summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjeschli <jeschli@gmail.com>2019-01-29 19:17:43 +0100
committerjeschli <jeschli@gmail.com>2019-01-29 19:17:43 +0100
commit924c8fb748a92720c75750cee528ac2f4b7c5c8e (patch)
tree1a3b956f7f8527e533040cee1138810fe304bbc9
parent06b6454af78e8236a67d69cab94f62c32054be47 (diff)
parente64bbd8d6864e21f9e7b6b9a11cf95c976bdc109 (diff)
Merge branch 'master' of prism.r:stockholm
Diffstat
-rw-r--r--ci.nix2
-rw-r--r--krebs/1systems/hotdog/config.nix4
-rw-r--r--krebs/1systems/wolf/config.nix1
-rw-r--r--krebs/2configs/exim-smarthost.nix50
-rw-r--r--krebs/2configs/nscd-fix.nix24
-rw-r--r--krebs/2configs/reaktor-krebs.nix30
-rw-r--r--krebs/2configs/reaktor-retiolum.nix21
-rw-r--r--krebs/2configs/reaktor2.nix152
-rw-r--r--krebs/2configs/shack/mobile.mpd.nix5
-rw-r--r--krebs/2configs/shack/ympd-top-next.patch16
-rw-r--r--krebs/3modules/Reaktor.nix5
-rw-r--r--krebs/3modules/default.nix145
-rw-r--r--krebs/3modules/dns.nix12
-rw-r--r--krebs/3modules/external/default.nix53
-rw-r--r--krebs/3modules/github-known-hosts.nix40
-rw-r--r--krebs/3modules/hosts.nix35
-rw-r--r--krebs/3modules/per-user.nix2
-rw-r--r--krebs/3modules/reaktor2.nix71
-rw-r--r--krebs/3modules/retiolum-hosts.nix28
-rw-r--r--krebs/3modules/tinc.nix1
-rw-r--r--krebs/5pkgs/default.nix2
-rw-r--r--krebs/5pkgs/haskell/blessings.nix4
-rw-r--r--krebs/5pkgs/haskell/much.nix (renamed from krebs/5pkgs/simple/much/cabal.nix)9
-rw-r--r--krebs/5pkgs/haskell/reaktor2.nix27
-rw-r--r--krebs/5pkgs/simple/Reaktor/default.nix6
-rw-r--r--krebs/5pkgs/simple/Reaktor/plugins.nix68
-rwxr-xr-x[-rw-r--r--]krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh2
-rwxr-xr-x[-rw-r--r--]krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh0
-rwxr-xr-x[-rw-r--r--]krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py2
-rwxr-xr-x[-rw-r--r--]krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh0
-rw-r--r--krebs/5pkgs/simple/much/default.nix3
-rw-r--r--krebs/5pkgs/simple/reaktor2-plugins.nix106
-rw-r--r--krebs/krops.nix20
-rw-r--r--krebs/nixpkgs.json6
-rw-r--r--lass/1systems/blue/source.nix17
-rw-r--r--lass/1systems/mors/config.nix2
-rw-r--r--lass/1systems/prism/config.nix15
-rw-r--r--lass/1systems/prism/physical.nix24
-rw-r--r--lass/1systems/yellow/config.nix92
-rw-r--r--lass/2configs/baseX.nix4
-rw-r--r--lass/2configs/default.nix6
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/games.nix1
-rw-r--r--lass/2configs/gc.nix2
-rw-r--r--lass/2configs/hardening.nix11
-rw-r--r--lass/2configs/mail.nix4
-rw-r--r--lass/2configs/radio.nix61
-rw-r--r--lass/2configs/reaktor-coders.nix180
-rw-r--r--lass/2configs/websites/domsen.nix38
-rw-r--r--lass/2configs/websites/lassulus.nix3
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/xserver/default.nix103
-rw-r--r--lass/3modules/xserver/xserver.conf.nix40
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix3
-rw-r--r--makefu/0tests/data/secrets/nixos-community0
-rw-r--r--makefu/1systems/cake/config.nix38
-rw-r--r--makefu/1systems/cake/hardware-config.nix42
-rw-r--r--makefu/1systems/gum/config.nix5
-rw-r--r--makefu/1systems/gum/hardware-config.nix2
-rw-r--r--makefu/1systems/gum/source.nix1
-rw-r--r--makefu/1systems/x/config.nix5
-rw-r--r--makefu/2configs/bgt/download.binaergewitter.de.nix30
-rw-r--r--makefu/2configs/bureautomation/default.nix7
-rw-r--r--makefu/2configs/bureautomation/hass.nix112
-rw-r--r--makefu/2configs/default.nix3
-rw-r--r--makefu/2configs/deployment/owncloud.nix1
-rw-r--r--makefu/2configs/dict.nix5
-rw-r--r--makefu/2configs/gui/base.nix1
-rw-r--r--makefu/2configs/home-manager/cli.nix30
-rw-r--r--makefu/2configs/home-manager/desktop.nix9
-rw-r--r--makefu/2configs/home-manager/zsh.nix126
-rw-r--r--makefu/2configs/hw/malduino_elite.nix15
-rw-r--r--makefu/2configs/printer.nix3
-rw-r--r--makefu/2configs/remote-build/aarch64-community.nix15
-rw-r--r--makefu/2configs/tools/android-pentest.nix1
-rw-r--r--makefu/2configs/tools/dev.nix2
-rw-r--r--makefu/2configs/virtualisation/virtualbox.nix5
-rw-r--r--makefu/2configs/zsh-user.nix82
-rw-r--r--makefu/5pkgs/baidudl/default.nix23
-rw-r--r--makefu/5pkgs/default.nix10
-rw-r--r--makefu/krops.nix16
-rw-r--r--makefu/nixpkgs.json6
m---------submodules/krops0
-rw-r--r--tv/1systems/xu/config.nix6
-rw-r--r--tv/2configs/backup.nix4
-rw-r--r--tv/2configs/default.nix1
-rw-r--r--tv/2configs/gitrepos.nix3
-rw-r--r--tv/2configs/htop.nix2
-rw-r--r--tv/2configs/mail-client.nix17
-rw-r--r--tv/2configs/xserver/Xmodmap.nix1
-rw-r--r--tv/2configs/xserver/xkiller.nix14
-rw-r--r--tv/3modules/default.nix1
-rw-r--r--tv/3modules/ejabberd/default.nix2
-rw-r--r--tv/3modules/nixpkgs-overlays.nix23
-rw-r--r--tv/3modules/slock.nix20
-rw-r--r--tv/5pkgs/default.nix6
-rw-r--r--tv/5pkgs/simple/q/default.nix61
-rw-r--r--tv/5pkgs/simple/xkiller.nix25
98 files changed, 1507 insertions, 834 deletions
diff --git a/ci.nix b/ci.nix
index a383a0631..16c866e76 100644
--- a/ci.nix
+++ b/ci.nix
@@ -16,6 +16,6 @@ let
ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
build = host: owner:
- ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-tmp";});
+ ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";});
in mapAttrs (n: h: build n h.owner.name) ci-systems
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index cf72e0d73..916073375 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -12,8 +12,8 @@
<stockholm/krebs/2configs/buildbot-stockholm.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
- <stockholm/krebs/2configs/reaktor-retiolum.nix>
- <stockholm/krebs/2configs/reaktor-krebs.nix>
+ <stockholm/krebs/2configs/nscd-fix.nix>
+ <stockholm/krebs/2configs/reaktor2.nix>
<stockholm/krebs/2configs/repo-sync.nix>
];
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 914b38051..ec8830711 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -161,6 +161,7 @@ in
users.extraUsers.root.openssh.authorizedKeys.keys = [
config.krebs.users.ulrich.pubkey
+ config.krebs.users.raute.pubkey
config.krebs.users.makefu-omo.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
];
diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix
new file mode 100644
index 000000000..5dc24f1de
--- /dev/null
+++ b/krebs/2configs/exim-smarthost.nix
@@ -0,0 +1,50 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+
+ format = from: to: {
+ inherit from;
+ # TODO assert is-retiolum-mail-address to;
+ to = concatMapStringsSep "," (getAttr "mail") (toList to);
+ };
+
+in {
+ krebs.exim-smarthost.internet-aliases =
+ mapAttrsToList format (with config.krebs.users; let
+ brain-ml = [
+ lass
+ makefu
+ tv
+ ];
+ eloop-ml = spam-ml ++ [ ciko ];
+ spam-ml = [
+ lass
+ makefu
+ tv
+ ];
+ ciko.mail = "ciko@slash16.net";
+ in {
+ "anmeldung@eloop.org" = eloop-ml;
+ "brain@krebsco.de" = brain-ml;
+ "cfp@eloop.org" = eloop-ml;
+ "kontakt@eloop.org" = eloop-ml;
+ "root@eloop.org" = eloop-ml;
+ "youtube@eloop.org" = eloop-ml;
+ "eloop2016@krebsco.de" = eloop-ml;
+ "eloop2017@krebsco.de" = eloop-ml;
+ "postmaster@krebsco.de" = spam-ml; # RFC 822
+ "lass@krebsco.de" = lass;
+ "makefu@krebsco.de" = makefu;
+ "spam@krebsco.de" = spam-ml;
+ "tv@krebsco.de" = tv;
+ # XXX These are no internet aliases
+ # XXX exim-retiolum hosts should be able to relay to retiolum addresses
+ "lass@retiolum" = lass;
+ "makefu@retiolum" = makefu;
+ "spam@retiolum" = spam-ml;
+ "tv@retiolum" = tv;
+ "lass@r" = lass;
+ "makefu@r" = makefu;
+ "spam@r" = spam-ml;
+ "tv@r" = tv;
+ });
+}
diff --git a/krebs/2configs/nscd-fix.nix b/krebs/2configs/nscd-fix.nix
new file mode 100644
index 000000000..8e5909e72
--- /dev/null
+++ b/krebs/2configs/nscd-fix.nix
@@ -0,0 +1,24 @@
+with import <stockholm/lib>;
+{ pkgs, ... }: let
+
+ enable = versionOlderThan "19.03";
+
+ versionOlderThan = v:
+ compareVersions
+ (versions.majorMinor version)
+ (versions.majorMinor v)
+ == -1;
+
+ warning = ''
+ Using custom services.nscd.config because
+ https://github.com/NixOS/nixpkgs/pull/50316
+ '';
+
+in
+ optionalAttrs enable (trace warning {
+ services.nscd.enable = mkForce true;
+ services.nscd.config = mkForce (readFile (pkgs.fetchurl {
+ url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf;
+ sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs";
+ }));
+ })
diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix
deleted file mode 100644
index dc2838cae..000000000
--- a/krebs/2configs/reaktor-krebs.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-{
- krebs.Reaktor.krebs = {
- nickname = "Reaktor|krebs";
- channels = [
- "#krebs"
- "#nixos-wiki"
- ];
- extraEnviron = {
- REAKTOR_HOST = "irc.freenode.org";
- REAKTOR_NICKSERV_PASSWORD = "/var/lib/Reaktor/reaktor_nickserv_password";
- };
- plugins = with pkgs.ReaktorPlugins; [
- sed-plugin
- task-add
- task-delete
- task-done
- task-list
- ] ++
- (attrValues (todo "agenda"))
- ;
- };
- krebs.secret.files.nix-serve-key = {
- path = "/var/lib/Reaktor/reaktor_nickserv_password";
- owner.name = "Reaktor";
- source-path = toString <secrets> + "/reaktor_nickserv_password";
- };
-}
diff --git a/krebs/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix
deleted file mode 100644
index 824f59d09..000000000
--- a/krebs/2configs/reaktor-retiolum.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-{
- krebs.Reaktor.retiolum = {
- nickname = "Reaktor|lass";
- channels = [ "#noise" "#xxx" ];
- extraEnviron = {
- REAKTOR_HOST = "irc.r";
- };
- plugins = with pkgs.ReaktorPlugins; [
- sed-plugin
- task-add
- task-delete
- task-done
- task-list
- ] ++
- (attrValues (todo "agenda"))
- ;
- };
-}
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
new file mode 100644
index 000000000..ff6b539ba
--- /dev/null
+++ b/krebs/2configs/reaktor2.nix
@@ -0,0 +1,152 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }:
+
+let
+ #for shared state directory
+ stateDir = config.krebs.reaktor2.r.stateDir;
+
+ generators = pkgs.reaktor2-plugins.generators;
+ hooks = pkgs.reaktor2-plugins.hooks;
+ commands = pkgs.reaktor2-plugins.commands;
+
+ task = name: let
+ rcFile = builtins.toFile "taskrc" ''
+ confirmation=no
+ '';
+ in {
+ pattern = "^${name}-([a-z]+)(?::\\s*(.*))?";
+ activate = "match";
+ command = 1;
+ arguments = [2];
+ env.TASKDATA = "${stateDir}/${name}";
+ commands = {
+ add.filename = pkgs.writeDash "${name}-task-add" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$1"
+ '';
+ list.filename = pkgs.writeDash "${name}-task-list" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} export \
+ | ${pkgs.jq}/bin/jq -r '
+ .[] | select(.id != 0) | "\(.id) \(.description)"
+ '
+ '';
+ delete.filename = pkgs.writeDash "${name}-task-delete" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$1"
+ '';
+ done.filename = pkgs.writeDash "${name}-task-done" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$1"
+ '';
+ };
+ };
+
+ systemPlugin = {
+ plugin = "system";
+ config = {
+ workdir = stateDir;
+ hooks.JOIN = [
+ {
+ activate = "always";
+ command = {
+ filename =
+ "${pkgs.Reaktor.src}/reaktor/commands/tell-on_join";
+ env = {
+ PATH = makeBinPath [
+ pkgs.coreutils # XXX env, touch
+ pkgs.jq # XXX sed
+ pkgs.utillinux # XXX flock
+ ];
+ state_file = "${stateDir}/tell.json";
+ };
+ };
+ }
+ ];
+ hooks.PRIVMSG = [
+ {
+ pattern = "^bier bal(ance)*$";
+ activate = "match";
+ command = {
