diff options
| author | lassulus <lass@blue.r> | 2018-11-10 19:42:46 +0100 |
|---|---|---|
| committer | lassulus <lass@blue.r> | 2018-11-10 19:42:46 +0100 |
| commit | eff97662c02f385b1740929639817fc5b8318f07 (patch) | |
| tree | f11710101eed0dcc8d75304939f06e819339d9f0 | |
| parent | 0028e3dde3dcb8e5e9394f7d230c7224b6177b79 (diff) | |
| parent | 254e9e62b95951cecadd2b4800c03ef96f95b3c0 (diff) | |
Merge remote-tracking branch 'nextgum/master'
91 files changed, 998 insertions, 2340 deletions
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 962dbf49c..65972aacc 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -5,7 +5,7 @@ 6667 6669 ]; - services.charybdis = { + krebs.charybdis = { enable = true; motd = '' hello diff --git a/krebs/3modules/charybdis.nix b/krebs/3modules/charybdis.nix new file mode 100644 index 000000000..f4a7c1313 --- /dev/null +++ b/krebs/3modules/charybdis.nix @@ -0,0 +1,110 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption singleton types; + inherit (pkgs) coreutils charybdis; + cfg = config.krebs.charybdis; + + configFile = pkgs.writeText "charybdis.conf" '' + ${cfg.config} + ''; +in + +{ + + ###### interface + + options = { + + krebs.charybdis = { + + enable = mkEnableOption "Charybdis IRC daemon"; + + config = mkOption { + type = types.string; + description = '' + Charybdis IRC daemon configuration file. + ''; + }; + + statedir = mkOption { + type = types.string; + default = "/var/lib/charybdis"; + description = '' + Location of the state directory of charybdis. + ''; + }; + + user = mkOption { + type = types.string; + default = "ircd"; + description = '' + Charybdis IRC daemon user. + ''; + }; + + group = mkOption { + type = types.string; + default = "ircd"; + description = '' + Charybdis IRC daemon group. + ''; + }; + + motd = mkOption { + type = types.nullOr types.lines; + default = null; + description = '' + Charybdis MOTD text. + + Charybdis will read its MOTD from /etc/charybdis/ircd.motd . + If set, the value of this option will be written to this path. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable (lib.mkMerge [ + { + users.users = singleton { + name = cfg.user; + description = "Charybdis IRC daemon user"; + uid = config.ids.uids.ircd; + group = cfg.group; + }; + + users.groups = singleton { + name = cfg.group; + gid = config.ids.gids.ircd; + }; + + systemd.services.charybdis = { + description = "Charybdis IRC daemon"; + wantedBy = [ "multi-user.target" ]; + environment = { + BANDB_DBPATH = "${cfg.statedir}/ban.db"; + }; + serviceConfig = { + ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}"; + Group = cfg.group; + User = cfg.user; + PermissionsStartOnly = true; # preStart needs to run with root permissions + }; + preStart = '' + ${coreutils}/bin/mkdir -p ${cfg.statedir} + ${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir} + ''; + }; + + } + + (mkIf (cfg.motd != null) { + environment.etc."charybdis/ircd.motd".text = cfg.motd; + }) + ]); +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6307649e3..8f2e22acf 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -14,6 +14,7 @@ let ./buildbot/master.nix ./buildbot/slave.nix ./build.nix + ./charybdis.nix ./ci.nix ./current.nix ./exim.nix @@ -111,7 +112,6 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } - { krebs = import ./nin { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e2152ea1a..94af67fc7 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -494,6 +494,8 @@ in { ip6.addr = "42:f9f0::10"; aliases = [ "omo.r" + "dcpp.omo.r" + "torrent.omo.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -554,7 +556,7 @@ in { ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; - nextgum = rec { + gum = rec { ci = true; extraZones = { "krebsco.de" = '' @@ -563,6 +565,23 @@ in { graph IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} iso.euer IN A ${nets.internet.ip4.addr} + wg.euer IN A ${nets.internet.ip4.addr} + photostore IN A ${nets.internet.ip4.addr} + o.euer IN A ${nets.internet.ip4.addr} + mon.euer IN A ${nets.internet.ip4.addr} + boot.euer IN A ${nets.internet.ip4.addr} + wiki.euer IN A ${nets.internet.ip4.addr} + pigstarter IN A ${nets.internet.ip4.addr} + cgit.euer IN A ${nets.internet.ip4.addr} + git.euer IN A ${nets.internet.ip4.addr} + euer IN A ${nets.internet.ip4.addr} + share.euer IN A ${nets.internet.ip4.addr} + gum IN A ${nets.internet.ip4.addr} + wikisearch IN A ${nets.internet.ip4.addr} + dl.euer IN A ${nets.internet.ip4.addr} + ghook IN A ${nets.internet.ip4.addr} + dockerhub IN A ${nets.internet.ip4.addr} + io IN NS gum.krebsco.de. ''; }; cores = 8; @@ -571,6 +590,7 @@ in { ip4.addr = "144.76.26.247"; ip6.addr = "2a01:4f8:191:12f6::2"; aliases = [ + "gum.i" "nextgum.i" ]; }; @@ -594,65 +614,10 @@ in { "stats.makefu.r" "backup.makefu.r" "dcpp.nextgum.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8 - aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO - npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh - 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF - 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN - VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; - }; - - gum = rec { - ci = true; - cores = 2; - - extraZones = { - "krebsco.de" = '' - share.euer IN A ${nets.internet.ip4.addr} - mattermost.euer IN A ${nets.internet.ip4.addr} - gum IN A ${nets.internet.ip4.addr} - wikisearch IN A ${nets.internet.ip4.addr} - pigstarter IN A ${nets.internet.ip4.addr} - cgit.euer IN A ${nets.internet.ip4.addr} - euer IN A ${nets.internet.ip4.addr} - o.euer IN A ${nets.internet.ip4.addr} - git.euer IN A ${nets.internet.ip4.addr} - dl.euer IN A ${nets.internet.ip4.addr} - boot.euer IN A ${nets.internet.ip4.addr} - wiki.euer IN A ${nets.internet.ip4.addr} - mon.euer IN A ${nets.internet.ip4.addr} - ghook IN A ${nets.internet.ip4.addr} - dockerhub IN A ${nets.internet.ip4.addr} - photostore IN A ${nets.internet.ip4.addr} - io IN NS gum.krebsco.de. - ''; - }; - nets = rec { - internet = { - ip4.addr = "185.194.143.140"; - ip6.addr = "2a03:4000:1c:43f::1"; - aliases = [ - "gum.i" - ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.0.211"; - ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2"; - aliases = [ "gum.r" "cgit.gum.r" "o.gum.r" "tracker.makefu.r" - "search.makefu.r" "wiki.makefu.r" "wiki.gum.r" @@ -662,20 +627,19 @@ in { ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY - BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 - i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 - 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS - u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa - OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB + MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8 + aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO + npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh + 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF + 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN + VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB -----END RSA PUBLIC KEY----- ''; }; }; - # configured manually - # ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; + shoney = rec { ci = true; cores = 1; diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix deleted file mode 100644 index 1531a2c89..000000000 --- a/krebs/3modules/nin/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ config, ... }: - -with import <stockholm/lib>; - -{ - hosts = mapAttrs (_: recursiveUpdate { - owner = config.krebs.users.nin; - ci = true; - }) { - hiawatha = { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.132.96"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; - aliases = [ - "hiawatha.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o - Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB - iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E - UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr - lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ - yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; - }; - axon= { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.134.66"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; - aliases = [ - "axon.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo - glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj - KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH - L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j - VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY - PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN - X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh - m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp - OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT - LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H - /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK - MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w - 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm - ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3 - 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF - 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt - 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj - FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl - buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p - hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG - yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi - ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc"; - }; - onondaga = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.132.55"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; - aliases = [ - "onondaga.r" - "cgit.onondaga.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR - OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu - htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH - xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO - kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn - hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO"; - }; - - }; - users = { - nin = { - mail = "nin@axon.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; - }; - nin_h = { - mail = "nin@hiawatha.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; - }; - }; -} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 01479b69c..a9fbae695 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -57,13 +57,6 @@ with import <stockholm/lib>; config.krebs.users.makefu.pubkey ]; }; - users.users.nin = { - uid = genid "nin"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; users.extraUsers.dritter = { uid = genid "dritter"; isNormalUser = true; @@ -119,7 +112,6 @@ with import <stockholm/lib>; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.nin.pubkey ]; }; autoStart = true; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 36af23bb5..3d2cbac6f 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -8,16 +8,21 @@ in { imports = [ <stockholm/makefu> ./hardware-config.nix + { + users.users.lass = { + uid = 9002; + isNormalUser = true; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + makefu.pubkey + ]; + }; + } <stockholm/makefu/2configs/headless.nix> # <stockholm/makefu/2configs/smart-monitor.nix> - <stockholm/makefu/2configs/git/cgit-retiolum.nix> - <stockholm/makefu/2configs/backup.nix> - # <stockholm/makefu/2configs/mattermost-docker.nix> - # <stockholm/makefu/2configs/disable_v6.nix> - <stockholm/makefu/2configs/exim-retiolum.nix> - <stockholm/makefu/2configs/tinc/retiolum.nix> - # Security <stockholm/makefu/2configs/sshd-totp.nix> @@ -26,83 +31,90 @@ in { <stockholm/makefu/2configs/tools/dev.nix> <stockholm/makefu/2configs/tools/sec.nix> <stockholm/makefu/2configs/zsh-user.nix> + <stockholm/makefu/2configs/mosh.nix> + # <stockholm/makefu/2configs/gui/xpra.nix> + + # networking + <stockholm/makefu/2configs/vpn/openvpn-server.nix> + # <stockholm/makefu/2configs/vpn/vpnws/server.nix> + #<stockholm/makefu/2configs/dnscrypt/server.nix> + <stockholm/makefu/2configs/iodined.nix> + # <stockholm/makefu/2configs/backup.nix> + <stockholm/makefu/2configs/tinc/retiolum.nix> + + # ci + # <stockholm/makefu/2configs/exim-retiolum.nix> + <stockholm/makefu/2configs/git/cgit-retiolum.nix> + <stockholm/makefu/2configs/shack/gitlab-runner> + <stockholm/makefu/2configs/remote-build/slave.nix> + <stockholm/makefu/2configs/taskd.nix> # services + <stockholm/makefu/2configs/sabnzbd.nix> + <stockholm/makefu/2configs/mail/mail.euer.nix> + + # sharing <stockholm/makefu/2configs/share/gum.nix> - # <stockholm/makefu/2configs/sabnzbd.nix> <stockholm/makefu/2configs/torrent.nix> - <stockholm/makefu/2configs/mosh.nix> - # <stockholm/makefu/2configs/retroshare.nix> + #<stockholm/makefu/2configs/retroshare.nix> + ## <stockholm/makefu/2configs/ipfs.nix> + #<stockholm/makefu/2configs/syncthing.nix> + { # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; + } + # <stockholm/makefu/2configs/opentracker.nix> - # network + ## network <stockholm/makefu/2configs/vpn/openvpn-server.nix> # <stockholm/makefu/2configs/vpn/vpnws/server.nix> <stockholm/makefu/2configs/dnscrypt/server.nix> + <stockholm/makefu/2configs/binary-cache/server.nix> + <stockholm/makefu/2configs/backup/server.nix> <stockholm/makefu/2configs/iodined.nix> + <stockholm/makefu/2configs/bitlbee.nix> + <stockholm/makefu/2configs/wireguard/server.nix> - # buildbot - <stockholm/makefu/2configs/remote-build/slave.nix> - - ## Web - <stockholm/makefu/2configs/nginx/share-download.nix> - <stockholm/makefu/2configs/nginx/euer.test.nix> + # Removed until move: no extra mails + <stockholm/makefu/2configs/urlwatch> + # Removed until move: avoid letsencrypt ban + ### Web + #<stockholm/makefu/2configs/nginx/share-download.nix> + #<stockholm/makefu/2configs/nginx/euer.test.nix> <stockholm/makefu/2configs/nginx/euer.mon.nix> <stockholm/makefu/2configs/nginx/euer.wiki.nix> <stockholm/makefu/2configs/nginx/euer.blog.nix> - # <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix> - <stockholm/makefu/2configs/nginx/public_html.nix> - <stockholm/makefu/2configs/nginx/update.connector.one.nix> + ## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix> + #<stockholm/makefu/2configs/nginx/public_html.nix> + #<stockholm/makefu/2configs/nginx/update.connector.one.nix> <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> + <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix> + <stockholm/makefu/2configs/nginx/iso.euer.nix> + <stockholm/makefu/2configs/shack/events-publisher> <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> - # <stockholm/makefu/2configs/deployment/graphs.nix> + <stockholm/makefu/2configs/deployment/graphs.nix> <stockholm/makefu/2configs/deployment/owncloud.nix> <stockholm/makefu/2configs/deployment/boot-euer.nix> <stockholm/makefu/2configs/deployment/bgt/hidden_service.nix> - { - services.taskserver.enable = true; - services.taskserver.fqdn = config.krebs.build.host.name; - services.taskserver.listenHost = "::"; - services.taskserver.organisations.home.users = [ "makefu" ]; - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ''; - } - # <stockholm/makefu/2configs/ipfs.nix> - <stockholm/makefu/2configs/syncthing.nix> - - # <stockholm/makefu/2configs/opentracker.nix> - <stockholm/makefu/2configs/dcpp/hub.nix> - <stockholm/makefu/2configs/dcpp/client.nix> - <stockholm/makefu/2configs/stats/client.nix> # <stockholm/makefu/2configs/logging/client.nix> - # Temporary: + # sharing + <stockholm/makefu/2configs/dcpp/airdcpp.nix> + <stockholm/makefu/2configs/dcpp/hub.nix> + + ## Temporary: # <stockholm/makefu/2configs/temp/rst-issue.nix> <stockholm/makefu/2configs/virtualisation/docker.nix> + <stockholm/makefu/2configs/virtualisation/libvirt.nix> - #{ - # services.dockerRegistry.enable = true; - # networking.firewall.allowedTCPPorts = [ 8443 ]; - - # services.nginx.virtualHosts."euer.krebsco.de" = { - # forceSSL = true; - # enableACME = true; - # extraConfig = '' - # client_max_body_size 1000M; - # ''; - # locations."/".proxyPass = "http://localhost:5000"; - # }; - #} - <stockholm/makefu/2configs/wireguard/server.nix> - { # iperf3 - networking.firewall.allowedUDPPorts = [ 5201 ]; - networking.firewall.allowedTCPPorts = [ 5201 ]; - } - + # krebs infrastructure services + <stockholm/makefu/2configs/stats/server.nix> ]; makefu.dl-dir = "/var/download"; @@ -120,9 +132,7 @@ in { ListenAddress = ${external-ip} 21031 ''; connectTo = [ - "muhbaasu" "tahoe" "flap" "wry" - "ni" - "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs" + "prism" "ni" "enklave" "dishfire" "echelon" "hotdog" ]; }; @@ -137,10 +147,11 @@ in { environment.systemPackages = with pkgs;[ weechat bepasty-client-cli - get tmux ]; + # Hardware + # Network networking = { firewall = { @@ -179,4 +190,5 @@ in { }; users.users.makefu.extraGroups = [ "download" "nginx" ]; boot.tmpOnTmpfs = true; + state = [ "/home/makefu/.weechat" ]; } diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix index a40709169..bfe29b46c 100644 --- a/makefu/1systems/gum/hardware-config.nix +++ b/makefu/1systems/gum/hardware-config.nix @@ -1,26 +1,24 @@ { config, ... }: let - external-mac = "2a:c5:6e:d2:fc:7f"; - main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; - external-gw = "185.194.140.1"; + external-mac = "50:46:5d:9f:63:6b"; + main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS"; + sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS"; + external-gw = "144.76.26.225"; # single partition, label "nixos" # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate # static - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; + external-ip = "144.76.26.247"; + external-ip6 = "2a01:4f8:191:12f6::2"; external-gw6 = "fe80::1"; - external-netmask = 22; + external-netmask = 27; external-netmask6 = 64; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; ext-if = "et0"; # gets renamed on the fly in { imports = [ - <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - <stockholm/makefu/2configs/fs/single-partition-ext4.nix> ]; - makefu.server.primary-itf = ext-if; services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" @@ -40,7 +38,62 @@ in { defaultGateway = external-gw; }; boot.kernelParams = [ ]; - boot.loader.grub.device = main-disk; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.devices = [ main-disk ]; + boot.initrd.kernelModules = [ "dm-raid" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" + "xhci_pci" "ehci_pci" "ahci" "sd_mod" + ]; + boot.kernelModules = [ "kvm-intel" ]; + hardware.enableRedistributableFirmware = true; + fileSystems."/" = { + device = "/dev/mapper/nixos-root"; + fsType = "ext4"; + }; + fileSystems."/var/lib" = { + device = "/dev/mapper/nixos-lib"; + fsType = "ext4"; + }; + fileSystems."/var/download" = { + device = "/dev/mapper/nixos-download"; + fsType = "ext4"; + }; + fileSystems."/var/lib/borgbackup" = { + device = "/dev/mapper/nixos-backup"; + fsType = "ext4"; + }; + fileSystems."/boot" = { + device = "/dev/sda2"; + fsType = "vfat"; + }; + # parted -s -a optimal "$disk" \ + # mklabel gpt \ + # mkpart no-fs 0 1024KiB \ + # set 1 bios_grub on \ + # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ + # mkpart primary 1025MiB 100% + # parted -s -a optimal "/dev/sdb" \ + # mklabel gpt \ + # mkpart primary 1M 100% + + #mkfs.vfat /dev/sda2 + #pvcreate /dev/sda3 + #pvcreate /dev/sdb1 + #vgcreate nixos /dev/sda3 /dev/sdb1 + #lvcreate -L 120G -m 1 -n root nixos + #lvcreate -L 50G -m 1 -n lib nixos + #lvcreate -L 100G -n download nixos + #lvcreate -L 100G -n backup nixos + #mkfs.ext4 /dev/mapper/nixos-root + #mkfs.ext4 /dev/mapper/nixos-lib + #mkfs.ext4 /dev/mapper/nixos-download + #mkfs.ext4 /dev/mapper/nixos-borgbackup + #mount /dev/mapper/nixos-root /mnt + #mkdir /mnt/boot + #mount /dev/sda2 /mnt/boot + #mkdir -p /mnt/var/src + #touch /mnt/var/src/.populate + } diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt new file mode 100644 index 000000000..30276b7db --- /dev/null +++ b/makefu/1systems/gum/rescue.txt @@ -0,0 +1,11 @@ +mount /dev/mapper/nixos-root /mnt +mount /dev/sda2 /mnt/boot + +chroot-prepare /mnt +chroot /mnt /bin/sh + +journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub) + +export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin +/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate +/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix index 1e36c6e87..6940498f1 100644 --- a/makefu/1systems/gum/source.nix +++ b/makefu/1systems/gum/source.nix @@ -1,5 +1,5 @@ { - name="gum"; + name="nextgum"; torrent = true; clever_kexec = true; } diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix deleted file mode 100644 index 64516fa98..000000000 --- a/makefu/1systems/nextgum/config.nix +++ /dev/null @@ -1,253 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - ext-if = config.makefu.server.primary-itf; -in { - imports = [ - <stockholm/makefu> - ./hardware-config.nix - ./transfer-config.nix - <stockholm/makefu/2configs/headless.nix> - # <stockholm/makefu/2configs/smart-monitor.nix> - - # Security - <stockholm/makefu/2configs/sshd-totp.nix> - - # Tools - <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/tools/dev.nix> - <stockholm/makefu/2configs/tools/sec.nix> - <stockholm/makefu/2configs/zsh-user.nix> - <stockholm/makefu/2configs/mosh.nix> - <stockholm/makefu/2configs/gui/xpra.nix> - - <stockholm/makefu/2configs/git/cgit-retiolum.nix> - <stockholm/makefu/2configs/backup.nix> - # <stockholm/makefu/2configs/exim-retiolum.nix> - <stockholm/makefu/2configs/tinc/retiolum.nix> - - # services - <stockholm/makefu/2configs/sabnzbd.nix> - <stockholm/makefu/2configs/mail/mail.euer.nix> - - # sharing - <stockholm/makefu/2configs/share/gum.nix> - <stockholm/makefu/2configs/torrent.nix> - #<stockholm/makefu/2configs/retroshare.nix> - ## <stockholm/makefu/2configs/ipfs.nix> - #<stockholm/makefu/2configs/syncthing.nix> - { # ncdc - environment.systemPackages = [ pkgs.ncdc ]; - networking.firewall = { - allowedUDPPorts = [ 51411 ]; - allowedTCPPorts = [ 51411 ]; - }; - } - # <stockholm/makefu/2configs/opentracker.nix> - - ## network - <stockholm/makefu/2configs/vpn/openvpn-server.nix> - # <stockholm/makefu/2configs/vpn/vpnws/server.nix> - <stockholm/makefu/2configs/dnscrypt/server.nix> - <stockholm/makefu/2configs/binary-cache/server.nix> - <stockholm/makefu/2configs/iodined.nix> - <stockholm/makefu/2configs/bitlbee.nix> - - ## buildbot - <stockholm/makefu/2configs/remote-build/slave.nix> - - # Removed until move: no extra mails - <stockholm/makefu/2configs/urlwatch> - # Removed until move: avoid double-update of domain - # <stockholm/makefu/2configs/hub.nix> - # Removed until move: avoid letsencrypt ban - ### Web - #<stockholm/makefu/2configs/nginx/share-download.nix> - #<stockholm/makefu/2configs/nginx/euer.test.nix> - #<stockholm/makefu/2configs/nginx/euer.mon.nix> - #<stockholm/makefu/2configs/nginx/euer.wiki.nix> - #<stockholm/makefu/2configs/nginx/euer.blog.nix> - ## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix> - #<stockholm/makefu/2configs/nginx/public_html.nix> - #<stockholm/makefu/2configs/nginx/update.connector.one.nix> - #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> - <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix> - <stockholm/makefu/2configs/nginx/iso.euer.nix> - <stockholm/makefu/2configs/deployment/events-publisher> - - #<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> - #<stockholm/makefu/2configs/deployment/graphs.nix> - #<stockholm/makefu/2configs/deployment/owncloud.nix> - #<stockholm/makefu/2configs/deployment/boot-euer.nix> - #<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix> - - { - services.taskserver.enable = true; - services.taskserver.fqdn = config.krebs.build.host.name; - services.taskserver.listenHost = "::"; - services.taskserver.organisations.home.users = [ "makefu" ]; - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ''; - } - - - <stockholm/makefu/2configs/stats/client.nix> - <stockholm/makefu/2configs/dcpp/airdcpp.nix> - # <stockholm/makefu/2configs/logging/client.nix> - - ## Temporary: - # <stockholm/makefu/2configs/temp/rst-issue.nix> - <stockholm/makefu/2configs/virtualisation/docker.nix> - <stockholm/makefu/2configs/virtualisation/libvirt.nix> - - #{ - # services.dockerRegistry.enable = true; - # networking.firewall.allowedTCPPorts = [ 8443 ]; - - # services.nginx.virtualHosts."euer.krebsco.de" = { - # forceSSL = true; - # enableACME = true; - # extraConfig = '' - # client_max_body_size 1000M; - # ''; - # locations."/".proxyPass = "http://localhost:5000"; - # }; - #} - { # wireguard server - - # opkg install wireguard luci-proto-wireguard - - # TODO: networking.nat - - # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - # conf.all.proxy_arp =1 - networking.firewall = { - allowedUDPPorts = [ 51820 ]; - extraCommands = '' - iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE - ''; - }; - - networking.wireguard.interfaces.wg0 = { - ips = [ "10.244.0.1/24" ]; - listenPort = 51820; - privateKeyFile = (toString <secrets>) + "/wireguard.key"; - allowedIPsAsRoutes = true; - peers = [ - { - # x - allowedIPs = [ "10.244.0.2/32" ]; - publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - } - { - # vbob - allowedIPs = [ "10.244.0.3/32" ]; - publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; - } - { - # x-test - allowedIPs = [ "10.244.0.4/32" ]; - publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; - } - { - # work-router - allowedIPs = [ "10.244.0.5/32" ]; - publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; - } - { - # workr - allowedIPs = [ "10.244.0.6/32" ]; - publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; - } - ]; - }; - } - { # iperf3 - networking.firewall.allowedUDPPorts = [ 5201 ]; - networking.firewall.allowedTCPPorts = [ 5201 ]; - } - - # krebs infrastructure services - <stockholm/makefu/2configs/stats/server.nix> - ]; - makefu.dl-dir = "/var/download"; - - services.openssh.hostKeys = [ - { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; } - { path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ]; - ###### stable - services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; - krebs.build.host = config.krebs.hosts.gum; - - krebs.tinc.retiolum = { - extraConfig = '' - ListenAddress = ${external-ip} 53 - ListenAddress = ${external-ip} 655 - ListenAddress = ${external-ip} 21031 - ''; - connectTo = [ - "muhbaasu" "tahoe" "flap" "wry" - "ni" - "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs" - ]; - }; - - - # access - users.users = { - root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; - makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; - }; - - # Chat - environment.systemPackages = with pkgs;[ - weechat - bepasty-client-cli - tmux - ]; - - # Hardware - - # Network - networking = { - firewall = { - allowPing = true; - logRefusedConnections = false; - allowedTCPPorts = [ - # smtp - 25 - # http - 80 443 - # httptunnel - 8080 8443 - # tinc - 655 - # tinc-shack - 21032 - # tinc-retiolum - 21031 - # taskserver - 53589 - # temp vnc - 18001 - # temp reverseshell - 31337 - ]; - allowedUDPPorts = [ - # tinc - 655 53 - # tinc-retiolum - 21031 - # tinc-shack - 21032 - ]; - }; - nameservers = [ "8.8.8.8" ]; - }; - users.users.makefu.extraGroups = [ "download" "nginx" ]; - boot.tmpOnTmpfs = true; -} diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix deleted file mode 100644 index bfe29b46c..000000000 --- a/makefu/1systems/nextgum/hardware-config.