summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ci.nix4
-rw-r--r--default.nix21
-rw-r--r--jeschli/5pkgs/simple/default.nix8
-rw-r--r--jeschli/5pkgs/simple/xmonad-jeschli/default.nix9
-rw-r--r--jeschli/krops.nix2
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/2configs/cache.nsupdate.info.nix33
-rw-r--r--krebs/2configs/ircd.nix2
-rw-r--r--krebs/3modules/airdcpp.nix2
-rw-r--r--krebs/3modules/buildbot/master.nix2
-rw-r--r--krebs/3modules/buildbot/slave.nix2
-rw-r--r--krebs/3modules/cachecache.nix171
-rw-r--r--krebs/3modules/charybdis.nix110
-rw-r--r--krebs/3modules/ci.nix36
-rw-r--r--krebs/3modules/default.nix4
-rw-r--r--krebs/3modules/fetchWallpaper.nix9
-rw-r--r--krebs/3modules/github-hosts-sync.nix2
-rw-r--r--krebs/3modules/lass/default.nix80
-rw-r--r--krebs/3modules/makefu/default.nix99
-rw-r--r--krebs/3modules/nin/default.nix111
-rw-r--r--krebs/3modules/realwallpaper.nix185
-rw-r--r--krebs/3modules/tinc.nix6
-rw-r--r--krebs/3modules/urlwatch.nix2
-rw-r--r--krebs/5pkgs/haskell/default.nix9
-rw-r--r--krebs/5pkgs/haskell/xmonad-stockholm.nix13
-rw-r--r--krebs/5pkgs/simple/default.nix8
-rw-r--r--krebs/5pkgs/simple/ejabberd/default.nix122
-rw-r--r--krebs/5pkgs/simple/ejabberd/ejabberdctl.patch32
-rw-r--r--krebs/5pkgs/simple/realwallpaper/default.nix24
-rw-r--r--krebs/default.nix16
-rw-r--r--krebs/krops.nix44
-rw-r--r--krebs/nixpkgs.json6
-rw-r--r--lass/1systems/archprism/config.nix32
-rw-r--r--lass/1systems/archprism/physical.nix20
-rw-r--r--lass/1systems/blue/source.nix11
-rw-r--r--lass/1systems/cabal/config.nix16
-rw-r--r--lass/1systems/cabal/physical.nix12
-rw-r--r--lass/1systems/icarus/config.nix4
-rw-r--r--lass/1systems/mors/config.nix6
-rw-r--r--lass/1systems/prism/config.nix66
-rw-r--r--lass/1systems/prism/physical.nix124
-rw-r--r--lass/1systems/shodan/config.nix1
-rw-r--r--lass/1systems/skynet/config.nix30
-rw-r--r--lass/1systems/skynet/physical.nix21
-rw-r--r--lass/1systems/yellow/config.nix140
-rw-r--r--lass/1systems/yellow/physical.nix8
-rw-r--r--lass/2configs/baseX.nix6
-rw-r--r--lass/2configs/binary-cache/server.nix8
-rw-r--r--lass/2configs/blue-host.nix100
-rw-r--r--lass/2configs/blue.nix1
-rw-r--r--lass/2configs/ciko.nix4
-rw-r--r--lass/2configs/downloading.nix65
-rw-r--r--lass/2configs/exim-smarthost.nix4
-rw-r--r--lass/2configs/fetchWallpaper.nix3
-rw-r--r--lass/2configs/games.nix2
-rw-r--r--lass/2configs/git.nix4
-rw-r--r--lass/2configs/mail.nix16
-rw-r--r--lass/2configs/monitoring/prometheus-server.nix3
-rw-r--r--lass/2configs/radio.nix17
-rw-r--r--lass/2configs/realwallpaper.nix10
-rw-r--r--lass/2configs/tests/dummy-secrets/nordvpn.txt (renamed from nin/0tests/dummysecrets/ssh.id_ed25519)0
-rw-r--r--lass/2configs/websites/domsen.nix7
-rw-r--r--lass/2configs/websites/fritz.nix70
-rw-r--r--lass/2configs/websites/lassulus.nix16
-rw-r--r--lass/2configs/websites/sqlBackup.nix1
-rw-r--r--lass/3modules/ejabberd/config.nix5
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix31
-rw-r--r--lass/5pkgs/emot-menu/default.nix31
-rw-r--r--lass/5pkgs/fzfmenu/default.nix45
-rw-r--r--lass/krops.nix17
-rw-r--r--lib/default.nix23
-rw-r--r--lib/types.nix6
-rw-r--r--makefu/0tests/data/secrets/hass/darksky.apikey0
-rw-r--r--makefu/1systems/gum/config.nix136
-rw-r--r--makefu/1systems/gum/hardware-config.nix77
-rw-r--r--makefu/1systems/gum/rescue.txt11
-rw-r--r--makefu/1systems/gum/source.nix2
-rw-r--r--makefu/1systems/nextgum/config.nix253
-rw-r--r--makefu/1systems/nextgum/hardware-config.nix99
-rw-r--r--makefu/1systems/nextgum/source.nix5
-rw-r--r--makefu/1systems/nextgum/transfer-config.nix7
-rw-r--r--makefu/1systems/omo/config.nix54
-rw-r--r--makefu/1systems/wbob/config.nix37
-rw-r--r--makefu/1systems/x/config.nix28
-rw-r--r--makefu/2configs/backup.nix52
-rw-r--r--makefu/2configs/backup/server.nix11
-rw-r--r--makefu/2configs/backup/ssh/gum.pub1
-rw-r--r--makefu/2configs/backup/ssh/nextgum.pub1
-rw-r--r--makefu/2configs/backup/ssh/omo.pub1
-rw-r--r--makefu/2configs/backup/ssh/x.pub1
-rw-r--r--makefu/2configs/backup/state.nix25
-rw-r--r--makefu/2configs/bepasty-dual.nix5
-rw-r--r--makefu/2configs/bluetooth-mpd.nix2
-rw-r--r--makefu/2configs/dcpp/airdcpp.nix3
-rw-r--r--makefu/2configs/deployment/bureautomation/hass.nix159
-rw-r--r--makefu/2configs/deployment/bureautomation/home.nix67
-rw-r--r--makefu/2configs/deployment/bureautomation/mpd.nix9
-rw-r--r--makefu/2configs/deployment/graphs.nix5
-rw-r--r--makefu/2configs/deployment/homeautomation/default.nix177
-rw-r--r--makefu/2configs/fetchWallpaper.nix2
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix1
-rw-r--r--makefu/2configs/gui/base.nix4
-rw-r--r--makefu/2configs/gui/wbob-kiosk.nix32
-rw-r--r--makefu/2configs/home-manager/cli.nix8
-rw-r--r--makefu/2configs/home-manager/default.nix3
-rw-r--r--makefu/2configs/home-manager/desktop.nix52
-rw-r--r--makefu/2configs/home-manager/mail.nix3
-rw-r--r--makefu/2configs/hw/bluetooth.nix5
-rw-r--r--makefu/2configs/hw/network-manager.nix3
-rw-r--r--makefu/2configs/hw/smartcard.nix7
-rw-r--r--makefu/2configs/hw/switch.nix10
-rw-r--r--makefu/2configs/laptop-backup.nix12
-rw-r--r--makefu/2configs/nginx/download.binaergewitter.de.nix25
-rw-r--r--makefu/2configs/nginx/euer.blog.nix1
-rw-r--r--makefu/2configs/nginx/euer.wiki.nix1
-rw-r--r--makefu/2configs/printer.nix10
-rw-r--r--makefu/2configs/rtorrent.nix19
-rw-r--r--makefu/2configs/shack/events-publisher/default.nix (renamed from makefu/2configs/deployment/events-publisher/default.nix)4
-rw-r--r--makefu/2configs/shack/gitlab-runner/default.nix31
-rw-r--r--makefu/2configs/stats/arafetch.nix2
-rw-r--r--makefu/2configs/taskd.nix11
-rw-r--r--makefu/2configs/tools/android-pentest.nix2
-rw-r--r--makefu/2configs/tools/desktop.nix2
-rw-r--r--makefu/2configs/tools/extra-gui.nix1
-rw-r--r--makefu/2configs/tools/media.nix4
-rw-r--r--makefu/2configs/tools/mobility.nix2
-rw-r--r--makefu/2configs/tools/secrets.nix2
-rw-r--r--makefu/2configs/torrent.nix20
-rw-r--r--makefu/2configs/virtualisation/virtualbox.nix21
-rw-r--r--makefu/5pkgs/_4nxci/default.nix (renamed from makefu/5pkgs/4nxci/default.nix)44
-rw-r--r--makefu/5pkgs/awesomecfg/full.cfg6
-rw-r--r--makefu/5pkgs/cozy-audiobooks/default.nix95
-rw-r--r--makefu/5pkgs/custom/inkscape/dxf_fix.patch12
-rw-r--r--makefu/5pkgs/default.nix3
-rw-r--r--makefu/5pkgs/esniper/default.nix32
-rw-r--r--makefu/5pkgs/esniper/find-ca-bundle.patch26
-rw-r--r--makefu/5pkgs/ifdnfc/default.nix45
-rw-r--r--makefu/5pkgs/jd-gui/default.nix36
-rw-r--r--makefu/5pkgs/mcomix/default.nix24
-rw-r--r--makefu/5pkgs/ns-atmosphere-programmer/default.nix36
-rw-r--r--makefu/5pkgs/switch-launcher/default.nix24
-rw-r--r--makefu/5pkgs/targetcli/default.nix64
-rw-r--r--makefu/5pkgs/zj-58/default.nix30
-rw-r--r--makefu/krops.nix14
-rw-r--r--makefu/nixpkgs.json8
-rw-r--r--nin/0tests/dummysecrets/hashedPasswords.nix1
-rw-r--r--nin/1systems/axon/config.nix132
-rw-r--r--nin/1systems/hiawatha/config.nix126
-rw-r--r--nin/1systems/onondaga/config.nix23
-rw-r--r--nin/2configs/ableton.nix20
-rw-r--r--nin/2configs/copyq.nix38
-rw-r--r--nin/2configs/default.nix173
-rw-r--r--nin/2configs/games.nix69
-rw-r--r--nin/2configs/git.nix60
-rw-r--r--nin/2configs/im.nix19
-rw-r--r--nin/2configs/retiolum.nix28
-rw-r--r--nin/2configs/skype.nix27
-rw-r--r--nin/2configs/termite.nix22
-rw-r--r--nin/2configs/vim.nix355
-rw-r--r--nin/2configs/weechat.nix21
-rw-r--r--nin/default.nix7
-rw-r--r--nin/krops.nix36
m---------submodules/krops0
-rw-r--r--tv/1systems/mu/config.nix13
-rw-r--r--tv/1systems/querel/config.nix3
-rw-r--r--tv/2configs/bash/default.nix22
-rw-r--r--tv/2configs/default.nix5
-rw-r--r--tv/2configs/gitrepos.nix1
-rw-r--r--tv/2configs/pulse.nix2
-rw-r--r--tv/2configs/urlwatch.nix5
-rw-r--r--tv/2configs/vim.nix83
-rw-r--r--tv/2configs/xp-332.nix4
-rw-r--r--tv/2configs/xserver/Xresources.nix5
-rw-r--r--tv/2configs/xserver/default.nix37
-rw-r--r--tv/3modules/default.nix2
-rw-r--r--tv/3modules/dnsmasq.nix57
-rw-r--r--tv/3modules/ejabberd/config.nix1
-rw-r--r--tv/3modules/slock.nix71
-rw-r--r--tv/5pkgs/haskell/default.nix20
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/default.nix15
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/shell.nix78
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs15
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/src/Paths.hs25
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/src/main.hs206
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal25
-rw-r--r--tv/5pkgs/simple/default.nix8
-rw-r--r--tv/5pkgs/simple/disko.nix13
-rwxr-xr-xtv/5pkgs/simple/fzmenu/bin/otpmenu41
-rwxr-xr-xtv/5pkgs/simple/fzmenu/bin/passmenu41
-rw-r--r--tv/5pkgs/simple/fzmenu/default.nix34
-rw-r--r--tv/5pkgs/simple/hc.nix37
-rw-r--r--tv/5pkgs/simple/otpmenu.nix15
-rw-r--r--tv/5pkgs/simple/q/default.nix6
-rw-r--r--tv/5pkgs/simple/xmonad-tv/default.nix295
-rw-r--r--tv/default.nix10
-rw-r--r--tv/krops.nix2
196 files changed, 3038 insertions, 3504 deletions
diff --git a/ci.nix b/ci.nix
index 6f4b89b08..a383a0631 100644
--- a/ci.nix
+++ b/ci.nix
@@ -1,4 +1,4 @@
-# usage: nix-instantiate --eval --strict --json ./ci.nix
+# usage: nix-instantiate --eval --json --read-write-mode --strict ci.nix | jq .
with import ./lib;
let
pkgs = import <nixpkgs> { overlays = [ (import ./submodules/nix-writers/pkgs) ]; };
@@ -16,6 +16,6 @@ let
ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
build = host: owner:
- ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build/${host}";});
+ ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-tmp";});
in mapAttrs (n: h: build n h.owner.name) ci-systems
diff --git a/default.nix b/default.nix
index 5ae8e399e..9368dcd9e 100644
--- a/default.nix
+++ b/default.nix
@@ -1,19 +1,12 @@
-import <nixpkgs/nixos/lib/eval-config.nix> {
- modules = [
- (import <nixpkgs/nixos/lib/from-env.nix> "NIXOS_CONFIG" <nixos-config>)
- ];
-}
-//
-{
+import <nixpkgs/nixos> {} // rec {
lib = import ./lib;
- systems = with import ./lib; let
- ns = getEnv "LOGNAME";
+ systems = with lib; let
+ namespace = getEnv "LOGNAME";
+ systemsDir = <stockholm> + "/${namespace}/1systems";
in
genAttrs
- (attrNames (filterAttrs (_: eq "directory") (readDir (<stockholm> + "/${ns}/1systems"))))
- (name: let
- config = import (<stockholm> + "/${ns}/1systems/${name}/config.nix");
- in import <nixpkgs/nixos/lib/eval-config.nix> {
- modules = [ config ];
+ (attrNames (filterAttrs (_: eq "directory") (readDir systemsDir)))
+ (name: import <nixpkgs/nixos> {
+ configuration = import (systemsDir + "/${name}/config.nix");
});
}
diff --git a/jeschli/5pkgs/simple/default.nix b/jeschli/5pkgs/simple/default.nix
index 1b9d8c235..6ba4fec83 100644
--- a/jeschli/5pkgs/simple/default.nix
+++ b/jeschli/5pkgs/simple/default.nix
@@ -15,10 +15,4 @@ let
else override;
in
- listToAttrs
- (map
- (name: nameValuePair (removeSuffix ".nix" name)
- (callPackage (./. + "/${name}") {}))
- (filter
- (name: name != "default.nix" && !hasPrefix "." name)
- (attrNames (readDir ./.))))
+ mapNixDir (path: callPackage path {}) ./.
diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
index 4ebd98f09..827c77b77 100644
--- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
+++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
@@ -24,8 +24,9 @@ import Control.Monad.Extra (whenJustM)
import Graphics.X11.ExtraTypes.XF86
import Text.Read (readEither)
import XMonad
-import System.IO (hPutStrLn, stderr)
import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv)
+import System.Exit (exitFailure)
+import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
, removeEmptyWorkspace)
@@ -66,12 +67,14 @@ myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
main :: IO ()
main = getArgs >>= \case
- ["--shutdown"] -> sendShutdownEvent
- _ -> mainNoArgs
+ [] -> mainNoArgs
+ ["--shutdown"] -> shutdown
+ args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure
mainNoArgs :: IO ()
mainNoArgs = do
workspaces0 <- getWorkspaces0
+ handleShutdownEvent <- newShutdownEventHandler
xmonad
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
-- urgencyConfig { remindWhen = Every 1 }
diff --git a/jeschli/krops.nix b/jeschli/krops.nix
index d45d57c63..989abcdd0 100644
--- a/jeschli/krops.nix
+++ b/jeschli/krops.nix
@@ -6,7 +6,7 @@
;
source = { test }: lib.evalSource [
- krebs-source
+ (krebs-source { test = test; })
{
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
secrets = if test then {
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 0a848426c..cf72e0d73 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -10,7 +10,6 @@
<stockholm/krebs/2configs>
<stockholm/krebs/2configs/buildbot-stockholm.nix>
- <stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/reaktor-retiolum.nix>
diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix
new file mode 100644
index 000000000..056667d8c
--- /dev/null
+++ b/krebs/2configs/cache.nsupdate.info.nix
@@ -0,0 +1,33 @@
+{lib, ... }:
+with lib;
+let
+ domain = "cache.nsupdate.info";
+in {
+ # This only works for a single domain for nsupdate.info as multiple usernames
+ # and passwords are required for multiple domains
+ services.ddclient = {
+ enable = true;
+ server = "ipv4.nsupdate.info";
+ username = domain;
+ password = import ((toString <secrets>) + "/nsupdate-cache.nix");
+ domains = [ domain ];
+ use= "if, if=et0";
+ # use = "web, web=http://ipv4.nsupdate.info/myip";
+
+ };
+ krebs.cachecache = {
+ enable = true;
+ enableSSL = false; # disable letsencrypt for testing
+ cacheDir = "/var/cache/nix-cache-cache";
+ maxSize = "10g";
+
+ # assumes that the domain is reachable from the internet
+ virtualHost = domain;
+ };
+
+ boot.kernelModules = [ "tcp_bbr" ];
+
+ boot.kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr";
+ boot.kernel.sysctl."net.core.default_qdisc" = "fq";
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 962dbf49c..65972aacc 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -5,7 +5,7 @@
6667 6669
];
- services.charybdis = {
+ krebs.charybdis = {
enable = true;
motd = ''
hello
diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix
index 1633840f7..56fb31795 100644
--- a/krebs/3modules/airdcpp.nix
+++ b/krebs/3modules/airdcpp.nix
@@ -243,7 +243,7 @@ let
in {
systemd.services.airdcpp = {
description = "airdcpp webui";
- after = [ "network.target" ];
+ after = [ "network.target" "local-fs.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
serviceConfig = {
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index 209dbe980..8995753ac 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -362,7 +362,7 @@ let
# normally we should write buildbot.tac by our own
# ${pkgs.buildbot-classic}/bin/buildbot upgrade-master ${workdir}
- chmod 700 -R ${workdir}
+ chmod 700 ${workdir}
chown buildbotMaster:buildbotMaster -R ${workdir}
'';
ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start --nodaemon ${workdir}";
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index 544f9c4e0..c15169fba 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -166,7 +166,7 @@ let
echo ${description} > ${workdir}/info/host
chown buildbotSlave:buildbotSlave -R ${workdir}
- chmod 700 -R ${workdir}
+ chmod 700 ${workdir}
'';
ExecStart = "${pkgs.buildbot-classic-slave}/bin/buildslave start ${workdir}";
ExecStop = "${pkgs.buildbot-classic-slave}/bin/buildslave stop ${workdir}";
diff --git a/krebs/3modules/cachecache.nix b/krebs/3modules/cachecache.nix
new file mode 100644
index 000000000..989320480
--- /dev/null
+++ b/krebs/3modules/cachecache.nix
@@ -0,0 +1,171 @@
+{ config, lib, ... }:
+
+
+# fork of https://gist.github.com/rycee/f495fc6cc4130f155e8b670609a1e57b
+# related: https://github.com/nh2/nix-binary-cache-proxy
+
+with lib;
+
+let
+
+ cfg = config.krebs.cachecache;
+
+ nginxCfg = config.services.nginx;
+
+ cacheFallbackConfig = {
+ proxyPass = "$upstream_endpoint";
+ extraConfig = ''
+ # Default is HTTP/1, keepalive is only enabled in HTTP/1.1.
+ proxy_http_version 1.1;
+
+ # Remove the Connection header if the client sends it, it could
+ # be "close" to close a keepalive connection
+ proxy_set_header Connection "";
+
+ # Needed for CloudFront.
+ proxy_ssl_server_name on;
+
+ proxy_set_header Host $proxy_host;
+ proxy_cache nix_cache_cache;
+ proxy_cache_valid 200 302 60m;
+ proxy_cache_valid 404 1m;
+
+ expires max;
+ add_header Cache-Control $nix_cache_cache_header always;
+ '';
+ };
+
+in
+
+{
+ options = {
+ krebs.cachecache = {
+ enable = mkEnableOption "Nix binary cache cache";
+
+ virtualHost = mkOption {
+ type = types.str;
+ default = "nix-cache";
+ description = ''
+ Name of the nginx virtualhost to use and setup. If null, do
+ not setup any virtualhost.
+ '';
+ };
+ enableSSL = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ enable SSL via letsencrypt. Requires working dns resolution and open
+ internet tls port.
+ '';
+ };
+
+ # webRoot = mkOption {
+ # type = types.str;
+ # default = "/";
+ # description = ''
+ # Directory on virtual host that serves the cache. Must end in
+ # <literal>/</literal>.
+ # '';
+ # };
+
+ resolver = mkOption {
+ type = types.str;
+ description = "Address of DNS resolver.";
+ default = "8.8.8.8 ipv6=off";
+ example = "127.0.0.1 ipv6=off";
+ };
+
+ cacheDir = mkOption {
+ type = types.str;
+ default = "/var/cache/nix-cache-cache";
+ description = ''
+ Where nginx should store cached data.
+ '';
+ };
+
+ maxSize = mkOption {
+ type = types.str;
+ default = "50g";
+ description = "Maximum cache size.";
+ };
+ };
+ };
+
+ config = mkIf cfg.enable {
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+
+ systemd.services.nginx.preStart = ''
+ mkdir -p ${cfg.cacheDir} /srv/www/nix-cache-cache
+ chmod 700 ${cfg.cacheDir} /srv/www/nix-cache-cache
+ chown ${nginxCfg.user}:${nginxCfg.group} \
+ ${cfg.cacheDir} /srv/www/nix-cache-cache
+ '';
+
+ services.nginx = {
+ enable = true;
+
+ appendHttpConfig = ''
+ proxy_cache_path ${cfg.cacheDir}
+ levels=1:2
+ keys_zone=nix_cache_cache:100m
+ max_size=${cfg.maxSize}
+ inactive=365d
+ use_temp_path=off;
+
+ # Cache only success status codes; in particular we don't want
+ # to cache 404s. See https://serverfault.com/a/690258/128321.
+ map $status $nix_cache_cache_header {
+ 200 "public";
+ 302 "public";
+ default "no-cache";
+ }
+ '';
+
+ virtualHosts.${cfg.virtualHost} = {
+ addSSL = cfg.enableSSL;
+ enableACME = cfg.enableSSL;
+ extraConfig = ''
+ # Using a variable for the upstream endpoint to ensure that it is
+ # resolved at runtime as opposed to once when the config file is loaded
+ # and then cached forever (we don't want that):
+ # see https://tenzer.dk/nginx-with-dynamic-upstreams/
+ # This fixes errors like
+ #
+ # nginx: [emerg] host not found in upstream "upstream.example.com"
+ #
+ # when the upstream host is not reachable for a short time when
+ # nginx is started.
+ resolver ${cfg.resolver} valid=10s;
+ set $upstream_endpoint https://cache.nixos.org;
+ '';
+
+ locations."/" =
+ {
+ root = "/srv/www/nix-cache-cache";
+ extraConfig = ''
+ expires max;
+ add_header Cache-Control $nix_cache_cache_header always;
+
+ # Ask the upstream server if a file isn't available
+ # locally.
+ error_page 404 = @fallback;
+
+ # Don't bother logging the above 404.
+ log_not_found off;
+ '';
+ };
+
+ locations."@fallback" = cacheFallbackConfig;
+
+ # We always want to copy cache.nixos.org's nix-cache-info
+ # file, and ignore our own, because `nix-push` by default
+ # generates one without `Priority` field, and thus that file
+ # by default has priority 50 (compared to cache.nixos.org's
+ # `Priority: 40`), which will make download clients prefer
+ # `cache.nixos.org` over our binary cache.
+ locations."= /nix-cache-info" = cacheFallbackConfig;
+ };
+ };
+ };
+}
diff --git a/krebs/3modules/charybdis.nix b/krebs/3modules/charybdis.nix
new file mode 100644
index 000000000..f4a7c1313
--- /dev/null
+++ b/krebs/3modules/charybdis.nix
@@ -0,0 +1,110 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (lib) mkEnableOption mkIf mkOption singleton types;
+ inherit (pkgs) coreutils charybdis;
+ cfg = config.krebs.charybdis;
+
+ configFile = pkgs.writeText "charybdis.conf" ''
+ ${cfg.config}
+ '';
+in
+
+{
+
+ ###### interface
+
+ options = {
+
+ krebs.charybdis = {
+
+ enable = mkEnableOption "Charybdis IRC daemon";
+
+ config = mkOption {
+ type = types.string;
+ description = ''
+ Charybdis IRC daemon configuration file.
+ '';
+ };
+
+ statedir = mkOption {
+ type = types.string;
+ default = "/var/lib/charybdis";
+ description = ''
+ Location of the state directory of charybdis.
+ '';
+ };
+
+ user = mkOption {
+ type = types.string;
+ default = "ircd";
+ description = ''
+ Charybdis IRC daemon user.
+ '';
+ };
+
+ group = mkOption {
+ type = types.string;
+ default = "ircd";
+ description = ''
+ Charybdis IRC daemon group.
+ '';
+ };
+
+ motd = mkOption {
+ type = types.nullOr types.lines;
+ default = null;
+ description = ''
+ Charybdis MOTD text.
+
+ Charybdis will read its MOTD from /etc/charybdis/ircd.motd .
+ If set, the value of this option will be written to this path.
+ '';
+ };
+
+ };
+
+ };
+
+
+ ###### implementation
+
+ config = mkIf cfg.enable (lib.mkMerge [
+ {
+ users.users = singleton {
+ name = cfg.user;
+ description = "Charybdis IRC daemon user";
+ uid = config.ids.uids.ircd;
+ group = cfg.group;
+ };
+
+ users.groups = singleton {
+ name = cfg.group;
+ gid = config.ids.gids.ircd;
+ };
+
+ systemd.services.charybdis = {
+ description = "Charybdis IRC daemon";
+ wantedBy = [ "multi-user.target" ];
+ environment = {
+ BANDB_DBPATH = "${cfg.statedir}/ban.db";
+ };
+ serviceConfig = {
+ ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}";
+ Group = cfg.group;
+ User = cfg.user;
+ PermissionsStartOnly = true; # preStart needs to run with root permissions
+ };
+ preStart = ''
+ ${coreutils}/bin/mkdir -p ${cfg.statedir}
+ ${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir}
+ '';
+ };
+
+ }
+
+ (mkIf (cfg.motd != null) {
+ environment.etc."charybdis/ircd.motd".text = cfg.motd;
+ })
+ ]);
+}
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index 16c6d4315..a47dbe611 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -26,10 +26,19 @@ let
hostname = config.networking.hostName;
getJobs = pkgs.writeDash "get_jobs" ''
- nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null
- nix-instantiate --quiet -Q --eval --strict --json ./ci.nix
+ set -efu
+ ${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix >&2
+ json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)"
+ echo "$json" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \
+ | while read -r host builder; do
+ gcroot=${shell.escape profileRoot}/$host-builder
+ ${pkgs.nix}/bin/nix-env -p "$gcroot" --set "$builder"
+ done
+ echo "$json"
'';
+ profileRoot = "/nix/var/nix/profiles/ci";
+
imp = {
krebs.buildbot.master = {
slaves = {
@@ -98,9 +107,16 @@ let
self.addBuildSteps([steps.ShellCommand(
name=str(new_step),
command=[
- new_steps[new_step]
+ "${pkgs.writeDash "build-stepper.sh" ''
+ set -efu
+ profile=${shell.escape profileRoot}/$build_name
+ result=$("$build_script")
+ ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
+ ''}"
],
env={
+ "build_name": new_step,
+ "build_script": new_steps[new_step],
"NIX_REMOTE": "daemon",
"NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
},
@@ -163,6 +179,20 @@ let
password = "lasspass";
packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ];
};
+
+ system.activationScripts.buildbots-nix-profile = ''
+ ${pkgs.coreutils}/bin/mkdir -p ${shell.escape profileRoot}
+ ${pkgs.coreutils}/bin/chmod 0770 ${shell.escape profileRoot}
+ ${pkgs.coreutils}/bin/chgrp buildbots ${shell.escape profileRoot}
+ '';
+
+ users = {
+ groups.buildbots.gid = genid "buildbots";
+ users = {
+ buildbotMaster.extraGroups = [ "buildbots" ];
+ buildbotSlave.extraGroups = [ "buildbots" ];
+ };
+ };
};
in out
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 6307649e3..24cbd9cc9 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -14,6 +14,8 @@ let
./buildbot/master.nix
./buildbot/slave.nix
./build.nix
+ ./cachecache.nix
+ ./charybdis.nix
./ci.nix
./current.nix
./exim.nix
@@ -111,7 +113,6 @@ let
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; }
- { krebs = import ./nin { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
{
krebs.dns.providers = {
@@ -201,6 +202,7 @@ let
"cfp@eloop.org" = eloop-ml;
"kontakt@eloop.org" = eloop-ml;
"root@eloop.org" = eloop-ml;
+ "youtube@eloop.org" = eloop-ml;
"eloop2016@krebsco.de" = eloop-ml;
"eloop2017@krebsco.de" = eloop-ml;
"postmaster@krebsco.de" = spam-ml; # RFC 822
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index f67188122..5a5065565 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -38,11 +38,6 @@ let
'';
default = {};
};
- maxTime = mkOption {
- type = types.int;
- default = 0;
- description = "Time to wait before download is aborted";
- };
};
fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
@@ -51,8 +46,8 @@ let
mkdir -p ${cfg.stateDir}
chmod o+rx ${cfg.stateDir}
cd ${cfg.stateDir}
- (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || :
- feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
+ (curl -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || :
+ feh --no-fehbg --bg-scale wallpaper
'';
imp = {
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index e6db3aa42..3b626dc46 100644
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -57,7 +57,7 @@ let
user = rec {
name = "github-hosts-sync";
- uid = genid name;
+ uid = genid_uint31 name;
};
# TODO move to lib?
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 9b9f052a5..12345a20a 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -15,8 +15,9 @@ with import <stockholm/lib>;
cores = 4;
extraZones = {
"krebsco.de" = ''
- prism IN A ${nets.internet.ip4.addr}
+ cache IN A ${nets.internet.ip4.addr}
paste IN A ${nets.internet.ip4.addr}
+ prism IN A ${nets.internet.ip4.addr}
'';
"lassul.us" = ''
$TTL 3600
@@ -27,12 +28,13 @@ with import <stockholm/lib>;
60 IN TXT v=spf1 mx a:lassul.us -all
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
+ cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
io 60 IN NS ions.lassul.us.
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
@@ -642,47 +644,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
};
- cabal = {
- cores = 2;
- nets = rec {
- retiolum = {
- ip4.addr = "10.243.1.4";
- ip6.addr = "42::1:4";
- aliases = [
- "cabal.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A
- SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj
- rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK
- qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e
- LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq
- rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3
- 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE
- fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v
- yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A
- kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR
- KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi
- TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U
- oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs
- TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw
- 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD
- rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ
- 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf
- luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py
- w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG
- 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1
- K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g
- ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- secure = true;
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
- };
red = {
monitoring = false;
cores = 1;
@@ -714,6 +675,36 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
};
+ yellow = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.14";
+ ip6.addr = "42:0:0:0:0:0:0:14";
+ aliases = [
+ "yellow.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP
+ MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY
+ b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU
+ Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd
+ OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP
+ vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6
+ C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp
+ Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU
+ 52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg
+ zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p
+ DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ
+ Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje ";
+ };
blue = {
cores = 1;
nets = {
@@ -787,9 +778,6 @@ with import <stockholm/lib>;
mail = "lass@daedalus.r";
pubkey = builtins.readFile ./ssh/daedalus.rsa;
};
- fritz = {
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
- };
prism-repo-sync = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe";
mail = "lass@prism.r";
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index e2152ea1a..188fbc461 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -60,7 +60,7 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi";
};
drop = rec {
- ci = true;
+ ci = false;
cores = 1;
nets = {
retiolum = {
@@ -83,7 +83,7 @@ in {
};
};
studio = rec {
- ci = true;
+ ci = false;
cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
@@ -109,7 +109,7 @@ in {
};
fileleech = rec {
- ci = true;
+ ci = false;
cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
@@ -134,7 +134,7 @@ in {
};
};
latte = rec {
- ci = true;
+ ci = false;
cores = 1;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
# ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
@@ -166,7 +166,7 @@ in {
};
pnp = {
- ci = true;
+ ci = false;
cores = 1;
nets = {
retiolum = {
@@ -190,7 +190,7 @@ in {
};
};
darth = {
- ci = true;
+ ci = false;
cores = 4;
nets = {
retiolum = {
@@ -404,7 +404,7 @@ in {
};
};
wry = rec {
- ci = true;
+ ci = false;
cores = 1;
extraZones = {
"krebsco.de" = ''
@@ -449,7 +449,7 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry";
};
filepimp = rec {
- ci = true;
+ ci = false;
cores = 1;
nets = {
lan = {
@@ -494,6 +494,8 @@ in {
ip6.addr = "42:f9f0::10";
aliases = [
"omo.r"
+ "dcpp.omo.r"
+ "torrent.omo.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -554,7 +556,7 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
};
- nextgum = rec {
+ gum = rec {
ci = true;
extraZones = {
"krebsco.de" = ''
@@ -563,6 +565,23 @@ in {
graph IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
iso.euer IN A ${nets.internet.ip4.addr}
+ wg.euer IN A ${nets.internet.ip4.addr}
+ photostore IN A ${nets.internet.ip4.addr}
+ o.euer IN A ${nets.internet.ip4.addr}
+ mon.euer IN A ${nets.internet.ip4.addr}
+ boot.euer IN A ${nets.internet.ip4.addr}
+ wiki.euer IN A ${nets.internet.ip4.addr}
+ pigstarter IN A ${nets.internet.ip4.addr}
+ cgit.euer IN A ${nets.internet.ip4.addr}
+ git.euer IN A ${nets.internet.ip4.addr}
+ euer IN A ${nets.internet.ip4.addr}
+ share.euer IN A ${nets.internet.ip4.addr}
+ gum IN A ${nets.internet.ip4.addr}
+ wikisearch IN A ${nets.internet.ip4.addr}
+ dl.euer IN A ${nets.internet.ip4.addr}
+ ghook IN A ${nets.internet.ip4.addr}
+ dockerhub IN A ${nets.internet.ip4.addr}
+ io IN NS gum.krebsco.de.