+ env = {
+ state_file = "${stateDir}/ledger";
+ };
+ filename = pkgs.writeDash "bier-balance" ''
+ ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
+ | ${pkgs.coreutils}/bin/tail +2 \
+ | ${pkgs.miller}/bin/mlr --icsv --opprint cat
+ '';
+ };
+ }
+ {
+ pattern = ''^(\S+)\s+([+-][1-9][0-9]*)\s+(\S+)$'';
+ activate = "match";
+ arguments = [1 2 3];
+ command = {
+ env = {
+ # TODO; get state as argument
+ state_file = "${stateDir}/ledger";
+ };
+ filename = pkgs.writeDash "ledger-add" ''
+ set -x
+ tonick=$1
+ amt=$2
+ unit=$3
+ printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
+ '';
+ };
+ }
+ hooks.sed
+ (generators.command_hook {
+ inherit (commands) hello random-emoji nixos-version stockholm-issue;
+ tell = {
+ filename =
+ "${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg";
+ env = {
+ PATH = makeBinPath [
+ pkgs.coreutils # XXX date, env
+ pkgs.jq # XXX sed
+ pkgs.utillinux # XXX flock
+ ];
+ state_file = "${stateDir}/tell.txt";
+ };
+ };
+ })
+ (task "agenda")
+ ];
+ };
+ };
+
+in {
+
+ krebs.reaktor2 = {
+ freenode = {
+ hostname = "irc.freenode.org";
+ nick = "reaktor2|krebs";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#krebs"
+ ];
+ };
+ }
+ systemPlugin
+ ];
+ username = "reaktor2";
+ };
+ r = {
+ nick = "reaktor2|krebs";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#noise"
+ "#xxx"
+ ];
+ };
+ }
+ systemPlugin
+ ];
+ username = "reaktor2";
+ };
+ };
+}
diff --git a/krebs/2configs/shack/mobile.mpd.nix b/krebs/2configs/shack/mobile.mpd.nix
index 2dc466edb..751d233ec 100644
--- a/krebs/2configs/shack/mobile.mpd.nix
+++ b/krebs/2configs/shack/mobile.mpd.nix
@@ -1,5 +1,8 @@
{lib,pkgs, ... }:
let
+ pkg = lib.overrideDerivation pkgs.ympd (old: {
+ patches = [ ./ympd-top-next.patch ];
+ });
mpdHost = "mpd.shack";
ympd = name: port: let
webPort = 10000 + port;
@@ -7,7 +10,7 @@ let
systemd.services."ympd-${name}" = {
description = "mpd for ${name}";
wantedBy = [ "multi-user.target" ];
- serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody";
+ serviceConfig.ExecStart = "${pkg}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody";
};
services.nginx.virtualHosts."mobile.${name}.mpd.shack" = {
serverAliases = [
diff --git a/krebs/2configs/shack/ympd-top-next.patch b/krebs/2configs/shack/ympd-top-next.patch
new file mode 100644
index 000000000..fd424f11a
--- /dev/null
+++ b/krebs/2configs/shack/ympd-top-next.patch
@@ -0,0 +1,16 @@
+diff --git a/htdocs/index.html b/htdocs/index.html
+index ed77279..eaf92b6 100644
+--- a/htdocs/index.html
++++ b/htdocs/index.html
+@@ -76,6 +76,11 @@
+
+ <div class="col-md-10 col-xs-12">
+ <div class="notifications top-right"></div>
++
++ <ul class="pager">
++ <li id="prev" class="page-btn hide"><a href="">Previous</a></li>
++ <li id="next" class="page-btn"><a href="">Next</a></li>
++ </ul>
+
+ <div class="panel panel-primary">
+ <!-- Default panel contents -->
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix
index 669483f3c..308c6d41d 100644
--- a/krebs/3modules/Reaktor.nix
+++ b/krebs/3modules/Reaktor.nix
@@ -113,10 +113,11 @@ let
'';
in nameValuePair "Reaktor-${name}" {
path = with pkgs; [
- utillinux #flock for tell_on-join
git # for nag
+ jq # for tell
python # for caps
- ];
+ utillinux # flock for tell
+ ];
description = "Reaktor IRC Bot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 2e7c61fb5..9303a81fb 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -18,14 +18,17 @@ let
./charybdis.nix
./ci.nix
./current.nix
+ ./dns.nix
./exim.nix
./exim-retiolum.nix
./exim-smarthost.nix
./fetchWallpaper.nix
./github-hosts-sync.nix
+ ./github-known-hosts.nix
./git.nix
./go.nix
./hidden-ssh.nix
+ ./hosts.nix
./htgen.nix
./iana-etc.nix
./iptables.nix
@@ -39,8 +42,10 @@ let
./per-user.nix
./power-action.nix
./Reaktor.nix
+ ./reaktor2.nix
./realwallpaper.nix
./retiolum-bootstrap.nix
+ ./retiolum-hosts.nix
./rtorrent.nix
./secret.nix
./setuid.nix
@@ -58,28 +63,10 @@ let
api = {
enable = mkEnableOption "krebs";
- dns = {
- providers = mkOption {
- type = with types; attrsOf str;
- };
- };
-
- hosts = mkOption {
- type = with types; attrsOf host;
- default = {};
- };
-
users = mkOption {
type = with types; attrsOf user;
};
- # XXX is there a better place to define search-domain?
- # TODO search-domains :: listOf hostname
- search-domain = mkOption {
- type = types.hostname;
- default = "r";
- };
-
sitemap = mkOption {
default = {};
type = types.attrsOf types.sitemap.entry;
@@ -125,6 +112,8 @@ let
w = "hosts";
};
+ krebs.dns.search-domain = mkDefault "r";
+
krebs.users = {
krebs = {
home = "/krebs";
@@ -137,93 +126,6 @@ let
};
};
- networking.extraHosts = let
- domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers);
- check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
- in concatStringsSep "\n" (flatten (
- mapAttrsToList (hostname: host:
- mapAttrsToList (netname: net:
- let
- aliases = longs ++ shorts;
- longs = filter check net.aliases;
- shorts = let s = ".${cfg.search-domain}"; in
- map (removeSuffix s) (filter (hasSuffix s) longs);
- in
- optionals
- (aliases != [])
- (map (addr: "${addr} ${toString aliases}") net.addrs)
- ) (filterAttrs (name: host: host.aliases != []) host.nets)
- ) cfg.hosts
- ));
-
- # TODO dedup with networking.extraHosts
- nixpkgs.config.packageOverrides = oldpkgs:
- let
- domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers);
- check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
- in
- {
- retiolum-hosts = oldpkgs.writeText "retiolum-hosts" ''
- ${concatStringsSep "\n" (flatten (
- map (host:
- let
- net = host.nets.retiolum;
- aliases = longs;
- longs = filter check net.aliases;
- in
- optionals
- (aliases != [])
- (map (addr: "${addr} ${toString aliases}") net.addrs)
- ) (filter (host: hasAttr "retiolum" host.nets)
- (attrValues cfg.hosts))))}
- '';
- };
-
- krebs.exim-smarthost.internet-aliases = let
- format = from: to: {
- inherit from;
- # TODO assert is-retiolum-mail-address to;
- to = concatMapStringsSep "," (getAttr "mail") (toList to);
- };
- in mapAttrsToList format (with config.krebs.users; let
- brain-ml = [
- lass
- makefu
- tv
- ];
- eloop-ml = spam-ml ++ [ ciko ];
- spam-ml = [
- lass
- makefu
- tv
- ];
- ciko.mail = "ciko@slash16.net";
- in {
- "anmeldung@eloop.org" = eloop-ml;
- "brain@krebsco.de" = brain-ml;
- "cfp@eloop.org" = eloop-ml;
- "kontakt@eloop.org" = eloop-ml;
- "root@eloop.org" = eloop-ml;
- "youtube@eloop.org" = eloop-ml;
- "eloop2016@krebsco.de" = eloop-ml;
- "eloop2017@krebsco.de" = eloop-ml;
- "postmaster@krebsco.de" = spam-ml; # RFC 822
- "lass@krebsco.de" = lass;
- "makefu@krebsco.de" = makefu;
- "spam@krebsco.de" = spam-ml;
- "tv@krebsco.de" = tv;
- # XXX These are no internet aliases
- # XXX exim-retiolum hosts should be able to relay to retiolum addresses
- "lass@retiolum" = lass;
- "makefu@retiolum" = makefu;
- "spam@retiolum" = spam-ml;
- "tv@retiolum" = tv;
- "lass@r" = lass;
- "makefu@r" = makefu;
- "spam@r" = spam-ml;
- "tv@r" = tv;
- });
-
services.openssh.hostKeys =
let inherit (config.krebs.build.host.ssh) privkey; in
mkIf (privkey != null) (mkForce [privkey]);
@@ -238,31 +140,6 @@ let
};
})
//
- {
- github = {
- hostNames = [
- "github.com"
- # List generated with
- # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
- "192.30.252.*"
- "192.30.253.*"
- "192.30.254.*"
- "192.30.255.*"
- "185.199.108.*"
- "185.199.109.*"
- "185.199.110.*"
- "185.199.111.*"
- "13.229.188.59"
- "13.250.177.223"
- "18.194.104.89"
- "18.195.85.27"
- "35.159.8.160"
- "52.74.223.119"
- ];
- publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
- };
- }
- //
mapAttrs
(name: host: {
hostNames =
@@ -272,8 +149,8 @@ let
let
longs = net.aliases;
shorts =
- map (removeSuffix ".${cfg.search-domain}")
- (filter (hasSuffix ".${cfg.search-domain}")
+ map (removeSuffix ".${cfg.dns.search-domain}")
+ (filter (hasSuffix ".${cfg.dns.search-domain}")
longs);
add-port = a:
if net.ssh.port != 22
@@ -297,8 +174,8 @@ let
(concatMap (host: attrValues host.nets)
(mapAttrsToList
(_: host: recursiveUpdate host
- (optionalAttrs (hasAttr config.krebs.search-domain host.nets) {
- nets."" = host.nets.${config.krebs.search-domain} // {
+ (optionalAttrs (hasAttr cfg.dns.search-domain host.nets) {
+ nets."" = host.nets.${cfg.dns.search-domain} // {
aliases = [host.name];
addrs = [];
};
diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix
new file mode 100644
index 000000000..b7e2a2cbb
--- /dev/null
+++ b/krebs/3modules/dns.nix
@@ -0,0 +1,12 @@
+with import <stockholm/lib>;
+{
+ options = {
+ krebs.dns.providers = mkOption {
+ type = types.attrsOf types.str;
+ };
+
+ krebs.dns.search-domain = mkOption {
+ type = types.hostname;
+ };
+ };
+}
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index baa49dbe0..089113ac6 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -84,8 +84,8 @@ in {
nets = rec {
internet = {
# eve.thalheim.io
- ip4.addr = "188.68.39.17";
- ip6.addr = "2a03:4000:13:31e::1";
+ ip4.addr = "95.216.112.61";
+ ip6.addr = "2a01:4f9:2b:1605::1";
aliases = [ "eve.i" ];
};
retiolum = {
@@ -141,6 +141,29 @@ in {
};
};
};
+ idontcare = {
+ owner = config.krebs.users.Mic92;
+ nets = rec {
+ retiolum = {
+ addrs = [
+ config.krebs.hosts.idontcare.nets.retiolum.ip4.addr
+ config.krebs.hosts.idontcare.nets.retiolum.ip6.addr
+ ];
+ ip4.addr = "10.243.29.177";
+ aliases = [ "idontcare.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAxmmbQLVXcnCU9Vg9TCoJxfq/RyNfzaTj8XJsn4Kpo3CvQOwFzL6O
+ qZnbG55WjPjPumuFgtUdHA/G8mgtrTVaIRbVE9ck2l2wWFzMWxORzuvDbMh5xP8A
+ OW2Z2qjlH6O9GTBCzpYyHuyBWCjtiN4x9zEqxkIsBARKOylAoy3zQIiiQF0d72An
+ lqKFi9vYUU90zo9rP8BTzx2ZsEWb28xhHUlwf1+vgaOHI1jI99gnr12dVYl/i/Hb
+ O28gDUogfpP/5pWFAHJ+53ZscHo8/Y7imjiKgGXmOHywoXOsKQ67M6ROEU/0xPnw
+ jKmq2p7zTJk2mDhphjePi5idd5yKNX5Q3wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
justraute = {
owner = config.krebs.users.raute; # laptop
nets = {
@@ -344,6 +367,30 @@ in {
};
};
};
+ matchbox = {
+ owner = config.krebs.users.Mic92;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.29.176";
+ aliases = [ "matchbox.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m
+ VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w
+ nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u
+ TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE
+ TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1
+ yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO
+ 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4
+ Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/
+ bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4
+ nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
+ /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
miaoski = {
owner = config.krebs.users.miaoski;
nets = {
@@ -369,7 +416,7 @@ in {
pubkey = ssh-for "kmein";
};
Mic92 = {
- mail = "joerg@higgsboson.tk";
+ mail = "joerg@thalheim.io";
pubkey = ssh-for "Mic92";
};
palo = {
diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix
new file mode 100644
index 000000000..def06f17a
--- /dev/null
+++ b/krebs/3modules/github-known-hosts.nix
@@ -0,0 +1,40 @@
+{
+ services.openssh.knownHosts.github = {
+ hostNames = [
+ "github.com"
+ # List generated with
+ # curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R .
