diff options
| author | jeschli <jeschli@gmail.com> | 2018-08-21 19:52:30 +0200 |
|---|---|---|
| committer | jeschli <jeschli@gmail.com> | 2018-08-21 19:52:30 +0200 |
| commit | 8cfc4f5eda10b1025a4ad3b9725deb9ad7a32338 (patch) | |
| tree | 4a9626e685bc076461f5e63c55e29e3689d2eedd | |
| parent | f2dadea808323f69531c51b12ed5cb872ac933a0 (diff) | |
| parent | 89951ebd816248bc4e62b2dad78b5db906c3cefe (diff) | |
Merge remote-tracking branch 'origin/master'
51 files changed, 500 insertions, 413 deletions
diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix index 6842bfaab..91a998de7 100644 --- a/krebs/1systems/onebutton/source.nix +++ b/krebs/1systems/onebutton/source.nix @@ -1,11 +1,8 @@ with import <stockholm/lib>; let pkgs = import <nixpkgs> {}; - nixpkgs = pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs-channels"; - rev = "nixos-unstable"; # only binary cache for unstable arm6 - sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; + nixpkgs = builtins.fetchTarball { + url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz; }; in import <stockholm/krebs/source.nix> { name = "onebutton"; diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix index a3f39b40e..88b7e1072 100644 --- a/krebs/2configs/news-spam.nix +++ b/krebs/2configs/news-spam.nix @@ -7,7 +7,6 @@ [SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews [SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews [SPAM]antirez|http://antirez.com/rss|#snews - [SPAM]arbor|http://feeds2.feedburner.com/asert/|#snews [SPAM]archlinux|http://www.archlinux.org/feeds/news/|#snews [SPAM]ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews [SPAM]augustl|http://augustl.com/atom.xml|#snews @@ -131,7 +130,6 @@ [SPAM]slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews [SPAM]slate|http://feeds.slate.com/slate|#snews [SPAM]spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews - [SPAM]spiegelfechter|http://feeds.feedburner.com/DerSpiegelfechter?format=xml|#snews [SPAM]spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews [SPAM]standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews [SPAM]stern|http://www.stern.de/feed/standard/all/|#snews @@ -146,7 +144,6 @@ [SPAM]the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews [SPAM]tigsource|http://www.tigsource.com/feed/|#snews [SPAM]tinc|http://tinc-vpn.org/news/index.rss|#snews - [SPAM]topix_b|http://www.topix.com/rss/wire/de/berlin|#snews [SPAM]torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews [SPAM]torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews [SPAM]torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews @@ -160,7 +157,6 @@ [SPAM]us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews [SPAM]vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews [SPAM]weechat|http://dev.weechat.org/feed/atom|#snews - [SPAM]wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#snews [SPAM]xkcd|https://xkcd.com/rss.xml|#snews [SPAM]zdnet|http://www.zdnet.com/news/rss.xml|#snews ''; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 6311e88ab..5ae24b40b 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -8,21 +8,6 @@ with import <stockholm/lib>; let - defaultBool = o: mkOption { - type = types.bool; - default = option; - }; - - defaultUint = o: mkOption { - type = types.uint; - default = o; - }; - - defaultAbsolutpath = o: mkOption { - type = types.absolute-pathname; - default = o; - }; - cfg = config.krebs.git; out = { @@ -136,15 +121,42 @@ let cgit-settings = types.submodule { # A setting's value of `null` means cgit's default should be used. options = { - cache-root = defaultAbsolutpath("/tmp/cgit"); - cache-size = defaultUint(1000); - css = defaultAbsolutpath("/static/cgit.css"); - enable-commit-graph = defaultBool(true); - enable-index-links = defaultBool(true); - enable-index-owner = defaultBool(false); - enable-log-filecount = defaultBool(true); - enable-log-linecount = defaultBool(true); - enable-remote-branches = defaultBool(true); + cache-root = mkOption { + type = types.absolute-pathname; + default = "/tmp/cgit"; + }; + cache-size = mkOption { + type = types.uint; + default = 1000; + }; + css = mkOption { + type = types.absolute-pathname; + default = "/static/cgit.css"; + }; + enable-commit-graph = mkOption { + type = types.bool; + default = true; + }; + enable-index-links = mkOption { + type = types.bool; + default = true; + }; + enable-index-owner = mkOption { + type = types.bool; + default = false; + }; + enable-log-filecount = mkOption { + type = types.bool; + default = true; + }; + enable-log-linecount = mkOption { + type = types.bool; + default = true; + }; + enable-remote-branches = mkOption { + type = types.bool; + default = true; + }; logo = mkOption { type = types.absolute-pathname; default = "/static/cgit.png"; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index e2322e171..c4a5bbb0d 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -301,37 +301,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t"; }; - helios = { - cores = 8; - nets = { - retiolum = { - ip4.addr = "10.243.133.117"; - ip6.addr = "42:0:0:0:0:0:3:7105"; - aliases = [ - "helios.r" - "cgit.helios.