'';
};
cores = 8;
@@ -571,6 +590,7 @@ in {
ip4.addr = "144.76.26.247";
ip6.addr = "2a01:4f8:191:12f6::2";
aliases = [
+ "gum.i"
"nextgum.i"
];
};
@@ -594,71 +614,17 @@ in {
"stats.makefu.r"
"backup.makefu.r"
"dcpp.nextgum.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8
- aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO
- npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh
- 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF
- 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN
- VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
- };
-
- gum = rec {
- ci = true;
- cores = 2;
-
- extraZones = {
- "krebsco.de" = ''
- share.euer IN A ${nets.internet.ip4.addr}
- mattermost.euer IN A ${nets.internet.ip4.addr}
- gum IN A ${nets.internet.ip4.addr}
- wikisearch IN A ${nets.internet.ip4.addr}
- pigstarter IN A ${nets.internet.ip4.addr}
- cgit.euer IN A ${nets.internet.ip4.addr}
- euer IN A ${nets.internet.ip4.addr}
- o.euer IN A ${nets.internet.ip4.addr}
- git.euer IN A ${nets.internet.ip4.addr}
- dl.euer IN A ${nets.internet.ip4.addr}
- boot.euer IN A ${nets.internet.ip4.addr}
- wiki.euer IN A ${nets.internet.ip4.addr}
- mon.euer IN A ${nets.internet.ip4.addr}
- ghook IN A ${nets.internet.ip4.addr}
- dockerhub IN A ${nets.internet.ip4.addr}
- photostore IN A ${nets.internet.ip4.addr}
- io IN NS gum.krebsco.de.
- '';
- };
- nets = rec {
- internet = {
- ip4.addr = "185.194.143.140";
- ip6.addr = "2a03:4000:1c:43f::1";
- aliases = [
- "gum.i"
- ];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.0.211";
- ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
- aliases = [
"gum.r"
"cgit.gum.r"
"o.gum.r"
"tracker.makefu.r"
-
"search.makefu.r"
"wiki.makefu.r"
"wiki.gum.r"
"blog.makefu.r"
"blog.gum.r"
"dcpp.gum.r"
+ "torrent.gum.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -672,12 +638,11 @@ in {
'';
};
};
- # configured manually
- # ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
+
shoney = rec {
- ci = true;
+ ci = false;
cores = 1;
nets = rec {
siem = {
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
deleted file mode 100644
index 1531a2c89..000000000
--- a/krebs/3modules/nin/default.nix
+++ /dev/null
@@ -1,111 +0,0 @@
-{ config, ... }:
-
-with import <stockholm/lib>;
-
-{
- hosts = mapAttrs (_: recursiveUpdate {
- owner = config.krebs.users.nin;
- ci = true;
- }) {
- hiawatha = {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.132.96";
- ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
- aliases = [
- "hiawatha.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
- Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
- iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
- UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
- lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
- yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
- };
- axon= {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.134.66";
- ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
- aliases = [
- "axon.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
- glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
- KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
- L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
- VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
- PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
- X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
- m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
- OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
- LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
- /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
- MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
- 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
- ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
- 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
- 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
- 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
- FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
- buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
- hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
- yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
- ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
- };
- onondaga = {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.132.55";
- ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
- aliases = [
- "onondaga.r"
- "cgit.onondaga.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR
- OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu
- htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH
- xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO
- kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn
- hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO";
- };
-
- };
- users = {
- nin = {
- mail = "nin@axon.r";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
- };
- nin_h = {
- mail = "nin@hiawatha.r";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
- };
- };
-}
diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix
index 044811c7d..cb940efef 100644
--- a/krebs/3modules/realwallpaper.nix
+++ b/krebs/3modules/realwallpaper.nix
@@ -77,7 +77,190 @@ let
serviceConfig = {
Type = "simple";
- ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh";
+ ExecStart = pkgs.writeDash "generate-wallpaper" ''
+ set -xeuf
+
+ # usage: getimg FILENAME URL
+ fetch() {
+ echo "fetch $1"
+ curl -LsS -z "$1" -o "$1" "$2"
+ }
+
+ # usage: check_type FILENAME TYPE
+ check_type() {
+ if ! file -ib "$1" | grep -q "^$2/"; then
+ echo "$1 is not of type $2" >&2
+ rm "$1"
+ return 1
+ fi
+ }
+
+ # usage: image_size FILENAME
+ image_size() {
+ identify "$1" | awk '{print$3}'
+ }
+
+ # usage: make_mask DST SRC MASK
+ make_layer() {
+ if needs_rebuild "$@"; then
+ echo "make $1 (apply mask)" >&2
+ convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1"
+ fi
+ }
+
+ # usage: flatten DST HILAYER LOLAYER
+ flatten() {
+ if needs_rebuild "$@"; then
+ echo "make $1 (flatten)" >&2
+ composite "$2" "$3" "$1"
+ fi
+ }
+
+ # usage: needs_rebuild DST SRC...
+ needs_rebuild() {
+ a="$1"
+ shift
+ if ! test -e "$a"; then
+ #echo " $a does not exist" >&2
+ result=0
+ else
+ result=1
+ for b; do
+ if test "$b" -nt "$a"; then
+ #echo " $b is newer than $a" >&2
+ result=0
+ fi
+ done
+ fi
+ #case $result in
+ # 0) echo "$a needs rebuild" >&2;;
+ #esac
+ return $result
+ }
+
+ main() {
+ cd ${cfg.workingDir}
+
+ # fetch source images in parallel
+ fetch nightmap-raw.jpg \
+ ${cfg.nightmap} &
+ fetch daymap-raw.png \
+ ${cfg.daymap} &
+ fetch clouds-raw.jpg \
+ ${cfg.cloudmap} &
+ fetch marker.json \
+ ${cfg.marker} &
+ wait
+
+ check_type nightmap-raw.jpg image
+ check_type daymap-raw.png image
+ check_type clouds-raw.jpg image
+
+ in_size=2048x1024
+ xplanet_out_size=1466x1200
+ out_geometry=1366x768+100+160
+
+ nightsnow_color='#0c1a49' # nightmap
+
+ for raw in \
+ nightmap-raw.jpg \
+ daymap-raw.png \
+ clouds-raw.jpg \
+ ;
+ do
+ normal=''${raw%-raw.*}.png
+ if needs_rebuild $normal $raw; then
+ echo "make $normal; normalize $raw" >&2
+ convert $raw -scale $in_size $normal
+ fi
+ done
+
+ # create nightmap-fullsnow
+ if needs_rebuild nightmap-fullsnow.png; then
+ convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png
+ fi
+
+ # extract daymap-snowmask from daymap-final
+ if needs_rebuild daymap-snowmask.png daymap.png; then
+ convert daymap.png -threshold 95% daymap-snowmask.png
+ fi
+
+ # extract nightmap-lightmask from nightmap
+ if needs_rebuild nightmap-lightmask.png nightmap.png; then
+ convert nightmap.png -threshold 25% nightmap-lightmask.png
+ fi
+
+ # create layers
+ make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png
+ make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png
+
+ # apply layers
+ flatten nightmap-lightsnowlayer.png \
+ nightmap-lightlayer.png \
+ nightmap-snowlayer.png
+
+ flatten nightmap-final.png \
+ nightmap-lightsnowlayer.png \
+ nightmap.png
+
+ # create marker file from json
+ if [ -s marker.json ]; then
+ jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file
+ fi
+
+ # make all unmodified files as final
+ for normal in \
+ daymap.png \
+ clouds.png \
+ ;
+ do
+ final=''${normal%.png}-final.png
+ needs_rebuild $final &&
+ ln $normal $final
+ done
+
+ # rebuild every time to update shadow
+ xplanet --num_times 1 --geometry $xplanet_out_size \
+ --output xplanet-output.png --projection merc \
+ -config ${pkgs.writeText "xplanet.config" ''
+ [earth]
+ "Earth"
+ map=daymap-final.png
+ night_map=nightmap-final.png
+ cloud_map=clouds-final.png
+ cloud_threshold=10
+ shade=15
+ ''}
+
+ xplanet --num_times 1 --geometry $xplanet_out_size \
+ --output xplanet-krebs-output.png --projection merc \
+ -config ${pkgs.writeText "xplanet-krebs.config" ''
+ [earth]
+ "Earth"
+ map=daymap-final.png
+ night_map=nightmap-final.png
+ cloud_map=clouds-final.png
+ cloud_threshold=10
+ marker_file=marker_file
+ shade=15
+ ''}
+
+ # trim xplanet output
+ if needs_rebuild realwallpaper.png xplanet-output.png; then
+ convert xplanet-output.png -crop $out_geometry \
+ realwallpaper-tmp.png
+ mv realwallpaper-tmp.png realwallpaper.png
+ fi
+
+ if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then
+ convert xplanet-krebs-output.png -crop $out_geometry \
+ realwallpaper-krebs-tmp.png
+ mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png
+ fi
+ }
+
+ main "$@"
+ '';
User = "realwallpaper";
};
};
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index b032f3148..ecd449b09 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -75,6 +75,7 @@ let
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname}
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname}
''}
+ ${tinc.config.tincUpExtra}
'';
description = ''
tinc-up script to be used. Defaults to setting the
@@ -83,6 +84,11 @@ let
'';
};
+ tincUpExtra = mkOption {
+ type = types.str;
+ default = "";
+ };
+
tincPackage = mkOption {
type = types.package;
default = pkgs.tinc;
diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix
index 463fa26ba..0cec1a2d3 100644
--- a/krebs/3modules/urlwatch.nix
+++ b/krebs/3modules/urlwatch.nix
@@ -183,7 +183,7 @@ let
user = rec {
name = "urlwatch";
- uid = genid name;
+ uid = genid_uint31 name;
};
subtypes.job = types.submodule {
diff --git a/krebs/5pkgs/haskell/default.nix b/krebs/5pkgs/haskell/default.nix
index 7cdf65ea5..e824699f9 100644
--- a/krebs/5pkgs/haskell/default.nix
+++ b/krebs/5pkgs/haskell/default.nix
@@ -1,13 +1,6 @@
with import <stockholm/lib>;
let
- overrides = self: super:
- listToAttrs
- (map
- (name: nameValuePair (removeSuffix ".nix" name)
- (self.callPackage (./. + "/${name}") {}))
- (filter
- (name: name != "default.nix" && !hasPrefix "." name)
- (attrNames (readDir ./.))));
+ overrides = self: super: mapNixDir (path: self.callPackage path {}) ./.;
in
self: super:
{
diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix
index 4e06a825f..228d365a3 100644
--- a/krebs/5pkgs/haskell/xmonad-stockholm.nix
+++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix
@@ -1,17 +1,16 @@
-{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xft, X11-xshape
-, xmonad, xmonad-contrib
+{ mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft
+, X11-xshape, xmonad, xmonad-contrib
}:
mkDerivation rec {
pname = "xmonad-stockholm";
- version = "1.2.0";
-# src = /home/jeschli/projects/haskell/xmonad-stockholm;
+ version = "1.3.0";
src = fetchgit {
url = http://cgit.ni.krebsco.de/xmonad-stockholm;
- rev = "refs/tags/v${version}";
- sha256 = "13mvmh3kk9a79l1nii028p0n7l95pb78wz9c4j42l90m02mg6cis";
+ rev = "refs/tags/v1.3.0";
+ sha256 = "1np5126wn67y0a1r60rnkq828s0w9zjnvai4b8zy3yc02xlkrjm9";
};
libraryHaskellDepends = [
- base containers X11 X11-xft X11-xshape xmonad xmonad-contrib
+ base containers filepath unix X11 X11-xft X11-xshape xmonad xmonad-contrib
];
license = stdenv.lib.licenses.mit;
}
diff --git a/krebs/5pkgs/simple/default.nix b/krebs/5pkgs/simple/default.nix
index 1b9d8c235..6ba4fec83 100644
--- a/krebs/5pkgs/simple/default.nix
+++ b/krebs/5pkgs/simple/default.nix
@@ -15,10 +15,4 @@ let
else override;
in
- listToAttrs
- (map
- (name: nameValuePair (removeSuffix ".nix" name)
- (callPackage (./. + "/${name}") {}))
- (filter
- (name: name != "default.nix" && !hasPrefix "." name)
- (attrNames (readDir ./.))))
+ mapNixDir (path: callPackage path {}) ./.
diff --git a/krebs/5pkgs/simple/ejabberd/default.nix b/krebs/5pkgs/simple/ejabberd/default.nix
deleted file mode 100644
index b4ab13b43..000000000
--- a/krebs/5pkgs/simple/ejabberd/default.nix
+++ /dev/null
@@ -1,122 +0,0 @@
-{ stdenv, writeScriptBin, lib, fetchurl, git, cacert
-, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd
-, withMysql ? false
-, withPgsql ? false
-, withSqlite ? false, sqlite
-, withPam ? false, pam
-, withZlib ? true, zlib
-, withRiak ? false
-, withElixir ? false, elixir
-, withIconv ? true
-, withTools ? false
-, withRedis ? false
-}:
-
-let
- fakegit = writeScriptBin "git" ''
- #! ${stdenv.shell} -e
- if [ "$1" = "describe" ]; then
- [ -r .rev ] && cat .rev || true
- fi
- '';
-
- ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ];
-
-in stdenv.mkDerivation rec {
- version = "18.01";
- name = "ejabberd-${version}";
-
- src = fetchurl {
- url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz";
- sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6";
- };
-
- nativeBuildInputs = [ fakegit ];
-
- buildInputs = [ erlang openssl expat libyaml gd ]
- ++ lib.optional withSqlite sqlite
- ++ lib.optional withPam pam
- ++ lib.optional withZlib zlib
- ++ lib.optional withElixir elixir
- ;
-
- # Apparently needed for Elixir
- LANG = "en_US.UTF-8";
-
- deps = stdenv.mkDerivation {
- name = "ejabberd-deps-${version}";
-
- inherit src;
-
- configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ];
-
- nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ];
-
- GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
-
- makeFlags = [ "deps" ];
-
- phases = [ "unpackPhase" "configurePhase" "buildPhase" "installPhase" ];
-
- installPhase = ''
- for i in deps/*; do
- ( cd $i
- git reset --hard
- git clean -ffdx
- git describe --always --tags > .rev
- rm -rf .git
- )
- done
- rm deps/.got
-
- cp -r deps $out
- '';
-
- outputHashMode = "recursive";
- outputHashAlgo = "sha256";
- outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk";
- };
-
- configureFlags =
- [ (lib.enableFeature withMysql "mysql")
- (lib.enableFeature withPgsql "pgsql")
- (lib.enableFeature withSqlite "sqlite")
- (lib.enableFeature withPam "pam")
- (lib.enableFeature withZlib "zlib")
- (lib.enableFeature withRiak "riak")
- (lib.enableFeature withElixir "elixir")
- (lib.enableFeature withIconv "iconv")
- (lib.enableFeature withTools "tools")
- (lib.enableFeature withRedis "redis")
- ] ++ lib.optional withSqlite "--with-sqlite3=${sqlite.dev}";
-
- enableParallelBuilding = true;
-
- patches = [
- ./ejabberdctl.patch
- ];
-
- preBuild = ''
- cp -r $deps deps
- chmod -R +w deps
- patchShebangs deps
- '';
-
- postInstall = ''
- sed -i \
- -e '2iexport PATH=${ctlpath}:$PATH' \
- -e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \
- -e 's,\(^ *JOT=\).*,\1,' \
- -e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \
- $out/sbin/ejabberdctl
- '';
-
- meta = with stdenv.lib; {
- description = "Open-source XMPP application server written in Erlang";
- license = licenses.gpl2;
- homepage = http://www.ejabberd.im;
- platforms = platforms.linux;
- maintainers = with maintainers; [ sander abbradar ];
- broken = withElixir;
- };
-}
diff --git a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch
deleted file mode 100644
index f7c842b7b..000000000
--- a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch
+++ /dev/null
@@ -1,32 +0,0 @@
---- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100
-+++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200
-@@ -42,19 +42,18 @@
- esac
-
- # parse command line parameters
--for arg; do
-- case $arg in
-- -n|--node) ERLANG_NODE_ARG=$2; shift;;
-- -s|--spool) SPOOL_DIR=$2; shift;;
-- -l|--logs) LOGS_DIR=$2; shift;;
-- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;;
-- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;;
-- -d|--config-dir) ETC_DIR=$2; shift;;
-- -t|--no-timeout) NO_TIMEOUT="--no-timeout";;
-- --) :;;
-+while test $# -gt 0; do
-+ case $1 in
-+ -n|--node) ERLANG_NODE_ARG=$2; shift 2;;
-+ -s|--spool) SPOOL_DIR=$2; shift 2;;
-+ -l|--logs) LOGS_DIR=$2; shift 2;;
-+ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;;
-+ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;;
-+ -d|--config-dir) ETC_DIR=$2; shift 2;;
-+ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;;
-+ # --) :;; what is this for?
- *) break;;
- esac
-- shift
- done
-
- # define ejabberd variables if not already defined from the command line
diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix
deleted file mode 100644
index 15cc277a5..000000000
--- a/krebs/5pkgs/simple/realwallpaper/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ stdenv, fetchgit, xplanet, imagemagick, curl, file }:
-
-stdenv.mkDerivation {
- name = "realwallpaper";
-
- src = fetchgit {
- url = https://github.com/Lassulus/realwallpaper;
- rev = "e0563289c2ab592b669ce4549fc40130246e9d79";
- sha256 = "1zgk8ips2d686216h203w62wrw7zy9z0lrndx9f8z6f1vpvjcmqc";
- };
-
- phases = [
- "unpackPhase"
- "installPhase"
- ];
-
- buildInputs = [
- ];
-
- installPhase = ''
- mkdir -p $out
- cp realwallpaper.sh $out/realwallpaper.sh
- '';
-}
diff --git a/krebs/default.nix b/krebs/default.nix
index d99f60aaa..7ec791529 100644
--- a/krebs/default.nix
+++ b/krebs/default.nix
@@ -1,12 +1,14 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
{
+
imports = [
./3modules
- {
- nixpkgs.config.packageOverrides =
- import ../submodules/nix-writers/pkgs pkgs;
- }
];
- nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
+
+ nixpkgs = {
+ overlays = [
+ (import ./5pkgs)
+ (import ../submodules/nix-writers/pkgs)
+ ];
+ };
+
}
diff --git a/krebs/krops.nix b/krebs/krops.nix
index 763e76b83..ab7524941 100644
--- a/krebs/krops.nix
+++ b/krebs/krops.nix
@@ -7,15 +7,27 @@
# TODO document why pkgs should be used like this
pkgs = import "${krops}/pkgs" {};
- krebs-source = {
- nixpkgs.git = {
- ref = (lib.importJSON ./nixpkgs.json).rev;
- url = https://github.com/NixOS/nixpkgs;
+ krebs-source = { test ? false }: rec {
+ nixpkgs = if test then {
+ file = {
+ path = toString (pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = (lib.importJSON ./nixpkgs.json).rev;
+ sha256 = (lib.importJSON ./nixpkgs.json).sha256;
+ });
+ useChecksum = true;
+ };
+ } else {
+ git = {
+ ref = (lib.importJSON ./nixpkgs.json).rev;
+ url = https://github.com/NixOS/nixpkgs;
+ };
};
stockholm.file = toString ../.;
stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" ''
set -efu
- cd ${lib.escapeShellArg krebs-source.stockholm.file}
+ cd ${lib.escapeShellArg stockholm.file}
V=$(${pkgs.coreutils}/bin/date +%y.%m)
if test -d .git; then
V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty)
@@ -28,21 +40,17 @@
};
source ={ test }: lib.evalSource [
- krebs-source
+ (krebs-source { test = test; })
{
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
- secrets =
- if test
- then {
- file = toString <stockholm/krebs/0tests/data/secrets>;
- }
- else {
- pass = {
- dir = "${lib.getEnv "HOME"}/brain";
- name = "krebs-secrets/${name}";
- };
- }
- ;
+ secrets = if test then {
+ file = toString <stockholm/krebs/0tests/data/secrets>;
+ } else {
+ pass = {
+ dir = "${lib.getEnv "HOME"}/brain";
+ name = "krebs-secrets/${name}";
+ };
+ };
}
];
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index e013645ea..61fd085be 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "bf7930d582bcf7953c3b87e649858f3f1873eb9c",
- "date": "2018-11-04T19:36:25+01:00",
- "sha256": "0nvn6g0pxp0glqjg985qxs7ash0cmcdc80h8jxxk6z4pnr3f2n1m",
+ "rev": "5d4a1a3897e2d674522bcb3aa0026c9e32d8fd7c",
+ "date": "2018-11-24T00:40:22-05:00",
+ "sha256": "19kryzx9a6x68mpyxks3dajraf92hkbnw1zf952k73s2k4qw9jlq",
"fetchSubmodules": false
}
diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix
index 0a286c6f0..bed8961b8 100644
--- a/lass/1systems/archprism/config.nix
+++ b/lass/1systems/archprism/config.nix
@@ -36,10 +36,10 @@ with import <stockholm/lib>;
# TODO write function for proxy_pass (ssl/nonssl)
krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.179"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
+ { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; }
];
}
{
@@ -57,13 +57,6 @@ with import <stockholm/lib>;
config.krebs.users.makefu.pubkey
];
};
- users.users.nin = {
- uid = genid "nin";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.nin.pubkey
- ];
- };
users.extraUsers.dritter = {
uid = genid "dritter";
isNormalUser = true;
@@ -109,26 +102,6 @@ with import <stockholm/lib>;
localAddress = "10.233.2.2";
};
}
- {
- #onondaga
- systemd.services."container@onondaga".reloadIfChanged = mkForce false;
- containers.onondaga = {
- config = { ... }: {
- imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
- environment.systemPackages = [ pkgs.git ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- config.krebs.users.nin.pubkey
- ];
- };
- autoStart = true;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.5";
- localAddress = "10.233.2.6";
- };
- }
<stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/ts3.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
@@ -137,7 +110,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/iodined.nix>
<stockholm/lass/2configs/paste.nix>
<stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/reaktor-coders.nix>
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
diff --git a/lass/1systems/archprism/physical.nix b/lass/1systems/archprism/physical.nix
index 56348d0ab..36de7dc17 100644
--- a/lass/1systems/archprism/physical.nix
+++ b/lass/1systems/archprism/physical.nix
@@ -14,16 +14,16 @@
};
};
# TODO use this network config
- #networking.interfaces.et0.ipv4.addresses = [
- # {
- # address = config.krebs.build.host.nets.internet.ip4.addr;
- # prefixLength = 27;
- # }
- # {
- # address = "46.4.114.243";
- # prefixLength = 27;
- # }
- #];
+ networking.interfaces.eth0.ipv4.addresses = [
+ {
+ address = config.krebs.build.host.nets.internet.ip4.addr;
+ prefixLength = 27;
+ }
+ {
+ address = "46.4.114.243";
+ prefixLength = 27;
+ }
+ ];
#networking.defaultGateway = "46.4.114.225";
#networking.nameservers = [
# "8.8.8.8"
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
new file mode 100644
index 000000000..8f748ab8f
--- /dev/null
+++ b/lass/1systems/blue/source.nix
@@ -0,0 +1,11 @@
+{ lib, pkgs, ... }:
+{
+ nixpkgs = lib.mkForce {
+ file = toString (pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
+ sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
+ });
+ };
+}
diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix
deleted file mode 100644
index 6a8040c9d..000000000
--- a/lass/1systems/cabal/config.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [
- <stockholm/lass>
-
- <stockholm/lass/2configs/mouse.nix>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/AP.nix>
- <stockholm/lass/2configs/blue-host.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.cabal;
-}
diff --git a/lass/1systems/cabal/physical.nix b/lass/1systems/cabal/physical.nix
deleted file mode 100644
index 3cc4af03b..000000000
--- a/lass/1systems/cabal/physical.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- imports = [
- ./config.nix
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
- ];
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0"
- '';
-}
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 1957c8ba4..d2d4bd3eb 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -25,9 +25,5 @@
macchanger
dpass
];
- services.redshift = {
- enable = true;
- provider = "geoclue2";
- };
programs.adb.enable = true;
}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 6d65b58c2..207c7c640 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -33,6 +33,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/print.nix>
+ <stockholm/lass/2configs/blue-host.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
@@ -101,6 +102,7 @@ with import <stockholm/lib>;
urban
mk_sql_pair
remmina
+ transmission
iodine
@@ -147,10 +149,6 @@ with import <stockholm/lib>;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true;
- services.redshift = {
- enable = true;
- provider = "geoclue2";
- };
lass.restic = genAttrs [
"daedalus"
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index bf7de6fc5..0ca39447d 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -57,13 +57,6 @@ with import <stockholm/lib>;
config.krebs.users.makefu.pubkey
];
};
- users.users.nin = {
- uid = genid "nin";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.nin.pubkey
- ];
- };
users.extraUsers.dritter = {
uid = genid "dritter";
isNormalUser = true;
@@ -119,7 +112,6 @@ with import <stockholm/lib>;
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
- config.krebs.users.nin.pubkey
];
};
autoStart = true;
@@ -215,7 +207,6 @@ with import <stockholm/lib>;
RandomizedDelaySec = "2min";
};
}
- <stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix>
{
services.taskserver = {
@@ -346,11 +337,64 @@ with import <stockholm/lib>;
];
}
+ {
+ systemd.services."container@yellow".reloadIfChanged = mkForce false;
+ containers.yellow = {
+ config = { ... }: {
+ environment.systemPackages = [ pkgs.git ];
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
+ };
+ autoStart = false;
+ enableTun = true;
+ privateNetwork = true;
+ hostAddress = "10.233.2.13";
+ localAddress = "10.233.2.14";
+ };
+
+ services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = ''
+ if ($scheme != "https") {
+ rewrite ^ https://$host$uri permanent;
+ }
+ auth_basic "Restricted Content";
+ auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''
+ krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
+ ''};
+ proxy_pass http://10.233.2.14:9091;
+ '';
+
+ users.groups.download = {};
+ users.users = {
+ download = {
+ createHome = true;
+ group = "download";
+ name = "download";
+ home = "/var/download";
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = with config.krebs.users; [
+ lass.pubkey
+ lass-shodan.pubkey
+ lass-icarus.pubkey
+ lass-daedalus.pubkey
+ lass-helios.pubkey
+ makefu.pubkey
+ wine-mors.pubkey
+ ];
+ };
+ };
+
+ system.activationScripts.downloadFolder = ''
+ mkdir -p /var/download
+ chmod 775 /var/download
+ ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
+ chown download: /var/download/finished
+ '';
+ }
];
krebs.build.host = config.krebs.hosts.prism;
- # workaround because grub store paths are broken
- boot.copyKernels = true;
services.earlyoom = {
enable = true;
freeMemThreshold = 5;
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 56348d0ab..116bdb92f 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -1,77 +1,61 @@
{ config, lib, pkgs, ... }:
+
{
+
imports = [
./config.nix
- {
- boot.kernelParams = [ "net.ifnames=0" ];
- networking = {
- defaultGateway = "46.4.114.225";
- # Use google's public DNS server
- nameservers = [ "8.8.8.8" ];
- interfaces.eth0 = {
- ipAddress = "46.4.114.247";
- prefixLength = 27;
- };
- };
- # TODO use this network config
- #networking.interfaces.et0.ipv4.addresses = [
- # {
- # address = config.krebs.build.host.nets.internet.ip4.addr;
- # prefixLength = 27;
- # }
- # {
- # address = "46.4.114.243";
- # prefixLength = 27;
- # }
- #];
- #networking.defaultGateway = "46.4.114.225";
- #networking.nameservers = [
- # "8.8.8.8"
- #];
- #services.udev.extraRules = ''
- # SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
- #'';
- }
- {
- imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
-
- networking.hostId = "fb4173ea";
- boot.loader.grub = {
- devices = [
- "/dev/sda"
- "/dev/sdb"
- ];
- splashImage = null;
- };
-
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "vmw_pvscsi"
- "ahci" "sd_mod"
- ];
-
- boot.kernelModules = [ "kvm-intel" ];
-
- sound.enable = false;
- nixpkgs.config.allowUnfree = true;
- time.timeZone = "Europe/Berlin";
-
- fileSystems."/" = {
- device = "rpool/root/nixos";
- fsType = "zfs";
- };
-
- fileSystems."/home" = {
- device = "rpool/home";
- fsType = "zfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d";
- fsType = "ext4";
- };
-
- }
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
+ boot.kernelModules = [ "kvm-intel" ];
+
+ fileSystems."/" = {
+ device = "rpool/root/nixos";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/d155d6ff-8e89-4876-a9e7-d1b7ba6a4804";
+ fsType = "ext4";
+ };
+
+ fileSystems."/srv/http" = {
+ device = "tank/srv-http";
+ fsType = "zfs";
+ };
+
+ fileSystems."/var/download" = {
+ device = "tank/download";
+ fsType = "zfs";
+ };
+
+ fileSystems."/var/lib/containers" = {
+ device = "tank/containers";
+ fsType = "zfs";
+ };
+
+ fileSystems."/home" = {
+ device = "tank/home";
+ fsType = "zfs";
+ };
+
+ nix.maxJobs = lib.mkDefault 8;
+ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
+
+ boot.kernelParams = [ "net.ifnames=0" ];
+ networking = {
+ hostId = "2283aaae";
+ defaultGateway = "95.216.1.129";
+ # Use google's public DNS server
+ nameservers = [ "8.8.8.8" ];
+ interfaces.eth0 = {
+ ipAddress = "95.216.1.150";
+ prefixLength = 26;
+ };
+ };
}
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index 8405b0f1f..87a733d62 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -16,6 +16,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
+ <stockholm/lass/2configs/blue-host.nix>
];
krebs.build.host = config.krebs.hosts.shodan;
diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
index b6c08f797..13a8b3e41 100644
--- a/lass/1systems/skynet/config.nix
+++ b/lass/1systems/skynet/config.nix
@@ -5,42 +5,36 @@ with import <stockholm/lib>;
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
- #<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
+ <stockholm/lass/2configs/blue-host.nix>
+ <stockholm/lass/2configs/power-action.nix>
{
- # discordius config
services.xserver.enable = true;
+ services.xserver.desktopManager.xfce.enable = true;
+
users.users.discordius = {
- uid = genid "discordius";
- home = "/home/discordius";
- group = "users";
- createHome = true;
+ uid = genid "diskordius";
+ isNormalUser = true;
extraGroups = [
"audio"
"networkmanager"
];
- useDefaultShell = true;
- };
- networking.networkmanager.enable = true;
- networking.wireless.enable = mkForce false;
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
};
environment.systemPackages = with pkgs; [
- pavucontrol
- firefox
- hexchat
- networkmanagerapplet
+ google-chrome
];
- services.xserver.desktopManager.gnome3 = {
+ hardware.pulseaudio = {
enable = true;
+ systemWide = true;
};
}
];
krebs.build.host = config.krebs.hosts.skynet;
+ networking.wireless.enable = false;
+ networking.networkmanager.enable = true;
+
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
diff --git a/lass/1systems/skynet/physical.nix b/lass/1systems/skynet/physical.nix
index 358e1f511..e3451293f 100644
--- a/lass/1systems/skynet/physical.nix
+++ b/lass/1systems/skynet/physical.nix
@@ -1,10 +1,27 @@
{
imports = [
./config.nix
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
+ <stockholm/krebs/2configs/hw/x220.nix>
];
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.efiSupport = true;
+ boot.loader.grub.efiInstallAsRemovable = true;
+ boot.loader.grub.device = "nodev";
+
+ networking.hostId = "06442b9a";
+
+ fileSystems."/" =
+ { device = "rpool/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/0876-B308";
+ fsType = "vfat";
+ };
+
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
new file mode 100644
index 000000000..48d405111
--- /dev/null
+++ b/lass/1systems/yellow/config.nix
@@ -0,0 +1,140 @@
+with import <stockholm/lib>;
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs>
+ <stockholm/lass/2configs/retiolum.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.yellow;
+
+ system.activationScripts.downloadFolder = ''
+ mkdir -p /var/download
+ chown download:download /var/download
+ chmod 775 /var/download
+ '';
+
