diff options
| author | Jeschli <jeschli@gmail.com> | 2019-12-20 08:56:54 +0100 |
|---|---|---|
| committer | Jeschli <jeschli@gmail.com> | 2019-12-20 08:56:54 +0100 |
| commit | ea5522e2e048cbdac5184803040e314f84472f4f (patch) | |
| tree | 52cd5a95d9a3d3c276b485f970b0d1cebf2d26ec | |
| parent | 555e4f0825da1b06be97e1d487c800145c51c9f6 (diff) | |
| parent | e2a43e1e30b635b85a79bedb3d40cd8a888a1d49 (diff) | |
Merge branch 'master' of https://cgit.lassul.us/stockholm
66 files changed, 854 insertions, 3117 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index fb273c932..3ff991aa4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -11,13 +11,14 @@ before_script: - ssh-keyscan -H 'ssh.git.shackspace.de' >> ~/.ssh/known_hosts # import secret key for secrets - echo "$secrets_gpg_key" | gpg --import -wolf deployment test: +deployment test: stage: test script: - GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain - test $(PASSWORD_STORE_DIR=~/brain pass smoke) == 1337 - git submodule update --init - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target /tmp -A test) + - $(nix-build krebs/krops.nix --no-out-link --argstr name puyak --argstr target /tmp -A test) nix-shell test: stage: test script: @@ -34,7 +35,6 @@ wolf deployment: - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain - git submodule update --init - ssh-keyscan -H 'wolf.shack' >> ~/.ssh/known_hosts - # TODO, hostname wolf cannot be resolved - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target wolf.shack -A deploy) only: changes: @@ -42,6 +42,20 @@ wolf deployment: - krebs/**/* - lib/**/* - .gitmodules +puyak deployment: + stage: deploy + script: + - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa + - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain + - git submodule update --init + - ssh-keyscan -H 'puyak.shack' >> ~/.ssh/known_hosts + - $(nix-build krebs/krops.nix --no-out-link --argstr name puyak --argstr target puyak.shack -A deploy) + only: + changes: + - .gitlab-ci.yml + - krebs/**/* + - lib/**/* + - .gitmodules nur-packages makefu: stage: deploy script: diff --git a/.gitmodules b/.gitmodules index f35a9250d..5b4336510 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,3 +4,6 @@ [submodule "submodules/krops"] path = submodules/krops url = https://cgit.krebsco.de/krops +[submodule "lass/5pkgs/autowifi"] + path = lass/5pkgs/autowifi + url = https://github.com/Lassulus/autowifi diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 6493c6df4..a20f6929e 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -13,6 +13,7 @@ <stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/news.nix> <stockholm/krebs/2configs/news-spam.nix> + <stockholm/krebs/2configs/shack/ssh-keys.nix> <stockholm/krebs/2configs/shack/prometheus/node.nix> <stockholm/krebs/2configs/shack/prometheus/server.nix> <stockholm/krebs/2configs/shack/prometheus/unifi.nix> @@ -81,12 +82,6 @@ echo level disengaged > /proc/acpi/ibm/fan ''; - # to access vorstand vm - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.ulrich.pubkey - config.krebs.users.raute.pubkey - ]; - users.users.joerg = { openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; isNormalUser = true; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index e87b7bb99..059e09ac1 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -16,6 +16,7 @@ in # handle the worlddomination map via coap <stockholm/krebs/2configs/shack/worlddomination.nix> + <stockholm/krebs/2configs/shack/ssh-keys.nix> # drivedroid.shack for shackphone <stockholm/krebs/2configs/shack/drivedroid.nix> @@ -117,14 +118,6 @@ in fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; - users.extraUsers.root.openssh.authorizedKeys.keys = [ - config.krebs.users."0x4A6F".pubkey - config.krebs.users.ulrich.pubkey - config.krebs.users.raute.pubkey - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci - ]; - services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" ''; @@ -137,6 +130,7 @@ in enable = true; wideArea = false; }; + environment.systemPackages = [ pkgs.avahi ]; } diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix index 698e20da1..224a38ac3 100644 --- a/krebs/2configs/exim-smarthost.nix +++ b/krebs/2configs/exim-smarthost.nix @@ -15,13 +15,12 @@ in { makefu tv ]; - eloop-ml = spam-ml ++ [ ciko ]; + eloop-ml = spam-ml; spam-ml = [ lass makefu tv ]; - ciko.mail = "ciko@slash16.net"; in { "anmeldung@eloop.org" = eloop-ml; "brain@krebsco.de" = brain-ml; diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix new file mode 100644 index 000000000..096c551ba --- /dev/null +++ b/krebs/2configs/shack/prometheus/alert-rules.nix @@ -0,0 +1,102 @@ +{ lib }: +with lib; + +let + deviceFilter = ''device!="ramfs",device!="rpc_pipefs",device!="lxcfs",device!="nsfs",device!="borgfs"''; +in mapAttrsToList (name: opts: { + alert = name; + expr = opts.condition; + for = opts.time or "2m"; + labels = if (opts.page or true) then { severity = "page"; } else {}; + annotations = { + summary = opts.summary; + description = opts.description; + }; +}) { + node_down = { + condition = ''up{job="node"} == 0''; + summary = "{{$labels.alias}}: Node is down."; + description = "{{$labels.alias}} has been down for more than 2 minutes."; + }; + node_systemd_service_failed = { + condition = ''node_systemd_unit_state{state="failed"} == 1''; + summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start."; + description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."; + }; + node_filesystem_full_80percent = { + condition = ''sort(node_filesystem_free_bytes{${deviceFilter}} < node_filesystem_size_bytes{${deviceFilter}} * 0.2) / 1024^3''; + time = "10m"; + summary = "{{$labels.alias}}: Filesystem is running out of space soon."; + description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 20% space left on its filesystem."; + }; + node_filesystem_full_in_7d = { + condition = ''predict_linear(node_filesystem_free_bytes{${deviceFilter}}[2d], 7*24*3600) <= 0''; + time = "1h"; + summary = "{{$labels.alias}}: Filesystem is running out of space in 7 days."; + description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 7 days"; + }; + node_filesystem_full_in_30d = { + condition = ''predict_linear(node_filesystem_free_bytes{${deviceFilter}}[30d], 30*24*3600) <= 0''; + time = "1h"; + summary = "{{$labels.alias}}: Filesystem is running out of space in 30 days."; + description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 30 days"; + }; + node_filedescriptors_full_in_3h = { + condition = ''predict_linear(node_filefd_allocated[3h], 3*3600) >= node_filefd_maximum''; + time = "20m"; + summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours."; + description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"; + }; + node_filedescriptors_full_in_7d = { + condition = ''predict_linear(node_filefd_allocated[7d], 7*24*3600) >= node_filefd_maximum''; + time = "1h"; + summary = "{{$labels.alias}} is running out of available file descriptors in 7 days."; + description = "{{$labels.alias}} is running out of available file descriptors in approx. 7 days"; + }; + node_load15 = { + condition = ''node_load15 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 1.0''; + time = "10m"; + summary = "{{$labels.alias}}: Running on high load: {{$value}}"; + description = "{{$labels.alias}} is running with load15 > 1 for at least 5 minutes: {{$value}}"; + }; + node_ram_using_90percent = { + condition = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.1"; + time = "1h"; + summary = "{{$labels.alias}}: Using lots of RAM."; + description = "{{$labels.alias}} is using at least 90% of its RAM for at least 1 hour."; + }; + node_swap_using_30percent = { + condition = "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.3"; + time = "30m"; + summary = "{{$labels.alias}}: Using more than 30% of its swap."; + description = "{{$labels.alias}} is using 30% of its swap space for at least 30 minutes."; + }; + node_visible_confluence_space = { + condition = "node_visible_confluence_space != 0"; + summary = "crowd prometheus cann see the {{$labels.space_name}} confluence space!"; + description = "crowd user `prometheus` can see the `{{$labels.space_name}}` confluence space."; + }; + node_hwmon_temp = { + condition = "node_hwmon_temp_celsius > node_hwmon_temp_crit_celsius*0.9 OR node_hwmon_temp_celsius > node_hwmon_temp_max_celsius*0.95"; + time = "5m"; + summary = "{{$labels.alias}}: Sensor {{$labels.sensor}}/{{$labels.chip}} temp is high: {{$value}} "; + description = "{{$labels.alias}} reports hwmon sensor {{$labels.sensor}}/{{$labels.chip}} temperature value is nearly critical: {{$value}}"; + }; + node_conntrack_limit = { + condition = "node_nf_conntrack_entries_limit - node_nf_conntrack_entries < 1000"; + time = "5m"; + summary = "{{$labels.alias}}: Number of tracked connections high"; + description = "{{$labels.alias}} has only {{$value}} free slots for connection tracking available."; + }; + node_reboot = { + condition = "time() - node_boot_time_seconds < 300"; + summary = "{{$labels.alias}}: Reboot"; + description = "{{$labels.alias}} just rebooted."; + }; + node_uptime = { + condition = "time() - node_boot_time_seconds > 2592000"; + page = false; + summary = "{{$labels.alias}}: Uptime monster"; + description = "{{$labels.alias}} has been up for more than 30 days."; + }; +} diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix index 7f6f38610..f5d2e7640 100644 --- a/krebs/2configs/shack/prometheus/server.nix +++ b/krebs/2configs/shack/prometheus/server.nix @@ -28,90 +28,12 @@ "-storage.local.index-cache-size.label-name-to-label-values 2097152" "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040" ]; - rules = [ - '' - ALERT node_down - IF up == 0 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Node is down.", - description = "{{$labels.alias}} has been down for more than 5 minutes." - } - ALERT node_systemd_service_failed - IF node_systemd_unit_state{state="failed"} == 1 - FOR 4m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.", - description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}." - } - ALERT node_filesystem_full_90percent - IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Filesystem is running out of space soon.", - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem." - } - ALERT node_filesystem_full_in_4h - IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.", - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours" - } - ALERT node_filedescriptors_full_in_3h - IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum - FOR 20m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.", - description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours" - } - ALERT node_load1_90percent - IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9 - FOR 1h - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Running on high load.", - description = "{{$labels.alias}} is running with > 90% total load for at least 1h." - } - ALERT node_cpu_util_90percent - IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90 - FOR 1h - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: High CPU utilization.", - description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h." - } - ALERT node_ram_using_90percent - IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1 - FOR 30m - LABELS { - severity="page" - } - ANNOTATIONS { - summary="{{$labels.alias}}: Using lots of RAM.", - description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.", - } - '' - ]; + ruleFiles = lib.singleton (pkgs.writeText "prometheus-rules.yml" (builtins.toJSON { + groups = lib.singleton { + name = "mf-alerting-rules"; + rules = import ./alert-rules.nix { inherit lib; }; + }; + })); scrapeConfigs = [ { job_name = "node"; diff --git a/krebs/2configs/shack/ssh-keys.nix b/krebs/2configs/shack/ssh-keys.nix new file mode 100644 index 000000000..9c7f507f1 --- /dev/null +++ b/krebs/2configs/shack/ssh-keys.nix @@ -0,0 +1,10 @@ +{ config, ... }: +{ + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users."0x4A6F".pubkey + config.krebs.users.ulrich.pubkey + config.krebs.users.raute.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci + ]; +} diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 4892a8723..ffa9a29e9 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -2,10 +2,10 @@ with import <stockholm/lib>; let - gunicorn = pkgs.python27Packages.gunicorn; - bepasty = pkgs.bepasty.override { python3Packages = pkgs.python27Packages; }; - gevent = pkgs.python27Packages.gevent; - python = pkgs.python27Packages.python; + gunicorn = pkgs.python3Packages.gunicorn; + bepasty = pkgs.bepasty; + gevent = pkgs.python3Packages.gevent; + python = pkgs.python3Packages.python; cfg = config.krebs.bepasty; out = { diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index cbf24effe..7695667fd 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -135,6 +135,7 @@ let f_${name} = util.BuildFactory() f_${name}.addStep(steps.Git( repourl=util.Property('repository', '${head repo.urls}'), + method='clobber', mode='full', submodules=True, )) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index c770391c7..fcdbcbc19 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -103,7 +103,6 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } - { krebs = import ./mb { inherit config; }; } { krebs = import ./nin { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; } { krebs = import ./tv { inherit config; }; } diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 247dae69c..821859f3c 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -359,8 +359,8 @@ in { nets = rec { retiolum = { addrs = [ - config.krebs.hosts.donna.nets.retiolum.ip4.addr - config.krebs.hosts.donna.nets.retiolum.ip6.addr + config.krebs.hosts.amy.nets.retiolum.ip4.addr + config.krebs.hosts.amy.nets.retiolum.ip6.addr ]; ip4.addr = "10.243.29.181"; aliases = [ "amy.r" ]; @@ -387,8 +387,8 @@ in { nets = rec { retiolum = { addrs = [ - config.krebs.hosts.donna.nets.retiolum.ip4.addr - config.krebs.hosts.donna.nets.retiolum.ip6.addr + config.krebs.hosts.clara.nets.retiolum.ip4.addr + config.krebs.hosts.clara.nets.retiolum.ip6.addr ]; ip4.addr = "10.243.29.182"; aliases = [ "clara.r" ]; diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix index f6d47f27e..e8037128d 100644 --- a/krebs/3modules/iana-etc.nix +++ b/krebs/3modules/iana-etc.nix @@ -23,32 +23,20 @@ with import <stockholm/lib>; }; config.environment.etc = mkIf (config.krebs.iana-etc.services != {}) { - services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} '' - exec < ${pkgs.iana_etc}/etc/services - exec > $out - awk -F '[ /]+' ' - BEGIN { - port=0 - } - ${concatMapStringsSep "\n" (entry: '' - $2 == ${entry.port} { - port=$2 - next - } - port == ${entry.port} { - ${concatMapStringsSep "\n" - (proto: let - s = "${entry.${proto}.name} ${entry.port}/${proto}"; - in - "print ${toJSON s}") - (filter (proto: entry.${proto} != null) ["tcp" "udp"])} - port=0 - } - '') (attrValues config.krebs.iana-etc.services)} - { - print $0 - } - ' + services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} /* sh */ '' + { + ${concatMapStringsSep "\n" (entry: /* sh */ '' + ${concatMapStringsSep "\n" + (proto: let + line = "${entry.