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAp+SRmP5MoCSYInx4Dm5MLZzNyXVgfo/CDoeUlUT35X0yE7WHGWsG - wHPCu+3RWfBUjuqNdb0qiGtRi3Q/LwznwBROPOX8gMXia/DgCLbIjn5Rx081pTIo - 3epbUCFtNgyDWg8IHF87ZnVBXTYAy5g4tz9u8kw82D8mR18o595TuZ9t5pDc/Kvi - fPHZenT6cd6FtL9uankX/jan1PRP9xTrhpE8dAQ6g+7XH7knMK3cno/Ztis5YzHt - Ith0bsIjk5of7hhITj0MXtTikjDqWxkpF5mfOK1cG/rC1goTmB9AfcENUBnu9iAM - I/alzqk3CEczznLyaOckfx2fRuar912LAdiJ5v7VPztfvN1p3gIxq5M0Rgkq+98B - H/s32xNRBPvqoIleKnhwE9gfrCLaAVqpaMkgKRvgsTkSDNYNhh4smQ3eAKKwwDH/ - QG3sfP8xyNyDFhBtCiDGkf9hNqBBMaKjZoh8DasZNtcfOop3fGw7jmUUbB6cG8cp - +EfYbcb5mVpmrIyXgOTwwYcp7tn+zkd4Wa8C9Q98eFTs0HGVGxGX9Hj6PM/kXK4C - aIqIQVNpnJ/9cOwT8JFIriG1MWTOXbamUusKTLs8SRp3ZkyM7XUEcLL5HMh09rUw - rzEAmE7TywXVhd7j2IaEy+bx2dfGQH2bFoh6Drm6Olo+ySi1utB5dGkCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpx9jJnn4QMGO8BOrGOLRN1rgpIkR14sQb8S+otWEL"; - }; littleT = { cores = 2; nets = { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index c5404f96d..9630d7a7f 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -336,7 +336,6 @@ with import <stockholm/lib>; "krebsco.de" = '' euer IN MX 1 aspmx.l.google.com. nixos.unstable IN CNAME krebscode.github.io. - gold IN A ${nets.internet.ip4.addr} boot IN A ${nets.internet.ip4.addr} ''; }; @@ -522,6 +521,13 @@ with import <stockholm/lib>; }; nextgum = rec { ci = true; + extraZones = { + "krebsco.de" = '' + cache.euer IN A ${nets.internet.ip4.addr} + cache.gum IN A ${nets.internet.ip4.addr} + gold IN A ${nets.internet.ip4.addr} + ''; + }; cores = 8; nets = rec { internet = { @@ -537,6 +543,7 @@ with import <stockholm/lib>; ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3"; aliases = [ "nextgum.r" + "cache.gum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index b7ef824b5..09e552010 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -29,7 +29,7 @@ let ''} ${optionalString (cfg.watchDir != null) '' - schedule = watch_directory,5,5,load_start=${cfg.watchDir}/*.torrent + directory.watch.added = "${cfg.watchDir}", load.start_verbose ''} directory = ${cfg.downloadDir} diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix index 954cfd76a..7f6bb299d 100644 --- a/krebs/5pkgs/haskell/xmonad-stockholm.nix +++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix @@ -1,16 +1,16 @@ -{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape +{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xft, X11-xshape , xmonad, xmonad-contrib }: mkDerivation rec { pname = "xmonad-stockholm"; - version = "1.1.1"; + version = "1.2.0"; src = fetchgit { url = http://cgit.ni.krebsco.de/xmonad-stockholm; rev = "refs/tags/v${version}"; - sha256 = "05nnfg6q35z3qgf507qa80bz32jl4k719dl5phlmchplp3769585"; + sha256 = "13mvmh3kk9a79l1nii028p0n7l95pb78wz9c4j42l90m02mg6cis"; }; libraryHaskellDepends = [ - base containers X11 X11-xshape xmonad xmonad-contrib + base containers X11 X11-xft X11-xshape xmonad xmonad-contrib ]; license = stdenv.lib.licenses.mit; } diff --git a/krebs/krops.nix b/krebs/krops.nix index 861f2d323..0e80aec0e 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -12,7 +12,7 @@ krebs-source = { nixpkgs.git = { - ref = "56fad146a12a6f934d1d5ef875eb729be1b19129"; + ref = "d0c868ec17c2cb2ca845f33fbfe381e9c7e55516"; url = https://github.com/NixOS/nixpkgs; }; stockholm.file = toString ../.; diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 5657742a6..257e51ee3 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -8,16 +8,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/browsers.nix> <stockholm/lass/2configs/mouse.nix> <stockholm/lass/2configs/pass.nix> - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/otp-ssh.nix> - # TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined - #<stockholm/lass/2configs/git.nix> - #<stockholm/lass/2configs/dcso-vpn.nix> - <stockholm/lass/2configs/virtualbox.nix> - <stockholm/lass/2configs/dcso-dev.nix> - <stockholm/lass/2configs/steam.nix> - <stockholm/lass/2configs/rtl-sdr.nix> - <stockholm/lass/2configs/backup.nix> { services.xserver.dpi = 200; fonts.fontconfig.dpi = 200; @@ -25,44 +15,9 @@ with import <stockholm/lib>; lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola"; lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol"; } - { #TAPIR, AGATIS, sentral, a3 - foo - services.redis.enable = true; - } - { - krebs.fetchWallpaper = { - enable = true; - url = "http://i.imgur.com/0ktqxSg.png"; - maxTime = 9001; - }; - } - { - #urban terror port - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 27960"; target = "ACCEPT"; } - { predicate = "-p udp --dport 27960"; target = "ACCEPT"; } - ]; - } ]; krebs.build.host = config.krebs.hosts.helios; - krebs.git.rules = [ - { - user = [ config.krebs.users.lass-helios ]; - repo = [ config.krebs.git.repos.stockholm ]; - perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ]; - } - { - lass.umts = { - enable = true; - modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09"; - initstrings = '' - Init1 = AT+CFUN=1 - Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 - ''; - }; - } - ]; - environment.systemPackages = with pkgs; [ ag vim @@ -84,27 +39,10 @@ with import <stockholm/lib>; services.tlp.enable = true; - networking.hostName = lib.mkForce "BLN02NB0162"; - - security.pki.certificateFiles = [ - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; }) - - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; }) - ]; - - programs.adb.enable = true; - users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; - services.printing.drivers = [ pkgs.postscript-lexmark ]; services.logind.extraConfig = '' HandleLidSwitch=ignore ''; - virtualisation.docker.enable = true; } diff --git a/lass/1systems/helios/physical.nix b/lass/1systems/helios/physical.nix deleted file mode 100644 index a5212454f..000000000 --- a/lass/1systems/helios/physical.