+ users.users.download = { uid = genid "download"; };
+ users.groups.download.members = [ "transmission" ];
+ users.users.transmission.group = mkForce "download";
+
+ systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ];
+ services.transmission = {
+ enable = true;
+ settings = {
+ download-dir = "/var/download/finished";
+ incomplete-dir = "/var/download/incoming";
+ incomplete-dir-enable = true;
+ umask = "002";
+ rpc-whitelist-enabled = false;
+ rpc-host-whitelist-enabled = false;
+ };
+ };
+
+ services.nginx = {
+ enable = true;
+ virtualHosts."yellow.r".locations."/dl".extraConfig = ''
+ autoindex on;
+ alias /var/download/finished;
+ '';
+ };
+
+ krebs.iptables = {
+ enable = true;
+ tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
+ ];
+ };
+
+ services.openvpn.servers.nordvpn.config = ''
+ client
+ dev tun
+ proto udp
+ remote 82.102.16.229 1194
+ resolv-retry infinite
+ remote-random
+ nobind
+ tun-mtu 1500
+ tun-mtu-extra 32
+ mssfix 1450
+ persist-key
+ persist-tun
+ ping 15
+ ping-restart 0
+ ping-timer-rem
+ reneg-sec 0
+ comp-lzo no
+
+ explicit-exit-notify 3
+
+ remote-cert-tls server
+
+ #mute 10000
+ auth-user-pass ${toString <secrets/nordvpn.txt>}
+
+ verb 3
+ pull
+ fast-io
+ cipher AES-256-CBC
+ auth SHA512
+
+ <ca>
+ -----BEGIN CERTIFICATE-----
+ MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+ VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH
+ Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw
+ bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y
+ ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG
+ A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT
+ B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2
+ cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v
+ cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG
+ UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny
+ mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X
+ +D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT
+ ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI
+ 583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA
+ VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT
+ Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh
+ MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ
+ MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy
+ Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW
+ EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG
+ SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ
+ e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW
+ //DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB
+ wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB
+ KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p
+ lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9
+ -----END CERTIFICATE-----
+ </ca>
+ key-direction 1
+ <tls-auth>
+ #
+ # 2048 bit OpenVPN static key
+ #
+ -----BEGIN OpenVPN Static key V1-----
+ 49b2f54c6ee58d2d97331681bb577d55
+ 054f56d92b743c31e80b684de0388702
+ ad3bf51088cd88f3fac7eb0729f2263c
+ 51d82a6eb7e2ed4ae6dfa65b1ac764d0
+ b9dedf1379c1b29b36396d64cb6fd6b2
+ e61f869f9a13001dadc02db171f04c4d
+ c46d1132c1f31709e7b54a6eabae3ea8
+ fbd2681363c185f4cb1be5aa42a27c31
+ 21db7b2187fd11c1acf224a0d5a44466
+ b4b5a3cc34ec0227fe40007e8b379654
+ f1e8e2b63c6b46ee7ab6f1bd82f57837
+ 92c209e8f25bc9ed493cb5c1d891ae72
+ 7f54f4693c5b20f136ca23e639fd8ea0
+ 865b4e22dd2af43e13e6b075f12427b2
+ 08af9ffd09c56baa694165f57fe2697a
+ 3377fa34aebcba587c79941d83deaf45
+ -----END OpenVPN Static key V1-----
+ </tls-auth>
+ '';
+}
diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix
new file mode 100644
index 000000000..7499ff723
--- /dev/null
+++ b/lass/1systems/yellow/physical.nix
@@ -0,0 +1,8 @@
+{
+ imports = [
+ ./config.nix
+ ];
+ boot.isContainer = true;
+ networking.useDHCP = false;
+ environment.variables.NIX_REMOTE = "daemon";
+}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 9b44e8f0e..d781f8c71 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -126,6 +126,12 @@ in {
restartIfChanged = false;
};
+ nixpkgs.config.packageOverrides = super: {
+ dmenu = pkgs.writeDashBin "dmenu" ''
+ ${pkgs.fzfmenu}/bin/fzfmenu "$@"
+ '';
+ };
+
krebs.xresources.enable = true;
lass.screenlock.enable = true;
}
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
index 991bbeb54..d3775b5df 100644
--- a/lass/2configs/binary-cache/server.nix
+++ b/lass/2configs/binary-cache/server.nix
@@ -25,6 +25,14 @@
proxy_pass http://localhost:${toString config.services.nix-serve.port};
'';
};
+ virtualHosts."cache.krebsco.de" = {
+ forceSSL = true;
+ serverAliases = [ "cache.lassul.us" ];
+ enableACME = true;
+ locations."/".extraConfig = ''
+ proxy_pass http://localhost:${toString config.services.nix-serve.port};
+ '';
+ };
};
}
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
index 83c235f3e..9cf294afd 100644
--- a/lass/2configs/blue-host.nix
+++ b/lass/2configs/blue-host.nix
@@ -1,23 +1,115 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
+let
+ all_hosts = [
+ "icarus"
+ "shodan"
+ "daedalus"
+ "skynet"
+ "prism"
+ ];
+ remote_hosts = filter (h: h != config.networking.hostName) all_hosts;
-{
+in {
imports = [
<stockholm/lass/2configs/container-networking.nix>
+ { #hack for already defined
+ systemd.services."container@blue".reloadIfChanged = mkForce false;
+ systemd.services."container@blue".preStart = ''
+ ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
+ '';
+ systemd.services."container@blue".preStop = ''
+ /run/wrappers/bin/fusermount -u /var/lib/containers/blue
+ '';
+ }
];
- systemd.services."container@blue".reloadIfChanged = mkForce false;
+
+ system.activationScripts.containerPermissions = ''
+ mkdir -p /var/lib/containers
+ chmod 711 /var/lib/containers
+ '';
+
containers.blue = {
config = { ... }: {
- environment.systemPackages = [ pkgs.git ];
+ environment.systemPackages = [
+ pkgs.git
+ pkgs.rxvt_unicode.terminfo
+ ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
- autoStart = true;
+ autoStart = false;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.9";
localAddress = "10.233.2.10";
};
+
+
+ systemd.services = builtins.listToAttrs (map (host:
+ let
+ in nameValuePair "sync-blue-${host}" {
+ bindsTo = [ "container@blue.service" ];
+ wantedBy = [ "container@blue.service" ];
+ # ssh needed for rsync
+ path = [ pkgs.openssh ];
+ serviceConfig = {
+ Restart = "always";
+ RestartSec = 10;
+ ExecStart = pkgs.writeDash "sync-blue-${host}" ''
+ set -efu
+ #make sure blue is running
+ /run/wrappers/bin/ping -c1 blue.r > /dev/null
+
+ #make sure the container is unlocked
+ ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
+
+ #make sure our target is reachable
+ ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null
+
+ #start sync
+ ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" ''
+ settings {
+ nodaemon = true,
+ inotifyMode = "CloseWrite or Modify",
+ }
+ sync {
+ default.rsyncssh,
+ source = "/var/lib/containers/.blue",
+ host = "${host}.r",
+ targetdir = "/var/lib/containers/.blue",
+ rsync = {
+ archive = true,
+ owner = true,
+ group = true,
+ };
+ ssh = {
+ binary = "${pkgs.openssh}/bin/ssh";
+ identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa",
+ },
+ }
+ ''}
+ '';
+ };
+ unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
+ }
+ ) remote_hosts);
+
+ environment.systemPackages = [
+ (pkgs.writeDashBin "start-blue" ''
+ set -ef
+ if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then
+ ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue
+ fi
+ nixos-container start blue
+ nixos-container run blue -- nixos-rebuild -I /var/src dry-build
+ if ping -c1 blue.r >/dev/null; then
+ echo 'blue is already running. bailing out'
+ exit 23
+ fi
+ nixos-container run blue -- nixos-rebuild -I /var/src switch
+ '')
+ ];
}
diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
index 68f2256cf..4d4a92eb9 100644
--- a/lass/2configs/blue.nix
+++ b/lass/2configs/blue.nix
@@ -15,6 +15,7 @@ with (import <stockholm/lib>);
dic
nmap
git-preview
+ l-gen-secrets
];
services.tor.enable = true;
diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix
index b08cf9307..6818db460 100644
--- a/lass/2configs/ciko.nix
+++ b/lass/2configs/ciko.nix
@@ -19,5 +19,9 @@ with import <stockholm/lib>;
"slash16.net"
];
};
+
+ system.activationScripts.user-shadow = ''
+ ${pkgs.coreutils}/bin/chmod +x /home/ciko
+ '';
}
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
deleted file mode 100644
index 8d0fb0d02..000000000
--- a/lass/2configs/downloading.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
- users.extraUsers = {
- download = {
- name = "download";
- home = "/var/download";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- "download"
- ];
- openssh.authorizedKeys.keys = with config.krebs.users; [
- lass.pubkey
- lass-shodan.pubkey
- lass-icarus.pubkey
- lass-daedalus.pubkey
- lass-helios.pubkey
- makefu.pubkey
- wine-mors.pubkey
- ];
- };
-
- transmission = {
- extraGroups = [
- "download"
- ];
- };
- };
-
- users.extraGroups = {
- download = {
- members = [
- "download"
- "transmission"
- ];
- };
- };
-
- krebs.rtorrent = {
- enable = true;
- web = {
- enable = true;
- port = 9091;
- basicAuth = import <secrets/torrent-auth>;
- };
- rutorrent.enable = true;
- enableXMLRPC = true;
- listenPort = 51413;
- downloadDir = "/var/download/finished";
- # dump old torrents into watch folder to have them re-added
- watchDir = "/var/download/watch";
- };
-
- krebs.iptables = {
- enable = true;
- tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
- ];
- };
-}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 6ef3c8595..1ee45bb41 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -90,6 +90,10 @@ with import <stockholm/lib>;
{ from = "afra@lassul.us"; to = lass.mail; }
{ from = "ksp@lassul.us"; to = lass.mail; }
{ from = "ccc@lassul.us"; to = lass.mail; }
+ { from = "neocron@lassul.us"; to = lass.mail; }
+ { from = "osmocom@lassul.us"; to = lass.mail; }
+ { from = "lesswrong@lassul.us"; to = lass.mail; }
+ { from = "nordvpn@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index 31a01c754..065ee9c42 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -6,8 +6,7 @@ in {
krebs.fetchWallpaper = {
enable = true;
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
- url = "prism/realwallpaper-sat-krebs.png";
- maxTime = 10;
+ url = "prism/realwallpaper-krebs.png";
};
}
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 17c3cf3be..49602898e 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -75,6 +75,8 @@ in {
packages = with pkgs; [
ftb
minecraft
+ steam-run
+ dolphinEmu
];
};
};
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index c5b5c01fb..62173e33f 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -21,6 +21,10 @@ let
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
];
+
+ system.activationScripts.spool-chmod = ''
+ ${pkgs.coreutils}/bin/chmod +x /var/spool
+ '';
};
cgit-clear-cache = pkgs.cgit-clear-cache.override {
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index e50689254..36e797a96 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -31,6 +31,7 @@ let
'';
mailboxes = {
+ afra = [ "to:afra@afra-berlin.de" ];
c-base = [ "to:c-base.org" ];
coins = [
"to:btce@lassul.us"
@@ -46,12 +47,15 @@ let
];
dezentrale = [ "to:dezentrale.space" ];
dhl = [ "to:dhl@lassul.us" ];
+ dn42 = [ "to:dn42@lists.nox.tf" ];
eloop = [ "to:eloop.org" ];
github = [ "to:github@lassul.us" ];
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
+ india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
lugs = [ "to:lugs@lug-s.org" ];
- nix-devel = [ "to:nix-devel@googlegroups.com" ];
+ meetup = [ "to:meetup@lassul.us" ];
+ nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ];
patreon = [ "to:patreon@lassul.us" ];
paypal = [ "to:paypal@lassul.us" ];
ptl = [ "to:ptl@posttenebraslab.ch" ];
@@ -170,6 +174,16 @@ let
macro pager a "<modify-labels>-archive\n" # tag as Archived
+ bind index U noop
+ bind index u noop
+ bind pager U noop
+ bind pager u noop
+ macro index U "<modify-labels>+unread\n"
+ macro index u "<modify-labels>-unread\n"
+ macro pager U "<modify-labels>+unread\n"
+ macro pager u "<modify-labels>-unread\n"
+
+
bind index t noop
bind pager t noop
macro index t "<modify-labels>" # tag as Archived
diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix
index aef671636..b7083c776 100644
--- a/lass/2configs/monitoring/prometheus-server.nix
+++ b/lass/2configs/monitoring/prometheus-server.nix
@@ -177,7 +177,8 @@
addr = "0.0.0.0";
domain = "grafana.example.com";
rootUrl = "https://grafana.example.com/";
- security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
+ auth.anonymous.enable = true;
+ auth.anonymous.org_role = "Admin";
};
};
services.logstash = {
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index bf6855804..85faded14 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -62,8 +62,23 @@ in {
extraConfig = ''
audio_output {
type "shout"
+ encoding "lame"
+ name "the_playlist_mp3"
+ host "localhost"
+ port "8000"
+ mount "/radio.mp3"
+ password "${source-password}"
+ bitrate "128"
+
+ format "44100:16:2"
+
+ user "source"
+ genre "good music"
+ }
+ audio_output {
+ type "shout"
encoding "ogg"
- name "the_playlist"
+ name "the_playlist_ogg"
host "localhost"
port "8000"
mount "/radio.ogg"
diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix
index 116d66276..e0cb37f67 100644
--- a/lass/2configs/realwallpaper.nix
+++ b/lass/2configs/realwallpaper.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
let
hostname = config.krebs.build.host.name;
@@ -9,6 +9,9 @@ let
in {
krebs.realwallpaper.enable = true;
+ system.activationScripts.user-shadow = ''
+ ${pkgs.coreutils}/bin/chmod +x /var/realwallpaper
+ '';
services.nginx.virtualHosts.wallpaper = {
extraConfig = ''
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
@@ -22,10 +25,7 @@ in {
locations."/realwallpaper.png".extraConfig = ''
root /var/realwallpaper/;
'';
- locations."/realwallpaper-sat.png".extraConfig = ''
- root /var/realwallpaper/;
- '';
- locations."/realwallpaper-sat-krebs.png".extraConfig = ''
+ locations."/realwallpaper-krebs.png".extraConfig = ''
root /var/realwallpaper/;
'';
};
diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/lass/2configs/tests/dummy-secrets/nordvpn.txt
index e69de29bb..e69de29bb 100644
--- a/nin/0tests/dummysecrets/ssh.id_ed25519
+++ b/lass/2configs/tests/dummy-secrets/nordvpn.txt
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 828cab95f..4935268a4 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -139,6 +139,13 @@ in {
ssl_key = "/var/lib/acme/lassul.us/key.pem";
};
+ users.users.xanf = {
+ uid = genid_uint31 "xanf";
+ home = "/home/xanf";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
users.users.domsen = {
uid = genid_uint31 "domsen";
description = "maintenance acc for domsen";
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
deleted file mode 100644
index 14d6ce9ec..000000000
--- a/lass/2configs/websites/fritz.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with lib;
-let
- inherit (import <stockholm/lib>)
- genid
- head
- ;
- inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
- servePage
- serveWordpress
- ;
-
- msmtprc = pkgs.writeText "msmtprc" ''
- account default
- host localhost
- '';
-
- sendmail = pkgs.writeDash "msmtp" ''
- exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
- '';
-
-in {
-
- services.nginx.enable = true;
-
- imports = [
- ./default.nix
- ./sqlBackup.nix
-
- (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])
-
- (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ])
-
- (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
-
- (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
-
- (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
-
- (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
-
- (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
- ];
-
- lass.mysqlBackup.config.all.databases = [
- "eastuttgart_de"
- "radical_dreamers_de"
- "spielwaren_kern_de"
- "ttf_kleinaspach_de"
- ];
-
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.fritz.pubkey
- ];
-
- users.users.goldbarrendiebstahl = {
- home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de";
- uid = genid "goldbarrendiebstahl";
- createHome = true;
- useDefaultShell = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.fritz.pubkey
- ];
- };
-
- services.phpfpm.phpOptions = ''
- sendmail_path = ${sendmail} -t
- '';
-}
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index b72b20928..6470d86f7 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -66,22 +66,6 @@ in {
locations."/tinc".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external;
'';
- locations."/urlaubyay2018".extraConfig = ''
- autoindex on;
- alias /srv/http/lassul.us-media/india2018;
- auth_basic "Restricted Content";
- auth_basic_user_file ${pkgs.writeText "pics-user-pass" ''
- paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0
- ''};
- '';
- locations."/heilstadt".extraConfig = ''
- autoindex on;
- alias /srv/http/lassul.us-media/grabowsee2018;
- auth_basic "Restricted Content";
- auth_basic_user_file ${pkgs.writeText "pics-user-pass" ''
- c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0
- ''};
- '';
locations."/krebspage".extraConfig = ''
default_type "text/html";
alias ${pkgs.krebspage}/index.html;
diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix
index 2fffa6cc9..897e35e61 100644
--- a/lass/2configs/websites/sqlBackup.nix
+++ b/lass/2configs/websites/sqlBackup.nix
@@ -11,7 +11,6 @@
enable = true;
dataDir = "/var/mysql";
package = pkgs.mariadb;
- rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
};
systemd.services.mysql = {
diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix
index 68bcfa340..4630f25c1 100644
--- a/lass/3modules/ejabberd/config.nix
+++ b/lass/3modules/ejabberd/config.nix
@@ -87,7 +87,6 @@ in /* yaml */ ''
mod_configure: {}
mod_disco: {}
mod_echo: {}
- mod_irc: {}
mod_bosh: {}
mod_last: {}
mod_offline:
@@ -96,9 +95,9 @@ in /* yaml */ ''
mod_privacy: {}
mod_private: {}
mod_register:
- access_from: deny
+ access_from: allow
access: register
- ip_access: trusted_network
+ # ip_access: trusted_network
registration_watchers: ${toJSON config.registration_watchers}
mod_roster: {}
mod_shared_roster: {}
diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index 087d54eca..f86a4a69b 100644
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -25,6 +25,8 @@ import Control.Monad.Extra (whenJustM)
import Data.List (isInfixOf)
import Data.Monoid (Endo)
import System.Environment (getArgs, lookupEnv)
+import System.Exit (exitFailure)
+import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile)
import XMonad.Actions.CopyWindow (copy, kill1)
import XMonad.Actions.CycleWS (toggleWS)
@@ -36,7 +38,7 @@ import XMonad.Hooks.EwmhDesktops (ewmh)
import XMonad.Hooks.FloatNext (floatNext)
import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
-import XMonad.Hooks.Place (placeHook, smart)
+import XMonad.Hooks.ManageHelpers (composeOne, doCenterFloat, (-?>))
import XMonad.Hooks.UrgencyHook (focusUrgent)
import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..))
@@ -49,7 +51,7 @@ import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Util.NamedWindows (getName)
import XMonad.Util.Run (safeSpawn)
-import XMonad.Stockholm.Shutdown (handleShutdownEvent, sendShutdownEvent)
+import XMonad.Stockholm.Shutdown (newShutdownEventHandler, shutdown)
import XMonad.Stockholm.Pager (defaultWindowColors, pager, MatchMethod(MatchPrefix), PagerConfig(..))
data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
@@ -69,18 +71,20 @@ myFont = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"
main :: IO ()
main = getArgs >>= \case
- ["--shutdown"] -> sendShutdownEvent
- _ -> main'
+ [] -> main'
+ ["--shutdown"] -> shutdown
+ args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure
main' :: IO ()
main' = do
+ handleShutdownEvent <- newShutdownEventHandler
xmonad $ ewmh
$ withUrgencyHook LibNotifyUrgencyHook
$ def
{ terminal = myTerm
, modMask = mod4Mask
, layoutHook = smartBorders $ myLayoutHook
- , manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks
+ , manageHook = floatHooks <+> floatNextHook
, startupHook =
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
(\path -> forkFile path [] Nothing)
@@ -95,13 +99,12 @@ myLayoutHook = defLayout
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
floatHooks :: Query (Endo WindowSet)
-floatHooks = composeAll . concat $
- [ [ title =? t --> doFloat | t <- myTitleFloats]
- , [ className =? c --> doFloat | c <- myClassFloats ] ]
- where
- myTitleFloats = []
- myClassFloats = ["Pinentry"] -- for gpg passphrase entry
-
+floatHooks = composeOne
+ [ className =? "Pinentry" -?> doCenterFloat
+ , title =? "fzfmenu" -?> doCenterFloat
+ , title =? "glxgears" -?> doCenterFloat
+ , resource =? "Dialog" -?> doFloat
+ ]
myKeyMap :: [([Char], X ())]
myKeyMap =
@@ -110,6 +113,7 @@ myKeyMap =
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
, ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type")
+ , ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons")
, ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
@@ -159,6 +163,9 @@ myKeyMap =
, ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
, ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
+ , ("M4-<F9>", spawn "${pkgs.redshift}/bin/redshift -O 4000 -g 0.9:0.8:0.8")
+ , ("M4-<F10>", spawn "${pkgs.redshift}/bin/redshift -x")
+
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
, ("M4-s", spawn "${pkgs.knav}/bin/knav")
diff --git a/lass/5pkgs/emot-menu/default.nix b/lass/5pkgs/emot-menu/default.nix
new file mode 100644
index 000000000..d5d84e456
--- /dev/null
+++ b/lass/5pkgs/emot-menu/default.nix
@@ -0,0 +1,31 @@
+{ coreutils, dmenu, gnused, writeDashBin, writeText, xdotool }: let
+
+ emoticons = writeText "emoticons" ''
+¯\(°_o)/¯ | dunno lol shrug dlol
+¯\_(ツ)_/¯ | dunno lol shrug dlol
+( ͡° ͜ʖ ͡°) | lenny
+¯\_( ͡° ͜ʖ ͡°)_/¯ | lenny shrug dlol
+( ゚д゚) | aaah sad noo
+ヽ(^o^)丿 | hi yay hello
+(^o^; | ups hehe
+(^∇^) | yay
+┗(`皿´)┛ | angry argh
+ヾ(^_^) byebye!! | bye
+<(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) | dance
+(-.-)Zzz... | sleep
+(∩╹□╹∩) | oh noes woot
+™ | tm
+ζ | zeta
+(╯°□°)╯ ┻━┻ | table flip
+(」゜ロ゜)」 | why woot
+ '';
+
+in
+writeDashBin "emoticons" ''
+ set -efu
+
+ data=$(${coreutils}/bin/cat ${emoticons})
+ emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//')
+ ${xdotool}/bin/xdotool type -- "$emoticon"
+ exit 0
+''
diff --git a/lass/5pkgs/fzfmenu/default.nix b/lass/5pkgs/fzfmenu/default.nix
new file mode 100644
index 000000000..905a5ce6b
--- /dev/null
+++ b/lass/5pkgs/fzfmenu/default.nix
@@ -0,0 +1,45 @@
+{ pkgs, ... }:
+
+pkgs.writeDashBin "fzfmenu" ''
+ set -efu
+ PROMPT=">"
+ for i in "$@"
+ do
+ case $i in
+ -p)
+ PROMPT="$2"
+ shift
+ shift
+ break
+ ;;
+ -l)
+ # no reason to filter number of lines
+ LINES="$2"
+ shift
+ shift
+ break
+ ;;
+ -i)
+ # we do this anyway
+ shift
+ break
+ ;;
+ *)
+ echo "Unknown option $1" >&2
+ shift
+ ;;
+ esac
+ done
+ INPUT=$(${pkgs.coreutils}/bin/cat)
+ OUTPUT="$(${pkgs.coreutils}/bin/mktemp)"
+ ${pkgs.rxvt_unicode}/bin/urxvt \
+ -name fzfmenu -title fzfmenu \
+ -e ${pkgs.dash}/bin/dash -c \
+ "echo \"$INPUT\" | ${pkgs.fzf}/bin/fzf \
+ --history=/dev/null \
+ --no-sort \
+ --prompt=\"$PROMPT\" \
+ > \"$OUTPUT\"" 2>/dev/null
+ ${pkgs.coreutils}/bin/cat "$OUTPUT"
+ ${pkgs.coreutils}/bin/rm "$OUTPUT"
+''
diff --git a/lass/krops.nix b/lass/krops.nix
index a898164c3..d64454ea5 100644
--- a/lass/krops.nix
+++ b/lass/krops.nix
@@ -5,8 +5,14 @@
pkgs
;
+ host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then
+ import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; }
+ else
+ {}
+ ;
+
source = { test }: lib.evalSource [
- krebs-source
+ (krebs-source { test = test; })
{
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
secrets = if test then {
@@ -18,15 +24,24 @@
};
};
}
+ host-source
];
in {
+
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
source = source { test = false; };
inherit target;
};
+ # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate)
+ populate = { target, force ? false }: pkgs.populate {
+ inherit force;
+ source = source { test = false; };
+ target = lib.mkTarget target;
+ };
+
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
test = { target }: pkgs.krops.writeTest "${name}-test" {
force = true;
diff --git a/lib/default.nix b/lib/default.nix
index a40225c49..348d47e85 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -5,6 +5,7 @@ let
evalSource = import ./eval-source.nix;
git = import ./git.nix { inherit lib; };
+ krops = import ../submodules/krops/lib;
shell = import ./shell.nix { inherit lib; };
types = nixpkgs-lib.types // import ./types.nix { inherit lib; };
@@ -12,8 +13,9 @@ let
ne = x: y: x != y;
mod = x: y: x - y * (x / y);
- genid = import ./genid.nix { inherit lib; };
- genid_uint31 = x: ((lib.genid x) + 16777216) / 2;
+ genid = lib.genid_uint32; # TODO remove
+ genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2;
+ genid_uint32 = import ./genid.nix { inherit lib; };
lpad = n: c: s:
if lib.stringLength s < n
@@ -44,6 +46,23 @@ let
indent = replaceChars ["\n"] ["\n "];
+ mapNixDir = f: x: {
+ list = foldl' mergeAttrs {} (map (mapNixDir1 f) x);
+ path = mapNixDir1 f x;
+ }.${typeOf x};
+
+ mapNixDir1 = f: dirPath:
+ listToAttrs
+ (map
+ (relPath: let
+ name = removeSuffix ".nix" relPath;
+ path = dirPath + "/${relPath}";
+ in
+ nameValuePair name (f path))
+ (filter
+ (name: name != "default.nix" && !hasPrefix "." name)
+ (attrNames (readDir dirPath))));
+
# https://tools.ietf.org/html/rfc5952
normalize-ip6-addr =
let
diff --git a/lib/types.nix b/lib/types.nix
index d663d2512..016853300 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -3,7 +3,7 @@
let
inherit (lib)
all any attrNames concatMapStringsSep concatStringsSep const filter flip
- genid hasSuffix head isInt isString length mergeOneOption mkOption
+ genid_uint31 hasSuffix head isInt isString length mergeOneOption mkOption
mkOptionType optional optionalAttrs optionals range splitString
stringLength substring test testString typeOf;
inherit (lib.types)
@@ -365,7 +365,7 @@ rec {
};
uid = mkOption {
type = int;
- default = genid config.name;
+ default = genid_uint31 config.name;
};
};
});
@@ -377,7 +377,7 @@ rec {
};
gid = mkOption {
type = int;
- default = genid config.name;
+ default = genid_uint31 config.name;
};
};
});
diff --git a/makefu/0tests/data/secrets/hass/darksky.apikey b/makefu/0tests/data/secrets/hass/darksky.apikey
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/0tests/data/secrets/hass/darksky.apikey
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 36af23bb5..3d2cbac6f 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -8,16 +8,21 @@ in {
imports = [
<stockholm/makefu>
./hardware-config.nix
+ {
+ users.users.lass = {
+ uid = 9002;
+ isNormalUser = true;
+ createHome = true;
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = with config.krebs.users; [
+ lass.pubkey
+ makefu.pubkey
+ ];
+ };
+ }
<stockholm/makefu/2configs/headless.nix>
# <stockholm/makefu/2configs/smart-monitor.nix>
- <stockholm/makefu/2configs/git/cgit-retiolum.nix>
- <stockholm/makefu/2configs/backup.nix>
- # <stockholm/makefu/2configs/mattermost-docker.nix>
- # <stockholm/makefu/2configs/disable_v6.nix>
- <stockholm/makefu/2configs/exim-retiolum.nix>
- <stockholm/makefu/2configs/tinc/retiolum.nix>
-
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
@@ -26,83 +31,90 @@ in {
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/sec.nix>
<stockholm/makefu/2configs/zsh-user.nix>
+ <stockholm/makefu/2configs/mosh.nix>
+ # <stockholm/makefu/2configs/gui/xpra.nix>
+
+ # networking
+ <stockholm/makefu/2configs/vpn/openvpn-server.nix>
+ # <stockholm/makefu/2configs/vpn/vpnws/server.nix>
+ #<stockholm/makefu/2configs/dnscrypt/server.nix>
+ <stockholm/makefu/2configs/iodined.nix>
+ # <stockholm/makefu/2configs/backup.nix>
+ <stockholm/makefu/2configs/tinc/retiolum.nix>
+
+ # ci
+ # <stockholm/makefu/2configs/exim-retiolum.nix>
+ <stockholm/makefu/2configs/git/cgit-retiolum.nix>
+ <stockholm/makefu/2configs/shack/gitlab-runner>
+ <stockholm/makefu/2configs/remote-build/slave.nix>
+ <stockholm/makefu/2configs/taskd.nix>
# services
+ <stockholm/makefu/2configs/sabnzbd.nix>
+ <stockholm/makefu/2configs/mail/mail.euer.nix>
+
+ # sharing
<stockholm/makefu/2configs/share/gum.nix>
- # <stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/torrent.nix>
- <stockholm/makefu/2configs/mosh.nix>
- # <stockholm/makefu/2configs/retroshare.nix>
+ #<stockholm/makefu/2configs/retroshare.nix>
+ ## <stockholm/makefu/2configs/ipfs.nix>
+ #<stockholm/makefu/2configs/syncthing.nix>
+ { # ncdc
+ environment.systemPackages = [ pkgs.ncdc ];
+ networking.firewall = {
+ allowedUDPPorts = [ 51411 ];
+ allowedTCPPorts = [ 51411 ];
+ };
+ }
+ # <stockholm/makefu/2configs/opentracker.nix>
- # network
+ ## network
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix>
+ <stockholm/makefu/2configs/binary-cache/server.nix>
+ <stockholm/makefu/2configs/backup/server.nix>
<stockholm/makefu/2configs/iodined.nix>
+ <stockholm/makefu/2configs/bitlbee.nix>
+ <stockholm/makefu/2configs/wireguard/server.nix>
- # buildbot
- <stockholm/makefu/2configs/remote-build/slave.nix>
-
- ## Web
- <stockholm/makefu/2configs/nginx/share-download.nix>
- <stockholm/makefu/2configs/nginx/euer.test.nix>
+ # Removed until move: no extra mails
+ <stockholm/makefu/2configs/urlwatch>
+ # Removed until move: avoid letsencrypt ban
+ ### Web
+ #<stockholm/makefu/2configs/nginx/share-download.nix>
+ #<stockholm/makefu/2configs/nginx/euer.test.nix>
<stockholm/makefu/2configs/nginx/euer.mon.nix>
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
<stockholm/makefu/2configs/nginx/euer.blog.nix>
- # <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
- <stockholm/makefu/2configs/nginx/public_html.nix>
- <stockholm/makefu/2configs/nginx/update.connector.one.nix>
+ ## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
+ #<stockholm/makefu/2configs/nginx/public_html.nix>
+ #<stockholm/makefu/2configs/nginx/update.connector.one.nix>
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
+ <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
+ <stockholm/makefu/2configs/nginx/iso.euer.nix>
+ <stockholm/makefu/2configs/shack/events-publisher>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
- # <stockholm/makefu/2configs/deployment/graphs.nix>
+ <stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
- {
- services.taskserver.enable = true;
- services.taskserver.fqdn = config.krebs.build.host.name;
- services.taskserver.listenHost = "::";
- services.taskserver.organisations.home.users = [ "makefu" ];
- networking.firewall.extraCommands = ''
- iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
- ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
- '';
- }
- # <stockholm/makefu/2configs/ipfs.nix>
- <stockholm/makefu/2configs/syncthing.nix>
-
- # <stockholm/makefu/2configs/opentracker.nix>
- <stockholm/makefu/2configs/dcpp/hub.nix>
- <stockholm/makefu/2configs/dcpp/client.nix>
-
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/logging/client.nix>
- # Temporary:
+ # sharing
+ <stockholm/makefu/2configs/dcpp/airdcpp.nix>
+ <stockholm/makefu/2configs/dcpp/hub.nix>
+
+ ## Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
+ <stockholm/makefu/2configs/virtualisation/libvirt.nix>
- #{
- # services.dockerRegistry.enable = true;
- # networking.firewall.allowedTCPPorts = [ 8443 ];
-
- # services.nginx.virtualHosts."euer.krebsco.de" = {
- # forceSSL = true;
- # enableACME = true;
- # extraConfig = ''
- # client_max_body_size 1000M;
- # '';
- # locations."/".proxyPass = "http://localhost:5000";
- # };
- #}
- <stockholm/makefu/2configs/wireguard/server.nix>
- { # iperf3
- networking.firewall.allowedUDPPorts = [ 5201 ];
- networking.firewall.allowedTCPPorts = [ 5201 ];
- }
-
+ # krebs infrastructure services
+ <stockholm/makefu/2configs/stats/server.nix>
];
makefu.dl-dir = "/var/download";
@@ -120,9 +132,7 @@ in {
ListenAddress = ${external-ip} 21031