+ "192.30.252.*"
+ "192.30.253.*"
+ "192.30.254.*"
+ "192.30.255.*"
+ "185.199.108.*"
+ "185.199.109.*"
+ "185.199.110.*"
+ "185.199.111.*"
+ "140.82.112.*"
+ "140.82.113.*"
+ "140.82.114.*"
+ "140.82.115.*"
+ "140.82.116.*"
+ "140.82.117.*"
+ "140.82.118.*"
+ "140.82.119.*"
+ "140.82.120.*"
+ "140.82.121.*"
+ "140.82.122.*"
+ "140.82.123.*"
+ "140.82.124.*"
+ "140.82.125.*"
+ "140.82.126.*"
+ "140.82.127.*"
+ "13.229.188.59"
+ "13.250.177.223"
+ "18.194.104.89"
+ "18.195.85.27"
+ "35.159.8.160"
+ "52.74.223.119"
+ ];
+ publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
+ };
+}
diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix
new file mode 100644
index 000000000..0985bb539
--- /dev/null
+++ b/krebs/3modules/hosts.nix
@@ -0,0 +1,35 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+ # TODO dedup functions with ./retiolum-hosts.nix
+ check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
+ domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
+in {
+
+ options = {
+ krebs.hosts = mkOption {
+ default = {};
+ type = types.attrsOf types.host;
+ };
+ };
+
+ config = {
+ networking.hosts =
+ filterAttrs
+ (_name: value: value != [])
+ (zipAttrsWith
+ (_: concatLists)
+ (concatMap
+ (host:
+ concatMap
+ (net: let
+ aliases = longs ++ shorts;
+ longs = filter check net.aliases;
+ shorts = let s = ".${config.krebs.dns.search-domain}"; in
+ map (removeSuffix s) (filter (hasSuffix s) longs);
+ in
+ map (addr: { ${addr} = aliases; }) net.addrs)
+ (attrValues host.nets))
+ (attrValues config.krebs.hosts)));
+ };
+
+}
diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix
index a7a07a8e6..5beb859aa 100644
--- a/krebs/3modules/per-user.nix
+++ b/krebs/3modules/per-user.nix
@@ -13,7 +13,7 @@ in {
});
default = {};
};
- config = {
+ config = mkIf (cfg != {}) {
environment = {
etc =
mapAttrs'
diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix
new file mode 100644
index 000000000..e3e6ddf4f
--- /dev/null
+++ b/krebs/3modules/reaktor2.nix
@@ -0,0 +1,71 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: {
+
+ options.krebs.reaktor2 = mkOption {
+ default = {};
+ type = types.attrsOf (types.submodule (self: let
+ name = self.config._module.args.name;
+ in {
+ options = {
+ nick = mkOption {
+ default = name;
+ # TODO types.irc.nickname
+ type = types.str;
+ };
+ hostname = mkOption {
+ default = "irc.r";
+ type = types.hostname;
+ };
+ port = mkOption {
+ default = "6667";
+ # TODO type = types.service-name
+ };
+ plugins = mkOption {
+ default = [];
+ type = types.listOf types.attrs;
+ };
+ stateDir = mkOption {
+ default = "/var/lib/${self.config.username}";
+ readOnly = true;
+ type = types.absolute-pathname;
+ };
+ systemd-service-name = mkOption {
+ default = "reaktor2${optionalString (name != "default") "-${name}"}";
+ type = types.filename;
+ };
+ username = mkOption {
+ default = self.config.systemd-service-name;
+ type = types.username;
+ };
+ useTLS = mkOption {
+ default = self.config.port == "6697";
+ type = types.bool;
+ };
+ };
+ }));
+ };
+
+ config = {
+ systemd.services = flip mapAttrs' config.krebs.reaktor2 (_: cfg:
+ nameValuePair cfg.systemd-service-name {
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = cfg.username;
+ Group = "reaktor2";
+ DynamicUser = true;
+ StateDirectory = cfg.username;
+ ExecStart = let
+ configFile = pkgs.writeJSON configFileName configValue;
+ configFileName = "${cfg.systemd-service-name}.config.json";
+ configValue = recursiveUpdate {
+ logTime = false;
+ } (removeAttrs cfg ["_module"]);
+ in "${pkgs.reaktor2}/bin/reaktor ${configFile}";
+ Restart = "always";
+ RestartSec = "30";
+ };
+ }
+ );
+ };
+}
diff --git a/krebs/3modules/retiolum-hosts.nix b/krebs/3modules/retiolum-hosts.nix
new file mode 100644
index 000000000..ddf85ead7
--- /dev/null
+++ b/krebs/3modules/retiolum-hosts.nix
@@ -0,0 +1,28 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+ # TODO dedup functions with ./hosts.nix
+ check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
+ domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
+in {
+ nixpkgs.config.packageOverrides = super: {
+ retiolum-hosts =
+ super.writeText "retiolum-hosts" ''
+ ${
+ concatStringsSep
+ "\n"
+ (flatten
+ (map
+ (host: let
+ net = host.nets.retiolum;
+ aliases = longs;
+ longs = filter check net.aliases;
+ in
+ optionals
+ (aliases != [])
+ (map (addr: "${addr} ${toString aliases}") net.addrs))
+ (filter (host: hasAttr "retiolum" host.nets)
+ (attrValues config.krebs.hosts))))
+ }
+ '';
+ };
+}
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index ecd449b09..24eac7158 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -27,6 +27,7 @@ let
"tinc.conf" = pkgs.writeText "${netname}-tinc.conf" ''
Name = ${tinc.config.host.name}
Interface = ${netname}
+ Broadcast = no
${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo}
PrivateKeyFile = ${tinc.config.privkey.path}
Port = ${toString tinc.config.host.nets.${netname}.tinc.port}
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index 84c00e82d..dc04b6a72 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -22,6 +22,8 @@ foldl' mergeAttrs {}
};
});
+ reaktor2 = self.haskellPackages.reaktor2;
+
ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {};
# https://github.com/proot-me/PRoot/issues/106
diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix
index 59c5b7984..97e4a717c 100644
--- a/krebs/5pkgs/haskell/blessings.nix
+++ b/krebs/5pkgs/haskell/blessings.nix
@@ -7,8 +7,8 @@ with import <stockholm/lib>;
sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
};
"18.09" = {
- version = "1.2.0";
- sha256 = "03hz43ixww0h4fwxqrlrlvmj3pxswhb50ijaapwjz8457il2r300";
+ version = "2.1.0";
+ sha256 = "0wc8v48bb0bkvypc0j6imvnf8xc8572hykk9sgjhzf2w0ggqxv5d";
};
}.${versions.majorMinor nixpkgsVersion};
diff --git a/krebs/5pkgs/simple/much/cabal.nix b/krebs/5pkgs/haskell/much.nix
index 09bc7b5df..db168f8a1 100644
--- a/krebs/5pkgs/simple/much/cabal.nix
+++ b/krebs/5pkgs/haskell/much.nix
@@ -8,11 +8,12 @@
}:
mkDerivation {
pname = "much";
- version = "1.1.0";
+ version = "1.2.0";
src = fetchgit {
- url = "http://cgit.ni.krebsco.de/much";
- sha256 = "1325554zymr1dd0clj8c5ygl70c791csvs0hz33jcfr6b8wysdrl";
- rev = "dfec37d848e11c00d9b7f03295af1fc7b0e83ef5";
+ url = "https://cgit.krebsco.de/much";
+ sha256 = "0gfvppi8acylz0q7xh8dkm3dj676d4sc1m1gxwp663bkn4748873";
+ rev = "8fc4fbb5bb7781626da8f63cd8df8bb0f554cfe7";
+ fetchSubmodules = true;
};
isLibrary = false;
isExecutable = true;
diff --git a/krebs/5pkgs/haskell/reaktor2.nix b/krebs/5pkgs/haskell/reaktor2.nix
new file mode 100644
index 000000000..40c628802
--- /dev/null
+++ b/krebs/5pkgs/haskell/reaktor2.nix
@@ -0,0 +1,27 @@
+{ mkDerivation, aeson, async, attoparsec, base, blessings
+, bytestring, containers, data-default, fetchgit, filepath
+, hashable, lens, lens-aeson, network, network-simple
+, network-simple-tls, pcre-light, process, random, stdenv
+, string-conversions, stringsearch, text, time, transformers
+, unagi-chan, unix, unordered-containers, vector
+}:
+mkDerivation {
+ pname = "reaktor2";
+ version = "0.2.1";
+ src = fetchgit {
+ url = "https://cgit.krebsco.de/reaktor2";
+ sha256 = "0wg76wlzfi893rl0lzhfs6bkpdcvwvgl6mpnz6w7r8f7znr4a9vr";
+ rev = "0e199f7a357a4c5973e5837ec67699cf224ca69c";
+ fetchSubmodules = true;
+ };
+ isLibrary = false;
+ isExecutable = true;
+ executableHaskellDepends = [
+ aeson async attoparsec base blessings bytestring containers
+ data-default filepath hashable lens lens-aeson network
+ network-simple network-simple-tls pcre-light process random
+ string-conversions stringsearch text time transformers unagi-chan
+ unix unordered-containers vector
+ ];
+ license = stdenv.lib.licenses.mit;
+}
diff --git a/krebs/5pkgs/simple/Reaktor/default.nix b/krebs/5pkgs/simple/Reaktor/default.nix
index 3ef9ffb7d..a88db6379 100644
--- a/krebs/5pkgs/simple/Reaktor/default.nix
+++ b/krebs/5pkgs/simple/Reaktor/default.nix
@@ -2,7 +2,7 @@
python3Packages.buildPythonPackage rec {
name = "Reaktor-${version}";
- version = "0.6.2";
+ version = "0.7.0";
doCheck = false;
@@ -13,8 +13,8 @@ python3Packages.buildPythonPackage rec {
src = fetchFromGitHub {
owner = "krebs";
repo = "Reaktor";
- rev = version;
- sha256 = "0h8pj0x9b5fnxddwrc0f63rxd3275v5phmjc0fv4kiwlzvbcxj6m";
+ rev = "v${version}";
+ sha256 = "12yy06vk0smjs0rmahrn2kd4bcdh1yjw1fz6rifw6nmgx889d9hj";
};
meta = {
homepage = http://krebsco.de/;
diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix
index 6f59ad1de..1b19a1178 100644
--- a/krebs/5pkgs/simple/Reaktor/plugins.nix
+++ b/krebs/5pkgs/simple/Reaktor/plugins.nix
@@ -146,58 +146,36 @@ rec {
'';
});
- taskrcFile = builtins.toFile "taskrc" ''
- confirmation=no
- '';
-
- task-add = buildSimpleReaktorPlugin "task-add" {
- pattern = "^task-add: (?P<args>.*)$$";
- script = pkgs.writeDash "task-add" ''
- ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} add "$*"
- '';
- };
-
- task-list = buildSimpleReaktorPlugin "task-list" {
- pattern = "^task-list";
- script = pkgs.writeDash "task-list" ''
- ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"'
- '';
- };
-
- task-delete = buildSimpleReaktorPlugin "task-delete" {
- pattern = "^task-delete: (?P<args>.*)$$";
- script = pkgs.writeDash "task-delete" ''
- ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} delete "$*"
- '';
- };
-
- task-done = buildSimpleReaktorPlugin "task-done" {
- pattern = "^task-done: (?P<args>.*)$$";
- script = pkgs.writeDash "task-done" ''
- ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} done "$*"
- '';
- };
-
- todo = name: {
- add = buildSimpleReaktorPlugin "${name}-add" {
+ task = name: let
+ rcFile = builtins.toFile "taskrc" ''
+ confirmation=no
+ '';
+ in {
+ add = buildSimpleReaktorPlugin "${name}-task-add" {
pattern = "^${name}-add: (?P<args>.*)$$";
script = pkgs.writeDash "${name}-add" ''
- echo "$*" >> ${name}-todo
- echo "added ${name} todo"
+ TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$*"
'';
};
- delete = buildSimpleReaktorPlugin "${name}-delete" {
+
+ list = buildSimpleReaktorPlugin "task-list" {
+ pattern = "^${name}-list";
+ script = pkgs.writeDash "task-list" ''
+ TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"'
+ '';
+ };
+
+ delete = buildSimpleReaktorPlugin "task-delete" {
pattern = "^${name}-delete: (?P<args>.*)$$";
- script = pkgs.writeDash "${name}-delete" ''
- ${pkgs.gnugrep}/bin/grep -Fvxe "$*" ${name}-todo > ${name}-todo.tmp
- ${pkgs.coreutils}/bin/mv ${name}-todo.tmp ${name}-todo
- echo "removed ${name} todo: $*"
+ script = pkgs.writeDash "task-delete" ''
+ TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$*"
'';
};
- show = buildSimpleReaktorPlugin "${name}-show" {
- pattern = "^${name}-show$";
- script = pkgs.writeDash "${name}-show" ''
- ${pkgs.coreutils}/bin/cat ${name}-todo
+
+ done = buildSimpleReaktorPlugin "task-done" {
+ pattern = "^${name}-done: (?P<args>.*)$$";
+ script = pkgs.writeDash "task-done" ''
+ TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$*"
'';
};
};
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh b/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh
index 386aa68b9..6f3dd4a3f 100644..100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh
+++ b/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh
@@ -1,5 +1,5 @@
#!/bin/sh
-curl http://emojicons.com/random -s | \
+curl -sS http://emojicons.com/random | \
grep data-text | \
sed -n 's/.*>\(.*\)<\/textarea>/\1/p' | \
head -n 1 | \
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh b/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh
index 5c47c6156..5c47c6156 100644..100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh
+++ b/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
index ecb03917b..4925b25bb 100644..100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
+++ b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
@@ -46,7 +46,7 @@ if is_regex(line):
print('to many lines, skipped')
else:
if last.strip() != ret.strip():
- print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip()))
+ print("\x02{}\x02 meant: {}".format(usr, ret.strip()))
if ret:
d[usr] = ret
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
index d500b3cb3..d500b3cb3 100644..100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
+++ b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
diff --git a/krebs/5pkgs/simple/much/default.nix b/krebs/5pkgs/simple/much/default.nix
deleted file mode 100644
index cf55eb537..000000000
--- a/krebs/5pkgs/simple/much/default.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{ haskellPackages, ... }:
-
-haskellPackages.callPackage ./cabal.nix {}
diff --git a/krebs/5pkgs/simple/reaktor2-plugins.nix b/krebs/5pkgs/simple/reaktor2-plugins.nix
new file mode 100644
index 000000000..48464c0b6
--- /dev/null
+++ b/krebs/5pkgs/simple/reaktor2-plugins.nix
@@ -0,0 +1,106 @@
+with import <stockholm/lib>;
+{ lib, pkgs, ... }:
+
+rec {
+ generators = {
+ command_hook = commands: {
+ pattern =
+ "^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$";
+ command = 1;
+ arguments = [2];
+ commands = commands;
+ };
