) folder.peers;
rescanIntervalS = folder.rescanInterval;
fsWatcherEnabled = folder.watch;
fsWatcherDelayS = folder.watchDelay;
+ ignoreDelete = folder.ignoreDelete;
ignorePerms = folder.ignorePerms;
- }) cfg.folders;
+ }) kcfg.folders;
getApiKey = pkgs.writeDash "getAPIKey" ''
${pkgs.libxml2}/bin/xmllint \
--xpath 'string(configuration/gui/apikey)'\
- ${config.services.syncthing.dataDir}/config.xml
+ ${scfg.configDir}/config.xml
'';
updateConfig = pkgs.writeDash "merge-syncthing-config" ''
set -efu
+
+ # XXX this assumes the GUI address to be "IPv4 address and port"
+ host=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 0)}
+ port=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 1)}
+
# wait for service to restart
- ${pkgs.untilport}/bin/untilport localhost 8384
+ ${pkgs.untilport}/bin/untilport "$host" "$port"
+
API_KEY=$(${getApiKey})
- CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config)
- echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * {
- "devices": ${builtins.toJSON devices},
- "folders": ${builtins.toJSON folders}
- }' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @-
- ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST
+
+ _curl() {
+ ${pkgs.curl}/bin/curl \
+ -Ss \
+ -H "X-API-Key: $API_KEY" \
+ "http://$host:$port/rest""$@"
+ }
+
+ old_config=$(_curl /system/config)
+ new_config=${shell.escape (toJSON {
+ inherit devices folders;
+ })}
+ new_config=$(${pkgs.jq}/bin/jq -en \
+ --argjson old_config "$old_config" \
+ --argjson new_config "$new_config" \
+ '
+ $old_config * $new_config
+ ${optionalString (!kcfg.overridePeers) ''
+ * { devices: $old_config.devices }
+ ''}
+ ${optionalString (!kcfg.overrideFolders) ''
+ * { folders: $old_config.folders }
+ ''}
+ '
+ )
+ echo $new_config | _curl /system/config -d @-
+ _curl /system/restart -X POST
'';
in
@@ -45,11 +74,6 @@ in
enable = mkEnableOption "syncthing-init";
- id = mkOption {
- type = types.str;
- default = config.krebs.build.host.name;
- };
-
cert = mkOption {
type = types.nullOr types.absolute-pathname;
default = null;
@@ -60,6 +84,13 @@ in
default = null;
};
+ overridePeers = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ Whether to delete the peers which are not configured via the peers option
+ '';
+ };
peers = mkOption {
default = {};
type = types.attrsOf (types.submodule ({
@@ -80,6 +111,13 @@ in
}));
};
+ overrideFolders = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ Whether to delete the folders which are not configured via the peers option
+ '';
+ };
folders = mkOption {
default = {};
type = types.attrsOf (types.submodule ({ config, ... }: {
@@ -120,6 +158,11 @@ in
default = 10;
};
+ ignoreDelete = mkOption {
+ type = types.bool;
+ default = false;
+ };
+
ignorePerms = mkOption {
type = types.bool;
default = true;
@@ -130,19 +173,19 @@ in
};
};
- config = (mkIf cfg.enable) {
+ config = mkIf kcfg.enable {
- systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
+ systemd.services.syncthing = mkIf (kcfg.cert != null || kcfg.key != null) {
preStart = ''
- ${optionalString (cfg.cert != null) ''
- cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem
- chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem
- chmod 400 ${config.services.syncthing.dataDir}/cert.pem
+ ${optionalString (kcfg.cert != null) ''
+ cp ${toString kcfg.cert} ${scfg.configDir}/cert.pem
+ chown ${scfg.user}:${scfg.group} ${scfg.configDir}/cert.pem
+ chmod 400 ${scfg.configDir}/cert.pem
''}
- ${optionalString (cfg.key != null) ''
- cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem
- chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem
- chmod 400 ${config.services.syncthing.dataDir}/key.pem
+ ${optionalString (kcfg.key != null) ''
+ cp ${toString kcfg.key} ${scfg.configDir}/key.pem
+ chown ${scfg.user}:${scfg.group} ${scfg.configDir}/key.pem
+ chmod 400 ${scfg.configDir}/key.pem
''}
'';
};
@@ -152,7 +195,7 @@ in
wantedBy = [ "multi-user.target" ];
serviceConfig = {
- User = config.services.syncthing.user;
+ User = scfg.user;
RemainAfterExit = true;
Type = "oneshot";
ExecStart = updateConfig;
diff --git a/krebs/5pkgs/simple/github-hosts-sync/default.nix b/krebs/5pkgs/simple/github-hosts-sync/default.nix
index cdfed468c..fbc48fa3f 100644
--- a/krebs/5pkgs/simple/github-hosts-sync/default.nix
+++ b/krebs/5pkgs/simple/github-hosts-sync/default.nix
@@ -1,37 +1,32 @@
{ pkgs, stdenv, ... }:
-stdenv.mkDerivation {
- name = "github-hosts-sync";
+stdenv.mkDerivation rec {
+ name = "github-hosts-sync-${version}";
+ version = "2.0.0";
- src = pkgs.painload;
+ src = ./src;
phases = [
"unpackPhase"
"installPhase"
];
- installPhase =
- let
- ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
- path = stdenv.lib.makeBinPath (with pkgs; [
- coreutils
- findutils
- git
- gnugrep
- gnused
- nettools
- openssh
- socat
- ]);
- in
+ installPhase = let
+ ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ path = stdenv.lib.makeBinPath [
+ pkgs.git
+ pkgs.nettools
+ pkgs.openssh
+ pkgs.rsync
+ ];
+ in
''
mkdir -p $out/bin
- sed \
- 's,^main() {$,&\n export PATH=${path} GIT_SSL_CAINFO=${ca-bundle},' \
- < ./retiolum/scripts/github_hosts_sync/hosts-sync \
- > $out/bin/github-hosts-sync
+ cp hosts-sync $out/bin/github-hosts-sync
- chmod +x $out/bin/github-hosts-sync
+ sed -i \
+ '1s,$,\nPATH=${path}''${PATH+:$PATH} GIT_SSL_CAINFO=${ca-bundle},' \
+ $out/bin/github-hosts-sync
'';
}
diff --git a/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync b/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync
new file mode 100755
index 000000000..a8973e72b
--- /dev/null
+++ b/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync
@@ -0,0 +1,33 @@
+#! /bin/sh
+set -efu
+exec >&2
+
+hosts_srcdir=$GITHUB_HOST_SYNC_SRCDIR
+hosts_worktree=${GITHUB_HOST_SYNC_WORKTREE-/tmp/hosts}
+hosts_url=${GITHUB_HOST_SYNC_URL-git@github.com:krebs/hosts.git}
+user_mail=${GITHUB_HOST_SYNC_USER_MAIL-$LOGNAME@$(hostname)}
+user_name=${GITHUB_HOST_SYNC_USER_NAME-$LOGNAME}
+
+test -d "$hosts_worktree" || git clone "$hosts_url" "$hosts_worktree"
+
+cd "$hosts_worktree"
+
+git pull
+
+rsync \
+ --chmod D755,F644 \
+ --delete-excluded \
+ --filter 'protect .git' \
+ --recursive \
+ --verbose \
+ "$hosts_srcdir/" \
+ .
+
+git add .