'';
connectTo = [
- "muhbaasu" "tahoe" "flap" "wry"
- "ni"
- "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
+ "prism" "ni" "enklave" "dishfire" "echelon" "hotdog"
];
};
@@ -137,10 +147,11 @@ in {
environment.systemPackages = with pkgs;[
weechat
bepasty-client-cli
- get
tmux
];
+ # Hardware
+
# Network
networking = {
firewall = {
@@ -179,4 +190,5 @@ in {
};
users.users.makefu.extraGroups = [ "download" "nginx" ];
boot.tmpOnTmpfs = true;
+ state = [ "/home/makefu/.weechat" ];
}
diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix
index a40709169..bfe29b46c 100644
--- a/makefu/1systems/gum/hardware-config.nix
+++ b/makefu/1systems/gum/hardware-config.nix
@@ -1,26 +1,24 @@
{ config, ... }:
let
- external-mac = "2a:c5:6e:d2:fc:7f";
- main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
- external-gw = "185.194.140.1";
+ external-mac = "50:46:5d:9f:63:6b";
+ main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
+ sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
+ external-gw = "144.76.26.225";
# single partition, label "nixos"
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
# static
- external-ip = config.krebs.build.host.nets.internet.ip4.addr;
- external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
+ external-ip = "144.76.26.247";
+ external-ip6 = "2a01:4f8:191:12f6::2";
external-gw6 = "fe80::1";
- external-netmask = 22;
+ external-netmask = 27;
external-netmask6 = 64;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
ext-if = "et0"; # gets renamed on the fly
in {
imports = [
- <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
];
-
makefu.server.primary-itf = ext-if;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
@@ -40,7 +38,62 @@ in {
defaultGateway = external-gw;
};
boot.kernelParams = [ ];
- boot.loader.grub.device = main-disk;
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
- boot.kernelModules = [ "kvm-intel" ];
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.devices = [ main-disk ];
+ boot.initrd.kernelModules = [ "dm-raid" ];
+ boot.initrd.availableKernelModules = [
+ "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
+ "xhci_pci" "ehci_pci" "ahci" "sd_mod"
+ ];
+ boot.kernelModules = [ "kvm-intel" ];
+ hardware.enableRedistributableFirmware = true;
+ fileSystems."/" = {
+ device = "/dev/mapper/nixos-root";
+ fsType = "ext4";
+ };
+ fileSystems."/var/lib" = {
+ device = "/dev/mapper/nixos-lib";
+ fsType = "ext4";
+ };
+ fileSystems."/var/download" = {
+ device = "/dev/mapper/nixos-download";
+ fsType = "ext4";
+ };
+ fileSystems."/var/lib/borgbackup" = {
+ device = "/dev/mapper/nixos-backup";
+ fsType = "ext4";
+ };
+ fileSystems."/boot" = {
+ device = "/dev/sda2";
+ fsType = "vfat";
+ };
+ # parted -s -a optimal "$disk" \
+ # mklabel gpt \
+ # mkpart no-fs 0 1024KiB \
+ # set 1 bios_grub on \
+ # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
+ # mkpart primary 1025MiB 100%
+ # parted -s -a optimal "/dev/sdb" \
+ # mklabel gpt \
+ # mkpart primary 1M 100%
+
+ #mkfs.vfat /dev/sda2
+ #pvcreate /dev/sda3
+ #pvcreate /dev/sdb1
+ #vgcreate nixos /dev/sda3 /dev/sdb1
+ #lvcreate -L 120G -m 1 -n root nixos
+ #lvcreate -L 50G -m 1 -n lib nixos
+ #lvcreate -L 100G -n download nixos
+ #lvcreate -L 100G -n backup nixos
+ #mkfs.ext4 /dev/mapper/nixos-root
+ #mkfs.ext4 /dev/mapper/nixos-lib
+ #mkfs.ext4 /dev/mapper/nixos-download
+ #mkfs.ext4 /dev/mapper/nixos-borgbackup
+ #mount /dev/mapper/nixos-root /mnt
+ #mkdir /mnt/boot
+ #mount /dev/sda2 /mnt/boot
+ #mkdir -p /mnt/var/src
+ #touch /mnt/var/src/.populate
+
}
diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt
new file mode 100644
index 000000000..30276b7db
--- /dev/null
+++ b/makefu/1systems/gum/rescue.txt
@@ -0,0 +1,11 @@
+mount /dev/mapper/nixos-root /mnt
+mount /dev/sda2 /mnt/boot
+
+chroot-prepare /mnt
+chroot /mnt /bin/sh
+
+journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub)
+
+export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin
+/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate
+/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild
diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix
index 1e36c6e87..6940498f1 100644
--- a/makefu/1systems/gum/source.nix
+++ b/makefu/1systems/gum/source.nix
@@ -1,5 +1,5 @@
{
- name="gum";
+ name="nextgum";
torrent = true;
clever_kexec = true;
}
diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix
deleted file mode 100644
index 64516fa98..000000000
--- a/makefu/1systems/nextgum/config.nix
+++ /dev/null
@@ -1,253 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- external-ip = config.krebs.build.host.nets.internet.ip4.addr;
- ext-if = config.makefu.server.primary-itf;
-in {
- imports = [
- <stockholm/makefu>
- ./hardware-config.nix
- ./transfer-config.nix
- <stockholm/makefu/2configs/headless.nix>
- # <stockholm/makefu/2configs/smart-monitor.nix>
-
- # Security
- <stockholm/makefu/2configs/sshd-totp.nix>
-
- # Tools
- <stockholm/makefu/2configs/tools/core.nix>
- <stockholm/makefu/2configs/tools/dev.nix>
- <stockholm/makefu/2configs/tools/sec.nix>
- <stockholm/makefu/2configs/zsh-user.nix>
- <stockholm/makefu/2configs/mosh.nix>
- <stockholm/makefu/2configs/gui/xpra.nix>
-
- <stockholm/makefu/2configs/git/cgit-retiolum.nix>
- <stockholm/makefu/2configs/backup.nix>
- # <stockholm/makefu/2configs/exim-retiolum.nix>
- <stockholm/makefu/2configs/tinc/retiolum.nix>
-
- # services
- <stockholm/makefu/2configs/sabnzbd.nix>
- <stockholm/makefu/2configs/mail/mail.euer.nix>
-
- # sharing
- <stockholm/makefu/2configs/share/gum.nix>
- <stockholm/makefu/2configs/torrent.nix>
- #<stockholm/makefu/2configs/retroshare.nix>
- ## <stockholm/makefu/2configs/ipfs.nix>
- #<stockholm/makefu/2configs/syncthing.nix>
- { # ncdc
- environment.systemPackages = [ pkgs.ncdc ];
- networking.firewall = {
- allowedUDPPorts = [ 51411 ];
- allowedTCPPorts = [ 51411 ];
- };
- }
- # <stockholm/makefu/2configs/opentracker.nix>
-
- ## network
- <stockholm/makefu/2configs/vpn/openvpn-server.nix>
- # <stockholm/makefu/2configs/vpn/vpnws/server.nix>
- <stockholm/makefu/2configs/dnscrypt/server.nix>
- <stockholm/makefu/2configs/binary-cache/server.nix>
- <stockholm/makefu/2configs/iodined.nix>
- <stockholm/makefu/2configs/bitlbee.nix>
-
- ## buildbot
- <stockholm/makefu/2configs/remote-build/slave.nix>
-
- # Removed until move: no extra mails
- <stockholm/makefu/2configs/urlwatch>
- # Removed until move: avoid double-update of domain
- # <stockholm/makefu/2configs/hub.nix>
- # Removed until move: avoid letsencrypt ban
- ### Web
- #<stockholm/makefu/2configs/nginx/share-download.nix>
- #<stockholm/makefu/2configs/nginx/euer.test.nix>
- #<stockholm/makefu/2configs/nginx/euer.mon.nix>
- #<stockholm/makefu/2configs/nginx/euer.wiki.nix>
- #<stockholm/makefu/2configs/nginx/euer.blog.nix>
- ## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
- #<stockholm/makefu/2configs/nginx/public_html.nix>
- #<stockholm/makefu/2configs/nginx/update.connector.one.nix>
- #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
- <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
- <stockholm/makefu/2configs/nginx/iso.euer.nix>
- <stockholm/makefu/2configs/deployment/events-publisher>
-
- #<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
- #<stockholm/makefu/2configs/deployment/graphs.nix>
- #<stockholm/makefu/2configs/deployment/owncloud.nix>
- #<stockholm/makefu/2configs/deployment/boot-euer.nix>
- #<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
-
- {
- services.taskserver.enable = true;
- services.taskserver.fqdn = config.krebs.build.host.name;
- services.taskserver.listenHost = "::";
- services.taskserver.organisations.home.users = [ "makefu" ];
- networking.firewall.extraCommands = ''
- iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
- ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
- '';
- }
-
-
- <stockholm/makefu/2configs/stats/client.nix>
- <stockholm/makefu/2configs/dcpp/airdcpp.nix>
- # <stockholm/makefu/2configs/logging/client.nix>
-
- ## Temporary:
- # <stockholm/makefu/2configs/temp/rst-issue.nix>
- <stockholm/makefu/2configs/virtualisation/docker.nix>
- <stockholm/makefu/2configs/virtualisation/libvirt.nix>
-
- #{
- # services.dockerRegistry.enable = true;
- # networking.firewall.allowedTCPPorts = [ 8443 ];
-
- # services.nginx.virtualHosts."euer.krebsco.de" = {
- # forceSSL = true;
- # enableACME = true;
- # extraConfig = ''
- # client_max_body_size 1000M;
- # '';
- # locations."/".proxyPass = "http://localhost:5000";
- # };
- #}
- { # wireguard server
-
- # opkg install wireguard luci-proto-wireguard
-
- # TODO: networking.nat
-
- # boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
- # conf.all.proxy_arp =1
- networking.firewall = {
- allowedUDPPorts = [ 51820 ];
- extraCommands = ''
- iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
- '';
- };
-
- networking.wireguard.interfaces.wg0 = {
- ips = [ "10.244.0.1/24" ];
- listenPort = 51820;
- privateKeyFile = (toString <secrets>) + "/wireguard.key";
- allowedIPsAsRoutes = true;
- peers = [
- {
- # x
- allowedIPs = [ "10.244.0.2/32" ];
- publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
- }
- {
- # vbob
- allowedIPs = [ "10.244.0.3/32" ];
- publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
- }
- {
- # x-test
- allowedIPs = [ "10.244.0.4/32" ];
- publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
- }
- {
- # work-router
- allowedIPs = [ "10.244.0.5/32" ];
- publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
- }
- {
- # workr
- allowedIPs = [ "10.244.0.6/32" ];
- publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
- }
- ];
- };
- }
- { # iperf3
- networking.firewall.allowedUDPPorts = [ 5201 ];
- networking.firewall.allowedTCPPorts = [ 5201 ];
- }
-
- # krebs infrastructure services
- <stockholm/makefu/2configs/stats/server.nix>
- ];
- makefu.dl-dir = "/var/download";
-
- services.openssh.hostKeys = [
- { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
- { path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
- ###### stable
- services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
- krebs.build.host = config.krebs.hosts.gum;
-
- krebs.tinc.retiolum = {
- extraConfig = ''
- ListenAddress = ${external-ip} 53
- ListenAddress = ${external-ip} 655
- ListenAddress = ${external-ip} 21031
- '';
- connectTo = [
- "muhbaasu" "tahoe" "flap" "wry"
- "ni"
- "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
- ];
- };
-
-
- # access
- users.users = {
- root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
- makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
- };
-
- # Chat
- environment.systemPackages = with pkgs;[
- weechat
- bepasty-client-cli
- tmux
- ];
-
- # Hardware
-
- # Network
- networking = {
- firewall = {
- allowPing = true;
- logRefusedConnections = false;
- allowedTCPPorts = [
- # smtp
- 25
- # http
- 80 443
- # httptunnel
- 8080 8443
- # tinc
- 655
- # tinc-shack
- 21032
- # tinc-retiolum
- 21031
- # taskserver
- 53589
- # temp vnc
- 18001
- # temp reverseshell
- 31337
- ];
- allowedUDPPorts = [
- # tinc
- 655 53
- # tinc-retiolum
- 21031
- # tinc-shack
- 21032
- ];
- };
- nameservers = [ "8.8.8.8" ];
- };
- users.users.makefu.extraGroups = [ "download" "nginx" ];
- boot.tmpOnTmpfs = true;
-}
diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix
deleted file mode 100644
index bfe29b46c..000000000
--- a/makefu/1systems/nextgum/hardware-config.nix
+++ /dev/null
@@ -1,99 +0,0 @@
-{ config, ... }:
-let
- external-mac = "50:46:5d:9f:63:6b";
- main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
- sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
- external-gw = "144.76.26.225";
- # single partition, label "nixos"
- # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
-
-
- # static
- external-ip = "144.76.26.247";
- external-ip6 = "2a01:4f8:191:12f6::2";
- external-gw6 = "fe80::1";
- external-netmask = 27;
- external-netmask6 = 64;
- internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
- ext-if = "et0"; # gets renamed on the fly
-in {
- imports = [
- ];
- makefu.server.primary-itf = ext-if;
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
- '';
- networking = {
- interfaces."${ext-if}" = {
- ipv4.addresses = [{
- address = external-ip;
- prefixLength = external-netmask;
- }];
- ipv6.addresses = [{
- address = external-ip6;
- prefixLength = external-netmask6;
- }];
- };
- defaultGateway6 = external-gw6;
- defaultGateway = external-gw;
- };
- boot.kernelParams = [ ];
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.devices = [ main-disk ];
- boot.initrd.kernelModules = [ "dm-raid" ];
- boot.initrd.availableKernelModules = [
- "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
- "xhci_pci" "ehci_pci" "ahci" "sd_mod"
- ];
- boot.kernelModules = [ "kvm-intel" ];
- hardware.enableRedistributableFirmware = true;
- fileSystems."/" = {
- device = "/dev/mapper/nixos-root";
- fsType = "ext4";
- };
- fileSystems."/var/lib" = {
- device = "/dev/mapper/nixos-lib";
- fsType = "ext4";
- };
- fileSystems."/var/download" = {
- device = "/dev/mapper/nixos-download";
- fsType = "ext4";
- };
- fileSystems."/var/lib/borgbackup" = {
- device = "/dev/mapper/nixos-backup";
- fsType = "ext4";
- };
- fileSystems."/boot" = {
- device = "/dev/sda2";
- fsType = "vfat";
- };
- # parted -s -a optimal "$disk" \
- # mklabel gpt \
- # mkpart no-fs 0 1024KiB \
- # set 1 bios_grub on \
- # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
- # mkpart primary 1025MiB 100%
- # parted -s -a optimal "/dev/sdb" \
- # mklabel gpt \
- # mkpart primary 1M 100%
-
- #mkfs.vfat /dev/sda2
- #pvcreate /dev/sda3
- #pvcreate /dev/sdb1
- #vgcreate nixos /dev/sda3 /dev/sdb1
- #lvcreate -L 120G -m 1 -n root nixos
- #lvcreate -L 50G -m 1 -n lib nixos
- #lvcreate -L 100G -n download nixos
- #lvcreate -L 100G -n backup nixos
- #mkfs.ext4 /dev/mapper/nixos-root
- #mkfs.ext4 /dev/mapper/nixos-lib
- #mkfs.ext4 /dev/mapper/nixos-download
- #mkfs.ext4 /dev/mapper/nixos-borgbackup
- #mount /dev/mapper/nixos-root /mnt
- #mkdir /mnt/boot
- #mount /dev/sda2 /mnt/boot
- #mkdir -p /mnt/var/src
- #touch /mnt/var/src/.populate
-
-}
diff --git a/makefu/1systems/nextgum/source.nix b/makefu/1systems/nextgum/source.nix
deleted file mode 100644
index 6940498f1..000000000
--- a/makefu/1systems/nextgum/source.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- name="nextgum";
- torrent = true;
- clever_kexec = true;
-}
diff --git a/makefu/1systems/nextgum/transfer-config.nix b/makefu/1systems/nextgum/transfer-config.nix
deleted file mode 100644
index 92df60195..000000000
--- a/makefu/1systems/nextgum/transfer-config.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ config, lib, ... }:
-# configuration which is only required for the time of the transfer
-{
- krebs.tinc.retiolum.connectTo = [ "gum" ];
- krebs.build.host = lib.mkForce config.krebs.hosts.nextgum;
-}
-
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index be49db024..260f96081 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -8,11 +8,11 @@ let
in {
imports =
[
- #./hw/omo.nix
- ./hw/tsp.nix
+ ./hw/omo.nix
+ #./hw/tsp.nix
<stockholm/makefu>
<stockholm/makefu/2configs/zsh-user.nix>
- <stockholm/makefu/2configs/backup.nix>
+ <stockholm/makefu/2configs/backup/state.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
# <stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/mail-client.nix>
@@ -25,6 +25,22 @@ in {
#<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix>
<stockholm/makefu/2configs/share/omo.nix>
+ <stockholm/makefu/2configs/dcpp/airdcpp.nix>
+ { krebs.airdcpp.dcpp.shares = let
+ d = path: "/media/cryptX/${path}";
+ in {
+ emu.path = d "emu";
+ audiobooks.path = lib.mkForce (d "audiobooks");
+ incoming.path = lib.mkForce (d "torrent");
+ anime.path = d "anime";
+ };
+ krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp";
+ }
+ {
+ # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
+ #services.sabnzbd.enable = true;
+ #systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ }
# <stockholm/makefu/2configs/share/omo-timemachine.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
@@ -41,13 +57,31 @@ in {
<stockholm/makefu/2configs/stats/arafetch.nix>
# services
- <stockholm/makefu/2configs/syncthing.nix>
+ {
+ services.nginx.enable = true;
+ networking.firewall.allowedTCPPorts = [ 80 ];
+ }
+ # <stockholm/makefu/2configs/syncthing.nix>
<stockholm/makefu/2configs/remote-build/slave.nix>
- <stockholm/makefu/2configs/deployment/google-muell.nix>
+ # TODO:
+ # <stockholm/makefu/2configs/deployment/google-muell.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/bluetooth-mpd.nix>
+
+ {
+ # Risikoübernahme
+ nixpkgs.config.permittedInsecurePackages = [
+ "homeassistant-0.77.2"
+ ];
+ }
<stockholm/makefu/2configs/deployment/homeautomation>
{
+ makefu.ps3netsrv = {
+ enable = true;
+ servedir = "/media/cryptX/emu/ps3";
+ };
+ }
+ {
hardware.pulseaudio.systemWide = true;
makefu.mpd.musicDirectory = "/media/cryptX/music";
}
@@ -71,10 +105,11 @@ in {
];
makefu.full-populate = true;
+ nixpkgs.config.allowUnfree = true;
krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) {
downloadDir = lib.mkForce "/media/cryptX/torrent";
extraConfig = ''
- upload_rate = 200
+ upload_rate = 500
'';
};
users.groups.share = {
@@ -83,14 +118,7 @@ in {
};
networking.firewall.trustedInterfaces = [ primaryInterface ];
- # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
- services.sabnzbd.enable = true;
- systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
- makefu.ps3netsrv = {
- enable = true;
- servedir = "/media/cryptX/emu/ps3";
- };
users.users.misa = {
uid = 9002;
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index e1d66a2f9..f2311fb55 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -11,10 +11,10 @@ in {
<stockholm/makefu>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/tools/core.nix>
- <stockholm/makefu/2configs/disable_v6.nix>
- # <stockholm/makefu/2configs/tools/core-gui.nix>
- # <stockholm/makefu/2configs/tools/extra-gui.nix>
- # <stockholm/makefu/2configs/tools/media.nix>
+ # <stockholm/makefu/2configs/disable_v6.nix>
+ <stockholm/makefu/2configs/tools/core-gui.nix>
+ <stockholm/makefu/2configs/tools/extra-gui.nix>
+ <stockholm/makefu/2configs/tools/media.nix>
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix>
@@ -33,9 +33,6 @@ in {
<stockholm/makefu/2configs/share/wbob.nix>
<stockholm/makefu/2configs/bluetooth-mpd.nix>
- {
- users.users.makefu.extraGroups = [ "pulse" ];
- }
# Sensors
<stockholm/makefu/2configs/stats/telegraf>
@@ -46,10 +43,16 @@ in {
<stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
+ { environment.systemPackages = [ pkgs.vlc ]; }
-
-
+ {
+ # Risikoübernahme
+ nixpkgs.config.permittedInsecurePackages = [
+ "homeassistant-0.77.2"
+ ];
+ }
<stockholm/makefu/2configs/deployment/bureautomation>
+ <stockholm/makefu/2configs/deployment/bureautomation/mpd.nix>
<stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
(let
collectd-port = 25826;
@@ -174,20 +177,4 @@ in {
fsType = "ext4";
};
};
-
- # DualHead on NUC
- # TODO: update synergy package with these extras (username)
- # TODO: add crypto layer
- systemd.services."synergy-client" = {
- environment.DISPLAY = ":0";
- serviceConfig.User = user;
- };
-
- services.synergy = {
- client = {
- enable = true;
- screenName = "wbob";
- serverAddress = "x.r";
- };
- };
}
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 66d904512..5a4eea2e4 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -15,7 +15,7 @@
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
- <stockholm/makefu/2configs/laptop-backup.nix>
+ <stockholm/makefu/2configs/backup/state.nix>
# <stockholm/makefu/2configs/dnscrypt/client.nix>
<stockholm/makefu/2configs/avahi.nix>
@@ -74,6 +74,7 @@
<stockholm/makefu/2configs/hw/network-manager.nix>
<stockholm/makefu/2configs/hw/stk1160.nix>
<stockholm/makefu/2configs/hw/irtoy.nix>
+ <stockholm/makefu/2configs/hw/switch.nix>
<stockholm/makefu/2configs/hw/bluetooth.nix>
# <stockholm/makefu/2configs/hw/rad1o.nix>
<stockholm/makefu/2configs/hw/smartcard.nix>
@@ -83,11 +84,11 @@
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
- {
- programs.adb.enable = true;
- }
+ { programs.adb.enable = true; }
# temporary
+ { services.redis.enable = true; }
<stockholm/makefu/2configs/pyload.nix>
+ # <stockholm/makefu/2configs/dcpp/airdcpp.nix>
# <stockholm/makefu/2configs/nginx/rompr.nix>
# <stockholm/makefu/2configs/lanparty/lancache.nix>
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
@@ -121,13 +122,11 @@
];
makefu.server.primary-itf = "wlp3s0";
- makefu.full-populate = true;
nixpkgs.config.allowUnfree = true;
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
- networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
networking.firewall.allowedUDPPorts = [ 665 26061 ];
networking.firewall.trustedInterfaces = [ "vboxnet0" ];
@@ -144,14 +143,25 @@
# avoid full boot dir
boot.loader.grub.configurationLimit = 3;
- environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
+ environment.systemPackages = [ pkgs.passwdqc-utils ];
# environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
state = [
"/home/makefu/stockholm"
- "/home/makefu/backup/borgun"
- "/home/makefu/.mail/"
+ "/home/makefu/.ssh/"
+ "/home/makefu/.zsh_history"
+ "/home/makefu/.bash_history"
+ "/home/makefu/.zshrc"
+ "/home/makefu/bin"
+ "/home/makefu/.gnupg"
+ "/home/makefu/.imapfilter"
+ "/home/makefu/.mutt"
+ "/home/makefu/docs"
+ "/home/makefu/.password-store"
+ "/home/makefu/.secrets-pass"
+ "/home/makefu/autosync/Database.kdb"
];
+
services.syncthing.user = lib.mkForce "makefu";
services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
}
diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix
deleted file mode 100644
index a4d02af6b..000000000
--- a/makefu/2configs/backup.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-let
- # preparation:
- # mkdir -p defaultBackupDir/host.name/src
- # as root on omo:
- # ssh-copy-id root@src
- startAt = "0,6,12,18:00";
- defaultBackupServer = config.krebs.hosts.omo;
- defaultBackupDir = "/home/backup";
- defaultPull = host: src: {
- method = "pull";
- src = {
- inherit host;
- path = src;
- };
- dst = {
- host = defaultBackupServer;
- path = "${defaultBackupDir}/${host.name}${src}";
- };
- startAt = "0,6,12,18:00";
- snapshots = {
- hourly = { format = "%Y-%m-%dT%H"; retain = 4; };
- daily = { format = "%Y-%m-%d"; retain = 7; };
- weekly = { format = "%YW%W"; retain = 4; };
- monthly = { format = "%Y-%m"; retain = 12; };
- yearly = { format = "%Y"; };
- };
- };
-in {
- krebs.backup.plans = {
- # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
- gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
- gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )//
- {
- dst.path = "/media/cryptX/backup/gum/var-download";
- dst.host = defaultBackupServer;
- startAt = "19:00";
- };
- gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )//
- {
- dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de";
- dst.host = defaultBackupServer;
-
- startAt = "05:00";
- };
- # wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/";
- };
- environment.systemPackages = [
- pkgs.borgbackup
- ];
-}
diff --git a/makefu/2configs/backup/server.nix b/makefu/2configs/backup/server.nix
new file mode 100644
index 000000000..f157e715f
--- /dev/null
+++ b/makefu/2configs/backup/server.nix
@@ -0,0 +1,11 @@
+{lib, ... }:
+let
+ hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh );
+in {
+ # TODO: for all enabled machines
+ services.borgbackup.repos = lib.genAttrs hosts (host: {
+ authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ];
+ path = "/var/lib/borgbackup/${host}";
+ user = "borg-${host}";
+ }) ;
+}
diff --git a/makefu/2configs/backup/ssh/gum.pub b/makefu/2configs/backup/ssh/gum.pub
new file mode 100644
index 000000000..ed203d544
--- /dev/null
+++ b/makefu/2configs/backup/ssh/gum.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x
diff --git a/makefu/2configs/backup/ssh/nextgum.pub b/makefu/2configs/backup/ssh/nextgum.pub
new file mode 100644
index 000000000..52d56d956
--- /dev/null
+++ b/makefu/2configs/backup/ssh/nextgum.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x
diff --git a/makefu/2configs/backup/ssh/omo.pub b/makefu/2configs/backup/ssh/omo.pub
new file mode 100644
index 000000000..053b4da87
--- /dev/null
+++ b/makefu/2configs/backup/ssh/omo.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x
diff --git a/makefu/2configs/backup/ssh/x.pub b/makefu/2configs/backup/ssh/x.pub
new file mode 100644
index 000000000..fe894df33
--- /dev/null
+++ b/makefu/2configs/backup/ssh/x.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x
diff --git a/makefu/2configs/backup/state.nix b/makefu/2configs/backup/state.nix
new file mode 100644
index 000000000..1143708bf
--- /dev/null
+++ b/makefu/2configs/backup/state.nix
@@ -0,0 +1,25 @@
+{ config, ... }:
+# back up all state
+let
+ sec = toString <secrets>;
+ sshkey = sec + "/borg.priv";
+ phrase = sec + "/borg.pw";
+in
+{
+ services.borgbackup.jobs.state = {
+ repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:.";
+ paths = config.state;
+ encryption = {
+ mode = "repokey";
+ passCommand = "cat ${phrase}";
+ };
+ environment.BORG_RSH = "ssh -i ${sshkey}";
+ prune.keep =
+ { daily = 7;
+ weekly = 4;
+ monthly = -1; # Keep at least one archive for each month
+ };
+ compression = "auto,lzma";
+ startAt = "daily";
+ };
+}
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
index 890652285..f63dbefd8 100644
--- a/makefu/2configs/bepasty-dual.nix
+++ b/makefu/2configs/bepasty-dual.nix
@@ -32,6 +32,11 @@ in {
"paste.${config.krebs.build.host.name}"
"paste.r"
];
+ extraConfig = ''
+ if ( $server_addr = "${external-ip}" ) {
+ return 403;
+ }
+ '';
};
defaultPermissions = "admin,list,create,read,delete";
secretKeyFile = secKey;
diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix
index b59d3ce10..e007b6072 100644
--- a/makefu/2configs/bluetooth-mpd.nix
+++ b/makefu/2configs/bluetooth-mpd.nix
@@ -57,6 +57,8 @@ in {
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-switch-on-connect
+ load-module module-equalizer-sink
+ load-module module-dbus-protocol
#load-module module-bluez5-device
#load-module module-bluez5-discover
'';
diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix
index fe05effd9..ad62babc3 100644
--- a/makefu/2configs/dcpp/airdcpp.nix
+++ b/makefu/2configs/dcpp/airdcpp.nix
@@ -44,5 +44,6 @@
'';
};
-
+ state = map (f: "${config.krebs.airdcpp.stateDir}/${f}")
+ [ "Favorites.xml" "DCPlusPlus.xml" "WebServer.xml" "Recents.xml" "IgnoredUsers.xml" ];
}
diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix
index 4605e8933..443484a34 100644
--- a/makefu/2configs/deployment/bureautomation/hass.nix
+++ b/makefu/2configs/deployment/bureautomation/hass.nix
@@ -11,6 +11,11 @@ let
payload_available= "Online";
payload_not_available= "Offline";
};
+ tasmota_stecki = name: topic:
+ ( tasmota_plug name topic) //
+ { state_topic = "/bam/${topic}/stat/POWER";
+ command_topic = "/bam/${topic}/cmnd/POWER";
+ };
espeasy_dht22 = name: [
{ platform = "mqtt";
name = "${name} DHT22 Temperature";
@@ -38,9 +43,6 @@ let
};
in {
networking.firewall.allowedTCPPorts = [ 8123 ];
- nixpkgs.config.permittedInsecurePackages = [
- "homeassistant-0.65.5"
- ];
services.home-assistant = {
enable = true;
@@ -48,6 +50,9 @@ in {
homeassistant = {
name = "Bureautomation";
time_zone = "Europe/Berlin";
+ latitude = "48.8265";
+ longitude = "9.0676";
+ elevation = 303;
};
mqtt = {
@@ -72,7 +77,7 @@ in {
switch = [
(tasmota_plug "Bauarbeiterlampe" "plug")
(tasmota_plug "Blitzdings" "plug2")
- (tasmota_plug "Fernseher" "plug3")
+ (tasmota_stecki "Fernseher" "fernseher")
(tasmota_plug "Pluggy" "plug4")
];
binary_sensor = [
@@ -96,26 +101,140 @@ in {
sensorid = "5341";
monitored_conditions = [ "P1" "P2" ];
}
- { platform = "influxdb";
- queries = [
- { name = "mean value of feinstaub P1";
- where = '' "node" = 'esp8266-1355142' '';
- measurement = "feinstaub";
- database = "telegraf";
- field = "P1";
- }
- { name = "mean value of feinstaub P2";
- where = '' "node" = 'esp8266-1355142' '';
- measurement = "feinstaub";
- database = "telegraf";
- field = "P2";
- }
- ];
+
+ { platform = "darksky";
+ api_key = lib.removeSuffix "\n"
+ (builtins.readFile <secrets/hass/darksky.apikey>);
+ language = "de";
+ monitored_conditions = [ "summary" "icon"
+ "nearest_storm_distance" "precip_probability"
+ "precip_intensity"
+ "temperature" # "temperature_high" "temperature_low"
+ "apparent_temperature"
+ "hourly_summary" # next 24 hours text
+ "minutely_summary"
+ "humidity"
+ "pressure"
+ "uv_index" ];
+ units = "si" ;
+ update_interval = {
+ days = 0;
+ hours = 0;
+ minutes = 30;
+ seconds = 0;
+ };
+ }
+ #{ platform = "influxdb";
+ # queries = [
+ # { name = "mean value of feinstaub P1";
+ # where = '' "node" = 'esp8266-1355142' '';
+ # measurement = "feinstaub";
+ # database = "telegraf";
+ # field = "P1";
+ # }
+ # { name = "mean value of feinstaub P2";
+ # where = '' "node" = 'esp8266-1355142' '';
+ # measurement = "feinstaub";
+ # database = "telegraf";
+ # field = "P2";
+ # }
+ # ];
+ #}
+ ];
+ camera = [
+ { name = "Baumarkt";
+ platform = "generic";
+ still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt
+ }
+ { name = "Autobahn Heilbronn";
+ platform = "generic";
+ still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ;
+ }
+ { name = "Autobahn Singen";
+ platform = "generic";
+ still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ;
}
];
frontend = { };
http = { };
- feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
+ conversation = {};
+ history = {};
+ logbook = {};
+ tts = [ { platform = "google";} ];
+ recorder = {};
+ group =
+ { default_view =
+ { view = "yes";
+ entities = [
+ "group.sensors"
+ "group.outside"
+ "group.switches"
+ "group.automation"
+ "group.camera"
+ ];
+ };
+ automation = [
+ "automation.turn_off_fernseher_10_minutes_after_last_movement"
+ ];
+ switches = [
+ "switch.bauarbeiterlampe"
+ "switch.blitzdings"
+ "switch.fernseher"
+ "switch.pluggy"
+ ];
+ camera = [
+ "camera.Baumarkt"
+ "camera.Autobahn_Heilbronn"
+ "camera.Autobahn_Singen"
+ ];
+ sensors = [
+ "binary_sensor.motion"
+ "sensor.easy2_dht22_humidity"
+ "sensor.easy2_dht22_temperature"
+ ];
+ outside = [
+ "sensor.ditzingen_pm10"
+ "sensor.ditzingen_pm25"
+ "sensor.dark_sky_temperature"
+ "sensor.dark_sky_humidity"
+ "sensor.dark_sky_pressure"
+ "sensor.dark_sky_hourly_summary"
+ "sensor.dark_sky_minutely_summary"
+ ];
+ };
+ # only for automation
+ # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
+ automation = [
+ { alias = "Turn on Fernseher on movement";
+ trigger = {
+ platform = "state";
+ entity_id = "binary_sensor.motion";
+ to = "on";
+ };
+ action = {
+ service= "homeassistant.turn_on";
+ entity_id= "switch.fernseher";
+ };
+ }
+ { alias = "Turn off Fernseher 10 minutes after last movement";
+ trigger = {
+ platform = "state";
+ entity_id = "binary_sensor.motion";
+ to = "off";
+ for.minutes = 10;
+ };
+ action = {
+ service= "homeassistant.turn_off";
+ entity_id= "switch.fernseher";
+ };
+ condition = [{
+ condition = "time";
+ before = "06:30:00"; #only turn off between 6:30 and 18:00
+ after = "18:00:00";
+ weekday = [ "mon" "tue" "wed" "thu" "fri" ];
+ }];
+ }
+ ];
};
};
}
diff --git a/makefu/2configs/deployment/bureautomation/home.nix b/makefu/2configs/deployment/bureautomation/home.nix
deleted file mode 100644
index 28edb6af2..000000000
--- a/makefu/2configs/deployment/bureautomation/home.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ pkgs, lib, ... }:
-let
- firetv = "192.168.1.238";
-in {
- systemd.services.firetv = {
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- User = "nobody";
- ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
- };
- };
- services.home-assistant = {
- #panel_iframe:
- #configurator:
- # title: Configurator
- # icon: mdi:wrench
- # url: http://hassio.local:3218
- # sensor:
- # - platform: random
- enable = true;
- config = {
- homeassistant = {
- name = "Bureautomation";
- time_zone = "Europe/Berlin";
- };
- panel_iframe = {
- euer_blog = {
- title = "Euer Blog";