${proto}.name} ${entry.port}/${proto}"; + in /* sh */ '' + echo ${shell.escape line} + '') + (filter (proto: entry.${proto} != null) ["tcp" "udp"])} + '') (attrValues config.krebs.iana-etc.services)} + cat ${pkgs.iana_etc}/etc/services + } | + sort -b -k 2,2 -u > $out ''); }; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 30c7b085f..00847071a 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -111,44 +111,6 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU"; }; - archprism = { - cores = 1; - nets = rec { - internet = { - ip4.addr = "46.4.114.247"; - aliases = [ - "archprism.i" - ]; - ssh.port = 45621; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.0.123"; - aliases = [ - "archprism.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6dK0jsPSb7kWMGjfyWbG - wQYYt8vi5pY/1/Ohk0iy84+mfb1SCJdm5IOC4WXgHtmfd468OluUpU5etAu13D3n - f0iDeCuohH0uTjP+EojnKrAXYTiTRpySqXjVmhaWwFyMAACFdzKFb9cgMoByrP0U - 5qruBcupK8Zwxt+Pe8IadRpPuOmz/bMYS7r+NKwybttoIX+YVm4myNzqdtMT77+H - BYR2mzW99T5YI54YZoCe0+XiIEQsosd6IL/9dP0+6vku6nHLD4qb81Q9AgaT+hte - s/ivHL+Fe2GULEQUi8aoEfXrPwnGFVY+QYxLw2G9A0Gfe9KnYBXDn99HXUGcFu2l - x7duN6mnT3WNC6VReh9m5+rPMnih/3l82W0tH1lBWUtdKcxx6yhkyUFgKOvkm4UP - gf1+EIpxf+bM7jlWylKGc+bD+dTMFV+tzHE6qHlcnzdZQrhYd0zjOXGnm4Kl1ec5 - GSlpmqTcjgR+42l6frAENo3fndqYw1WkDtswImDz3Wjuco7BiOULHTJvQN+Ao1DI - l2MQDOWJoN4eYIE4XPqLSvdOSavHQB2WGv+dFDDpWOxnDLNi19aubtynIfpGJXxV - L8s9kUTG00Hdv08BG06hGt0+2Sy1PTVniDcTftHKmEOPS6Y5rJzQih7JdakSUQCc - 6j/HwgWTf85Io/tbVMTNtkECAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; - }; - uriel = { monitoring = false; cores = 1; diff --git a/krebs/3modules/mb/default.nix b/krebs/3modules/mb/default.nix deleted file mode 100644 index 31e01c4ab..000000000 --- a/krebs/3modules/mb/default.nix +++ /dev/null @@ -1,151 +0,0 @@ -with import <stockholm/lib>; -{ config, ... }: let - - hostDefaults = hostName: host: flip recursiveUpdate host { - ci = true; - owner = config.krebs.users.mb; - }; - -in { - hosts = mapAttrs hostDefaults { - orange = { - nets = { - retiolum = { - ip4.addr = "10.243.42.23"; - aliases = [ - "orange.r" - "or4ng3.r" - "0r4n93.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7P0CkmC5HWnTdgGFzmA - zQuJzHSkSjcGgSkIt0pvqU6xi8P/d4eJlmeXeGTpH62JfM1xhEMpxMVd/4NOON2u - IlWnfu5bB763145IJwE0HmZziWjQXWRPAZMqYdQ5f2Pvmxv1yr3uBNzr8UlV6BjD - FXn8sCvikXttYzts9szlz5+pkY09qfiz48+DMzRBNO6JzXYQ9kPyS+TIXlGpN4Jp - C1TRF38eF2DTEZ58Yx8Z99dGrXVuqlSe77fehTQGxCckTpaZ0HS3XfZNa/cas8JY - /0RzH2n2AndnPirISDZ7r4ZIFuKAaivqaEkM8v7llI77URVB9ZJb/IqCrBzueAbt - V/5ts2HpfBAUhw0RoiH8ql+IQZsuSOpRUC2gUN8460V4SQkVtDcsVTENiD+NM5Mg - ImBv041CsW/rSJOilT2r/rWDN8RFnz/RrAQn+L31KXr81kg1TOLxO0ybs/eMJM3r - RnHFZPiiKdqPlA60g0AnzKXPR2JTszHIgHHoRUW16I1WJeuAJNjg0JDQ0JM7pZ27 - JEaCc7uR12TPiuExKaNEaxKZVY1J0hzxOzF2MFIbAMVz/3K2ycvvuLxKojqIAXxA - D+UtcOfJ62k2WnLXOEIZqFU0J2bvhxYUZOFS55wIn1UJF7hemD/LUFHBiWnuhwHk - TAEl8M851t+Zp3hZeJzgx2kCAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - rofl = { - nets = { - retiolum = { - ip4.addr = "10.243.42.43"; - aliases = [ - "rofl.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnysdVVwxkmSroNUleYZm - xdaIB9EdZYCo2xj3WyhsD2lWMpj51FzSH6Y052Vy1V1TCuIXIwjidpmMohBvflG8 - txKCaBGQOZbVqRgzyCDXsNisbr05ayYuHcRrXTpn5ask4HN0Vtx2uJOn8YmOxA0D - VhyEnf8xWu+vi8dwDqRVR17QnPBYqgenzIBmAuRngvNqg6WZg+E9X2e1Dco/PMzb - VW0AgC2+zFCl4+G7dEW7uhsI6IJLy4LsJuEN4TlvWAf7tfdFEnBzTfODW8quGdts - 1Yzah4svPNNt9F1ZhOR/1bDsfVoOjI76BgB0G+ZZPQAGV1zxgn8DXSKi/tJTLNu1 - vj/n9sUJfXMYQdTAOkABghCyEDFUspPKCffQqUXUcJbLKY9fNssGGBeanMsobUQC - Ch9z7kIJ52JDcP/D58z9Yf62P5ENqXzeVPCcodIOey1EizOu/FH3jVo52we1M5sp - 1iM4hMc3ZINUBI9AA1nLWWlB3lBnErAXrhmMMHjcO4nO7/M0YU+EalkDB5eIhqiH - QJx7VnOE2UZYU9Y0vVNSWfYocU12aABK98T7lr5Tde4dI1J81sk2MUZcbNHger3f - NxpvNzOBpeC5xvq/ENCRR7MDf/59xWW5P5N7PbGprLQAi8cfdSoIEhSPz17Taq1f - 3aAAePgBsZvRQozxXZfqp58CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - p1nk = { - nets = { - retiolum = { - ip4.addr = "10.243.42.42"; - aliases = [ - "p1nk.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5YVML71oW3iJrzZKuX48 - AKrGitO5zNvsAHOI8BVsGfZTyxAAZgG4OaDX45kr27K39NcBU43LdDD0I1yjNvGe - zAoL5MIiCPD/QR1kAvLmgpMUSqOVvrk+uoGLVt6dOGvxlOiG1AAaN0gA8Q0B/jZV - 4tZlBpZ7MX9xeK10wqVT56msN69P3EzKQn1uoVRrBxEnNvI1iqmmkgMLcrFVJFBQ - 888Uuw9Hx5MO7ES/ATe8mt0zReUGvn91jYVVsPpmAopWnjCol271gflY0RomFXKy - XaIuvbeF+3otF0+MNqJfm4IsAKJjvl92pjVX0f0eBCSPCYR7D1EtgQrqflLkZKZ8 - jBGDlgpsFWt/Omz1BYcuGZU/djM4+SNxr4YRYMi3lMix3s2PmHvm304I7eEEBlC9 - qy1jq/sLaf8mHJrF6Htl7W5WS/Famkwv/VreI92iHrhsmIDiX7OIbXzYDCxT/PQa - 6uCm/3jIbcHG/ZHZ12H6thkafK0Aoe009+p1n+5Y7V2oNvYe3KzZTnCN5t6z1QHZ - V5iypsd6lNDzlodjleTgGK8FmHGRPRdq1wb3eOLE8mWZj7ygDT50FwaC8FzAcHgC - bLN/zlHvCbYmk9IJhktO3B6wtMrZl60+XCpb5rTulM94RirifFYsnTIDJApI11yb - 3AYi5dQXHjab/lvj6917xa0CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - gr33n = { - nets = { - retiolum = { - ip4.addr = "10.243.42.123"; - aliases = [ - "gr33n.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvcqecLfk8TlGFF7JJpv8 - kjLFNgoNfu9FYRMNG4GSxWL5w+49n6b+GC5ciOC+RJ+N56jfB9JYE0MtbuOmkY5M - JUphuvgOCNhTbBJsjnmG9n02evpxZn9HWypNC3oQCvY2K7vHpIxGKR5PyTVKPO0P - OOYKAbCLD9F2bmuLaBQ/dFXFQxfu3tjvJI9mYDWBpSkh1mYeMZLw2xxnRZLs0bEO - ZWdzxCh9UM/mgb4WYuNED9+sz7MSsaMPAqquarFCguUxhjp6rElGFcNWjXaxA5zt - JGS6VompUViVSHjSaQ5/3VRKoIQjr4NOFYQqLpmB5S2OpiggV6I9OpB7QUGlvcYd - I3j+1AeK11HuEyPqSwxjNCCrI12bSIo3685BPHbl+AMhWGhzrCkAGcOCbAefreXQ - 5v4SaKUIDlCYhN+vyNdlu2jvqQlxfJrPAfBt+jJBK6gMcAEKc7P/Oj4B9Fsl331X - s0kWH5G9t6OhO/Of8/kb2/P+YEbM6zi1QQdZAOr6Cg0y4cMt9zxLWknaM4yEDAXH - oSM33PTv9DOvBjfxRXqOHqOHRq5ayqZdIFgfLUlPTdbWRkhNzjG8f7k7p32m20A6 - Kal+OF//I2c9E9vKFzyepyTcnwi3B8+cFJ74+XYaNApdwHSb1BU/+c3O9RJExZGV - jtTSbSJHU5esECtAuXy1XH8CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - sunsh1n3 = { - ci = false; - nets = { - retiolum = { - ip4.addr = "10.243.42.142"; - aliases = [ - "sunsh1n3.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo2VCqp6mUbyo3n+1XpKf - QavpgRYQyv9wAZzYSYHjxThuLmNb/wERPbWJFMZfAGuku0blKWJISSgFWd9YL7dU - pZQZxfqo/9xnS/r0xIKrKSsBiTZt7JZmTQzj1ri11TIO0S1QPjIP5HsxlZZAw0nz - idEDlKmgWs74FPdezlXqvJyEUKDqL/ZQBtdhZZIDMkSJnCdBzXxKwv+uLVE46ZBf - 4HrtQjcj+dyVMogMIoseAgf5lS6V3pyCM7/NHZFxrIxoIAxSsUoB59i2EbK6aUK5 - yuiWHI6ZHToxN2K/0SX96hzxcwrUmdk49tTHBY0Zhn2ku6NjQPU3LuxgIwrSaSJD - /KWh6XkqR7EsCVN0AIsLvFelI2ckSyNyAlnYbMAHDt7GwHlNp4Lsy+x4ZQ6m0xTY - Z+/jt6sfoMiulPcwWEpqNCCf5A65lF77DldQhH3qYrdQ756n/kOqSfQtPCnVNYXy - LlN5rKCOgxKxxtKkwMUif2OM9RPHpM7wS09Rvek6zpL9ymhU5THF7UylLKxKGjYj - 6dTooyRVQRJdrwIYLrJIy0MfGyYiGAJxf/C0KOOZnJPCW2b51+bo5Zh+BhKZYN8H - C2DEGc8+4h5hX1TAaUfTpfVm3mMTh8H2m9N8Pdl5ji+A0m0IwHDLQyaoskcxSjvU - 9IxYLfkSD6AJqasnHlz0L08CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - }; - users = { - mb = { - mail = "mb0@codemonkey.cc"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCHAdKGHP/De/GLEsPo5RBfbaiiitMw4Y/akOekJbImswT6Np2lzqno/WBJcfVs3D39wgPKNld4P/QZc5IwxC26q/PnBFu93KES0GqnlAqUNE63IOJ8UzNdyEqWggnRiLrBU+ZgyFZvmqp6NoSO4YEGEK4RZRMJM/GcAuQMj/nGjx2AHwPGZCkIRgz8/ctBOzX1/knZd3cOnNowH1wlqUKX6UcEzJdAVDQijHF1wl0Ri8tJKq9u8s/fw+1PSOpOHaeF1BALsXSKgeJDqUCTnZW5mAVUWJ86LvvyfCP4In9lhhLisbDm2cD96QaVvJyV6HfmegdSxZ1Phh+9Qz+3WhDJRedBTSKWfK/9j7VWSb+z/KV37q72W25ZfFMSay58LmCqn3v5fGt9qj4nlPw0By4baGLiGlA7xyvkJfdt8ZVPps5d2g6UprTbSA79lYN4qtWKq2Z9t317xch7Lix6EunQcoTkJ6QXEbDrAIk3zvkWr/CtpwEhNcSdWvQsua42dkD2oOI2F2IgFyYgOx9Iba2yj8A0TD2iqfYVhsJIYuk12QfeaR7ovQ6DhHlUxyQzeF6h0Y+I4AN6Sq/Mmj/cxfQoIaAEybUQMX+7KjFceIszT3JbGlz7DCxi7DMmNYuc7LELMRG3jNAOk+fW8u42Bhgc44tzvAondojerUGqCbUDw== mb0@codemonkey.cc"; - }; - }; -} diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index a0c00c20d..c09bb008d 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -29,7 +29,7 @@ let cloudmap = mkOption { type = types.str; - default = "http://xplanetclouds.com/free/local/clouds_2048.jpg"; + default = "http://home.megapass.co.kr/~holywatr/cloud_data/clouds_2048.jpg"; }; marker = mkOption { diff --git a/krebs/5pkgs/simple/newsbot-js/default.nix b/krebs/5pkgs/simple/newsbot-js/default.nix index 055e6b476..0ac66f433 100644 --- a/krebs/5pkgs/simple/newsbot-js/default.nix +++ b/krebs/5pkgs/simple/newsbot-js/default.nix @@ -1,11 +1,11 @@ -{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-12_x, pkgs, icu }: +{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs, pkgs, icu }: with lib; let nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> { inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; - nodejs = nodejs-12_x; + nodejs = nodejs; libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; }; @@ -36,7 +36,7 @@ in stdenv.mkDerivation { ]; buildInputs = [ - nodejs-12_x + nodejs makeWrapper ]; @@ -45,7 +45,7 @@ in stdenv.mkDerivation { cp newsbot.js $out/ cat > $out/newsbot << EOF - ${nodejs-12_x}/bin/node $out/newsbot.js + ${nodejs}/bin/node $out/newsbot.js EOF chmod +x $out/newsbot diff --git a/krebs/5pkgs/simple/newsbot-js/node-packages.nix b/krebs/5pkgs/simple/newsbot-js/node-packages.nix index d6b2a06dd..ea45b93f3 100644 --- a/krebs/5pkgs/simple/newsbot-js/node-packages.nix +++ b/krebs/5pkgs/simple/newsbot-js/node-packages.nix @@ -1,4 +1,4 @@ -# This file has been generated by node2nix 1.5.3. Do not edit! +# This file has been generated by node2nix 1.7.0. Do not edit! {nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}: @@ -13,22 +13,13 @@ let sha1 = "47afbe1a2a9262191db6838e4fd1d39b40821746"; }; }; - "ajv-5.5.2" = { + "ajv-6.10.2" = { name = "ajv"; packageName = "ajv"; - version = "5.5.2"; + version = "6.10.2"; src = fetchurl { - url = "https://registry.npmjs.org/ajv/-/ajv-5.5.2.tgz"; - sha1 = "73b5eeca3fab653e3d3f9422b341ad42205dc965"; - }; - }; - "array-filter-0.0.1" = { - name = "array-filter"; - packageName = "array-filter"; - version = "0.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/array-filter/-/array-filter-0.0.1.tgz"; - sha1 = "7da8cf2e26628ed732803581fd21f67cacd2eeec"; + url = "https://registry.npmjs.org/ajv/-/ajv-6.10.2.tgz"; + sha512 = "TXtUUEYHuaTEbLZWIKUr5pmBuhDLy+8KYtPYdcV8qC+pOZL+NKqYwvWSRrVXHn+ZmRRAu8vJTAznH7Oag6RVRw=="; }; }; "array-indexofobject-0.0.1" = { @@ -40,31 +31,13 @@ let sha1 = "aaa128e62c9b3c358094568c219ff64fe489d42a"; }; }; - "array-map-0.0.0" = { - name = "array-map"; - packageName = "array-map"; - version = "0.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/array-map/-/array-map-0.0.0.tgz"; - sha1 = "88a2bab73d1cf7bcd5c1b118a003f66f665fa662"; - }; - }; - "array-reduce-0.0.0" = { - name = "array-reduce"; - packageName = "array-reduce"; - version = "0.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/array-reduce/-/array-reduce-0.0.0.tgz"; - sha1 = "173899d3ffd1c7d9383e4479525dbe278cab5f2b"; - }; - }; - "asn1-0.2.3" = { + "asn1-0.2.4" = { name = "asn1"; packageName = "asn1"; - version = "0.2.3"; + version = "0.2.4"; src = fetchurl { - url = "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz"; - sha1 = "dac8787713c9966849fc8180777ebe9c1ddf3b86"; + url = "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz"; + sha512 = "jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg=="; }; }; "assert-plus-1.0.0" = { @@ -94,40 +67,22 @@ let sha1 = "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8"; }; }; - "aws4-1.6.0" = { + "aws4-1.8.0" = { name = "aws4"; packageName = "aws4"; - version = "1.6.0"; + version = "1.8.0"; src = fetchurl { - url = "https://registry.npmjs.org/aws4/-/aws4-1.6.0.tgz"; - sha1 = "83ef5ca860b2b32e4a0deedee8c771b9db57471e"; + url = "https://registry.npmjs.org/aws4/-/aws4-1.8.0.tgz"; + sha512 = "ReZxvNHIOv88FlT7rxcXIIC0fPt4KZqZbOlivyWtXLt8ESx84zd3kMC6iK5jVeS2qt+g7ftS7ye4fi06X5rtRQ=="; }; }; - "bcrypt-pbkdf-1.0.1" = { + "bcrypt-pbkdf-1.0.2" = { name = "bcrypt-pbkdf"; packageName = "bcrypt-pbkdf"; - version = "1.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz"; - sha1 = "63bc5dcb61331b92bc05fd528953c33462a06f8d"; - }; - }; - "boom-4.3.1" = { - name = "boom"; - packageName = "boom"; - version = "4.3.1"; - src = fetchurl { - url = "https://registry.npmjs.org/boom/-/boom-4.3.1.tgz"; - sha1 = "4f8a3005cb4a7e3889f749030fd25b96e01d2e31"; - }; - }; - "boom-5.2.0" = { - name = "boom"; - packageName = "boom"; - version = "5.2.0"; + version = "1.0.2"; src = fetchurl { - url = "https://registry.npmjs.org/boom/-/boom-5.2.0.tgz"; - sha512 = "19h20yqpvca08dns1rs4f057f10w63v0snxfml4h5khsk266x3x1im0w72bza4k2xn0kfz6jlv001dhcvxsjr09bmbqnysils9m7437"; + url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz"; + sha1 = "a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"; }; }; "caseless-0.12.0" = { @@ -139,22 +94,13 @@ let sha1 = "1b681c21ff84033c826543090689420d187151dc"; }; }; - "co-4.6.0" = { - name = "co"; - packageName = "co"; - version = "4.6.0"; - src = fetchurl { - url = "https://registry.npmjs.org/co/-/co-4.6.0.tgz"; - sha1 = "6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184"; - }; - }; - "combined-stream-1.0.6" = { + "combined-stream-1.0.8" = { name = "combined-stream"; packageName = "combined-stream"; - version = "1.0.6"; + version = "1.0.8"; src = fetchurl { - url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.6.tgz"; - sha1 = "723e7df6e801ac5613113a7e445a9b69cb632818"; + url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz"; + sha512 = "FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg=="; }; }; "core-util-is-1.0.2" = { @@ -166,15 +112,6 @@ let sha1 = "b5fd54220aa2bc5ab57aab7140c940754503c1a7"; }; }; - "cryptiles-3.1.2" = { - name = "cryptiles"; - packageName = "cryptiles"; - version = "3.1.2"; - src = fetchurl { - url = "https://registry.npmjs.org/cryptiles/-/cryptiles-3.1.2.tgz"; - sha1 = "a89fbb220f5ce25ec56e8c4aa8a4fd7b5b0d29fe"; - }; - }; "dashdash-1.14.1" = { name = "dashdash"; packageName = "dashdash"; @@ -193,22 +130,22 @@ let sha1 = "df3ae199acadfb7d440aaae0b29e2272b24ec619"; }; }; - "ecc-jsbn-0.1.1" = { + "ecc-jsbn-0.1.2" = { name = "ecc-jsbn"; packageName = "ecc-jsbn"; - version = "0.1.1"; + version = "0.1.2"; src = fetchurl { - url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz"; - sha1 = "0fc73a9ed5f0d53c38193398523ef7e543777505"; + url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz"; + sha1 = "3a83a904e54353287874c564b7549386849a98c9"; }; }; - "extend-3.0.1" = { + "extend-3.0.2" = { name = "extend"; packageName = "extend"; - version = "3.0.1"; + version = "3.0.2"; src = fetchurl { - url = "https://registry.npmjs.org/extend/-/extend-3.0.1.tgz"; - sha1 = "a755ea7bc1adfcc5a31ce7e762dbaadc5e636444"; + url = "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz"; + sha512 = "fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="; }; }; "extsprintf-1.3.0" = { @@ -220,13 +157,13 @@ let sha1 = "96918440e3041a7a414f8c52e3c574eb3c3e1e05"; }; }; - "fast-deep-equal-1.1.0" = { + "fast-deep-equal-2.0.1" = { name = "fast-deep-equal"; packageName = "fast-deep-equal"; - version = "1.1.0"; + version = "2.0.1"; src = fetchurl { - url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-1.1.0.tgz"; - sha1 = "c053477817c86b51daa853c81e059b733d023614"; + url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz"; + sha1 = "7b05218ddf9667bf7f370bf7fdb2cb15fdd0aa49"; }; }; "fast-json-stable-stringify-2.0.0" = { @@ -247,13 +184,13 @@ let sha1 = "fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"; }; }; - "form-data-2.3.2" = { + "form-data-2.3.3" = { name = "form-data"; packageName = "form-data"; - version = "2.3.2"; + version = "2.3.3"; src = fetchurl { - url = "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz"; - sha1 = "4970498be604c20c005d4f5c23aecd21d6b49099"; + url = "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz"; + sha512 = "1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ=="; }; }; "getpass-0.1.7" = { @@ -274,31 +211,13 @@ let sha1 = "a94c2224ebcac04782a0d9035521f24735b7ec92"; }; }; - "har-validator-5.0.3" = { + "har-validator-5.1.3" = { name = "har-validator"; packageName = "har-validator"; - version = "5.0.3"; + version = "5.1.3"; src = fetchurl { - url = "https://registry.npmjs.org/har-validator/-/har-validator-5.0.3.tgz"; - sha1 = "ba402c266194f15956ef15e0fcf242993f6a7dfd"; - }; - }; - "hawk-6.0.2" = { - name = "hawk"; - packageName = "hawk"; - version = "6.0.2"; - src = fetchurl { - url = "https://registry.npmjs.org/hawk/-/hawk-6.0.2.tgz"; - sha512 = "1nl2hjr2mnhj5jlaz8mh54z7acwz5j5idkch04qgjk78756gw5d0fjk4a2immil5ij9ijdssb9ndpryvnh2xpcbgcjv8lxybn330als"; - }; - }; - "hoek-4.2.1" = { - name = "hoek"; - packageName = "hoek"; - version = "4.2.1"; - src = fetchurl { - url = "https://registry.npmjs.org/hoek/-/hoek-4.2.1.tgz"; - sha512 = "1y8kprb3qldxqj31zai5n8dvhydsl9nn5w4rskhnbzzhldn6pm6n5lcyam3sfkb61a62d5m58k8im7z6ngwbd9cw9zp4zm4y7ckrf20"; + url = "https://registry.npmjs.org/har-validator/-/har-validator-5.1.3.tgz"; + sha512 = "sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g=="; }; }; "http-signature-1.2.0" = { @@ -319,22 +238,22 @@ let sha1 = "e084d60eeb7d73da7f0a9c096e4c8abe090bfaed"; }; }; - "inherits-2.0.3" = { + "inherits-2.0.4" = { name = "inherits"; packageName = "inherits"; - version = "2.0.3"; + version = "2.0.4"; src = fetchurl { - url = "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz"; - sha1 = "633c2c83e3da42a502f52466022480f4208261de"; + url = "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz"; + sha512 = "k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="; }; }; - "irc-colors-1.4.2" = { + "irc-colors-1.5.0" = { name = "irc-colors"; packageName = "irc-colors"; - version = "1.4.2"; + version = "1.5.0"; src = fetchurl { - url = "https://registry.npmjs.org/irc-colors/-/irc-colors-1.4.2.tgz"; - sha512 = "0f75yhavbhr8lbh3lh83rvyfrrrcxjawnd2rz7sacjd3zxj5524xr28j66f2l11vlngdkbplxz5xsq9dnwrcyqa0jh64k2pvzhn17a1"; + url = "https://registry.npmjs.org/irc-colors/-/irc-colors-1.5.0.tgz"; + sha512 = "HtszKchBQTcqw1DC09uD7i7vvMayHGM1OCo6AHt5pkgZEyo99ClhHTMJdf+Ezc9ovuNNxcH89QfyclGthjZJOw=="; }; }; "is-typedarray-1.0.0" = { @@ -382,13 +301,13 @@ let sha1 = "b480c892e59a2f05954ce727bd3f2a4e882f9e13"; }; }; - "json-schema-traverse-0.3.1" = { + "json-schema-traverse-0.4.1" = { name = "json-schema-traverse"; packageName = "json-schema-traverse"; - version = "0.3.1"; + version = "0.4.1"; src = fetchurl { - url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.3.1.tgz"; - sha1 = "349a6d44c53a51de89b40805c5d5e59b417d3340"; + url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz"; + sha512 = "xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg=="; }; }; "json-stringify-safe-5.0.1" = { @@ -400,15 +319,6 @@ let sha1 = "1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"; }; }; - "jsonify-0.0.0" = { - name = "jsonify"; - packageName = "jsonify"; - version = "0.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/jsonify/-/jsonify-0.0.0.tgz"; - sha1 = "2c74b6ee41d93ca51b7b5aaee8f503631d252a73"; - }; - }; "jsprim-1.4.1" = { name = "jsprim"; packageName = "jsprim"; @@ -454,40 +364,40 @@ let sha1 = "d0225373aeb652adc1bc82e4945339a842754773"; }; }; - "mime-db-1.33.0" = { + "mime-db-1.42.0" = { name = "mime-db"; packageName = "mime-db"; - version = "1.33.0"; + version = "1.42.0"; src = fetchurl { - url = "https://registry.npmjs.org/mime-db/-/mime-db-1.33.0.tgz"; - sha512 = "36xnw59ik9fqym00cmwb5nyzg0l03k70cp413f7639j93wgmzk1mh0xjc7i6zz3r6k9xnwh0g5cm5a1f3y8c6plgy4qld7fm887ywh4"; + url = "https://registry.npmjs.org/mime-db/-/mime-db-1.42.0.tgz"; + sha512 = "UbfJCR4UAVRNgMpfImz05smAXK7+c+ZntjaA26ANtkXLlOe947Aag5zdIcKQULAiF9Cq4WxBi9jUs5zkA84bYQ=="; }; }; - "mime-types-2.1.18" = { + "mime-types-2.1.25" = { name = "mime-types"; packageName = "mime-types"; - version = "2.1.18"; + version = "2.1.25"; src = fetchurl { - url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz"; - sha512 = "22krj1kw7n9z10zdyx7smcaim4bzwqsqzhspwha06q58gcrxfp93hw2cd0vk5crhq5p2dwzqlpacg32lrmp5sjzb798zdzy35mdmkwm"; + url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.25.tgz"; + sha512 = "5KhStqB5xpTAeGqKBAMgwaYMnQik7teQN4IAzC7npDv6kzeU6prfkR67bc87J1kWMPGkoaZSq1npmexMgkmEVg=="; }; }; - "mri-1.1.0" = { + "mri-1.1.4" = { name = "mri"; packageName = "mri"; - version = "1.1.0"; + version = "1.1.4"; src = fetchurl { - url = "https://registry.npmjs.org/mri/-/mri-1.1.0.tgz"; - sha1 = "5c0a3f29c8ccffbbb1ec941dcec09d71fa32f36a"; + url = "https://registry.npmjs.org/mri/-/mri-1.1.4.tgz"; + sha512 = "6y7IjGPm8AzlvoUrwAaw1tLnUBudaS3752vcd8JtrpGGQn+rXIe63LFVHm/YMwtqAuh+LJPCFdlLYPWM1nYn6w=="; }; }; - "nan-2.10.0" = { + "nan-2.14.0" = { name = "nan"; packageName = "nan"; - version = "2.10.0"; + version = "2.14.0"; src = fetchurl { - url = "https://registry.npmjs.org/nan/-/nan-2.10.0.tgz"; - sha512 = "349rr7x0djrlkav4gbhkg355852ingn965r0kkch8rr4cwp7qki9676zpq8cq988yszzd2hld6szsbbnd1v6rghzf11abn1nyzlj1vc"; + url = "https://registry.npmjs.org/nan/-/nan-2.14.0.tgz"; + sha512 = "INOFj37C7k3AfaNTtX8RhsTw7qRy7eLET14cROi9+5HAVbbHuIWUHEauBv5qT4Av2tWasiTY1Jw6puUNqRJXQg=="; }; }; "node-icu-charset-detector-0.2.0" = { @@ -499,13 +409,13 @@ let sha1 = "c2320da374ddcb671fc54cb4a0e041e156ffd639"; }; }; - "oauth-sign-0.8.2" = { + "oauth-sign-0.9.0" = { name = "oauth-sign"; packageName = "oauth-sign"; - version = "0.8.2"; + version = "0.9.0"; src = fetchurl { - url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz"; - sha1 = "46a6ab7f0aead8deae9ec0565780b7d4efeb9d43"; + url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz"; + sha512 = "fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ=="; }; }; "performance-now-2.1.0" = { @@ -517,13 +427,22 @@ let sha1 = "6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"; }; }; - "process-nextick-args-2.0.0" = { + "process-nextick-args-2.0.1" = { name = "process-nextick-args"; packageName = "process-nextick-args"; - version = "2.0.0"; + version = "2.0.1"; src = fetchurl { - url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz"; - sha512 = "0rw8xpqqkhs91722slvzf8icxfaimqp4w8zb3840jxr7r8n8035byl6dhdi5bm0yr6x7sdws0gf3m025fg6hqgaklwlbl4d7bah5l9j"; + url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz"; + sha512 = "3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag=="; + }; + }; + "psl-1.4.0" = { + name = "psl"; + packageName = "psl"; + version = "1.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/psl/-/psl-1.4.0.tgz"; + sha512 = "HZzqCGPecFLyoRj5HLfuDSKYTJkAfB5thKBIkRHtGjWwY7p1dAyveIbXIq4tO0KYfDF2tHqPUgY9SDnGm00uFw=="; }; }; "punycode-1.4.1" = { @@ -535,13 +454,22 @@ let sha1 = "c0d5a63b2718800ad8e1eb0fa5269c84dd41845e"; }; }; - "qs-6.5.1" = { + "punycode-2.1.1" = { + name = "punycode"; + packageName = "punycode"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz"; + sha512 = "XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A=="; + }; + }; + "qs-6.5.2" = { name = "qs"; packageName = "qs"; - version = "6.5.1"; + version = "6.5.2"; src = fetchurl { - url = "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz"; - sha512 = "3waqapyj1k4g135sgj636rmswiaixq19is1rw0rpv4qp6k7dl0a9nwy06m7yl5lbdk9p6xpwwngnggbzlzaz6rh11c86j2nvnnf273r"; + url = "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz"; + sha512 = "N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA=="; }; }; "readable-stream-2.3.6" = { @@ -550,16 +478,34 @@ let version = "2.3.6"; src = fetchurl { url = "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz"; - sha512 = "0mj9b6190amln9rg89x5pq2n195s3v0gzicpdamv1kbabg69aw5m71l34jsjn7bqil7405l6l35x9ijnb3h4jz5vx2i00l8sl1ll2xm"; + sha512 = "tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw=="; }; }; - "safe-buffer-5.1.1" = { + "safe-buffer-5.1.2" = { name = "safe-buffer"; packageName = "safe-buffer"; - version = "5.1.1"; + version = "5.1.2"; src = fetchurl { - url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz"; - sha512 = "1p28rllll1w65yzq5azi4izx962399xdsdlfbaynn7vmp981hiss05jhiy9hm7sbbfk3b4dhlcv0zy07fc59mnc07hdv6wcgqkcvawh"; + url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz"; + sha512 = "Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="; + }; + }; + "safe-buffer-5.2.0" = { + name = "safe-buffer"; + packageName = "safe-buffer"; + version = "5.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz"; + sha512 = "fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg=="; + }; + }; + "safer-buffer-2.1.2" = { + name = "safer-buffer"; + packageName = "safer-buffer"; + version = "2.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz"; + sha512 = "YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="; }; }; "sax-1.2.4" = { @@ -568,25 +514,16 @@ let version = "1.2.4"; src = fetchurl { url = "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz"; - sha512 = "1dn291mjsda42w8kldlbmngk6dhjxfbvvd5lckyqmwbjaj6069iq3wx0nvcfglwnpddz2qa93lzf4hv77iz43bd2qixa079sjzl799n"; + sha512 = "NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="; }; }; - "sntp-2.1.0" = { - name = "sntp"; - packageName = "sntp"; - version = "2.1.0"; - src = fetchurl { - url = "https://registry.npmjs.org/sntp/-/sntp-2.1.0.tgz"; - sha512 = "0k2smmr24w5hb1cpql6vcgh58vzp4pmh9anf0bgz3arlsgq1mapnlq9fjqr6xs10aq1cmxaw987fwknqi62frax0fvs9bj3q3kmpg8l"; - }; - }; - "sshpk-1.14.1" = { + "sshpk-1.16.1" = { name = "sshpk"; packageName = "sshpk"; - version = "1.14.1"; + version = "1.16.1"; src = fetchurl { - url = "https://registry.npmjs.org/sshpk/-/sshpk-1.14.1.tgz"; - sha1 = "130f5975eddad963f1d56f92b9ac6c51fa9f83eb"; + url = "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz"; + sha512 = "HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg=="; }; }; "string_decoder-1.1.1" = { @@ -595,25 +532,16 @@ let version = "1.1.1"; src = fetchurl { url = "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz"; - sha512 = "315yd4vzwrwk3vwj1klf46y1cj2jbvf88066y2rnwhksb98phj46jkxixbwsp3h607w7czy7cby522s7sx8mvspdpdm3s72y2ga3x4z"; + sha512 = "n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg=="; }; }; - "stringstream-0.0.5" = { - name = "stringstream"; - packageName = "stringstream"; - version = "0.0.5"; - src = fetchurl { - url = "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz"; - sha1 = "4e484cd4de5a0bbbee18e46307710a8a81621878"; - }; - }; - "tough-cookie-2.3.4" = { + "tough-cookie-2.4.3" = { name = "tough-cookie"; packageName = "tough-cookie"; - version = "2.3.4"; + version = "2.4.3"; src = fetchurl { - url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.4.tgz"; - sha512 = "0ncm6j3cjq1f26mzjf04k9bkw1b08w53s4qa3a11c1bdj4pgnqv1422c1xs5jyy6y1psppjx52fhagq5zkjkgrcpdkxcdiry96r77jd"; + url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.4.3.tgz"; + sha512 = "Q5srk/4vDM54WJsJio3XNn6K2sCG+CQ8G5Wz6bZhRZoAe/+TxjWB/GlFAnYEbkYVlON9FMk/fE3h2RLpPXo4lQ=="; }; }; "tunnel-agent-0.6.0" = { @@ -634,6 +562,15 @@ let sha1 = "5ae68177f192d4456269d108afa93ff8743f4f64"; }; }; + "uri-js-4.2.2" = { + name = "uri-js"; + packageName = "uri-js"; + version = "4.2.2"; + src = fetchurl { + url = "https://registry.npmjs.org/uri-js/-/uri-js-4.2.2.tgz"; + sha512 = "KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ=="; + }; + }; "util-deprecate-1.0.2" = { name = "util-deprecate"; packageName = "util-deprecate"; @@ -643,13 +580,13 @@ let sha1 = "450d4dc9fa70de732762fbd2d4a28981419a0ccf"; }; }; - "uuid-3.2.1" = { + "uuid-3.3.3" = { name = "uuid"; packageName = "uuid"; - version = "3.2.1"; + version = "3.3.3"; src = fetchurl { - url = "https://registry.npmjs.org/uuid/-/uuid-3.2.1.tgz"; - sha512 = "0843vl1c974n8kw5kn0kvhvhwk8y8jydr0xkwwl2963xxmkw4ingk6xj9c8m48jw2i95giglxzq5aw5v5mij9kv7fzln8pxav1cr6cd"; + url = "https://registry.npmjs.org/uuid/-/uuid-3.3.3.tgz"; + sha512 = "pW0No1RGHgzlpHJO1nsVrHKpOEIxkGg1xB+v0ZmdNH5OAeAwzAVrCnI2/6Mtx+Uys6iaylxa+D3g4j63IKKjSQ=="; }; }; "verror-1.10.0" = { @@ -676,16 +613,16 @@ in sources."addressparser-1.0.1" sources."array-indexofobject-0.0.1" sources."core-util-is-1.0.2" - sources."inherits-2.0.3" + sources."inherits-2.0.4" sources."isarray-1.0.0" sources."lodash.assign-4.2.0" sources."lodash.get-4.4.2" sources."lodash.has-4.5.2" sources."lodash.uniq-4.5.0" - sources."mri-1.1.0" - sources."process-nextick-args-2.0.0" + sources."mri-1.1.4" + sources."process-nextick-args-2.0.1" sources."readable-stream-2.3.6" - sources."safe-buffer-5.1.1" + sources."safe-buffer-5.1.2" sources."sax-1.2.4" sources."string_decoder-1.1.1" sources."util-deprecate-1.0.2" @@ -698,29 +635,32 @@ in }; production = true; bypassCache = true; + reconstructLock = true; }; form-data = nodeEnv.buildNodePackage { name = "form-data"; packageName = "form-data"; - version = "2.3.2"; + version = "3.0.0"; src = fetchurl { - url = "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz"; - sha1 = "4970498be604c20c005d4f5c23aecd21d6b49099"; + url = "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz"; + sha512 = "CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg=="; }; dependencies = [ sources."asynckit-0.4.0" - sources."combined-stream-1.0.6" + sources."combined-stream-1.0.8" sources."delayed-stream-1.0.0" - sources."mime-db-1.33.0" - sources."mime-types-2.1.18" + sources."mime-db-1.42.0" + sources."mime-types-2.1.25" ]; buildInputs = globalBuildInputs; meta = { description = "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications."; + homepage = "https://github.com/form-data/form-data#readme"; license = "MIT"; }; production = true; bypassCache = true; + reconstructLock = true; }; irc = nodeEnv.buildNodePackage { name = "irc"; @@ -732,8 +672,8 @@ in }; dependencies = [ sources."iconv-2.2.3" - sources."irc-colors-1.4.2" - sources."nan-2.10.0" + sources."irc-colors-1.5.0" + sources."nan-2.14.0" sources."node-icu-charset-detector-0.2.0" ]; buildInputs = globalBuildInputs; @@ -744,69 +684,66 @@ in }; production = true; bypassCache = true; + reconstructLock = true; }; request = nodeEnv.buildNodePackage { name = "request"; packageName = "request"; - version = "2.85.0"; + version = "2.88.0"; src = fetchurl { - url = "https://registry.npmjs.org/request/-/request-2.85.0.tgz"; - sha512 = "2d3hg10zs5ycnr8prmiwdhacf88fl0x0bi6szs0z2r07zcbk419laixwpjp8sqapbc2ifyyih7p3r60wgr58bmcncz3pqnx523c8zph"; + url = "https://registry.npmjs.org/request/-/request-2.88.0.tgz"; + sha512 = "NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg=="; }; dependencies = [ - sources."ajv-5.5.2" - sources."asn1-0.2.3" + sources."ajv-6.10.2" + sources."asn1-0.2.4" sources."assert-plus-1.0.0" sources."asynckit-0.4.0" sources."aws-sign2-0.7.0" - sources."aws4-1.6.0" - sources."bcrypt-pbkdf-1.0.1" - sources."boom-4.3.1" + sources."aws4-1.8.0" + sources."bcrypt-pbkdf-1.0.2" sources."caseless-0.12.0" - sources."co-4.6.0" - sources."combined-stream-1.0.6" + sources."combined-stream-1.0.8" sources."core-util-is-1.0.2" - (sources."cryptiles-3.1.2" // { - dependencies = [ - sources."boom-5.2.0" - ]; - }) sources."dashdash-1.14.1" sources."delayed-stream-1.0.0" - sources."ecc-jsbn-0.1.1" - sources."extend-3.0.1" + sources."ecc-jsbn-0.1.2" + sources."extend-3.0.2" sources."extsprintf-1.3.0" - sources."fast-deep-equal-1.1.0" + sources."fast-deep-equal-2.0.1" sources."fast-json-stable-stringify-2.0.0" sources."forever-agent-0.6.1" - sources."form-data-2.3.2" + sources."form-data-2.3.3" sources."getpass-0.1.7" sources."har-schema-2.0.0" - sources."har-validator-5.0.3" - sources."hawk-6.0.2" - sources."hoek-4.2.1" + sources."har-validator-5.1.3" sources."http-signature-1.2.0" sources."is-typedarray-1.0.0" sources."isstream-0.1.2" sources."jsbn-0.1.1" sources."json-schema-0.2.3" - sources."json-schema-traverse-0.3.1" + sources."json-schema-traverse-0.4.1" sources."json-stringify-safe-5.0.1" sources."jsprim-1.4.1" - sources."mime-db-1.33.0" - sources."mime-types-2.1.18" - sources."oauth-sign-0.8.2" + sources."mime-db-1.42.0" + sources."mime-types-2.1.25" + sources."oauth-sign-0.9.0" sources."performance-now-2.1.0" - sources."punycode-1.4.1" - sources."qs-6.5.1" - sources."safe-buffer-5.1.1" - sources."sntp-2.1.0" - sources."sshpk-1.14.1" - sources."stringstream-0.0.5" - sources."tough-cookie-2.3.4" + sources."psl-1.4.0" + sources."punycode-2.1.1" + sources."qs-6.5.2" + sources."safe-buffer-5.2.0" + sources."safer-buffer-2.1.2" + sources."sshpk-1.16.1" + (sources."tough-cookie-2.4.3" // { + dependencies = [ + sources."punycode-1.4.1" + ]; + }) sources."tunnel-agent-0.6.0" sources."tweetnacl-0.14.5" - sources."uuid-3.2.1" + sources."uri-js-4.2.2" + sources."uuid-3.3.3" sources."verror-1.10.0" ]; buildInputs = globalBuildInputs; @@ -817,28 +754,24 @@ in }; production = true; bypassCache = true; + reconstructLock = true; }; shell-quote = nodeEnv.buildNodePackage { name = "shell-quote"; packageName = "shell-quote"; - version = "1.6.1"; + version = "1.7.2"; src = fetchurl { - url = "https://registry.npmjs.org/shell-quote/-/shell-quote-1.6.1.tgz"; - sha1 = "f4781949cce402697127430ea3b3c5476f481767"; + url = "https://registry.npmjs.org/shell-quote/-/shell-quote-1.7.2.tgz"; + sha512 = "mRz/m/JVscCrkMyPqHc/bczi3OQHkLTqXHEFu0zDhK/qfv3UcOA4SVmRCLmos4bhjr9ekVQubj/R7waKapmiQg=="; }; - dependencies = [ - sources."array-filter-0.0.1" - sources."array-map-0.0.0" - sources."array-reduce-0.0.0" - sources."jsonify-0.0.0" - ]; buildInputs = globalBuildInputs; meta = { description = "quote and parse shell commands"; - homepage = "https://github.com/substack/node-shell-quote#readme"; + homepage = https://github.com/substack/node-shell-quote; license = "MIT"; }; production = true; bypassCache = true; + reconstructLock = true; }; }
\ No newline at end of file diff --git a/krebs/5pkgs/simple/newsbot-js/update.sh b/krebs/5pkgs/simple/newsbot-js/update.sh index 0c1ecc58c..ee7e43f1a 100755 --- a/krebs/5pkgs/simple/newsbot-js/update.sh +++ b/krebs/5pkgs/simple/newsbot-js/update.sh @@ -1,2 +1,4 @@ -node2nix -8 -i pkgs.json -c combine.nix +#! /usr/bin/env nix-shell +#! nix-shell -i bash -p nodePackages.node2nix +node2nix -12 -i pkgs.json -c combine.nix rm node-env.nix combine.nix diff --git a/krebs/5pkgs/simple/tinc_graphs/default.nix b/krebs/5pkgs/simple/tinc_graphs/default.nix index 20bbc53ba..025e85df0 100644 --- a/krebs/5pkgs/simple/tinc_graphs/default.nix +++ b/krebs/5pkgs/simple/tinc_graphs/default.nix @@ -2,15 +2,17 @@ python3Packages.buildPythonPackage rec { name = "tinc_graphs-${version}"; - version = "0.3.10"; + version = "0.3.11"; + propagatedBuildInputs = with pkgs;[ python3Packages.pygeoip ## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat ]; src = fetchurl { url = "mirror://pypi/t/tinc_graphs/${name}.tar.gz"; - sha256 = "0f4cvb9424fhfmc0hbzmynzh9528fyhx00ayq1nbpgd1p89yw7mc"; + sha256 = "0akvi2srwqny3cd4b9ghssq8wi4kcxd2khabnnvylzs1s9i28fpa"; }; + preFixup = with pkgs;'' wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin" wrapProgram $out/bin/all-the-graphs --prefix PATH : "${imagemagick}/bin:${graphviz}/bin:$out/bin" diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 4829bec1d..fa22e2747 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "7827d3f4497ed722fedca57fd4d5ca1a65c38256", - "date": "2019-11-03T11:21:05+01:00", - "sha256": "1ixjkb2ksri83iyhvl4a7hrfnb8zd3ps5jmirgaa7b617jn31cg6", + "rev": "3140fa89c51233397f496f49014f6b23216667c2", + "date": "2019-12-05T01:28:43+01:00", + "sha256": "18p0d5lnfvzsyfah02mf6bi249990pfwnylwhqdh8qi70ncrk3f8", "fetchSubmodules": false } diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 7fe43b4b5..446f27007 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "c5aabb0d603e2c1ea05f5a93b3be82437f5ebf31", - "date": "2019-10-31T21:10:56+01:00", - "sha256": "15fwszhn6078sbrb8qk83g8afvh4qnmvff0qbkbvq3cm1fxni2w1", + "rev": "45ea60922036b7be302b95d107595f6eb5cd0675", + "date": "2019-12-10T12:38:05+01:00", + "sha256": "11wm7af6ab2979z8yrpcprb6d99kbrjq44a48ayi4a7c58a2xb6q", "fetchSubmodules": false } diff --git a/krebs/update-nixpkgs-unstable.sh b/krebs/update-nixpkgs-unstable.sh index 068da5f6f..592023f20 100755 --- a/krebs/update-nixpkgs-unstable.sh +++ b/krebs/update-nixpkgs-unstable.sh @@ -6,4 +6,4 @@ nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --rev refs/heads/nixos-unstable' \ > $dir/nixpkgs-unstable.json newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') -git commit $dir/nixpkgs.json -m "nixpkgs-unstable: $oldrev -> $newrev" +git commit $dir/nixpkgs-unstable.json -m "nixpkgs-unstable: $oldrev -> $newrev" diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index 1a98fc058..2b4158211 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -11,4 +11,7 @@ useChecksum = true; }; }); + nixpkgs-unstable = lib.mkForce { + file.path = "/var/empty"; + }; } diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index f57d275d8..d4a389a4a 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -10,6 +10,7 @@ <stockholm/lass/2configs/network-manager.nix> <stockholm/lass/2configs/mail.nix> <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/nfs-dl.nix> ]; krebs.build.host = config.krebs.hosts.hilum; diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 86727700f..46f0892a2 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -1,5 +1,6 @@ { config, lib, pkgs, ... }: +with import <stockholm/lib>; { imports = [ <stockholm/lass> @@ -21,6 +22,18 @@ <stockholm/lass/2configs/ssh-cryptsetup.nix> ]; + #media center + users.users.media = { + isNormalUser = true; + uid = genid_uint31 "media"; + extraGroups = [ "video" "audio" ]; + }; + + services.xserver.displayManager.lightdm.autoLogin = { + enable = true; + user = "media"; + }; + krebs.build.host = config.krebs.hosts.icarus; programs.adb.enable = true; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f4c011dcf..cde65ea6c 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -110,14 +110,13 @@ with import <stockholm/lib>; systemd.services."container@hotdog".reloadIfChanged = mkForce false; containers.hotdog = { config = { ... }: { - imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ]; environment.systemPackages = [ pkgs.git ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey ]; }; - autoStart = true; + autoStart = false; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.1"; @@ -265,14 +264,10 @@ with import <stockholm/lib>; { users.users.download.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbsRjUwOMnxAt/K6A2M/33PbwQCEYVfqfmkXBwkw/L+ZLCnVxfdxJ79ds1k6kyUVcxfHcvxGvUCcM0wr4T7aaP79fsfSf3lcOgySeAtkQjfQL+IdMk0FQVz612cTPg2uWhMFvHGkGSBvSbKNw72RnUaw9qlF8fBx22FozrlmnbY4APTXeqwiF0VeBMq8qr4H9NdIoIFIcq398jn/Na8gYLUfmuDw18AWCt+u7Eg0B/qIU0hi/gK40Lk9+g8Nn19SCad1YOgNDG7aNpEwgT7I7BNXC5oLD31QKKuXmBa/mCLqRLAGW2sJ2ZhBR4tPLMgNrxtn2jxzVVjY+v3bWQnPocB9H9PsdtdNrULLfeJ4y9a3p3kfOzOgYMrnPAjasrkiIyOBBNEFAn/bbvpH01glbF8tVMcPOSD+W89oxTBEgqk6w34QAfySDMW34dIUHeq82v+X0wN9SK6xbBRBsjSpAC4ZcNyzl1JLIMcdZ5mbQXakD3kzDFs5kfjxlkrp3S5gqiSmCp5w/osykjxSH6wnPPCcgzpCBNGRULKw5vbzDSnLAQ3nSYB9tIj4Hp62XymsxVnY+6MsVVy206BYAXrKJomK7sIeLL2wIMYNnAUdSBjqQ5IEE2m+5+YaK0NMNsk2munNrN96ZE3r5xe/BDqfaLMpPfosOTXBtT7tLMlV6zkQ== palo@workout" + config.krebs.users.palo.pubkey ]; } { - } - { lass.nichtparasoup.enable = true; services.nginx = { enable = true; @@ -322,6 +317,7 @@ with import <stockholm/lib>; services.murmur.registerName = "lassul.us"; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} + { predicate = "-p udp --dport 64738"; target = "ACCEPT";} ]; } @@ -342,6 +338,19 @@ with import <stockholm/lib>; localAddress = "10.233.2.14"; }; + services.nginx.virtualHosts."lassul.us".locations."^~ /flix/".extraConfig = '' + if ($scheme != "https") { + rewrite ^ https://$host$request_uri permanent; + } + auth_basic "Restricted Content"; + auth_basic_user_file ${pkgs.writeText "flix-user-pass" '' + krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 + ''}; + proxy_pass http://10.233.2.14:80/; + proxy_set_header Accept-Encoding ""; + sub_filter "https://lassul.us/" "https://lassul.us/flix/"; + sub_filter_once off; + ''; services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' if ($scheme != "https") { rewrite ^ https://$host$request_uri permanent; @@ -350,6 +359,7 @@ with import <stockholm/lib>; auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 ''}; + proxy_pass_header X-Transmission-Session-Id; proxy_pass http://10.233.2.14:9091; ''; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index ad510283f..b3de15837 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -18,14 +18,11 @@ with import <stockholm/lib>; <stockholm/lass/2configs/green-host.nix> <stockholm/lass/2configs/ssh-cryptsetup.nix> <stockholm/lass/2configs/nfs-dl.nix> + <stockholm/lass/2configs/gg23.nix> ]; krebs.build.host = config.krebs.hosts.shodan; - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - #media center users.users.media = { isNormalUser = true; @@ -38,77 +35,7 @@ with import <stockholm/lib>; user = "media"; }; - #hass - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 1883"; target = "ACCEPT"; } - # zerotierone - { predicate = "-p udp --dport 9993"; target = "ACCEPT"; } - ]; + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; - services.home-assistant = let - tasmota_s20 = name: topic: { - platform = "mqtt"; - inherit name; - state_topic = "stat/${topic}/POWER"; - command_topic = "cmnd/${topic}/POWER"; - payload_on = "ON"; - payload_off = "OFF"; - }; - in { - enable = true; - package = pkgs.home-assistant.override { - python3 = pkgs.python36; - #extraComponents = [ - # (pkgs.fetchgit { - # url = "https://github.com/marcschumacher/dwd_pollen"; - # rev = "0.1"; - # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p"; - # }) - #]; - }; - config = { - homeassistant = { - name = "Home"; time_zone = "Europe/Berlin"; - latitude = "48.7687"; - longitude = "9.2478"; - elevation = 247; - }; - sun.elevation = 66; - discovery = {}; - frontend = { }; - mqtt = { - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - username = "gg23"; - password = "gg23-mqtt"; - keepalive = 60; - protocol = 3.1; - }; - sensor = [ - ]; - switch = [ - (tasmota_s20 "Drucker Strom" "drucker") - (tasmota_s20 "Bett Licht" "bett") - ]; - device_tracker = [ - { - platform = "luci"; - } - ]; - }; - }; - - services.mosquitto = { - enable = true; - host = "0.0.0.0"; - allowAnonymous = false; - checkPasswords = true; - users.gg23 = { - password = "gg23-mqtt"; - acl = [ "topic readwrite #" ]; - }; - }; - environment.systemPackages = [ pkgs.mosquitto ]; } diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 7cfeba932..39a4d9661 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -46,5 +46,6 @@ services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:69:ea:71", NAME="int0" ''; } diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix index e4ccffe23..6e0a2385c 100644 --- a/lass/2configs/br.nix +++ b/lass/2configs/br.nix @@ -19,7 +19,7 @@ with import <stockholm/lib>; netDevices = { bra = { model = "MFCL2700DN"; - ip = "10.42.23.221"; + ip = "10.42.0.4"; }; }; }; diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix index 5f802148b..e55090de9 100644 --- a/lass/2configs/codimd.nix +++ b/lass/2configs/codimd.nix @@ -1,6 +1,5 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: with import <stockholm/lib>; - { services.nginx.virtualHosts.codimd = { enableACME = true; diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix new file mode 100644 index 000000000..2ec7b94d3 --- /dev/null +++ b/lass/2configs/gg23.nix @@ -0,0 +1,134 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; + +{ + networking.networkmanager.unmanaged = [ "int0" ]; + networking.interfaces.int0.ipv4.addresses = [{ + address = "10.42.0.1"; + prefixLength = 24; + }]; + + services.dhcpd4 = { + enable = true; + interfaces = [ "int0" ]; + extraConfig = '' + option subnet-mask 255.255.255.0; + option routers 10.42.0.1; + option domain-name-servers 10.42.0.1; + subnet 10.42.0.0 netmask 255.255.255.0 { + range 10.42.0.100 10.42.0.200; + } + ''; + machines = [ + { ethernetAddress = "c8:3d:d4:2c:40:ae"; hostName = "tv"; ipAddress = "10.42.0.3"; } + { ethernetAddress = "3c:2a:f4:22:28:37"; hostName = "drucker"; ipAddress = "10.42.0.4"; } + { ethernetAddress = "80:7d:3a:67:b7:01"; hostName = "s20-bett"; ipAddress = "10.42.0.10"; } + { ethernetAddress = "80:7d:3a:68:04:f0"; hostName = "s20-drucker"; ipAddress = "10.42.0.11"; } + { ethernetAddress = "80:7d:3a:68:11:a5"; hostName = "s20-kueche"; ipAddress = "10.42.0.12"; } + { ethernetAddress = "80:7d:3a:67:bb:69"; hostName = "s20-stereo"; ipAddress = "10.42.0.13"; } + { ethernetAddress = "80:8d:b7:c5:80:dc"; hostName = "arubaAP"; ipAddress = "10.42.0.99"; } + ]; + }; + + services.dnsmasq = { + enable = true; + resolveLocalQueries = false; + + extraConfig = '' + local=/gg23/ + domain=gg23 + expand-hosts + listen-address=10.42.0.1 + interface=int0 + ''; + }; + + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass + { predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass + { predicate = "-i int0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto + { predicate = "-i int0 -p udp --dport 53"; target = "ACCEPT"; } # dns + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; predicate = "-d 10.42.0.0/24 -o int0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } + { v6 = false; predicate = "-s 10.42.0.0/24 -i int0"; target = "ACCEPT"; } + { v6 = false; predicate = "-o int0"; target = "REJECT --reject-with icmp-port-unreachable"; } + { v6 = false; predicate = "-i int0"; target = "REJECT --reject-with icmp-port-unreachable"; } + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; precedence = 1000; } + ]; + krebs.iptables.tables.nat.POSTROUTING.rules = [ + { v6 = false; predicate = "-s 10.42.0.0/24 ! -d 10.42.0.0/24"; target = "MASQUERADE"; } + ]; + + services.home-assistant = let + tasmota_s20 = name: topic: { + platform = "mqtt"; + inherit name; + state_topic = "stat/${topic}/POWER"; + command_topic = "cmnd/${topic}/POWER"; + payload_on = "ON"; + payload_off = "OFF"; + }; + in { + enable = true; + package = pkgs.home-assistant.override { + python3 = pkgs.python36; + #extraComponents = [ + # (pkgs.fetchgit { + # url = "https://github.com/marcschumacher/dwd_pollen"; + # rev = "0.1"; + # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p"; + # }) + #]; + }; + config = { + homeassistant = { + name = "Home"; time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + elevation = 247; + }; + sun.elevation = 66; + discovery = {}; + frontend = { }; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + username = "gg23"; + password = "gg23-mqtt"; + keepalive = 60; + protocol = 3.1; + }; + sensor = [ + ]; + switch = [ + (tasmota_s20 "Drucker Strom" "drucker") + (tasmota_s20 "Bett Licht" "bett") + (tasmota_s20 "Kueche Licht" "kueche") + ]; + device_tracker = [ + { + platform = "luci"; + } + ]; + }; + }; + + services.mosquitto = { + enable = true; + host = "0.0.0.0"; + allowAnonymous = false; + checkPasswords = true; + users.gg23 = { + password = "gg23-mqtt"; + acl = [ "topic readwrite #" ]; + }; + }; + environment.systemPackages = [ pkgs.mosquitto ]; + +} + diff --git a/lass/5pkgs/autowifi b/lass/5pkgs/autowifi new file mode 160000 +Subproject cf3ae8f6fe285eab67db4f36f9a3da3762c3531 diff --git a/lass/5pkgs/autowifi/autowifi.py b/lass/5pkgs/autowifi/autowifi.py deleted file mode 100644 index fa3d007e7..000000000 --- a/lass/5pkgs/autowifi/autowifi.py +++ /dev/null @@ -1,228 +0,0 @@ -import subprocess -import time -import urllib.request -import logging -import argparse -import socket -import struct -import signal -import os - -wifiDB = '' -logger = logging.getLogger() -got_signal = False - - -def signal_handler(signum, frame): - global got_signal - got_signal = True - - -def get_default_gateway() -> str: - """Read the default gateway directly from /proc.""" - with open("/proc/net/route") as fh: - for line in fh: - fields = line.strip().split() - if fields[1] != '00000000' or not int(fields[3], 16) & 2: - continue - - return socket.inet_ntoa(struct.pack("<L", int(fields[2], 16))) - - -def connect(ssid, psk=None): - subprocess.run( - ["nmcli", "connection", "delete", "autowifi"], - stdout=subprocess.PIPE, - ) - logging.info('connecting to %s', ssid) - if psk is None: - subprocess.run( - [ - "nmcli", - "device", - "wifi", - "connect", - ssid, - "name", - "autowifi", - ], - stdout=subprocess.PIPE, - ) - else: - subprocess.run( - [ - "nmcli", - "device", - "wifi", - "connect", - ssid, - "name", - "autowifi", - "password", - psk, - ], - stdout=subprocess.PIPE, - ) - time.sleep(5) - - -def scan(): - logging.debug('scanning wifis') - wifis_raw = subprocess.check_output([ - "nmcli", - "-t", - "device", - "wifi", - "list", - "--rescan", - "yes", - ]) - wifis_list = wifis_raw.split(b'\n') - logging.debug('scanning wifis finished') - wifis = [] - for line in wifis_list: - logging.debug(line) - ls = line.split(b':') - if len(ls) == 8: - wifis.append({ - "ssid": ls[1], - "signal": int(ls[5]), - "crypto": ls[7] - }) - return wifis - - -def get_known_wifis(): - wifis_lines = [] - with open(wifiDB) as f: - wifis_lines = f.read().splitlines() - wifis = [] - for line in wifis_lines: - ls = line.split('/') - wifis.append({"ssid": ls[0].encode(), "psk": ls[1].encode()}) - return wifis - - -def check_network(): - logging.debug('checking network') - - global got_signal - if got_signal: - logging.info('got disconnect signal') - got_signal = False - return False - else: - gateway = get_default_gateway() - if gateway: - response = subprocess.run( - [ - 'ping', - '-q', - '-c', - '1', - gateway, - ], - stdout=subprocess.PIPE, - ) - if response.returncode == 0: - logging.debug('host %s is up', gateway) - return True - else: - logging.debug('host %s is down', gateway) - return False - else: - logging.debug('no gateway') - return False - - -def check_internet(): - logging.debug('checking internet') - - try: - with open('./dummy_internet') as f: - dummy_content = f.read() - if dummy_content == 'xxx\n': - return True - beacon = urllib.request.urlopen('http://krebsco.de/secret') - except Exception as e: # noqa - logging.debug(e) - logging.info('no internet exc') - return False - if beacon.read() == b'1337\n': - return True - logging.info('no internet oh') - return False - - -def is_wifi_open(wifi): - if wifi['crypto'] == b'': - return True - else: - return False - - -def is_wifi_seen(wifi, seen_wifis): - for seen_wifi in seen_wifis: - if seen_wifi["ssid"] == wifi["ssid"]: - return True - return False - - -def main(): - parser = argparse.ArgumentParser() - - parser.add_argument( - '-c', '--config', - dest='config', - help='wifi config file to use', - default='/etc/wifis', - ) - - parser.add_argument( - '-l', '--loglevel', - dest='loglevel', - help='loglevel to use', - default=logging.INFO, - ) - - parser.add_argument( - '-p', '--pidfile', - dest='pidfile', - help='file to write the pid to', - default=None, - ) - - args = parser.parse_args() - - global wifiDB - wifiDB = args.config - logger.setLevel(args.loglevel) - - signal.signal(signal.SIGUSR1, signal_handler) - - if args.pidfile: - with open(args.pidfile, 'w+') as f: - f.write(str(os.getpid())) - - while True: - if not check_network(): - wifis = scan() - known_wifis = get_known_wifis() - known_seen_wifis = [ - wifi for wifi in known_wifis if is_wifi_seen(wifi, wifis) - ] - for wifi in known_seen_wifis: - connect(wifi['ssid'], wifi['psk']) - if check_network(): - break - open_wifis = filter(is_wifi_open, wifis) - for wifi in open_wifis: - connect(wifi['ssid']) - - if check_network(): - break - time.sleep(10) - - -if __name__ == '__main__': - main() diff --git a/lass/5pkgs/autowifi/default.nix b/lass/5pkgs/autowifi/default.nix deleted file mode 100644 index d565a6bb6..000000000 --- a/lass/5pkgs/autowifi/default.nix +++ /dev/null @@ -1 +0,0 @@ -pkgs.writers.writePython3Bin "autowifi" {} ./autowifi.py diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix index fdf203d5b..6c4f62310 100644 --- a/makefu/1systems/iso/config.nix +++ b/makefu/1systems/iso/config.nix @@ -3,20 +3,32 @@ with import <stockholm/lib>; { imports = [ - <stockholm/makefu> + #<stockholm/makefu> <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix> <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix> - <stockholm/makefu/2configs/tools/core.nix> + # <stockholm/makefu/2configs/tools/core.nix> + ./justdoit.nix + { + kexec.justdoit = { + # bootSize = 512; + rootDevice = "/dev/sdb"; + swapSize = 1024; + bootType = "vfat"; + luksEncrypt = true; + uefi = true; + }; + } ]; + boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now - # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos - krebs.build.host = { cores = 0; }; + # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos + #krebs.build.host = { cores = 0; }; isoImage.isoBaseName = lib.mkForce "stockholm"; - krebs.hidden-ssh.enable = true; - environment.systemPackages = with pkgs; [ - aria2 - ddrescue - ]; + #krebs.hidden-ssh.enable = true; + # environment.systemPackages = with pkgs; [ + # aria2 + # ddrescue + # ]; environment.extraInit = '' EDITOR=vim ''; diff --git a/makefu/1systems/iso/justdoit.nix b/makefu/1systems/iso/justdoit.nix new file mode 100644 index 000000000..7947953f9 --- /dev/null +++ b/makefu/1systems/iso/justdoit.nix @@ -0,0 +1,128 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + cfg = config.kexec.justdoit; + x = if cfg.nvme then "p" else ""; +in { + options = { + kexec.justdoit = { + rootDevice = mkOption { + type = types.str; + default = "/dev/sda"; + description = "the root block device that justdoit will nuke from orbit and force nixos onto"; + }; + bootSize = mkOption { + type = types.int; + default = 256; + description = "size of /boot in mb"; + }; + bootType = mkOption { + type = types.enum [ "ext4" "vfat" "zfs" ]; + default = "ext4"; + }; + swapSize = mkOption { + type = types.int; + default = 1024; + description = "size of swap in mb"; + }; + poolName = mkOption { + type = types.str; + default = "tank"; + description = "zfs pool name"; + }; + luksEncrypt = mkOption { + type = types.bool; + default = false; + description = "encrypt all of zfs and swap"; + }; + uefi = mkOption { + type = types.bool; + default = false; + description = "create a uefi install"; + }; + nvme = mkOption { + type = types.bool; + default = false; + description = "rootDevice is nvme"; + }; + }; + }; + config = let + mkBootTable = { + ext4 = "mkfs.ext4 $NIXOS_BOOT -L NIXOS_BOOT"; + vfat = "mkfs.vfat $NIXOS_BOOT -n NIXOS_BOOT"; + zfs = ""; + }; + in lib.mkIf true { + system.build.justdoit = pkgs.writeScriptBin "justdoit" '' + #!${pkgs.stdenv.shell} + set -e + vgchange -a n + wipefs -a ${cfg.rootDevice} + dd if=/dev/zero of=${cfg.rootDevice} bs=512 count=10000 + sfdisk ${cfg.rootDevice} <<EOF + label: gpt + device: ${cfg.rootDevice} + unit: sectors + ${lib.optionalString (cfg.bootType != "zfs") "1 : size=${toString (2048 * cfg.bootSize)}, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4"} + ${lib.optionalString (! cfg.uefi) "4 : size=4096, type=21686148-6449-6E6F-744E-656564454649"} + 2 : size=${toString (2048 * cfg.swapSize)}, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F + 3 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 + EOF + ${if cfg.luksEncrypt then '' + cryptsetup luksFormat ${cfg.rootDevice}${x}2 + cryptsetup open --type luks ${cfg.rootDevice}${x}2 swap + cryptsetup luksFormat ${cfg.rootDevice}${x}3 + cryptsetup open --type luks ${cfg.rootDevice}${x}3 root + export ROOT_DEVICE=/dev/mapper/root + export SWAP_DEVICE=/dev/mapper/swap + '' else '' + export ROOT_DEVICE=${cfg.rootDevice}${x}3 + export SWAP_DEVICE=${cfg.rootDevice}${x}2 + ''} + ${lib.optionalString (cfg.bootType != "zfs") "export NIXOS_BOOT=${cfg.rootDevice}${x}1"} + mkdir -p /mnt + ${mkBootTable.${cfg.bootType}} + mkswap $SWAP_DEVICE -L NIXOS_SWAP + zpool create -o ashift=12 -o altroot=/mnt ${cfg.poolName} $ROOT_DEVICE + zfs create -o mountpoint=legacy ${cfg.poolName}/root + zfs create -o mountpoint=legacy ${cfg.poolName}/home + zfs create -o mountpoint=legacy ${cfg.poolName}/nix + swapon $SWAP_DEVICE + mount -t zfs ${cfg.poolName}/root /mnt/ + mkdir /mnt/{home,nix,boot} + mount -t zfs ${cfg.poolName}/home /mnt/home/ + mount -t zfs ${cfg.poolName}/nix /mnt/nix/ + ${lib.optionalString (cfg.bootType != "zfs") "mount $NIXOS_BOOT /mnt/boot/"} + nixos-generate-config --root /mnt/ + hostId=$(echo $(head -c4 /dev/urandom | od -A none -t x4)) + cp ${./target-config.nix} /mnt/etc/nixos/configuration.nix + cat > /mnt/etc/nixos/generated.nix <<EOF + { ... }: + { + ${if cfg.uefi then '' + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.device = "nodev"; + '' else '' + boot.loader.grub.device = "${cfg.rootDevice}"; + ''} + networking.hostId = "$hostId"; # required for zfs use + ${lib.optionalString cfg.luksEncrypt '' + boot.initrd.luks.devices = [ + { name = "swap"; device = "${cfg.rootDevice}${x}2"; preLVM = true; } + { name = "root"; device = "${cfg.rootDevice}${x}3"; preLVM = true; } + ]; + ''} + } + EOF + nixos-install + umount /mnt/home /mnt/nix ${lib.optionalString (cfg.bootType != "zfs") "/mnt/boot"} /mnt + zpool export ${cfg.poolName} + swapoff $SWAP_DEVICE + ''; + environment.systemPackages = [ config.system.build.justdoit ]; + boot.supportedFilesystems = [ "zfs" ]; + }; +} diff --git a/makefu/1systems/iso/target-config.nix b/makefu/1systems/iso/target-config.nix new file mode 100644 index 000000000..ba4e3207b --- /dev/null +++ b/makefu/1systems/iso/target-config.nix @@ -0,0 +1,40 @@ +{ ... }: + +{ + imports = [ ./hardware-configuration.nix ./generated.nix ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues + boot.zfs.forceImportRoot = false; + boot.zfs.forceImportAll = false; + boot.kernelParams = [ + "boot.shell_on_fail" + "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues + ]; + users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ]; + boot.tmpOnTmpfs = true; + programs.bash.enableCompletion = true; + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + # minimal + programs.command-not-found.enable = false; + time.timeZone = "Europe/Berlin"; + programs.ssh.startAgent = false; + nix.useSandbox = true; + users.mutableUsers = false; + networking.firewall.rejectPackets = true; + networking.firewall.allowPing = true; + services.openssh.enable = true; + i18n = { + consoleKeyMap = "us"; + defaultLocale = "en_US.UTF-8"; + }; + boot.kernel.sysctl = { + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; + services.nscd.enable = false; +} diff --git a/makefu/2configs/nginx/share-download.nix b/makefu/2configs/nginx/dl.euer.krebsco.de.nix index 828a66a74..828a66a74 100644 --- a/makefu/2configs/nginx/share-download.nix +++ b/makefu/2configs/nginx/dl.euer.krebsco.de.nix diff --git a/mb/1systems/gr33n/configuration.nix b/mb/1systems/gr33n/configuration.nix deleted file mode 100644 index dcf987791..000000000 --- a/mb/1systems/gr33n/configuration.nix +++ /dev/null @@ -1,144 +0,0 @@ -{ config, pkgs, callPackage, ... }: let - unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - <stockholm/mb> - ]; - - krebs.build.host = config.krebs.hosts.gr33n; - - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; - fileSystems."/mnt/public" = { - device = "//192.168.0.4/public"; - fsType = "cifs"; - options = let - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ]; - }; - - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - nixpkgs.config.allowUnfree = true; - - nixpkgs.config.packageOverrides = super: { - openvpn = super.openvpn.override { - pkcs11Support = true; - useSystemd = false; - }; - }; - - environment.shellAliases = { - ll = "ls -alh"; - ls = "ls --color=tty"; - }; - - environment.systemPackages = with pkgs; [ - curl - fish - git - htop - nmap - ranger - tcpdump - tmux - traceroute - tree - vim - wcalc - wget - xz - zbackup - ]; - - programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - - sound.enable = false; - - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - services.codimd = { - enable = true; - workDir = "/storage/codimd"; - configuration = { - port = 1337; - host = "0.0.0.0"; - db = { - dialect = "sqlite"; - storage = "/storage/codimd/db.codimd.sqlite"; - }; - }; - }; - - networking.wireless.enable = false; - networking.networkmanager.enable = false; - krebs.iptables.enable = true; - networking.enableIPv6 = false; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " <nix-shell>" - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - nix.buildCores = 4; - system.autoUpgrade.enable = false; - system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; - system.stateVersion = "19.03"; - -} diff --git a/mb/1systems/gr33n/hardware-configuration.nix b/mb/1systems/gr33n/hardware-configuration.nix deleted file mode 100644 index 1d13b8dc7..000000000 --- a/mb/1systems/gr33n/hardware-configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.initrd.mdadmConf = '' - ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 name=gr33n:0 UUID=5b715fd9:0be6bfa6:19f07db4:c16836d6 - devices=/dev/sda1,/dev/sdb1,/dev/sdc1,/dev/sdd1 - ''; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/a9f2c19b-f60f-450c-87f1-146a54c4198b"; - fsType = "ext4"; - }; - fileSystems."