+
+if test -n "$(git status --porcelain)"; then
+ git config user.email "$user_mail"
+ git config user.name "$user_name"
+ git commit -m bump
+ git push
+fi
diff --git a/krebs/krops.nix b/krebs/krops.nix
index 94418fdc2..8d38ed5b0 100644
--- a/krebs/krops.nix
+++ b/krebs/krops.nix
@@ -50,7 +50,7 @@
{
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
secrets = if test then {
- file = toString <stockholm/krebs/0tests/data/secrets>;
+ file = toString ./0tests/data/secrets;
} else {
pass = {
dir = "${lib.getEnv "HOME"}/brain";
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 811eb826e..4118a1dd6 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "705986f5a986be5c5ae13193b487c7ec8ca05f16",
- "date": "2019-05-18T20:38:59-04:00",
- "sha256": "0zpch2cpl2yx0mp7hnyjd03hqs7rxza9wc2p97njsdzhi56gxwxp",
+ "rev": "d77e3bd661354ea775a8cacc97bb59ddde513c09",
+ "date": "2019-06-18T23:08:17+02:00",
+ "sha256": "1m82zs00n6nc0pkdpmd9amm013qxwksjfhzcm6gck3p469q7n866",
"fetchSubmodules": false
}
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index 6e3df12f0..df8868034 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -57,6 +57,8 @@ with import <stockholm/lib>;
{
krebs.per-user.bitcoin.packages = [
pkgs.electrum
+ pkgs.electron-cash
+ pkgs.altcoins.litecoin
];
users.extraUsers = {
bitcoin = {
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index f911b79d6..5076beeef 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -49,14 +49,31 @@ with import <stockholm/lib>;
];
}
{
- krebs.syncthing.folders."the_playlist" = {
- path = "/home/lass/tmp/the_playlist";
- peers = [ "mors" "phone" "prism" ];
+ krebs.syncthing = {
+ peers.schasch.addresses = [ "schasch.r:22000" ];
+ folders = {
+ the_playlist = {
+ path = "/home/lass/tmp/the_playlist";
+ peers = [ "mors" "phone" "prism" ];
+ };
+ free_music = {
+ id = "mu9mn-zgvsw";
+ path = "/home/lass/tmp/free_music";
+ peers = [ "mors" "schasch" ];
+ };
+ };
};
- krebs.permown."/home/lass/tmp/the_playlist" = {
- owner = "lass";
- group = "syncthing";
- umask = "0007";
+ krebs.permown = {
+ "/home/lass/tmp/free_music" = {
+ owner = "lass";
+ group = "syncthing";
+ umask = "0007";
+ };
+ "/home/lass/tmp/the_playlist" = {
+ owner = "lass";
+ group = "syncthing";
+ umask = "0007";
+ };
};
}
{
diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix
index 25425f146..6828d70de 100644
--- a/lass/1systems/mors/physical.nix
+++ b/lass/1systems/mors/physical.nix
@@ -22,7 +22,7 @@
};
services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:72:f4:88", NAME="wl0"
+ SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:c4:7a:f1", NAME="et0"
'';
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index d7b0b701a..eec8e34b8 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -195,6 +195,7 @@ with import <stockholm/lib>;
};
}
<stockholm/lass/2configs/minecraft.nix>
+ <stockholm/lass/2configs/codimd.nix>
{
services.taskserver = {
enable = true;
@@ -382,7 +383,7 @@ with import <stockholm/lib>;
'';
fileSystems."/export/download" = {
- device = "/var/lib/containers/yellow/var/download";
+ device = "/var/lib/containers/yellow/var/download/finished";
options = [ "bind" ];
};
services.nfs.server = {
@@ -395,6 +396,12 @@ with import <stockholm/lib>;
statdPort = 4000;
};
krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
@@ -456,4 +463,10 @@ with import <stockholm/lib>;
enable = true;
freeMemThreshold = 5;
};
+
+ # prism rsa hack
+ services.openssh.hostKeys = [{
+ path = toString <secrets> + "ssh.id_rsa";
+ type = "rsa";
+ }];
}
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index d214e224d..c0085995d 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -66,7 +66,6 @@ in {
extensions = [
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
- "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold
];
};
diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix
new file mode 100644
index 000000000..5f802148b
--- /dev/null
+++ b/lass/2configs/codimd.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ services.nginx.virtualHosts.codimd = {
+ enableACME = true;
+ addSSL = true;
+ serverName = "codi.lassul.us";
+ locations."/".extraConfig = ''
+ client_max_body_size 4G;
+ proxy_set_header Host $host;
+ proxy_pass http://localhost:3091;
+ '';
+ };
+
+ services.codimd = {
+ enable = true;
+ configuration = {
+ db = {
+ dialect = "sqlite";
+ storage = "/var/lib/codimd/db.codimd.sqlite";
+ useCDN = false;
+ };
+ port = 3091;
+ };
+ };
+}
+
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 4216bd67a..d1e6b195b 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -103,6 +103,9 @@ with import <stockholm/lib>;
{ from = "lobsters@lassul.us"; to = lass.mail; }
{ from = "fysitech@lassul.us"; to = lass.mail; }
{ from = "threema@lassul.us"; to = lass.mail; }
+ { from = "ubisoft@lassul.us"; to = lass.mail; }
+ { from = "kottezeller@lassul.us"; to = lass.mail; }
+ { from = "pie@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix
index 5b890b591..ab27eb841 100644
--- a/lass/2configs/network-manager.nix
+++ b/lass/2configs/network-manager.nix
@@ -15,6 +15,8 @@
};
};
networking.networkmanager = {
+ ethernet.macAddress = "random";
+ wifi.macAddress = "random";
enable = true;
unmanaged = [
"docker*"
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 88899c554..b4efd42fc 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -97,12 +97,17 @@ in {
services.icecast = {
enable = true;
- hostname = "config.krebs.build.host.name";
+ hostname = "radio.lassul.us";
admin.password = admin-password;
extraConf = ''
- <authentication>
- <source-password>${source-password}</source-password>
- </authentication>
+ <mount>
+ <mount-name>/radio.mp3</mount-name>
+ <password>${source-password}</password>
+ </mount>
+ <mount>
+ <mount-name>/radio.ogg</mount-name>
+ <password>${source-password}</password>
+ </mount>
'';
};
@@ -194,8 +199,8 @@ in {
workdir = config.krebs.reaktor2.the_playlist.stateDir;
hooks.PRIVMSG = [
{
- activate = "match";
- pattern = ''!([^ ]+)(?:\s*(.*))?'';
+ #activate = "match";