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ - ./config.nix - { # automatic hardware detection - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - - fileSystems."/" = { - device = "/dev/pool/root"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/1F60-17C6"; - fsType = "vfat"; - }; - - fileSystems."/home" = { - device = "/dev/pool/home"; - fsType = "btrfs"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - } - { # crypto stuff - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - devices = [{ - name = "luksroot"; - device = "/dev/nvme0n1p3"; - }]; - }; - } - ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.wireless.enable = true; - hardware.enableRedistributableFirmware = true; - - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0" - ''; - - services.xserver.videoDrivers = [ "nvidia" ]; - services.xserver.xrandrHeads = [ - { output = "DP-2"; primary = true; } - { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; } - { output = "DP-0"; } - ]; - - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal - ''; -} diff --git a/lass/1systems/helios/source.nix b/lass/1systems/helios/source.nix deleted file mode 100644 index bfe4dca4c..000000000 --- a/lass/1systems/helios/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/lass/source.nix> { - name = "helios"; - secure = true; -} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index ad4f8a504..90e04cad1 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -33,6 +33,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/dunst.nix> <stockholm/lass/2configs/rtl-sdr.nix> <stockholm/lass/2configs/backup.nix> + <stockholm/lass/2configs/print.nix> { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 6be45d38d..b9fda2949 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -175,7 +175,6 @@ with import <stockholm/lib>; alias /var/realwallpaper/realwallpaper.png; ''; } - <stockholm/lass/2configs/dcso-dev.nix> { users.users.jeschli = { uid = genid "jeschli"; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 7d04827f0..95aac2d18 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -8,7 +8,6 @@ in { ./mpv.nix ./power-action.nix ./copyq.nix - ./livestream.nix ./urxvt.nix ./network-manager.nix { @@ -58,30 +57,18 @@ in { programs.ssh.startAgent = true; services.openssh.forwardX11 = true; - services.printing = { - enable = true; - drivers = [ - pkgs.foomatic_filters - pkgs.gutenprint - ]; - }; - environment.systemPackages = with pkgs; [ acpi ag - bank cabal2nix cholerab dic dmenu font-size - gi gitAndTools.qgit git-preview gnome3.dconf lm_sensors - mpv-poll - much ncdu nix-index nix-repl @@ -90,18 +77,14 @@ in { powertop push rxvt_unicode_with-plugins - slock sxiv taskwarrior termite - timewarrior xclip xephyrify xorg.xbacklight xorg.xhost xsel - youtube-tools - yt-next zathura ]; @@ -112,7 +95,6 @@ in { xlibs.fontschumachermisc ]; - #lass.xserver.enable = true; services.xserver = { enable = true; layout = "us"; diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index 363705edc..16c63ff38 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -12,6 +12,7 @@ with (import <stockholm/lib>); environment.systemPackages = with pkgs; [ ag nmap + git-preview ]; services.tor.enable = true; diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 272169e92..425e0ee13 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -29,7 +29,7 @@ let environment.systemPackages = [ config.lass.xjail-bins.${name} (pkgs.writeDashBin "cx-${name}" '' - DISPLAY=:${toString (genid_signed name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip + DISPLAY=:${toString (genid_uint31 name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip '') ]; lass.browser.paths.${name} = { @@ -66,6 +66,7 @@ in { extensions = [ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium + "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold ]; }; diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix index 56c9a286c..b08cf9307 100644 --- a/lass/2configs/ciko.nix +++ b/lass/2configs/ciko.nix @@ -2,7 +2,7 @@ with import <stockholm/lib>; { users.users.ciko = { - uid = genid_signed "ciko"; + uid = genid_uint31 "ciko"; description = "acc for ciko"; home = "/home/ciko"; useDefaultShell = true; diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix deleted file mode 100644 index 4d8d308fb..000000000 --- a/lass/2configs/dcso-dev.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - mainUser = config.users.extraUsers.mainUser; - inherit (import <stockholm/lib>) genid; - -in { - users.extraUsers = { - dev = { - name = "dev"; - uid = genid "dev"; - extraGroups = [ "docker" "vboxusers" ]; - description = "user for collaborative development"; - home = "/home/dev"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - config.krebs.users.lass-android.pubkey - config.krebs.users.lass-mors.pubkey - config.krebs.users.jeschli-bln.pubkey - config.krebs.users.jeschli-brauerei.pubkey - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB" - ]; - packages = with pkgs; [ - emacs25-nox - - (pkgs.symlinkJoin { - name = "tmux"; - paths = [ - (pkgs.writeDashBin "tmux" '' - exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' - set-option -g default-terminal screen-256color - - #use session instead of windows - bind-key c new-session - bind-key p switch-client -p - bind-key n switch-client -n - bind-key C-s switch-client -l - ''} "$@" - '') - pkgs.tmux - ]; - }) - ]; - }; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8000"; target = "ACCEPT";} - { predicate = "-p tcp --dport 9000"; target = "ACCEPT";} - ]; - - krebs.per-user.dev.packages = [ - pkgs.go - ]; - environment.variables.GOPATH = "$HOME/go"; - - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(dev) NOPASSWD: ALL - ''; - - networking.interfaces.et0.ipv4.addresses = [ - { address = "10.99.23.1"; prefixLength = 24; } - ]; - virtualisation.docker.enable = true; - environment.etc."docker/daemon.json".source = pkgs.writeText "daemon.json" '' - { - "bip": "172.25.0.1/16" - } - ''; - services.rabbitmq.enable = true; - services.postgresql.enable = true; -} diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index db6bda005..30757964c 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -84,6 +84,7 @@ with import <stockholm/lib>; { from = "boardgamegeek@lassul.us"; to = lass.mail; } { from = "qwertee@lassul.us"; to = lass.mail; } { from = "zazzle@lassul.us"; to = lass.mail; } + { from = "hackbeach@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/print.nix b/lass/2configs/print.nix new file mode 100644 index 000000000..e2d021641 --- /dev/null +++ b/lass/2configs/print.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + services.printing = { + enable = true; + drivers = [ + pkgs.foomatic_filters + pkgs.gutenprint + ]; + }; +} diff --git a/lass/2configs/urxvt.nix b/lass/2configs/urxvt.nix index 90d28d650..fa63ddf25 100644 --- a/lass/2configs/urxvt.nix +++ b/lass/2configs/urxvt.nix @@ -19,9 +19,9 @@ with import <stockholm/lib>; URxvt.keysym.M-Escape: perl:keyboard-select:activate URxvt.keysym.M-s: perl:keyboard-select:search - URxvt.keysym.M-F1: command:\033]710;-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1\007\033]711;-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1\007 - URxvt.keysym.M-F2: command:\033]710;xft:Monospace:size=15\007\033]711;xft:Monospace:size=15:bold\007 - URxvt.keysym.M-F3: command:\033]710;xft:Monospace:size=20\007\033]711;xft:Monospace:size=20:bold\007 + URxvt.keysym.M-F1: command:\033]710;${config.lass.fonts.regular}\007\033]711;${config.lass.fonts.bold}\007 + URxvt.keysym.M-F2: command:\033]710;xft:Monospace:size=12\007\033]711;xft:Monospace:size=15:bold\007 + URxvt.keysym.M-F3: command:\033]710;xft:Monospace:size=18\007\033]711;xft:Monospace:size=20:bold\007 URxvt.keysym.M-F4: command:\033]710;xft:Monospace:size=25\007\033]711;xft:Monospace:size=25:bold\007 URxvt.keysym.M-F5: command:\033]710;xft:Monospace:size=30\007\033]711;xft:Monospace:size=30:bold\007 diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index d19f534fe..e1c1313ea 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -4,7 +4,7 @@ let inherit (import <stockholm/lib>) genid - genid_signed + genid_uint31 ; inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;}) servePage @@ -134,7 +134,7 @@ in { }; users.users.domsen = { - uid = genid_signed "domsen"; + uid = genid_uint31 "domsen"; description = "maintenance acc for domsen"; home = "/home/domsen"; useDefaultShell = true; @@ -143,49 +143,49 @@ in { }; users.users.bruno = { - uid = genid_signed "bruno"; + uid = genid_uint31 "bruno"; home = "/home/bruno"; useDefaultShell = true; createHome = true; }; users.users.jla-trading = { - uid = genid_signed "jla-trading"; + uid = genid_uint31 "jla-trading"; home = "/home/jla-trading"; useDefaultShell = true; createHome = true; }; users.users.jms = { - uid = genid_signed "jms"; + uid = genid_uint31 "jms"; home = "/home/jms"; useDefaultShell = true; createHome = true; }; users.users.ms = { - uid = genid_signed "ms"; + uid = genid_uint31 "ms"; home = "/home/ms"; useDefaultShell = true; createHome = true; }; users.users.testuser = { - uid = genid_signed "testuser"; + uid = genid_uint31 "testuser"; home = "/home/testuser"; useDefaultShell = true; createHome = true; }; users.users.akayguen = { - uid = genid_signed "akayguen"; + uid = genid_uint31 "akayguen"; home = "/home/akayguen"; useDefaultShell = true; createHome = true; }; users.users.bui = { - uid = genid_signed "bui"; + uid = genid_uint31 "bui"; home = "/home/bui"; useDefaultShell = true; createHome = true; diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 8f5f05bc2..5b450ed42 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -23,7 +23,7 @@ with import <stockholm/lib>; }; display = mkOption { type = types.string; - default = toString (genid_signed config._module.args.name); + default = toString (genid_uint31 config._module.args.name); }; dpi = mkOption { type = types.int; diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 694f3c033..3bff9d450 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -64,7 +64,7 @@ myTerm :: FilePath myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc" myFont :: String -myFont = "${config.lass.fonts.regular}" +myFont = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1" main :: IO () main = getArgs >>= \case @@ -160,6 +160,8 @@ myKeyMap = , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") + , ("M4-s", spawn "${pkgs.knav}/bin/knav") + --, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView)) --, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView)) --, ("M4-r", screenWorkspace 2 >>= (windows . W.greedyView)) diff --git a/lass/5pkgs/knav/default.nix b/lass/5pkgs/knav/default.nix new file mode 100644 index 000000000..30d49a1b3 --- /dev/null +++ b/lass/5pkgs/knav/default.