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ config, ... }: -let - external-mac = "50:46:5d:9f:63:6b"; - main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS"; - sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS"; - external-gw = "144.76.26.225"; - # single partition, label "nixos" - # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate - - - # static - external-ip = "144.76.26.247"; - external-ip6 = "2a01:4f8:191:12f6::2"; - external-gw6 = "fe80::1"; - external-netmask = 27; - external-netmask6 = 64; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - ext-if = "et0"; # gets renamed on the fly -in { - imports = [ - ]; - makefu.server.primary-itf = ext-if; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - networking = { - interfaces."${ext-if}" = { - ipv4.addresses = [{ - address = external-ip; - prefixLength = external-netmask; - }]; - ipv6.addresses = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; - }; - defaultGateway6 = external-gw6; - defaultGateway = external-gw; - }; - boot.kernelParams = [ ]; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.devices = [ main-disk ]; - boot.initrd.kernelModules = [ "dm-raid" ]; - boot.initrd.availableKernelModules = [ - "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" - "xhci_pci" "ehci_pci" "ahci" "sd_mod" - ]; - boot.kernelModules = [ "kvm-intel" ]; - hardware.enableRedistributableFirmware = true; - fileSystems."/" = { - device = "/dev/mapper/nixos-root"; - fsType = "ext4"; - }; - fileSystems."/var/lib" = { - device = "/dev/mapper/nixos-lib"; - fsType = "ext4"; - }; - fileSystems."/var/download" = { - device = "/dev/mapper/nixos-download"; - fsType = "ext4"; - }; - fileSystems."/var/lib/borgbackup" = { - device = "/dev/mapper/nixos-backup"; - fsType = "ext4"; - }; - fileSystems."/boot" = { - device = "/dev/sda2"; - fsType = "vfat"; - }; - # parted -s -a optimal "$disk" \ - # mklabel gpt \ - # mkpart no-fs 0 1024KiB \ - # set 1 bios_grub on \ - # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ - # mkpart primary 1025MiB 100% - # parted -s -a optimal "/dev/sdb" \ - # mklabel gpt \ - # mkpart primary 1M 100% - - #mkfs.vfat /dev/sda2 - #pvcreate /dev/sda3 - #pvcreate /dev/sdb1 - #vgcreate nixos /dev/sda3 /dev/sdb1 - #lvcreate -L 120G -m 1 -n root nixos - #lvcreate -L 50G -m 1 -n lib nixos - #lvcreate -L 100G -n download nixos - #lvcreate -L 100G -n backup nixos - #mkfs.ext4 /dev/mapper/nixos-root - #mkfs.ext4 /dev/mapper/nixos-lib - #mkfs.ext4 /dev/mapper/nixos-download - #mkfs.ext4 /dev/mapper/nixos-borgbackup - #mount /dev/mapper/nixos-root /mnt - #mkdir /mnt/boot - #mount /dev/sda2 /mnt/boot - #mkdir -p /mnt/var/src - #touch /mnt/var/src/.populate - -} diff --git a/makefu/1systems/nextgum/source.nix b/makefu/1systems/nextgum/source.nix deleted file mode 100644 index 6940498f1..000000000 --- a/makefu/1systems/nextgum/source.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - name="nextgum"; - torrent = true; - clever_kexec = true; -} diff --git a/makefu/1systems/nextgum/transfer-config.nix b/makefu/1systems/nextgum/transfer-config.nix deleted file mode 100644 index 92df60195..000000000 --- a/makefu/1systems/nextgum/transfer-config.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, lib, ... }: -# configuration which is only required for the time of the transfer -{ - krebs.tinc.retiolum.connectTo = [ "gum" ]; - krebs.build.host = lib.mkForce config.krebs.hosts.nextgum; -} - diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index be49db024..9eb8cbf49 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -8,11 +8,11 @@ let in { imports = [ - #./hw/omo.nix - ./hw/tsp.nix + ./hw/omo.nix + #./hw/tsp.nix <stockholm/makefu> <stockholm/makefu/2configs/zsh-user.nix> - <stockholm/makefu/2configs/backup.nix> + <stockholm/makefu/2configs/backup/state.nix> <stockholm/makefu/2configs/exim-retiolum.nix> # <stockholm/makefu/2configs/smart-monitor.nix> <stockholm/makefu/2configs/mail-client.nix> @@ -25,6 +25,22 @@ in { #<stockholm/makefu/2configs/graphite-standalone.nix> #<stockholm/makefu/2configs/share-user-sftp.nix> <stockholm/makefu/2configs/share/omo.nix> + <stockholm/makefu/2configs/dcpp/airdcpp.nix> + { krebs.airdcpp.dcpp.shares = let + d = path: "/media/cryptX/${path}"; + in { + emu.path = d "emu"; + audiobooks.path = lib.mkForce (d "audiobooks"); + incoming.path = lib.mkForce (d "torrent"); + anime.path = d "anime"; + }; + krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp"; + } + { + # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/ + #services.sabnzbd.enable = true; + #systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + } # <stockholm/makefu/2configs/share/omo-timemachine.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> @@ -41,13 +57,23 @@ in { <stockholm/makefu/2configs/stats/arafetch.nix> # services - <stockholm/makefu/2configs/syncthing.nix> + { + services.nginx.enable = true; + networking.firewall.allowedTCPPorts = [ 80 ]; + } + # <stockholm/makefu/2configs/syncthing.nix> <stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/deployment/google-muell.nix> <stockholm/makefu/2configs/virtualisation/docker.nix> <stockholm/makefu/2configs/bluetooth-mpd.nix> <stockholm/makefu/2configs/deployment/homeautomation> { + makefu.ps3netsrv = { + enable = true; + servedir = "/media/cryptX/emu/ps3"; + }; + } + { hardware.pulseaudio.systemWide = true; makefu.mpd.musicDirectory = "/media/cryptX/music"; } @@ -74,7 +100,7 @@ in { krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) { downloadDir = lib.mkForce "/media/cryptX/torrent"; extraConfig = '' - upload_rate = 200 + upload_rate = 500 ''; }; users.groups.share = { @@ -83,14 +109,7 @@ in { }; networking.firewall.trustedInterfaces = [ primaryInterface ]; - # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/ - services.sabnzbd.enable = true; - systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - makefu.ps3netsrv = { - enable = true; - servedir = "/media/cryptX/emu/ps3"; - }; users.users.misa = { uid = 9002; diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index e1d66a2f9..24a3dddc6 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -11,10 +11,10 @@ in { <stockholm/makefu> <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/disable_v6.nix> - # <stockholm/makefu/2configs/tools/core-gui.nix> - # <stockholm/makefu/2configs/tools/extra-gui.nix> - # <stockholm/makefu/2configs/tools/media.nix> + # <stockholm/makefu/2configs/disable_v6.nix> + <stockholm/makefu/2configs/tools/core-gui.nix> + <stockholm/makefu/2configs/tools/extra-gui.nix> + <stockholm/makefu/2configs/tools/media.nix> <stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/mqtt.nix> @@ -33,9 +33,6 @@ in { <stockholm/makefu/2configs/share/wbob.nix> <stockholm/makefu/2configs/bluetooth-mpd.nix> - { - users.users.makefu.extraGroups = [ "pulse" ]; - } # Sensors <stockholm/makefu/2configs/stats/telegraf> @@ -46,10 +43,11 @@ in { <stockholm/makefu/2configs/deployment/led-fader.nix> <stockholm/makefu/2configs/hw/mceusb.nix> # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix> - + { environment.systemPackages = [ pkgs.vlc ]; } <stockholm/makefu/2configs/deployment/bureautomation> + <stockholm/makefu/2configs/deployment/bureautomation/mpd.nix> <stockholm/makefu/2configs/deployment/bureautomation/hass.nix> (let collectd-port = 25826; @@ -174,20 +172,4 @@ in { fsType = "ext4"; }; }; - - # DualHead on NUC - # TODO: update synergy package with these extras (username) - # TODO: add crypto layer - systemd.services."synergy-client" = { - environment.DISPLAY = ":0"; - serviceConfig.User = user; - }; - - services.synergy = { - client = { - enable = true; - screenName = "wbob"; - serverAddress = "x.r"; - }; - }; } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 66d904512..5a4eea2e4 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -15,7 +15,7 @@ <stockholm/makefu/2configs/extra-fonts.nix> <stockholm/makefu/2configs/tools/all.nix> - <stockholm/makefu/2configs/laptop-backup.nix> + <stockholm/makefu/2configs/backup/state.nix> # <stockholm/makefu/2configs/dnscrypt/client.nix> <stockholm/makefu/2configs/avahi.nix> @@ -74,6 +74,7 @@ <stockholm/makefu/2configs/hw/network-manager.nix> <stockholm/makefu/2configs/hw/stk1160.nix> <stockholm/makefu/2configs/hw/irtoy.nix> + <stockholm/makefu/2configs/hw/switch.nix> <stockholm/makefu/2configs/hw/bluetooth.nix> # <stockholm/makefu/2configs/hw/rad1o.nix> <stockholm/makefu/2configs/hw/smartcard.nix> @@ -83,11 +84,11 @@ # Security <stockholm/makefu/2configs/sshd-totp.nix> - { - programs.adb.enable = true; - } + { programs.adb.enable = true; } # temporary + { services.redis.enable = true; } <stockholm/makefu/2configs/pyload.nix> + # <stockholm/makefu/2configs/dcpp/airdcpp.nix> # <stockholm/makefu/2configs/nginx/rompr.nix> # <stockholm/makefu/2configs/lanparty/lancache.nix> # <stockholm/makefu/2configs/lanparty/lancache-dns.nix> @@ -121,13 +122,11 @@ ]; makefu.server.primary-itf = "wlp3s0"; - makefu.full-populate = true; nixpkgs.config.allowUnfree = true; # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ]; networking.firewall.allowedUDPPorts = [ 665 26061 ]; networking.firewall.trustedInterfaces = [ "vboxnet0" ]; @@ -144,14 +143,25 @@ # avoid full boot dir boot.loader.grub.configurationLimit = 3; - environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; + environment.systemPackages = [ pkgs.passwdqc-utils ]; # environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; }; state = [ "/home/makefu/stockholm" - "/home/makefu/backup/borgun" - "/home/makefu/.mail/" + "/home/makefu/.ssh/" + "/home/makefu/.zsh_history" + "/home/makefu/.bash_history" + "/home/makefu/.zshrc" + "/home/makefu/bin" + "/home/makefu/.gnupg" + "/home/makefu/.imapfilter" + "/home/makefu/.mutt" + "/home/makefu/docs" + "/home/makefu/.password-store" + "/home/makefu/.secrets-pass" + "/home/makefu/autosync/Database.kdb" ]; + services.syncthing.user = lib.mkForce "makefu"; services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/"; } diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix deleted file mode 100644 index a4d02af6b..000000000 --- a/makefu/2configs/backup.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; -let - # preparation: - # mkdir -p defaultBackupDir/host.name/src - # as root on omo: - # ssh-copy-id root@src - startAt = "0,6,12,18:00"; - defaultBackupServer = config.krebs.hosts.omo; - defaultBackupDir = "/home/backup"; - defaultPull = host: src: { - method = "pull"; - src = { - inherit host; - path = src; - }; - dst = { - host = defaultBackupServer; - path = "${defaultBackupDir}/${host.name}${src}"; - }; - startAt = "0,6,12,18:00"; - snapshots = { - hourly = { format = "%Y-%m-%dT%H"; retain = 4; }; - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; - }; - }; -in { - krebs.backup.plans = { - # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; - gum-to-omo_root = defaultPull config.krebs.hosts.gum "/"; - gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )// - { - dst.path = "/media/cryptX/backup/gum/var-download"; - dst.host = defaultBackupServer; - startAt = "19:00"; - }; - gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )// - { - dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de"; - dst.host = defaultBackupServer; - - startAt = "05:00"; - }; - # wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/"; - }; - environment.systemPackages = [ - pkgs.borgbackup - ]; -} diff --git a/makefu/2configs/backup/server.nix b/makefu/2configs/backup/server.nix new file mode 100644 index 000000000..f157e715f --- /dev/null +++ b/makefu/2configs/backup/server.nix @@ -0,0 +1,11 @@ +{lib, ... }: +let + hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh ); +in { + # TODO: for all enabled machines + services.borgbackup.repos = lib.genAttrs hosts (host: { + authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ]; + path = "/var/lib/borgbackup/${host}"; + user = "borg-${host}"; + }) ; +} diff --git a/makefu/2configs/backup/ssh/gum.pub b/makefu/2configs/backup/ssh/gum.pub new file mode 100644 index 000000000..ed203d544 --- /dev/null +++ b/makefu/2configs/backup/ssh/gum.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x diff --git a/makefu/2configs/backup/ssh/nextgum.pub b/makefu/2configs/backup/ssh/nextgum.pub new file mode 100644 index 000000000..52d56d956 --- /dev/null +++ b/makefu/2configs/backup/ssh/nextgum.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x diff --git a/makefu/2configs/backup/ssh/omo.pub b/makefu/2configs/backup/ssh/omo.pub new file mode 100644 index 000000000..053b4da87 --- /dev/null +++ b/makefu/2configs/backup/ssh/omo.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x diff --git a/makefu/2configs/backup/ssh/x.pub b/makefu/2configs/backup/ssh/x.pub new file mode 100644 index 000000000..fe894df33 --- /dev/null +++ b/makefu/2configs/backup/ssh/x.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x diff --git a/makefu/2configs/backup/state.nix b/makefu/2configs/backup/state.nix new file mode 100644 index 000000000..1143708bf --- /dev/null +++ b/makefu/2configs/backup/state.nix @@ -0,0 +1,25 @@ +{ config, ... }: +# back up all state +let + sec = toString <secrets>; + sshkey = sec + "/borg.priv"; + phrase = sec + "/borg.pw"; +in +{ + services.borgbackup.jobs.state = { + repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:."; + paths = config.state; + encryption = { + mode = "repokey"; + passCommand = "cat ${phrase}"; + }; + environment.BORG_RSH = "ssh -i ${sshkey}"; + prune.keep = + { daily = 7; + weekly = 4; + monthly = -1; # Keep at least one archive for each month + }; + compression = "auto,lzma"; + startAt = "daily"; + }; +} diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index 890652285..f63dbefd8 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -32,6 +32,11 @@ in { "paste.