+ };
+
+ commands = {
+
+ hello = {
+ filename = "${pkgs.Reaktor.src}/reaktor/commands/hello";
+ };
+
+ random-emoji = {
+ filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh>;
+ env = {
+ PATH = makeBinPath (with pkgs; [ coreutils gnused gnugrep xmlstarlet wget ]);
+ };
+ };
+
+ nixos-version = {
+ filename = pkgs.writeDash "nixos-version" ''
+ . /etc/os-release
+ echo "$PRETTY_NAME"
+ '';
+ };
+
+ stockholm-issue = {
+ filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh>;
+ env = {
+ PATH = makeBinPath (with pkgs; [ coreutils git gnused haskellPackages.lentil ]);
+ origin = "http://cgit.gum/stockholm";
+ state_dir = "/tmp/stockholm-issue";
+ };
+ };
+
+ };
+
+ hooks = {
+
+ sed = {
+ activate = "always";
+ pattern = "^(.*)$";
+ arguments = [1];
+ command = {
+ env = {
+ PATH = makeBinPath (with pkgs; [ gnused ]);
+ state_dir = "/tmp";
+ };
+ filename = pkgs.writeDash "sed-plugin" ''
+ set -efu
+ exec ${pkgs.python3}/bin/python \
+ ${<stockholm/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py>} "$@"
+ '';
+ };
+ };
+
+ shack-correct = {
+ activate = "match";
+ pattern = "^(.*Shack.*)$";
+ arguments = [1];
+ command.filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh>;
+ };
+
+
+ url-title = {
+ #pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$";
+ pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$";
+ activate = "match";
+ arguments = [1];
+ command = {
+ filename = pkgs.writePython3 "url-title" { deps = with pkgs.python3Packages; [ beautifulsoup4 lxml ]; } ''
+ import cgi
+ import sys
+ import urllib.request
+ from bs4 import BeautifulSoup
+
+ try:
+ req = urllib.request.Request(sys.argv[1])
+ req.add_header('user-agent', 'Reaktor-url-title')
+ resp = urllib.request.urlopen(req)
+ if resp.headers['content-type'].find('text/html') >= 0:
+ soup = BeautifulSoup(resp.read(16000), "lxml")
+ title = soup.find('title').string
+
+ if len(title.split('\n')) > 5:
+ title = '\n'.join(title.split('\n')[:5])
+
+ print(title[:450])
+ else:
+ cd_header = resp.headers['content-disposition']
+ print(cgi.parse_header(cd_header)[1]['filename'])
+ except: # noqa: E722
+ pass
+ '';
+ };
+ };
+ };
+}
diff --git a/krebs/krops.nix b/krebs/krops.nix
index ab7524941..94418fdc2 100644
--- a/krebs/krops.nix
+++ b/krebs/krops.nix
@@ -9,15 +9,21 @@
krebs-source = { test ? false }: rec {
nixpkgs = if test then {
- file = {
- path = toString (pkgs.fetchFromGitHub {
+ derivation = let
+ rev = (lib.importJSON ./nixpkgs.json).rev;
+ sha256 = (lib.importJSON ./nixpkgs.json).sha256;
+ in ''
+ with import (builtins.fetchTarball {
+ url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
+ sha256 = "${sha256}";
+ }) {};
+ pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
- rev = (lib.importJSON ./nixpkgs.json).rev;
- sha256 = (lib.importJSON ./nixpkgs.json).sha256;
- });
- useChecksum = true;
- };
+ rev = "${rev}";
+ sha256 = "${sha256}";
+ }
+ '';
} else {
git = {
ref = (lib.importJSON ./nixpkgs.json).rev;
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 821c79cde..614d5bccf 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "b9fa31cea0e119ecf1867af4944ddc2f7633aacd",
- "date": "2018-12-22T15:37:52+00:00",
- "sha256": "1iqdra7nvcwbydjirjsk71rpzk4ljc0gzqy33fcp8l18y8iwh47k",
+ "rev": "97e0d53d669cd07f0750a42fd535524b3cdd46d1",
+ "date": "2019-01-15T00:11:44+01:00",
+ "sha256": "111xa7qn9142dar29cil4br2mvn8f1rbiy310lkhwl73126fq8dw",
"fetchSubmodules": false
}
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index 8f748ab8f..a52771a4d 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -1,11 +1,20 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
- file = toString (pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
+ derivation = let
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
- });
+ in ''
+ with import (builtins.fetchTarball {
+ url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
+ sha256 = "${sha256}";
+ }) {};
+ pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = "${rev}";
+ sha256 = "${sha256}";
+ }
+ '';
};
}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index b39f03df9..f35ebff56 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -35,6 +35,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/print.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/hardening.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index df2778bef..23746d210 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -36,10 +36,10 @@ with import <stockholm/lib>;
# TODO write function for proxy_pass (ssl/nonssl)
krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
+ { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; }
];
}
{
@@ -379,6 +379,7 @@ with import <stockholm/lib>;
name = "download";
home = "/var/download";
useDefaultShell = true;
+ uid = genid "download";
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
@@ -420,6 +421,16 @@ with import <stockholm/lib>;
{ predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
];
}
+ {
+ nix.trustedUsers = [ "Mic92" ];
+ users.users.Mic92 = {
+ uid = genid_uint31 "Mic92";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.Mic92.pubkey
+ ];
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 116bdb92f..9a84e9d63 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -40,6 +40,16 @@
fsType = "zfs";
};
+ fileSystems."/var/lib/nextcloud" = {
+ device = "tank/nextcloud";
+ fsType = "zfs";
+ };
+
+ fileSystems."/var/lib/libvirt" = {
+ device = "tank/libvirt";
+ fsType = "zfs";
+ };
+
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
@@ -53,9 +63,15 @@
defaultGateway = "95.216.1.129";
# Use google's public DNS server
nameservers = [ "8.8.8.8" ];
- interfaces.eth0 = {
- ipAddress = "95.216.1.150";
- prefixLength = 26;
- };
+ interfaces.eth0.ipv4.addresses = [
+ {
+ address = "95.216.1.150";
+ prefixLength = 26;
+ }
+ {
+ address = "95.216.1.130";
+ prefixLength = 26;
+ }
+ ];
};
}
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 58fa564a1..9d8bcd7be 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -88,7 +88,7 @@ with import <stockholm/lib>;
client
dev tun
proto udp
- remote 82.102.16.229 1194
+ remote 89.249.65.83 1194
resolv-retry infinite
remote-random
nobind
@@ -103,13 +103,9 @@ with import <stockholm/lib>;
reneg-sec 0
comp-lzo no
- explicit-exit-notify 3
-
remote-cert-tls server
- #mute 10000
auth-user-pass ${toString <secrets/nordvpn.txt>}
-
verb 3
pull
fast-io
@@ -118,32 +114,33 @@ with import <stockholm/lib>;
<ca>
-----BEGIN CERTIFICATE-----
- MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
- VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH
- Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw
- bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y
- ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG
- A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT
- B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2
- cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v
- cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG
- UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny
- mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X
- +D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT
- ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI
- 583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA
- VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT
- Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh
- MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ
- MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy
- Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW
- EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG
- SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ
- e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW
- //DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB
- wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB
- KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p
- lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9
+ MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
+ MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
+ MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
+ BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
+ hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
+ kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
+ XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
+ eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
+ skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
+ MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
+ 37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
+ hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
+ Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
+ WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
+ MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
+ LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
+ SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
+ nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
+ k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
+ DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
+ pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
+ k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
+ +RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
+ NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
+ wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
+ VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
+ PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
-----END CERTIFICATE-----
</ca>
key-direction 1
@@ -152,23 +149,24 @@ with import <stockholm/lib>;
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
- 49b2f54c6ee58d2d97331681bb577d55
- 054f56d92b743c31e80b684de0388702
- ad3bf51088cd88f3fac7eb0729f2263c
- 51d82a6eb7e2ed4ae6dfa65b1ac764d0
- b9dedf1379c1b29b36396d64cb6fd6b2
- e61f869f9a13001dadc02db171f04c4d
- c46d1132c1f31709e7b54a6eabae3ea8
- fbd2681363c185f4cb1be5aa42a27c31
- 21db7b2187fd11c1acf224a0d5a44466
- b4b5a3cc34ec0227fe40007e8b379654
- f1e8e2b63c6b46ee7ab6f1bd82f57837
- 92c209e8f25bc9ed493cb5c1d891ae72
- 7f54f4693c5b20f136ca23e639fd8ea0
- 865b4e22dd2af43e13e6b075f12427b2
- 08af9ffd09c56baa694165f57fe2697a
- 3377fa34aebcba587c79941d83deaf45
+ e685bdaf659a25a200e2b9e39e51ff03
+ 0fc72cf1ce07232bd8b2be5e6c670143
+ f51e937e670eee09d4f2ea5a6e4e6996
+ 5db852c275351b86fc4ca892d78ae002
+ d6f70d029bd79c4d1c26cf14e9588033
+ cf639f8a74809f29f72b9d58f9b8f5fe
+ fc7938eade40e9fed6cb92184abb2cc1
+ 0eb1a296df243b251df0643d53724cdb
+ 5a92a1d6cb817804c4a9319b57d53be5
+ 80815bcfcb2df55018cc83fc43bc7ff8
+ 2d51f9b88364776ee9d12fc85cc7ea5b
+ 9741c4f598c485316db066d52db4540e
+ 212e1518a9bd4828219e24b20d88f598
+ a196c9de96012090e333519ae18d3509
+ 9427e7b372d348d352dc4c85e18cd4b9
+ 3f8a56ddb2e64eb67adfc9b337157ff4
-----END OpenVPN Static key V1-----
</tls-auth>
+
'';
}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 1f2bb511f..1d2d1173d 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -9,7 +9,6 @@ in {
./power-action.nix
./copyq.nix
./urxvt.nix
- ./nfs-dl.nix
{
hardware.pulseaudio = {
enable = true;
@@ -75,12 +74,11 @@ in {
nmap
pavucontrol
powertop
- rxvt_unicode_with-plugins
+ rxvt_unicode-with-plugins
sxiv
taskwarrior
termite
xclip
- xephyrify
xorg.xbacklight
xorg.xhost
xsel
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 62a42baf9..2547e8bac 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -2,6 +2,7 @@ with import <stockholm/lib>;
{ config, pkgs, ... }:
{
imports = [
+ <stockholm/krebs/2configs/nscd-fix.nix>
./binary-cache/client.nix
./gc.nix
./mc.nix
@@ -72,7 +73,6 @@ with import <stockholm/lib>;
krebs = {
enable = true;
- search-domain = "r";
build.user = config.krebs.users.lass;
};
@@ -82,9 +82,6 @@ with import <stockholm/lib>;
services.timesyncd.enable = mkForce true;
- #why is this on in the first place?
- services.nscd.enable = false;
-
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
@@ -116,6 +113,7 @@ with import <stockholm/lib>;
#network
iptables
iftop
+ tcpdump
#stuff for dl
aria2
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index f487a9910..555295422 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -96,6 +96,7 @@ with import <stockholm/lib>;
{ from = "nordvpn@lassul.us"; to = lass.mail; }
{ from = "csv-direct@lassul.us"; to = lass.mail; }
{ from = "nintendo@lassul.us"; to = lass.mail; }
+ { from = "overleaf@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 62e3f6d52..a3acb82bb 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -74,7 +74,6 @@ in {
createHome = true;
useDefaultShell = true;
packages = with pkgs; [
- ftb
minecraft
steam-run
dolphinEmu
diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix
index c5073e384..a1bb26049 100644
--- a/lass/2configs/gc.nix
+++ b/lass/2configs/gc.nix
@@ -3,6 +3,6 @@
with import <stockholm/lib>;
{
nix.gc = {
- automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer);
+ automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer);
};
}
diff --git a/lass/2configs/hardening.nix b/lass/2configs/hardening.nix
new file mode 100644
