diff options
30 files changed, 708 insertions, 190 deletions
diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix new file mode 100644 index 000000000..8250ebad9 --- /dev/null +++ b/krebs/1systems/ponte/config.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: +{ + imports = [ + ./hw.nix + <stockholm/krebs> + <stockholm/krebs/2configs> + <stockholm/krebs/2configs/matterbridge.nix> + ]; + + krebs.build.host = config.krebs.hosts.ponte; +} diff --git a/krebs/1systems/ponte/hw.nix b/krebs/1systems/ponte/hw.nix new file mode 100644 index 000000000..78f7a603e --- /dev/null +++ b/krebs/1systems/ponte/hw.nix @@ -0,0 +1,14 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.efi.efiSysMountPoint = "/boot/EFI"; + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + copyKernels = false; + }; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; + fileSystems."/boot/EFI" = { device = "/dev/disk/by-uuid/628A-7F3B"; fsType = "vfat"; }; +} diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix new file mode 100644 index 000000000..9c0908def --- /dev/null +++ b/krebs/2configs/matterbridge.nix @@ -0,0 +1,49 @@ +{ pkgs, lib, ... }: { + services.matterbridge = { + enable = true; + configPath = let + bridgeBotToken = lib.strings.fileContents <secrets/telegram.token>; + in + toString ((pkgs.formats.toml {}).generate "config.toml" { + general = { + RemoteNickFormat = "[{NICK}] "; + Charset = "utf-8"; + }; + telegram.krebs.Token = bridgeBotToken; + irc = let + Nick = "ponte"; + in { + hackint = { + Server = "irc.hackint.org:6697"; + UseTLS = true; + inherit Nick; + }; + }; + mumble.lassulus = { + Server = "lassul.us:64738"; + Nick = "krebs_bridge"; + SkipTLSVerify = true; + }; + gateway = [ + { + name = "krebs-bridge"; + enable = true; + inout = [ + { + account = "irc.hackint"; + channel = "#krebs"; + } + { + account = "telegram.krebs"; + channel = "-330372458"; + } + { + account = "mumble.lassulus"; + channel = 6; # "nixos" + } + ]; + } + ]; + }); + }; +} diff --git a/krebs/2configs/mud.nix b/krebs/2configs/mud.nix index 30f232b64..a53596cc6 100644 --- a/krebs/2configs/mud.nix +++ b/krebs/2configs/mud.nix @@ -5,7 +5,7 @@ MUD_SERVER=''${MUD_SERVER:-127.0.0.1} MUD_PORT=''${MUD_PORT:-8080} - if $(${pkgs.netcat-openbsd}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then + if $(${pkgs.libressl.nc}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then ${nvim}/bin/nvim \ +"let g:instant_username = \"$MUD_NICKNAME\"" \ +":InstantJoinSession $MUD_SERVER $MUD_PORT" \ diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index cc67c1a0a..bf0b82de0 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -306,7 +306,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.42.63"; - ip6.addr = "42:4a6f::4263"; + ip6.addr = "42:0:4a6f::4263"; aliases = [ "crustacea.r" ]; @@ -563,28 +563,28 @@ in { }; }; }; - alsace = { - owner = config.krebs.users.xkey; - nets = { - retiolum = { - ip4.addr = "10.243.73.31"; - aliases = [ "alsace.