+ pattern = "^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$";
command = 1;
arguments = [2];
commands = {
@@ -218,6 +223,11 @@ in {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Server $host;
+ proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:8000;
'';
locations."/recent".extraConfig = ''
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index fb76c5735..9932f8172 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -20,8 +20,10 @@
"prism"
"gum"
"ni"
- "dishfire"
];
+ extraConfig = ''
+ LocalDiscovery = yes
+ '';
};
nixpkgs.config.packageOverrides = pkgs: {
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index 48f2625c1..d4df17b9a 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -1,5 +1,7 @@
{ config, pkgs, ... }: with import <stockholm/lib>; let
- peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
+ all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
+ own_peers = filterAttrs (n: v: v.owner.name == "lass") all_peers;
+ mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
in {
services.syncthing = {
enable = true;
@@ -14,8 +16,8 @@ in {
enable = true;
cert = toString <secrets/syncthing.cert>;
key = toString <secrets/syncthing.key>;
- peers = peers;
- folders."/home/lass/sync".peers = attrNames peers;
+ peers = mk_peers all_peers;
+ folders."/home/lass/sync".peers = attrNames (filterAttrs (n: v: n != "phone") own_peers);
};
system.activationScripts.syncthing-home = ''
@@ -23,8 +25,9 @@ in {
'';
krebs.permown."/home/lass/sync" = {
+ file-mode = "u+rw,g+rw";
owner = "lass";
group = "syncthing";
- umask = "0007";
+ umask = "0002";
};
}
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 2131c7c62..9980e0501 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -26,6 +26,7 @@ in {
./default.nix
./sqlBackup.nix
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
+ (servePage [ "jarugadesign.de" "www.jarugadesign.de" ])
(servePage [
"freemonkey.art"
"www.freemonkey.art"
@@ -93,6 +94,7 @@ in {
hostName = "o.xanf.org";
config = {
adminpassFile = toString <secrets> + "/nextcloud_pw";
+ overwriteProtocol = "https";
};
https = true;
nginx.enable = true;
@@ -141,6 +143,7 @@ in {
{ from = "akayguen@freemonkey.art"; to ="akayguen"; }
{ from = "bui@freemonkey.art"; to ="bui"; }
{ from = "kontakt@alewis.de"; to ="klabusterbeere"; }
+ { from = "hallo@jarugadesign.de"; to ="kasia"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
{ from = "testuser@ubikmedia.eu"; to = "testuser"; }
@@ -150,6 +153,7 @@ in {
"ubikmedia.eu"
"ubikmedia.de"
"alewis.de"
+ "jarugadesign.de"
];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem";
@@ -234,7 +238,18 @@ in {
createHome = true;
};
- krebs.on-failure.plans.restic-backups-domsen = {};
+ users.users.kasia = {
+ uid = genid_uint31 "kasia";
+ home = "/home/kasia";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
+ krebs.on-failure.plans.restic-backups-domsen = {
+ journalctl = {
+ lines = 1000;
+ };
+ };
services.restic.backups.domsen = {
initialize = true;
extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
@@ -247,11 +262,41 @@ in {
"/home/ms/Mail"
"/home/klabusterbeere/Mail"
"/home/jms/Mail"
+ "/home/kasia/Mail"
"/home/bruno/Mail"
"/home/akayguen/Mail"
"/backups/sql_dumps"
];
};
+ boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576";
+ krebs.permown = {
+ "/srv/http/ubikmedia.de" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0007";
+ };
+ "/srv/http/o.ubikmedia.de" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0007";
+ };
+ "/srv/http/freemonkey.art" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0002";
+ };
+ "/srv/http/jarugadesign.de" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0002";
+ };
+ "/srv/http/reich-gebaeudereinigung.de" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0002";
+ };
+ };
+
}
diff --git a/makefu/2configs/backup/ssh/wbob.pub b/makefu/2configs/backup/ssh/wbob.pub
new file mode 100644
index 000000000..52d56d956
--- /dev/null
+++ b/makefu/2configs/backup/ssh/wbob.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x
diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix
index 02465520c..ace1d10ce 100644
--- a/makefu/2configs/bureautomation/hass.nix
+++ b/makefu/2configs/bureautomation/hass.nix
@@ -146,6 +146,7 @@ in {
"device_tracker.ecki_tablet"
"device_tracker.daniel_phone"
"device_tracker.carsten_phone"
+ "device_tracker.thierry_phone"
# "person.thorsten"
# "person.felix"
# "person.ecki"
diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix
index 8a58e44de..d14a611b4 100644
--- a/makefu/2configs/editor/vim.nix
+++ b/makefu/2configs/editor/vim.nix
@@ -23,7 +23,6 @@ in {
vimrcConfig.vam.pluginDictionaries = [
{ names = [ "undotree"
# "YouCompleteMe"
- "LanguageClient-neovim"
"vim-better-whitespace" ]; }
# vim-nix handles indentation better but does not perform sanity
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc
index 96c505ba8..8cdab55db 100644
--- a/makefu/2configs/editor/vimrc
+++ b/makefu/2configs/editor/vimrc
@@ -96,14 +96,3 @@ augroup Binary
au BufWritePost *.bin if &bin | %!xxd
au BufWritePost *.bin set nomod | endif
augroup END
-
-let g:LanguageClient_serverCommands = {
-\ 'python': ['pyls']
-\ }
-nnoremap <F6> :call LanguageClient_contextMenu()<CR>
-nnoremap <silent> gh :call LanguageClient_textDocument_hover()<CR>
-nnoremap <silent> gd :call LanguageClient_textDocument_definition()<CR>
-nnoremap <silent> gr :call LanguageClient_textDocument_references()<CR>
-nnoremap <silent> gs :call LanguageClient_textDocument_documentSymbol()<CR>
-nnoremap <silent> <F2> :call LanguageClient_textDocument_rename()<CR>
-nnoremap <silent> gf :call LanguageClient_textDocument_formatting()<CR>
diff --git a/makefu/2configs/fs/sda-crypto-root-home.nix b/makefu/2configs/fs/sda-crypto-root-home.nix
index e790ed6a8..4f0cf8c6b 100644
--- a/makefu/2configs/fs/sda-crypto-root-home.nix
+++ b/makefu/2configs/fs/sda-crypto-root-home.nix
@@ -8,7 +8,31 @@
# / (main-root)
# /home (main-home)
-with import <stockholm/lib>;
+# clean the boot sector:
+# dd if=/dev/zero of=/dev/sda count=2048