index 000000000..aee4bf06f
--- /dev/null
+++ b/lass/2configs/hardening.nix
@@ -0,0 +1,11 @@
+{ pkgs, lib, ... }:
+with lib;
+{
+ security.chromiumSuidSandbox.enable = true;
+ security.lockKernelModules = false;
+ boot.kernel.sysctl."user.max_user_namespaces" = 63414;
+
+ imports = [
+ <nixpkgs/nixos/modules/profiles/hardened.nix>
+ ];
+}
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 21b9d7b49..52d380b7c 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -51,7 +51,7 @@ let
eloop = [ "to:eloop.org" ];
github = [ "to:github@lassul.us" ];
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
- india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ];
+ india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" "to:hackbeach@mail.hackbeach.in" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
lugs = [ "to:lugs@lug-s.org" ];
meetup = [ "to:meetup@lassul.us" ];
@@ -225,7 +225,7 @@ in {
msmtp
mutt
pkgs.notmuch
- pkgs.much
+ pkgs.haskellPackages.much
tag-new-mails
tag-old-mails
];
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 987632cd1..f88b2627b 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -170,32 +170,45 @@ in {
};
};
- krebs.Reaktor.playlist = {
- nickname = "the_playlist|r";
- channels = [
- "#the_playlist"
- "#krebs"
- ];
- extraEnviron = {
- REAKTOR_HOST = "irc.freenode.org";
- };
- plugins = with pkgs.ReaktorPlugins; [
- (buildSimpleReaktorPlugin "skip" {
- script = "${skip_track}/bin/skip_track";
- pattern = "^skip$";
- })
- (buildSimpleReaktorPlugin "current" {
- script = "${print_current}/bin/print_current";
- pattern = "^current$";
- })
- (buildSimpleReaktorPlugin "suggest" {
- script = "${pkgs.writeDash "suggest" ''
- echo "$@" >> $HOME/playlist_suggest
- ''}";
- pattern = "^suggest: (?P<args>.*)$";
- })
+ krebs.reaktor2.the_playlist = {
+ hostname = "irc.freenode.org";
+ port = "6697";
+ useTLS = true;
+ nick = "the_playlist";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#the_playlist"
+ "#krebs"
+ ];
+ };
+ }
+ {
+ plugin = "system";
+ config = {
+ workdir = config.krebs.reaktor2.the_playlist.stateDir;
+ hooks.PRIVMSG = [
+ {
+ activate = "match";
+ pattern = ''!([^ ]+)(?:\s*(.*))?'';
+ command = 1;
+ arguments = [2];
+ commands = {
+ skip.filename = "${skip_track}/bin/skip_track";
+ current.filename = "${print_current}/bin/print_current";
+ suggest.filename = pkgs.writeDash "suggest" ''
+ echo "$@" >> playlist_suggest
+ '';
+ };
+ }
+ ];
+ };
+ }
];
};
+
services.nginx = {
enable = true;
virtualHosts."radio.lassul.us" = {
diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 7cdcdf20c..4baec1976 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -1,99 +1,93 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
-{
- krebs.Reaktor.coders = {
- nickname = "Reaktor|lass";
- channels = [ "#coders" "#germany" "#panthermoderns" ];
- extraEnviron = {
- REAKTOR_HOST = "irc.hackint.org";
- };
- plugins = with pkgs.ReaktorPlugins; let
-
- lambdabot = (import (pkgs.fetchFromGitHub {
- owner = "NixOS"; repo = "nixpkgs";
- rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
- sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
- }) {}).lambdabot;
-
- lambdabotflags = ''
- -XStandaloneDeriving -XGADTs -XFlexibleContexts \
- -XFlexibleInstances -XMultiParamTypeClasses \
- -XOverloadedStrings -XFunctionalDependencies \'';
- in [
- sed-plugin
- url-title
- (buildSimpleReaktorPlugin "lambdabot-pl" {
- pattern = "^@pl (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-pl" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@pl $1"
- '';
- })
- (buildSimpleReaktorPlugin "lambdabot-type" {
- pattern = "^@type (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-type" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@type $1"
- '';
- })
- (buildSimpleReaktorPlugin "lambdabot-let" {
- pattern = "^@let (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-let" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@let $1"
- '';
- })
- (buildSimpleReaktorPlugin "lambdabot-run" {
- pattern = "^@run (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-run" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@run $1"
- '';
- })
- (buildSimpleReaktorPlugin "lambdabot-kind" {
- pattern = "^@kind (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-kind" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@kind $1"
- '';
- })
- (buildSimpleReaktorPlugin "ping" {
- pattern = "^!ping (?P<args>.*)$$";
- script = pkgs.writeDash "ping" ''
- exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1
- '';
- })
- (buildSimpleReaktorPlugin "google" {
- pattern = "^!g (?P<args>.*)$$";
- script = pkgs.writeDash "google" ''
- exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \
- ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"'
- '';
- })
- (buildSimpleReaktorPlugin "blockchain" {
- pattern = ".*[Bb]lockchain.*$$";
- script = pkgs.writeDash "blockchain" ''
- exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline'
- '';
- })
- (buildSimpleReaktorPlugin "shrug" {
- pattern = "^!shrug$";
- script = pkgs.writeDash "shrug" ''
- exec echo '¯\_(ツ)_/¯'
- '';
- })
- (buildSimpleReaktorPlugin "flip" {
- pattern = "^!flip$";
- script = pkgs.writeDash "shrug" ''
- exec echo '(╯°□°)╯ ┻━┻'
- '';
- })
+let
+ hooks = pkgs.reaktor2-plugins.hooks;
+in {
+ krebs.reaktor2.coders = {
+ hostname = "irc.hackint.org";
+ port = "9999";
+ useTLS = true;
+ nick = "reaktor2|lass";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#coders"
+ "#germany"
+ "#panthermoderns"
+ ];
+ };
+ }
+ {
+ plugin = "system";
+ config = {
+ workdir = config.krebs.reaktor2.coders.stateDir;
+ hooks.PRIVMSG = [
+ hooks.sed
+ hooks.url-title
+ {
+ activate = "match";
+ pattern = ''@([^ ]+) (.*)$'';
+ command = 1;
+ arguments = [2];
+ env.HOME = config.krebs.reaktor2.coders.stateDir;
+ commands = let
+ lambdabot = (import (pkgs.fetchFromGitHub {
+ owner = "NixOS"; repo = "nixpkgs";
+ rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
+ sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
+ }) {}).lambdabot;
+ lambdabotWrapper = pkgs.writeDash "lambdabot.wrapper" ''
+ exec ${lambdabot}/bin/lambdabot \
+ -XStandaloneDeriving -XGADTs -XFlexibleContexts \
+ -XFlexibleInstances -XMultiParamTypeClasses \
+ -XOverloadedStrings -XFunctionalDependencies \
+ -e "$@"
+ '';
+ in {
+ pl.filename = pkgs.writeDash "lambdabot-pl" ''
+ ${lambdabotWrapper} "@pl $1"
+ '';
+ type.filename = pkgs.writeDash "lambdabot-type" ''
+ ${lambdabotWrapper} "@type $1"
+ '';
+ "let".filename = pkgs.writeDash "lambdabot-let" ''
+ ${lambdabotWrapper} "@let $1"
+ '';
+ run.filename = pkgs.writeDash "lambdabot-run" ''
+ ${lambdabotWrapper} "@run $1"
+ '';
+ kind.filename = pkgs.writeDash "lambdabot-kind" ''
+ ${lambdabotWrapper} "@kind $1"
+ '';
+ };
+ }
+ {
+ activate = "match";
+ pattern = ''!([^ ]+)(?:\s*(.*))?'';
+ command = 1;
+ arguments = [2];
+ commands = {
+ ping.filename = pkgs.writeDash "ping" ''
+ exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1
+ '';
+ google.filename = pkgs.writeDash "google" ''
+ exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \
+ ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"'
+ '';
+ shrug.filename = pkgs.writeDash "shrug" ''
+ exec echo '¯\_(ツ)_/¯'
+ '';
+ table.filename = pkgs.writeDash "table" ''
+ exec echo '(╯°□°)╯ ┻━┻'
+ '';
+ };
+ }
+ ];
+ };
+ }
];
};
}
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 25dac0ac4..7fb248139 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -88,6 +88,20 @@ in {
file_uploads = on
'';
+ services.nextcloud = {
+ enable = true;
+ hostName = "o.xanf.org";
+ config = {
+ adminpassFile = toString <secrets> + "/nextcloud_pw";
+ };
+ #https = true;
+ nginx.enable = true;
+ };
+ services.nginx.virtualHosts."o.xanf.org" = {
+ enableACME = true;
+ forceSSL = true;
+ };
+
# MAIL STUFF
# TODO: make into its own module
services.dovecot2 = {
@@ -141,6 +155,13 @@ in {
ssl_key = "/var/lib/acme/lassul.us/key.pem";
};
+ users.users.UBIK-SFTP = {
+ uid = genid_uint31 "UBIK-SFTP";
+ home = "/home/UBIK-SFTP";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
users.users.xanf = {
uid = genid_uint31 "xanf";
home = "/home/xanf";
@@ -213,5 +234,22 @@ in {
createHome = true;
};
+ services.restic.backups.domsen = {
+ initialize = true;
+ extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
+ repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
+ passwordFile = toString <secrets> + "/domsen_backup_pw";
+ paths = [
+ "/srv/http"
+ "/home/domsen/Mail"
+ "/home/ms/Mail"
+ "/home/klabusterbeere/Mail"
+ "/home/jms/Mail"
+ "/home/bruno/Mail"
+ "/home/akayguen/Mail"
+ "/backups/sql_dumps"
+ ];
+ };
+
}
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 307f1c2b3..27cadd100 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -101,6 +101,9 @@ in {
locations."/pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
'';
+ locations."/pub1".extraConfig = ''
+ alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
+ '';
};
security.acme.certs."cgit.lassul.us" = {
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 2cf6a66b9..613c7c8ac 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -14,6 +14,5 @@ _:
./umts.nix
./usershadow.nix
./xjail.nix
- ./xserver
];
}
diff --git a/lass/3modules/xserver/default.nix b/lass/3modules/xserver/default.nix
deleted file mode 100644
index cdd80857a..000000000
--- a/lass/3modules/xserver/default.nix
+++ /dev/null
@@ -1,103 +0,0 @@
-{ config, pkgs, ... }@args:
-with import <stockholm/lib>;
-let
-
- out = {
- options.lass.xserver = api;
- config = mkIf cfg.enable imp;
- };
-
- user = config.krebs.build.user;
-
- cfg = config.lass.xserver;
- xcfg = config.services.xserver;
- api = {
- enable = mkEnableOption "lass xserver";
- };
- imp = {
-
- services.xserver = {
- enable = true;
- display = 11;
- tty = 11;
- };
-
- systemd.services.display-manager.enable = false;
-
- systemd.services.xmonad = {
- wantedBy = [ "multi-user.target" ];
- requires = [ "xserver.service" ];
- environment = {
- DISPLAY = ":${toString xcfg.display}";
-
- XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
- ${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
- ${xcfg.displayManager.sessionCommands}
- if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
- exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
- fi
- export DBUS_SESSION_BUS_ADDRESS
- ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
- wait
- '';
-
- XMONAD_DATA_DIR = "/tmp";
- };
- serviceConfig = {
- SyslogIdentifier = "xmonad";
- ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
- ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
- User = user.name;
- WorkingDirectory = user.home;
- };
- };
-
- systemd.services.xserver = {
- after = [
- "systemd-udev-settle.service"
- "local-fs.target"
- "acpid.service"
- ];
- reloadIfChanged = true;
- environment = {
- XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
- XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
- LD_LIBRARY_PATH = concatStringsSep ":" (
- [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
- ++ concatLists (catAttrs "libPath" xcfg.drivers));
- };
- serviceConfig = {
- SyslogIdentifier = "xserver";
- ExecReload = "${pkgs.coreutils}/bin/echo NOP";
- ExecStart = toString [
- "${pkgs.xorg.xorgserver}/bin/X"
- ":${toString xcfg.display}"
- "vt${toString xcfg.tty}"
- "-config ${import ./xserver.conf.nix args}"
- "-logfile /dev/null -logverbose 0 -verbose 3"
- "-nolisten tcp"
- "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
- (optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
- ];
- User = user.name;
- };
- };
- krebs.xresources.resources.dpi = ''
- ${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"}
- '';
- systemd.services.urxvtd = {
- wantedBy = [ "multi-user.target" ];
- reloadIfChanged = true;
- serviceConfig = {
- SyslogIdentifier = "urxvtd";
- ExecReload = "${pkgs.coreutils}/bin/echo NOP";
- ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd";
- Restart = "always";
- RestartSec = "2s";
- StartLimitBurst = 0;
- User = user.name;
- };
- };
- };
-
-in out
diff --git a/lass/3modules/xserver/xserver.conf.nix b/lass/3modules/xserver/xserver.conf.nix
deleted file mode 100644
index 6f34e0150..000000000
--- a/lass/3modules/xserver/xserver.conf.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
- cfg = config.services.xserver;
-in
-
-pkgs.stdenv.mkDerivation {
- name = "xserver.conf";
-
- xfs = optionalString (cfg.useXFS != false)
- ''FontPath "${toString cfg.useXFS}"'';
-
- inherit (cfg) config;
-
- buildCommand =
- ''
- echo 'Section "Files"' >> $out
- echo $xfs >> $out
-
- for i in ${toString config.fonts.fonts}; do
- if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
- for j in $(find $i -name fonts.dir); do
- echo " FontPath \"$(dirname $j)\"" >> $out
- done
- fi
- done
-
- for i in $(find ${toString cfg.modules} -type d); do
- if test $(echo $i/*.so* | wc -w) -ne 0; then
- echo " ModulePath \"$i\"" >> $out
- fi
- done
-
- echo 'EndSection' >> $out
-
- echo "$config" >> $out
- '';
-}
diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index 483e37bc8..1f2e7110e 100644