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: let + + keynavrc = pkgs.writeText "keynavrc" '' + clear + Escape quit + q record ~/.keynav_macros + shift+at playback + u history-back + a cut-left + s cut-down + w cut-up + d cut-right + shift+a move-left + shift+s move-down + shift+w move-up + shift+d move-right + t windowzoom + c cursorzoom 300 300 + e warp + 1 click 1 + 2 click 2 + 3 click 3 + ''; +in pkgs.writeScriptBin "knav" '' + ${pkgs.keynav}/bin/keynav "loadconfig ${keynavrc}, start" +'' diff --git a/lib/default.nix b/lib/default.nix index e5e40975e..a40225c49 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -13,7 +13,7 @@ let mod = x: y: x - y * (x / y); genid = import ./genid.nix { inherit lib; }; - genid_signed = x: ((lib.genid x) + 16777216) / 2; + genid_uint31 = x: ((lib.genid x) + 16777216) / 2; lpad = n: c: s: if lib.stringLength s < n diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix index 93171d23a..9761546e7 100644 --- a/makefu/1systems/nextgum/config.nix +++ b/makefu/1systems/nextgum/config.nix @@ -49,6 +49,7 @@ in { <stockholm/makefu/2configs/vpn/openvpn-server.nix> # <stockholm/makefu/2configs/vpn/vpnws/server.nix> <stockholm/makefu/2configs/dnscrypt/server.nix> + <stockholm/makefu/2configs/binary-cache/server.nix> <stockholm/makefu/2configs/iodined.nix> ## buildbot @@ -69,6 +70,8 @@ in { #<stockholm/makefu/2configs/nginx/public_html.nix> #<stockholm/makefu/2configs/nginx/update.connector.one.nix> #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> + <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix> + <stockholm/makefu/2configs/deployment/events-publisher> #<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> #<stockholm/makefu/2configs/deployment/graphs.nix> diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix index 36fea6544..944210701 100644 --- a/makefu/1systems/nextgum/hardware-config.nix +++ b/makefu/1systems/nextgum/hardware-config.nix @@ -45,12 +45,20 @@ in { "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" "xhci_pci" "ehci_pci" "ahci" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ]; hardware.enableRedistributableFirmware = true; fileSystems."/" = { device = "/dev/mapper/nixos-root"; fsType = "ext4"; }; + fileSystems."/var/lib" = { + device = "/dev/mapper/nixos-lib"; + fsType = "ext4"; + }; + fileSystems."/var/download" = { + device = "/dev/mapper/nixos-download"; + fsType = "ext4"; + }; fileSystems."/boot" = { device = "/dev/sda2"; fsType = "vfat"; @@ -69,7 +77,9 @@ in { #pvcreate /dev/sda3 #pvcreate /dev/sdb1 #vgcreate nixos /dev/sda3 /dev/sdb1 - #lvcreate -L 120G -n root nixos + #lvcreate -L 120G -m 1 -n root nixos + #lvcreate -L 50G -m 1 -n lib nixos + #lvcreate -L 50G -n download nixos #mkfs.ext4 /dev/mapper/nixos-root #mount /dev/mapper/nixos-root /mnt #mkdir /mnt/boot diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index df317a016..9d8a91e6d 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -39,20 +39,27 @@ in { # Sensors <stockholm/makefu/2configs/stats/telegraf> - <stockholm/makefu/2configs/deployment/led-fader.nix> - <stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/telegraf/airsensor.nix> + <stockholm/makefu/2configs/stats/telegraf/europastats.nix> + <stockholm/makefu/2configs/stats/external/aralast.nix> + <stockholm/makefu/2configs/stats/arafetch.nix> + <stockholm/makefu/2configs/deployment/led-fader.nix> + <stockholm/makefu/2configs/hw/mceusb.nix> # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix> + + <stockholm/makefu/2configs/deployment/bureautomation> + <stockholm/makefu/2configs/deployment/bureautomation/hass.nix> (let collectd-port = 25826; influx-port = 8086; + admin-port = 8083; grafana-port = 3000; # TODO nginx forward db = "collectd_db"; logging-interface = "enp0s25"; in { - networking.firewall.allowedTCPPorts = [ 3000 ]; + networking.firewall.allowedTCPPorts = [ 3000 influx-port admin-port ]; services.grafana.enable = true; services.grafana.addr = "0.0.0.0"; @@ -61,7 +68,7 @@ in { meta.hostname = config.krebs.build.host.name; # meta.logging-enabled = true; http.bind-address = ":${toString influx-port}"; - admin.bind-address = ":8083"; + admin.bind-address = ":${toString admin-port}"; collectd = [{ enabled = true; typesdb = "${pkgs.collectd}/share/collectd/types.db"; @@ -125,7 +132,6 @@ in { networking.firewall.allowedTCPPorts = [ 655 8081 #smokeping - 8086 #influx 49152 ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 451689f91..e5b481ab6 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -8,6 +8,7 @@ with import <stockholm/lib>; imports = [ # base <stockholm/makefu> + <stockholm/makefu/2configs/nur.nix> <stockholm/makefu/2configs/main-laptop.nix> <stockholm/makefu/2configs/extra-fonts.nix> <stockholm/makefu/2configs/tools/all.nix> @@ -54,7 +55,6 @@ with import <stockholm/lib>; internalInterfaces = [ "vboxnet0" ]; }; } - # Services <stockholm/makefu/2configs/git/brain-retiolum.nix> <stockholm/makefu/2configs/tor.nix> @@ -64,6 +64,7 @@ with import <stockholm/lib>; # Hardware <stockholm/makefu/2configs/hw/tp-x230.nix> + <stockholm/makefu/2configs/hw/mceusb.nix> # <stockholm/makefu/2configs/hw/tpm.nix> # <stockholm/makefu/2configs/hw/rtl8812au.nix> <stockholm/makefu/2configs/hw/network-manager.nix> @@ -125,7 +126,7 @@ with import <stockholm/lib>; krebs.build.host = config.krebs.hosts.x; - krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; + krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" "nextgum" ]; networking.extraHosts = '' 192.168.1.11 omo.local @@ -133,6 +134,8 @@ with import <stockholm/lib>; ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; + # avoid full boot dir + boot.loader.grub.configurationLimit = 3; environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; nixpkgs.overlays = [ (import <python/overlay.nix>) ]; diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix new file mode 100644 index 000000000..ad6256830 --- /dev/null +++ b/makefu/2configs/binary-cache/server.