+# Installation Instruction on ISO:
+# fdisk /dev/sda
+ # boot 500M
+ # rest rest
+# cryptsetup luksFormat /dev/sda2
+# mkfs.ext4 -L nixboot /dev/sda1
+# cryptsetup luksOpen /dev/sda2 cryptoluks
+# pvcreate /dev/mapper/cryptoluks
+# vgcreate main /dev/mapper/cryptoluks
+# lvcreate -L 200Gib main -n root
+# lvcreate -L 800Gib main -n home
+# mkfs.ext4 /dev/main/root
+# mkfs.ext4 /dev/main/home
+# mount /dev/mapper/main-root /mnt
+# mkdir -p /mnt/{boot,home,var/src} /var/src
+# mount /dev/sda1 /mnt/boot
+# mount /dev/mapper/main-home /mnt/home
+# touch /mnt/var/src/.populate
+# mount -o bind /mnt/var/src /var/src
+# nix-channel --add https://nixos.org/channels/nixos-19.03 nixpkgs && # nix-channel --update
+# nix-env -iA nixpkgs.gitMinimal
+# (on deploy-host) $(nix-build ~/stockholm/makefu/krops.nix --no-out-link --argstr name x --argstr target 10.42.22.91 -A deploy --show-trace)
+# NIXOS_CONFIG=/var/src/nixos-config nixos-install -I /var/src --no-root-passwd --no-channel-copy
{
imports = [
diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix
index 55cfd74f5..e49843cfe 100644
--- a/makefu/2configs/fs/sda-crypto-root.nix
+++ b/makefu/2configs/fs/sda-crypto-root.nix
@@ -9,8 +9,7 @@
# boot 500M
# rest rest
# cryptsetup luksFormat /dev/sda2
-#
-with import <stockholm/lib>;
+# mkfs.ext4 -L nixboot /dev/sda1
{
boot = {
loader.grub.enable = true;
diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix
index 267a2e878..d24969ef0 100644
--- a/makefu/2configs/home-manager/zsh.nix
+++ b/makefu/2configs/home-manager/zsh.nix
@@ -25,12 +25,12 @@
then
[ -d .direnv ] || mkdir .direnv
local tmp=$(nix-shell --show-trace "$@" \
- --run "\"$direnv\" dump bash")
+ --run "\"$direnv\" dump zsh")
echo "$tmp" > "$cache"
fi
local path_backup=$PATH term_backup=$TERM
- direnv_load cat "$cache"
+ . "$cache"
export PATH=$PATH:$path_backup TERM=$term_backup
diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix
index f8f82e76b..d27b888a7 100644
--- a/makefu/2configs/mail/mail.euer.nix
+++ b/makefu/2configs/mail/mail.euer.nix
@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
imports = [
- (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz")
+ (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz")
];
mailserver = {
@@ -32,8 +32,12 @@
};
services.dovecot2.extraConfig = ''
- ssl_dh = </var/lib/dhparams/dovecot.pem
+ ssl_dh = </var/lib/dhparams/dovecot2.pem
'';
+ state = [ # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/wikis/A-Complete-Backup-Guide
+ config.mailserver.mailDirectory
+ config.mailserver.dkimKeyDirectory
+ ];
# workaround for DH creation
# security.dhparams = {
# enable = true;
diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix
index c56521812..8b77df962 100644
--- a/makefu/2configs/mqtt.nix
+++ b/makefu/2configs/mqtt.nix
@@ -5,6 +5,9 @@
host = "0.0.0.0";
users = {};
# TODO: secure that shit
+ aclExtraConf = ''
+ pattern readwrite /#
+ '';
allowAnonymous = true;
};
}
diff --git a/makefu/2configs/nur.nix b/makefu/2configs/nur.nix
index dda00063a..3cb4981e0 100644
--- a/makefu/2configs/nur.nix
+++ b/makefu/2configs/nur.nix
@@ -1,7 +1,7 @@
{ pkgs, ... }:{
nixpkgs.config.packageOverrides = pkgs: {
- nur = pkgs.callPackage (import (builtins.fetchGit {
- url = "https://github.com/nix-community/NUR";
- })) {};
+ nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
+ inherit pkgs;
+ };
};
}
diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix
index 0889ebbc1..d297483b2 100644
--- a/makefu/2configs/printer.nix
+++ b/makefu/2configs/printer.nix
@@ -32,4 +32,5 @@ in {
tcp 192.168.1.5
''; #home printer SCX-3205W
};
+ state = [ "/var/lib/cups" ];
}
diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix
index c16629cc5..6ab9d3774 100644
--- a/makefu/2configs/stats/arafetch.nix
+++ b/makefu/2configs/stats/arafetch.nix
@@ -2,7 +2,7 @@
with import <stockholm/lib>;
let
pkg = with pkgs.python3Packages;buildPythonPackage rec {
- rev = "762d747";
+ rev = "775d0c2";
name = "arafetch-${rev}";
propagatedBuildInputs = [
requests
@@ -13,7 +13,7 @@ let
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/arafetch";
inherit rev;
- sha256 = "164xiqbrr914lz0nh3i1dxz8iwg6vm2af3i3803cd3242nznw0ws";
+ sha256 = "0z35avn7vmbd1661ca1zkc9i4lwcm03kpwgiqxddpkp1yxhl548p";
};
};
home = "/var/lib/arafetch";
@@ -34,7 +34,7 @@ in {
path = [ pkg pkgs.git pkgs.wget ];
serviceConfig = {
User = "arafetch";
- Restart = "always";
+ # Restart = "always";
WorkingDirectory = home;
PrivateTmp = true;
ExecStart = pkgs.writeDash "start-weekrun" ''
diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix
index 470193d6c..1fdddb9b1 100644
--- a/makefu/2configs/task-client.nix
+++ b/makefu/2configs/task-client.nix
@@ -4,11 +4,4 @@
pkgs.taskwarrior
];
- environment.shellAliases = {
- tshack = "task project:shack";
- twork = "task project:soc";
- tpki = "task project:pki";
- tkrebs = "task project:krebs";
- t = "task project: ";
- };
}
diff --git a/makefu/2configs/taskd.nix b/makefu/2configs/taskd.nix
index 5ca3b9904..122ad66a7 100644
--- a/makefu/2configs/taskd.nix
+++ b/makefu/2configs/taskd.nix
@@ -1,5 +1,6 @@
{config, ... }:
{
+ state = [ config.services.taskserver.dataDir ];
services.taskserver.enable = true;
services.taskserver.fqdn = config.krebs.build.host.name;
services.taskserver.listenHost = "::";
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 1ae10459f..a3c489ccc 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -40,6 +40,7 @@ in {
qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { };
inherit (callPackage ./devpi {}) devpi-web ;
nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {};
+ prison-break = abort "`prison-break` moved from this namespace to `nur.repos.krebs.prison-break`";
}
// (mapAttrs (_: flip callPackage {})
diff --git a/makefu/5pkgs/pico2wave/default.nix b/makefu/5pkgs/pico2wave/default.nix
new file mode 100644
index 000000000..5302e8bf3
--- /dev/null
+++ b/makefu/5pkgs/pico2wave/default.nix
@@ -0,0 +1,44 @@
+{ stdenv, lib, fetchurl
+, popt
+, libredirect
+, dpkg
+, makeWrapper
+, autoPatchelfHook
+, ...