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAn9mZHXfUcR1/oby6KB1Z8s1AAuie4l5G624r0UqbWu+4xowFIeZs - kv2dqd+yiqammAA9P207ooLbGBp+P6i4f5VMCemkCnv0sC1TJ+DNwYqWYcFRZE7I - j00fw/QI9d6L1c4CqZHJPQXEHG3v46qPuUow8FDJ6fjoBmy6biHjSd0XC7oHGqRh - GE5RolnqUiQhW0b4TkHJV4yUfVki+olxQtYd4xIHs1hcSqoMK898jsPX5cLgoCzR - NPZVyHf2BM0urPn4mu/th4ZDKpQtrqeI7h6yhnzJ0onhtValwHiA3/DcHcWmYvHC - vw6umyiCqFDx2kmzOnpkBWv65ugKUwDSZR8ibp3q7W9iPBiCPv0FtKXsQW9EngSS - asQWC8U6cB23nKuMYQrtD33fVwYn58FBIY6+avroc7XN5cPM/9VBHqyXSDZNAWtt - TwC/sXFWqT6AbTwLV6zY1TW4jiwKOh3KAVnHqQhUhNlEMk6EFOjR1CABSwUVXleR - 5whr1RbKAsrhqMprGKHndvxLXjbKSh6A0bVdOLOzSs7BME2Oi1OdHd6tqqYmcyuV - XQnFcOYKxF0RM83/V8rEgvVisIxXTGVrGw8Kse7PGFA1dGldptTC6kofLUxzADNw - bRnXtRk8VR0BBzTuPNDgUXL2XQLht6FwDKCA/En2vId98yc2uuDk468CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "lPvwNm2mfF+rX3noqt+80c7nlDCpC+98JPLWx2jJRLN"; + rojava = { + owner = config.krebs.users.xkey; + nets = { + retiolum = { + ip4.addr = "10.243.23.42"; + aliases = [ "rojava.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd + B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb + HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61 + Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD + lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW + +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs + 3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2 + vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx + HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+ + XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4 + yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F"; }; }; }; diff --git a/krebs/3modules/external/gpg/kmein.gpg b/krebs/3modules/external/gpg/kmein.gpg new file mode 100644 index 000000000..1fa694326 --- /dev/null +++ b/krebs/3modules/external/gpg/kmein.gpg @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBF0GDc0BCACZi+PQgX6Lefq/36X68W+XEyA2fWbMPJE1vAHETlzcMluOIL++ +6KRYqGr0ieFcaXNn4joNDN7cFMN0YHF2Rr7k6SWjOtcHS1RnZ8g/N+uxEvTBug60 +tRbhcO80rnHHb25jloV//wAAWD2ukTtwXWAMVBXwEXMc1JBOlFXcIDlNPdBMJG7A +/5+AKMXg8HYUSbsad1SyagZbo9KuC/s4BVReBr4vK/zTo1gIwy95dQrBnC31O7Wa +/s9CpNG//QJAbAxMN15P7Yo9xxG/AALjPSnKamp3yJsSiSyxhXImXEZtxU7ahq3t +/DzuI2BbIv3Nj/39IZLgETrplzKUnWV18TzdABEBAAG0HUtpZXLDoW4gTWVpbmhh +cmR0IDxrZm1Ad2lsZGU+iQFOBBMBCAA4FiEEnt6CzHKjQ6lSZtD0RIVwdKOsyLcF +Al0GDc0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQRIVwdKOsyLfHDQf/ +YLaprugBmzaCvAGADzdgSrQJyFY2BnncVH1b/0HQ1p1smrcvKqbCXxlUmrWM896B +7xHpcDPz/mMfNPTvSrcUHgqVkiiSsSzno1RCmeHKMiUaR/M6Ik59aa/EzxJf/QDT +3QYy3mFIj44M0ZWjRZJ/3RhVT6QxaUh7fRNzduVE0LH6suybPcTcnIUGSURKwG9F +cTXtMJA3+7UGj/emHk8yaFOWMJDY6h7rnXxiD5xcxapjrygFFNfAuaA2NcY3HEeG +yOVYGwPQhwFWjbUhC1RIYu2fz7fkD11zQ22gt0aEn5fqiIVssBEvHJqNp577QxO4 +6q4ag1Js/gbus6PfQzlvqrkBDQRdBg3NAQgA1ewP1suBTB5UxyqEl7fpisD6hZ62 +9TDQUSn2yfxa8W1wtTH5i1Mw0p5e/+vPFqfu2TMSPoqASq9sDjeWSsiCdtaHbLu0 +y1W5hhQwGcxqauFJBSj/VpDnKd38inOvbW5PwDqZBqnbRZOpsdvsQ2dlaS0/5AJa +RqJXNRc7Owg3ssqeBuhvZKeiPNADn3k9ZbAYNfDkYPJDbHTNPd8eu44vlBlMC7kX +IkucV8zV31x9lCZx0cjI+OQbd/4GOSxBKqjBX5SBUQAlzHUT2CLoeKkivxbnHH40 +gV1PP/3QVVMJjkAot0v/n95KRj78iYOU2PrP5DiPogtLO4v14/lE3eaENwARAQAB +iQE2BBgBCAAgFiEEnt6CzHKjQ6lSZtD0RIVwdKOsyLcFAl0GDc0CGwwACgkQRIVw +dKOsyLfjegf/bX4MkzqsIOOAcmVla7M29Uk0HX5j4dK5t4Z7kx8OnhbYUMr8vr1w ++2D5HiaV2kib5yhI17z9lL6vKyIWwTdf93zS+ivV+IUpxbx/KAdr83dd7B3RCdU7 +GFMzj7f3ieGQYOXw7pROZQR1zF90H6AtW/8qvOs73hSdcnQOtnmntvY/S5ifnzxi +jpsOgjM7VD+BWsmhmYw7E4FiZOaLfoRsylyj5I+Sim2j9Xnu6lYvcgBXvwIqfunO +O/gY21iomMwQm4mlXsFVRfSzRE4zlNASql1zcS1mbO6yeKJDKJgzqvWkcjd3OOuF +e67yzkzlwiVDJIjhV6B0tRCDIqiOaiS3vw== +=pwUK +-----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/external/kmein.nix b/krebs/3modules/external/kmein.nix index 6e4457eae..52ca718dd 100644 --- a/krebs/3modules/external/kmein.nix +++ b/krebs/3modules/external/kmein.nix @@ -116,6 +116,28 @@ in wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; }; }; + tahina = { + nets.retiolum = { + ip4.addr = "10.243.2.74"; + aliases = [ "tahina.r" "tahina.kmein.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAtX6RpdFl9AqCF6Jy9ZhGY1bOUnEw5x3wm8gBK/aFb5592G3sGbWV + 5Vv1msdLcoYQ5X4sgp3wizE5tbW7SiRVBwVB4mfYxe5KSiFJvTmXdp/VtKXs/hD8 + VXNBjCdPeFOZ4Auh4AT+eibA/lW5veOnBkrsD/GkEcAkKb2MMEoxv4VqLDKuNzPv + EfE+mIb/J3vJmfpLG/+VGLrCuyShjPR2z0o5KMg8fI4ukcg6vwWwGE3Qd8JkSYMz + iy9oIGo/AJNyOUG0vQXL1JU/LFBXKty515UmXR2hO/Xi1w92DT8lxfLYRgoseT2u + i4aHmfl49LGkpQVIFejj6R0FrZBd5R2ElmQbmxSKS1PO9VheOOm02fgVXRpeoh6R + FdDkFWWmELW921UtEB2jSIMkf5xW8XmlJlGveaDnkld07aQlshnnOUfIs3r7H+T9 + 9g1QxiE7EFeoLrfIkgT81F+iL6RazSbf9DcTxvrKv+cZBrZKdcurcTtX0wFFD4wZ + 0tzYPTcAnv/ytacf2/jv/Vm3xNFyjrBLM6ZtJtZ6NAJvD+OW4G/o2941KCu1Mqz/ + VFAJW3djrqfASNCU1GqtHV0wdJMN8EszDNYdJ7pyw6+rG2PeYCVfE7wNe3b6zYqY + tUYhU1xkQQD4xgOMX3AdSI/JGjxMBBKlJXafwdDW8LMBWBPt+9Xq2vMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "m8fnOzCx2KVsQx/616+AzVW5OTgAjBGDoT/PpKuyx+I"; + }; + }; zaatar = { nets.retiolum = { ip4.addr = "10.243.2.34"; diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index b62ece0c7..d63a6b306 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -160,6 +160,26 @@ in { }; }; }; + rauter = { + owner = config.krebs.users.mic92; + nets = rec { + internet.addrs = [ "rauter.thalheim.io" ]; + retiolum = { + aliases = [ "rauter.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEArpSEoqFUdjaLiR3MpBlEoR0AOyaHPY9IPG4C5KsrfjeMDdfpOEGu + G0VHksBbkDV/MIgUVlK1B7LxZ73WUwKKB1YWGtY+QVX1tzoUqYwjMhp/xFVybyBw + M7nmTnM6Uq9Xd+S5mNMmOdvgNXfiP+zy4+iHJpn8YN/RnuyETqXhvVW9UasqVlmz + cY0dl+wsYFsJDnGc2ebpx5dzfpPgZKIFc0GlqDX0AqdQ2t2O9x4G5sFyUH0qPnDQ + 776it6NXhwSKfl1h9xjQp8+qowIUlUqKgiVXfAzXHSxWmVQyxilCAkEk4vSs1HOj + ZNiK3LJKWEsy61hMt6K6AqpvSGlOdGa8WQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "bL0slCR9oHx7FBeVb4ubo/bX8QJJBgchVKVSlWh3y1D"; + }; + }; + }; eve = { owner = config.krebs.users.mic92; extraZones."krebsco.de" = '' @@ -453,6 +473,7 @@ in { rock = { owner = config.krebs.users.mic92; nets = { + internet.addrs = [ "rock.thalheim.io" ]; retiolum = { aliases = [ "rock.r" @@ -783,6 +804,26 @@ in { }; }; + mauricehome = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + aliases = [ "mauricehome.