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ...}: + +{ + # generate private key with: + # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub + services.nix-serve = { + enable = true; + secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + }; + + systemd.services.nix-serve = { + requires = ["secret.service"]; + after = ["secret.service"]; + }; + krebs.secret.files.nix-serve-key = { + path = "/run/secret/nix-serve.key"; + owner.name = "nix-serve"; + source-path = toString <secrets> + "/nix-serve.key"; + }; + services.nginx = { + enable = true; + virtualHosts.nix-serve = { + serverAliases = [ "cache.gum.r" + "cache.euer.krebsco.de" + "cache.gum.krebsco.de" + ]; + locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}"; + }; + }; +} + diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix index b62f37bdb..d5793f886 100644 --- a/makefu/2configs/deployment/bureautomation/hass.nix +++ b/makefu/2configs/deployment/bureautomation/hass.nix @@ -1,75 +1,125 @@ { pkgs, lib, ... }: let - firetv = "192.168.1.238"; + tasmota_plug = name: topic: { + platform = "mqtt"; + inherit name; + state_topic = "/bam/${topic}/stat/POWER"; + command_topic = "/bam/${topic}/cmnd/POWER"; + availability_topic = "/bam/${topic}/tele/LWT"; + qos = 1; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + retain= false; + }; + espeasy_dht22 = name: [ + { + platform = "mqtt"; + device_class = "temperature"; + state_topic = "/bam/${name}/dht22/Temperature"; + availability_topic = "/bam/${name}/status/LWT"; + payload_available = "Connected"; + payload_not_available = "Connection Lost"; + } + { + platform = "mqtt"; + device_class = "humidity"; + state_topic = "/bam/${name}/dht22/Temperature"; + unit_of_measurement = "C"; + availability_topic = "/bam/${name}/status/LWT"; + payload_available = "Connected"; + payload_not_available = "Connection Lost"; + }]; + espeasy_ds18 = name: [ + { + platform = "mqtt"; + device_class = "temperature"; + state_topic = "/bam/${name}/ds18/Temperature"; + availability_topic = "/bam/${name}/status/LWT"; + payload_available = "Connected"; + payload_not_available = "Connection Lost"; + } + ]; in { - imports = [ - <nixpkgs-unstable/nixos/modules/services/misc/home-assistant.nix> + + nixpkgs.config.permittedInsecurePackages = [ + "homeassistant-0.65.5" ]; - systemd.services.firetv = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; - }; - }; - nixpkgs.config.packageOverrides = oldpkgs: { - home-assistant = (import <nixpkgs-unstable> {}).home-assistant; - }; - ids.uids.hass = 286; - ids.gids.hass = 286; + services.home-assistant = { - #panel_iframe: - #configurator: - # title: Configurator - # icon: mdi:wrench - # url: http://hassio.local:3218 - # sensor: - # - platform: random enable = true; config = { homeassistant = { name = "Bureautomation"; time_zone = "Europe/Berlin"; }; - panel_iframe = { - euer_blog = { - title = "Euer Blog"; - icon = "mdi:wrench"; - url = "https://euer.krebsco.de"; + + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + keepalive = 60; + protocol = 3.1; + birth_message = { + topic = "/bam/hass/tele/LWT"; + payload = "Online"; + qos = 1; + retain = true; + }; + will_message = { + topic = "/bam/hass/tele/LWT"; + payload = "Offline"; + qos = 1; + retain = true; }; }; - media_player = [ - { platform = "kodi"; - host = firetv; - } - { platform = "firetv"; - # assumes python-firetv running - } + switch = [ + (tasmota_plug "Bauarbeiterlampe" "plug") + (tasmota_plug "Blitzdings" "plug2") + (tasmota_plug "Fernseher" "plug3") + (tasmota_plug "Pluggy" "plug4") ]; - sensor = [ - { - platform = "luftdaten"; - name = "Shack 1"; - sensorid = "50"; - monitored_conditions = [ "P1" "P2" ]; - } - { - platform = "luftdaten"; - name = "Shack 2"; - sensorid = "658"; - monitored_conditions = [ "P1" "P2" ]; - } - { - platform = "luftdaten"; - name = "Ditzingen"; - sensorid = "5341"; - monitored_conditions = [ "P1" "P2" ]; + binary_sensor = [ + { # esp_easy + platform = "mqtt"; + device_class = "motion"; + state_topic = "/bam/easy2/movement/Switch"; + payload_on = "1"; + payload_off = "0"; + availability_topic = "/bam/easy2/status/LWT"; + payload_available = "Connected"; + payload_not_available = "Connection Lost"; } - { platform = "random"; } ]; + sensor = + (espeasy_dht22 "easy2") ++ + [ (espeasy_ds18 "easy3" ) + { platform = "luftdaten"; + name = "Ditzingen"; + sensorid = "5341"; + monitored_conditions = [ "P1" "P2" ]; + } + { platform = "influxdb"; + queries = [ + { name = "mean value of feinstaub P1"; + where = '' "node" = 'esp8266-1355142' ''; + measurement = "feinstaub"; + database = "telegraf"; + field = "P1"; + } + { name = "mean value of feinstaub P2"; + where = '' "node" = 'esp8266-1355142' ''; + measurement = "feinstaub"; + database = "telegraf"; + field = "P2"; + } + ]; + } + ]; frontend = { }; http = { }; - feedreader.urls = [ "https://nixos.org/blogs.xml" ]; + feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; }; }; } diff --git a/makefu/2configs/deployment/bureautomation/home.nix b/makefu/2configs/deployment/bureautomation/home.nix new file mode 100644 index 000000000..28edb6af2 --- /dev/null +++ b/makefu/2configs/deployment/bureautomation/home.nix @@ -0,0 +1,67 @@ +{ pkgs, lib, ... }: +let + firetv = "192.168.1.238"; +in { + systemd.services.firetv = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; + }; + }; + services.home-assistant = { + #panel_iframe: + #configurator: + # title: Configurator + # icon: mdi:wrench + # url: http://hassio.local:3218 + # sensor: + # - platform: random + enable = true; + config = { + homeassistant = { + name = "Bureautomation"; + time_zone = "Europe/Berlin"; + }; + panel_iframe = { + euer_blog = { + title = "Euer Blog"; + icon = "mdi:wrench"; + url = "https://euer.krebsco.de"; + }; + }; + media_player = [ + { platform = "kodi"; + host = firetv; + } + { platform = "firetv"; + # assumes python-firetv running + } + ]; + sensor = [ + { + platform = "luftdaten"; + name = "Shack 1"; + sensorid = "50"; + monitored_conditions = [ "P1" "P2" ]; + } + { + platform = "luftdaten"; + name = "Shack 2"; + sensorid = "658"; + monitored_conditions = [ "P1" "P2" ]; + } + { + platform = "luftdaten"; + name = "Ditzingen"; + sensorid = "5341"; + monitored_conditions = [ "P1" "P2" ]; + } + { platform = "random"; } + ]; + frontend = { }; + http = { }; + feedreader.urls = [ "https://nixos.org/blogs.xml" ]; + }; + }; +} diff --git a/makefu/2configs/deployment/events-publisher/default.nix b/makefu/2configs/deployment/events-publisher/default.nix new file mode 100644 index 000000000..c671b1a0b --- /dev/null +++ b/makefu/2configs/deployment/events-publisher/default.nix @@ -0,0 +1,48 @@ +{ pkgs, ... }: +with import <stockholm/lib>; +let + shack-announce = pkgs.callPackage (builtins.fetchTarball { + url = "https://github.com/makefu/events-publisher/archive/5e7b083c63f25182a02c1fddb3d32cb9534fbc50.tar.gz"; + sha256 = "1zzlhyj8fr6y3a3b6qlyrm474xxxs1ydqjpkd2jva3g1lnzlmvkp"; + }) {} ; + home = "/var/lib/shackannounce"; + user = "shackannounce"; + creds = (toString <secrets>) + "/shack-announce.json"; +in +{ + users.users.${user}= { + uid = genid user; + inherit home; + createHome = true; + }; + systemd.services.shack-announce = { + description = "Announce shack events"; + startAt = "*:0/30"; + path = [ shack-announce ]; + serviceConfig = { + WorkingDirectory = home; + User = user; + PermissionsStartOnly = true; + ExecStartPre = pkgs.writeDash "shack-announce-pre" '' + set -eu + cp ${creds} creds.json + chown ${user} creds.json + ''; + ExecStart = pkgs.writeDash "shack-announce" '' + if test ! -e announce.state; then + echo "initializing state" + announce-daemon \ + --lol INFO \ + --creds creds.json \ + --state announce.state \ + --clean --init + fi + echo "Running announce" + announce-daemon \ + --lol INFO \ + --creds creds.json \ + --state announce.state + ''; + }; + }; +} diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index e9d4b18e0..cfde0aba8 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -108,7 +108,6 @@ let # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; # Optional: Don't log access to assets @@ -144,6 +143,8 @@ let opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1 + opcache.file_cache = .opcache + zend_extension=${pkgs.php}/lib/php/extensions/opcache.so display_errors = on display_startup_errors = on @@ -155,6 +156,13 @@ let extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so ''; + systemd.services."nextcloud-cron-${domain}" = { + serviceConfig = { + User = "nginx"; + ExecStart = "${pkgs.php}/bin/php -f ${root}/cron.php"; + }; + startAt = "*:0/15"; + }; }; in { imports = [ diff --git a/makefu/2configs/hw/mceusb.nix b/makefu/2configs/hw/mceusb.nix new file mode 100644 index 000000000..069e6e7eb --- /dev/null +++ b/makefu/2configs/hw/mceusb.nix @@ -0,0 +1,17 @@ +{pkgs, lib, ...}:{ + # Disable the MCE remote from acting like a keyboard. (We use lirc instead.) + services.xserver.inputClassSections = ['' + Identifier "MCE USB Keyboard mimic blacklist" + Driver "mceusb" + MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)" + Option "Ignore" "on" + '']; + boot.kernelPatches = lib.singleton { + name = "enable-lirc"; + patch = null; + extraConfig = '' + LIRC y + ''; + }; + +} diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix index d322c683d..ffc32e0cb 100644 --- a/makefu/2configs/hw/network-manager.nix +++ b/makefu/2configs/hw/network-manager.nix @@ -22,15 +22,9 @@ }; networking.networkmanager.enable = true; - # TODO: put somewhere else - services.xserver.displayManager.sessionCommands = '' - ${pkgs.clipit}/bin/clipit & - ${pkgs.networkmanagerapplet}/bin/nm-applet & - ''; - # nixOSUnstable -# networking.networkmanager.wifi = { -# powersave = true; -# scanRandMacAddress = true; -# }; + networking.networkmanager.wifi = { + powersave = true; + scanRandMacAddress = true; + }; } diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix index 4ac639a25..735cb4c17 100644 --- a/makefu/2configs/hw/stk1160.nix +++ b/makefu/2configs/hw/stk1160.nix @@ -1,13 +1,12 @@ { pkgs, lib, ... }: { - # TODO: un-pin linuxPackages somehow - nixpkgs.config.packageOverrides = pkgs: { - linux_4_14 = pkgs.linux_4_14.override { - extraConfig = '' - MEDIA_ANALOG_TV_SUPPORT y - VIDEO_STK1160_COMMON m - VIDEO_STK1160 m - ''; - }; + boot.kernelPatches = lib.singleton { + name = "enable-stk1160"; + patch = null; + extraConfig = '' + MEDIA_ANALOG_TV_SUPPORT y + VIDEO_STK1160_COMMON m + VIDEO_STK1160 m + ''; }; } diff --git a/makefu/2configs/nginx/gold.krebsco.de.nix b/makefu/2configs/nginx/gold.krebsco.de.nix new file mode 100644 index 000000000..083c0f8d7 --- /dev/null +++ b/makefu/2configs/nginx/gold.krebsco.de.