${config.krebs.build.host.name}" "paste.r" ]; + extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; }; defaultPermissions = "admin,list,create,read,delete"; secretKeyFile = secKey; diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix index b59d3ce10..e007b6072 100644 --- a/makefu/2configs/bluetooth-mpd.nix +++ b/makefu/2configs/bluetooth-mpd.nix @@ -57,6 +57,8 @@ in { load-module module-filter-heuristics load-module module-filter-apply load-module module-switch-on-connect + load-module module-equalizer-sink + load-module module-dbus-protocol #load-module module-bluez5-device #load-module module-bluez5-discover ''; diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix index fe05effd9..ad62babc3 100644 --- a/makefu/2configs/dcpp/airdcpp.nix +++ b/makefu/2configs/dcpp/airdcpp.nix @@ -44,5 +44,6 @@ ''; }; - + state = map (f: "${config.krebs.airdcpp.stateDir}/${f}") + [ "Favorites.xml" "DCPlusPlus.xml" "WebServer.xml" "Recents.xml" "IgnoredUsers.xml" ]; } diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix index 4605e8933..443484a34 100644 --- a/makefu/2configs/deployment/bureautomation/hass.nix +++ b/makefu/2configs/deployment/bureautomation/hass.nix @@ -11,6 +11,11 @@ let payload_available= "Online"; payload_not_available= "Offline"; }; + tasmota_stecki = name: topic: + ( tasmota_plug name topic) // + { state_topic = "/bam/${topic}/stat/POWER"; + command_topic = "/bam/${topic}/cmnd/POWER"; + }; espeasy_dht22 = name: [ { platform = "mqtt"; name = "${name} DHT22 Temperature"; @@ -38,9 +43,6 @@ let }; in { networking.firewall.allowedTCPPorts = [ 8123 ]; - nixpkgs.config.permittedInsecurePackages = [ - "homeassistant-0.65.5" - ]; services.home-assistant = { enable = true; @@ -48,6 +50,9 @@ in { homeassistant = { name = "Bureautomation"; time_zone = "Europe/Berlin"; + latitude = "48.8265"; + longitude = "9.0676"; + elevation = 303; }; mqtt = { @@ -72,7 +77,7 @@ in { switch = [ (tasmota_plug "Bauarbeiterlampe" "plug") (tasmota_plug "Blitzdings" "plug2") - (tasmota_plug "Fernseher" "plug3") + (tasmota_stecki "Fernseher" "fernseher") (tasmota_plug "Pluggy" "plug4") ]; binary_sensor = [ @@ -96,26 +101,140 @@ in { sensorid = "5341"; monitored_conditions = [ "P1" "P2" ]; } - { platform = "influxdb"; - queries = [ - { name = "mean value of feinstaub P1"; - where = '' "node" = 'esp8266-1355142' ''; - measurement = "feinstaub"; - database = "telegraf"; - field = "P1"; - } - { name = "mean value of feinstaub P2"; - where = '' "node" = 'esp8266-1355142' ''; - measurement = "feinstaub"; - database = "telegraf"; - field = "P2"; - } - ]; + + { platform = "darksky"; + api_key = lib.removeSuffix "\n" + (builtins.readFile <secrets/hass/darksky.apikey>); + language = "de"; + monitored_conditions = [ "summary" "icon" + "nearest_storm_distance" "precip_probability" + "precip_intensity" + "temperature" # "temperature_high" "temperature_low" + "apparent_temperature" + "hourly_summary" # next 24 hours text + "minutely_summary" + "humidity" + "pressure" + "uv_index" ]; + units = "si" ; + update_interval = { + days = 0; + hours = 0; + minutes = 30; + seconds = 0; + }; + } + #{ platform = "influxdb"; + # queries = [ + # { name = "mean value of feinstaub P1"; + # where = '' "node" = 'esp8266-1355142' ''; + # measurement = "feinstaub"; + # database = "telegraf"; + # field = "P1"; + # } + # { name = "mean value of feinstaub P2"; + # where = '' "node" = 'esp8266-1355142' ''; + # measurement = "feinstaub"; + # database = "telegraf"; + # field = "P2"; + # } + # ]; + #} + ]; + camera = [ + { name = "Baumarkt"; + platform = "generic"; + still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt + } + { name = "Autobahn Heilbronn"; + platform = "generic"; + still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ; + } + { name = "Autobahn Singen"; + platform = "generic"; + still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ; } ]; frontend = { }; http = { }; - feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; + conversation = {}; + history = {}; + logbook = {}; + tts = [ { platform = "google";} ]; + recorder = {}; + group = + { default_view = + { view = "yes"; + entities = [ + "group.sensors" + "group.outside" + "group.switches" + "group.automation" + "group.camera" + ]; + }; + automation = [ + "automation.turn_off_fernseher_10_minutes_after_last_movement" + ]; + switches = [ + "switch.bauarbeiterlampe" + "switch.blitzdings" + "switch.fernseher" + "switch.pluggy" + ]; + camera = [ + "camera.Baumarkt" + "camera.Autobahn_Heilbronn" + "camera.Autobahn_Singen" + ]; + sensors = [ + "binary_sensor.motion" + "sensor.easy2_dht22_humidity" + "sensor.easy2_dht22_temperature" + ]; + outside = [ + "sensor.ditzingen_pm10" + "sensor.ditzingen_pm25" + "sensor.dark_sky_temperature" + "sensor.dark_sky_humidity" + "sensor.dark_sky_pressure" + "sensor.dark_sky_hourly_summary" + "sensor.dark_sky_minutely_summary" + ]; + }; + # only for automation + # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; + automation = [ + { alias = "Turn on Fernseher on movement"; + trigger = { + platform = "state"; + entity_id = "binary_sensor.motion"; + to = "on"; + }; + action = { + service= "homeassistant.turn_on"; + entity_id= "switch.fernseher"; + }; + } + { alias = "Turn off Fernseher 10 minutes after last movement"; + trigger = { + platform = "state"; + entity_id = "binary_sensor.motion"; + to = "off"; + for.minutes = 10; + }; + action = { + service= "homeassistant.turn_off"; + entity_id= "switch.fernseher"; + }; + condition = [{ + condition = "time"; + before = "06:30:00"; #only turn off between 6:30 and 18:00 + after = "18:00:00"; + weekday = [ "mon" "tue" "wed" "thu" "fri" ]; + }]; + } + ]; }; }; } diff --git a/makefu/2configs/deployment/bureautomation/home.nix b/makefu/2configs/deployment/bureautomation/home.nix deleted file mode 100644 index 28edb6af2..000000000 --- a/makefu/2configs/deployment/bureautomation/home.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ pkgs, lib, ... }: -let - firetv = "192.168.1.238"; -in { - systemd.services.firetv = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; - }; - }; - services.home-assistant = { - #panel_iframe: - #configurator: - # title: Configurator - # icon: mdi:wrench - # url: http://hassio.local:3218 - # sensor: - # - platform: random - enable = true; - config = { - homeassistant = { - name = "Bureautomation"; - time_zone = "Europe/Berlin"; - }; - panel_iframe = { - euer_blog = { - title = "Euer Blog"; - icon = "mdi:wrench"; - url = "https://euer.krebsco.de"; - }; - }; - media_player = [ - { platform = "kodi"; - host = firetv; - } - { platform = "firetv"; - # assumes python-firetv running - } - ]; - sensor = [ - { - platform = "luftdaten"; - name = "Shack 1"; - sensorid = "50"; - monitored_conditions = [ "P1" "P2" ]; - } - { - platform = "luftdaten"; - name = "Shack 2"; - sensorid = "658"; - monitored_conditions = [ "P1" "P2" ]; - } - { - platform = "luftdaten"; - name = "Ditzingen"; - sensorid = "5341"; - monitored_conditions = [ "P1" "P2" ]; - } - { platform = "random"; } - ]; - frontend = { }; - http = { }; - feedreader.urls = [ "https://nixos.org/blogs.xml" ]; - }; - }; -} diff --git a/makefu/2configs/deployment/bureautomation/mpd.nix b/makefu/2configs/deployment/bureautomation/mpd.nix new file mode 100644 index 000000000..1f5acb357 --- /dev/null +++ b/makefu/2configs/deployment/bureautomation/mpd.nix @@ -0,0 +1,9 @@ +{lib,pkgs, ... }: + +{ + systemd.services."ympd-wbob" = { + description = "mpd "; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host localhost --port 6600 --webport 8866 --user nobody"; + }; +} diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix index bde9892cd..e7dc54dd0 100644 --- a/makefu/2configs/deployment/graphs.nix +++ b/makefu/2configs/deployment/graphs.nix @@ -6,11 +6,6 @@ let internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; hn = config.krebs.build.host.name; in { - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${external-ip}" ) { - return 403; - } - ''; krebs.tinc_graphs = { enable = true; nginx = { diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix index f2a3b36e2..94799b11d 100644 --- a/makefu/2configs/deployment/homeautomation/default.nix +++ b/makefu/2configs/deployment/homeautomation/default.nix @@ -1,9 +1,60 @@ -{ pkgs, config, ... }: +{ pkgs, lib, config, ... }: # Ideas: ## wake-on-lan server ## let + tasmota_rgb = name: topic: +# LED WS2812b +# effect_state_topic: "stat/led/Scheme" +# effect_command_topic: "cmnd/led/Scheme" +# effect_value_template: "{{ value_json.Scheme }}" + { platform = "mqtt"; + inherit name; + retain = false; + qos = 1; + optimistic = false; + # state + # TODO: currently broken, will not use the custom state topic + #state_topic = "/ham/${topic}/stat/POWER"; + state_topic = "/ham/${topic}/stat/POWER"; + command_topic = "/ham/${topic}/cmnd/POWER"; + availability_topic = "/ham/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + # brightness + brightness_state_topic = "/ham/${topic}/stat/Dimmer"; + brightness_command_topic = "/ham/${topic}/cmnd/Dimmer"; + brightness_value_template = "{{ value_json.Dimmer }}"; + brightness_scale = 100; + # color + rgb_state_topic = "/ham/${topic}/stat/Color"; + rgb_command_topic = "/ham/${topic}/cmnd/Color2"; + rgb_command_mode = "hex"; + rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}"; + # effects + effect_state_topic = "/ham/${topic}/stat/Scheme"; + effect_command_topic = "/ham/${topic}/cmnd/Scheme"; + effect_value_template = "{{ value_json.Scheme }}"; + effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ]; +}; + # switchmode 1 - also toggle power + # switchtopic flurlicht + tasmota_motion = name: topic: + { platform = "mqtt"; + device_class = "motion"; + inherit name; + # TODO: currently broken, will not use the custom state topic + state_topic = "/ham/${topic}/stat/POWER"; + payload_on = "ON"; + payload_off = "OFF"; + availability_topic = "/ham/${topic}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; + firetv = "192.168.1.238"; tasmota_plug = name: topic: { platform = "mqtt"; @@ -36,20 +87,31 @@ let unit_of_measurement = "hPa"; } ]; + tasmota_am2301 = name: topic: + [ { platform = "mqtt"; + name = "${name} Temperatur"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.AM2301.Temperature }}"; + unit_of_measurement = "°C"; + } + { platform = "mqtt"; + name = "${name} Luftfeuchtigkeit"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.AM2301.Humidity }}"; + unit_of_measurement = "%"; + } + ]; in { imports = [ ./mqtt.nix ]; - systemd.services.firetv = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; - }; - }; - nixpkgs.config.permittedInsecurePackages = [ - "homeassistant-0.65.5" - ]; + #systemd.services.firetv = { + # wantedBy = [ "multi-user.target" ]; + # serviceConfig = { + # User = "nobody"; + # ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; + # }; + #}; services.home-assistant = { config = { homeassistant = { @@ -58,7 +120,7 @@ in { longitude = "9.2478"; elevation = 247; }; - discovery = {}; + #discovery = {}; conversation = {}; history = {}; logbook = {}; @@ -71,16 +133,16 @@ in { { platform = "kodi"; host = firetv; } - { platform = "firetv"; - # assumes python-firetv running - } + #{ platform = "firetv"; + # # assumes python-firetv running + #} ]; mqtt = { broker = "localhost"; port = 1883; client_id = "home-assistant"; username = "hass"; - password = builtins.readFile <secrets/mqtt/hass>; + password = lib.removeSuffix "\n" (builtins.readFile <secrets/mqtt/hass>); keepalive = 60; protocol = 3.1; birth_message = { @@ -96,43 +158,100 @@ in { retain = true; }; }; + binary_sensor = [ + (tasmota_motion "Flur Bewegung" "flurlicht") + ]; sensor = [ - { platform = "speedtest"; - monitored_conditions = [ "ping" "download" "upload" ]; - } + # broken + #{ platform = "speedtest"; + # monitored_conditions = [ "ping" "download" "upload" ]; + #} { platform = "luftdaten"; - name = "Ditzingen"; + name = "Wangen"; sensorid = "663"; monitored_conditions = [ "P1" "P2" ]; } # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ { platform = "darksky"; - api_key = "c73619e6ea79e553a585be06aacf3679"; + api_key = lib.removeSuffix "\n" + (builtins.readFile <secrets/hass/darksky.apikey>); language = "de"; monitored_conditions = [ "summary" "icon" "nearest_storm_distance" "precip_probability" "precip_intensity" - "temperature" # "temperature_high" "temperature_low" + "temperature" + "apparent_temperature" "hourly_summary" + "humidity" + "pressure" "uv_index" ]; units = "si" ; update_interval = { days = 0; hours = 0; - minutes = 10; + minutes = 30; seconds = 0; }; } - ] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer"); + ] + ++ (tasmota_bme "Schlafzimmer" "schlafzimmer") + ++ (tasmota_am2301 "Arbeitszimmer" "arbeitszimmer"); frontend = { }; - #group = [ - # { default_view = { view = "yes"; entities = [ - # "sensor.luftdaten" - # ]} - #]; + group = + { default_view = + { view = "yes"; + entities = [ + "group.flur" + "group.schlafzimmer" + "group.draussen" + "group.wohnzimmer" + "group.arbeitszimmer" + ]; + }; + flur = [ + "light.flurlicht" + "binary_sensor.flur_bewegung" + ]; + wohnzimmer = [ + "media_player.kodi" + ]; + draussen = [ + "sensor.dark_sky_temperature" + "sensor.dark_sky_hourly_summary" + "sensor.wangen_pm10" + "sensor.wangen_pm25" + ]; + schlafzimmer = [ + "sensor.schlafzimmer_temperatur" + "sensor.schlafzimmer_luftdruck" + "sensor.schlafzimmer_luftfeuchtigkeit" + "switch.lichterkette_schlafzimmer" + ]; + arbeitszimmer = [ + "switch.strom_staubsauger" + "sensor.arbeitszimmer_temperatur" + "sensor.arbeitszimmer_luftfeuchtigkeit" + ]; + }; http = { }; switch = [ (tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer") + (tasmota_plug "Strom Staubsauger" "arbeitszimmer") + ]; + light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ]; + automation = [ + { alias = "Staubsauger Strom aus nach 6h"; + trigger = { + platform = "state"; + entity_id = "switch.strom_staubsauger"; + to = "on"; + for.hours = 6; + }; + action = { + service= "homeassistant.turn_off"; + entity_id= "switch.strom_staubsauger"; + }; + } ]; }; enable = true; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 1a7f3d987..4890e4afe 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -41,6 +41,7 @@ let autosync = { }; fenkins = { }; pass = { }; + secrets = { }; }; connector-repos = mapAttrs make-priv-repo { diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index 861a9327e..6bcd09826 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -66,7 +66,7 @@ in cat |derp <<EOF XTerm*background: black XTerm*foreground: white - XTerm*FaceName : xft:xos4 Terminus:pixelsize=11 + XTerm*FaceName : xft:Terminus:pixelsize=12 URxvt*termName: rxvt URxvt*saveLines: 10000 @@ -78,7 +78,7 @@ in URxvt.background: black URxvt.urgentOnBell: true URxvt.visualBell: false - URxvt.font : xft:xos4 Terminus:size=11 + URxvt.font : xft:Terminus:size=12 ! blue diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix index 7db749227..6da1a37e7 100644 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -4,22 +4,38 @@ imports = [ ./base.nix ]; - users.users.makefu.packages = [ pkgs.chromium ]; + users.users.makefu = { + packages = [ pkgs.chromium ]; + extraGroups = [ "audio" "pulse" ]; + }; services.xserver = { - layout = lib.mkForce "de"; - xkbVariant = lib.mkForce ""; windowManager = lib.mkForce { awesome.enable = false; default = "none"; }; - desktopManager.xfce.enable = true; + desktopManager.xfce = { + extraSessionCommands = '' + ${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms + ${pkgs.xlibs.xrandr}/bin/xrandr --output HDMI2 --right-of HDMI1 + ''; + enable = true; + }; # xrandrHeads = [ "HDMI1" "HDMI2" ]; # prevent screen from turning off, disable dpms - displayManager.sessionCommands = '' - xset -display :0 s off -dpms - xrandr --output HDMI2 --right-of HDMI1 - ''; }; + + systemd.services.xset-off = { + after = [ "display-manager.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms"; + RemainAfterExit = "yes"; + TimeoutSec = "5s"; + RestartSec="5s"; + Restart = "on-failure"; + }; + }; + } diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix index 1efc4d2bf..64aa03bd7 100644 --- a/makefu/2configs/home-manager/cli.nix +++ b/makefu/2configs/home-manager/cli.nix @@ -1,12 +1,18 @@ -{ +{pkgs, ... }: { home-manager.users.makefu = { services.gpg-agent = { + enable = true; defaultCacheTtl = 900; maxCacheTtl = 7200; defaultCacheTtlSsh = 3600; maxCacheTtlSsh = 86400; enableSshSupport = true; + enableScDaemon = true; }; programs.fzf.enable = true; # alt-c }; + services.udev.packages = [ + pkgs.libu2f-host + pkgs.yubikey-personalization + ]; } diff --git a/makefu/2configs/home-manager/default.nix b/makefu/2configs/home-manager/default.nix index e75ee6262..2a4574cc8 100644 --- a/makefu/2configs/home-manager/default.nix +++ b/makefu/2configs/home-manager/default.nix @@ -4,4 +4,7 @@ ]; home-manager.users.makefu = { }; + environment.variables = { + GTK_DATA_PREFIX = "/run/current-system/sw"; + }; } diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix index c2f854d47..ce98e651a 100644 --- a/makefu/2configs/home-manager/desktop.nix +++ b/makefu/2configs/home-manager/desktop.nix @@ -1,31 +1,43 @@ -{pkgs, ... }: { +{ pkgs, lib, ... }: + +{ home-manager.users.makefu = { programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; + programs.firefox.enable = true; services.network-manager-applet.enable = true; + systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; services.blueman-applet.enable = true; services.pasystray.enable = true; - - systemd.user.services.network-manager-applet.Service.Environment = '' - XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache - ''; - systemd.user.services.clipit = { - Unit = { - Description = "clipboard manager"; - After = [ "graphical-session-pre.target" ]; - PartOf = [ "graphical-session.target" ]; + systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) ); + programs.chromium = { + enable = true; + extensions = [ + "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin + "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium + # "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold + "fpnmgdkabkmnadcjpehmlllkndpkmiak" # wayback machine + "gcknhkkoolaabfmlnjonogaaifnjlfnp" # foxyproxy + "abkfbakhjpmblaafnpgjppbmioombali" # memex + "kjacjjdnoddnpbbcjilcajfhhbdhkpgk" # forest + ]; }; - Install = { - WantedBy = [ "graphical-session.target" ]; - }; + systemd.user.services.clipit = { + Unit = { + Description = "clipboard manager"; + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; + }; - Service = { - Environment = '' - XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache - ''; - ExecStart = "${pkgs.clipit}/bin/clipit"; - Restart = "on-abort"; + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + + Service = { + Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; + ExecStart = "${pkgs.clipit}/bin/clipit"; + Restart = "on-abort"; + }; }; }; - }; } diff --git a/makefu/2configs/home-manager/mail.nix b/makefu/2configs/home-manager/mail.nix index ce7ae4f4d..467e0d7a0 100644 --- a/makefu/2configs/home-manager/mail.nix +++ b/makefu/2configs/home-manager/mail.nix @@ -1,5 +1,6 @@ { home-manager.users.makefu = { + accounts.email.maildirBasePath = "/home/makefu/Mail"; accounts.email.accounts.syntaxfehler = { address = "felix.richter@syntax-fehler.de"; userName = "Felix.Richter@syntax-fehler.de"; @@ -27,7 +28,7 @@ }; primary = true; realName = "Felix Richter"; - passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg"; + passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.gnupg/mail/syntax-fehler.gpg"; }; programs.offlineimap.enable = true; programs.offlineimap.extraConfig = { diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix index 313ca0147..e556b43c0 100644 --- a/makefu/2configs/hw/bluetooth.nix +++ b/makefu/2configs/hw/bluetooth.nix @@ -1,9 +1,7 @@ { pkgs, ... }: { # bluetooth+pulse config # for blueman-applet - users.users.makefu.packages = [ - pkgs.blueman - ]; + users.users.makefu.packages = [ pkgs.blueman ]; hardware.pulseaudio = { enable = true; package = pkgs.pulseaudioFull; @@ -39,4 +37,5 @@ Enable=Source,Sink,Media,Socket ''; }; + services.dbus.packages = [ pkgs.blueman ]; } diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix index ffc32e0cb..3b9d04549 100644 --- a/makefu/2configs/hw/network-manager.nix +++ b/makefu/2configs/hw/network-manager.nix @@ -27,4 +27,7 @@ powersave = true; scanRandMacAddress = true; }; + state = [ + "/etc/NetworkManager/system-connections" #NM stateful config files + ]; } diff --git a/makefu/2configs/hw/switch.nix b/makefu/2configs/hw/switch.nix new file mode 100644 index 000000000..d46e8cf3f --- /dev/null +++ b/makefu/2configs/hw/switch.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +{ + + users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "plugdev" ]; + + services.udev.extraRules = '' + SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev" + ''; +} diff --git a/makefu/2configs/laptop-backup.nix b/makefu/2configs/laptop-backup.nix deleted file mode 100644 index 8df7043c8..000000000 --- a/makefu/2configs/laptop-backup.nix +++ /dev/null @@ -1,12 +0,0 @@ -{config, lib, pkgs, ... }: - -{ - systemd.user.services.duply-secrets = { - description = "run daily secrets backup"; - startAt = "daily"; - serviceConfig = { - Type = "oneshot"; - ExecStart = "{pkgs.duply}/bin/duply omo-secrets backup"; - }; - }; -} diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix index 65d36d9b6..14d1285db 100644 --- a/makefu/2configs/nginx/euer.blog.nix +++ b/makefu/2configs/nginx/euer.blog.nix @@ -39,4 +39,5 @@ in { }; }; }; + state = [ base-dir ]; } diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 99533b25c..280622259 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -21,6 +21,7 @@ let tw-pass-file = "${sec}/tw-pass.ini"; in { + state = [ base-dir ]; services.phpfpm = { # phpfpm does not have an enable option poolConfigs = { diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index d5fa65ef9..fb1a67358 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -5,11 +5,11 @@ let in { services.printing = { enable = true; - drivers = [ - pkgs.samsungUnifiedLinuxDriver - pkgs.cups-dymo # dymo labelwriter - pkgs.foo2zjs # magicolor 1690mf - pkgs.zj-58 + drivers = with pkgs; [ + samsungUnifiedLinuxDriver + cups-dymo # dymo labelwriter + foo2zjs # magicolor 1690mf + cups-zj-58 ]; }; diff --git a/makefu/2configs/rtorrent.nix b/makefu/2configs/rtorrent.nix deleted file mode 100644 index 9e2990cab..000000000 --- a/makefu/2configs/rtorrent.nix +++ /dev/null @@ -1,19 +0,0 @@ -_: -let - listenPort = 60123; - xml-port = 5000; - authfile = <torrent-secrets/authfile>; -in { - makefu.rtorrent = { - enable = true; - web = { - enable = true; - enableAuth = true; - inherit authfile; - }; - rutorrent.enable = true; - enableXMLRPC = true; - logLevel = "debug"; - inherit listenPort; - }; -} diff --git a/makefu/2configs/deployment/events-publisher/default.nix b/makefu/2configs/shack/events-publisher/default.nix index 37d74c282..531d2525e 100644 --- a/makefu/2configs/deployment/events-publisher/default.nix +++ b/makefu/2configs/shack/events-publisher/default.nix @@ -2,8 +2,8 @@ with import <stockholm/lib>; let shack-announce = pkgs.callPackage (builtins.fetchTarball { - url = "https://github.com/makefu/events-publisher/archive/c5218195e6afdc646cb7682d8f355a7ec2b90716.tar.gz"; - sha256 = "0xk74q7gah3l5zy3bkvih3k9fr1hclvf71rm3ixcmslhicl7khav"; + url = "https://github.com/makefu/events-publisher/archive/670f4d7182a41b6763296e301612499d2986f213.tar.gz"; + sha256 = "1yf9cb08v4rc6x992yx5lcyn62sm3p8i2b48rsmr4m66xdi4bpnd"; }) {} ; home = "/var/lib/shackannounce"; user = "shackannounce"; diff --git a/makefu/2configs/shack/gitlab-runner/default.nix b/makefu/2configs/shack/gitlab-runner/default.nix new file mode 100644 index 000000000..55dc50fa8 --- /dev/null +++ b/makefu/2configs/shack/gitlab-runner/default.nix @@ -0,0 +1,31 @@ + +{ + systemd.services.gitlab-runner.path = [ + "/run/wrappers" # /run/wrappers/bin/su + "/" # /bin/sh + ]; + services.gitlab-runner = { + enable = true; + configOptions = + { concurrent = 1; + runners = [ + { builds_dir = ""; + #docker = + #{ cache_dir = ""; + # disable_cache = true; + # host = ""; image = "nixos/nix:2.1.3"; + # privileged = true; + #}; + #executor = "docker"; + # name = "docker-nix"; + name = "gum-shell"; + executor = "shell"; + environment = [ "PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" ]; + # generate via `gitlab-runner register` + token = import <secrets/shackspace-gitlab-ci-token.nix>; + url = "https://git.shackspace.de/"; + } + ]; + }; + }; +} diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index 422676b24..c16629cc5 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -27,12 +27,14 @@ in { systemd.services.arafetch = { startAt = "Mon,Wed,Fri 09:15:00"; wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; environment = { OUTDIR = home; }; path = [ pkg pkgs.git pkgs.wget ]; serviceConfig = { User = "arafetch"; + Restart = "always"; WorkingDirectory = home; PrivateTmp = true; ExecStart = pkgs.writeDash "start-weekrun" '' diff --git a/makefu/2configs/taskd.nix b/makefu/2configs/taskd.nix new file mode 100644 index 000000000..5ca3b9904 --- /dev/null +++ b/makefu/2configs/taskd.nix @@ -0,0 +1,11 @@ +{config, ... }: +{ + services.taskserver.enable = true; + services.taskserver.fqdn = config.krebs.build.host.name; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.home.users = [ "makefu" ]; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ''; +} diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix index da8a357ae..9dedafdd2 100644 --- a/makefu/2configs/tools/android-pentest.nix +++ b/makefu/2configs/tools/android-pentest.nix @@ -9,7 +9,7 @@ dex2jar apktool jd-gui - android-studio + # android-studio jdk jre openssl diff --git a/makefu/2configs/tools/desktop.nix b/makefu/2configs/tools/desktop.nix index bb14c3eb5..924668803 100644 --- a/makefu/2configs/tools/desktop.nix +++ b/makefu/2configs/tools/desktop.nix @@ -3,7 +3,7 @@ { users.users.makefu.packages = with pkgs; [ taskwarrior - pass + (pass.withExtensions (ext: [ ext.pass-otp ])) gopass mutt weechat diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 1c28eeffd..3d26cc574 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -6,7 +6,6 @@ gimp inkscape libreoffice - quodlibet # skype synergy tdesktop diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index a61b6c88e..88a7c6882 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -7,10 +7,12 @@ vlc mumble mplayer - quodlibet + quodlibet # exfalso plowshare streamripper youtube-dl + + pulseeffects ]; } diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 8a559dbbd..11151003d 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -7,6 +7,8 @@ rclone exfat (pkgs.callPackage ./secrets.nix {}) + + opensc pcsctools libu2f-host ]; # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; diff --git a/makefu/2configs/tools/secrets.nix b/makefu/2configs/tools/secrets.nix index f88618cbc..7d10983c7 100644 --- a/makefu/2configs/tools/secrets.nix +++ b/makefu/2configs/tools/secrets.nix @@ -1,7 +1,7 @@ { pass, write, writeDash, ... }: write "secrets" { - "/bin/secrets".link = writeDash "brain" '' + "/bin/secrets".link = writeDash "secrets" '' PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ exec ${pass}/bin/pass $@ ''; diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix index 3df0ddbfe..ca368dbf0 100644 --- a/makefu/2configs/torrent.nix +++ b/makefu/2configs/torrent.nix @@ -3,12 +3,11 @@ with import <stockholm/lib>; let - daemon-user = "tor"; basicAuth = import <torrent-secrets/auth.nix>; peer-port = 51412; web-port = 8112; daemon-port = 58846; - base-dir = config.makefu.dl-dir; + base-dir = config.krebs.rtorrent.workDir; in { users.users = { @@ -23,17 +22,6 @@ in { }; }; - # todo: race condition, do this after download user has been created - system.activationScripts."download-dir-chmod" = '' - for i in finished watch; do - if test ! -d $i;then - mkdir -p "${base-dir}/$i" - chown rtorrent:download "${base-dir}/$i" - chmod 775 "${base-dir}/$i" - fi - done - ''; - users.extraGroups = { download = { gid = lib.mkDefault (genid "download"); @@ -57,15 +45,17 @@ in { rutorrent.enable = true; enableXMLRPC = true; listenPort = peer-port; - downloadDir = base-dir + "/finished"; - watchDir = base-dir + "/watch"; + downloadDir = config.makefu.dl-dir; # dump old torrents into watch folder to have them re-added }; + services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; }; + networking.firewall.extraCommands = '' iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT ''; networking.firewall.allowedTCPPorts = [ peer-port ]; networking.firewall.allowedUDPPorts = [ peer-port ]; + state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded } diff --git a/makefu/2configs/virtualisation/virtualbox.nix b/makefu/2configs/virtualisation/virtualbox.nix index 30de6e44a..e90cc1e8d 100644 --- a/makefu/2configs/virtualisation/virtualbox.nix +++ b/makefu/2configs/virtualisation/virtualbox.nix @@ -1,26 +1,9 @@ { config, lib, pkgs, ... }: -let - mainUser = config.krebs.build.user; - vboxguestpkg = lib.stdenv.mkDerivation rec { - name = "Virtualbox-Extensions-${version}-${rev}"; - version = "5.0.20"; - rev = "106931"; - src = pkgs.fetchurl { - url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack"; - sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf"; - }; - }; -in { +{ virtualisation.virtualbox.host.enable = true; nixpkgs.config.virtualbox.enableExtensionPack = true; virtualisation.virtualbox.host.enableHardening = false; - users.extraGroups.vboxusers.members = [ "${mainUser.name}" ]; - nixpkgs.config.packageOverrides = super: { - boot.kernelPackages.virtualbox = super.boot.kernelPackages.virtualbox.override { - buildInputs = super.boot.kernelPackages.virtualBox.buildInputs - ++ [ vboxguestpkg ]; - }; - }; + users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ]; } diff --git a/makefu/5pkgs/4nxci/default.nix b/makefu/5pkgs/_4nxci/default.nix index 3aba3be45..dafa37ff6 100644 --- a/makefu/5pkgs/4nxci/default.nix +++ b/makefu/5pkgs/_4nxci/default.nix @@ -1,33 +1,31 @@ -{ stdenv, lib, fetchFromGitHub, mbedtls, python2 }: +{ stdenv, lib, fetchFromGitHub, mbedtls, python2, perl }: let - - mymbedtls = lib.overrideDerivation mbedtls (old: rec { - name = "mbedtls-${version}"; - version = "2.13.0"; - src = fetchFromGitHub { - owner = "ARMmbed"; - repo = "mbedtls"; - rev = name; - sha256 = "1257kp7yxkwwbx5v14kmrmgk1f9zagiddg5alm4wbj0pmgbrm14j"; - }; - buildInputs = old.buildInputs ++ [ python2 ]; - postConfigure = '' - perl scripts/config.pl set MBEDTLS_CMAC_C - ''; - doCheck = false; - - }); -in stdenv.mkDerivation rec { - name = "4nxci-${version}"; - version = "1.30"; - + version = "1.35"; src = fetchFromGitHub { owner = "The-4n"; repo = "4NXCI"; rev = "v${version}"; - sha256 = "0nrd19z88iahxcdx468lzgxlvkl65smwx8f9s19431cszyhvpxyh"; + sha256 = "0yq0irxzi4wi71ajw8ld01zfpkrgknpq7g3m76pbnwmdzkm7dra6"; }; + mymbedtls = stdenv.mkDerivation { + name = "mbedtls-${version}"; + version = "2.6.1"; + doCheck = false; + inherit src; + buildInputs = [ perl ]; + phases = [ "unpackPhase" "buildPhase" "installPhase" ]; + makeFlags = [ "DESTDIR=$(out)" ]; + buildPhase = '' + cp config.mk.template config.mk + cd mbedtls + make + ''; + }; +in stdenv.mkDerivation rec { + name = "4nxci-${version}"; + + inherit src version; buildPhase = '' cp config.mk.template config.mk sed -i 's#\(INCLUDE =\).*#\1${mymbedtls}/include#' Makefile diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index 12d357913..11f9f59b8 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -572,9 +572,9 @@ local os = { do local cmds = { - "@networkmanagerapplet@/bin/nm-applet", - "@blueman@/bin/blueman-applet", - "@clipit@/bin/clipit" + -- "@networkmanagerapplet@/bin/nm-applet", + -- "@blueman@/bin/blueman-applet", + -- "@clipit@/bin/clipit" } for _,i in pairs(cmds) do diff --git a/makefu/5pkgs/cozy-audiobooks/default.nix b/makefu/5pkgs/cozy-audiobooks/default.nix deleted file mode 100644 index 870fa8ce2..000000000 --- a/makefu/5pkgs/cozy-audiobooks/default.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ stdenv, fetchFromGitHub -, ninja -, boost -, meson -, pkgconfig -, wrapGAppsHook -, appstream-glib -, desktop-file-utils -, gtk3 -, glib -, gst_all_1 -, gobjectIntrospection -, python3Packages -, file -, cairo , sqlite , gettext -, gnome3 -}: - -let - peewee = with python3Packages; buildPythonPackage rec { - # https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/python-peewee - pname = "peewee"; - version = "3.6.4"; - src = fetchPypi { - inherit pname version; - sha256 = "1fi4z9n86ri79gllwav0gv3hmwipzmkvivzfyszfqn9fi5zpp3ak"; - }; - doCheck = false; - - checkPhase = '' - python runtests.py - ''; - - buildInputs = [ - cython - sqlite - # psycopg2 - # mysql-connector - ]; - meta.license = stdenv.lib.licenses.mit; - }; -in -stdenv.mkDerivation rec { - name = "cozy-${version}"; - version = "0.6.0"; - - src = fetchFromGitHub { - owner = "geigi"; - repo = "cozy"; - rev = version; - sha256 = "1afl3qsn9h4k8fgp63z0ab9p5ashrg3g936a9rh3i9qydv6s3srd"; - }; - - postPatch = '' - chmod +x data/meson_post_install.py - patchShebangs data/meson_post_install.py - substituteInPlace cozy/magic/magic.py --replace "ctypes.util.find_library('magic')" "'${file}/lib/libmagic${stdenv.hostPlatform.extensions.sharedLibrary}'" - ''; - postInstall = '' - wrapProgram $out/bin/com.github.geigi.cozy \ - --prefix PYTHONPATH : "$PYTHONPATH:$(toPythonPath $out)" - - ''; - wrapPrefixVariables = [ "PYTHONPATH" ]; - - - nativeBuildInputs = [ - meson ninja pkgconfig - wrapGAppsHook - appstream-glib - desktop-file-utils - gobjectIntrospection - - ]; - buildInputs = with gst_all_1; [ gtk3 glib - gstreamer gst-plugins-good gst-plugins-ugly gst-plugins-base cairo gettext - gnome3.defaultIconTheme gnome3.gsettings-desktop-schemas - ] - ++ (with python3Packages; [ - python gst-python pygobject3 dbus-python mutagen peewee magic - - ]); - - checkPhase = '' - ninja test - ''; - - meta = with stdenv.lib; { - description = '' - A modern audio book player for Linux using GTK+ 3 - ''; - maintainers = [ maintainers.makefu ]; - license = licenses.mit; - }; -} diff --git a/makefu/5pkgs/custom/inkscape/dxf_fix.patch b/makefu/5pkgs/custom/inkscape/dxf_fix.patch deleted file mode 100644 index b7b491d4e..000000000 --- a/makefu/5pkgs/custom/inkscape/dxf_fix.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- ./share/extensions/dxf_outlines.py 2017-10-08 17:28:45.553368917 +0200 -+++ ./share/extensions/dxf_outlines.py.new 2017-10-08 17:29:20.172554152 +0200 -@@ -341,7 +341,7 @@ - if not scale: - scale = 25.4/96 # if no scale is specified, assume inch as baseunit - scale /= self.unittouu('1px') -- h = self.unittouu(self.document.getroot().xpath('@height', namespaces=inkex.NSS)[0]) -+ h = self.unittouu(self.documentHeight()) - self.groupmat = [[[scale, 0.0, 0.0], [0.0, -scale, h*scale]]] - doc = self.document.getroot() - self.process_group(doc) - diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 390aabd73..6e86f4264 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -30,9 +30,6 @@ in { qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { }; inherit (callPackage ./devpi {}) devpi-web ; nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {}; - inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: { - patches = [ ./custom/inkscape/dxf_fix.patch ]; - }); } // (mapAttrs (_: flip callPackage {}) diff --git a/makefu/5pkgs/esniper/default.nix b/makefu/5pkgs/esniper/default.nix deleted file mode 100644 index a6aac5748..000000000 --- a/makefu/5pkgs/esniper/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ stdenv, fetchurl , openssl, curl, coreutils, gawk, bash, which }: - -stdenv.mkDerivation rec { - name = "${pname}-2-35-0"; - pname = "esniper"; - version = "2.35.0"; - src = fetchurl { - url = "mirror://sourceforge/${pname}/${name}.tgz"; - sha256 = "04iwjb42lw90c03125bjdpnm0fp78dmwf2j35r7mah0nwcrlagd9"; - }; - - - buildInputs = [ openssl curl ]; - - # Add support for CURL_CA_BUNDLE variable. - # Fix <http://sourceforge.net/p/esniper/bugs/648/>. - patches = [ ./find-ca-bundle.patch ]; - - postInstall = '' - sed <"frontends/snipe" >"$out/bin/snipe" \ - -e "2i export PATH=\"$out/bin:${stdenv.lib.makeBinPath [ coreutils gawk bash which ]}:\$PATH\"" - chmod 555 "$out/bin/snipe" - ''; - - meta = with stdenv.lib; { - description = "Simple, lightweight tool for sniping eBay auctions"; - homepage = http://esniper.sourceforge.net; - license = licenses.gpl2; - maintainers = with maintainers; [ lovek323 peti ]; - platforms = platforms.all; - }; -} diff --git a/makefu/5pkgs/esniper/find-ca-bundle.patch b/makefu/5pkgs/esniper/find-ca-bundle.patch deleted file mode 100644 index e4df272a0..000000000 --- a/makefu/5pkgs/esniper/find-ca-bundle.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -ubr '--exclude=*.o' esniper-2-27-0-orig/http.c esniper-2-27-0-patched/http.c ---- esniper-2-27-0-orig/http.c 2012-02-06 22:04:06.000000000 +0100 -+++ esniper-2-27-0-patched/http.c 2012-07-27 10:54:20.893054646 +0200 -@@ -200,6 +200,9 @@ - int - initCurlStuff(void) - { -+ /* Path to OpenSSL bundle file. */ -+ const char *ssl_capath=NULL; -+ - /* list for custom headers */ - struct curl_slist *slist=NULL; - -@@ -241,6 +244,12 @@ - if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_COOKIEFILE, ""))) - return initCurlStuffFailed(); - -+ /* If the environment variable CURL_CA_BUNDLE is set, pass through its -+ * contents to curl. */ -+ if ((ssl_capath = getenv("CURL_CA_BUNDLE"))) -+ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_CAINFO, ssl_capath))) -+ return initCurlStuffFailed(); -+ - slist = curl_slist_append(slist, "Accept: text/*"); - slist = curl_slist_append(slist, "Accept-Language: en"); - slist = curl_slist_append(slist, "Accept-Charset: iso-8859-1,*,utf-8"); diff --git a/makefu/5pkgs/ifdnfc/default.nix b/makefu/5pkgs/ifdnfc/default.nix deleted file mode 100644 index cc7956c8c..000000000 --- a/makefu/5pkgs/ifdnfc/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ stdenv, fetchFromGitHub , pkgconfig -, pcsclite -, autoreconfHook -, libnfc -}: - -stdenv.mkDerivation rec { - name = "ifdnfc-${version}"; - version = "2016-03-01"; - - src = fetchFromGitHub { - owner = "nfc-tools"; - repo = "ifdnfc"; - rev = "0e48e8e"; - sha256 = "1cxnvhhlcbm8h49rlw5racspb85fmwqqhd3gzzpzy68vrs0b37vg"; - }; - nativeBuildInputs = [ pkgconfig autoreconfHook ]; - buildInputs = [ pcsclite libnfc ]; - - configureFlags = [ "--prefix=$(out)" ]; - makeFlags = [ "DESTDIR=/" "usbdropdir=$(out)/pcsc/drivers" ]; - - meta = with stdenv.lib; { - description = "PC/SC IFD Handler based on libnfc"; - long_description = - '' libnfc Interface Plugin to be used in <code>services.pcscd.plugins</code>. - It provides support for all readers which are not supported by ccid but by libnfc. - - For activating your reader you need to run - <code>ifdnfc-activate yes<code> with this package in your - <code>environment.systemPackages</code> - - To use your reader you may need to blacklist your reader kernel modules: - <code>boot.blacklistedKernelModules = [ "pn533" "pn533_usb" "nfc" ];</code> - - Supports the pn533 smart-card reader chip which is for example used in - the SCM SCL3711. - ''; - homepage = https://github.com/nfc-tools/ifdnfc; - license = licenses.gpl3; - platforms = platforms.linux; - maintainers = with maintainers; [ makefu ]; - }; -} - diff --git a/makefu/5pkgs/jd-gui/default.nix b/makefu/5pkgs/jd-gui/default.nix deleted file mode 100644 index adefd80dd..000000000 --- a/makefu/5pkgs/jd-gui/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ stdenv, lib, pkgs, fetchurl, jre, makeWrapper, unzip }: -stdenv.mkDerivation rec { - name = "${packageName}-${version}"; - packageName = "jd-gui"; - version = "1.4.0"; - - src = fetchurl { - url = "https://github.com/java-decompiler/jd-gui/releases/download/v${version}/${name}.jar"; - sha256 = "0rvbplkhafb6s9aiwgcq4ffz4bvzyp7q511pd46hx4ahhzfg7lmx"; - }; - - nativeBuildInputs = [ makeWrapper unzip ]; - - phases = [ "installPhase" ]; - - installPhase = '' - f=$out/lib/jd-gui/ - bin=$out/bin - name=$(basename $src) - mkdir -p $f $bin - - # fixup path to java - cp $src $f - cat > $bin/jd-gui <<EOF - #!