+}:
+# https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=svox-pico-bin
+let
+ pkgrel="8";
+ _arch = "amd64";
+in
+stdenv.mkDerivation rec {
+ name = "pico2wave"; # svox-pico-bin
+ version = "1.0+git20130326";
+ srcs = [
+ (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico0_${version}-${pkgrel}_${_arch}.deb"; sha256 = "0b8r7r8by5kamnm960bsicimnj1a40ghy3475nzy1jvwj5xgqhrj"; })
+ (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico-dev_${version}-${pkgrel}_${_arch}.deb"; sha256 = "1knjiwi117h02nbf7k6ll080vl65gxwx3rpj0fq5xkvxbqpjjbvz"; })
+ (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico-data_${version}-${pkgrel}_all.deb"; sha256 = "0k0x5jh5qzzasrg766pfmls3ksj18wwdbssysvpxkq98aqg4fgmx"; })
+ (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico-utils_${version}-${pkgrel}_${_arch}.deb"; sha256 = "11yk25fh4n7qz4xjg0dri68ygc3aapj1bk9cvhcwkfvm46j5lrjv"; })
+ ] ;
+
+ nativeBuildInputs = [ dpkg makeWrapper autoPatchelfHook ];
+
+ dontBuild = true;
+
+ buildInputs = [ popt ];
+
+ unpackPhase = lib.concatMapStringsSep ";" (src: "dpkg-deb -x ${src} .") srcs;
+
+ installPhase = ''
+ mkdir -p $out
+ cp -r usr/. $out/
+
+ mv $out/lib/*-linux-gnu/* $out/lib/
+ rmdir $out/lib/*-linux-gnu
+
+ wrapProgram "$out/bin/pico2wave" \
+ --set LD_PRELOAD "${libredirect}/lib/libredirect.so" \
+ --set NIX_REDIRECTS /usr/share/pico/lang=$out/share/pico/lang
+ '';
+
+}
diff --git a/krebs/5pkgs/simple/prison-break/default.nix b/makefu/5pkgs/prison-break/default.nix
index 051a46184..672e0b3a0 100644
--- a/krebs/5pkgs/simple/prison-break/default.nix
+++ b/makefu/5pkgs/prison-break/default.nix
@@ -3,12 +3,12 @@ with pkgs.python3.pkgs;
buildPythonPackage rec {
pname = "prison-break";
- version = "1.0.0";
+ version = "1.2.0";
src = fetchFromGitHub {
owner = "makefu";
repo = pname;
- rev = "1.0.0";
- sha256 = "0ab42z6qr42vz4fc077irn9ykrrylagx1dzlw8dqcanf49dxd961";
+ rev = version;
+ sha256 = "07wy6f06vj9s131c16gw1xl1jf9gq5xiqia8awfb26s99gxlv7l9";
};
propagatedBuildInputs = [
docopt
diff --git a/krebs/5pkgs/simple/prison-break/straight-plugin.nix b/makefu/5pkgs/prison-break/straight-plugin.nix
index 606c60b5d..606c60b5d 100644
--- a/krebs/5pkgs/simple/prison-break/straight-plugin.nix
+++ b/makefu/5pkgs/prison-break/straight-plugin.nix
diff --git a/submodules/krops b/submodules/krops
-Subproject 5b8fb8dc0ee14672d7fd533bd98635b8725dbb2
+Subproject ee41207df1ce718e0b154ed8047384118a0133a
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
index 8b34b16cf..3d4ada46b 100644
--- a/tv/2configs/exim-retiolum.nix
+++ b/tv/2configs/exim-retiolum.nix
@@ -7,5 +7,6 @@ with import <stockholm/lib>;
pkgs.eximlog
];
krebs.exim-retiolum.enable = true;
+ krebs.exim-retiolum.rspamd.enable = config.krebs.build.host.name == "nomic";
tv.iptables.input-retiolum-accept-tcp = singleton "smtp";
}
diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix
index 35e7d8941..699b4a87e 100644
--- a/tv/2configs/hw/x220.nix
+++ b/tv/2configs/hw/x220.nix
@@ -57,6 +57,11 @@
HandleSuspendKey=ignore
'';
+ # because extraConfig is not extra enough:
+ services.logind.lidSwitch = "ignore";
+ services.logind.lidSwitchDocked = "ignore";
+ services.logind.lidSwitchExternalPower = "ignore";
+
services.xserver = {
videoDriver = "intel";
};
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index a45e040e6..f8d599f7e 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -14,389 +14,17 @@ let {
};
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
- # cannot use pkgs.vimPlugins.fzf-vim as it's missing :Rg
- (pkgs.vimUtils.buildVimPlugin {
- name = "fzf-2018-11-14";
- src = pkgs.fetchgit {
- url = https://github.com/junegunn/fzf.vim;
- rev = "ad1833ecbc9153b6e34a4292dc089a58c4bcb8dc";
- sha256 = "1z2q71q6l9hq9fqfqpj1svhyk4yk1bzw1ljhksx4bnpz8gkfbx2m";
- };
- })
+ pkgs.tv.vimPlugins.elixir
+ pkgs.tv.vimPlugins.file-line
+ pkgs.tv.vimPlugins.fzf
+ pkgs.tv.vimPlugins.hack
+ pkgs.tv.vimPlugins.jq
+ pkgs.tv.vimPlugins.nix
+ pkgs.tv.vimPlugins.showsyntax
+ pkgs.tv.vimPlugins.tv
+ pkgs.tv.vimPlugins.vim
pkgs.vimPlugins.fzfWrapper
pkgs.vimPlugins.undotree
- (pkgs.vimUtils.buildVimPlugin {
- name = "vim-elixir-2018-08-17";
- src = pkgs.fetchgit {
- url = https://github.com/elixir-editors/vim-elixir;
- rev = "0a847f0faed5ba2d94bb3d51f355c50f37ba025b";
- sha256 = "1jl85wpgywhcvhgw02y8zpvqf0glr4i8522kxpvhsiacb1v1xh04";
- };
- })
- (pkgs.vimUtils.buildVimPlugin {
- name = "vim-syntax-jq";
- src = pkgs.fetchgit {
- url = https://github.com/vito-c/jq.vim;
- rev = "99d55a300047946a82ecdd7617323a751199ad2d";
- sha256 = "09c94nah47wx0cr556w61h6pfznxld18pfblc3nv51ivbw7cjqyx";
- };
- })
- (pkgs.vimUtils.buildVimPlugin {
- name = "file-line-1.0";
- src = pkgs.fetchgit {
- url = git://github.com/bogado/file-line;
- rev = "refs/tags/1.0";
- sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
- };
- })
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "hack";
- in {
- name = "vim-color-${name}-1.0.2";
- destination = "/colors/${name}.vim";
- text = /* vim */ ''
- set background=dark
- hi clear
- if exists("syntax_on")
- syntax clear
- endif
-
- let colors_name = ${toJSON name}
-
- hi Normal ctermbg=235
- hi Comment ctermfg=242
- hi Constant ctermfg=255
- hi Identifier ctermfg=253
- hi Function ctermfg=253
- hi Statement ctermfg=253
- hi PreProc ctermfg=251
- hi Type ctermfg=251
- hi Delimiter ctermfg=251
- hi Special ctermfg=255
-
- hi Garbage ctermbg=088
- hi TabStop ctermbg=016
- hi Todo ctermfg=174 ctermbg=NONE
-
- hi NixCode ctermfg=040
- hi NixData ctermfg=046
- hi NixQuote ctermfg=071
-
- hi diffNewFile ctermfg=207
- hi diffFile ctermfg=207
- hi diffLine ctermfg=207
- hi diffSubname ctermfg=207
- hi diffAdded ctermfg=010
- hi diffRemoved ctermfg=009
-
- hi Search cterm=NONE ctermbg=216
- '';
- })))
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "vim";
- in {
- name = "vim-syntax-${name}-1.0.0";
- destination = "/syntax/${name}.vim";
- text = /* vim */ ''
- ${concatMapStringsSep "\n" (s: /* vim */ ''
- syn keyword vimColor${s} ${s}
- \ containedin=ALLBUT,vimComment,vimLineComment
- hi vimColor${s} ctermfg=${s}
- '') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
- '';
- })))
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "showsyntax";
- in {
- name = "vim-plugin-${name}-1.0.0";
- destination = "/plugin/${name}.vim";
- text = /* vim */ ''