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + gold = pkgs.fetchFromGitHub { + owner = "krebs"; + repo = "krebsgold"; + rev = "15f7a74"; + sha256= "1ya9xgg640k3hbl63022sfm44c1si2mxch8jkxindmwg4pa1y4ly"; + }; +in { + + services.nginx = { + enable = mkDefault true; + virtualHosts = { + "gold.krebsco.de" = { + enableACME = true; + forceSSL = true; + root = toString gold + "/html"; + }; + }; + }; +} + diff --git a/makefu/2configs/nur.nix b/makefu/2configs/nur.nix new file mode 100644 index 000000000..dda00063a --- /dev/null +++ b/makefu/2configs/nur.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }:{ + nixpkgs.config.packageOverrides = pkgs: { + nur = pkgs.callPackage (import (builtins.fetchGit { + url = "https://github.com/nix-community/NUR"; + })) {}; + }; +} diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/client.nix index dd6ddddaf..cfb5e3fd2 100644 --- a/makefu/2configs/stats/client.nix +++ b/makefu/2configs/stats/client.nix @@ -31,6 +31,7 @@ FSType "tmpfs" FSType "binfmt_misc" FSType "debugfs" + FSType "tracefs" FSType "mqueue" FSType "hugetlbfs" FSType "systemd-1" diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix index 330616f4a..470193d6c 100644 --- a/makefu/2configs/task-client.nix +++ b/makefu/2configs/task-client.nix @@ -1,6 +1,6 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = [ + users.users.makefu.packages = [ pkgs.taskwarrior ]; diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 898bae10d..1e85da53c 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -1,10 +1,10 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = with pkgs; [ + users.users.makefu.packages = with pkgs; [ chromium - clipit feh + clipit firefox keepassx pcmanfm diff --git a/makefu/2configs/tools/desktop.nix b/makefu/2configs/tools/desktop.nix index 1fe03e111..bb14c3eb5 100644 --- a/makefu/2configs/tools/desktop.nix +++ b/makefu/2configs/tools/desktop.nix @@ -4,8 +4,10 @@ users.users.makefu.packages = with pkgs; [ taskwarrior pass + gopass mutt weechat tmux ]; + } diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index e25290297..ae97edd54 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = with pkgs;[ + users.users.makefu.packages = with pkgs;[ # media gimp inkscape diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index 4de2b545e..35faaa29f 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = with pkgs; [ + users.users.makefu.packages = with pkgs; [ kodi streamripper youtube-dl diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 3dc02937d..17a980ef7 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = with pkgs; [ + users.users.makefu.packages = with pkgs; [ aria2 # mitmproxy pythonPackages.binwalk-full diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix index a076479c2..3df0ddbfe 100644 --- a/makefu/2configs/torrent.nix +++ b/makefu/2configs/torrent.nix @@ -8,13 +8,13 @@ let peer-port = 51412; web-port = 8112; daemon-port = 58846; - torrent-dir = config.makefu.dl-dir; + base-dir = config.makefu.dl-dir; in { users.users = { download = { name = "download"; - home = torrent-dir; + home = base-dir; uid = mkDefault (genid "download"); createHome = true; useDefaultShell = true; @@ -25,10 +25,12 @@ in { # todo: race condition, do this after download user has been created system.activationScripts."download-dir-chmod" = '' - for i in finished watch torrents; do - mkdir -p "${torrent-dir}/$i" - chown download:download "${torrent-dir}/$i" - chmod 770 "${torrent-dir}/$i" + for i in finished watch; do + if test ! -d $i;then + mkdir -p "${base-dir}/$i" + chown rtorrent:download "${base-dir}/$i" + chmod 775 "${base-dir}/$i" + fi done ''; @@ -42,6 +44,7 @@ in { "nginx" ]; }; + rtorrent.members = [ "download" ]; }; krebs.rtorrent = { @@ -54,7 +57,8 @@ in { rutorrent.enable = true; enableXMLRPC = true; listenPort = peer-port; - workDir = torrent-dir; + downloadDir = base-dir + "/finished"; + watchDir = base-dir + "/watch"; # dump old torrents into watch folder to have them re-added }; diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix index e5f62e910..486c0ddf6 100644 --- a/makefu/5pkgs/awesomecfg/default.nix +++ b/makefu/5pkgs/awesomecfg/default.nix @@ -2,7 +2,10 @@ , lib , alsaUtils , xbacklight -, modkey?"Mod4" +, networkmanagerapplet +, blueman +, clipit +, modkey ? "Mod4" , locker? "${pkgs.xlock}/bin/xlock -mode blank" , ... }: @@ -10,7 +13,7 @@ # replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@ full = lib.makeOverridable pkgs.substituteAll { name = "awesome_full_config"; - inherit alsaUtils locker xbacklight modkey; + inherit alsaUtils locker xbacklight modkey networkmanagerapplet blueman clipit; isExecutable = false; src = ./full.cfg; }; diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index e49a88697..12d357913 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -568,6 +568,18 @@ local os = { -- }}} - +-- {{{ autostart +do + local cmds = + { + "@networkmanagerapplet@/bin/nm-applet", + "@blueman@/bin/blueman-applet", + "@clipit@/bin/clipit" + } + + for _,i in pairs(cmds) do + awful.util.spawn(i) + end +end -- }}} diff --git a/makefu/source.nix b/makefu/source.nix index fac1c0282..82a41886b 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -24,11 +24,10 @@ let ]; }; # TODO: automate updating of this ref + cherry-picks - ref = "14946ec63a1"; # nixos-18.03 @ 2018-05-31 + ref = "8f991294288"; # nixos-18.03 @ 2018-08-06 # + do_sqlite3 ruby: 55a952be5b5 # + exfat-nofuse bump: ee6a5296a35 # + uhub/sqlite: 5dd7610401747 - # + forecastio: f27584df02337 in evalSource (toString _file) [ |