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwFmnVmH2n3sa/iJE1u7kSWHMW2nx66wnq7ZA2XF5Wt1hiky4BKBj + jxIIdXHlSmARhDSCMgBKl9Z6/8PsmCK3xEO8q60oTsT8PQIhN3eSF8n92iK3dyKx + PyUsUUHjkqkNtmo/M70T4gAEuB1b/QRkATco/pTv+lMVkYdIydtdALjSxU0YrTiz + J5Ntsngi9+yUJ5g3r/lCuWobKxd5Dlsx3nXg81jTsp9hlXW2HC0XTbOSyH2NC36C + 97Kgx2T25cG/FPhtQztQOems+FhbyJTFyZTGa8v/5rXeJlwcVFRh8sZ7E5yPzbJV + ZlBaorcpRtx8NY4jd8FnZftHF0BeAQJoYwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "ohFUBMdmgS/DMe24sZ1+jNWzx65jCxto9pVjPnYIqzL"; + }; + }; + }; + mickey = { owner = config.krebs.users.mic92; nets = rec { @@ -871,6 +912,163 @@ in { }; }; }; + + jackson = { + owner = config.krebs.users.mic92; + nets = rec { + internet = { + # jackson.dse.in.tum.de + ip4.addr = "131.159.102.3"; + ip6.addr = "2a09:80c0:102::3"; + aliases = [ "jackson.i" ]; + }; + retiolum = { + via = internet; + aliases = [ "jackson.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA11g2uc9+tw1Bmvs4U6gsyimZ1hR1rnWTJw8CDRw6t7gx0HhRnRgB + 0Fv11KjFGbImrcZ1wxCOJA+RQise18YnlpWIwYf/nDPGR21a1wcg3ZxVRa3/UQzb + pvbTFqK9NpPt7ENWs25ZLnatTFfc+D3kfoUSrwIVGKAaM87GlMkTH3FsARo4xj6H + NJeQ2snOIbLQ3xXQm3oZ5YN4CN30mtrcae+jIMlKnagBuDjP9UZ73GLHu1gJAPb6 + iXdBK6/UTGY9uYKNHXnpf11I4rPSPK1r/6KxS1sX65hh4BT5Fs5goRhVqIeeICVJ + Ufnwj7se3Ao24nLXyTRmVXaTEVN/AqPyyQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "cjYmx4Bb0JjogXNov+wSiPPIHM06n1jQnPJbP/E1yRN"; + }; + }; + }; + adelaide = { + owner = config.krebs.users.mic92; + nets = rec { + internet = { + # adelaide.dse.in.tum.de + ip4.addr = "131.159.102.13"; + ip6.addr = "2a09:80c0:102::13"; + aliases = [ "adelaide.i" ]; + }; + retiolum = { + via = internet; + aliases = [ "adelaide.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAzxKKd1dV+XDUV8pHqkAtbLcwEZVsf0kK+y5X/zbZcXEZhQQv6/dY + YJRoNG3lo8+7FMwYO2b2uyIkO1PopsORMAA2vIFaKJ2Qnt7byuIQ6n9CafIADx1M + dVf+cwUhY8IVIX2ndz9pIAY8NhmzEcjG5vGKxRqev1zNwa1LtsLDLObhkKYznM6y + HV5F92GONMeNOovHCxIYsSJ8jLn8BB60toADzocgzKvCiEw4IwKnzL/au9RGY4Xi + 25YXBzF5ai84e+HyaGGGD/qa4SqL9/jCkDB7QAwRqb01wGhtTLty+ubjzh1HF3am + zpizPVNwBTqHW1S3W1i/yi5a5w4D/zdrRQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "YzB5BqgIQ4f209B2KhpdHu6gRYj5IS64zy1wneq/yiG"; + }; + }; + }; + christina = { + owner = config.krebs.users.mic92; + nets = rec { + internet = { + # christina.dse.in.tum.de + ip4.addr = "131.159.102.14"; + ip6.addr = "2a09:80c0:102::14"; + aliases = [ "christina.i" ]; + }; + retiolum = { + via = internet; + aliases = [ "christina.