- if exists('g:loaded_showsyntax')
- finish
- endif
- let g:loaded_showsyntax = 0
-
- fu! ShowSyntax()
- let id = synID(line("."), col("."), 1)
- let name = synIDattr(id, "name")
- let transName = synIDattr(synIDtrans(id),"name")
- if name != transName
- let name .= " (" . transName . ")"
- endif
- echo "Syntax: " . name
- endfu
-
- command! -n=0 -bar ShowSyntax :call ShowSyntax()
- '';
- })))
- ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" {
- #
- # Haskell
- #
- "/ftplugin/haskell.vim".text = ''
- if exists("g:vim_tv_ftplugin_haskell_loaded")
- finish
- endif
- let g:vim_tv_ftplugin_haskell_loaded = 1
-
- setlocal iskeyword+='
- '';
- #
- # TODO
- #
- "/ftdetect/todo.vim".text = ''
- au BufRead,BufNewFile TODO set ft=todo
- '';
- "/ftplugin/todo.vim".text = ''
- setlocal foldmethod=syntax
- '';
- "/syntax/todo.vim".text = ''
- syn match todoComment /#.*/
-
- syn match todoDate /^[1-9]\S*/
- \ nextgroup=todoSummary
-
- syn region todoSummary
- \ contained
- \ contains=todoTag
- \ start="." end="$\n"
- \ nextgroup=todoBlock
-
- syn match todoTag /\[[A-Za-z]\+\]/hs=s+1,he=e-1
- \ contained
-
- syn region todoBlock
- \ contained
- \ contains=Comment
- \ fold
- \ start="^[^1-9]" end="^[1-9 ]"re=s-1,he=s-1,me=s-1
-
- syn sync minlines=1000
-
- hi link todoComment Comment
- hi todoDate ctermfg=255
- hi todoSummary ctermfg=229
- hi todoBlock ctermfg=248
- hi todoTag ctermfg=217
- '';
- }))
- ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-syntax-nix-nested" {
- "/syntax/haskell.vim".text = ''
- syn region String start=+\[[[:alnum:]]*|+ end=+|]+
-
- hi link ConId Identifier
- hi link VarId Identifier
- hi link hsDelimiter Delimiter
- '';
- "/syntax/nix.vim".text = ''
- "" Quit when a (custom) syntax file was already loaded
- "if exists("b:current_syntax")
- " finish
- "endif
-
- "setf nix
-
- " Ref <nix/src/libexpr/lexer.l>
- syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
- syn match NixINT /\<[0-9]\+\>/
- syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
- syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
- syn region NixSTRING
- \ matchgroup=NixSTRING
- \ start='"'
- \ skip='\\"'
- \ end='"'
- syn region NixIND_STRING
- \ matchgroup=NixIND_STRING
- \ start="'''"
- \ skip="'''\('\|[$]\|\\[nrt]\)"
- \ end="'''"
-
- syn match NixOther /[-!+&<>|():/;=.,?\[\]*@]/
-
- syn match NixCommentMatch /\(^\|\s\)#.*/
- syn region NixCommentRegion start="/\*" end="\*/"
-
- hi link NixCode Statement
- hi link NixData Constant
- hi link NixComment Comment
-
- hi link NixCommentMatch NixComment
- hi link NixCommentRegion NixComment
- hi link NixID NixCode
- hi link NixINT NixData
- hi link NixPATH NixData
- hi link NixHPATH NixData
- hi link NixSPATH NixData
- hi link NixURI NixData
- hi link NixSTRING NixData
- hi link NixIND_STRING NixData
-
- hi link NixEnter NixCode
- hi link NixOther NixCode
- hi link NixQuote NixData
-
- syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
- syn cluster nix_ind_strings contains=NixIND_STRING
- syn cluster nix_strings contains=NixSTRING
-
- ${concatStringsSep "\n" (mapAttrsToList (name: {
- extraStart ? null,
- lang ? name
- }:
- let
- startAlts = filter isString [
- ''/\* ${name} \*/''
- extraStart
- ];
- sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
- in /* vim */ ''
- syn include @nix_${lang}_syntax syntax/${lang}.vim
- if exists("b:current_syntax")
- unlet b:current_syntax
- endif
-
- syn match nix_${lang}_sigil
- \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
- \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
- \ transparent
-
- syn region nix_${lang}_region_STRING
- \ matchgroup=NixSTRING
- \ start='"'
- \ skip='\\"'
- \ end='"'
- \ contained
- \ contains=@nix_${lang}_syntax
- \ transparent
-
- syn region nix_${lang}_region_IND_STRING
- \ matchgroup=NixIND_STRING
- \ start="'''"
- \ skip="'''\('\|[$]\|\\[nrt]\)"
- \ end="'''"
- \ contained
- \ contains=@nix_${lang}_syntax
- \ transparent
-
- syn cluster nix_ind_strings
- \ add=nix_${lang}_region_IND_STRING
-
- syn cluster nix_strings
- \ add=nix_${lang}_region_STRING
-
- " This is required because containedin isn't transitive.
- syn cluster nix_has_dollar_curly
- \ add=@nix_${lang}_syntax
- '') (let
-
- capitalize = s: let
- xs = stringToCharacters s;
- in
- toUpper (head xs) + concatStrings (tail xs);
-
- alts = xs: ''\(${concatStringsSep ''\|'' xs}\)'';
- def = k: ''${k}[ \t\r\n]*='';
- writer = k: ''write${k}[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)'';
-
- writerExt = k: writerName ''[^"]*\.${k}'';
- writerName = k: ''write[^ \t\r\n]*[ \t\r\n]*"${k}"'';
-
- in {
- c = {};
- cabal = {};
- diff = {};
- haskell = {};
- jq.extraStart = alts [
- (writer "Jq")
- (writerExt "jq")
- ];
- javascript.extraStart = ''/\* js \*/'';
- lua = {};
- python.extraStart = ''/\* py \*/'';
- sed.extraStart = writer "Sed";
- sh.extraStart = let
- phases = [
- "unpack"
- "patch"
- "configure"
- "build"
- "check"
- "install"
- "fixup"
- "installCheck"
- "dist"
- ];
- shells = [
- "ash"
- "bash"
- "dash"
- ];
- in alts [
- (def "shellHook")
- (def "${alts phases}Phase")
- (def "${alts ["pre" "post"]}${alts (map capitalize phases)}")
- (writer (alts (map capitalize shells)))
- ];
- yaml = {};
- vim.extraStart = alts [
- (def ''"[^"]*\.vim"\.text'')
- (writerExt "vim")
- (writerName ''\([^"]*\.\)\?vimrc'')
- ];
- xdefaults = {};
- xmodmap = {};
- }))}
-
- " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
- syn clear shVarAssign
-
- syn region nixINSIDE_DOLLAR_CURLY
- \ matchgroup=NixEnter
- \ start="[$]{"
- \ end="}"
- \ contains=TOP
- \ containedin=@nix_has_dollar_curly
- \ transparent
-
- syn region nix_inside_curly
- \ matchgroup=NixEnter
- \ start="{"
- \ end="}"
- \ contains=TOP
- \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
- \ transparent
-
- syn match NixQuote /'''\(''$\|\\.\)/he=s+2
- \ containedin=@nix_ind_strings
- \ contained
-
- syn match NixQuote /'''\('\|\\.\)/he=s+1
- \ containedin=@nix_ind_strings
- \ contained
-
- syn match NixQuote /\\./he=s+1
- \ containedin=@nix_strings
- \ contained
-
- syn sync fromstart
-
- let b:current_syntax = "nix"
-
- set isk=@,48-57,_,192-255,-,'
- '';
- "/syntax/sed.vim".text = ''
- syn region sedBranch
- \ matchgroup=sedFunction start="T"
- \ matchgroup=sedSemicolon end=";\|$"
- \ contains=sedWhitespace
- '';
- "/syntax/xmodmap.vim".text = ''