- icon = "mdi:wrench";
- url = "https://euer.krebsco.de";
- };
- };
- media_player = [
- { platform = "kodi";
- host = firetv;
- }
- { platform = "firetv";
- # assumes python-firetv running
- }
- ];
- sensor = [
- {
- platform = "luftdaten";
- name = "Shack 1";
- sensorid = "50";
- monitored_conditions = [ "P1" "P2" ];
- }
- {
- platform = "luftdaten";
- name = "Shack 2";
- sensorid = "658";
- monitored_conditions = [ "P1" "P2" ];
- }
- {
- platform = "luftdaten";
- name = "Ditzingen";
- sensorid = "5341";
- monitored_conditions = [ "P1" "P2" ];
- }
- { platform = "random"; }
- ];
- frontend = { };
- http = { };
- feedreader.urls = [ "https://nixos.org/blogs.xml" ];
- };
- };
-}
diff --git a/makefu/2configs/deployment/bureautomation/mpd.nix b/makefu/2configs/deployment/bureautomation/mpd.nix
new file mode 100644
index 000000000..1f5acb357
--- /dev/null
+++ b/makefu/2configs/deployment/bureautomation/mpd.nix
@@ -0,0 +1,9 @@
+{lib,pkgs, ... }:
+
+{
+ systemd.services."ympd-wbob" = {
+ description = "mpd ";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host localhost --port 6600 --webport 8866 --user nobody";
+ };
+}
diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix
index bde9892cd..e7dc54dd0 100644
--- a/makefu/2configs/deployment/graphs.nix
+++ b/makefu/2configs/deployment/graphs.nix
@@ -6,11 +6,6 @@ let
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
hn = config.krebs.build.host.name;
in {
- krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
- if ( $server_addr = "${external-ip}" ) {
- return 403;
- }
- '';
krebs.tinc_graphs = {
enable = true;
nginx = {
diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix
index f2a3b36e2..94799b11d 100644
--- a/makefu/2configs/deployment/homeautomation/default.nix
+++ b/makefu/2configs/deployment/homeautomation/default.nix
@@ -1,9 +1,60 @@
-{ pkgs, config, ... }:
+{ pkgs, lib, config, ... }:
# Ideas:
## wake-on-lan server
##
let
+ tasmota_rgb = name: topic:
+# LED WS2812b
+# effect_state_topic: "stat/led/Scheme"
+# effect_command_topic: "cmnd/led/Scheme"
+# effect_value_template: "{{ value_json.Scheme }}"
+ { platform = "mqtt";
+ inherit name;
+ retain = false;
+ qos = 1;
+ optimistic = false;
+ # state
+ # TODO: currently broken, will not use the custom state topic
+ #state_topic = "/ham/${topic}/stat/POWER";
+ state_topic = "/ham/${topic}/stat/POWER";
+ command_topic = "/ham/${topic}/cmnd/POWER";
+ availability_topic = "/ham/${topic}/tele/LWT";
+ payload_on= "ON";
+ payload_off= "OFF";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ # brightness
+ brightness_state_topic = "/ham/${topic}/stat/Dimmer";
+ brightness_command_topic = "/ham/${topic}/cmnd/Dimmer";
+ brightness_value_template = "{{ value_json.Dimmer }}";
+ brightness_scale = 100;
+ # color
+ rgb_state_topic = "/ham/${topic}/stat/Color";
+ rgb_command_topic = "/ham/${topic}/cmnd/Color2";
+ rgb_command_mode = "hex";
+ rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
+ # effects
+ effect_state_topic = "/ham/${topic}/stat/Scheme";
+ effect_command_topic = "/ham/${topic}/cmnd/Scheme";
+ effect_value_template = "{{ value_json.Scheme }}";
+ effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ];
+};
+ # switchmode 1 - also toggle power
+ # switchtopic flurlicht
+ tasmota_motion = name: topic:
+ { platform = "mqtt";
+ device_class = "motion";
+ inherit name;
+ # TODO: currently broken, will not use the custom state topic
+ state_topic = "/ham/${topic}/stat/POWER";
+ payload_on = "ON";
+ payload_off = "OFF";
+ availability_topic = "/ham/${topic}/tele/LWT";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ };
+
firetv = "192.168.1.238";
tasmota_plug = name: topic:
{ platform = "mqtt";
@@ -36,20 +87,31 @@ let
unit_of_measurement = "hPa";
}
];
+ tasmota_am2301 = name: topic:
+ [ { platform = "mqtt";
+ name = "${name} Temperatur";
+ state_topic = "/ham/${topic}/tele/SENSOR";
+ value_template = "{{ value_json.AM2301.Temperature }}";
+ unit_of_measurement = "°C";
+ }
+ { platform = "mqtt";
+ name = "${name} Luftfeuchtigkeit";
+ state_topic = "/ham/${topic}/tele/SENSOR";
+ value_template = "{{ value_json.AM2301.Humidity }}";
+ unit_of_measurement = "%";
+ }
+ ];
in {
imports = [
./mqtt.nix
];
- systemd.services.firetv = {
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- User = "nobody";
- ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
- };
- };
- nixpkgs.config.permittedInsecurePackages = [
- "homeassistant-0.65.5"
- ];
+ #systemd.services.firetv = {
+ # wantedBy = [ "multi-user.target" ];
+ # serviceConfig = {
+ # User = "nobody";
+ # ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
+ # };
+ #};
services.home-assistant = {
config = {
homeassistant = {
@@ -58,7 +120,7 @@ in {
longitude = "9.2478";
elevation = 247;
};
- discovery = {};
+ #discovery = {};
conversation = {};
history = {};
logbook = {};
@@ -71,16 +133,16 @@ in {
{ platform = "kodi";
host = firetv;
}
- { platform = "firetv";
- # assumes python-firetv running
- }
+ #{ platform = "firetv";
+ # # assumes python-firetv running
+ #}
];
mqtt = {
broker = "localhost";
port = 1883;
client_id = "home-assistant";
username = "hass";
- password = builtins.readFile <secrets/mqtt/hass>;
+ password = lib.removeSuffix "\n" (builtins.readFile <secrets/mqtt/hass>);
keepalive = 60;
protocol = 3.1;
birth_message = {
@@ -96,43 +158,100 @@ in {
retain = true;
};
};
+ binary_sensor = [
+ (tasmota_motion "Flur Bewegung" "flurlicht")
+ ];
sensor = [
- { platform = "speedtest";
- monitored_conditions = [ "ping" "download" "upload" ];
- }
+ # broken
+ #{ platform = "speedtest";
+ # monitored_conditions = [ "ping" "download" "upload" ];
+ #}
{ platform = "luftdaten";
- name = "Ditzingen";
+ name = "Wangen";
sensorid = "663";
monitored_conditions = [ "P1" "P2" ];
}
# https://www.home-assistant.io/cookbook/automation_for_rainy_days/
{ platform = "darksky";
- api_key = "c73619e6ea79e553a585be06aacf3679";
+ api_key = lib.removeSuffix "\n"
+ (builtins.readFile <secrets/hass/darksky.apikey>);
language = "de";
monitored_conditions = [ "summary" "icon"
"nearest_storm_distance" "precip_probability"
"precip_intensity"
- "temperature" # "temperature_high" "temperature_low"
+ "temperature"
+ "apparent_temperature"
"hourly_summary"
+ "humidity"
+ "pressure"
"uv_index" ];
units = "si" ;
update_interval = {
days = 0;
hours = 0;
- minutes = 10;
+ minutes = 30;
seconds = 0;
};
}
- ] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer");
+ ]
+ ++ (tasmota_bme "Schlafzimmer" "schlafzimmer")
+ ++ (tasmota_am2301 "Arbeitszimmer" "arbeitszimmer");
frontend = { };
- #group = [
- # { default_view = { view = "yes"; entities = [
- # "sensor.luftdaten"
- # ]}
- #];
+ group =
+ { default_view =
+ { view = "yes";
+ entities = [
+ "group.flur"
+ "group.schlafzimmer"
+ "group.draussen"
+ "group.wohnzimmer"
+ "group.arbeitszimmer"
+ ];
+ };
+ flur = [
+ "light.flurlicht"
+ "binary_sensor.flur_bewegung"
+ ];
+ wohnzimmer = [
+ "media_player.kodi"
+ ];
+ draussen = [
+ "sensor.dark_sky_temperature"
+ "sensor.dark_sky_hourly_summary"
+ "sensor.wangen_pm10"
+ "sensor.wangen_pm25"
+ ];
+ schlafzimmer = [
+ "sensor.schlafzimmer_temperatur"
+ "sensor.schlafzimmer_luftdruck"
+ "sensor.schlafzimmer_luftfeuchtigkeit"
+ "switch.lichterkette_schlafzimmer"
+ ];
+ arbeitszimmer = [
+ "switch.strom_staubsauger"
+ "sensor.arbeitszimmer_temperatur"
+ "sensor.arbeitszimmer_luftfeuchtigkeit"
+ ];
+ };
http = { };
switch = [
(tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer")
+ (tasmota_plug "Strom Staubsauger" "arbeitszimmer")
+ ];
+ light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ];
+ automation = [
+ { alias = "Staubsauger Strom aus nach 6h";
+ trigger = {
+ platform = "state";
+ entity_id = "switch.strom_staubsauger";
+ to = "on";
+ for.hours = 6;
+ };
+ action = {
+ service= "homeassistant.turn_off";
+ entity_id= "switch.strom_staubsauger";
+ };
+ }
];
};
enable = true;
diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix
index 16a7a13b2..f63417e8f 100644
--- a/makefu/2configs/fetchWallpaper.nix
+++ b/makefu/2configs/fetchWallpaper.nix
@@ -8,7 +8,7 @@
timerConfig = {
OnCalendar = "*:0/30";
};
- url = "http://prism.r/realwallpaper-sat-krebs.png";
+ url = "http://prism.r/realwallpaper-krebs.png";
};
}
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 1a7f3d987..4890e4afe 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -41,6 +41,7 @@ let
autosync = { };
fenkins = { };
pass = { };
+ secrets = { };
};
connector-repos = mapAttrs make-priv-repo {
diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix
index 861a9327e..6bcd09826 100644
--- a/makefu/2configs/gui/base.nix
+++ b/makefu/2configs/gui/base.nix
@@ -66,7 +66,7 @@ in
cat |derp <<EOF
XTerm*background: black
XTerm*foreground: white
- XTerm*FaceName : xft:xos4 Terminus:pixelsize=11
+ XTerm*FaceName : xft:Terminus:pixelsize=12
URxvt*termName: rxvt
URxvt*saveLines: 10000
@@ -78,7 +78,7 @@ in
URxvt.background: black
URxvt.urgentOnBell: true
URxvt.visualBell: false
- URxvt.font : xft:xos4 Terminus:size=11
+ URxvt.font : xft:Terminus:size=12
! blue
diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix
index 7db749227..6da1a37e7 100644
--- a/makefu/2configs/gui/wbob-kiosk.nix
+++ b/makefu/2configs/gui/wbob-kiosk.nix
@@ -4,22 +4,38 @@
imports = [
./base.nix
];
- users.users.makefu.packages = [ pkgs.chromium ];
+ users.users.makefu = {
+ packages = [ pkgs.chromium ];
+ extraGroups = [ "audio" "pulse" ];
+ };
services.xserver = {
- layout = lib.mkForce "de";
- xkbVariant = lib.mkForce "";
windowManager = lib.mkForce {
awesome.enable = false;
default = "none";
};
- desktopManager.xfce.enable = true;
+ desktopManager.xfce = {
+ extraSessionCommands = ''
+ ${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms
+ ${pkgs.xlibs.xrandr}/bin/xrandr --output HDMI2 --right-of HDMI1
+ '';
+ enable = true;
+ };
# xrandrHeads = [ "HDMI1" "HDMI2" ];
# prevent screen from turning off, disable dpms
- displayManager.sessionCommands = ''
- xset -display :0 s off -dpms
- xrandr --output HDMI2 --right-of HDMI1
- '';
};
+
+ systemd.services.xset-off = {
+ after = [ "display-manager.service" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms";
+ RemainAfterExit = "yes";
+ TimeoutSec = "5s";
+ RestartSec="5s";
+ Restart = "on-failure";
+ };
+ };
+
}
diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix
index 1efc4d2bf..64aa03bd7 100644
--- a/makefu/2configs/home-manager/cli.nix
+++ b/makefu/2configs/home-manager/cli.nix
@@ -1,12 +1,18 @@
-{
+{pkgs, ... }: {
home-manager.users.makefu = {
services.gpg-agent = {
+ enable = true;
defaultCacheTtl = 900;
maxCacheTtl = 7200;
defaultCacheTtlSsh = 3600;
maxCacheTtlSsh = 86400;
enableSshSupport = true;
+ enableScDaemon = true;
};
programs.fzf.enable = true; # alt-c
};
+ services.udev.packages = [
+ pkgs.libu2f-host
+ pkgs.yubikey-personalization
+ ];
}
diff --git a/makefu/2configs/home-manager/default.nix b/makefu/2configs/home-manager/default.nix
index e75ee6262..2a4574cc8 100644
--- a/makefu/2configs/home-manager/default.nix
+++ b/makefu/2configs/home-manager/default.nix
@@ -4,4 +4,7 @@
];
home-manager.users.makefu = {
};
+ environment.variables = {
+ GTK_DATA_PREFIX = "/run/current-system/sw";
+ };
}
diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix
index c2f854d47..ce98e651a 100644
--- a/makefu/2configs/home-manager/desktop.nix
+++ b/makefu/2configs/home-manager/desktop.nix
@@ -1,31 +1,43 @@
-{pkgs, ... }: {
+{ pkgs, lib, ... }:
+
+{
home-manager.users.makefu = {
programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
+ programs.firefox.enable = true;
services.network-manager-applet.enable = true;
+ systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
services.blueman-applet.enable = true;
services.pasystray.enable = true;
-
- systemd.user.services.network-manager-applet.Service.Environment = ''
- XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
- '';
- systemd.user.services.clipit = {
- Unit = {
- Description = "clipboard manager";
- After = [ "graphical-session-pre.target" ];
- PartOf = [ "graphical-session.target" ];
+ systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) );
+ programs.chromium = {
+ enable = true;
+ extensions = [
+ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
+ "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
+ # "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold
+ "fpnmgdkabkmnadcjpehmlllkndpkmiak" # wayback machine
+ "gcknhkkoolaabfmlnjonogaaifnjlfnp" # foxyproxy
+ "abkfbakhjpmblaafnpgjppbmioombali" # memex
+ "kjacjjdnoddnpbbcjilcajfhhbdhkpgk" # forest
+ ];
};
- Install = {
- WantedBy = [ "graphical-session.target" ];
- };
+ systemd.user.services.clipit = {
+ Unit = {
+ Description = "clipboard manager";
+ After = [ "graphical-session-pre.target" ];
+ PartOf = [ "graphical-session.target" ];
+ };
- Service = {
- Environment = ''
- XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
- '';
- ExecStart = "${pkgs.clipit}/bin/clipit";
- Restart = "on-abort";
+ Install = {
+ WantedBy = [ "graphical-session.target" ];
+ };
+
+ Service = {
+ Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
+ ExecStart = "${pkgs.clipit}/bin/clipit";
+ Restart = "on-abort";
+ };
};
};
- };
}
diff --git a/makefu/2configs/home-manager/mail.nix b/makefu/2configs/home-manager/mail.nix
index ce7ae4f4d..467e0d7a0 100644
--- a/makefu/2configs/home-manager/mail.nix
+++ b/makefu/2configs/home-manager/mail.nix
@@ -1,5 +1,6 @@
{
home-manager.users.makefu = {
+ accounts.email.maildirBasePath = "/home/makefu/Mail";
accounts.email.accounts.syntaxfehler = {
address = "felix.richter@syntax-fehler.de";
userName = "Felix.Richter@syntax-fehler.de";
@@ -27,7 +28,7 @@
};
primary = true;
realName = "Felix Richter";
- passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg";
+ passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.gnupg/mail/syntax-fehler.gpg";
};
programs.offlineimap.enable = true;
programs.offlineimap.extraConfig = {
diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix
index 313ca0147..e556b43c0 100644
--- a/makefu/2configs/hw/bluetooth.nix
+++ b/makefu/2configs/hw/bluetooth.nix
@@ -1,9 +1,7 @@
{ pkgs, ... }:
{ # bluetooth+pulse config
# for blueman-applet
- users.users.makefu.packages = [
- pkgs.blueman
- ];
+ users.users.makefu.packages = [ pkgs.blueman ];
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
@@ -39,4 +37,5 @@
Enable=Source,Sink,Media,Socket
'';
};
+ services.dbus.packages = [ pkgs.blueman ];
}
diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix
index ffc32e0cb..3b9d04549 100644
--- a/makefu/2configs/hw/network-manager.nix
+++ b/makefu/2configs/hw/network-manager.nix
@@ -27,4 +27,7 @@
powersave = true;
scanRandMacAddress = true;
};
+ state = [
+ "/etc/NetworkManager/system-connections" #NM stateful config files
+ ];
}
diff --git a/makefu/2configs/hw/smartcard.nix b/makefu/2configs/hw/smartcard.nix
index 1e9bca53b..b66b70098 100644
--- a/makefu/2configs/hw/smartcard.nix
+++ b/makefu/2configs/hw/smartcard.nix
@@ -2,12 +2,15 @@
{
services.pcscd = {
enable = true;
- plugins = with pkgs; [ ifdnfc ccid ];
+ plugins = with pkgs;
+ [ #ifdnfc
+ ccid
+ ];
};
environment.systemPackages = with pkgs; [
# need to run ifdnfc-activate before usage
- ifdnfc
+ # ifdnfc
# pcsc_scan
pcsctools
];
diff --git a/makefu/2configs/hw/switch.nix b/makefu/2configs/hw/switch.nix
new file mode 100644
index 000000000..d46e8cf3f
--- /dev/null
+++ b/makefu/2configs/hw/switch.nix
@@ -0,0 +1,10 @@
+{ config, lib, pkgs, ... }:
+
+{
+
+ users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "plugdev" ];
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev"
+ '';
+}
diff --git a/makefu/2configs/laptop-backup.nix b/makefu/2configs/laptop-backup.nix
deleted file mode 100644
index 8df7043c8..000000000
--- a/makefu/2configs/laptop-backup.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{config, lib, pkgs, ... }:
-
-{
- systemd.user.services.duply-secrets = {
- description = "run daily secrets backup";
- startAt = "daily";
- serviceConfig = {
- Type = "oneshot";
- ExecStart = "{pkgs.duply}/bin/duply omo-secrets backup";
- };
- };
-}
diff --git a/makefu/2configs/nginx/download.binaergewitter.de.nix b/makefu/2configs/nginx/download.binaergewitter.de.nix
new file mode 100644
index 000000000..6b5687e72
--- /dev/null
+++ b/makefu/2configs/nginx/download.binaergewitter.de.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+let
+ ident = (toString <secrets>) + "/mirrorsync.gum.id_ed25519";
+in {
+ systemd.services.mirrorsync = {
+ startAt = "08:00:00";
+ path = with pkgs; [ rsync openssh ];
+ script = ''rsync -av -e "ssh -i ${ident}" mirrorsync@159.69.132.234:/var/www/html/ /var/www/binaergewitter'';
+ };
+ services.nginx = {
+ enable = lib.mkDefault true;
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ virtualHosts."download.binaergewitter.de" = {
+ serverAliases = [ "dl2.binaergewitter.de" ];
+ root = "/var/www/binaergewitter";
+ extraConfig = ''
+ access_log /var/spool/nginx/logs/binaergewitter.access.log combined;
+ error_log /var/spool/nginx/logs/binaergewitter.error.log error;
+ autoindex on;
+ '';
+ };
+ };
+}
diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix
index 65d36d9b6..14d1285db 100644
--- a/makefu/2configs/nginx/euer.blog.nix
+++ b/makefu/2configs/nginx/euer.blog.nix
@@ -39,4 +39,5 @@ in {
};
};
};
+ state = [ base-dir ];
}
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index 99533b25c..280622259 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -21,6 +21,7 @@ let
tw-pass-file = "${sec}/tw-pass.ini";
in {
+ state = [ base-dir ];
services.phpfpm = {
# phpfpm does not have an enable option
poolConfigs = {
diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix
index d5fa65ef9..fb1a67358 100644
--- a/makefu/2configs/printer.nix
+++ b/makefu/2configs/printer.nix
@@ -5,11 +5,11 @@ let
in {
services.printing = {
enable = true;
- drivers = [
- pkgs.samsungUnifiedLinuxDriver
- pkgs.cups-dymo # dymo labelwriter
- pkgs.foo2zjs # magicolor 1690mf
- pkgs.zj-58
+ drivers = with pkgs; [
+ samsungUnifiedLinuxDriver
+ cups-dymo # dymo labelwriter
+ foo2zjs # magicolor 1690mf
+ cups-zj-58
];
};
diff --git a/makefu/2configs/rtorrent.nix b/makefu/2configs/rtorrent.nix
deleted file mode 100644
index 9e2990cab..000000000
--- a/makefu/2configs/rtorrent.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-_:
-let
- listenPort = 60123;
- xml-port = 5000;
- authfile = <torrent-secrets/authfile>;
-in {
- makefu.rtorrent = {
- enable = true;
- web = {
- enable = true;
- enableAuth = true;
- inherit authfile;
- };
- rutorrent.enable = true;
- enableXMLRPC = true;
- logLevel = "debug";
- inherit listenPort;
- };
-}
diff --git a/makefu/2configs/deployment/events-publisher/default.nix b/makefu/2configs/shack/events-publisher/default.nix
index 37d74c282..531d2525e 100644
--- a/makefu/2configs/deployment/events-publisher/default.nix
+++ b/makefu/2configs/shack/events-publisher/default.nix
@@ -2,8 +2,8 @@
with import <stockholm/lib>;
let
shack-announce = pkgs.callPackage (builtins.fetchTarball {
- url = "https://github.com/makefu/events-publisher/archive/c5218195e6afdc646cb7682d8f355a7ec2b90716.tar.gz";
- sha256 = "0xk74q7gah3l5zy3bkvih3k9fr1hclvf71rm3ixcmslhicl7khav";
+ url = "https://github.com/makefu/events-publisher/archive/670f4d7182a41b6763296e301612499d2986f213.tar.gz";
+ sha256 = "1yf9cb08v4rc6x992yx5lcyn62sm3p8i2b48rsmr4m66xdi4bpnd";
}) {} ;
home = "/var/lib/shackannounce";
user = "shackannounce";
diff --git a/makefu/2configs/shack/gitlab-runner/default.nix b/makefu/2configs/shack/gitlab-runner/default.nix
new file mode 100644
index 000000000..55dc50fa8
--- /dev/null
+++ b/makefu/2configs/shack/gitlab-runner/default.nix
@@ -0,0 +1,31 @@
+
+{
+ systemd.services.gitlab-runner.path = [
+ "/run/wrappers" # /run/wrappers/bin/su
+ "/" # /bin/sh
+ ];
+ services.gitlab-runner = {
+ enable = true;
+ configOptions =
+ { concurrent = 1;
+ runners = [
+ { builds_dir = "";
+ #docker =
+ #{ cache_dir = "";
+ # disable_cache = true;
+ # host = ""; image = "nixos/nix:2.1.3";
+ # privileged = true;
+ #};
+ #executor = "docker";
+ # name = "docker-nix";
+ name = "gum-shell";
+ executor = "shell";
+ environment = [ "PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" ];
+ # generate via `gitlab-runner register`
+ token = import <secrets/shackspace-gitlab-ci-token.nix>;
+ url = "https://git.shackspace.de/";
+ }
+ ];
+ };
+ };
+}
diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix
index 422676b24..c16629cc5 100644
--- a/makefu/2configs/stats/arafetch.nix
+++ b/makefu/2configs/stats/arafetch.nix
@@ -27,12 +27,14 @@ in {
systemd.services.arafetch = {
startAt = "Mon,Wed,Fri 09:15:00";
wantedBy = [ "multi-user.target" ];
+ after = [ "network-online.target" ];
environment = {
OUTDIR = home;
};
path = [ pkg pkgs.git pkgs.wget ];
serviceConfig = {
User = "arafetch";
+ Restart = "always";
WorkingDirectory = home;
PrivateTmp = true;
ExecStart = pkgs.writeDash "start-weekrun" ''
diff --git a/makefu/2configs/taskd.nix b/makefu/2configs/taskd.nix
new file mode 100644
index 000000000..5ca3b9904
--- /dev/null
+++ b/makefu/2configs/taskd.nix
@@ -0,0 +1,11 @@
+{config, ... }:
+{
+ services.taskserver.enable = true;
+ services.taskserver.fqdn = config.krebs.build.host.name;
+ services.taskserver.listenHost = "::";
+ services.taskserver.organisations.home.users = [ "makefu" ];
+ networking.firewall.extraCommands = ''
+ iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
+ ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
+ '';
+}
diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix
index da8a357ae..9dedafdd2 100644
--- a/makefu/2configs/tools/android-pentest.nix
+++ b/makefu/2configs/tools/android-pentest.nix
@@ -9,7 +9,7 @@
dex2jar
apktool
jd-gui
- android-studio
+ # android-studio
jdk
jre
openssl
diff --git a/makefu/2configs/tools/desktop.nix b/makefu/2configs/tools/desktop.nix
index bb14c3eb5..924668803 100644
--- a/makefu/2configs/tools/desktop.nix
+++ b/makefu/2configs/tools/desktop.nix
@@ -3,7 +3,7 @@
{
users.users.makefu.packages = with pkgs; [
taskwarrior
- pass
+ (pass.withExtensions (ext: [ ext.pass-otp ]))
gopass
mutt
weechat
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index 1c28eeffd..3d26cc574 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -6,7 +6,6 @@
gimp
inkscape
libreoffice
- quodlibet
# skype
synergy
tdesktop
diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix
index a61b6c88e..88a7c6882 100644
--- a/makefu/2configs/tools/media.nix
+++ b/makefu/2configs/tools/media.nix
@@ -7,10 +7,12 @@
vlc
mumble
mplayer
- quodlibet
+ quodlibet # exfalso
plowshare
streamripper
youtube-dl
+
+ pulseeffects
];
}
diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix
index 8a559dbbd..11151003d 100644
--- a/makefu/2configs/tools/mobility.nix
+++ b/makefu/2configs/tools/mobility.nix
@@ -7,6 +7,8 @@
rclone
exfat
(pkgs.callPackage ./secrets.nix {})
+
+ opensc pcsctools libu2f-host
];
# boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
diff --git a/makefu/2configs/tools/secrets.nix b/makefu/2configs/tools/secrets.nix
index f88618cbc..7d10983c7 100644
--- a/makefu/2configs/tools/secrets.nix
+++ b/makefu/2configs/tools/secrets.nix
@@ -1,7 +1,7 @@
{ pass, write, writeDash, ... }:
write "secrets" {
- "/bin/secrets".link = writeDash "brain" ''
+ "/bin/secrets".link = writeDash "secrets" ''
PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \
exec ${pass}/bin/pass $@
'';
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
index 3df0ddbfe..ca368dbf0 100644
--- a/makefu/2configs/torrent.nix
+++ b/makefu/2configs/torrent.nix
@@ -3,12 +3,11 @@
with import <stockholm/lib>;
let
- daemon-user = "tor";
basicAuth = import <torrent-secrets/auth.nix>;
peer-port = 51412;
web-port = 8112;
daemon-port = 58846;
- base-dir = config.makefu.dl-dir;
+ base-dir = config.krebs.rtorrent.workDir;
in {
users.users = {
@@ -23,17 +22,6 @@ in {
};
};
- # todo: race condition, do this after download user has been created
- system.activationScripts."download-dir-chmod" = ''
- for i in finished watch; do
- if test ! -d $i;then
- mkdir -p "${base-dir}/$i"
- chown rtorrent:download "${base-dir}/$i"
- chmod 775 "${base-dir}/$i"
- fi
- done
- '';
-
users.extraGroups = {
download = {
gid = lib.mkDefault (genid "download");
@@ -57,15 +45,17 @@ in {
rutorrent.enable = true;
enableXMLRPC = true;
listenPort = peer-port;
- downloadDir = base-dir + "/finished";
- watchDir = base-dir + "/watch";
+ downloadDir = config.makefu.dl-dir;
# dump old torrents into watch folder to have them re-added
};
+ services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; };
+
networking.firewall.extraCommands = ''
iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
'';
networking.firewall.allowedTCPPorts = [ peer-port ];
networking.firewall.allowedUDPPorts = [ peer-port ];
+ state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded
}
diff --git a/makefu/2configs/virtualisation/virtualbox.nix b/makefu/2configs/virtualisation/virtualbox.nix
index 30de6e44a..e90cc1e8d 100644
--- a/makefu/2configs/virtualisation/virtualbox.nix
+++ b/makefu/2configs/virtualisation/virtualbox.nix
@@ -1,26 +1,9 @@
{ config, lib, pkgs, ... }:
-let
- mainUser = config.krebs.build.user;
- vboxguestpkg = lib.stdenv.mkDerivation rec {
- name = "Virtualbox-Extensions-${version}-${rev}";
- version = "5.0.20";
- rev = "106931";
- src = pkgs.fetchurl {
- url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
- sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
- };
- };
-in {
+{
virtualisation.virtualbox.host.enable = true;
nixpkgs.config.virtualbox.enableExtensionPack = true;
virtualisation.virtualbox.host.enableHardening = false;
- users.extraGroups.vboxusers.members = [ "${mainUser.name}" ];
- nixpkgs.config.packageOverrides = super: {
- boot.kernelPackages.virtualbox = super.boot.kernelPackages.virtualbox.override {
- buildInputs = super.boot.kernelPackages.virtualBox.buildInputs
- ++ [ vboxguestpkg ];
- };
- };
+ users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ];
}
diff --git a/makefu/5pkgs/4nxci/default.nix b/makefu/5pkgs/_4nxci/default.nix
index 3aba3be45..dafa37ff6 100644
--- a/makefu/5pkgs/4nxci/default.nix
+++ b/makefu/5pkgs/_4nxci/default.nix
@@ -1,33 +1,31 @@
-{ stdenv, lib, fetchFromGitHub, mbedtls, python2 }:
+{ stdenv, lib, fetchFromGitHub, mbedtls, python2, perl }:
let
-
- mymbedtls = lib.overrideDerivation mbedtls (old: rec {
- name = "mbedtls-${version}";
- version = "2.13.0";
- src = fetchFromGitHub {
- owner = "ARMmbed";
- repo = "mbedtls";
- rev = name;
- sha256 = "1257kp7yxkwwbx5v14kmrmgk1f9zagiddg5alm4wbj0pmgbrm14j";
- };
- buildInputs = old.buildInputs ++ [ python2 ];
- postConfigure = ''
- perl scripts/config.pl set MBEDTLS_CMAC_C
- '';
- doCheck = false;
-
- });
-in stdenv.mkDerivation rec {
- name = "4nxci-${version}";
- version = "1.30";
-
+ version = "1.35";
src = fetchFromGitHub {
owner = "The-4n";
repo = "4NXCI";
rev = "v${version}";
- sha256 = "0nrd19z88iahxcdx468lzgxlvkl65smwx8f9s19431cszyhvpxyh";
+ sha256 = "0yq0irxzi4wi71ajw8ld01zfpkrgknpq7g3m76pbnwmdzkm7dra6";
};
+ mymbedtls = stdenv.mkDerivation {
+ name = "mbedtls-${version}";
+ version = "2.6.1";
+ doCheck = false;
+ inherit src;
+ buildInputs = [ perl ];
+ phases = [ "unpackPhase" "buildPhase" "installPhase" ];
+ makeFlags = [ "DESTDIR=$(out)" ];
+ buildPhase = ''
+ cp config.mk.template config.mk
+ cd mbedtls
+ make
+ '';
+ };
+in stdenv.mkDerivation rec {
+ name = "4nxci-${version}";
+
+ inherit src version;
buildPhase = ''
cp config.mk.template config.mk
sed -i 's#\(INCLUDE =\).*#\1${mymbedtls}/include#' Makefile
diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg
index 12d357913..11f9f59b8 100644
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@@ -572,9 +572,9 @@ local os = {
do
local cmds =
{
- "@networkmanagerapplet@/bin/nm-applet",
- "@blueman@/bin/blueman-applet",
- "@clipit@/bin/clipit"
+ -- "@networkmanagerapplet@/bin/nm-applet",
+ -- "@blueman@/bin/blueman-applet",
+ -- "@clipit@/bin/clipit"
}
for _,i in pairs(cmds) do
diff --git a/makefu/5pkgs/cozy-audiobooks/default.nix b/makefu/5pkgs/cozy-audiobooks/default.nix
deleted file mode 100644
index 870fa8ce2..000000000
--- a/makefu/5pkgs/cozy-audiobooks/default.nix
+++ /dev/null
@@ -1,95 +0,0 @@
-{ stdenv, fetchFromGitHub
-, ninja
-, boost
-, meson
-, pkgconfig
-, wrapGAppsHook
-, appstream-glib
-, desktop-file-utils
-, gtk3
-, glib
-, gst_all_1
-, gobjectIntrospection
-, python3Packages
-, file
-, cairo , sqlite , gettext
-, gnome3
-}:
-
-let
- peewee = with python3Packages; buildPythonPackage rec {
- # https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/python-peewee
- pname = "peewee";
- version = "3.6.4";
- src = fetchPypi {
- inherit pname version;
- sha256 = "1fi4z9n86ri79gllwav0gv3hmwipzmkvivzfyszfqn9fi5zpp3ak";
- };
- doCheck = false;
-
- checkPhase = ''
- python runtests.py
- '';
-
- buildInputs = [
- cython
- sqlite
- # psycopg2
- # mysql-connector
- ];
- meta.license = stdenv.lib.licenses.mit;
- };
-in
-stdenv.mkDerivation rec {
- name = "cozy-${version}";
- version = "0.6.0";
-
- src = fetchFromGitHub {
- owner = "geigi";
- repo = "cozy";
- rev = version;
- sha256 = "1afl3qsn9h4k8fgp63z0ab9p5ashrg3g936a9rh3i9qydv6s3srd";
- };
-
- postPatch = ''
- chmod +x data/meson_post_install.py
- patchShebangs data/meson_post_install.py
- substituteInPlace cozy/magic/magic.py --replace "ctypes.util.find_library('magic')" "'${file}/lib/libmagic${stdenv.hostPlatform.extensions.sharedLibrary}'"
- '';
- postInstall = ''
- wrapProgram $out/bin/com.github.geigi.cozy \
- --prefix PYTHONPATH : "$PYTHONPATH:$(toPythonPath $out)"
-
- '';
- wrapPrefixVariables = [ "PYTHONPATH" ];
-
-
- nativeBuildInputs = [
- meson ninja pkgconfig
- wrapGAppsHook
- appstream-glib
- desktop-file-utils
- gobjectIntrospection
-
- ];
- buildInputs = with gst_all_1; [ gtk3 glib
- gstreamer gst-plugins-good gst-plugins-ugly gst-plugins-base cairo gettext
- gnome3.defaultIconTheme gnome3.gsettings-desktop-schemas
- ]
- ++ (with python3Packages; [
- python gst-python pygobject3 dbus-python mutagen peewee magic
-
- ]);
-
- checkPhase = ''
- ninja test
- '';
-
- meta = with stdenv.lib; {
- description = ''
- A modern audio book player for Linux using GTK+ 3
- '';
- maintainers = [ maintainers.makefu ];
- license = licenses.mit;
- };
-}
diff --git a/makefu/5pkgs/custom/inkscape/dxf_fix.patch b/makefu/5pkgs/custom/inkscape/dxf_fix.patch
deleted file mode 100644
index b7b491d4e..000000000
--- a/makefu/5pkgs/custom/inkscape/dxf_fix.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- ./share/extensions/dxf_outlines.py 2017-10-08 17:28:45.553368917 +0200
-+++ ./share/extensions/dxf_outlines.py.new 2017-10-08 17:29:20.172554152 +0200
-@@ -341,7 +341,7 @@
- if not scale:
- scale = 25.4/96 # if no scale is specified, assume inch as baseunit
- scale /= self.unittouu('1px')
-- h = self.unittouu(self.document.getroot().xpath('@height', namespaces=inkex.NSS)[0])
-+ h = self.unittouu(self.documentHeight())
- self.groupmat = [[[scale, 0.0, 0.0], [0.0, -scale, h*scale]]]
- doc = self.document.getroot()
- self.process_group(doc)
-
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 390aabd73..6e86f4264 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -30,9 +30,6 @@ in {
qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { };
inherit (callPackage ./devpi {}) devpi-web ;
nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {};
- inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: {
- patches = [ ./custom/inkscape/dxf_fix.patch ];
- });
}
// (mapAttrs (_: flip callPackage {})
diff --git a/makefu/5pkgs/esniper/default.nix b/makefu/5pkgs/esniper/default.nix
deleted file mode 100644
index a6aac5748..000000000
--- a/makefu/5pkgs/esniper/default.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ stdenv, fetchurl , openssl, curl, coreutils, gawk, bash, which }:
-
-stdenv.mkDerivation rec {
- name = "${pname}-2-35-0";
- pname = "esniper";
- version = "2.35.0";
- src = fetchurl {
- url = "mirror://sourceforge/${pname}/${name}.tgz";
- sha256 = "04iwjb42lw90c03125bjdpnm0fp78dmwf2j35r7mah0nwcrlagd9";
- };
-
-
- buildInputs = [ openssl curl ];
-
- # Add support for CURL_CA_BUNDLE variable.