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -41,6 +41,7 @@ import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize)
import XMonad.Layout.NoBorders (smartBorders)
+import XMonad.Layout.MouseResizableTile (mouseResizableTile)
import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
@@ -93,7 +94,7 @@ main' = do
myLayoutHook = defLayout
where
- defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
+ defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile)
floatHooks :: Query (Endo WindowSet)
floatHooks = composeOne
diff --git a/makefu/0tests/data/secrets/nixos-community b/makefu/0tests/data/secrets/nixos-community
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/0tests/data/secrets/nixos-community
diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
index 1a617e52d..e40042b2d 100644
--- a/makefu/1systems/cake/config.nix
+++ b/makefu/1systems/cake/config.nix
@@ -2,6 +2,7 @@
{
imports = [
<stockholm/makefu>
+ ./hardware-config.nix
<stockholm/makefu/2configs/tools/core.nix>
# configure your hw:
# <stockholm/makefu/2configs/save-diskspace.nix>
@@ -11,43 +12,10 @@
tinc.retiolum.enable = true;
build.host = config.krebs.hosts.cake;
};
- boot.loader.grub.enable = false;
- boot.loader.generic-extlinux-compatible.enable = true;
- boot.kernelPackages = pkgs.linuxPackages_latest;
- boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" ];
- programs.info.enable = false;
- programs.man.enable = false;
+ documentation.info.enable = false;
+ documentation.man.enable = false;
services.nixosManual.enable = false;
- boot.tmpOnTmpfs = lib.mkForce false;
sound.enable = false;
- hardware.enableRedistributableFirmware = true;
- hardware.firmware = [
- (pkgs.stdenv.mkDerivation {
- name = "broadcom-rpi3-rest";
- src = pkgs.fetchurl {
- url = "https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/54bab3d/brcm80211/brcm/brcmfmac43430-sdio.txt";
- sha256 = "19bmdd7w0xzybfassn7x4rb30l70vynnw3c80nlapna2k57xwbw7";
- };
- phases = [ "installPhase" ];
- installPhase = ''
- mkdir -p $out/lib/firmware/brcm
- cp $src $out/lib/firmware/brcm/brcmfmac43430-sdio.txt
- '';
- })
- ];
- networking.wireless.enable = true;
-
-# File systems configuration for using the installer's partition layout
- fileSystems = {
- "/boot" = {
- device = "/dev/disk/by-label/NIXOS_BOOT";
- fsType = "vfat";
- };
- "/" = {
- device = "/dev/disk/by-label/NIXOS_SD";
- fsType = "ext4";
- };
- };
}
diff --git a/makefu/1systems/cake/hardware-config.nix b/makefu/1systems/cake/hardware-config.nix
new file mode 100644
index 000000000..d021f9458
--- /dev/null
+++ b/makefu/1systems/cake/hardware-config.nix
@@ -0,0 +1,42 @@
+{ pkgs, lib, ... }:
+{
+ # raspi3
+ boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ];
+ boot.loader.grub.enable = false;
+ boot.loader.raspberryPi.enable = true;
+ boot.loader.raspberryPi.version = 3;
+ boot.loader.raspberryPi.uboot.enable = true;
+ boot.loader.raspberryPi.uboot.configurationLimit = 3;
+ boot.loader.raspberryPi.firmwareConfig = ''
+ gpu_mem=32
+ arm_freq=1350
+ core_freq=500
+ over_voltage=4
+ disable_splash=1
+ # bye bye warranty
+ force_turbo=1
+ '';
+ boot.loader.generationsDir.enable = lib.mkDefault false;
+
+ boot.tmpOnTmpfs = lib.mkForce false;
+ boot.cleanTmpDir = true;
+ hardware.enableRedistributableFirmware = true;
+
+ ## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747
+ # boot.kernelPackages = pkgs.linuxPackages_latest;
+ boot.kernelPackages = pkgs.linuxPackages_latest;
+ environment.systemPackages = [ pkgs.raspberrypi-tools ];
+ networking.wireless.enable = true;
+ # File systems configuration for using the installer's partition layout
+ swapDevices = [ { device = "/var/swap"; size = 2048; } ];
+ fileSystems = {
+ "/boot" = {
+ device = "/dev/disk/by-label/NIXOS_BOOT";
+ fsType = "vfat";
+ };
+ "/" = {
+ device = "/dev/disk/by-label/NIXOS_SD";
+ fsType = "ext4";
+ };
+ };
+}
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 97b4555a5..e274b4bf8 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -22,6 +22,8 @@ in {
};
}
<stockholm/makefu/2configs/support-nixos.nix>
+ <stockholm/makefu/2configs/home-manager>
+ <stockholm/makefu/2configs/home-manager/cli.nix>
# <stockholm/makefu/2configs/stats/client.nix>
<stockholm/makefu/2configs/stats/netdata-server.nix>
@@ -123,8 +125,7 @@ in {
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
# <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
- <stockholm/makefu/2configs/nginx/iso.euer.nix>
- <stockholm/krebs/2configs/cache.nsupdate.info.nix>
+ # <stockholm/makefu/2configs/nginx/iso.euer.nix>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix
index e9670a5a4..542b79fe7 100644
--- a/makefu/1systems/gum/hardware-config.nix
+++ b/makefu/1systems/gum/hardware-config.nix
@@ -34,7 +34,7 @@ in {
prefixLength = external-netmask6;
}];
};
- defaultGateway6 = external-gw6;
+ defaultGateway6 = { address = external-gw6; interface = ext-if; };
defaultGateway = external-gw;
};
boot.kernelParams = [ ];
diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix
index 1e36c6e87..43586ede4 100644
--- a/makefu/1systems/gum/source.nix
+++ b/makefu/1systems/gum/source.nix
@@ -2,4 +2,5 @@
name="gum";
torrent = true;
clever_kexec = true;
+ home-manager = true;
}
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 5a4eea2e4..138735d91 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -14,10 +14,12 @@
<stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
+ <stockholm/makefu/2configs/dict.nix>
<stockholm/makefu/2configs/backup/state.nix>
# <stockholm/makefu/2configs/dnscrypt/client.nix>
<stockholm/makefu/2configs/avahi.nix>
+ <stockholm/makefu/2configs/support-nixos.nix>
# Debugging
# <stockholm/makefu/2configs/disable_v6.nix>
@@ -64,11 +66,12 @@
<stockholm/makefu/2configs/tor.nix>
<stockholm/makefu/2configs/vpn/vpngate.nix>
# <stockholm/makefu/2configs/buildbot-standalone.nix>
- # <stockholm/makefu/2configs/remote-build/master.nix>
+ <stockholm/makefu/2configs/remote-build/aarch64-community.nix>
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
+ <stockholm/makefu/2configs/hw/malduino_elite.nix>
# <stockholm/makefu/2configs/hw/tpm.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
index 6d64848f5..f223081e9 100644
--- a/makefu/2configs/bgt/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@@ -3,6 +3,8 @@
with import <stockholm/lib>;
let
ident = (builtins.readFile ./auphonic.pub);
+ bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log";
+ bgterror = "/var/spool/nginx/logs/binaergewitter.error.log";
in {
services.openssh = {
allowSFTP = true;
@@ -21,6 +23,19 @@ in {
useDefaultShell = true;
openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
};
+ services.logrotate = {
+ enable = true;
+ config = ''
+ ${bgtaccess} ${bgterror} {
+ rotate 5
+ weekly
+ create 600 nginx nginx
+ postrotate
+ ${pkgs.systemd}/bin/systemctl reload nginx
+ endscript
+ }
+ '';
+ };
services.nginx = {
enable = lib.mkDefault true;
recommendedGzipSettings = true;
@@ -29,10 +44,21 @@ in {
serverAliases = [ "dl2.binaergewitter.de" ];
root = "/var/www/binaergewitter";
extraConfig = ''
- access_log /var/spool/nginx/logs/binaergewitter.access.log combined;
- error_log /var/spool/nginx/logs/binaergewitter.error.log error;
+ access_log ${bgtaccess} combined;
+ error_log ${bgterror} error;
autoindex on;
'';
};
};
+ environment.etc."netdata/python.d/web_log.conf".text = ''
+ nginx_log3:
+ name: 'nginx'
+ path: '/var/spool/nginx/logs/access.log'
+ nginx_log4:
+ name: 'bgt'
+ path: '${bgtaccess}'
+ '';
+
+ users.users.netdata.extraGroups = [ "nginx" ];
+
}
diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix
index 3897537ea..917044d63 100644
--- a/makefu/2configs/bureautomation/default.nix
+++ b/makefu/2configs/bureautomation/default.nix
@@ -5,7 +5,7 @@ let
port = 3001;
runit = pkgs.writeDash "runit" ''
set -xeuf
- PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin
+ PATH=${pkgs.mosquitto}/bin:${pkgs.coreutils}/bin
name=''${1?must provide name as first arg}
state=''${2?must provide state as second arg}
# val=''${3?must provide val as third arg}
@@ -14,9 +14,10 @@ let
test $state = alerting || exit 0
echo $name - $state
- curl 'http://bauarbeiterlampe/ay?o=1'
+ topic=plug
+ mosquitto_pub -t /bam/$topic/cmnd/POWER -m ON
sleep 5
- curl 'http://bauarbeiterlampe/ay?o=1'
+ mosquitto_pub -t /bam/$topic/cmnd/POWER -m OFF
'';
in {
services.logstash = {
diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix
index a89a4813f..b70c9b030 100644
--- a/makefu/2configs/bureautomation/hass.nix
+++ b/makefu/2configs/bureautomation/hass.nix
@@ -1,21 +1,51 @@
{ pkgs, lib, ... }:
let
+ tasmota_rgb = name: topic:
+# LED WS2812b
+# effect_state_topic: "stat/led/Scheme"
+# effect_command_topic: "cmnd/led/Scheme"
+# effect_value_template: "{{ value_json.Scheme }}"
+ { platform = "mqtt";
+ inherit name;
+ retain = false;
+ qos = 1;
+ optimistic = false;
+ # state
+ # TODO: currently broken, will not use the custom state topic
+ state_topic = "/bam/${topic}/stat/POWER";
+ command_topic = "/bam/${topic}/cmnd/POWER";
+ availability_topic = "/bam/${topic}/tele/LWT";
+ payload_on= "ON";
+ payload_off= "OFF";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ # brightness
+ brightness_state_topic = "/bam/${topic}/stat/Dimmer";
+ brightness_command_topic = "/bam/${topic}/cmnd/Dimmer";
+ brightness_value_template = "{{ value_json.Dimmer }}";
+ brightness_scale = 100;
+ # color
+ rgb_state_topic = "/bam/${topic}/stat/Color";
+ rgb_command_topic = "/bam/${topic}/cmnd/Color2";
+ rgb_command_mode = "hex";
+ rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
+ # effects
+ effect_state_topic = "/bam/${topic}/stat/Scheme";
+ effect_command_topic = "/bam/${topic}/cmnd/Scheme";
+ effect_value_template = "{{ value_json.Scheme }}";
+ effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ];
+};
tasmota_plug = name: topic:
{ platform = "mqtt";
inherit name;
- state_topic = "/bam/${topic}/stat/POWER1";
- command_topic = "/bam/${topic}/cmnd/POWER1";
+ state_topic = "/bam/${topic}/stat/POWER";
+ command_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
};
- tasmota_stecki = name: topic:
- ( tasmota_plug name topic) //
- { state_topic = "/bam/${topic}/stat/POWER";
- command_topic = "/bam/${topic}/cmnd/POWER";
- };
espeasy_dht22 = name: [
{ platform = "mqtt";
name = "${name} DHT22 Temperature";
@@ -77,8 +107,12 @@ in {
switch = [
(tasmota_plug "Bauarbeiterlampe" "plug")
(tasmota_plug "Blitzdings" "plug2")
- (tasmota_stecki "Fernseher" "fernseher")
- (tasmota_plug "Pluggy" "plug4")
+ (tasmota_plug "Fernseher" "plug3")
+ (tasmota_plug "Feuer" "plug4")
+ (tasmota_plug "Nachtlicht" "plug5")
+ ];
+ light = [
+ (tasmota_rgb "Status Felix" "status1")
];
binary_sensor = [
{ platform = "mqtt";
@@ -174,12 +208,16 @@ in {
};
automation = [
"automation.turn_off_fernseher_10_minutes_after_last_movement"
+ "automation.turn_off_nachtlicht_on_sunrise"
+ "automation.turn_on_nachtlicht_on_motion_and_dusk"
];
switches = [
"switch.bauarbeiterlampe"
"switch.blitzdings"
"switch.fernseher"
- "switch.pluggy"
+ "switch.feuer"
+ "switch.nachtlicht"
+ "light.status_felix"
];
camera = [
"camera.Baumarkt"
@@ -212,11 +250,55 @@ in {
};
action = {
service = "homeassistant.turn_on";
- entity_id = [ "switch.fernseher" "switch.blitzdings" ];
+ entity_id = [
+ "switch.fernseher"
+ "switch.feuer"
+ "light.status_felix"
+ ];
+ };
+ }
+ {
+ alias = "Turn off Nachtlicht on sunrise";
+ trigger =
+ {
+ platform = "sun";
+ event = "sunrise";
+ };
+ action =
+ {
+ service = "homeassistant.turn_off";
+ entity_id = [ "switch.nachtlicht" ];
+ };
+ }
+ {
+ alias = "Turn on Nachtlicht on motion and dusk";
+ trigger =
+ {
+ platform = "state";
+ entity_id = "binary_sensor.motion";
+ to = "on";
+ };
+ condition = # 'when dark'
+ {
+ condition = "or";
+ conditions = [
+ { condition = "sun";
+ after = "sunset";
+ after_offset = "-00:45:00"; # on dusk
+ }
+ { condition = "sun";
+ before = "sunrise";
+ }
+ ];
+ };
+ action =
+ {
+ service = "homeassistant.turn_on";
+ entity_id = [ "switch.nachtlicht" ];
};
}
{ alias = "Turn off Fernseher 10 minutes after last movement";
- trigger = [
+ trigger = [
{ # trigger when movement was detected at the time
platform = "state";
entity_id = "binary_sensor.motion";
@@ -231,7 +313,11 @@ in {
];
action = {
service = "homeassistant.turn_off";
- entity_id = [ "switch.fernseher" "switch.blitzdings" ];
+ entity_id = [
+ "switch.fernseher"
+ "switch.feuer"
+ "light.status_felix"
+ ];
};
condition =
{ condition = "and";
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 61cba86d9..177114a49 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -36,7 +36,6 @@ with import <stockholm/lib>;
enable = true;
dns.providers.lan = "hosts";
- search-domain = "r";
build.user = config.krebs.users.makefu;
};
@@ -85,5 +84,5 @@ with import <stockholm/lib>;
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
-
+ environment.pathsToLink = [ "/share" ];
}
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index cfde0aba8..d7c082662 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -169,6 +169,7 @@ in {
( serveCloud [ "o.euer.krebsco.de" ] )