/storage" = - { device = "/dev/disk/by-label/storage"; - fsType = "ext4"; - }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/93EB-BCA3"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/mb/1systems/orange/configuration.nix b/mb/1systems/orange/configuration.nix deleted file mode 100644 index b43bd8a0f..000000000 --- a/mb/1systems/orange/configuration.nix +++ /dev/null @@ -1,238 +0,0 @@ -{ config, pkgs, callPackage, ... }: let - unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - <stockholm/mb> - <stockholm/mb/2configs/nvim.nix> - ]; - - krebs.build.host = config.krebs.hosts.orange; - - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/09a36f91-a713-4b82-8b41-4e7a6acc4acf"; - preLVM = true; - allowDiscards = true; - } - ]; - - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; - fileSystems."/mnt/public" = { - device = "//192.168.0.4/public"; - fsType = "cifs"; - options = let - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ]; - }; - - - # Select internationalisation properties. - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - nixpkgs.config.packageOverrides = super: { - openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; }; - }; - - nixpkgs.config.allowUnfree = true; - - fonts = { - enableCoreFonts = true; - enableGhostscriptFonts = true; - fonts = with pkgs; [ - anonymousPro - corefonts - dejavu_fonts - envypn-font - fira - gentium - gohufont - inconsolata - liberation_ttf - powerline-fonts - source-code-pro - terminus_font - ttf_bitstream_vera - ubuntu_font_family - unifont - unstable.cherry - xorg.fontbitstream100dpi - xorg.fontbitstream75dpi - xorg.fontbitstreamtype1 - ]; - }; - - environment.systemPackages = with pkgs; [ - adapta-gtk-theme - aircrackng - ag - arandr - binutils - chromium - cifs-utils - curl - evince - exfat - feh - file - firefox - freetype - gimp - git - gnupg - graphite2 - hicolor_icon_theme - htop - i3lock - jq - keepassx2 - kvm - lxappearance - man-pages - moc - mpv - mpvc - mupdf - ncdu - nmap - openvpn - pass - p7zip - powertop - ranger - rofi - sshfs - tcpdump - tmux - traceroute - tree - unstable.alacritty - unstable.ponyc - unstable.sublime3 - unstable.youtube-dl - virt-viewer - virtmanager - vulnix - wcalc - wget - xz - zbackup - ]; - - environment.variables = { - EDITOR = ["nvim"]; - }; - - environment.shellAliases = { - ll = "ls -alh"; - ls = "ls --color=tty"; - }; - - virtualisation.libvirtd.enable = true; - #virtualisation.kvmgt.enable = true; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - sound.enable = true; - hardware.pulseaudio.enable = true; - hardware.pulseaudio.support32Bit = true; - nixpkgs.config.pulseaudio = true; - - services.xserver = { - enable = true; - layout = "de"; - xkbVariant = "nodeadkeys"; - libinput.enable = true; - desktopManager = { - default = "xfce"; - xterm.enable = false; - xfce = { - enable = true; - noDesktop = true; - enableXfwm = false; - }; - }; - windowManager.ratpoison.enable = true; - }; - - services.openssh.enable = true; - #services.openssh.permitRootLogin = "yes"; - services.openssh.passwordAuthentication = false; - - networking.wireless.enable = false; - networking.networkmanager.enable = false; - krebs.iptables.enable = true; - #networking.nameservers = [ "8.8.8.8" "141.1.1.1" ]; - networking.enableIPv6 = false; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " <nix-shell>" - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - nix.maxJobs = 4; - nix.buildCores = 4; - system.autoUpgrade.enable = false; - system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; - system.stateVersion = "19.03"; - -} diff --git a/mb/1systems/orange/hardware-configuration.nix b/mb/1systems/orange/hardware-configuration.nix deleted file mode 100644 index 8aa191269..000000000 --- a/mb/1systems/orange/hardware-configuration.nix +++ /dev/null @@ -1,28 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/b1d32c54-35f8-4bf1-9fd2-82adc760af01"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/BF9B-03A2"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; -} diff --git a/mb/1systems/p1nk/configuration.nix b/mb/1systems/p1nk/configuration.nix deleted file mode 100644 index 19efc75b0..000000000 --- a/mb/1systems/p1nk/configuration.nix +++ /dev/null @@ -1,227 +0,0 @@ -{ config, pkgs, callPackage, ... }: let - unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - <stockholm/mb> - <stockholm/mb/2configs/nvim.nix> - ]; - - krebs.build.host = config.krebs.hosts.p1nk; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/0392257b-f6cf-484d-8c46-e20aab4fddb7"; - preLVM = true; - allowDiscards = true; - } - ]; - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; - fileSystems."/mnt/public" = { - device = "//192.168.0.4/public"; - fsType = "cifs"; - options = let - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ]; - }; - - - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - fonts = { - enableCoreFonts = true; - enableGhostscriptFonts = true; - fonts = with pkgs; [ - anonymousPro - corefonts - dejavu_fonts - envypn-font - fira - gentium - gohufont - inconsolata - liberation_ttf - powerline-fonts - source-code-pro - terminus_font - ttf_bitstream_vera - ubuntu_font_family - unifont - unstable.cherry - xorg.fontbitstream100dpi - xorg.fontbitstream75dpi - xorg.fontbitstreamtype1 - ]; - }; - - nixpkgs.config.packageOverrides = super: { - openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; }; - }; - - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = with pkgs; [ - adapta-gtk-theme - aircrackng - ag - arandr - binutils - chromium - cifs-utils - curl - evince - exfat - feh - file - firefox - freetype - gimp - git - gnupg - graphite2 - hicolor_icon_theme - htop - i3lock - jq - keepassx2 - kvm - lxappearance - man-pages - moc - mpv - mpvc - mupdf - ncdu - nmap - openvpn - pass - p7zip - powertop - ranger - rofi - sshfs - tcpdump - tmux - traceroute - tree - unstable.alacritty - unstable.ponyc - unstable.sublime3 - youtube-dl - virt-viewer - virtmanager - vulnix - wcalc - wget - xz - zbackup - ]; - - environment.shellAliases = { - ll = "ls -alh"; - ls = "ls --color=tty"; - }; - - virtualisation.libvirtd.enable = true; - virtualisation.kvmgt.enable = true; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - sound.enable = true; - hardware.pulseaudio.enable = true; - hardware.pulseaudio.support32Bit = true; - - services.xserver = { - enable = true; - layout = "de"; - xkbOptions = "nodeadkeys"; - libinput.enable = true; - desktopManager = { - default = "xfce"; - xterm.enable = false; - xfce = { - enable = true; - noDesktop = true; - enableXfwm = false; - }; - }; - windowManager.ratpoison.enable = true; - windowManager.pekwm.enable = true; - }; - - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - krebs.iptables.enable = true; - networking.networkmanager.enable = false; - networking.wireless.enable = true; - networking.nameservers = [ "8.8.8.8" "141.1.1.1" ]; - networking.enableIPv6 = false; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " <nix-shell>" - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color magenta) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - nix.maxJobs = 4; - nix.buildCores = 4; - system.autoUpgrade.enable = false; - system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; - system.stateVersion = "19.03"; - -} diff --git a/mb/1systems/p1nk/hardware-configuration.nix b/mb/1systems/p1nk/hardware-configuration.nix deleted file mode 100644 index ab5b6e204..000000000 --- a/mb/1systems/p1nk/hardware-configuration.nix +++ /dev/null @@ -1,29 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/4cc2add6-ed19-4685-bbd9-b992bd8d51fb"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9F87-AEAA"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/mb/1systems/rofl/configuration.nix b/mb/1systems/rofl/configuration.nix deleted file mode 100644 index 3c5c56c84..000000000 --- a/mb/1systems/rofl/configuration.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ config, pkgs, callPackage, ... }: let - unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - <stockholm/mb/2configs/google-compute-config.nix> - <stockholm/mb> - ]; - - krebs.build.host = config.krebs.hosts.rofl; - - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - nixpkgs.config.allowUnfree = true; - - environment.shellAliases = { - ll = "ls -alh"; - ls = "ls --color=tty"; - }; - - environment.systemPackages = with pkgs; [ - curl - fish - git - htop - nmap - ranger - tcpdump - tmux - traceroute - tree - vim - xz - zbackup - ]; - - sound.enable = false; - - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - networking.wireless.enable = false; - networking.networkmanager.enable = false; - krebs.iptables.enable = true; - networking.enableIPv6 = false; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " <nix-shell>" - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - system.autoUpgrade.enable = false; - system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; - system.stateVersion = "19.03"; - -} diff --git a/mb/1systems/sunsh1n3/configuration.nix b/mb/1systems/sunsh1n3/configuration.nix deleted file mode 100644 index 633d122ea..000000000 --- a/mb/1systems/sunsh1n3/configuration.nix +++ /dev/null @@ -1,181 +0,0 @@ - -{ config, pkgs, ... }: let - unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - <stockholm/mb> - ]; - - krebs.build.host = config.krebs.hosts.sunsh1n3; - - boot.kernelPackages = pkgs.linuxPackages_latest; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; - - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/5354ba31-c7de-4b55-8f86-a2a437dfbb21"; - preLVM = true; - allowDiscards = true; - } - ]; - - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - nixpkgs.config.packageOverrides = super : { - openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = true ; }; - }; - - nixpkgs.config.allowUnfree = true; - - fonts = { - enableCoreFonts = true; - enableGhostscriptFonts = true; - fonts = with pkgs; [ - anonymousPro - corefonts - dejavu_fonts - envypn-font - fira - gentium - gohufont - inconsolata - liberation_ttf - powerline-fonts - source-code-pro - terminus_font - ttf_bitstream_vera - ubuntu_font_family - unifont - unstable.cherry - xorg.fontbitstream100dpi - xorg.fontbitstream75dpi - xorg.fontbitstreamtype1 - ]; - }; - - environment.systemPackages = with pkgs; [ - wget vim git curl fish - ag - chromium - firefox - gimp - p7zip - htop - mpv - mpvc - nmap - ntfs3g - keepassx2 - sshfs - #unstable.skrooge - skrooge - unstable.alacritty - tmux - tree - wcalc - virtmanager - virt-viewer - (wine.override { wineBuild = "wineWow"; }) - xz - zbackup - ]; - - virtualisation.libvirtd.enable = true; - virtualisation.kvmgt.enable = true; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - - programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - programs.dconf.enable = true; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - krebs.iptables.enable = true; - #networking.wireless.enable = true; - networking.networkmanager.enable = true; - networking.enableIPv6 = false; - - # Enable sound. - sound.enable = true; - hardware.pulseaudio.enable = true; - hardware.pulseaudio.support32Bit = true; - nixpkgs.config.pulseaudio = true; - - services.xserver.enable = true; - services.xserver.layout = "de"; - services.xserver.xkbOptions = "nodeadkeys"; - services.xserver.libinput.enable = true; - - # Enable the KDE Desktop Environment. - services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " <nix-shell>" - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - nix.buildCores = 4; - - system.stateVersion = "19.09"; - -} diff --git a/mb/1systems/sunsh1n3/hardware-configuration.nix b/mb/1systems/sunsh1n3/hardware-configuration.nix deleted file mode 100644 index 2beee7c4f..000000000 --- a/mb/1systems/sunsh1n3/hardware-configuration.nix +++ /dev/null @@ -1,29 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/a3257922-d2d4-45ae-87cc-cc38d32e0774"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/60A6-4DAB"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/mb/2configs/default.nix b/mb/2configs/default.nix deleted file mode 100644 index 3066d1c36..000000000 --- a/mb/2configs/default.nix +++ /dev/null @@ -1,222 +0,0 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: -{ - imports = [ - { - users.users = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.mb.pubkey - ]; - }; - mb = { - name = "mb"; - uid = 1337; - home = "/home/mb"; - group = "users"; - createHome = true; - shell = "/run/current-system/sw/bin/fish"; - extraGroups = [ - "audio" - "video" - "fuse" - "wheel" - "kvm" - "qemu-libvirtd" - "libvirtd" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.mb.pubkey - ]; - }; - xo = { - name = "xo"; - uid = 2323; - home = "/home/xo"; - group = "users"; - createHome = true; - shell = "/run/current-system/sw/bin/fish"; - extraGroups = [ - "audio" - "video" - "fuse" - "wheel" - "kvm" - "qemu-libvirtd" - "libvirtd" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.mb.pubkey - ]; - }; - }; - } - { - environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - } - (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in { - environment.variables = { - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; - }) - ]; - - networking.hostName = config.krebs.build.host.name; - - krebs = { - enable = true; - build.user = config.krebs.users.mb; - }; - - users.mutableUsers = true; - - services.timesyncd.enable = mkForce true; - - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - # multiple-definition-problem when defining environment.variables.EDITOR - environment.extraInit = '' - EDITOR=vim - ''; - - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = with pkgs; [ - #stockholm - git - git-preview - gnumake - jq - parallel - proot - populate - - #style - most - rxvt_unicode.terminfo - - #monitoring tools - htop - iotop - - #network - iptables - iftop - tcpdump - - #stuff for dl - aria2 - - #neat utils - fish - file - kpaste - krebspaste - mosh - pciutils - psmisc - tmux - untilport - usbutils - - #unpack stuff - p7zip - - (pkgs.writeDashBin "sshn" '' - ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" - '') - ]; - - services.openssh = { - enable = true; - permitRootLogin = "yes"; - passwordAuthentication = false; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " <nix-shell>" - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - krebs.iptables = { - enable = true; - tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } - { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } - { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } - ]; - }; - }; -} diff --git a/mb/2configs/google-compute-config.nix b/mb/2configs/google-compute-config.nix deleted file mode 100644 index b201bd4b8..000000000 --- a/mb/2configs/google-compute-config.nix +++ /dev/null @@ -1,231 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -let - gce = pkgs.google-compute-engine; -in -{ - imports = [ - ./headless.nix - ./qemu-guest.nix - ]; - - fileSystems."