- syn match xmodmapComment /^\s*!.*/
- '';
- }))
];
dirs = {
diff --git a/tv/5pkgs/vim/default.nix b/tv/5pkgs/vim/default.nix
new file mode 100644
index 000000000..5582be3fd
--- /dev/null
+++ b/tv/5pkgs/vim/default.nix
@@ -0,0 +1,7 @@
+with import <stockholm/lib>;
+
+self: super: {
+ tv = super.tv // {
+ vimPlugins = mapNixDir (path: self.callPackage path {}) ./.;
+ };
+}
diff --git a/tv/5pkgs/vim/elixir.nix b/tv/5pkgs/vim/elixir.nix
new file mode 100644
index 000000000..2ffbbc82f
--- /dev/null
+++ b/tv/5pkgs/vim/elixir.nix
@@ -0,0 +1,9 @@
+{ pkgs }:
+pkgs.vimUtils.buildVimPlugin {
+ name = "vim-elixir-2018-08-17";
+ src = pkgs.fetchgit {
+ url = https://github.com/elixir-editors/vim-elixir;
+ rev = "0a847f0faed5ba2d94bb3d51f355c50f37ba025b";
+ sha256 = "1jl85wpgywhcvhgw02y8zpvqf0glr4i8522kxpvhsiacb1v1xh04";
+ };
+}
diff --git a/tv/5pkgs/vim/file-line.nix b/tv/5pkgs/vim/file-line.nix
new file mode 100644
index 000000000..22597265a
--- /dev/null
+++ b/tv/5pkgs/vim/file-line.nix
@@ -0,0 +1,10 @@
+{ pkgs }:
+
+pkgs.vimUtils.buildVimPlugin {
+ name = "file-line-1.0";
+ src = pkgs.fetchgit {
+ url = git://github.com/bogado/file-line;
+ rev = "refs/tags/1.0";
+ sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
+ };
+}
diff --git a/tv/5pkgs/vim/fzf.nix b/tv/5pkgs/vim/fzf.nix
new file mode 100644
index 000000000..14b6900b5
--- /dev/null
+++ b/tv/5pkgs/vim/fzf.nix
@@ -0,0 +1,11 @@
+{ pkgs }:
+
+# cannot use pkgs.vimPlugins.fzf-vim as it's missing :Rg
+pkgs.vimUtils.buildVimPlugin {
+ name = "fzf-2018-11-14";
+ src = pkgs.fetchgit {
+ url = https://github.com/junegunn/fzf.vim;
+ rev = "ad1833ecbc9153b6e34a4292dc089a58c4bcb8dc";
+ sha256 = "1z2q71q6l9hq9fqfqpj1svhyk4yk1bzw1ljhksx4bnpz8gkfbx2m";
+ };
+}
diff --git a/tv/5pkgs/vim/hack.nix b/tv/5pkgs/vim/hack.nix
new file mode 100644
index 000000000..2145cc166
--- /dev/null
+++ b/tv/5pkgs/vim/hack.nix
@@ -0,0 +1,46 @@
+with import <stockholm/lib>;
+{ pkgs }:
+
+(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+ name = "hack";
+in {
+ name = "vim-color-${name}-1.0.2";
+ destination = "/colors/${name}.vim";
+ text = /* vim */ ''
+ set background=dark
+ hi clear
+ if exists("syntax_on")
+ syntax clear
+ endif
+
+ let colors_name = ${toJSON name}
+
+ hi Normal ctermbg=235
+ hi Comment ctermfg=242
+ hi Constant ctermfg=255
+ hi Identifier ctermfg=253
+ hi Function ctermfg=253
+ hi Statement ctermfg=253
+ hi PreProc ctermfg=251
+ hi Type ctermfg=251
+ hi Delimiter ctermfg=251
+ hi Special ctermfg=255
+
+ hi Garbage ctermbg=088
+ hi TabStop ctermbg=016
+ hi Todo ctermfg=174 ctermbg=NONE
+
+ hi NixCode ctermfg=040
+ hi NixData ctermfg=046
+ hi NixQuote ctermfg=071
+
+ hi diffNewFile ctermfg=207
+ hi diffFile ctermfg=207
+ hi diffLine ctermfg=207
+ hi diffSubname ctermfg=207
+ hi diffAdded ctermfg=010
+ hi diffRemoved ctermfg=009
+
+ hi Search cterm=NONE ctermbg=216
+ '';
+}))
diff --git a/tv/5pkgs/vim/jq.nix b/tv/5pkgs/vim/jq.nix
new file mode 100644
index 000000000..523f49f02
--- /dev/null
+++ b/tv/5pkgs/vim/jq.nix
@@ -0,0 +1,10 @@
+{ pkgs }:
+
+pkgs.vimUtils.buildVimPlugin {
+ name = "vim-syntax-jq";
+ src = pkgs.fetchgit {
+ url = https://github.com/vito-c/jq.vim;
+ rev = "99d55a300047946a82ecdd7617323a751199ad2d";
+ sha256 = "09c94nah47wx0cr556w61h6pfznxld18pfblc3nv51ivbw7cjqyx";
+ };
+}
diff --git a/tv/5pkgs/vim/nix.nix b/tv/5pkgs/vim/nix.nix
new file mode 100644
index 000000000..747ab0bc0
--- /dev/null
+++ b/tv/5pkgs/vim/nix.nix
@@ -0,0 +1,223 @@
+with import <stockholm/lib>;
+{ pkgs }:
+
+(rtp: rtp // { inherit rtp; }) (pkgs.write "vim-syntax-nix-nested" {
+ "/syntax/haskell.vim".text = ''
+ syn region String start=+\[[[:alnum:]]*|+ end=+|]+
+
+ hi link ConId Identifier
+ hi link VarId Identifier
+ hi link hsDelimiter Delimiter
+ '';
+ "/syntax/nix.vim".text = ''
+ "" Quit when a (custom) syntax file was already loaded
+ "if exists("b:current_syntax")
+ " finish
+ "endif
+
+ "setf nix
+
+ " Ref <nix/src/libexpr/lexer.l>
+ syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
+ syn match NixINT /\<[0-9]\+\>/
+ syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
+ syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
+ syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
+ syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
+ syn region NixSTRING
+ \ matchgroup=NixSTRING
+ \ start='"'
+ \ skip='\\"'
+ \ end='"'
+ syn region NixIND_STRING
+ \ matchgroup=NixIND_STRING
+ \ start="'''"
+ \ skip="'''\('\|[$]\|\\[nrt]\)"
+ \ end="'''"
+
+ syn match NixOther /[-!+&<>|():/;=.,?\[\]*@]/
+
+ syn match NixCommentMatch /\(^\|\s\)#.*/
+ syn region NixCommentRegion start="/\*" end="\*/"
+
+ hi link NixCode Statement
+ hi link NixData Constant
+ hi link NixComment Comment
+
+ hi link NixCommentMatch NixComment
+ hi link NixCommentRegion NixComment
+ hi link NixID NixCode
+ hi link NixINT NixData
+ hi link NixPATH NixData
+ hi link NixHPATH NixData
+ hi link NixSPATH NixData
+ hi link NixURI NixData
+ hi link NixSTRING NixData
+ hi link NixIND_STRING NixData
+
+ hi link NixEnter NixCode
+ hi link NixOther NixCode
+ hi link NixQuote NixData
+
+ syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
+ syn cluster nix_ind_strings contains=NixIND_STRING
+ syn cluster nix_strings contains=NixSTRING
+
+ ${concatStringsSep "\n" (mapAttrsToList (name: {
+ extraStart ? null,
+ lang ? name
+ }:
+ let
+ startAlts = filter isString [
+ ''/\* ${name} \*/''
+ extraStart
+ ];
+ sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
+ in /* vim */ ''
+ syn include @nix_${lang}_syntax syntax/${lang}.vim
+ if exists("b:current_syntax")
+ unlet b:current_syntax
+ endif
+
+ syn match nix_${lang}_sigil
+ \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
+ \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
+ \ transparent
+
+ syn region nix_${lang}_region_STRING
+ \ matchgroup=NixSTRING
+ \ start='"'
+ \ skip='\\"'
+ \ end='"'
+ \ contained
+ \ contains=@nix_${lang}_syntax
+ \ transparent
+
+ syn region nix_${lang}_region_IND_STRING
+ \ matchgroup=NixIND_STRING
+ \ start="'''"
+ \ skip="'''\('\|[$]\|\\[nrt]\)"
+ \ end="'''"
+ \ contained
+ \ contains=@nix_${lang}_syntax
+ \ transparent
+
+ syn cluster nix_ind_strings
+ \ add=nix_${lang}_region_IND_STRING
+
+ syn cluster nix_strings
+ \ add=nix_${lang}_region_STRING
+
+ " This is required because containedin isn't transitive.