];
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
services.redis.enable = true;
services.mysql = {
enable = false;
diff --git a/makefu/2configs/dict.nix b/makefu/2configs/dict.nix
new file mode 100644
index 000000000..6db9102ba
--- /dev/null
+++ b/makefu/2configs/dict.nix
@@ -0,0 +1,5 @@
+{ pkgs, ... }:
+{
+ services.dictd.enable = true;
+ services.dictd.DBs = with pkgs.dictdDBs; [ wiktionary wordnet deu2eng eng2deu ];
+}
diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix
index 6bcd09826..63ce6201a 100644
--- a/makefu/2configs/gui/base.nix
+++ b/makefu/2configs/gui/base.nix
@@ -28,6 +28,7 @@ in
windowManager = {
awesome.enable = true;
+ awesome.noArgb = true;
awesome.luaModules = [ pkgs.luaPackages.vicious ];
default = "awesome";
};
diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix
index 64aa03bd7..6b5d26111 100644
--- a/makefu/2configs/home-manager/cli.nix
+++ b/makefu/2configs/home-manager/cli.nix
@@ -1,4 +1,5 @@
{pkgs, ... }: {
+ imports = [ ./zsh.nix ];
home-manager.users.makefu = {
services.gpg-agent = {
enable = true;
@@ -9,7 +10,34 @@
enableSshSupport = true;
enableScDaemon = true;
};
- programs.fzf.enable = true; # alt-c
+ programs.direnv = {
+ stdlib = ''
+use_nix() {
+ local cache=".direnv.$(nixos-version --hash)"
+
+ if [[ ! -e "$cache" ]] || \
+ [[ "$HOME/.direnvrc" -nt "$cache" ]] || \
+ [[ ".envrc" -nt "$cache" ]] || \
+ [[ "default.nix" -nt "$cache" ]] || \
+ [[ "shell.nix" -nt "$cache" ]];
+ then
+ local tmp="$(mktemp "$${cache}.tmp-XXXXXXXX")"
+ trap "rm -rf '$tmp' >/dev/null" EXIT
+ nix-shell --show-trace "$@" --run 'direnv dump' > "$tmp" && \
+ mv "$tmp" "$cache"
+ fi
+
+ direnv_load cat "$cache"
+
+ if [[ $# = 0 ]]; then
+ watch_file default.nix
+ watch_file shell.nix
+ rm direnv.* 2>/dev/null
+ fi
+}
+'';
+ enableZshIntegration = true;
+ };
};
services.udev.packages = [
pkgs.libu2f-host
diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix
index ce98e651a..3be020faa 100644
--- a/makefu/2configs/home-manager/desktop.nix
+++ b/makefu/2configs/home-manager/desktop.nix
@@ -1,11 +1,14 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, ... }:
{
+ users.users.makefu.packages = with pkgs;[ bat direnv clipit ];
home-manager.users.makefu = {
+ systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/run/current-system/sw/share:${pkgs.networkmanagerapplet}/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
programs.firefox.enable = true;
+ programs.obs-studio.enable = true;
+ xdg.enable = true;
services.network-manager-applet.enable = true;
- systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
services.blueman-applet.enable = true;
services.pasystray.enable = true;
systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) );
@@ -34,7 +37,7 @@
};
Service = {
- Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
+ Environment = ''XDG_DATA_DIRS=/run/current-system/sw/share:${pkgs.clipit}/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
ExecStart = "${pkgs.clipit}/bin/clipit";
Restart = "on-abort";
};
diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix
new file mode 100644
index 000000000..59658e667
--- /dev/null
+++ b/makefu/2configs/home-manager/zsh.nix
@@ -0,0 +1,126 @@
+{ pkgs, ... }:
+{
+ imports = [
+ { #direnv
+ home-manager.users.makefu.home.packages = [ pkgs.direnv ];
+ home-manager.users.makefu.home.file.".direnvrc".text = ''
+ use_nix() {
+ local path="$(nix-instantiate --find-file nixpkgs)"
+
+ if [ -f "$${path}/.version-suffix" ]; then
+ local version="$(< $path/.version-suffix)"
+ elif [ -f "$path/.version" ]; then
+ local version="$(< $path/.version)"
+ else
+ local version="$(< $(< $path/.git/HEAD))"
+ fi
+
+ local cache=".direnv/cache-''${version:-unknown}"
+
+ if [[ ! -e "$cache" ]] || \
+ [[ "$HOME/.direnvrc" -nt "$cache" ]] || \
+ [[ .envrc -nt "$cache" ]] || \
+ [[ default.nix -nt "$cache" ]] || \
+ [[ shell.nix -nt "$cache" ]];
+ then
+ [ -d .direnv ] || mkdir .direnv
+ local tmp=$(nix-shell --show-trace "$@" \
+ --run "\"$direnv\" dump bash")
+ echo "$tmp" > "$cache"
+ fi
+
+ local path_backup=$PATH term_backup=$TERM
+ direnv_load cat "$cache"
+
+ export PATH=$PATH:$path_backup TERM=$term_backup
+
+ if [[ $# = 0 ]]; then
+ watch_file default.nix
+ watch_file shell.nix
+ fi
+ }
+ '';
+ home-manager.users.makefu.programs.zsh.initExtra = ''
+ nixify() {
+ if [ ! -e ./.envrc ]; then
+ echo "use nix" > .envrc
+ direnv allow
+ fi
+ if [ ! -e default.nix ]; then
+ cat > default.nix <<'EOF'
+ with import <nixpkgs> {};
+ stdenv.mkDerivation {
+ name = "env";
+ buildInputs = [
+ bashInteractive
+ ];
+ }
+ EOF
+ ''${EDITOR:-vim} default.nix
+ fi
+ }
+ eval "$(direnv hook zsh)"
+ '';
+ }
+ { # bat
+ home-manager.users.makefu.home.packages = [ pkgs.bat ];
+ home-manager.users.makefu.programs.zsh.shellAliases = {
+ cat = "bat";
+ catn = "${pkgs.coreutils}/bin/cat";
+ };
+ }
+ ];
+ environment.pathsToLink = [ "/share/zsh" ];
+ home-manager.users.makefu = {
+ programs.fzf.enable = false; # alt-c
+ programs.zsh = {
+ enable = true;
+ enableAutosuggestions = false;
+ enableCompletion = true;
+ oh-my-zsh.enable = false;
+ history = {
+ size = 900001;
+ save = 900001;
+ ignoreDups = true;
+ extended = true;
+ share = true;
+ };
+ sessionVariables = {
+ TERM = "rxvt-unicode-256color";
+ LANG = "en_US.UTF8";
+ LS_COLORS = ":di=1;31:";
+ EDITOR = "vim";
+ };
+ shellAliases = {
+ lsl = "ls -lAtr";
+ t = "task";
+ xo = "mimeopen";
+ nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
+ };
+ initExtra = ''
+ bindkey -e
+ # shift-tab
+ bindkey '^[[Z' reverse-menu-complete
+ bindkey "\e[3~" delete-char
+ zstyle ':completion:*' menu select
+
+ setopt HIST_IGNORE_ALL_DUPS
+ setopt HIST_IGNORE_SPACE
+ setopt HIST_FIND_NO_DUPS
+
+ unset SSH_AGENT_PID
+ export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+ compdef _pass brain
+ zstyle ':completion::complete:brain::' prefix "$HOME/brain"
+ compdef _pass secrets
+ zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
+
+ # ctrl-x ctrl-e
+ autoload -U edit-command-line
+ zle -N edit-command-line
+ bindkey '^xe' edit-command-line
+ bindkey '^x^e' edit-command-line
+ '';
+ };
+ };
+}
diff --git a/makefu/2configs/hw/malduino_elite.nix b/makefu/2configs/hw/malduino_elite.nix
new file mode 100644
index 000000000..1af85493f
--- /dev/null
+++ b/makefu/2configs/hw/malduino_elite.nix
@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+{
+
+ services.udev.extraRules = ''
+ ACTION!="add|change", GOTO="mm_usb_device_blacklist_local_end"
+ SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_local_end"
+ ENV{DEVTYPE}!="usb_device", GOTO="mm_usb_device_blacklist_local_end"
+
+ ATTRS{idVendor}=="1b4f" ATTRS{idProduct}=="9204", ENV{ID_MM_DEVICE_IGNORE}="1"
+ ATTRS{idVendor}=="1b4f" ATTRS{idProduct}=="9203", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+ LABEL="mm_usb_device_blacklist_local_end"
+ '';
+}
diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix
index fb1a67358..0889ebbc1 100644
--- a/makefu/2configs/printer.nix
+++ b/makefu/2configs/printer.nix
@@ -6,7 +6,8 @@ in {
services.printing = {
enable = true;
drivers = with pkgs; [
- samsungUnifiedLinuxDriver
+ # samsungUnifiedLinuxDriver
+ splix # scx 3200
cups-dymo # dymo labelwriter
foo2zjs # magicolor 1690mf
cups-zj-58
diff --git a/makefu/2configs/remote-build/aarch64-community.nix b/makefu/2configs/remote-build/aarch64-community.nix
new file mode 100644
index 000000000..d57eacd68
--- /dev/null
+++ b/makefu/2configs/remote-build/aarch64-community.nix
@@ -0,0 +1,15 @@
+{
+ nix = {
+ distributedBuilds = true;
+ buildMachines = [
+ {
+ hostName = "aarch64.nixos.community";
+ maxJobs = 64;
+ sshKey = toString <secrets/nixos-community>;
+ sshUser = "makefu";
+ system = "aarch64-linux";
+ supportedFeatures = [ "big-parallel" ];
+ }
+ ];
+ };
+}
diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix
index 9dedafdd2..05560db90 100644
--- a/makefu/2configs/tools/android-pentest.nix
+++ b/makefu/2configs/tools/android-pentest.nix
@@ -1,6 +1,7 @@
{ pkgs, ... }:
{
+ nixpkgs.config.android_sdk.accept_license = true;
users.users.makefu.packages = with pkgs; [
mitmproxy
nmap
diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index 09ee63498..0c877fc7b 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -4,6 +4,7 @@
users.users.makefu.packages = with pkgs;[
python3
python3Packages.pyserial
+ picocom
python3Packages.virtualenv
# embedded
gi
@@ -22,6 +23,7 @@
cdrtools
# nix related
nix-index
+ nix-review
# git-related
tig
];
diff --git a/makefu/2configs/virtualisation/virtualbox.nix b/makefu/2configs/virtualisation/virtualbox.nix
index e90cc1e8d..a8a50939f 100644
--- a/makefu/2configs/virtualisation/virtualbox.nix
+++ b/makefu/2configs/virtualisation/virtualbox.nix
@@ -2,8 +2,7 @@
{
virtualisation.virtualbox.host.enable = true;
- nixpkgs.config.virtualbox.enableExtensionPack = true;
- virtualisation.virtualbox.host.enableHardening = false;
-
+ virtualisation.virtualbox.host.enableExtensionPack = true;
+ # virtualisation.virtualbox.host.enableHardening = false;
users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ];
}
diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix
index 23ae572da..e0ea046cf 100644
--- a/makefu/2configs/zsh-user.nix
+++ b/makefu/2configs/zsh-user.nix
@@ -1,83 +1,11 @@
{ config, lib, pkgs, ... }:
-##
-with import <stockholm/lib>;
let
mainUser = config.krebs.build.user.name;
in
{
- users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh";
programs.zsh= {
enable = true;
- enableCompletion = true ; #manually at the end
- interactiveShellInit = ''
- HISTSIZE=900001
- HISTFILESIZE=$HISTSIZE
- SAVEHIST=$HISTSIZE
- HISTFILE=$HOME/.zsh_history
-
- setopt HIST_IGNORE_ALL_DUPS
- setopt HIST_IGNORE_SPACE
- setopt HIST_FIND_NO_DUPS
- bindkey -e
- # shift-tab
- bindkey '^[[Z' reverse-menu-complete
- bindkey "\e[3~" delete-char
- zstyle ':completion:*' menu select
-
- ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null
- GPG_TTY=$(tty)
- export GPG_TTY
- LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS
-
- unset SSH_AGENT_PID
- export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
-
- # fzf
- __fsel_fzf() {
- local cmd="''${FZF_CTRL_T_COMMAND:-"command find -L . -mindepth 1 \\( -path '*/\\.*' -o -fstype 'sysfs' -o -fstype 'devfs' -o -fstype 'devtmpfs' -o -fstype 'proc' \\) -prune \
- -o -type f -print \
- -o -type d -print \
- -o -type l -print 2> /dev/null | cut -b3-"}"
- setopt localoptions pipefail 2> /dev/null
- eval "$cmd" | FZF_DEFAULT_OPTS="--height ''${FZF_TMUX_HEIGHT:-40%} --reverse $FZF_DEFAULT_OPTS $FZF_CTRL_T_OPTS" $(__fzfcmd) -m "$@" | while read item; do
- echo -n "''${(q)item} "
- done
- local ret=$?
- echo
- return $ret
- }
-
- __fzf_use_tmux__() {
- [ -n "$TMUX_PANE" ] && [ "''${FZF_TMUX:-0}" != 0 ] && [ ''${LINES:-40} -gt 15 ]
- }
-
- __fzfcmd() {
- __fzf_use_tmux__ &&
- echo "fzf-tmux -d''${FZF_TMUX_HEIGHT:-40%}" || echo "fzf"
- }
-
- fzf-file-widget() {
- LBUFFER="''${LBUFFER}$(__fsel_fzf)"
- local ret=$?
- zle redisplay
- typeset -f zle-line-init >/dev/null && zle zle-line-init
- return $ret
- }
- zle -N fzf-file-widget
- bindkey '^T' fzf-file-widget
-
- compdef _pass brain
- zstyle ':completion::complete:brain::' prefix "$HOME/brain"
- compdef _pass secrets
- zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
-
- # ctrl-x ctrl-e
- autoload -U edit-command-line
- zle -N edit-command-line
- bindkey '^xe' edit-command-line
- bindkey '^x^e' edit-command-line
-
- '';
+ enableCompletion = false; #manually at the end
promptInit = ''
RPROMPT=""
@@ -93,8 +21,8 @@ in
'';
};
- users.users.${mainUser}.packages = [
- pkgs.nix-zsh-completions
- pkgs.fzf
- ];
+ users.users.${mainUser} = {
+ shell = "/run/current-system/sw/bin/zsh";
+ packages = [ pkgs.nix-zsh-completions ];
+ };
}
diff --git a/makefu/5pkgs/baidudl/default.nix b/makefu/5pkgs/baidudl/default.nix
new file mode 100644
index 000000000..3c701fd6a
--- /dev/null
+++ b/makefu/5pkgs/baidudl/default.nix
@@ -0,0 +1,23 @@
+{ stdenv, lib, pkgs, curl, jansson ,fetchFromGitHub, autoreconfHook }:
+stdenv.mkDerivation rec {
+ pname = "baidudl";
+ version = "2018-01-16";
+ name = "${pname}-${version}";
+
+ src = fetchFromGitHub {
+ owner = "yzfedora";
+ repo = "baidudl";
+ rev = "712f2554a5ef7b2eba5c248d6406a6c535ef47b2";
+ sha256 = "1nfzalyd9k87q6njdxpg7pa62q6hyfr2vwxwvahaflyp31nlpa0y";
+ };
+
+
+ nativeBuildInputs = [ autoreconfHook ];
+ buildInputs = [ curl.dev jansson ];
+
+ meta = {
+ homepage = https://github.com/yzfedora/baidudl;
+ description = "This is a multi-thread download tool for pan.baidu.com";
+ license = lib.licenses.gpl3;
+ };
+}
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 6e86f4264..8ae41427c 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -21,9 +21,19 @@ with super.lib; with builtins; let
in {
quodlibet = super.pkgs.stdenv.lib.overrideDerivation super.quodlibet (old: {
+ doCheck = false; # 1 error because of warnings (possibly upstream)
patches = [ ./custom/quodlibet/single-digit-discnumber.patch
./custom/quodlibet/remove-override-warning.patch ];
});
+ rclone = super.pkgs.stdenv.lib.overrideDerivation super.rclone (old: {