- # Fix <http://sourceforge.net/p/esniper/bugs/648/>.
- patches = [ ./find-ca-bundle.patch ];
-
- postInstall = ''
- sed <"frontends/snipe" >"$out/bin/snipe" \
- -e "2i export PATH=\"$out/bin:${stdenv.lib.makeBinPath [ coreutils gawk bash which ]}:\$PATH\""
- chmod 555 "$out/bin/snipe"
- '';
-
- meta = with stdenv.lib; {
- description = "Simple, lightweight tool for sniping eBay auctions";
- homepage = http://esniper.sourceforge.net;
- license = licenses.gpl2;
- maintainers = with maintainers; [ lovek323 peti ];
- platforms = platforms.all;
- };
-}
diff --git a/makefu/5pkgs/esniper/find-ca-bundle.patch b/makefu/5pkgs/esniper/find-ca-bundle.patch
deleted file mode 100644
index e4df272a0..000000000
--- a/makefu/5pkgs/esniper/find-ca-bundle.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -ubr '--exclude=*.o' esniper-2-27-0-orig/http.c esniper-2-27-0-patched/http.c
---- esniper-2-27-0-orig/http.c 2012-02-06 22:04:06.000000000 +0100
-+++ esniper-2-27-0-patched/http.c 2012-07-27 10:54:20.893054646 +0200
-@@ -200,6 +200,9 @@
- int
- initCurlStuff(void)
- {
-+ /* Path to OpenSSL bundle file. */
-+ const char *ssl_capath=NULL;
-+
- /* list for custom headers */
- struct curl_slist *slist=NULL;
-
-@@ -241,6 +244,12 @@
- if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_COOKIEFILE, "")))
- return initCurlStuffFailed();
-
-+ /* If the environment variable CURL_CA_BUNDLE is set, pass through its
-+ * contents to curl. */
-+ if ((ssl_capath = getenv("CURL_CA_BUNDLE")))
-+ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_CAINFO, ssl_capath)))
-+ return initCurlStuffFailed();
-+
- slist = curl_slist_append(slist, "Accept: text/*");
- slist = curl_slist_append(slist, "Accept-Language: en");
- slist = curl_slist_append(slist, "Accept-Charset: iso-8859-1,*,utf-8");
diff --git a/makefu/5pkgs/ifdnfc/default.nix b/makefu/5pkgs/ifdnfc/default.nix
deleted file mode 100644
index cc7956c8c..000000000
--- a/makefu/5pkgs/ifdnfc/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ stdenv, fetchFromGitHub , pkgconfig
-, pcsclite
-, autoreconfHook
-, libnfc
-}:
-
-stdenv.mkDerivation rec {
- name = "ifdnfc-${version}";
- version = "2016-03-01";
-
- src = fetchFromGitHub {
- owner = "nfc-tools";
- repo = "ifdnfc";
- rev = "0e48e8e";
- sha256 = "1cxnvhhlcbm8h49rlw5racspb85fmwqqhd3gzzpzy68vrs0b37vg";
- };
- nativeBuildInputs = [ pkgconfig autoreconfHook ];
- buildInputs = [ pcsclite libnfc ];
-
- configureFlags = [ "--prefix=$(out)" ];
- makeFlags = [ "DESTDIR=/" "usbdropdir=$(out)/pcsc/drivers" ];
-
- meta = with stdenv.lib; {
- description = "PC/SC IFD Handler based on libnfc";
- long_description =
- '' libnfc Interface Plugin to be used in <code>services.pcscd.plugins</code>.
- It provides support for all readers which are not supported by ccid but by libnfc.
-
- For activating your reader you need to run
- <code>ifdnfc-activate yes<code> with this package in your
- <code>environment.systemPackages</code>
-
- To use your reader you may need to blacklist your reader kernel modules:
- <code>boot.blacklistedKernelModules = [ "pn533" "pn533_usb" "nfc" ];</code>
-
- Supports the pn533 smart-card reader chip which is for example used in
- the SCM SCL3711.
- '';
- homepage = https://github.com/nfc-tools/ifdnfc;
- license = licenses.gpl3;
- platforms = platforms.linux;
- maintainers = with maintainers; [ makefu ];
- };
-}
-
diff --git a/makefu/5pkgs/jd-gui/default.nix b/makefu/5pkgs/jd-gui/default.nix
deleted file mode 100644
index adefd80dd..000000000
--- a/makefu/5pkgs/jd-gui/default.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ stdenv, lib, pkgs, fetchurl, jre, makeWrapper, unzip }:
-stdenv.mkDerivation rec {
- name = "${packageName}-${version}";
- packageName = "jd-gui";
- version = "1.4.0";
-
- src = fetchurl {
- url = "https://github.com/java-decompiler/jd-gui/releases/download/v${version}/${name}.jar";
- sha256 = "0rvbplkhafb6s9aiwgcq4ffz4bvzyp7q511pd46hx4ahhzfg7lmx";
- };
-
- nativeBuildInputs = [ makeWrapper unzip ];
-
- phases = [ "installPhase" ];
-
- installPhase = ''
- f=$out/lib/jd-gui/
- bin=$out/bin
- name=$(basename $src)
- mkdir -p $f $bin
-
- # fixup path to java
- cp $src $f
- cat > $bin/jd-gui <<EOF
- #!/bin/sh
- exec ${pkgs.jre}/bin/java -jar $f/$name \$@
- EOF
- chmod +x $bin/jd-gui
- '';
-
- meta = {
- homepage = https://github.com/java-decompiler/jd-gui;
- description = "A standalone Java Decompiler GUI";
- license = lib.licenses.gpl3;
- };
-}
diff --git a/makefu/5pkgs/mcomix/default.nix b/makefu/5pkgs/mcomix/default.nix
deleted file mode 100644
index 7fb9cd375..000000000
--- a/makefu/5pkgs/mcomix/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ pkgs, lib ,python2Packages, fetchurl, gtk3}:
-python2Packages.buildPythonPackage rec {
- name = "mcomix-${version}";
- version = "1.2.1";
-
- src = fetchurl {
- url = "mirror://sourceforge/mcomix/${name}.tar.bz2";
- sha256 = "0fzsf9pklhfs1rzwzj64c0v30b74nk94p93h371rpg45qnfiahvy";
- };
-
- propagatedBuildInputs = with python2Packages;
- [ python2Packages.pygtk gtk3 python2Packages.pillow ];
-
- # for module in sys.modules.itervalues():
- # RuntimeError: dictionary changed size during iteration
- doCheck = false;
-
- meta = {
- homepage = https://github.com/pyload/pyload;
- description = "Free and Open Source download manager written in Python";
- license = lib.licenses.gpl3;
- maintainers = with lib.maintainers; [ makefu ];
- };
-}
diff --git a/makefu/5pkgs/ns-atmosphere-programmer/default.nix b/makefu/5pkgs/ns-atmosphere-programmer/default.nix
new file mode 100644
index 000000000..1e1cb1d86
--- /dev/null
+++ b/makefu/5pkgs/ns-atmosphere-programmer/default.nix
@@ -0,0 +1,36 @@
+{ stdenv, fetchzip
+, makeWrapper
+, autoPatchelfHook
+, xlibs
+, gnome3
+, libpng12
+}:
+stdenv.mkDerivation rec {
+ name = "ns-atmosphere-programmer-${version}";
+ version = "0.1";
+
+ src = fetchzip {
+ url = "http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-linux-v01.zip";
+ sha256 = "0g2fxbirgi0lm0mi69cmknqj7626fxjkwn98bqx5pcalxplww8k0";
+ };
+
+ buildInputs = with xlibs; [ libX11 libXxf86vm libSM gnome3.gtk libpng12 ];
+ nativeBuildInputs = [ autoPatchelfHook makeWrapper ];
+
+ installPhase = ''
+ install -D -m755 NS-Atmosphere-Programmer-Linux-v0.1/NS-Atmosphere $out/bin/NS-Atmosphere
+ wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
+--suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share'
+ '';
+
+ dontStrip = true;
+
+ meta = with stdenv.lib; {
+ description = "Payload programmer for ns-atmosphere injector";
+ homepage = http://www.ns-atmosphere.com;
+ maintainers = [ maintainers.makefu ];
+ platforms = platforms.linux;
+ license = with licenses; [ unfree ];
+ };
+
+}
diff --git a/makefu/5pkgs/switch-launcher/default.nix b/makefu/5pkgs/switch-launcher/default.nix
new file mode 100644
index 000000000..cc7905a31
--- /dev/null
+++ b/makefu/5pkgs/switch-launcher/default.nix
@@ -0,0 +1,24 @@
+{ lib, pkgs, python3Packages, ... }:
+
+with python3Packages; buildPythonPackage rec {
+ name = "nodemcu-uploader-${version}";
+ version = "0.1.0";
+
+ src = pkgs.fetchFromGitHub {
+ owner = "ksmit799";
+ repo = "switch-launcher";
+ rev = version;
+ sha256 = "0j24dwiqqjiks59s8gilnplsls130mp1jssg2rpjrvj0jg0w52zz";
+ };
+
+
+ propagatedBuildInputs = [
+ pyusb
+ ];
+
+ meta = {
+ homepage = https://github.com/ksmit799/switch-launcher;
+ description = "Desktop switch payload launcher based on a modified reswitched injector";
+ license = lib.licenses.bsd3;
+ };
+}
diff --git a/makefu/5pkgs/targetcli/default.nix b/makefu/5pkgs/targetcli/default.nix
new file mode 100644
index 000000000..927c34c5a
--- /dev/null
+++ b/makefu/5pkgs/targetcli/default.nix
@@ -0,0 +1,64 @@
+{ pkgs, fetchFromGitHub, ... }:
+with pkgs.python2Packages;
+let
+ version = "2.1";
+ rtslib = buildPythonPackage rec {
+ pname = "rtslib";
+ inherit version;
+ src = fetchFromGitHub {
+ owner = "datera";
+ repo = "rtslib";
+ rev = version;
+ sha256 = "1d58k9i4xigfqgycyismsqzkz65ssjdri2v9fg0wpica1klyyv22";
+ };
+ propagatedBuildInputs = [ ipaddr netifaces configobj ];
+ };
+ configshell = buildPythonPackage rec {
+ pname = "configshell";
+ version = "1.6";
+ src = fetchFromGitHub {
+ owner = "datera";
+ repo = "configshell";
+ rev = version;
+ sha256 = "14n7xbcaicsvwajv1aihz727dlkn6zfaqjbnn7mcpns83c2hms7y";
+ };
+ propagatedBuildInputs = [ pyparsing ];
+ };
+
+ tcm-py = buildPythonPackage rec {
+ pname = "tcm-py";
+ version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
+ src = fetchFromGitHub {
+ owner = "datera";
+ repo = "lio-utils";
+ rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
+ sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0";
+ } + "/tcm-py";
+ propagatedBuildInputs = [ ];
+ };
+
+ lio-py = buildPythonPackage rec {
+ pname = "lio-py";
+ version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
+ src = fetchFromGitHub {
+ owner = "datera";
+ repo = "lio-utils";
+ rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
+ sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0";
+ } + "/lio-py";
+ propagatedBuildInputs = [ ];
+ };
+
+in buildPythonApplication rec {
+ pname = "targetcli";
+ inherit version;
+
+ propagatedBuildInputs = [ rtslib configshell lio-py tcm-py ];
+
+ src = fetchFromGitHub {
+ owner = "datera";
+ repo = "targetcli";
+ rev = version;
+ sha256 = "10nax7761g93qzky01y3hra8i4s11cgyy9w5w6l8781lj21lgi3d";
+ };
+}
diff --git a/makefu/5pkgs/zj-58/default.nix b/makefu/5pkgs/zj-58/default.nix
deleted file mode 100644
index 6eda84959..000000000
--- a/makefu/5pkgs/zj-58/default.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{stdenv, fetchFromGitHub, cups}:
-
-stdenv.mkDerivation rec {
- name = "cups-zj58-2018-02-22";
-
- src = fetchFromGitHub {
- owner = "klirichek";
- repo = "zj-58";
- rev = "e4212cd";
- sha256 = "1w2qkspm4qqg5h8n6gmakzhiww7gag64chvy9kf89xsl3wsyp6pi";
- };
-
- buildInputs = [cups];
-
- installPhase = ''
- mkdir -p $out/lib/cups/filter
-
- cp rastertozj $out/lib/cups/filter
-
-
- mkdir -p $out/share/cups/model/zjiang
- cp ZJ-58.ppd $out/share/cups/model/zjiang/
- '';
-
- meta = {
- description = "CUPS filter for thermal printer Zjiang ZJ-58";
- homepage = https://github.com/klirichek/zj-58;
- platforms = stdenv.lib.platforms.linux;
- };
-}
diff --git a/makefu/krops.nix b/makefu/krops.nix
index 27b7b04ef..6c510eba3 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -23,7 +23,17 @@
{
# nixos-18.09 @ 2018-09-18
# + uhub/sqlite: 5dd7610401747
- nixpkgs = if test || host-src.full then {
+ nixpkgs = if test then {
+ file = {
+ path = toString (pkgs.fetchFromGitHub {
+ owner = "makefu";
+ repo = "nixpkgs";
+ rev = nixpkgs-src.rev;
+ sha256 = nixpkgs-src.sha256;
+ });
+ useChecksum = true;
+ };
+ } else if host-src.full then {
git.ref = nixpkgs-src.rev;
git.url = nixpkgs-src.url;
} else if host-src.arm6 then {
@@ -69,7 +79,7 @@
(lib.mkIf ( host-src.home-manager ) {
home-manager.git = {
url = https://github.com/rycee/home-manager;
- ref = "6eea2a4";
+ ref = "f947faf";
};
})
];
diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json
index f39bb6688..ae35f9e76 100644
--- a/makefu/nixpkgs.json
+++ b/makefu/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/makefu/nixpkgs",
- "rev": "8f991294288b27b9dec05cc1e07ec6a360bb39c8",
- "date": "2018-08-06T14:29:01+02:00",
- "sha256": "0zan8kdjk1pwdzm1rwc3ka87k11j0zmw4mdnj70r6pm38x2fa9n6",
- "fetchSubmodules": true
+ "rev": "9728b2e83406c76efc734ebb1923f23b8e687819",
+ "date": "2018-11-19T20:36:35+01:00",
+ "sha256": "0nk75ldppjr6x04hgghgg9vanr1cw4k5xhg699d38g2rpxviz5bp",
+ "fetchSubmodules": false
}
diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix
deleted file mode 100644
index 0967ef424..000000000
--- a/nin/0tests/dummysecrets/hashedPasswords.nix
+++ /dev/null
@@ -1 +0,0 @@
-{}
diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix
deleted file mode 100644
index 5e81afdbd..000000000
--- a/nin/1systems/axon/config.nix
+++ /dev/null
@@ -1,132 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- imports = [
- <stockholm/nin>
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- #../2configs/copyq.nix
- <stockholm/nin/2configs/ableton.nix>
- <stockholm/nin/2configs/games.nix>
- <stockholm/nin/2configs/git.nix>
- <stockholm/nin/2configs/retiolum.nix>
- <stockholm/nin/2configs/termite.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.axon;
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/pool/root";
- fsType = "ext4";
- };
-
- fileSystems."/tmp" =
- { device = "tmpfs";
- fsType = "tmpfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/sda1";
- fsType = "ext2";
- };
-
- boot.initrd.luks.devices.crypted.device = "/dev/sda2";
- boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda";
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-
- # Enable CUPS to print documents.
- # services.printing.enable = true;
-
- # nin config
- time.timeZone = "Europe/Berlin";
- services.xserver = {
- enable = true;
-
- displayManager.lightdm.enable = true;
- };
-
- networking.networkmanager.enable = true;
- #networking.wireless.enable = true;
-
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
-
- hardware.bluetooth.enable = true;
-
- hardware.opengl.driSupport32Bit = true;
-
- #nixpkgs.config.steam.java = true;
-
- environment.systemPackages = with pkgs; [
- atom
- chromium
- firefox
- git
- htop
- keepassx
- lmms
- networkmanagerapplet
- openvpn
- python
- ruby
- steam
- taskwarrior
- thunderbird
- vim
- virtmanager
- ];
-
- nixpkgs.config = {
-
- allowUnfree = true;
-
- };
-
- #services.logind.extraConfig = "HandleLidSwitch=ignore";
-
- services.xserver.synaptics = {
- enable = true;
- };
-
- services.xserver.displayManager.sessionCommands = ''
- ${pkgs.xorg.xhost}/bin/xhost + local:
- '';
-
- services.xserver.desktopManager.xfce = let
- xbindConfig = pkgs.writeText "xbindkeysrc" ''
- "${pkgs.pass}/bin/passmenu --type"
- Control + p
- '';
- in {
- enable = true;
- extraSessionCommands = ''
- ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
- '';
- };
-
- # The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "17.03";
-
-}
diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix
deleted file mode 100644
index a09eed958..000000000
--- a/nin/1systems/hiawatha/config.nix
+++ /dev/null
@@ -1,126 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- imports = [
- <stockholm/nin>
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- #../2configs/copyq.nix
- <stockholm/nin/2configs/games.nix>
- <stockholm/nin/2configs/git.nix>
- <stockholm/nin/2configs/retiolum.nix>
- <stockholm/nin/2configs/termite.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.hiawatha;
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e";
- fsType = "ext4";
- };
-
- fileSystems."/tmp" =
- { device = "tmpfs";
- fsType = "tmpfs";
- };
-
- fileSystems."/home" =
- { device = "/dev/fam/home";
- };
-
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010";
- fsType = "ext2";
- };
-
- boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
- boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda";
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-
- # Enable CUPS to print documents.
- # services.printing.enable = true;
-
- fileSystems."/home/nin/.local/share/Steam" = {
- device = "/dev/fam/steam";
- };
-
- # nin config
- time.timeZone = "Europe/Berlin";
- services.xserver.enable = true;
-
- networking.networkmanager.enable = true;
- #networking.wireless.enable = true;
-
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
-
- hardware.bluetooth.enable = true;
-
- hardware.opengl.driSupport32Bit = true;
-
- #nixpkgs.config.steam.java = true;
-
- environment.systemPackages = with pkgs; [
- firefox
- git
- lmms
- networkmanagerapplet
- python
- steam
- thunderbird
- vim
- virtmanager
- ];
-
- nixpkgs.config = {
-
- allowUnfree = true;
-
- };
-
- #services.logind.extraConfig = "HandleLidSwitch=ignore";
-
- services.xserver.synaptics = {
- enable = true;
- };
-
-
- services.xserver.desktopManager.xfce = let
- xbindConfig = pkgs.writeText "xbindkeysrc" ''
- "${pkgs.pass}/bin/passmenu --type"
- Control + p
- '';
- in {
- enable = true;
- extraSessionCommands = ''
- ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
- '';
- };
-
- # The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "17.03";
-
-}
diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix
deleted file mode 100644
index 3cd0773ae..000000000
--- a/nin/1systems/onondaga/config.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- <stockholm/nin>
- <stockholm/nin/2configs/retiolum.nix>
- <stockholm/nin/2configs/weechat.nix>
- <stockholm/nin/2configs/git.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.onondaga;
-
- boot.isContainer = true;
- networking.useDHCP = false;
-
- time.timeZone = "Europe/Amsterdam";
-
- services.openssh.enable = true;
-}
diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix
deleted file mode 100644
index 343a9089d..000000000
--- a/nin/2configs/ableton.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, pkgs, ... }: let
- mainUser = config.users.extraUsers.nin;
-in {
- users.users= {
- ableton = {
- isNormalUser = true;
- extraGroups = [
- "audio"
- "video"
- ];
- packages = [
- pkgs.wine
- pkgs.winetricks
- ];
- };
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(ableton) NOPASSWD: ALL
- '';
-}
diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix
deleted file mode 100644
index 0616c4025..000000000
--- a/nin/2configs/copyq.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-let
- copyqConfig = pkgs.writeDash "copyq-config" ''
- ${pkgs.copyq}/bin/copyq config check_clipboard true
- ${pkgs.copyq}/bin/copyq config check_selection true
- ${pkgs.copyq}/bin/copyq config copy_clipboard true
- ${pkgs.copyq}/bin/copyq config copy_selection true
-
- ${pkgs.copyq}/bin/copyq config activate_closes true
- ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
- ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
- ${pkgs.copyq}/bin/copyq config disable_tray true
- ${pkgs.copyq}/bin/copyq config hide_tabs true
- ${pkgs.copyq}/bin/copyq config hide_toolbar true
- ${pkgs.copyq}/bin/copyq config item_popup_interval true
- ${pkgs.copyq}/bin/copyq config maxitems 1000
- ${pkgs.copyq}/bin/copyq config move true
- ${pkgs.copyq}/bin/copyq config text_wrap true
- '';
-in {
- systemd.user.services.copyq = {
- after = [ "graphical.target" ];
- wants = [ "graphical.target" ];
- wantedBy = [ "default.target" ];
- environment = {
- DISPLAY = ":0";
- };
- serviceConfig = {
- SyslogIdentifier = "copyq";
- ExecStart = "${pkgs.copyq}/bin/copyq";
- ExecStartPost = copyqConfig;
- Restart = "always";
- RestartSec = "2s";
- StartLimitBurst = 0;
- };
- };
-}
diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix
deleted file mode 100644
index 62f499a2d..000000000
--- a/nin/2configs/default.nix
+++ /dev/null
@@ -1,173 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-{
- imports = [
- ../2configs/vim.nix
- <stockholm/krebs/2configs/binary-cache/nixos.nix>
- <stockholm/krebs/2configs/binary-cache/prism.nix>
- {
- users.extraUsers =
- mapAttrs (_: h: { hashedPassword = h; })
- (import <secrets/hashedPasswords.nix>);
- }
- {
- users.users = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.nin.pubkey
- config.krebs.users.nin_h.pubkey
- ];
- };
- nin = {
- name = "nin";
- uid = 1337;
- home = "/home/nin";
- group = "users";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- "audio"
- "fuse"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.nin.pubkey
- config.krebs.users.nin_h.pubkey
- ];
- };
- };
- }
- {
- environment.variables = {
- NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
- };
- }
- (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
- environment.variables = {
- CURL_CA_BUNDLE = ca-bundle;
- GIT_SSL_CAINFO = ca-bundle;
- SSL_CERT_FILE = ca-bundle;
- };
- })
- ];
-
- networking.hostName = config.krebs.build.host.name;
- nix.maxJobs = config.krebs.build.host.cores;
-
- krebs = {
- enable = true;
- search-domain = "r";
- build = {
- user = config.krebs.users.nin;
- };
- };
-
- nix.useSandbox = true;
-
- users.mutableUsers = false;
-
- services.timesyncd.enable = true;
-
- #why is this on in the first place?