/bin/sh - exec ${pkgs.jre}/bin/java -jar $f/$name \$@ - EOF - chmod +x $bin/jd-gui - ''; - - meta = { - homepage = https://github.com/java-decompiler/jd-gui; - description = "A standalone Java Decompiler GUI"; - license = lib.licenses.gpl3; - }; -} diff --git a/makefu/5pkgs/mcomix/default.nix b/makefu/5pkgs/mcomix/default.nix deleted file mode 100644 index 7fb9cd375..000000000 --- a/makefu/5pkgs/mcomix/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ pkgs, lib ,python2Packages, fetchurl, gtk3}: -python2Packages.buildPythonPackage rec { - name = "mcomix-${version}"; - version = "1.2.1"; - - src = fetchurl { - url = "mirror://sourceforge/mcomix/${name}.tar.bz2"; - sha256 = "0fzsf9pklhfs1rzwzj64c0v30b74nk94p93h371rpg45qnfiahvy"; - }; - - propagatedBuildInputs = with python2Packages; - [ python2Packages.pygtk gtk3 python2Packages.pillow ]; - - # for module in sys.modules.itervalues(): - # RuntimeError: dictionary changed size during iteration - doCheck = false; - - meta = { - homepage = https://github.com/pyload/pyload; - description = "Free and Open Source download manager written in Python"; - license = lib.licenses.gpl3; - maintainers = with lib.maintainers; [ makefu ]; - }; -} diff --git a/makefu/5pkgs/ns-atmosphere-programmer/default.nix b/makefu/5pkgs/ns-atmosphere-programmer/default.nix new file mode 100644 index 000000000..1e1cb1d86 --- /dev/null +++ b/makefu/5pkgs/ns-atmosphere-programmer/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchzip +, makeWrapper +, autoPatchelfHook +, xlibs +, gnome3 +, libpng12 +}: +stdenv.mkDerivation rec { + name = "ns-atmosphere-programmer-${version}"; + version = "0.1"; + + src = fetchzip { + url = "http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-linux-v01.zip"; + sha256 = "0g2fxbirgi0lm0mi69cmknqj7626fxjkwn98bqx5pcalxplww8k0"; + }; + + buildInputs = with xlibs; [ libX11 libXxf86vm libSM gnome3.gtk libpng12 ]; + nativeBuildInputs = [ autoPatchelfHook makeWrapper ]; + + installPhase = '' + install -D -m755 NS-Atmosphere-Programmer-Linux-v0.1/NS-Atmosphere $out/bin/NS-Atmosphere + wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \ +--suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share' + ''; + + dontStrip = true; + + meta = with stdenv.lib; { + description = "Payload programmer for ns-atmosphere injector"; + homepage = http://www.ns-atmosphere.com; + maintainers = [ maintainers.makefu ]; + platforms = platforms.linux; + license = with licenses; [ unfree ]; + }; + +} diff --git a/makefu/5pkgs/switch-launcher/default.nix b/makefu/5pkgs/switch-launcher/default.nix new file mode 100644 index 000000000..cc7905a31 --- /dev/null +++ b/makefu/5pkgs/switch-launcher/default.nix @@ -0,0 +1,24 @@ +{ lib, pkgs, python3Packages, ... }: + +with python3Packages; buildPythonPackage rec { + name = "nodemcu-uploader-${version}"; + version = "0.1.0"; + + src = pkgs.fetchFromGitHub { + owner = "ksmit799"; + repo = "switch-launcher"; + rev = version; + sha256 = "0j24dwiqqjiks59s8gilnplsls130mp1jssg2rpjrvj0jg0w52zz"; + }; + + + propagatedBuildInputs = [ + pyusb + ]; + + meta = { + homepage = https://github.com/ksmit799/switch-launcher; + description = "Desktop switch payload launcher based on a modified reswitched injector"; + license = lib.licenses.bsd3; + }; +} diff --git a/makefu/5pkgs/targetcli/default.nix b/makefu/5pkgs/targetcli/default.nix new file mode 100644 index 000000000..927c34c5a --- /dev/null +++ b/makefu/5pkgs/targetcli/default.nix @@ -0,0 +1,64 @@ +{ pkgs, fetchFromGitHub, ... }: +with pkgs.python2Packages; +let + version = "2.1"; + rtslib = buildPythonPackage rec { + pname = "rtslib"; + inherit version; + src = fetchFromGitHub { + owner = "datera"; + repo = "rtslib"; + rev = version; + sha256 = "1d58k9i4xigfqgycyismsqzkz65ssjdri2v9fg0wpica1klyyv22"; + }; + propagatedBuildInputs = [ ipaddr netifaces configobj ]; + }; + configshell = buildPythonPackage rec { + pname = "configshell"; + version = "1.6"; + src = fetchFromGitHub { + owner = "datera"; + repo = "configshell"; + rev = version; + sha256 = "14n7xbcaicsvwajv1aihz727dlkn6zfaqjbnn7mcpns83c2hms7y"; + }; + propagatedBuildInputs = [ pyparsing ]; + }; + + tcm-py = buildPythonPackage rec { + pname = "tcm-py"; + version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; + src = fetchFromGitHub { + owner = "datera"; + repo = "lio-utils"; + rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; + sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0"; + } + "/tcm-py"; + propagatedBuildInputs = [ ]; + }; + + lio-py = buildPythonPackage rec { + pname = "lio-py"; + version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; + src = fetchFromGitHub { + owner = "datera"; + repo = "lio-utils"; + rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; + sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0"; + } + "/lio-py"; + propagatedBuildInputs = [ ]; + }; + +in buildPythonApplication rec { + pname = "targetcli"; + inherit version; + + propagatedBuildInputs = [ rtslib configshell lio-py tcm-py ]; + + src = fetchFromGitHub { + owner = "datera"; + repo = "targetcli"; + rev = version; + sha256 = "10nax7761g93qzky01y3hra8i4s11cgyy9w5w6l8781lj21lgi3d"; + }; +} diff --git a/makefu/5pkgs/zj-58/default.nix b/makefu/5pkgs/zj-58/default.nix deleted file mode 100644 index 6eda84959..000000000 --- a/makefu/5pkgs/zj-58/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{stdenv, fetchFromGitHub, cups}: - -stdenv.mkDerivation rec { - name = "cups-zj58-2018-02-22"; - - src = fetchFromGitHub { - owner = "klirichek"; - repo = "zj-58"; - rev = "e4212cd"; - sha256 = "1w2qkspm4qqg5h8n6gmakzhiww7gag64chvy9kf89xsl3wsyp6pi"; - }; - - buildInputs = [cups]; - - installPhase = '' - mkdir -p $out/lib/cups/filter - - cp rastertozj $out/lib/cups/filter - - - mkdir -p $out/share/cups/model/zjiang - cp ZJ-58.ppd $out/share/cups/model/zjiang/ - ''; - - meta = { - description = "CUPS filter for thermal printer Zjiang ZJ-58"; - homepage = https://github.com/klirichek/zj-58; - platforms = stdenv.lib.platforms.linux; - }; -} diff --git a/makefu/krops.nix b/makefu/krops.nix index 27b7b04ef..2b43d541d 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -69,7 +69,7 @@ (lib.mkIf ( host-src.home-manager ) { home-manager.git = { url = https://github.com/rycee/home-manager; - ref = "6eea2a4"; + ref = "f947faf"; }; }) ]; diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json index f39bb6688..c5cd0ac30 100644 --- a/makefu/nixpkgs.json +++ b/makefu/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/makefu/nixpkgs", - "rev": "8f991294288b27b9dec05cc1e07ec6a360bb39c8", - "date": "2018-08-06T14:29:01+02:00", - "sha256": "0zan8kdjk1pwdzm1rwc3ka87k11j0zmw4mdnj70r6pm38x2fa9n6", + "rev": "86fb1e9ae6ba6dfedc814b82abd8db5cfa4f4687", + "date": "2018-10-07T23:33:42+02:00", + "sha256": "015yxs3qj299mgqfmz5vgszj2gxqwazifsdsjw6xadris3ri41d3", "fetchSubmodules": true } diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix deleted file mode 100644 index 0967ef424..000000000 --- a/nin/0tests/dummysecrets/hashedPasswords.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519 deleted file mode 100644 index e69de29bb..000000000 --- a/nin/0tests/dummysecrets/ssh.id_ed25519 +++ /dev/null diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix deleted file mode 100644 index 5e81afdbd..000000000 --- a/nin/1systems/axon/config.nix +++ /dev/null @@ -1,132 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -with lib; - -{ - imports = [ - <stockholm/nin> - <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - #../2configs/copyq.nix - <stockholm/nin/2configs/ableton.nix> - <stockholm/nin/2configs/games.nix> - <stockholm/nin/2configs/git.nix> - <stockholm/nin/2configs/retiolum.nix> - <stockholm/nin/2configs/termite.nix> - ]; - - krebs.build.host = config.krebs.hosts.axon; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/pool/root"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = - { device = "tmpfs"; - fsType = "tmpfs"; - }; - - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "ext2"; - }; - - boot.initrd.luks.devices.crypted.device = "/dev/sda2"; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # nin config - time.timeZone = "Europe/Berlin"; - services.xserver = { - enable = true; - - displayManager.lightdm.enable = true; - }; - - networking.networkmanager.enable = true; - #networking.wireless.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - hardware.bluetooth.enable = true; - - hardware.opengl.driSupport32Bit = true; - - #nixpkgs.config.steam.java = true; - - environment.systemPackages = with pkgs; [ - atom - chromium - firefox - git - htop - keepassx - lmms - networkmanagerapplet - openvpn - python - ruby - steam - taskwarrior - thunderbird - vim - virtmanager - ]; - - nixpkgs.config = { - - allowUnfree = true; - - }; - - #services.logind.extraConfig = "HandleLidSwitch=ignore"; - - services.xserver.synaptics = { - enable = true; - }; - - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xhost}/bin/xhost + local: - ''; - - services.xserver.desktopManager.xfce = let - xbindConfig = pkgs.writeText "xbindkeysrc" '' - "${pkgs.pass}/bin/passmenu --type" - Control + p - ''; - in { - enable = true; - extraSessionCommands = '' - ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} - ''; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; - -} diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix deleted file mode 100644 index a09eed958..000000000 --- a/nin/1systems/hiawatha/config.nix +++ /dev/null @@ -1,126 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -with lib; - -{ - imports = [ - <stockholm/nin> - <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - #../2configs/copyq.nix - <stockholm/nin/2configs/games.nix> - <stockholm/nin/2configs/git.nix> - <stockholm/nin/2configs/retiolum.nix> - <stockholm/nin/2configs/termite.nix> - ]; - - krebs.build.host = config.krebs.hosts.hiawatha; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = - { device = "tmpfs"; - fsType = "tmpfs"; - }; - - fileSystems."/home" = - { device = "/dev/fam/home"; - }; - - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010"; - fsType = "ext2"; - }; - - boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - fileSystems."/home/nin/.local/share/Steam" = { - device = "/dev/fam/steam"; - }; - - # nin config - time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; - - networking.networkmanager.enable = true; - #networking.wireless.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - hardware.bluetooth.enable = true; - - hardware.opengl.driSupport32Bit = true; - - #nixpkgs.config.steam.java = true; - - environment.systemPackages = with pkgs; [ - firefox - git - lmms - networkmanagerapplet - python - steam - thunderbird - vim - virtmanager - ]; - - nixpkgs.config = { - - allowUnfree = true; - - }; - - #services.logind.extraConfig = "HandleLidSwitch=ignore"; - - services.xserver.synaptics = { - enable = true; - }; - - - services.xserver.desktopManager.xfce = let - xbindConfig = pkgs.writeText "xbindkeysrc" '' - "${pkgs.pass}/bin/passmenu --type" - Control + p - ''; - in { - enable = true; - extraSessionCommands = '' - ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} - ''; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; - -} diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix deleted file mode 100644 index 3cd0773ae..000000000 --- a/nin/1systems/onondaga/config.nix +++ /dev/null @@ -1,23 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -{ - imports = [ - <stockholm/nin> - <stockholm/nin/2configs/retiolum.nix> - <stockholm/nin/2configs/weechat.nix> - <stockholm/nin/2configs/git.nix> - ]; - - krebs.build.host = config.krebs.hosts.onondaga; - - boot.isContainer = true; - networking.useDHCP = false; - - time.timeZone = "Europe/Amsterdam"; - - services.openssh.enable = true; -} diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix deleted file mode 100644 index 343a9089d..000000000 --- a/nin/2configs/ableton.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, pkgs, ... }: let - mainUser = config.users.extraUsers.nin; -in { - users.users= { - ableton = { - isNormalUser = true; - extraGroups = [ - "audio" - "video" - ]; - packages = [ - pkgs.wine - pkgs.winetricks - ]; - }; - }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(ableton) NOPASSWD: ALL - ''; -} diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix deleted file mode 100644 index 0616c4025..000000000 --- a/nin/2configs/copyq.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; -let - copyqConfig = pkgs.writeDash "copyq-config" '' - ${pkgs.copyq}/bin/copyq config check_clipboard true - ${pkgs.copyq}/bin/copyq config check_selection true - ${pkgs.copyq}/bin/copyq config copy_clipboard true - ${pkgs.copyq}/bin/copyq config copy_selection true - - ${pkgs.copyq}/bin/copyq config activate_closes true - ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 - ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard - ${pkgs.copyq}/bin/copyq config disable_tray true - ${pkgs.copyq}/bin/copyq config hide_tabs true - ${pkgs.copyq}/bin/copyq config hide_toolbar true - ${pkgs.copyq}/bin/copyq config item_popup_interval true - ${pkgs.copyq}/bin/copyq config maxitems 1000 - ${pkgs.copyq}/bin/copyq config move true - ${pkgs.copyq}/bin/copyq config text_wrap true - ''; -in { - systemd.user.services.copyq = { - after = [ "graphical.target" ]; - wants = [ "graphical.target" ]; - wantedBy = [ "default.target" ]; - environment = { - DISPLAY = ":0"; - }; - serviceConfig = { - SyslogIdentifier = "copyq"; - ExecStart = "${pkgs.copyq}/bin/copyq"; - ExecStartPost = copyqConfig; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - }; - }; -} diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix deleted file mode 100644 index 62f499a2d..000000000 --- a/nin/2configs/default.