+ syn cluster nix_has_dollar_curly
+ \ add=@nix_${lang}_syntax
+ '') (let
+
+ # TODO move this higher
+ capitalize = s: let
+ xs = stringToCharacters s;
+ in
+ toUpper (head xs) + concatStrings (tail xs);
+
+ alts = xs: ''\(${concatStringsSep ''\|'' xs}\)'';
+ def = k: ''${k}[ \t\r\n]*='';
+ writer = k: ''write${k}[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)'';
+
+ writerExt = k: writerName ''[^"]*\.${k}'';
+ writerName = k: ''write[^ \t\r\n]*[ \t\r\n]*"${k}"'';
+
+ in {
+ c = {};
+ cabal = {};
+ diff = {};
+ exim = {};
+ haskell = {};
+ jq.extraStart = alts [
+ (writer "Jq")
+ (writerExt "jq")
+ ];
+ javascript.extraStart = ''/\* js \*/'';
+ lua = {};
+ #nginx = {};
+ python.extraStart = ''/\* py \*/'';
+ sed.extraStart = writer "Sed";
+ sh.extraStart = let
+ phases = [
+ "unpack"
+ "patch"
+ "configure"
+ "build"
+ "check"
+ "install"
+ "fixup"
+ "installCheck"
+ "dist"
+ ];
+ shells = [
+ "ash"
+ "bash"
+ "dash"
+ ];
+ in alts [
+ (def "shellHook")
+ (def "${alts phases}Phase")
+ (def "${alts ["pre" "post"]}${alts (map capitalize phases)}")
+ (writer (alts (map capitalize shells)))
+ ];
+ yaml = {};
+ vim.extraStart = alts [
+ (def ''"[^"]*\.vim"\.text'')
+ (writerExt "vim")
+ (writerName ''\([^"]*\.\)\?vimrc'')
+ ];
+ xdefaults = {};
+ xmodmap = {};
+ }))}
+
+ " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
+ syn clear shVarAssign
+
+ syn region nixINSIDE_DOLLAR_CURLY
+ \ matchgroup=NixEnter
+ \ start="[$]{"
+ \ end="}"
+ \ contains=TOP
+ \ containedin=@nix_has_dollar_curly
+ \ transparent
+
+ syn region nix_inside_curly
+ \ matchgroup=NixEnter
+ \ start="{"
+ \ end="}"
+ \ contains=TOP
+ \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
+ \ transparent
+
+ syn match NixQuote /'''\(''$\|\\.\)/he=s+2
+ \ containedin=@nix_ind_strings
+ \ contained
+
+ syn match NixQuote /'''\('\|\\.\)/he=s+1
+ \ containedin=@nix_ind_strings
+ \ contained
+
+ syn match NixQuote /\\./he=s+1
+ \ containedin=@nix_strings
+ \ contained
+
+ syn sync fromstart
+
+ let b:current_syntax = "nix"
+
+ set isk=@,48-57,_,192-255,-,'
+ '';
+ "/syntax/sed.vim".text = ''
+ syn region sedBranch
+ \ matchgroup=sedFunction start="T"
+ \ matchgroup=sedSemicolon end=";\|$"
+ \ contains=sedWhitespace
+ '';
+ "/syntax/xmodmap.vim".text = ''
+ syn match xmodmapComment /^\s*!.*/
+ '';
+})
diff --git a/tv/5pkgs/vim/showsyntax.nix b/tv/5pkgs/vim/showsyntax.nix
new file mode 100644
index 000000000..a5547e46a
--- /dev/null
+++ b/tv/5pkgs/vim/showsyntax.nix
@@ -0,0 +1,26 @@
+{ pkgs }:
+
+(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+ name = "showsyntax";
+in {
+ name = "vim-plugin-${name}-1.0.0";
+ destination = "/plugin/${name}.vim";
+ text = /* vim */ ''
+ if exists('g:loaded_showsyntax')
+ finish
+ endif
+ let g:loaded_showsyntax = 0
+
+ fu! ShowSyntax()
+ let id = synID(line("."), col("."), 1)
+ let name = synIDattr(id, "name")
+ let transName = synIDattr(synIDtrans(id),"name")
+ if name != transName
+ let name .= " (" . transName . ")"
+ endif
+ echo "Syntax: " . name
+ endfu
+
+ command! -n=0 -bar ShowSyntax :call ShowSyntax()
+ '';
+}))
diff --git a/tv/5pkgs/vim/tv.nix b/tv/5pkgs/vim/tv.nix
new file mode 100644
index 000000000..ae6245b87
--- /dev/null
+++ b/tv/5pkgs/vim/tv.nix
@@ -0,0 +1,53 @@
+{ pkgs }:
+
+(rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" {
+ #
+ # Haskell
+ #
+ "/ftplugin/haskell.vim".text = ''
+ if exists("g:vim_tv_ftplugin_haskell_loaded")
+ finish
+ endif
+ let g:vim_tv_ftplugin_haskell_loaded = 1
+
+ setlocal iskeyword+='
+ '';
+ #
+ # TODO
+ #
+ "/ftdetect/todo.vim".text = ''
+ au BufRead,BufNewFile TODO set ft=todo
+ '';
+ "/ftplugin/todo.vim".text = ''
+ setlocal foldmethod=syntax
+ '';
+ "/syntax/todo.vim".text = ''
+ syn match todoComment /#.*/
+
+ syn match todoDate /^[1-9]\S*/
+ \ nextgroup=todoSummary
+
+ syn region todoSummary
+ \ contained
+ \ contains=todoTag
+ \ start="." end="$\n"
+ \ nextgroup=todoBlock
+
+ syn match todoTag /\[[A-Za-z]\+\]/hs=s+1,he=e-1
+ \ contained
+
+ syn region todoBlock
+ \ contained
+ \ contains=Comment
+ \ fold
+ \ start="^[^1-9]" end="^[1-9 ]"re=s-1,he=s-1,me=s-1
+
+ syn sync minlines=1000
+
+ hi link todoComment Comment
+ hi todoDate ctermfg=255
+ hi todoSummary ctermfg=229
+ hi todoBlock ctermfg=248
+ hi todoTag ctermfg=217
+ '';
+})
diff --git a/tv/5pkgs/vim/vim.nix b/tv/5pkgs/vim/vim.nix
new file mode 100644
index 000000000..216ab6abb
--- /dev/null
+++ b/tv/5pkgs/vim/vim.nix
@@ -0,0 +1,16 @@
+with import <stockholm/lib>;
+{ pkgs }:
+
+(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+ name = "vim";
+in {
+ name = "vim-syntax-${name}-1.0.0";
+ destination = "/syntax/${name}.vim";
+ text = /* vim */ ''
+ ${concatMapStringsSep "\n" (s: /* vim */ ''
+ syn keyword vimColor${s} ${s}
+ \ containedin=ALLBUT,vimComment,vimLineComment
+ hi vimColor${s} ctermfg=${s}
+ '') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
+ '';
+}))
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 14:48:46 +0000
[cgit] Unable to lock slot /tmp/cgit/ef000000.lock: No such file or directory (2)