- services.nscd.enable = false;
-
- boot.tmpOnTmpfs = true;
- # see tmpfiles.d(5)
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -"
- ];
-
- # multiple-definition-problem when defining environment.variables.EDITOR
- environment.extraInit = ''
- EDITOR=vim
- '';
-
- nixpkgs.config.allowUnfree = true;
-
- environment.shellAliases = {
- gs = "git status";
- };
-
- environment.systemPackages = with pkgs; [
- #stockholm
- git
- gnumake
- jq
- proot
- pavucontrol
- populate
- p7zip
- termite
- unzip
- unrar
- hashPassword
- ];
-
- programs.bash = {
- enableCompletion = true;
- interactiveShellInit = ''
- HISTCONTROL='erasedups:ignorespace'
- HISTSIZE=65536
- HISTFILESIZE=$HISTSIZE
-
- shopt -s checkhash
- shopt -s histappend histreedit histverify
- shopt -s no_empty_cmd_completion
- complete -d cd
- '';
- promptInit = ''
- if test $UID = 0; then
- PS1='\[\033[1;31m\]$PWD\[\033[0m\] '
- elif test $UID = 1337; then
- PS1='\[\033[1;32m\]$PWD\[\033[0m\] '
- else
- PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] '
- fi
- if test -n "$SSH_CLIENT"; then
- PS1='\[\033[35m\]\h'" $PS1"
- fi
- '';
- };
-
- services.openssh = {
- enable = true;
- hostKeys = [
- # XXX bits here make no science
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- krebs.iptables = {
- enable = true;
- tables = {
- nat.PREROUTING.rules = [
- { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
- { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
- ];
- nat.OUTPUT.rules = [
- { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
- ];
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = [
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
- { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
- { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
- { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
- { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
- { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
- { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
- ];
- };
- };
-
- networking.dhcpcd.extraConfig = ''
- noipv4ll
- '';
-}
diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix
deleted file mode 100644
index 4c4f0c3a0..000000000
--- a/nin/2configs/games.nix
+++ /dev/null
@@ -1,69 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.mainUser;
- vdoom = pkgs.writeDash "vdoom" ''
- ${pkgs.zandronum}/bin/zandronum \
- -fov 120 \
- "$@"
- '';
- doom = pkgs.writeDash "doom" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} \
- -file $DOOM_DIR/lib/brutalv20.pk3 \
- "$@"
- '';
- doom1 = pkgs.writeDashBin "doom1" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
- '';
- doom2 = pkgs.writeDashBin "doom2" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
- '';
- vdoom1 = pkgs.writeDashBin "vdoom1" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
- '';
- vdoom2 = pkgs.writeDashBin "vdoom2" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
- '';
-
- doomservercfg = pkgs.writeText "doomserver.cfg" ''
- skill 7
- #survival true
- #sv_maxlives 4
- #sv_norespawn true
- #sv_weapondrop true
- no_jump true
- #sv_noweaponspawn true
- sv_sharekeys true
- sv_survivalcountdowntime 1
- sv_noteamselect true
- sv_updatemaster false
- #sv_coop_loseinventory true
- #cl_startasspectator false
- #lms_spectatorview false
- '';
-
- vdoomserver = pkgs.writeDashBin "vdoomserver" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
-
- ${pkgs.zandronum}/bin/zandronum-server \
- +exec ${doomservercfg} \
- "$@"
- '';
-
-in {
- environment.systemPackages = with pkgs; [
- doom1
- doom2
- vdoom1
- vdoom2
- vdoomserver
- ];
-
- hardware.pulseaudio.support32Bit = true;
-
-}
diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix
deleted file mode 100644
index aed4a9f48..000000000
--- a/nin/2configs/git.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
-
- out = {
- services.nginx.enable = true;
- krebs.git = {
- enable = true;
- cgit = {
- settings = {
- root-title = "public repositories at ${config.krebs.build.host.name}";
- root-desc = "keep calm and engage";
- };
- };
- repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
- rules = rules;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
-
- repos = public-repos;
-
- rules = concatMap make-rules (attrValues repos);
-
- public-repos = mapAttrs make-public-repo {
- stockholm = {
- cgit.desc = "take all the computers hostage, they'll love you!";
- };
- };
-
- make-public-repo = name: { cgit ? {}, ... }: {
- inherit cgit name;
- public = true;
- };
-
- make-rules =
- with git // config.krebs.users;
- repo:
- singleton {
- user = [ nin nin_h ];
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
- optional repo.public {
- user = attrValues config.krebs.users;
- repo = [ repo ];
- perm = fetch;
- } ++
- optional (length (repo.collaborators or []) > 0) {
- user = repo.collaborators;
- repo = [ repo ];
- perm = fetch;
- };
-
-in out
diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix
deleted file mode 100644
index b078dbd53..000000000
--- a/nin/2configs/im.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-{
- environment.systemPackages = with pkgs; [
- (pkgs.writeDashBin "im" ''
- export PATH=${makeSearchPath "bin" (with pkgs; [
- tmux
- gnugrep
- weechat
- ])}
- ssh chat@onondaga
- if tmux list-sessions -F\#S | grep -q '^im''$'; then
- exec tmux attach -t im
- else
- exec tmux new -s im weechat
- fi
- '')
- ];
-}
diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix
deleted file mode 100644
index 821e3cc00..000000000
--- a/nin/2configs/retiolum.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ ... }:
-
-{
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
- { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
- ];
- };
- };
-
- krebs.tinc.retiolum = {
- enable = true;
- connectTo = [
- "prism"
- "pigstarter"
- "gum"
- "flap"
- ];
- };
-
- nixpkgs.config.packageOverrides = pkgs: {
- tinc = pkgs.tinc_pre;
- };
-}
diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix
deleted file mode 100644
index 621dfae82..000000000
--- a/nin/2configs/skype.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.nin;
- inherit (import <stockholm/lib>) genid;
-
-in {
- users.extraUsers = {
- skype = {
- name = "skype";
- uid = genid "skype";
- description = "user for running skype";
- home = "/home/skype";
- useDefaultShell = true;
- extraGroups = [ "audio" "video" ];
- createHome = true;
- };
- };
-
- krebs.per-user.skype.packages = [
- pkgs.skype
- ];
-
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(skype) NOPASSWD: ALL
- '';
-}
diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix
deleted file mode 100644
index 942446b01..000000000
--- a/nin/2configs/termite.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- environment.systemPackages = [
- pkgs.termite
- ];
-
- krebs.per-user.nin.packages = let
- termitecfg = pkgs.writeTextFile {
- name = "termite-config";
- destination = "/etc/xdg/termite/config";
- text = ''
- [colors]
- foreground = #d0d7d0
- background = #000000
- '';
- };
- in [
- termitecfg
- ];
-
-}
diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix
deleted file mode 100644
index 7b5d37611..000000000
--- a/nin/2configs/vim.nix
+++ /dev/null
@@ -1,355 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- out = {
- environment.systemPackages = [
- vim
- pkgs.pythonPackages.flake8
- ];
-
- environment.etc.vimrc.source = vimrc;
-
- environment.variables.EDITOR = mkForce "vim";
- environment.variables.VIMINIT = ":so /etc/vimrc";
- };
-
- vimrc = pkgs.writeText "vimrc" ''
- set nocompatible
-
- set autoindent
- set backspace=indent,eol,start
- set backup
- set backupdir=${dirs.backupdir}/
- set directory=${dirs.swapdir}//
- set hlsearch
- set incsearch
- set laststatus=2
- set mouse=a
- set noruler
- set pastetoggle=<INS>
- set runtimepath=${extra-runtimepath},$VIMRUNTIME
- set shortmess+=I
- set showcmd
- set showmatch
- set ttimeoutlen=0
- set undodir=${dirs.undodir}
- set undofile
- set undolevels=1000000
- set undoreload=1000000
- set viminfo='20,<1000,s100,h,n${files.viminfo}
- set visualbell
- set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
- set wildmenu
- set wildmode=longest,full
-
- set et ts=2 sts=2 sw=2
-
- filetype plugin indent on
-
- set t_Co=256
- colorscheme hack
- syntax on
-
- au Syntax * syn match Garbage containedin=ALL /\s\+$/
- \ | syn match TabStop containedin=ALL /\t\+/
- \ | syn keyword Todo containedin=ALL TODO
-
- au BufRead,BufNewFile *.hs so ${hs.vim}
-
- au BufRead,BufNewFile *.nix so ${nix.vim}
-
- au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
-
- "Syntastic config
- let g:syntastic_python_checkers=['flake8']
-
- nmap <esc>q :buffer
- nmap <M-q> :buffer
-
- cnoremap <C-A> <Home>
-
- noremap <C-c> :q<cr>
- vnoremap < <gv
- vnoremap > >gv
-
- nnoremap <esc>[5^ :tabp<cr>
- nnoremap <esc>[6^ :tabn<cr>
- nnoremap <esc>[5@ :tabm -1<cr>
- nnoremap <esc>[6@ :tabm +1<cr>
-
- nnoremap <f1> :tabp<cr>
- nnoremap <f2> :tabn<cr>
- inoremap <f1> <esc>:tabp<cr>
- inoremap <f2> <esc>:tabn<cr>
-
- " <C-{Up,Down,Right,Left>
- noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
- noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
- noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
- noremap <esc>Od <nop> | noremap! <esc>Od <nop>
- " <[C]S-{Up,Down,Right,Left>
- noremap <esc>[a <nop> | noremap! <esc>[a <nop>
- noremap <esc>[b <nop> | noremap! <esc>[b <nop>
- noremap <esc>[c <nop> | noremap! <esc>[c <nop>
- noremap <esc>[d <nop> | noremap! <esc>[d <nop>
- vnoremap u <nop>
- '';
-
- extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
- pkgs.vimPlugins.Syntastic
- pkgs.vimPlugins.undotree
- pkgs.vimPlugins.airline
- (pkgs.vimUtils.buildVimPlugin {
- name = "file-line-1.0";
- src = pkgs.fetchgit {
- url = git://github.com/bogado/file-line;
- rev = "refs/tags/1.0";
- sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
- };
- })
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "hack";
- in {
- name = "vim-color-${name}-1.0.2";
- destination = "/colors/${name}.vim";
- text = /* vim */ ''
- set background=dark
- hi clear
- if exists("syntax_on")
- syntax clear
- endif
-
- let colors_name = ${toJSON name}
-
- hi Normal ctermbg=235
- hi Comment ctermfg=242
- hi Constant ctermfg=062
- hi Identifier ctermfg=068
- hi Function ctermfg=041
- hi Statement ctermfg=167
- hi PreProc ctermfg=167
- hi Type ctermfg=041
- hi Delimiter ctermfg=251
- hi Special ctermfg=062
-
- hi Garbage ctermbg=088
- hi TabStop ctermbg=016
- hi Todo ctermfg=174 ctermbg=NONE
-
- hi NixCode ctermfg=148
- hi NixData ctermfg=149
- hi NixQuote ctermfg=150
-
- hi diffNewFile ctermfg=207
- hi diffFile ctermfg=207
- hi diffLine ctermfg=207
- hi diffSubname ctermfg=207
- hi diffAdded ctermfg=010
- hi diffRemoved ctermfg=009
- '';
- })))
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "vim";
- in {
- name = "vim-syntax-${name}-1.0.0";
- destination = "/syntax/${name}.vim";
- text = /* vim */ ''
- ${concatMapStringsSep "\n" (s: /* vim */ ''
- syn keyword vimColor${s} ${s}
- \ containedin=ALLBUT,vimComment,vimLineComment
- hi vimColor${s} ctermfg=${s}
- '') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
- '';
- })))
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "showsyntax";
- in {
- name = "vim-plugin-${name}-1.0.0";
- destination = "/plugin/${name}.vim";
- text = /* vim */ ''
- if exists('g:loaded_showsyntax')
- finish
- endif
- let g:loaded_showsyntax = 0
-
- fu! ShowSyntax()
- let id = synID(line("."), col("."), 1)
- let name = synIDattr(id, "name")
- let transName = synIDattr(synIDtrans(id),"name")
- if name != transName
- let name .= " (" . transName . ")"
- endif
- echo "Syntax: " . name
- endfu
-
- command! -n=0 -bar ShowSyntax :call ShowSyntax()
- '';
- })))
- ];
-
- dirs = {
- backupdir = "$HOME/.cache/vim/backup";
- swapdir = "$HOME/.cache/vim/swap";
- undodir = "$HOME/.cache/vim/undo";
- };
- files = {
- viminfo = "$HOME/.cache/vim/info";
- };
-
- mkdirs = let
- dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
- in assert out != ""; out;
- alldirs = attrValues dirs ++ map dirOf (attrValues files);
- in unique (sort lessThan alldirs);
-
- vim = pkgs.writeDashBin "vim" ''
- set -efu
- (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
- exec ${pkgs.vim}/bin/vim "$@"
- '';
-
-
- hs.vim = pkgs.writeText "hs.vim" ''
- syn region String start=+\[[[:alnum:]]*|+ end=+|]+
-
- hi link ConId Identifier
- hi link VarId Identifier
- hi link hsDelimiter Delimiter
- '';
-
- nix.vim = pkgs.writeText "nix.vim" ''
- setf nix
-
- " Ref <nix/src/libexpr/lexer.l>
- syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
- syn match NixINT /\<[0-9]\+\>/
- syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
- syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
- syn region NixSTRING
- \ matchgroup=NixSTRING
- \ start='"'
- \ skip='\\"'
- \ end='"'
- syn region NixIND_STRING
- \ matchgroup=NixIND_STRING
- \ start="'''"
- \ skip="'''\('\|[$]\|\\[nrt]\)"
- \ end="'''"
-
- syn match NixOther /[():/;=.,?\[\]]/
-
- syn match NixCommentMatch /\(^\|\s\)#.*/
- syn region NixCommentRegion start="/\*" end="\*/"
-
- hi link NixCode Statement
- hi link NixData Constant
- hi link NixComment Comment
-
- hi link NixCommentMatch NixComment
- hi link NixCommentRegion NixComment
- hi link NixID NixCode
- hi link NixINT NixData
- hi link NixPATH NixData
- hi link NixHPATH NixData
- hi link NixSPATH NixData
- hi link NixURI NixData
- hi link NixSTRING NixData
- hi link NixIND_STRING NixData
-
- hi link NixEnter NixCode
- hi link NixOther NixCode
- hi link NixQuote NixData
-
- syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
- syn cluster nix_ind_strings contains=NixIND_STRING
- syn cluster nix_strings contains=NixSTRING
-
- ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
- startAlts = filter isString [
- ''/\* ${lang} \*/''
- extraStart
- ];
- sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
- in /* vim */ ''
- syn include @nix_${lang}_syntax syntax/${lang}.vim
- unlet b:current_syntax
-
- syn match nix_${lang}_sigil
- \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
- \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
- \ transparent
-
- syn region nix_${lang}_region_STRING
- \ matchgroup=NixSTRING
- \ start='"'
- \ skip='\\"'
- \ end='"'
- \ contained
- \ contains=@nix_${lang}_syntax
- \ transparent
-
- syn region nix_${lang}_region_IND_STRING
- \ matchgroup=NixIND_STRING
- \ start="'''"
- \ skip="'''\('\|[$]\|\\[nrt]\)"
- \ end="'''"
- \ contained
- \ contains=@nix_${lang}_syntax
- \ transparent
-
- syn cluster nix_ind_strings
- \ add=nix_${lang}_region_IND_STRING
-
- syn cluster nix_strings
- \ add=nix_${lang}_region_STRING
-
- syn cluster nix_has_dollar_curly
- \ add=@nix_${lang}_syntax
- '') {
- c = {};
- cabal = {};
- haskell = {};
- sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
- vim.extraStart =
- ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
- })}
-
- " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
- syn clear shVarAssign
-
- syn region nixINSIDE_DOLLAR_CURLY
- \ matchgroup=NixEnter
- \ start="[$]{"
- \ end="}"
- \ contains=TOP
- \ containedin=@nix_has_dollar_curly
- \ transparent
-
- syn region nix_inside_curly
- \ matchgroup=NixEnter
- \ start="{"
- \ end="}"
- \ contains=TOP
- \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
- \ transparent
-
- syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
- \ containedin=@nix_ind_strings
- \ contained
-
- syn match NixQuote /\\./he=s+1
- \ containedin=@nix_strings
- \ contained
-
- syn sync fromstart
-
- let b:current_syntax = "nix"
-
- set isk=@,48-57,_,192-255,-,'
- set bg=dark
- '';
-in
-out
diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix
deleted file mode 100644
index 6c0fb313e..000000000
--- a/nin/2configs/weechat.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- inherit (import <stockholm/lib>) genid;
-in {
- krebs.per-user.chat.packages = with pkgs; [
- mosh
- weechat
- tmux
- ];
-
- users.extraUsers.chat = {
- home = "/home/chat";
- uid = genid "chat";
- useDefaultShell = true;
- createHome = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.nin.pubkey
- ];
- };
-}
diff --git a/nin/default.nix b/nin/default.nix
deleted file mode 100644
index c31d6d949..000000000
--- a/nin/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-_:
-{
- imports = [
- ../krebs
- ./2configs
- ];
-}
diff --git a/nin/krops.nix b/nin/krops.nix
deleted file mode 100644
index fef8cc38b..000000000
--- a/nin/krops.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ name }: let
- inherit (import ../krebs/krops.nix { inherit name; })
- krebs-source
- lib
- pkgs
- ;
-
- source = { test }: lib.evalSource [
- krebs-source
- {
- nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix";
- secrets = if test then {
- file = toString ./0tests/dummysecrets;
- } else {
- pass = {
- dir = "${lib.getEnv "HOME"}/.password-store";
- name = "hosts/${name}";
- };
- };
- }
- ];
-
-in {
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
- deploy = pkgs.krops.writeDeploy "${name}-deploy" {
- source = source { test = false; };
- target = "root@${name}/var/src";
- };
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
- test = { target }: pkgs.krops.writeTest "${name}-test" {
- force = true;
- inherit target;
- source = source { test = true; };
- };
-}
diff --git a/submodules/krops b/submodules/krops
-Subproject e2b29654251367545700154ffbac806705dd04c
+Subproject eb68146cc4848cfc0c0339c72a44a96fdeb4a1d
diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix
index c26d4ab30..a653ce40d 100644
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@@ -15,7 +15,7 @@ with import <stockholm/lib>;
# hardware configuration
boot.initrd.luks.devices.muca = {
- device = "/dev/disk/by-uuid/a8796bb3-6c03-4ddf-b2e4-c2e44c51d352";
+ device = "/dev/disk/by-uuid/7b24a931-40b6-44a6-ba22-c805cf164e91";
};
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ];
boot.initrd.availableKernelModules = [ "ahci" ];
@@ -25,16 +25,17 @@ with import <stockholm/lib>;
fileSystems = {
"/" = {
device = "/dev/mapper/muvga-root";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ fsType = "ext4";
+ options = [ "defaults" "discard" ];
};
"/home" = {
device = "/dev/mapper/muvga-home";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ fsType = "ext4";
+ options = [ "defaults" "discard" ];
};
"/boot" = {
- device = "/dev/disk/by-uuid/DC38-F165";
+ device = "/dev/disk/by-uuid/CEB1-9743";
+ fsType = "vfat";
};
};
diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix
index 01d67b5f5..6e7944cdf 100644
--- a/tv/1systems/querel/config.nix
+++ b/tv/1systems/querel/config.nix
@@ -25,7 +25,6 @@ with import <stockholm/lib>;
};
environment.systemPackages = with pkgs; [
- chromium
firefoxWrapper
gimp
kate
@@ -63,8 +62,6 @@ with import <stockholm/lib>;
networking.networkmanager.enable = true;
- nixpkgs.config.chromium.enablePepperFlash = true;
-
programs.ssh.startAgent = false;
services.xserver.enable = true;
diff --git a/tv/2configs/bash/default.nix b/tv/2configs/bash/default.nix
index b75ad8bfc..d7673931c 100644
--- a/tv/2configs/bash/default.nix
+++ b/tv/2configs/bash/default.nix
@@ -13,6 +13,20 @@ with import <stockholm/lib>;
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
+
+ case $UID in
+ ${shell.escape (toString config.krebs.users.tv.uid)})
+ if test ''${SHLVL-1} = 1; then
+ case ''${XMONAD_SPAWN_WORKSPACE-} in
+ stockholm)
+ cd ~/stockholm
+ ;;
+ esac
+ fi
+
+ export NIX_PATH="stockholm=$HOME/stockholm:$NIX_PATH"
+ ;;
+ esac
'';
promptInit = /* sh */ ''
case $UID in
@@ -32,14 +46,6 @@ with import <stockholm/lib>;
if test -n "$SSH_AGENT_PID"; then
PS1="ssh-agent[$SSH_AGENT_PID] $PS1"
fi
-
- if test ''${SHLVL-1} = 1; then
- case ''${XMONAD_SPAWN_WORKSPACE-} in
- stockholm)
- cd ~/stockholm
- ;;
- esac
- fi
'';
};
}
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index d9ddc90d0..484a337b7 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -87,11 +87,6 @@ with import <stockholm/lib>;
export SYSTEM="$1"
exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
'';
- reload = "systemctl reload";
- restart = "systemctl restart";
- start = "systemctl start";
- status = "systemctl status";
- stop = "systemctl stop";
};
environment.variables = {
diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 62c90d4e9..a89d1302c 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -76,6 +76,7 @@ let {
};
} // mapAttrs (_: recursiveUpdate { cgit.section = "3. Haskell libraries"; }) {
blessings = {};
+ hc = {};
mime = {};
quipper = {};
scanner = {};
diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix
index c051b4261..2e679bd14 100644
--- a/tv/2configs/pulse.nix
+++ b/tv/2configs/pulse.nix
@@ -95,7 +95,7 @@ in
users = {
groups.pulse.gid = config.users.users.pulse.uid;
users.pulse = {
- uid = genid "pulse";
+ uid = genid_uint31 "pulse";
group = "pulse";
extraGroups = [ "audio" ];
home = "${runDir}/home";
diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix
index 77947dafa..7467e8e67 100644
--- a/tv/2configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
@@ -27,11 +27,6 @@ in {
# 2014-09-24 ref https://github.com/4z3/xintmap
http://www.mathstat.dal.ca/~selinger/quipper/
- ## other
-
- https://nixos.org/channels/nixos-18.03/git-revision
- https://nixos.org/channels/nixos-unstable/git-revision
-
## 2014-10-17
## TODO update ~/src/login/default.nix
#http://hackage.haskell.org/package/bcrypt
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 2ac7f7518..3794628c1 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -14,8 +14,25 @@ let {
};
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
+ # cannot use pkgs.vimPlugins.fzf-vim as it's missing :Rg
+ (pkgs.vimUtils.buildVimPlugin {
+ name = "fzf-2018-11-14";
+ src = pkgs.fetchgit {
+ url = https://github.com/junegunn/fzf.vim;
+ rev = "ad1833ecbc9153b6e34a4292dc089a58c4bcb8dc";
+ sha256 = "1z2q71q6l9hq9fqfqpj1svhyk4yk1bzw1ljhksx4bnpz8gkfbx2m";
+ };
+ })
+ pkgs.vimPlugins.fzfWrapper
pkgs.vimPlugins.undotree
- pkgs.vimPlugins.vim-elixir
+ (pkgs.vimUtils.buildVimPlugin {
+ name = "vim-elixir-2018-08-17";
+ src = pkgs.fetchgit {
+ url = https://github.com/elixir-editors/vim-elixir;
+ rev = "0a847f0faed5ba2d94bb3d51f355c50f37ba025b";
+ sha256 = "1jl85wpgywhcvhgw02y8zpvqf0glr4i8522kxpvhsiacb1v1xh04";
+ };
+ })
(pkgs.vimUtils.buildVimPlugin {
name = "vim-syntax-jq";
src = pkgs.fetchgit {
@@ -112,7 +129,7 @@ let {
command! -n=0 -bar ShowSyntax :call ShowSyntax()
'';
})))
- ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" {
+ ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-syntax-nix-nested" {
"/syntax/haskell.vim".text = /* vim */ ''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
@@ -222,26 +239,58 @@ let {
" This is required because containedin isn't transitive.
syn cluster nix_has_dollar_curly
\ add=@nix_${lang}_syntax
- '') {
+ '') (let
+
+ capitalize = s: let
+ xs = stringToCharacters s;
+ in
+ toUpper (head xs) + concatStrings (tail xs);
+
+ alts = xs: ''\(${concatStringsSep ''\|'' xs}\)'';
+ def = k: ''${k}[ \t\r\n]*='';
+ writer = k: ''write${k}[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)'';
+
+ in {
c = {};
cabal = {};
diff = {};
haskell = {};
- jq.extraStart = concatStringsSep ''\|'' [
- ''writeJq.*''
+ jq.extraStart = alts [
+ (writer "Jq")
''write[^ \t\r\n]*[ \t\r\n]*"[^"]*\.jq"''
];
+ javascript.extraStart = ''/\* js \*/'';
lua = {};
- sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
- sh.extraStart = concatStringsSep ''\|'' [
- ''write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''
- ''[a-z]*Phase[ \t\r\n]*=''
+ python.extraStart = ''/\* py \*/'';
+ sed.extraStart = writer "Sed";
+ sh.extraStart = let
+ phases = [
+ "unpack"
+ "patch"
+ "configure"
+ "build"
+ "check"
+ "install"
+ "fixup"
+ "installCheck"
+ "dist"
+ ];
+ shells = [
+ "ash"
+ "bash"
+ "dash"
+ ];
+ in alts [
+ (def "shellHook")
+ (def "${alts phases}Phase")
+ (def "${alts ["pre" "post"]}${alts (map capitalize phases)}")
+ (writer (alts (map capitalize shells)))
];
yaml = {};
vim.extraStart =
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
xdefaults = {};
- })}
+ }))}
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
syn clear shVarAssign
@@ -309,6 +358,11 @@ let {
paths = [
(pkgs.writeDashBin "vim" ''
set -efu
+ export FZF_DEFAULT_COMMAND='${pkgs.ripgrep}/bin/rg --files'
+ export PATH=$PATH:${makeBinPath [
+ pkgs.fzf
+ pkgs.ripgrep
+ ]}
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString need-dirs})
exec ${pkgs.vim}/bin/vim "$@"
'')
@@ -333,6 +387,7 @@ let {
set shortmess+=I
set showcmd
set showmatch
+ set timeoutlen=0
set ttimeoutlen=0
set undodir=${dirs.undodir}
set undofile
@@ -385,5 +440,13 @@ let {
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
vnoremap u <nop>
+
+ " fzf
+ nnoremap <esc>q :Files<cr>
+ nnoremap <esc>w :Rg<cr>
+
+ " edit alternate buffer
+ " For some reason neither putting <ctrl>6 nor <ctrl>^ works here...
+ nnoremap <esc>a 
'';
}
diff --git a/tv/2configs/xp-332.nix b/tv/2configs/xp-332.nix
index 627401dc6..4a0b0ae16 100644
--- a/tv/2configs/xp-332.nix
+++ b/tv/2configs/xp-332.nix
@@ -11,7 +11,7 @@ with import <stockholm/lib>;
hardware.sane = {
enable = true;
extraBackends = [
- pkgs.utsushi
+ pkgs.utsushi-customized
];
};
@@ -19,7 +19,7 @@ with import <stockholm/lib>;
elem (parseDrvName pkg.name).name [ "imagescan-plugin-networkscan" ];
nixpkgs.overlays = singleton (self: super: {
- utsushi = super.utsushi.override {
+ utsushi-customized = self.utsushi.override {
guiSupport = false;
jpegSupport = false;
networkSupport = true;
diff --git a/tv/2configs/xserver/Xresources.nix b/tv/2configs/xserver/Xresources.nix
index 1d4044480..d032efc7d 100644
--- a/tv/2configs/xserver/Xresources.nix
+++ b/tv/2configs/xserver/Xresources.nix
@@ -50,4 +50,9 @@ pkgs.writeText "Xresources" /* xdefaults */ ''
root-urxvt*foreground: #e0c0c0
root-urxvt*BorderColor: #400000
root-urxvt*color0: #800000
+
+ fzmenu-urxvt*background: rgb:42/23/42
+ fzmenu-urxvt*externalBorder: 1
+ fzmenu-urxvt*geometry: 70x9
+ fzmenu-urxvt*internalBorder: 1
''
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index dbfa804d2..8d4b13fad 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -24,17 +24,6 @@ in {
pkgs.xlibs.fontschumachermisc
];
- # TODO dedicated group, i.e. with a single user [per-user-setuid]
- # TODO krebs.setuid.slock.path vs /run/wrappers/bin
- krebs.setuid.slock = {
- filename = "${pkgs.slock}/bin/slock";
- group = "wheel";
- envp = {
- DISPLAY = ":${toString config.services.xserver.display}";
- USER = cfg.user.name;
- };
- };
-
services.xserver = {
# Don't install feh into systemPackages
@@ -57,12 +46,19 @@ in {
systemd.services.display-manager.enable = false;
- systemd.services.xmonad = {
+ systemd.services.xmonad = let
+ xmonad = "${pkgs.haskellPackages.xmonad-tv}/bin/xmonad";
+ in {
wantedBy = [ "graphical.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
+ FZMENU_FZF_DEFAULT_OPTS = toString [
+ "--color=dark,border:126,bg+:090"
+ "--inline-info"
+ ];
+
XMONAD_CACHE_DIR = cfg.cacheDir;
XMONAD_CONFIG_DIR = cfg.configDir;
XMONAD_DATA_DIR = cfg.dataDir;
@@ -88,6 +84,14 @@ in {
"za" "zh" "zj" "zs"
]);
};
+ path = [
+ config.tv.slock.package
+ pkgs.fzmenu
+ pkgs.pulseaudioLight.out
+ pkgs.rxvt_unicode
+ pkgs.xcalib
+ "/run/wrappers" # for su
+ ];
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [
@@ -95,8 +99,8 @@ in {
"\${XMONAD_CONFIG_DIR}"
"\${XMONAD_DATA_DIR}"
]}";
- ExecStart = "${pkgs.xmonad-tv}/bin/xmonad";
- ExecStop = "${pkgs.xmonad-tv}/bin/xmonad --shutdown";
+ ExecStart = "@${xmonad} xmonad-${currentSystem} ";
+ ExecStop = "@${xmonad} xmonad-${currentSystem} --shutdown";
User = cfg.user.name;
WorkingDirectory = cfg.user.home;
};
@@ -142,4 +146,9 @@ in {
User = cfg.user.name;
};
};
+
+ tv.slock = {
+ enable = true;
+ user = cfg.user;
+ };
}
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index 493cc8b72..f53a58e9a 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -1,10 +1,12 @@
{
imports = [
./charybdis
+ ./dnsmasq.nix
./ejabberd
./hosts.nix
./iptables.nix
./nixpkgs-overlays.nix
+ ./slock.nix
./x0vncserver.nix
];
}
diff --git a/tv/3modules/dnsmasq.nix b/tv/3modules/dnsmasq.nix
new file mode 100644
index 000000000..ec927f98a
--- /dev/null
+++ b/tv/3modules/dnsmasq.nix
@@ -0,0 +1,57 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+ cfg = config.tv.dnsmasq;
+in {
+
+ options.tv.dnsmasq = {
+ enable = mkEnableOption "tv.dnsmasq";
+ dhcp-range = mkOption {
+ type = types.str;
+ };
+ interface = mkOption {
+ type = types.str;
+ };
+ address = mkOption {
+ type = types.str;
+ };
+ prefixLength = mkOption {
+ type = types.addCheck types.int (x: x >= 0 && x <= 32);
+ };
+ };
+
+ config = mkIf cfg.enable (mkMerge [
+ {
+ networking.dhcpcd.denyInterfaces = [ cfg.interface ];
+ services.dnsmasq.resolveLocalQueries = false;
+ networking.interfaces.${cfg.interface} = {
+ ipv4.addresses = singleton {
+ address = cfg.address;
+ prefixLength = cfg.prefixLength;
+ };
+ };
+ services.dnsmasq.enable = true;
+ services.dnsmasq.extraConfig = ''
+ dhcp-range=${cfg.dhcp-range}
+ interface=${cfg.interface}
+ '';
+ tv.iptables.extra.filter.INPUT = [
+ "-i ${cfg.interface} -p tcp -m tcp --dport bootps -j ACCEPT"
+ "-i ${cfg.interface} -p udp -m udp --dport bootps -j ACCEPT"
+ "-i ${cfg.interface} -p tcp -m tcp --dport domain -j ACCEPT"
+ "-i ${cfg.interface} -p udp -m udp --dport domain -j ACCEPT"
+ ];
+ }
+ {
+ # enable forwarding
+ boot.kernel.sysctl."net.ipv4.ip_forward" = true;
+ tv.iptables.extra.filter.FORWARD = [
+ "-m state --state RELATED,ESTABLISHED -j ACCEPT"
+ "-i ${cfg.interface} -j ACCEPT"
+ ];
+ tv.iptables.extra.nat.POSTROUTING = [
+ "-j MASQUERADE"
+ ];
+ }
+ ]);
+
+}
diff --git a/tv/3modules/ejabberd/config.nix b/tv/3modules/ejabberd/config.nix
index 68bcfa340..a0631e226 100644
--- a/tv/3modules/ejabberd/config.nix
+++ b/tv/3modules/ejabberd/config.nix
@@ -87,7 +87,6 @@ in /* yaml */ ''
mod_configure: {}
mod_disco: {}
mod_echo: {}
- mod_irc: {}
mod_bosh: {}
mod_last: {}
mod_offline:
diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix
new file mode 100644
index 000000000..1c84b1e9e
--- /dev/null
+++ b/tv/3modules/slock.nix
@@ -0,0 +1,71 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+ cfg = config.tv.slock;
+in {
+ options.tv.slock = {
+ enable = mkEnableOption "tv.slock";
+ package = mkOption {
+ default = pkgs.execBin "slock" rec {
+ filename = "${pkgs.systemd}/bin/systemctl";
+ argv = [ filename "start" "slock-${cfg.user.name}.service" ];
+ };
+ type = types.package;
+ };
+ user = mkOption {
+ type = types.user;
+ };
+ };
+ config = mkIf cfg.enable {
+ security.polkit.extraConfig = /* js */ ''
+ polkit.addRule(function(action, subject) {
+ if (action.id == "org.freedesktop.systemd1.manage-units" &&
+ action.lookup("unit") == "slock-${cfg.user.name}.service" &&
+ subject.user == ${toJSON cfg.user.name}) {
+ return polkit.Result.YES;
+ }
+ });
+ '';
+ systemd.services."slock-${cfg.user.name}" = {
+ environment = {
+ DISPLAY = ":${toString config.services.xserver.display}";
+ LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" {
+ passAsFile = ["text"];
+ text = /* c */ ''
+ #include <shadow.h>
+ #include <unistd.h>
+
+ static struct spwd entry = {
+ .sp_namp = "",
+ .sp_pwdp =
+ ${toC config.users.users.${cfg.user.name}.hashedPassword},
+ .sp_lstchg = 0,
+ .sp_min = 0,
+ .sp_max = 0,
+ .sp_warn = 0,
+ .sp_inact = 0,
+ .sp_expire = 0,
+ .sp_flag = 0,
+ };
+
+ extern struct spwd *getspnam(const char *name) { return &entry; }
+ extern int setgroups(size_t size, const gid_t *list) { return 0; }
+ extern int setgid(gid_t gid) { return 0; }
+ extern int setuid(uid_t uid) { return 0; }
+ '';
+ } /* sh */ ''
+ gcc -Wall -shared -o $out -xc "$textPath"
+ '';
+ };
+ restartIfChanged = false;
+ serviceConfig = {
+ ExecStart = "${pkgs.slock}/bin/slock";
+ OOMScoreAdjust = -1000;
+ Restart = "on-failure";
+ RestartSec = "100ms";
+ StartLimitBurst = 0;
+ SyslogIdentifier = "slock";
+ User = cfg.user.name;
+ };
+ };
+ };
+}
diff --git a/tv/5pkgs/haskell/default.nix b/tv/5pkgs/haskell/default.nix
new file mode 100644
index 000000000..fcede2f9c
--- /dev/null
+++ b/tv/5pkgs/haskell/default.nix
@@ -0,0 +1,20 @@
+with import <stockholm/lib>;
+let
+ overrides = self: super:
+ mapNixDir (path: self.callPackage path {}) [
+ <stockholm/krebs/5pkgs/haskell>
+ ./.