/" = { - device = "/dev/disk/by-label/nixos"; - autoResize = true; - }; - - boot.growPartition = true; - boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ]; - boot.initrd.kernelModules = [ "virtio_scsi" ]; - boot.kernelModules = [ "virtio_pci" "virtio_net" ]; - - # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. - boot.loader.grub.device = "/dev/sda"; - boot.loader.timeout = 0; - - # Don't put old configurations in the GRUB menu. The user has no - # way to select them anyway. - boot.loader.grub.configurationLimit = 0; - - # Allow root logins only using the SSH key that the user specified - # at instance creation time. - #services.openssh.enable = true; - #services.openssh.permitRootLogin = "prohibit-password"; - #services.openssh.passwordAuthentication = mkDefault false; - - # Use GCE udev rules for dynamic disk volumes - services.udev.packages = [ gce ]; - - # Force getting the hostname from Google Compute. - networking.hostName = mkDefault ""; - - # Always include cryptsetup so that NixOps can use it. - environment.systemPackages = [ pkgs.cryptsetup ]; - - # Make sure GCE image does not replace host key that NixOps sets - environment.etc."default/instance_configs.cfg".text = lib.mkDefault '' - [InstanceSetup] - set_host_keys = false - ''; - - # Rely on GCP's firewall instead - networking.firewall.enable = mkDefault false; - - # Configure default metadata hostnames - networking.extraHosts = '' - 169.254.169.254 metadata.google.internal metadata - ''; - - networking.timeServers = [ "metadata.google.internal" ]; - - networking.usePredictableInterfaceNames = false; - - # GC has 1460 MTU - networking.interfaces.eth0.mtu = 1460; - - security.googleOsLogin.enable = true; - - systemd.services.google-clock-skew-daemon = { - description = "Google Compute Engine Clock Skew Daemon"; - after = [ - "network.target" - "google-instance-setup.service" - "google-network-setup.service" - ]; - requires = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - Type = "simple"; - ExecStart = "${gce}/bin/google_clock_skew_daemon --debug"; - }; - }; - - systemd.services.google-instance-setup = { - description = "Google Compute Engine Instance Setup"; - after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"]; - before = ["sshd.service"]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "sshd.service" "multi-user.target" ]; - path = with pkgs; [ ethtool openssh ]; - serviceConfig = { - ExecStart = "${gce}/bin/google_instance_setup --debug"; - Type = "oneshot"; - }; - }; - - systemd.services.google-network-daemon = { - description = "Google Compute Engine Network Daemon"; - after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - requires = ["network.target"]; - partOf = ["network.target"]; - wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ iproute ]; - serviceConfig = { - ExecStart = "${gce}/bin/google_network_daemon --debug"; - }; - }; - - systemd.services.google-shutdown-scripts = { - description = "Google Compute Engine Shutdown Scripts"; - after = [ - "local-fs.target" - "network-online.target" - "network.target" - "rsyslog.service" - "systemd-resolved.service" - "google-instance-setup.service" - "google-network-daemon.service" - ]; - wants = [ "local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkgs.coreutils}/bin/true"; - ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown"; - Type = "oneshot"; - RemainAfterExit = true; - TimeoutStopSec = "infinity"; - }; - }; - - systemd.services.google-startup-scripts = { - description = "Google Compute Engine Startup Scripts"; - after = [ - "local-fs.target" - "network-online.target" - "network.target" - "rsyslog.service" - "google-instance-setup.service" - "google-network-daemon.service" - ]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup"; - KillMode = "process"; - Type = "oneshot"; - }; - }; - - - # Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf - boot.kernel.sysctl = { - # Turn on SYN-flood protections. Starting with 2.6.26, there is no loss - # of TCP functionality/features under normal conditions. When flood - # protections kick in under high unanswered-SYN load, the system - # should remain more stable, with a trade off of some loss of TCP - # functionality/features (e.g. TCP Window scaling). - "net.ipv4.tcp_syncookies" = mkDefault "1"; - - # ignores source-routed packets - "net.ipv4.conf.all.accept_source_route" = mkDefault "0"; - - # ignores source-routed packets - "net.ipv4.conf.default.accept_source_route" = mkDefault "0"; - - # ignores ICMP redirects - "net.ipv4.conf.all.accept_redirects" = mkDefault "0"; - - # ignores ICMP redirects - "net.ipv4.conf.default.accept_redirects" = mkDefault "0"; - - # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.all.secure_redirects" = mkDefault "1"; - - # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.default.secure_redirects" = mkDefault "1"; - - # don't allow traffic between networks or act as a router - "net.ipv4.ip_forward" = mkDefault "0"; - - # don't allow traffic between networks or act as a router - "net.ipv4.conf.all.send_redirects" = mkDefault "0"; - - # don't allow traffic between networks or act as a router - "net.ipv4.conf.default.send_redirects" = mkDefault "0"; - - # reverse path filtering - IP spoofing protection - "net.ipv4.conf.all.rp_filter" = mkDefault "1"; - - # reverse path filtering - IP spoofing protection - "net.ipv4.conf.default.rp_filter" = mkDefault "1"; - - # ignores ICMP broadcasts to avoid participating in Smurf attacks - "net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1"; - - # ignores bad ICMP errors - "net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1"; - - # logs spoofed, source-routed, and redirect packets - "net.ipv4.conf.all.log_martians" = mkDefault "1"; - - # log spoofed, source-routed, and redirect packets - "net.ipv4.conf.default.log_martians" = mkDefault "1"; - - # implements RFC 1337 fix - "net.ipv4.tcp_rfc1337" = mkDefault "1"; - - # randomizes addresses of mmap base, heap, stack and VDSO page - "kernel.randomize_va_space" = mkDefault "2"; - - # Reboot the machine soon after a kernel panic. - "kernel.panic" = mkDefault "10"; - - ## Not part of the original config - - # provides protection from ToCToU races - "fs.protected_hardlinks" = mkDefault "1"; - - # provides protection from ToCToU races - "fs.protected_symlinks" = mkDefault "1"; - - # makes locating kernel addresses more difficult - "kernel.kptr_restrict" = mkDefault "1"; - - # set ptrace protections - "kernel.yama.ptrace_scope" = mkOverride 500 "1"; - - # set perf only available to root - "kernel.perf_event_paranoid" = mkDefault "2"; - }; -} diff --git a/mb/2configs/headless.nix b/mb/2configs/headless.nix deleted file mode 100644 index 46a9b6a7d..000000000 --- a/mb/2configs/headless.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Common configuration for headless machines (e.g., Amazon EC2 -# instances). - -{ lib, ... }: - -with lib; - -{ - boot.vesa = false; - - # Don't start a tty on the serial consoles. - systemd.services."serial-getty@ttyS0".enable = false; - systemd.services."serial-getty@hvc0".enable = false; - systemd.services."getty@tty1".enable = false; - systemd.services."autovt@".enable = false; - - # Since we can't manually respond to a panic, just reboot. - boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ]; - - # Don't allow emergency mode, because we don't have a console. - systemd.enableEmergencyMode = false; - - # Being headless, we don't need a GRUB splash image. - boot.loader.grub.splashImage = null; -} diff --git a/mb/2configs/neovimrc b/mb/2configs/neovimrc deleted file mode 100644 index 8dbeaec7b..000000000 --- a/mb/2configs/neovimrc +++ /dev/null @@ -1,446 +0,0 @@ - -"***************************************************************************** -"" Functions -"***************************************************************************** - -function! GetBufferList() - redir =>buflist - silent! ls! - redir END - return buflist -endfunction - -function! ToggleList(bufname, pfx) - let buflist = GetBufferList() - for bufnum in map(filter(split(buflist, '\n'), 'v:val =~ "'.a:bufname.'"'), 'str2nr(matchstr(v:val, "\\d\\+"))') - if bufwinnr(bufnum) != -1 - exec(a:pfx.'close') - return - endif - endfor - if a:pfx == 'l' && len(getloclist(0)) == 0 - echohl ErrorMsg - echo "Location List is Empty." - return - endif - let winnr = winnr() - exec(a:pfx.'open') - if winnr() != winnr - wincmd p - endif -endfunction - - -"***************************************************************************** -"" Basic Setup -"*****************************************************************************" -" General -let no_buffers_menu=1 -syntax on -set ruler -set number -set mousemodel=popup -set t_Co=256 -set guioptions=egmrti -set gfn=Monospace\ 10 - -" TODO: Testing if this works against automatically setting paste mode -" Issue: https://github.com/neovim/neovim/issues/7994 -au InsertLeave * set nopaste - - -" undofile - This allows you to use undos after exiting and restarting -" This, like swap and backups, uses .vim-undo first, then ~/.vim/undo -" :help undo-persistence -if exists("+undofile") - if isdirectory($HOME . '/.vim/undo') == 0 - :silent !mkdir -p ~/.vim/undo > /dev/null 2>&1 - endif - set undodir=./.vim-undo// - set undodir+=~/.vim/undo// - set undofile -endif - -" Encoding -set encoding=utf-8 -set fileencoding=utf-8 -set fileencodings=utf-8 -set bomb -set binary - -" Fix backspace indent -set backspace=indent,eol,start - -" Tabs. May be overriten by autocmd rules -set tabstop=4 -set softtabstop=0 -set shiftwidth=4 -set expandtab - -" Map leader to , -let mapleader=',' - -" Enable hidden buffers -set hidden - -" Searching -set hlsearch -set incsearch -set ignorecase -set smartcase - -" Directories for swp files -set nobackup -set noswapfile - -set fileformats=unix,dos,mac - -" File overview -set wildmode=list:longest,list:full -set wildignore+=*.o,*.obj,.git,*.rbc,*.pyc,__pycache__ - -" Shell to emulate -if exists('$SHELL') - set shell=$SHELL -else - set shell=/bin/bash -endif - -" Set color scheme -colorscheme molokai - -"Show always Status bar -set laststatus=2 - -" Use modeline overrides -set modeline -set modelines=10 - -" Set terminal title -set title -set titleold="Terminal" -set titlestring=%F - -" search will center on the line it's found in. -nnoremap n nzzzv -nnoremap N Nzzzv - - - -"***************************************************************************** -"" Abbreviations -"***************************************************************************** -" no one is really happy until you have this shortcuts -cnoreabbrev W! w! -cnoreabbrev Q! q! -cnoreabbrev Qall! qall! -cnoreabbrev Wq wq -cnoreabbrev Wa wa -cnoreabbrev wQ wq -cnoreabbrev WQ wq -cnoreabbrev W w -cnoreabbrev Q q -cnoreabbrev Qall qall - -" NERDTree configuration -let g:NERDTreeChDirMode=2 -let g:NERDTreeIgnore=['\.rbc$', '\~$', '\.pyc$', '\.db$', '\.sqlite$', '__pycache__'] -let g:NERDTreeSortOrder=['^__\.py$', '\/$', '*', '\.swp$', '\.bak$', '\~$'] -let g:NERDTreeShowBookmarks=1 -let g:nerdtree_tabs_focus_on_files=1 -let g:NERDTreeMapOpenInTabSilent = '<RightMouse>' -let g:NERDTreeWinSize = 50 -set wildignore+=*/tmp/*,*.so,*.swp,*.zip,*.pyc,*.db,*.sqlite -nnoremap <silent> <F1> :NERDTreeFind<CR> -nnoremap <silent> <F2> :NERDTreeToggle<CR> - -" open terminal emulation -nnoremap <silent> <leader>sh :terminal<CR>:startinsert<CR> - -"***************************************************************************** -"" Autocmd Rules -"***************************************************************************** -"" The PC is fast enough, do syntax highlight syncing from start unless 200 lines -augroup vimrc-sync-fromstart - autocmd! - autocmd BufEnter * :syntax sync maxlines=200 -augroup END - -" Nasm filetype -augroup nasm - autocmd! - autocmd BufRead,BufNewFile *.nasm set ft=nasm -augroup END - -" Binary filetype -augroup Binary - au! - au BufReadPre *.bin,*.exe,*.elf let &bin=1 - au BufReadPost *.bin,*.exe,*.elf if &bin | %!xxd - au BufReadPost *.bin,*.exe,*.elf set ft=xxd | endif - au BufWritePre *.bin,*.exe,*.elf if &bin | %!xxd -r - au BufWritePre *.bin,*.exe,*.elf endif - au BufWritePost *.bin,*.exe,*.elf if &bin | %!xxd - au BufWritePost *.bin,*.exe,*.elf set nomod | endif -augroup END - -" Binary filetype -augroup fasm - au! - au BufReadPost *.fasm set ft=fasm -augroup END - -augroup deoplete-update - autocmd! - autocmd VimEnter * UpdateRemotePlugin -augroup END - -"" Remember cursor position -augroup vimrc-remember-cursor-position - autocmd! - autocmd BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif -augroup END - -"" txt -" augroup vimrc-wrapping -" autocmd! -" autocmd BufRead,BufNewFile *.txt call s:setupWrapping() -" augroup END - -"" make/cmake -augroup vimrc-make-cmake - autocmd! - autocmd FileType make setlocal noexpandtab - autocmd BufNewFile,BufRead CMakeLists.txt setlocal filetype=cmake -augroup END - -set autoread - -"***************************************************************************** -"" Mappings -"***************************************************************************** - -" Split -noremap <Leader>h :<C-u>split<CR> -noremap <Leader>v :<C-u>vsplit<CR> - -" Git -noremap <Leader>ga :Gwrite<CR> -noremap <Leader>gc :Gcommit<CR> -noremap <Leader>gsh :Gpush<CR> -noremap <Leader>gll :Gpull<CR> -noremap <Leader>gs :Gstatus<CR> -noremap <Leader>gb :Gblame<CR> -noremap <Leader>gd :Gvdiff<CR> -noremap <Leader>gr :Gremove<CR> - -" Tabs -nnoremap <Tab> gt -nnoremap <S-Tab> gT -nnoremap <silent> <S-t> :tabnew<CR> - -" Set working directory -nnoremap <leader>. :lcd %:p:h<CR> - -" Opens an edit command with the path of the currently edited file filled in -noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR> - -" Opens a tab edit command with the path of the currently edited file filled -noremap <Leader>te :tabe <C-R>=expand("%:p:h") . "/" <CR> - -" Tagbar -nmap <silent> <F3> :TagbarToggle<CR> -let g:tagbar_autofocus = 1 - -" Copy/Paste/Cut -set clipboard^=unnamed,unnamedplus - -noremap YY "+y<CR> -noremap <leader>p "+gP<CR> -noremap XX "+x<CR> - -" Enable mouse for vim -set mouse=a - -" Buffer nav -noremap <leader>z :bp<CR> -noremap <leader>q :bp<CR> -noremap <leader>x :bn<CR> -noremap <leader>w :bn<CR> - -" Close buffer -noremap <leader>c :bd<CR> - -" Clean search (highlight) -nnoremap <silent> <leader><space> :noh<cr> - -" Switching windows -noremap <C-j> <C-w>j -noremap <C-k> <C-w>k -noremap <C-l> <C-w>l -noremap <C-h> <C-w>h - -" Vmap for maintain Visual Mode after shifting > and < -vmap < <gv -vmap > >gv - -" Move visual block -vnoremap J :m '>+1<CR>gv=gv -vnoremap K :m '<-2<CR>gv=gv - -" Open current line on GitHub -nnoremap <Leader>o :.Gbrowse<CR> - - -" Save on strg+s if not in paste mode -nmap <c-s> :w<CR> -vmap <c-s> <Esc><c-s>gv -imap <c-s> <Esc><c-s> - -" Quit on strg+q in normal mode -nnoremap <c-q> :q<cr> - -" Strg+d to replace word under cursor -nnoremap <c-d> :%s/\<<C-r><C-w>\>//g<Left><Left> - -" Strg+f ro find word under cursor -nnoremap <c-f> :/<C-r><C-w><Left><Left> - -" Remove unneccessary spaces -nnoremap <silent> <F5> :let _s=@/ <Bar> :%s/\s\+$//e <Bar> :let @/=_s <Bar> :nohl <Bar> :unlet _s <CR> - -" Reindent whole file with F6 -map <F6> mzgg=G`z - -" Toggle location list -nmap <silent> <F4> :call ToggleList("Quickfix List", 'c')<CR> - -" Replacing text in visual mode doesn't copy it anymore -xmap p <Plug>ReplaceWithRegisterVisual -xmap <MiddleMouse> <Plug>ReplaceWithRegisterVisual - -" ALE mappings -nmap <Leader>i <Plug>(ale_hover) -nmap <Leader>d <Plug>(ale_go_to_definition_in_tab) -nmap <Leader>rf <Plug>(ale_find_references) -nmap <silent><F7> <Plug>(ale_fix) - -" Vim-Go mappings -au FileType go nmap <Leader>i :GoDoc<cr> -au FileType go nmap <Leader>d :GoDef<cr> -au FileType go nmap <Leader>rf :GoReferrers<cr> - - -"" Opens an edit command with the path of the currently edited file filled in -noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR> - -" Use tab for navigatin in autocompletion window -inoremap <expr> <Tab> pumvisible() ? "\<C-n>" : "\<Tab>" -inoremap <expr> <S-Tab> pumvisible() ? "\<C-p>" : "\<S-Tab>" - - -"***************************************************************************** -"" Plugin settings -"***************************************************************************** - -" vim-airline -set statusline+=%{fugitive#statusline()} -let g:airline_theme = 'powerlineish' -let g:airline#extensions#syntastic#enabled = 1 -let g:airline#extensions#branch#enabled = 1 -let g:airline#extensions#tabline#enabled = 1 -let g:airline#extensions#tagbar#enabled = 1 -let g:airline_skip_empty_sections = 1 -let g:airline#extensions#ale#enabled = 1 - -" show indent lines -let g:indent_guides_enable_on_vim_startup = 1 -let g:indent_guides_auto_colors = 0 -hi IndentGuidesOdd ctermbg=235 -hi IndentGuidesEven ctermbg=235 -let g:indent_guides_guide_size = 1 -let g:indent_guides_start_level = 2 - -" Enable autocompletion -let g:deoplete#enable_at_startup = 1 -set completeopt-=preview - -" Ale no preview on hover -let g:ale_close_preview_on_insert = 0 -let g:ale_cursor_detail = 0 - -" Ale skip if file size over 2G -let g:ale_maximum_file_size = "2147483648" - -" Ale to loclist and quickfix -let g:ale_set_quickfix = 1 -" let g:ale_set_loclist = 1 - - -" Ale language server -let g:ale_linters = { - \ 'python': ['pyls'], - \ 'c': ['cquery'], - \ 'cpp': ['cquery'], - \ 'xml': ['xmllint'] - \ } - - -" ALE fixers -let g:ale_fixers = { '*': ['remove_trailing_lines', 'trim_whitespace'] } -let g:ale_fixers.python = ['black'] -let g:ale_fixers.go = ['gofmt'] -let g:ale_fixers.c = ['clang-format'] -let g:ale_fixers.cpp = ['clang-format'] -let g:ale_fixers.json = ['jq'] -let g:ale_fixers.xml = ['xmllint'] - -let g:ale_completion_enabled = 1 -let g:ale_sign_error = '⤫' -let g:ale_sign_warning = '⚠' -let g:ale_lint_on_insert_leave = 1 - -" Vim-Go Settings -let g:go_auto_sameids = 1 -let g:go_fmt_command = "goimports" -let g:go_auto_type_info = 1 - -" Disable syntastic for langserver supported languages -let g:syntastic_mode_map = { - \ "mode": "active", - \ "passive_filetypes": ["go", "python", "c", "cpp", "xml" ] - \ } -let g:syntastic_always_populate_loc_list = 1 -let g:syntastic_auto_loc_list = 2 -let g:syntastic_aggregate_errors = 1 -let g:syntastic_check_on_open = 1 -let g:syntastic_check_on_wq = 0 -let g:syntastic_error_symbol='✗' -let g:syntastic_warning_symbol='⚠' -let g:syntastic_style_error_symbol = '✗' -let g:syntastic_style_warning_symbol = '⚠' - -"***************************************************************************** -"" Shortcuts overview -"***************************************************************************** -" Shortcuts overview -" F1 --> Filetree find -" F2 --> Filetree toggle -" F3 --> Function overview -" F4 --> Toggle error bar - -" F5 --> Remove trailing whitespaces -" F6 --> Reindent whole file -" F7 --> Format and lint file -" ,i --> Information about function -" ,d --> Jump to definition -" ,r --> Rename in all occurences -" ,rf --> Find references of function/variable -" ,e --> Change current file -" ,te --> Open file in new tab -" strg+f --> Find current selected word -" strg+d --> Replace current selected word -" strg+s --> Save file -" strg+q --> Close current file -" space+, --> Stop highlighting words after search - diff --git a/mb/2configs/nvim.nix b/mb/2configs/nvim.nix deleted file mode 100644 index a8e4173e2..000000000 --- a/mb/2configs/nvim.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ pkgs, config, ... }: let - #unstable = import <nixos-unstable> { }; -in - -{ - environment.variables = { - EDITOR = ["nvim"]; - }; - - nixpkgs.config.packageOverrides = pkgs: with pkgs;{ - neovim_custom = neovim.override { - configure = { - customRC = builtins.readFile ./neovimrc; - - packages.myVimPackage = with pkgs.vimPlugins; - { - # loaded on launch - start = [ - nerdtree # file manager - commentary # comment stuff out based on language - fugitive # full git integration - vim-airline-themes # lean & mean status/tabline - vim-airline # status bar - gitgutter # git diff in the gutter (sign column) - vim-trailing-whitespace # trailing whitspaces in red - tagbar # F3 function overview - syntastic # Fallback to singlethreaded but huge syntax support - ReplaceWithRegister # For better copying/replacing - polyglot # Language pack - vim-indent-guides # for displaying indent levels - ale # threaded language client - vim-go # go linting - deoplete-go # go autocompletion completion - deoplete-nvim # general autocompletion - molokai # color scheme - ]; - - # manually loadable by calling `:packadd $plugin-name` - opt = []; - }; - }; - }; - }; - - environment.systemPackages = with pkgs; [ - ctags - neovim_custom - jq # For fixing json files - xxd # .bin files will be displayed with xxd - shellcheck # Shell linting - ansible-lint # Ansible linting - unzip # To vim into unzipped files - nodePackages.jsonlint # json linting - #python36Packages.python-language-server # python linting - #python36Packages.pyls-mypy # Python static type checker - #python36Packages.black # Python code formatter - #python37Packages.yamllint # For linting yaml files - #python37Packages.libxml2 # For fixing yaml files - cquery # C/C++ support - clang-tools # C++ fixer - ]; - - fonts = { - fonts = with pkgs; [ - font-awesome_5 - ]; - }; - -} - diff --git a/mb/2configs/qemu-guest.nix b/mb/2configs/qemu-guest.nix deleted file mode 100644 index 315d04093..000000000 --- a/mb/2configs/qemu-guest.nix +++ /dev/null @@ -1,19 +0,0 @@ -# Common configuration for virtual machines running under QEMU (using -# virtio). - -{ ... }: - -{ - boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ]; - boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ]; - - boot.initrd.postDeviceCommands = - '' - # Set the system time from the hardware clock to work around a - # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised - # to the *boot time* of the host). - hwclock -s - ''; - - security.rngd.enable = false; -} diff --git a/mb/2configs/retiolum.nix b/mb/2configs/retiolum.nix deleted file mode 100644 index 5a87d52af..000000000 --- a/mb/2configs/retiolum.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, pkgs, ... }: - -{ - - krebs.iptables = { - tables = { - filter.INPUT.rules = let - tincport = toString config.krebs.build.host.nets.retiolum.tinc.port; - in [ - { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; } - { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; } - ]; - }; - }; - - krebs.tinc.retiolum = { - enableLegacy = true; - enable = true; - connectTo = [ - "prism" - "gum" - "ni" - ]; - }; - - nixpkgs.config.packageOverrides = pkgs: { - tinc = pkgs.tinc_pre; - }; - - environment.systemPackages = [ - pkgs.tinc - ]; -} diff --git a/mb/2configs/tests/dummy-secrets/retiolum.rsa b/mb/2configs/tests/dummy-secrets/retiolum.rsa deleted file mode 100644 index 99a4033f6..000000000 --- a/mb/2configs/tests/dummy-secrets/retiolum.rsa +++ /dev/null @@ -1,4 +0,0 @@ - ------BEGIN RSA PRIVATE KEY----- -this is a private key ------END RSA PRIVATE KEY----- diff --git a/mb/3modules/default.nix b/mb/3modules/default.nix deleted file mode 100644 index 99d09d4ec..000000000 --- a/mb/3modules/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: -{ - imports = [ - ./hosts.nix - ]; -} diff --git a/mb/3modules/hosts.nix b/mb/3modules/hosts.nix deleted file mode 100644 index 5dc9b5ca4..000000000 --- a/mb/3modules/hosts.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, ... }: - -with import <stockholm/lib>; - -{ - options.mb.hosts = mkOption { - type = types.attrsOf types.host; - default = - filterAttrs (_: host: host.owner.name == "mb" && host.ci) - config.krebs.hosts; - }; -} diff --git a/mb/5pkgs/default.nix b/mb/5pkgs/default.nix deleted file mode 100644 index 3fa5b5e85..000000000 --- a/mb/5pkgs/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -with import <stockholm/lib>; - -self: super: - -# Import files and subdirectories like they are overlays. -foldl' mergeAttrs {} - (map - (name: import (./. + "/${name}") self super) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.)))) diff --git a/mb/default.nix b/mb/default.nix deleted file mode 100644 index 0bec0c2c2..000000000 --- a/mb/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, ... }: -{ - imports = [ - ../krebs - ./2configs - ./3modules - ]; - nixpkgs.config.packageOverrides = import ./5pkgs pkgs; - krebs.tinc.retiolum.privkey = { - source-path = toString <secrets> + "/${config.krebs.tinc.retiolum.netname}.rsa"; - path = "${config.krebs.tinc.retiolum.user.home}/tinc.rsa_key.priv"; - owner = config.krebs.tinc.retiolum.user; - }; -} diff --git a/mb/krops.nix b/mb/krops.nix deleted file mode 100644 index cb9ab3fdb..000000000 --- a/mb/krops.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ name }: let - inherit (import ../krebs/krops.nix { inherit name; }) - krebs-source - lib - pkgs - ; - - host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then - import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; } - else - {} - ; - - source = { test }: lib.evalSource ([ - (krebs-source { test = test; }) - { - nixos-config.symlink = "stockholm/mb/1systems/${name}/configuration.nix"; - nixpkgs-unstable.git = { - url = "https://github.com/nixos/nixpkgs-channels"; - ref = "nixos-unstable"; - }; - secrets = if test then { - file = toString ./2configs/tests/dummy-secrets; - } else { - pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; - }; - } - ] ++ (lib.optional (! test) host-source)); - -in { - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" { - source = source { test = false; }; - inherit target; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate) - populate = { target, force ? false }: pkgs.populate { - inherit force; - source = source { test = false; }; - target = lib.mkTarget target; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) - test = { target }: pkgs.krops.writeTest "${name}-test" { - force = true; - inherit target; - source = source { test = true; }; - }; -} diff --git a/submodules/krops b/submodules/krops -Subproject 2dc172530965ea4f1ead8ff166004c5734daee1 +Subproject f2f8cbf1afcb2c26d11e5f82c0b523b2cb10205 diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix index a89f07e8a..86f9b7ec2 100644 --- a/tv/1systems/nomic/config.nix +++ b/tv/1systems/nomic/config.nix @@ -8,7 +8,6 @@ with import <stockholm/lib>; <stockholm/tv/2configs/hw/x220.nix> <stockholm/tv/2configs/exim-retiolum.nix> <stockholm/tv/2configs/gitrepos.nix> - <stockholm/tv/2configs/im.nix> <stockholm/tv/2configs/mail-client.nix> <stockholm/tv/2configs/nginx/public_html.nix> <stockholm/tv/2configs/pulse.nix> diff --git a/tv/2configs/im.nix b/tv/2configs/im.nix deleted file mode 100644 index 82f1be042..000000000 --- a/tv/2configs/im.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; -{ - environment.systemPackages = with pkgs; [ - (pkgs.writeDashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') - ]; - services.bitlbee = { - enable = true; - plugins = [ - pkgs.bitlbee-facebook - ]; - }; -} diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index db2cdcd1f..5be1beef8 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -5,6 +5,7 @@ ./ejabberd ./focus.nix ./hosts.nix + ./im.nix ./iptables.nix ./slock.nix ./x0vncserver.nix diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix new file mode 100644 index 000000000..8cb137510 --- /dev/null +++ b/tv/3modules/im.nix @@ -0,0 +1,110 @@ +{ config, pkgs, ... }: let + im = config.tv.im; + lib = import <stockholm/lib>; +in { + options = { + tv.im.client.enable = lib.mkEnableOption "tv.im.client" // { + default = config.krebs.build.host.name == im.client.host.name; + }; + tv.im.client.term = lib.mkOption { + default = "rxvt-unicode-256color"; + type = lib.types.filename; + }; + tv.im.client.useIPv6 = lib.mkEnableOption "tv.im.client.useIPv6" // { + default = true; + }; + tv.im.client.host = lib.mkOption { + default = config.krebs.hosts.xu; + type = lib.types.host; + }; + tv.im.client.user = lib.mkOption { + default = config.krebs.users.tv; + type = lib.types.user; + }; + + tv.im.server.enable = lib.mkEnableOption "tv.im.server" // { + default = config.krebs.build.host.name == im.server.host.name; + }; + tv.im.server.host = lib.mkOption { + default = config.krebs.hosts.nomic; + type = lib.types.host; + }; + tv.im.server.mosh.enable = lib.mkEnableOption "tv.im.server.mosh" // { + default = true; + }; + tv.im.server.weechat.relay.enable = + lib.mkEnableOption "tv.im.server.weechat.relay"; + tv.im.server.user = lib.mkOption { + default = config.krebs.users.tv; + type = lib.types.user; + }; + }; + imports = [ + (lib.mkIf im.client.enable { + users.users.${im.client.user.name}.packages = [ + (pkgs.writeDashBin "im" '' + ${if im.server.mosh.enable then /* sh */ '' + exec ${pkgs.mosh}/bin/mosh \ + ${lib.optionalString im.client.useIPv6 "-6"} \ + ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \ + env TERM=${im.client.term} im + '' else /* sh */ '' + exec ${pkgs.openssh}/bin/ssh \ + ${lib.optionalString im.client.useIPv6 "-6"} \ + ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \ + -t \ + im + ''} + '') + ]; + }) + (lib.mkIf im.server.enable { + services.bitlbee = { + enable = true; + plugins = [ + pkgs.bitlbee-facebook + ]; + }; + users.users.${im.server.user.name}.packages = [ + pkgs.mosh + (pkgs.writeDashBin "im" '' + export PATH=${lib.makeSearchPath "bin" [ + pkgs.tmux + pkgs.gnugrep + pkgs.weechat + ]} + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') + ]; + }) + (lib.mkIf im.server.mosh.enable { + krebs.setuid.utempter = { + filename = "${pkgs.libutempter}/lib/utempter/utempter"; + owner = "nobody"; + group = "utmp"; + mode = "2111"; + }; + tv.iptables.extra4.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip4.addr} -p udp --dport 60000:61000 -j ACCEPT" + ]; + tv.iptables.extra6.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip6.addr} -p udp --dport 60000:61000 -j ACCEPT" + ]; + }) + (lib.mkIf im.server.weechat.relay.enable { + krebs.iana-etc.services = { + "9001".tcp.name = "weechat-ssl"; + }; + tv.iptables.extra4.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip4.addr} -p tcp -m tcp --dport 9001 -j ACCEPT" + ]; + tv.iptables.extra6.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip6.addr} -p tcp -m tcp --dport 9001 -j ACCEPT" + ]; + }) + ]; +} |