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -{ - imports = [ - ../2configs/vim.nix - <stockholm/krebs/2configs/binary-cache/nixos.nix> - <stockholm/krebs/2configs/binary-cache/prism.nix> - { - users.extraUsers = - mapAttrs (_: h: { hashedPassword = h; }) - (import <secrets/hashedPasswords.nix>); - } - { - users.users = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - config.krebs.users.nin_h.pubkey - ]; - }; - nin = { - name = "nin"; - uid = 1337; - home = "/home/nin"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "audio" - "fuse" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - config.krebs.users.nin_h.pubkey - ]; - }; - }; - } - { - environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - } - (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { - environment.variables = { - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; - }) - ]; - - networking.hostName = config.krebs.build.host.name; - nix.maxJobs = config.krebs.build.host.cores; - - krebs = { - enable = true; - search-domain = "r"; - build = { - user = config.krebs.users.nin; - }; - }; - - nix.useSandbox = true; - - users.mutableUsers = false; - - services.timesyncd.enable = true; - - #why is this on in the first place? - services.nscd.enable = false; - - boot.tmpOnTmpfs = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - # multiple-definition-problem when defining environment.variables.EDITOR - environment.extraInit = '' - EDITOR=vim - ''; - - nixpkgs.config.allowUnfree = true; - - environment.shellAliases = { - gs = "git status"; - }; - - environment.systemPackages = with pkgs; [ - #stockholm - git - gnumake - jq - proot - pavucontrol - populate - p7zip - termite - unzip - unrar - hashPassword - ]; - - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - promptInit = '' - if test $UID = 0; then - PS1='\[\033[1;31m\]$PWD\[\033[0m\] ' - elif test $UID = 1337; then - PS1='\[\033[1;32m\]$PWD\[\033[0m\] ' - else - PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] ' - fi - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; - - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - krebs.iptables = { - enable = true; - tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } - { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } - { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } - ]; - }; - }; - - networking.dhcpcd.extraConfig = '' - noipv4ll - ''; -} diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix deleted file mode 100644 index aed4a9f48..000000000 --- a/nin/2configs/git.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let - - out = { - services.nginx.enable = true; - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "public repositories at ${config.krebs.build.host.name}"; - root-desc = "keep calm and engage"; - }; - }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; - rules = rules; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - - repos = public-repos; - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - stockholm = { - cgit.desc = "take all the computers hostage, they'll love you!"; - }; - }; - - make-public-repo = name: { cgit ? {}, ... }: { - inherit cgit name; - public = true; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = [ nin nin_h ]; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = attrValues config.krebs.users; - repo = [ repo ]; - perm = fetch; - } ++ - optional (length (repo.collaborators or []) > 0) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - }; - -in out diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix deleted file mode 100644 index b078dbd53..000000000 --- a/nin/2configs/im.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; -{ - environment.systemPackages = with pkgs; [ - (pkgs.writeDashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - ssh chat@onondaga - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') - ]; -} diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix deleted file mode 100644 index 821e3cc00..000000000 --- a/nin/2configs/retiolum.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ ... }: - -{ - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } - { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } - { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } - ]; - }; - }; - - krebs.tinc.retiolum = { - enable = true; - connectTo = [ - "prism" - "pigstarter" - "gum" - "flap" - ]; - }; - - nixpkgs.config.packageOverrides = pkgs: { - tinc = pkgs.tinc_pre; - }; -} diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix deleted file mode 100644 index 621dfae82..000000000 --- a/nin/2configs/skype.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - mainUser = config.users.extraUsers.nin; - inherit (import <stockholm/lib>) genid; - -in { - users.extraUsers = { - skype = { - name = "skype"; - uid = genid "skype"; - description = "user for running skype"; - home = "/home/skype"; - useDefaultShell = true; - extraGroups = [ "audio" "video" ]; - createHome = true; - }; - }; - - krebs.per-user.skype.packages = [ - pkgs.skype - ]; - - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(skype) NOPASSWD: ALL - ''; -} diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix deleted file mode 100644 index 942446b01..000000000 --- a/nin/2configs/termite.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, ... }: - -{ - environment.systemPackages = [ - pkgs.termite - ]; - - krebs.per-user.nin.packages = let - termitecfg = pkgs.writeTextFile { - name = "termite-config"; - destination = "/etc/xdg/termite/config"; - text = '' - [colors] - foreground = #d0d7d0 - background = #000000 - ''; - }; - in [ - termitecfg - ]; - -} diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix deleted file mode 100644 index 7b5d37611..000000000 --- a/nin/2configs/vim.nix +++ /dev/null @@ -1,355 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - out = { - environment.systemPackages = [ - vim - pkgs.pythonPackages.flake8 - ]; - - environment.etc.vimrc.source = vimrc; - - environment.variables.EDITOR = mkForce "vim"; - environment.variables.VIMINIT = ":so /etc/vimrc"; - }; - - vimrc = pkgs.writeText "vimrc" '' - set nocompatible - - set autoindent - set backspace=indent,eol,start - set backup - set backupdir=${dirs.backupdir}/ - set directory=${dirs.swapdir}// - set hlsearch - set incsearch - set laststatus=2 - set mouse=a - set noruler - set pastetoggle=<INS> - set runtimepath=${extra-runtimepath},$VIMRUNTIME - set shortmess+=I - set showcmd - set showmatch - set ttimeoutlen=0 - set undodir=${dirs.undodir} - set undofile - set undolevels=1000000 - set undoreload=1000000 - set viminfo='20,<1000,s100,h,n${files.viminfo} - set visualbell - set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o - set wildmenu - set wildmode=longest,full - - set et ts=2 sts=2 sw=2 - - filetype plugin indent on - - set t_Co=256 - colorscheme hack - syntax on - - au Syntax * syn match Garbage containedin=ALL /\s\+$/ - \ | syn match TabStop containedin=ALL /\t\+/ - \ | syn keyword Todo containedin=ALL TODO - - au BufRead,BufNewFile *.hs so ${hs.vim} - - au BufRead,BufNewFile *.nix so ${nix.vim} - - au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile - - "Syntastic config - let g:syntastic_python_checkers=['flake8'] - - nmap <esc>q :buffer - nmap <M-q> :buffer - - cnoremap <C-A> <Home> - - noremap <C-c> :q<cr> - vnoremap < <gv - vnoremap > >gv - - nnoremap <esc>[5^ :tabp<cr> - nnoremap <esc>[6^ :tabn<cr> - nnoremap <esc>[5@ :tabm -1<cr> - nnoremap <esc>[6@ :tabm +1<cr> - - nnoremap <f1> :tabp<cr> - nnoremap <f2> :tabn<cr> - inoremap <f1> <esc>:tabp<cr> - inoremap <f2> <esc>:tabn<cr> - - " <C-{Up,Down,Right,Left> - noremap <esc>Oa <nop> | noremap! <esc>Oa <nop> - noremap <esc>Ob <nop> | noremap! <esc>Ob <nop> - noremap <esc>Oc <nop> | noremap! <esc>Oc <nop> - noremap <esc>Od <nop> | noremap! <esc>Od <nop> - " <[C]S-{Up,Down,Right,Left> - noremap <esc>[a <nop> | noremap! <esc>[a <nop> - noremap <esc>[b <nop> | noremap! <esc>[b <nop> - noremap <esc>[c <nop> | noremap! <esc>[c <nop> - noremap <esc>[d <nop> | noremap! <esc>[d <nop> - vnoremap u <nop> - ''; - - extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ - pkgs.vimPlugins.Syntastic - pkgs.vimPlugins.undotree - pkgs.vimPlugins.airline - (pkgs.vimUtils.buildVimPlugin { - name = "file-line-1.0"; - src = pkgs.fetchgit { - url = git://github.com/bogado/file-line; - rev = "refs/tags/1.0"; - sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; - }; - }) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "hack"; - in { - name = "vim-color-${name}-1.0.2"; - destination = "/colors/${name}.vim"; - text = /* vim */ '' - set background=dark - hi clear - if exists("syntax_on") - syntax clear - endif - - let colors_name = ${toJSON name} - - hi Normal ctermbg=235 - hi Comment ctermfg=242 - hi Constant ctermfg=062 - hi Identifier ctermfg=068 - hi Function ctermfg=041 - hi Statement ctermfg=167 - hi PreProc ctermfg=167 - hi Type ctermfg=041 - hi Delimiter ctermfg=251 - hi Special ctermfg=062 - - hi Garbage ctermbg=088 - hi TabStop ctermbg=016 - hi Todo ctermfg=174 ctermbg=NONE - - hi NixCode ctermfg=148 - hi NixData ctermfg=149 - hi NixQuote ctermfg=150 - - hi diffNewFile ctermfg=207 - hi diffFile ctermfg=207 - hi diffLine ctermfg=207 - hi diffSubname ctermfg=207 - hi diffAdded ctermfg=010 - hi diffRemoved ctermfg=009 - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "vim"; - in { - name = "vim-syntax-${name}-1.0.0"; - destination = "/syntax/${name}.vim"; - text = /* vim */ '' - ${concatMapStringsSep "\n" (s: /* vim */ '' - syn keyword vimColor${s} ${s} - \ containedin=ALLBUT,vimComment,vimLineComment - hi vimColor${s} ctermfg=${s} - '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "showsyntax"; - in { - name = "vim-plugin-${name}-1.0.0"; - destination = "/plugin/${name}.vim"; - text = /* vim */ '' - if exists('g:loaded_showsyntax') - finish - endif - let g:loaded_showsyntax = 0 - - fu! ShowSyntax() - let id = synID(line("."), col("."), 1) - let name = synIDattr(id, "name") - let transName = synIDattr(synIDtrans(id),"name") - if name != transName - let name .= " (" . transName . ")" - endif - echo "Syntax: " . name - endfu - - command! -n=0 -bar ShowSyntax :call ShowSyntax() - ''; - }))) - ]; - - dirs = { - backupdir = "$HOME/.cache/vim/backup"; - swapdir = "$HOME/.cache/vim/swap"; - undodir = "$HOME/.cache/vim/undo"; - }; - files = { - viminfo = "$HOME/.cache/vim/info"; - }; - - mkdirs = let - dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); - in assert out != ""; out; - alldirs = attrValues dirs ++ map dirOf (attrValues files); - in unique (sort lessThan alldirs); - - vim = pkgs.writeDashBin "vim" '' - set -efu - (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) - exec ${pkgs.vim}/bin/vim "$@" - ''; - - - hs.vim = pkgs.writeText "hs.vim" '' - syn region String start=+\[[[:alnum:]]*|+ end=+|]+ - - hi link ConId Identifier - hi link VarId Identifier - hi link hsDelimiter Delimiter - ''; - - nix.vim = pkgs.writeText "nix.vim" '' - setf nix - - " Ref <nix/src/libexpr/lexer.l> - syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ - syn match NixINT /\<[0-9]\+\>/ - syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ - syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ - syn region NixSTRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - syn region NixIND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - - syn match NixOther /[():/;=.,?\[\]]/ - - syn match NixCommentMatch /\(^\|\s\)#.*/ - syn region NixCommentRegion start="/\*" end="\*/" - - hi link NixCode Statement - hi link NixData Constant - hi link NixComment Comment - - hi link NixCommentMatch NixComment - hi link NixCommentRegion NixComment - hi link NixID NixCode - hi link NixINT NixData - hi link NixPATH NixData - hi link NixHPATH NixData - hi link NixSPATH NixData - hi link NixURI NixData - hi link NixSTRING NixData - hi link NixIND_STRING NixData - - hi link NixEnter NixCode - hi link NixOther NixCode - hi link NixQuote NixData - - syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings - syn cluster nix_ind_strings contains=NixIND_STRING - syn cluster nix_strings contains=NixSTRING - - ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let - startAlts = filter isString [ - ''/\* ${lang} \*/'' - extraStart - ]; - sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; - in /* vim */ '' - syn include @nix_${lang}_syntax syntax/${lang}.vim - unlet b:current_syntax - - syn match nix_${lang}_sigil - \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X - \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING - \ transparent - - syn region nix_${lang}_region_STRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn region nix_${lang}_region_IND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn cluster nix_ind_strings - \ add=nix_${lang}_region_IND_STRING - - syn cluster nix_strings - \ add=nix_${lang}_region_STRING - - syn cluster nix_has_dollar_curly - \ add=@nix_${lang}_syntax - '') { - c = {}; - cabal = {}; - haskell = {}; - sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; - vim.extraStart = - ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; - })} - - " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. - syn clear shVarAssign - - syn region nixINSIDE_DOLLAR_CURLY - \ matchgroup=NixEnter - \ start="[$]{" - \ end="}" - \ contains=TOP - \ containedin=@nix_has_dollar_curly - \ transparent - - syn region nix_inside_curly - \ matchgroup=NixEnter - \ start="{" - \ end="}" - \ contains=TOP - \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly - \ transparent - - syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 - \ containedin=@nix_ind_strings - \ contained - - syn match NixQuote /\\./he=s+1 - \ containedin=@nix_strings - \ contained - - syn sync fromstart - - let b:current_syntax = "nix" - - set isk=@,48-57,_,192-255,-,' - set bg=dark - ''; -in -out diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix deleted file mode 100644 index 6c0fb313e..000000000 --- a/nin/2configs/weechat.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import <stockholm/lib>) genid; -in { - krebs.per-user.chat.packages = with pkgs; [ - mosh - weechat - tmux - ]; - - users.extraUsers.chat = { - home = "/home/chat"; - uid = genid "chat"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; -} diff --git a/nin/default.nix b/nin/default.nix deleted file mode 100644 index c31d6d949..000000000 --- a/nin/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: -{ - imports = [ - ../krebs - ./2configs - ]; -} |