+ ];
+in
+ self: super: {
+ haskell = super.haskell // {
+ packages = mapAttrs (name: value:
+ if hasAttr "override" value
+ then value.override { inherit overrides; }
+ else value
+ ) super.haskell.packages;
+ };
+ haskellPackages = super.haskellPackages.override {
+ inherit overrides;
+ };
+ }
diff --git a/tv/5pkgs/haskell/xmonad-tv/default.nix b/tv/5pkgs/haskell/xmonad-tv/default.nix
new file mode 100644
index 000000000..42eb13d41
--- /dev/null
+++ b/tv/5pkgs/haskell/xmonad-tv/default.nix
@@ -0,0 +1,15 @@
+{ mkDerivation, base, containers, directory, extra, stdenv, unix
+, X11, xmonad, xmonad-contrib, xmonad-stockholm
+}:
+mkDerivation {
+ pname = "xmonad-tv";
+ version = "1.0.0";
+ src = ./src;
+ isLibrary = false;
+ isExecutable = true;
+ executableHaskellDepends = [
+ base containers directory extra unix X11 xmonad xmonad-contrib
+ xmonad-stockholm
+ ];
+ license = stdenv.lib.licenses.mit;
+}
diff --git a/tv/5pkgs/haskell/xmonad-tv/shell.nix b/tv/5pkgs/haskell/xmonad-tv/shell.nix
new file mode 100644
index 000000000..936e69627
--- /dev/null
+++ b/tv/5pkgs/haskell/xmonad-tv/shell.nix
@@ -0,0 +1,78 @@
+{ compiler ? "default" }: let
+
+ stockholm = import <stockholm>;
+
+ inherit (stockholm.systems.${lib.krops.getHostName}) config pkgs;
+ inherit (stockholm) lib;
+
+ haskellPackages =
+ if compiler == "default"
+ then pkgs.haskellPackages
+ else pkgs.haskell.packages.${compiler};
+
+ xmonadDrv = haskellPackages.callPackage (import ./.) {};
+
+in
+
+ lib.overrideDerivation xmonadDrv.env (oldAttrs: {
+ shellHook = ''
+ pkg_name=${lib.shell.escape (lib.baseNameOf (toString ./.))}
+
+ WORKDIR=${toString ./src}
+ CACHEDIR=$HOME/tmp/$pkg_name
+ HISTFILE=$CACHEDIR/bash_history
+
+ mkdir -p "$CACHEDIR"
+
+ config_XMONAD_CACHE_DIR=${lib.shell.escape
+ config.systemd.services.xmonad.environment.XMONAD_CACHE_DIR
+ }
+
+ xmonad=$CACHEDIR/xmonad-${lib.currentSystem}
+
+ xmonad_build() {(
+ set -efu
+ cd "$WORKDIR"
+ options=$(
+ ${pkgs.cabal-read}/bin/ghc-options "$WORKDIR/$pkg_name.cabal" xmonad
+ )
+ ghc $options \
+ -odir "$CACHEDIR" \
+ -hidir "$CACHEDIR" \
+ -o "$xmonad" \
+ main.hs
+ )}
+
+ xmonad_restart() {(
+ set -efu
+ cd "$WORKDIR"
+ if systemctl is-active xmonad; then
+ sudo systemctl stop xmonad
+ cp -b "$config_XMONAD_CACHE_DIR"/xmonad.state "$CACHEDIR"/
+ echo "xmonad.state: $(cat "$CACHEDIR"/xmonad.state)"
+ else
+ "$xmonad" --shutdown || :
+ fi
+ "$xmonad" &
+ echo xmonad pid: $! >&2
+ )}
+
+ xmonad_yield() {(
+ set -efu
+ "$xmonad" --shutdown
+ cp -b "$CACHEDIR"/xmonad.state "$config_XMONAD_CACHE_DIR"/
+ sudo systemctl start xmonad
+ )}
+
+ export PATH=${config.systemd.services.xmonad.path}:$PATH
+ export SHELL=/run/current-system/sw/bin/bash
+
+ export XMONAD_CACHE_DIR="$CACHEDIR"
+ export XMONAD_DATA_DIR="$CACHEDIR"
+ export XMONAD_CONFIG_DIR=/var/empty
+
+ unset XMONAD_STARTUP_HOOK
+
+ cd "$WORKDIR"
+ '';
+ })
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs b/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs
new file mode 100644
index 000000000..1029d60be
--- /dev/null
+++ b/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs
@@ -0,0 +1,15 @@
+module Helpers.Path where
+
+import qualified Data.List
+import qualified System.Directory
+import qualified System.IO.Unsafe
+
+
+findExecutable :: String -> FilePath
+findExecutable =
+ System.IO.Unsafe.unsafePerformIO . find
+ where
+ find name =
+ maybe failure id <$> System.Directory.findExecutable name
+ where
+ failure = error (Data.List.intercalate " " [name, "not found"])
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs
new file mode 100644
index 000000000..3a879b5d0
--- /dev/null
+++ b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs
@@ -0,0 +1,25 @@
+module Paths where
+
+import Helpers.Path
+
+
+otpmenu :: FilePath
+otpmenu = findExecutable "otpmenu"
+
+pactl :: FilePath
+pactl = findExecutable "pactl"
+
+passmenu :: FilePath
+passmenu = findExecutable "passmenu"
+
+slock :: FilePath
+slock = findExecutable "slock"
+
+su :: FilePath
+su = findExecutable "su"
+
+urxvtc :: FilePath
+urxvtc = findExecutable "urxvtc"
+
+xcalib :: FilePath
+xcalib = findExecutable "xcalib"
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs
new file mode 100644
index 000000000..b7d4e9bca
--- /dev/null
+++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs
@@ -0,0 +1,206 @@
+{-# LANGUAGE DeriveDataTypeable #-} -- for XS
+{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE ScopedTypeVariables #-}
+
+
+module Main (main) where
+
+import System.Exit (exitFailure)
+
+import Control.Exception
+import Control.Monad.Extra (whenJustM)
+import Graphics.X11.ExtraTypes.XF86
+import Text.Read (readEither)
+import XMonad
+import System.IO (hPutStrLn, stderr)
+import System.Environment (getArgs, getEnv, getEnvironment, lookupEnv)
+import System.Posix.Process (executeFile)
+import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
+ , removeEmptyWorkspace)
+import XMonad.Actions.CycleWS (toggleWS)
+import XMonad.Layout.NoBorders ( smartBorders )
+import XMonad.Layout.ResizableTile (ResizableTall(ResizableTall))
+import XMonad.Layout.ResizableTile (MirrorResize(MirrorExpand,MirrorShrink))
+import qualified XMonad.StackSet as W
+import Data.Map (Map)
+import qualified Data.Map as Map
+import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
+import XMonad.Hooks.ManageHelpers (doCenterFloat)
+import XMonad.Hooks.Place (placeHook, smart)
+import XMonad.Actions.PerWorkspaceKeys (chooseAction)
+
+import XMonad.Stockholm.Pager
+import XMonad.Stockholm.Shutdown
+import qualified Paths
+
+
+myFont :: String
+myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
+
+
+main :: IO ()
+main = getArgs >>= \case
+ [] -> mainNoArgs
+ ["--shutdown"] -> shutdown
+ args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure
+
+
+mainNoArgs :: IO ()
+mainNoArgs = do
+ let width = 1366
+ workspaces0 <- getWorkspaces0
+ handleShutdownEvent <- newShutdownEventHandler
+ xmonad
+ $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
+ $ def
+ { terminal = Paths.urxvtc
+ , modMask = mod4Mask
+ , keys = myKeys
+ , workspaces = workspaces0
+ , layoutHook =
+ smartBorders $
+ ResizableTall
+ 1
+ (10 * 6 / width)
+ ((80 * 6 + 2 * (1+1+1))/width) []
+ |||
+ Full
+ , manageHook =
+ composeAll
+ [ appName =? "fzmenu-urxvt" --> doCenterFloat
+ , appName =? "pinentry" --> doCenterFloat
+ , placeHook (smart (1,0))
+ ]
+ , startupHook =
+ whenJustM (io (lookupEnv "XMONAD_STARTUP_HOOK"))
+ (\path -> forkFile path [] Nothing)
+ , normalBorderColor = "#1c1c1c"
+ , focusedBorderColor = "#f000b0"
+ , handleEventHook = handleShutdownEvent
+ }
+
+
+getWorkspaces0 :: IO [String]
+getWorkspaces0 =
+ try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
+ Left e -> warn (displaySomeException e)
+ Right p -> try (readFile p) >>= \case
+ Left e -> warn (displaySomeException e)
+ Right x -> case readEither x of
+ Left e -> warn e
+ Right y -> return y
+ where
+ warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
+
+
+displaySomeException :: SomeException -> String
+displaySomeException = displayException
+
+
+forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
+forkFile path args env =
+ xfork (executeFile path False args env) >> return ()
+
+
+spawnRootTerm :: X ()
+spawnRootTerm =
+ forkFile
+ Paths.urxvtc
+ ["-name", "root-urxvt", "-e", Paths.su, "-"]
+ Nothing
+
+
+spawnTermAt :: String -> X ()
+spawnTermAt ws = do
+ env <- io getEnvironment
+ let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env
+ forkFile Paths.urxvtc [] (Just env')
+
+
+myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ())
+myKeys conf = Map.fromList $
+ [ ((_4 , xK_Escape ), forkFile Paths.slock [] Nothing)
+ , ((_4S , xK_c ), kill)
+
+ , ((_4 , xK_o ), forkFile Paths.otpmenu [] Nothing)
+ , ((_4 , xK_p ), forkFile Paths.passmenu [] Nothing)
+
+ , ((_4 , xK_x ), chooseAction spawnTermAt)
+ , ((_4C , xK_x ), spawnRootTerm)
+
+ , ((0 , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
+ , ((_S , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
+ , ((_C , xK_Menu ), toggleWS)
+
+ , ((_4 , xK_space ), sendMessage NextLayout)
+ , ((_4M , xK_space ), resetLayout)
+
+ , ((_4 , xK_m ), windows W.focusMaster)
+ , ((_4 , xK_j ), windows W.focusDown)
+ , ((_4 , xK_k ), windows W.focusUp)
+
+ , ((_4S , xK_m ), windows W.swapMaster)
+ , ((_4S , xK_j ), windows W.swapDown)
+ , ((_4S , xK_k ), windows W.swapUp)
+
+ , ((_4M , xK_h ), sendMessage Shrink)
+ , ((_4M , xK_l ), sendMessage Expand)
+
+ , ((_4M , xK_j ), sendMessage MirrorShrink)
+ , ((_4M , xK_k ), sendMessage MirrorExpand)
+
+ , ((_4 , xK_t ), withFocused $ windows . W.sink)
+
+ , ((_4 , xK_comma ), sendMessage $ IncMasterN 1)
+ , ((_4 , xK_period ), sendMessage $ IncMasterN (-1))
+
+ , ((_4 , xK_a ), addWorkspacePrompt def)
+ , ((_4 , xK_r ), renameWorkspace def)
+ , ((_4 , xK_Delete ), removeEmptyWorkspace)
+
+ , ((_4 , xK_Return ), toggleWS)
+
+ , ((0, xF86XK_AudioLowerVolume), audioLowerVolume)
+ , ((0, xF86XK_AudioRaiseVolume), audioRaiseVolume)
+ , ((0, xF86XK_AudioMute), audioMute)
+
+ , ((_4, xK_Prior), forkFile Paths.xcalib ["-invert", "-alter"] Nothing)
+ ]
+ where
+ _4 = mod4Mask
+ _C = controlMask
+ _S = shiftMask
+ _M = mod1Mask
+ _4C = _4 .|. _C
+ _4S = _4 .|. _S
+ _4M = _4 .|. _M
+ _4CM = _4 .|. _C .|. _M
+ _4SM = _4 .|. _S .|. _M
+
+ pactl args = forkFile Paths.pactl args Nothing
+ audioLowerVolume = pactl ["--", "set-sink-volume", "@DEFAULT_SINK@", "-5%"]
+ audioRaiseVolume = pactl ["--", "set-sink-volume", "@DEFAULT_SINK@", "+5%"]
+ audioMute = pactl ["--", "set-sink-mute", "@DEFAULT_SINK@", "toggle"]
+
+ resetLayout = setLayout $ XMonad.layoutHook conf
+
+
+pagerConfig :: PagerConfig
+pagerConfig = def
+ { pc_font = myFont
+ , pc_cellwidth = 64
+ , pc_matchmethod = MatchPrefix
+ , pc_windowColors = windowColors
+ }
+ where
+ windowColors _ _ _ True _ = ("#ef4242","#ff2323")
+ windowColors wsf m c u wf = do
+ let y = defaultWindowColors wsf m c u wf
+ if m == False && wf == True
+ then ("#402020", snd y)
+ else y
+
+
+allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
+allWorkspaceNames = return . map W.tag . W.workspaces
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal
new file mode 100644
index 000000000..f10bc4aeb
--- /dev/null
+++ b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal
@@ -0,0 +1,25 @@
+name: xmonad-tv
+version: 1.0.0
+license: MIT
+author: tv <tv@krebsco.de>
+maintainer: tv <tv@krebsco.de>
+build-type: Simple
+cabal-version: >=1.10
+
+executable xmonad
+ main-is: main.hs
+ build-depends:
+ base,
+ containers,
+ directory,
+ extra,
+ unix,
+ X11,
+ xmonad,
+ xmonad-contrib,
+ xmonad-stockholm
+ other-modules:
+ Helpers.Path,
+ Paths
+ default-language: Haskell2010
+ ghc-options: -O2 -Wall -threaded
diff --git a/tv/5pkgs/simple/default.nix b/tv/5pkgs/simple/default.nix
index 1b9d8c235..6ba4fec83 100644
--- a/tv/5pkgs/simple/default.nix
+++ b/tv/5pkgs/simple/default.nix
@@ -15,10 +15,4 @@ let
else override;
in
- listToAttrs
- (map
- (name: nameValuePair (removeSuffix ".nix" name)
- (callPackage (./. + "/${name}") {}))
- (filter
- (name: name != "default.nix" && !hasPrefix "." name)
- (attrNames (readDir ./.))))
+ mapNixDir (path: callPackage path {}) ./.
diff --git a/tv/5pkgs/simple/disko.nix b/tv/5pkgs/simple/disko.nix
new file mode 100644
index 000000000..de8f1df22
--- /dev/null
+++ b/tv/5pkgs/simple/disko.nix
@@ -0,0 +1,13 @@
+{ fetchgit }:
+
+let
+ src = fetchgit {
+ url = https://cgit.krebsco.de/disko;
+ rev = "16cd458af06d3caf687eb7d80ca3df26b71fe28c";
+ sha256 = "16cd458af06d3caf687eb7d80ca3df26b71fe28c";
+ };
+in
+
+{
+ lib = import "${src}/lib";
+}
diff --git a/tv/5pkgs/simple/fzmenu/bin/otpmenu b/tv/5pkgs/simple/fzmenu/bin/otpmenu
new file mode 100755
index 000000000..ad8a0fda9
--- /dev/null
+++ b/tv/5pkgs/simple/fzmenu/bin/otpmenu
@@ -0,0 +1,41 @@
+#! /bin/sh
+set -efu
+
+#PATH=
+
+case ${FZMENU_PHASE-0} in
+ 0)
+ export FZMENU_PHASE=1
+ exec setsid -f urxvt -name fzmenu-urxvt -e dash "$0"
+ ;;
+ 1)
+ if result=$(
+ FZF_DEFAULT_OPTS=${FZMENU_FZF_DEFAULT_OPTS-}
+ if test -n "$FZF_DEFAULT_OPTS"; then
+ export FZF_DEFAULT_OPTS
+ fi
+ pass git ls-files '*/otp.gpg' | \
+ sed '
+
+ s/\/otp\.gpg$//
+ ' |
+ exec fzf \
+ --history=/dev/null \
+ --no-sort \
+ --prompt='OTP: ' \
+ )
+ then
+ export FZMENU_PHASE=2
+ export FZMENU_RESULT="$result"
+ setsid -f "$0"
+ fi
+ ;;
+ 2)
+ pass=$(pass otp code "$FZMENU_RESULT/otp")
+ printf %s "$pass" |
+ xdotool type -f -
+ ;;
+ *)
+ echo "$0: error: bad phase: $FZMENU_PHASE" >&2
+ exit -1
+esac
diff --git a/tv/5pkgs/simple/fzmenu/bin/passmenu b/tv/5pkgs/simple/fzmenu/bin/passmenu
new file mode 100755
index 000000000..00b36c3af
--- /dev/null
+++ b/tv/5pkgs/simple/fzmenu/bin/passmenu
@@ -0,0 +1,41 @@
+#! /bin/sh
+set -efu
+
+#PATH=
+
+case ${FZMENU_PHASE-0} in
+ 0)
+ export FZMENU_PHASE=1
+ exec setsid -f urxvt -name fzmenu-urxvt -e dash "$0"
+ ;;
+ 1)
+ if result=$(
+ FZF_DEFAULT_OPTS=${FZMENU_FZF_DEFAULT_OPTS-}
+ if test -n "$FZF_DEFAULT_OPTS"; then
+ export FZF_DEFAULT_OPTS
+ fi
+ pass git ls-files '*/*.gpg' | \
+ sed '
+ /\/otp\.gpg$:/d
+ s/\.gpg$//
+ ' |
+ exec fzf \
+ --history=/dev/null \
+ --no-sort \
+ --prompt='pass: ' \
+ )
+ then
+ export FZMENU_PHASE=2
+ export FZMENU_RESULT="$result"
+ setsid -f "$0"
+ fi
+ ;;
+ 2)
+ pass=$(pass show "$FZMENU_RESULT")
+ printf %s "$pass" |
+ xdotool type -f -
+ ;;
+ *)
+ echo "$0: error: bad phase: $FZMENU_PHASE" >&2
+ exit -1
+esac
diff --git a/tv/5pkgs/simple/fzmenu/default.nix b/tv/5pkgs/simple/fzmenu/default.nix
new file mode 100644
index 000000000..c49c903c6
--- /dev/null
+++ b/tv/5pkgs/simple/fzmenu/default.nix
@@ -0,0 +1,34 @@
+{ coreutils, dash, gnused, fzf, pass, runCommand, rxvt_unicode, stdenv, utillinux, xdotool }:
+
+runCommand "fzmenu" {
+} /* sh */ ''
+ mkdir $out
+
+ cp -r ${./bin} $out/bin
+
+ substituteInPlace $out/bin/otpmenu \
+ --replace '#! /bin/sh' '#! ${dash}/bin/dash' \
+ --replace '#PATH=' PATH=${stdenv.lib.makeBinPath [
+ coreutils
+ dash
+ fzf
+ gnused
+ pass
+ rxvt_unicode
+ utillinux
+ xdotool
+ ]}
+
+ substituteInPlace $out/bin/passmenu \
+ --replace '#! /bin/sh' '#! ${dash}/bin/dash' \
+ --replace '#PATH=' PATH=${stdenv.lib.makeBinPath [
+ coreutils
+ dash
+ fzf
+ gnused
+ pass
+ rxvt_unicode
+ utillinux
+ xdotool
+ ]}
+''
diff --git a/tv/5pkgs/simple/hc.nix b/tv/5pkgs/simple/hc.nix
new file mode 100644
index 000000000..4d325e16c
--- /dev/null
+++ b/tv/5pkgs/simple/hc.nix
@@ -0,0 +1,37 @@
+{ coreutils, fetchgit, findutils, gawk, gnugrep, makeWrapper, qrencode, stdenv, texlive, utillinux, zbar }:
+
+stdenv.mkDerivation rec {
+ name = "hc-${meta.version}";
+
+ src = fetchgit {
+ url = "https://cgit.krebsco.de/hc";
+ rev = "refs/tags/v${meta.version}";
+ sha256 = "09349gja22p0j3xs082kp0fnaaada14bafszn4r3q7rg1id2slfb";
+ };
+
+ nativeBuildInputs = [ makeWrapper ];
+
+ buildPhase = null;
+
+ installPhase = ''
+ mkdir -p $out/bin
+
+ cp $src/bin/hc $out/bin/hc
+
+ wrapProgram $out/bin/hc \
+ --prefix PATH : ${stdenv.lib.makeBinPath [
+ coreutils
+ findutils
+ gawk
+ gnugrep
+ qrencode
+ texlive.combined.scheme-full
+ utillinux
+ zbar
+ ]}
+ '';
+
+ meta = {
+ version = "1.0.0";
+ };
+}
diff --git a/tv/5pkgs/simple/otpmenu.nix b/tv/5pkgs/simple/otpmenu.nix
deleted file mode 100644
index b35e1601f..000000000
--- a/tv/5pkgs/simple/otpmenu.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ dmenu, gnused, pass, writeDashBin, xdotool }:
-
-writeDashBin "otpmenu" ''
- set -efu
-
- x=$(
- ${pass}/bin/pass git ls-files '*/otp.gpg' \
- | ${gnused}/bin/sed 's:/otp\.gpg$::' \
- | ${dmenu}/bin/dmenu -f -p OTP
- )
-
- otp=$(${pass}/bin/pass otp code "$x/otp")
-
- printf %s "$otp" | ${xdotool}/bin/xdotool type -f -
-''
diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix
index 655c75e1b..cbcec1bae 100644
--- a/tv/5pkgs/simple/q/default.nix
+++ b/tv/5pkgs/simple/q/default.nix
@@ -71,6 +71,11 @@ let
'+%Y-%m-%dT%H:%M:%S%:z'
'';
+ q-utcdate = ''
+ ${pkgs.coreutils}/bin/date -u \
+ '+%Y-%m-%dT%H:%M:%S%:z'
+ '';
+
q-gitdir = ''
if test -d .git; then
#git status --porcelain
@@ -295,6 +300,7 @@ pkgs.writeBashBin "q" ''
set -eu
export PATH=/var/empty
${q-cal}
+ ${q-utcdate}
${q-isodate}
${q-sgtdate}
(${q-gitdir}) &
diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix
deleted file mode 100644
index 1168f10c8..000000000
--- a/tv/5pkgs/simple/xmonad-tv/default.nix
+++ /dev/null
@@ -1,295 +0,0 @@
-{ pkgs, ... }:
-pkgs.writeHaskellPackage "xmonad-tv" {
- executables.xmonad = {
- extra-depends = [
- "containers"
- "extra"
- "unix"
- "X11"
- "xmonad"
- "xmonad-contrib"
- "xmonad-stockholm"
- ];
- text = /* haskell */ ''
-{-# LANGUAGE DeriveDataTypeable #-} -- for XS
-{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
-{-# LANGUAGE LambdaCase #-}
-{-# LANGUAGE ScopedTypeVariables #-}
-
-
-module Main where
-
-import Control.Exception
-import Control.Monad.Extra (whenJustM)
-import Graphics.X11.ExtraTypes.XF86
-import Text.Read (readEither)
-import XMonad
-import System.IO (hPutStrLn, stderr)
-import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv)
-import System.Posix.Process (executeFile)
-import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
- , removeEmptyWorkspace)
-import XMonad.Actions.GridSelect
-import XMonad.Actions.CycleWS (toggleWS)
---import XMonad.Actions.CopyWindow ( copy )
-import XMonad.Layout.NoBorders ( smartBorders )
-import qualified XMonad.StackSet as W
-import Data.Map (Map)
-import qualified Data.Map as Map
--- TODO import XMonad.Layout.WorkspaceDir
-import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
--- import XMonad.Layout.Tabbed
---import XMonad.Layout.MouseResizableTile
-import XMonad.Layout.Reflect (reflectVert)
-import XMonad.Layout.FixedColumn (FixedColumn(..))
-import XMonad.Hooks.Place (placeHook, smart)
-import XMonad.Hooks.FloatNext (floatNextHook)
-import XMonad.Actions.PerWorkspaceKeys (chooseAction)
-import XMonad.Layout.PerWorkspace (onWorkspace)
---import XMonad.Layout.BinarySpacePartition
-
---import XMonad.Actions.Submap
-import XMonad.Stockholm.Pager
-import XMonad.Stockholm.Rhombus
-import XMonad.Stockholm.Shutdown
-
-
-amixerPath :: FilePath
-amixerPath = "${pkgs.alsaUtils}/bin/amixer"
-
-urxvtcPath :: FilePath
-urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc"
-
-myFont :: String
-myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
-
-main :: IO ()
-main = getArgs >>= \case
- ["--shutdown"] -> sendShutdownEvent
- _ -> mainNoArgs
-
-mainNoArgs :: IO ()
-mainNoArgs = do
- workspaces0 <- getWorkspaces0
- xmonad
- -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
- -- urgencyConfig { remindWhen = Every 1 }
- -- $ withUrgencyHook borderUrgencyHook "magenta"
- -- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never }
- $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
- $ def
- { terminal = urxvtcPath
- , modMask = mod4Mask
- , keys = myKeys
- , workspaces = workspaces0
- , layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full
- -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
- --, handleEventHook = handleTimerEvent
- , manageHook = placeHook (smart (1,0)) <+> floatNextHook
- , startupHook =
- whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
- (\path -> forkFile path [] Nothing)
- , normalBorderColor = "#1c1c1c"
- , focusedBorderColor = "#f000b0"
- , handleEventHook = handleShutdownEvent
- }
-
-
-getWorkspaces0 :: IO [String]
-getWorkspaces0 =
- try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
- Left e -> warn (displaySomeException e)
- Right p -> try (readFile p) >>= \case
- Left e -> warn (displaySomeException e)
- Right x -> case readEither x of
- Left e -> warn e
- Right y -> return y
- where
- warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
-
-displaySomeException :: SomeException -> String
-displaySomeException = displayException
-
-
-forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
-forkFile path args env =
- xfork (executeFile path False args env) >> return ()
-
-spawnRootTerm :: X ()
-spawnRootTerm =
- forkFile
- urxvtcPath
- ["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"]
- Nothing
-
-spawnTermAt :: String -> X ()
-spawnTermAt ws = do
- env <- liftIO getEnvironment
- let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env
- forkFile urxvtcPath [] (Just env')
-
-myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ())
-myKeys conf = Map.fromList $
- [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing)
- , ((_4S , xK_c ), kill)
-
- , ((_4 , xK_o ), forkFile "${pkgs.otpmenu}/bin/otpmenu" [] Nothing)
- , ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing)
-
- , ((_4 , xK_x ), chooseAction spawnTermAt)
- , ((_4C , xK_x ), spawnRootTerm)
-
- --, ((_4 , xK_F1 ), withFocused jojo)
- --, ((_4 , xK_F1 ), printAllGeometries)
-
- , ((0 , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
- , ((_S , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
- , ((_C , xK_Menu ), toggleWS)
- , ((_4 , xK_Menu ), rhombus horseConfig (liftIO . hPutStrLn stderr) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] )
-
- -- %! Rotate through the available layout algorithms
- , ((_4 , xK_space ), sendMessage NextLayout)
- , ((_4S , xK_space ), setLayout $ XMonad.layoutHook conf) -- reset layout
-
- ---- BinarySpacePartition
- --, ((_4 , xK_l), sendMessage $ ExpandTowards R)
- --, ((_4 , xK_h), sendMessage $ ExpandTowards L)
- --, ((_4 , xK_j), sendMessage $ ExpandTowards D)
- --, ((_4 , xK_k), sendMessage $ ExpandTowards U)
- --, ((_4S , xK_l), sendMessage $ ShrinkFrom R)
- --, ((_4S , xK_h), sendMessage $ ShrinkFrom L)
- --, ((_4S , xK_j), sendMessage $ ShrinkFrom D)
- --, ((_4S , xK_k), sendMessage $ ShrinkFrom U)
- --, ((_4 , xK_n), sendMessage Rotate)
- --, ((_4S , xK_n), sendMessage Swap)
-
- ---- mouseResizableTile
- --, ((_4 , xK_u), sendMessage ShrinkSlave)
- --, ((_4 , xK_i), sendMessage ExpandSlave)
-
- -- move focus up or down the window stack
- --, ((_4 , xK_m ), windows W.focusMaster)
- , ((_4 , xK_j ), windows W.focusDown)
- , ((_4 , xK_k ), windows W.focusUp)
-
- -- modifying the window order
- , ((_4S , xK_m ), windows W.swapMaster)
- , ((_4S , xK_j ), windows W.swapDown)
- , ((_4S , xK_k ), windows W.swapUp)
-
- -- resizing the master/slave ratio
- , ((_4 , xK_h ), sendMessage Shrink) -- %! Shrink the master area
- , ((_4 , xK_l ), sendMessage Expand) -- %! Expand the master area
-
- -- floating layer support
- , ((_4 , xK_t ), withFocused $ windows . W.sink) -- make tiling
-
- -- increase or decrease number of windows in the master area
- , ((_4 , xK_comma ), sendMessage $ IncMasterN 1)
- , ((_4 , xK_period ), sendMessage $ IncMasterN (-1))
-
- , ((_4 , xK_a ), addWorkspacePrompt def)
- , ((_4 , xK_r ), renameWorkspace def)
- , ((_4 , xK_Delete ), removeEmptyWorkspace)
-
- , ((_4 , xK_Return ), toggleWS)
- --, (0 , xK_Menu ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view)
- --, (_4 , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view)
- --, (_4S , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.shift)
- --, (_4 , xK_b ) & \k -> (k, goToSelected wGSConfig { gs_navigate = makeGSNav k })
- , ((noModMask, xF86XK_AudioLowerVolume), amixer ["sset", "Master", "5%-"])
- , ((noModMask, xF86XK_AudioRaiseVolume), amixer ["sset", "Master", "5%+"])
- , ((noModMask, xF86XK_AudioMute), amixer ["sset", "Master", "toggle"])
- ]
- where
- _4 = mod4Mask
- _C = controlMask
- _S = shiftMask
- _M = mod1Mask
- _4C = _4 .|. _C
- _4S = _4 .|. _S
- _4M = _4 .|. _M
- _4CM = _4 .|. _C .|. _M
- _4SM = _4 .|. _S .|. _M
-
- amixer args = forkFile amixerPath args Nothing
-
-
-pagerConfig :: PagerConfig
-pagerConfig = def
- { pc_font = myFont
- , pc_cellwidth = 64
- --, pc_cellheight = 36 -- TODO automatically keep screen aspect
- --, pc_borderwidth = 1
- --, pc_matchcolor = "#f0b000"
- , pc_matchmethod = MatchPrefix
- --, pc_colors = pagerWorkspaceColors
- , pc_windowColors = windowColors
- }
- where
- windowColors _ _ _ True _ = ("#ef4242","#ff2323")
- windowColors wsf m c u wf = do
- let y = defaultWindowColors wsf m c u wf
- if m == False && wf == True
- then ("#402020", snd y)
- else y
-
-horseConfig :: RhombusConfig
-horseConfig = def
- { rc_font = myFont
- , rc_cellwidth = 64
- --, rc_cellheight = 36 -- TODO automatically keep screen aspect
- --, rc_borderwidth = 1
- --, rc_matchcolor = "#f0b000"
- , rc_matchmethod = MatchPrefix
- --, rc_colors = pagerWorkspaceColors
- --, rc_paint = myPaint
- }
-
-wGSConfig :: GSConfig Window
-wGSConfig = def
- { gs_cellheight = 20
- , gs_cellwidth = 192
- , gs_cellpadding = 5
- , gs_font = myFont
- , gs_navigate = navNSearch
- }
-
--- wsGSConfig = def
--- { gs_cellheight = 20
--- , gs_cellwidth = 64
--- , gs_cellpadding = 5
--- , gs_font = myFont
--- , gs_navigate = navNSearch
--- }
-
--- custom navNSearch
---makeGSNav :: (KeyMask, KeySym) -> TwoD a (Maybe a)
---makeGSNav esc = nav
--- where
--- nav = makeXEventhandler $ shadowWithKeymap keyMap navNSearchDefaultHandler
--- keyMap = Map.fromList
--- [ (esc , cancel)
--- , ((0,xK_Escape) , cancel)
--- , ((0,xK_Return) , select)
--- , ((0,xK_Left) , move (-1, 0) >> nav)
--- , ((0,xK_Right) , move ( 1, 0) >> nav)
--- , ((0,xK_Down) , move ( 0, 1) >> nav)
--- , ((0,xK_Up) , move ( 0,-1) >> nav)
--- , ((0,xK_BackSpace) , transformSearchString (\s -> if (s == "") then "" else init s) >> nav)
--- ]
--- -- The navigation handler ignores unknown key symbols, therefore we const
--- navNSearchDefaultHandler (_,s,_) = do
--- transformSearchString (++ s)
--- nav
-
-
-(&) :: a -> (a -> c) -> c
-(&) = flip ($)
-
-allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
-allWorkspaceNames ws =
- return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]
- '';
- };
-}
diff --git a/tv/default.nix b/tv/default.nix
index d077cc09f..10b09f2af 100644
--- a/tv/default.nix
+++ b/tv/default.nix
@@ -1,9 +1,15 @@
-{ pkgs, ... }:
{
+
imports = [
../krebs
./2configs
./3modules
];
- nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
+
+ nixpkgs = {
+ overlays = [
+ (import ./5pkgs)
+ ];
+ };
+
}
diff --git a/tv/krops.nix b/tv/krops.nix
index e922630f7..af0e8616a 100644
--- a/tv/krops.nix
+++ b/tv/krops.nix
@@ -7,7 +7,7 @@
;
source = lib.evalSource [
- krebs-source
+ (krebs-source { test = true; })
{
nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix";
secrets.file = toString ./dummy_secrets;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-29 05:06:44 +0000
[cgit] Unable to lock slot /tmp/cgit/c3200000.lock: No such file or directory (2)