+ postInstall = old.postInstall + ''
+
+ $bin/bin/rclone genautocomplete zsh _rclone
+ install -D -m644 _rclone $bin/share/zsh/vendor-completions/_rclone
+ $bin/bin/rclone genautocomplete bash _rclone
+ install -D -m644 _rclone $bin/etc/bash_completion.d/rclone
+ '';
+ });
alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";};
diff --git a/makefu/krops.nix b/makefu/krops.nix
index 2a2f70a05..57a3b3bbf 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -27,15 +27,15 @@
# TODO: we want to track the unstable channel
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
} else {
- file = {
- path = toString (pkgs.fetchFromGitHub {
+ derivation = ''
+ with import <nixpkgs> {};
+ pkgs.fetchFromGitHub {
owner = "makefu";
repo = "nixpkgs";
- rev = nixpkgs-src.rev;
- sha256 = nixpkgs-src.sha256;
- });
- useChecksum = true;
- };
+ rev = "${nixpkgs-src.rev}";
+ sha256 = "${nixpkgs-src.sha256}";
+ }
+ '';
};
nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix";
@@ -74,7 +74,7 @@
(lib.mkIf ( host-src.home-manager ) {
home-manager.git = {
url = https://github.com/rycee/home-manager;
- ref = "f947faf";
+ ref = "4aa07c3";
};
})
];
diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json
index ae35f9e76..d62fd65ca 100644
--- a/makefu/nixpkgs.json
+++ b/makefu/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/makefu/nixpkgs",
- "rev": "9728b2e83406c76efc734ebb1923f23b8e687819",
- "date": "2018-11-19T20:36:35+01:00",
- "sha256": "0nk75ldppjr6x04hgghgg9vanr1cw4k5xhg699d38g2rpxviz5bp",
+ "rev": "125873064a6eabd2896833d00aede7778a453fdf",
+ "date": "2019-01-11T14:24:21+01:00",
+ "sha256": "1ki50426m9simqvxdzckfgycibz5rdhwl6hzi31i72dqiafl8j6s",
"fetchSubmodules": false
}
diff --git a/submodules/krops b/submodules/krops
-Subproject 61b5ef3b8e7e4d601db67a20f14a5022e9de839
+Subproject 5b8fb8dc0ee14672d7fd533bd98635b8725dbb2
diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix
index b9c76cf49..33f9539c9 100644
--- a/tv/1systems/xu/config.nix
+++ b/tv/1systems/xu/config.nix
@@ -20,6 +20,7 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/br.nix>
<stockholm/tv/2configs/xp-332.nix>
<stockholm/tv/2configs/xserver>
+ <stockholm/tv/2configs/xserver/xkiller.nix>
{
environment.systemPackages = with pkgs; [
@@ -156,10 +157,5 @@ with import <stockholm/lib>;
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "15.09";
- tv.nixpkgs-overlays = {
- krebs = "/home/tv/stockholm/krebs/5pkgs";
- tv = "/home/tv/stockholm/tv/5pkgs";
- };
-
virtualisation.virtualbox.host.enable = true;
}
diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix
index f8de72d00..b8dec8da4 100644
--- a/tv/2configs/backup.nix
+++ b/tv/2configs/backup.nix
@@ -60,7 +60,7 @@ with import <stockholm/lib>;
};
xu-pull-ni-ejabberd = {
method = "pull";
- src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; };
+ src = { host = config.krebs.hosts.ni; path = "/var/lib/ejabberd"; };
dst = { host = config.krebs.hosts.xu; path = "/bku/ni-ejabberd"; };
startAt = "07:00";
};
@@ -78,7 +78,7 @@ with import <stockholm/lib>;
};
zu-pull-ni-ejabberd = {
method = "pull";
- src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; };
+ src = { host = config.krebs.hosts.ni; path = "/var/lib/ejabberd"; };
dst = { host = config.krebs.hosts.zu; path = "/bku/ni-ejabberd"; };
startAt = "06:00";
};
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 484a337b7..e18ba31b0 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -92,7 +92,6 @@ with import <stockholm/lib>;
environment.variables = {
NIX_PATH = mkForce (concatStringsSep ":" [
"secrets=/var/src/stockholm/null"
- "nixpkgs-overlays=${config.tv.nixpkgs-overlays}"
"/var/src"
]);
};
diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index a89d1302c..725ddefa8 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -67,10 +67,12 @@ let {
cgit.desc = "source code installer";
};
q = {};
+ reaktor2 = {};
regfish = {};
stockholm = {
cgit.desc = "NixOS configuration";
};
+ with-ssh = {};
} // mapAttrs (_: recursiveUpdate { cgit.section = "2. Host configurations"; }) {
ni = {
};
@@ -102,6 +104,7 @@ let {
nixos-infest = {};
painload = {};
push = {};
+ Reaktor = {};
with-tmpdir = {};
get = {};
load-env = {};
diff --git a/tv/2configs/htop.nix b/tv/2configs/htop.nix
index d7d2d7bfd..e78caeb5f 100644
--- a/tv/2configs/htop.nix
+++ b/tv/2configs/htop.nix
@@ -22,7 +22,7 @@ with import <stockholm/lib>;
highlight_megabytes=1
highlight_threads=1
tree_view=1
- header_margin=1
+ header_margin=0
detailed_cpu_time=0
cpu_count_from_zero=0
update_process_names=0
diff --git a/tv/2configs/mail-client.nix b/tv/2configs/mail-client.nix
index 8b6f8bbcd..0caf5264a 100644
--- a/tv/2configs/mail-client.nix
+++ b/tv/2configs/mail-client.nix
@@ -1,13 +1,10 @@
-{ pkgs, ... }:
-
-with pkgs;
-{
+{ pkgs, ... }: {
environment.systemPackages = [
- much
- msmtp
- notmuch
- pythonPackages.alot
- qprint
- w3m
+ pkgs.haskellPackages.much
+ pkgs.msmtp
+ pkgs.notmuch
+ pkgs.pythonPackages.alot
+ pkgs.qprint
+ pkgs.w3m
];
}
diff --git a/tv/2configs/xserver/Xmodmap.nix b/tv/2configs/xserver/Xmodmap.nix
index d2b1b2604..8e8e3dfdd 100644
--- a/tv/2configs/xserver/Xmodmap.nix
+++ b/tv/2configs/xserver/Xmodmap.nix
@@ -17,6 +17,7 @@ pkgs.writeText "Xmodmap" ''
keycode 39 = s S ssharp
keycode 33 = p P Greek_pi Greek_PI
+ keycode 40 = d D Greek_delta Greek_DELTA
keycode 46 = l L Greek_lambda Greek_LAMBDA
keycode 54 = c C cacute Cacute
diff --git a/tv/2configs/xserver/xkiller.nix b/tv/2configs/xserver/xkiller.nix
new file mode 100644
index 000000000..2f9763093
--- /dev/null
+++ b/tv/2configs/xserver/xkiller.nix
@@ -0,0 +1,14 @@
+{ pkgs, ... }: {
+
+ services.acpid.enable = true;
+ services.acpid.handlers.xkiller = {
+ action = /* sh */ ''
+ event=($1)
+ if test "''${event[2]}" = 00000080; then
+ ${pkgs.systemd}/bin/systemd-cat -t xkiller ${pkgs.xkiller}
+ fi
+ '';
+ event = "button/prog1";
+ };
+
+}
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index f53a58e9a..67fb3f650 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -5,7 +5,6 @@
./ejabberd
./hosts.nix
./iptables.nix
- ./nixpkgs-overlays.nix
./slock.nix
./x0vncserver.nix
];
diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix
index e99b94ff9..f16dfac86 100644
--- a/tv/3modules/ejabberd/default.nix
+++ b/tv/3modules/ejabberd/default.nix
@@ -67,7 +67,7 @@ in {
type = types.user;
default = {
name = "ejabberd";
- home = "/var/ejabberd";
+ home = "/var/lib/ejabberd";
};
};
};
diff --git a/tv/3modules/nixpkgs-overlays.nix b/tv/3modules/nixpkgs-overlays.nix
deleted file mode 100644
index 4eb7a86bd..000000000
--- a/tv/3modules/nixpkgs-overlays.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }: {
-
- options.tv.nixpkgs-overlays = mkOption {
- apply = src:
- pkgs.runCommand "nixpkgs-overlays" {} ''
- mkdir $out
- ${concatStringsSep "\n" (mapAttrsToList (name: path:
- "ln -s ${shell.escape path} $out/${shell.escape name}"
- ) src)}
- '' // {
- inherit src;
- };
- type = types.attrsOf types.absolute-pathname;
- };
-
- config = {
- tv.nixpkgs-overlays = {
- krebs = mkDefault "/var/src/stockholm/krebs/5pkgs";
- tv = mkDefault "/var/src/stockholm/tv/5pkgs";
- };
- };
-}
diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix
index 1c84b1e9e..53f7f1f62 100644
--- a/tv/3modules/slock.nix
+++ b/tv/3modules/slock.nix
@@ -5,10 +5,12 @@ in {
options.tv.slock = {
enable = mkEnableOption "tv.slock";
package = mkOption {
- default = pkgs.execBin "slock" rec {
- filename = "${pkgs.systemd}/bin/systemctl";
- argv = [ filename "start" "slock-${cfg.user.name}.service" ];
- };
+ default = pkgs.writeDashBin "slock" ''
+ set -efu
+ display=''${DISPLAY#:}
+ service=slock-$LOGNAME@$display.service
+ exec ${pkgs.systemd}/bin/systemctl start "$service"
+ '';
type = types.package;
};
user = mkOption {
@@ -18,16 +20,16 @@ in {
config = mkIf cfg.enable {
security.polkit.extraConfig = /* js */ ''
polkit.addRule(function(action, subject) {
- if (action.id == "org.freedesktop.systemd1.manage-units" &&
- action.lookup("unit") == "slock-${cfg.user.name}.service" &&
- subject.user == ${toJSON cfg.user.name}) {
+ if (action.id === "org.freedesktop.systemd1.manage-units" &&
+ subject.user === ${toJSON cfg.user.name} &&
+ /^slock-${cfg.user.name}@[0-9]+\.service$/.test(action.lookup("unit")) ) {
return polkit.Result.YES;
}
});
'';
- systemd.services."slock-${cfg.user.name}" = {
+ systemd.services."slock-${cfg.user.name}@" = {
environment = {
- DISPLAY = ":${toString config.services.xserver.display}";
+ DISPLAY = ":%I";
LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" {
passAsFile = ["text"];
text = /* c */ ''
diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix
index c5c800b55..605d827ef 100644
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@@ -24,6 +24,12 @@ foldl' mergeAttrs {}
"$@"
'';
+ dhcpcd = overrideDerivation super.dhcpcd (old: {
+ configureFlags = old.configureFlags ++ [
+ "--dbdir=/var/lib/dhcpcd"
+ ];
+ });
+
gitAndTools = super.gitAndTools // {
inherit (self) diff-so-fancy;
};
diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix
index cbcec1bae..7906b968f 100644
--- a/tv/5pkgs/simple/q/default.nix
+++ b/tv/5pkgs/simple/q/default.nix
@@ -14,7 +14,7 @@ let
assert n >= 1;
n * calwidth + (n - 1) * hspace;
- pad = ''{
+ pad = /* sh */ ''{
${pkgs.gnused}/bin/sed '
# rtrim
s/ *$//
@@ -31,7 +31,7 @@ let
s/^[ 1-9][0-9]/&/
'
}'';
- in ''
+ in /* sh */ ''
cols=$(${pkgs.ncurses}/bin/tput cols)
${pkgs.coreutils}/bin/paste \
<(if test $cols -ge ${toString (need_width 3)}; then
@@ -59,24 +59,24 @@ let
'
'';
- q-isodate = ''
+ q-isodate = /* sh */ ''
${pkgs.coreutils}/bin/date \
'+%Y-%m-%dT%H:%M:%S%:z'
'';
# Singapore's red is #ED2E38
- q-sgtdate = ''
+ q-sgtdate = /* sh */ ''
TZ=Asia/Singapore \
${pkgs.coreutils}/bin/date \
'+%Y-%m-%dT%H:%M:%S%:z'
'';
- q-utcdate = ''
+ q-utcdate = /* sh */ ''
${pkgs.coreutils}/bin/date -u \
'+%Y-%m-%dT%H:%M:%S%:z'
'';
- q-gitdir = ''
+ q-gitdir = /* sh */ ''
if test -d .git; then
#git status --porcelain
branch=$(
@@ -87,7 +87,7 @@ let
fi
'';
- q-intel_backlight = ''
+ q-intel_backlight = /* sh */ ''
cd /sys/class/backlight/intel_backlight
</dev/null exec ${pkgs.gawk}/bin/awk '
END {
@@ -227,11 +227,11 @@ let
done
'';
- q-virtualization = ''
+ q-virtualization = /* sh */ ''
echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)"
'';
- q-wireless = ''
+ q-wireless = /* sh */ ''
for dev in $(
${pkgs.iw}/bin/iw dev \
| ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
@@ -250,7 +250,7 @@ let
done
'';
- q-online = ''
+ q-online = /* sh */ ''
if ${pkgs.curl}/bin/curl -s google.com >/dev/null; then
echo 'online'
else
@@ -258,7 +258,7 @@ let
fi
'';
- q-thermal_zone = ''
+ q-thermal_zone = /* sh */ ''
for i in /sys/class/thermal/thermal_zone*; do
type=$(${pkgs.coreutils}/bin/cat $i/type)
temp=$(${pkgs.coreutils}/bin/cat $i/temp)
@@ -266,29 +266,26 @@ let
done
'';
- q-todo = ''
+ q-todo = /* sh */ ''
TODO_file=$PWD/TODO
if test -e "$TODO_file"; then
- ${pkgs.coreutils}/bin/cat "$TODO_file" \
- | ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) '
- BEGIN { print "remind=0" }
- /^[0-9]/{
- x = $1
- gsub(".", "\\\\&", x)
- rest = substr($0, index($0, " "))
- rest = $0
- sub(" *", "", rest)
- gsub(".", "\\\\&", rest)
- print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \
- echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \
- (( remind++ ))"
- }
- END { print "test $remind = 0 && echo \"nothing to remind\"" }
- ' \
- | {
- # bash needed for (( ... ))
- ${pkgs.bash}/bin/bash
- }
+ ${pkgs.jq}/bin/jq -Rrs <"$TODO_file" -f ${pkgs.writeJq "q-todo.jq" ''
+ split("\n") | map(
+ (match("^([0-9]+-\\d{2}-\\d{2})\\s+(.*)$").captures | map(.string))
+ as $captures |
+ ($captures[0] | strptime("%Y-%m-%d") | mktime) as $date |
+ $captures[1] as $text |
+
+ select(now >= $date) |
+
+ ($text | test("\\[URGENT]"; "i")) as $urgent |
+ (if $urgent then "38;5;196" else "38;5;208" end) as $sgr |
+ if $urgent then sub("\\s*\\[URGENT]\\s*"; " "; "i") else . end |
+
+ "\u001b[\($sgr)m\(.)\u001b[m"
+ ) |
+ if length == 0 then "nothing to remind" else .[] end
+ ''}
else
echo "$TODO_file: no such file or directory"
fi
diff --git a/tv/5pkgs/simple/xkiller.nix b/tv/5pkgs/simple/xkiller.nix
new file mode 100644
index 000000000..8d8f01690
--- /dev/null
+++ b/tv/5pkgs/simple/xkiller.nix
@@ -0,0 +1,25 @@
+{ pkgs }:
+pkgs.writeDash "xkiller" ''
+ set -efu
+ exec >&2
+ ${pkgs.iproute}/bin/ss -lp src unix:/tmp/.X11-unix/X* |
+ ${pkgs.gnused}/bin/sed -n '
+ s|.*/tmp/.X11-unix/X\([0-9]\+\)\>.*("X[^"]*",pid=\([0-9]\+\)\>.*|\1 \2|p
+ ' |
+ while read -r display pid; do
+ {
+ exit_code=$(
+ DISPLAY=:$display ${pkgs.coreutils}/bin/timeout 1 \
+ ${pkgs.xorg.xset}/bin/xset q >/dev/null 2>&1 &&
+ echo 0 || echo $?
+ )
+ if test $exit_code = 124; then
+ echo "X on display :$display is locked up; killing PID $pid..."
+ ${pkgs.coreutils}/bin/kill -SIGKILL "$pid"
+ else
+ echo "X on display :$display is healthy"
+ fi
+ } &
+ done
+ wait
+''
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 15:29:31 +0000
[cgit] Unable to lock slot /tmp/cgit/9c000000.lock: No such file or directory (2)