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA2pP2uCuvFWKfUwYIOcmPkqG8q/rNNyfw9C39tIC0VsDD6WJ0I7xZ + S57AiG4j6OZwbv7/89qAR94SM4Q9LgmVHhUHf06gPhO0MTVNt0N1PrOnfxeCOlgK + aH6DWZVhiwwiYwAJ55CVNFSkuL7/FtJAkAXmP0Y+xmn0mi1GpMa6RfSazqNPkXik + HdB7u96D7Ul75yPdTDi0dvMvCxQGo4PQBctheNPY61s7P1/7tRhBT+22iJn3v2Bc + Q9qLa6WuGIuFYCxT7GDGrKVu+V9VhFJe42p8yyIscqFagc61C/whN6v7eOh22gSR + 8EbaexJIQ5xl8ZIJto+fr8MvYAQR4FpopwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "/W10YGvcWZnVxCB6pxsC2D5A7QMk1Aw81YWi1p0Ex9O"; + }; + }; + }; + wilfred = { + owner = config.krebs.users.mic92; + nets = rec { + internet = { + # wilfred.dse.in.tum.de + ip4.addr = "131.159.102.15"; + ip6.addr = "2a09:80c0:102::15"; + aliases = [ "wilfred.i" ]; + }; + retiolum = { + via = internet; + aliases = [ "wilfred.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAtQMC/LTfesg49VU06TFt3ikA9cdXuWzvg1FkCo6yXBlQt8fLFYg1 + YBthh7W6CZYJwf6lGXUBtCiOnxidoQ89Fq61AQGGYzW8G/vqHwFaPGHQ42Eru+XG + RDi7ZjqOibdTemahX7gcDk6irB9WbkuXIS15n5FdQHhmjiun3zaEMoWpyiSM1HFQ + UfJLI8pRtB65RTdT3yp8XMASldTAlSlFj2AYlDZkgcRYLZuVWb/Wz7EewG4SiB9T + wZ1pUIhdnGNdb37S/VIjMPavaV4HK7u7awqwaaIRUYwWloCo8LGRDCXa3iEMql7J + tI4iMEsmjHi8P5mQp4ZwwNLWucdM9+Wt6QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "5dMnJmUDmCnN/3dc7fTPlXweMmbs6W+VgSgZi+p+u2B"; + }; + }; + }; + river = { + owner = config.krebs.users.mic92; + nets = rec { + internet = { + # river.dse.in.tum.de + ip4.addr = "131.159.102.16"; + ip6.addr = "2a09:80c0:102::16"; + aliases = [ "river.i" ]; + }; + retiolum = { + via = internet; + aliases = [ "river.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAumAOQf8/nv2Ml082e7fgoicoQ7stspsx8v1bkoubW9yq/LbdcTki + cP6uZkLBXgd9cPq4vhSso/kaGn6UzPWeUCLv17gPn6jFlB1AYN6mJNLOxJyotajc + 78SyqzDyZ4iA0W44w98ic5yWQ/uaF3q3npFlHtAN4fD0aw50uR+2TgH5zCB8iNul + CNIRWU9sp1t6VFYSN49tcqZ4j6jb6q/MyH5o5WLPasnq0SzQd09rnhUax7QLbIBP + iNBYLOFYMYmoN1WlPwZf1Dt6NeFGyNn5aWE3xtOG6FYwzzCEXYOxxdXzuL5Mmiv9 + 6d71+XWEAzNT9OQB3oGCLAamT+9le7SqnwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "gcgEqGyhO4S7Q44vID/cpbbVaLSNYov97oGwa3pSI4N"; + }; + }; + }; + jack = { + owner = config.krebs.users.mic92; + nets = rec { + internet = { + # river.dse.in.tum.de + ip4.addr = "131.159.102.17"; + ip6.addr = "2a09:80c0:102::17"; + aliases = [ "jack.i" ]; + }; + retiolum = { + via = internet; + aliases = [ "jack.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAx5ROeRs0CxD2IPfkrFB4O03/Kf8Ajjmd/J1gpCvHROKL+gDvaCO1 + 68RbTdC1f5K6Dwc51oX87XisrD435aNCqnlE8fw1X8ZYLKRlZmLDBJGSupm35jj3 + w80L9OTK07I3cK6AqCfRWyI9Ja6J9PGOT95h8OtiAPlYssEkSqGJrtwe61V5rq1A + st7khZO0b+xYsr+ZgOVuZMDAco9DwG7NFfpWkzAgTF6q0a+kdjFrFb6SaeJJf12t + WUGWEkaTP5iLQ/h3M+a7MH0Col+aPNEWE4ycqZR9U3E4pMqoD7tjkYdYtv9kR/j+ + ZtN2Vlw+hKC47DA3zRNRcg7DC+FFDNFaYwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "vmtUoblzicabsNFu7u889cF9pgBKoJpHHIhY8Y/eQgC"; + }; + }; + }; hal9000 = { owner = config.krebs.users.mic92; nets = rec { diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index 3bab13b0e..7007090c0 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -125,8 +125,8 @@ let (interface: interfaceConfig: [ (map (port: { predicate = "-i ${interface} -p tcp --dport ${toString port}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPorts) (map (port: { predicate = "-i ${interface} -p udp --dport ${toString port}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPorts) - (map (portRange: { predicate = "-i ${interface} -p tcp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPortRanges) - (map (portRange: { predicate = "-i ${interface} -p udp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPortRanges) + (map (portRange: { predicate = "-i ${interface} -p tcp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPortRanges) + (map (portRange: { predicate = "-i ${interface} -p udp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPortRanges) ]) config.networking.firewall.interfaces ); diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 5e0e69924..d58f0fbaa 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -160,6 +160,46 @@ in { ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe "; }; + ponte = { + cores = 1; + owner = config.krebs.users.krebs; + nets = rec { + internet = { + ip4 = { + addr = "141.147.36.79"; + prefix = "0.0.0.0/0"; + }; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.4.43"; + ip6.addr = "42::443"; + aliases = [ + "ponte.r" + ]; + tinc = { + pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA52Glj/C85oMy3cnaRAtg2qkleaJFWiqwaQNUsk4JgX1PwZJ8aInD + YAMXj0H0wz7h3mh5QVRDq4i11LXOIy1P6J6QAvb3lssYnFfJkR9j/dArCIFsEhHf + V41E4KMcHV9t17xO6wQitXqzvcmxodxly8qAx1k7ddlGdQPTWXVvQTRgWBwm9oQ9 + w0d5p2fej/E5iOmbLyVjiJ72rFJIQdfPo782W78ZQftMSXsnyrr5OJu1b4qsga1Q + fYiAKjNE29OPiw5hLy9W/jLJMm0eR94LpUy0MZ5hYkYmvII1TqIqxVgj48gYfJ5v + QCjU9R2H5pUNfDiYutCqscRn5YDe44dcYBeG8Rkf0i4BTdqiE7h1AIciccXsJddt + HFxbWqi3HDoWlo7cFK9vYVUi4jgQP5cUVP85I43aDu3S3M3mszk1nyP+gDobE5Z9 + jPGckgn7wTYXlDioIlExJJ6FCaSWSxvh0Zh0HDrTD+WKP6qJ2aYnAz2xptiQGNCu + rYEvFoWd5T7VMzI02Z2hCiE2fFWlH63Am1tKspFKl+lHjwMrwcwFA5WoNHCeXx2X + S1T3I7P4SkRZervYJ55wQxCBKLgvZP2I1J1JzMkyuTszg9tex14MdVdZZrKXVrnr + exCMJruliLbZmtrbHHTXoCngppylnJOxKXpfpogLTZzLGncO6Ry5G18CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + pubkey_ed25519 = "0l+q3Bg5gYcw8VDjSYV7+wVSO3t4Es5jizAYJ9UR8cA"; + }; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEw9fo8Qtb/DTLacdrJP7Ti7c4UXTm6wUUX+iRFweEo "; + }; puyak = { ci = true; cores = 4; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 25125157d..a0518a068 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -875,12 +875,10 @@ in { lass-blue = { mail = "lass@blue.r"; pubkey = builtins.readFile ./ssh/blue.rsa; - pgp.pubkeys.default = builtins.readFile ./pgp/blue.pgp; }; lass-green = { mail = "lass@green.r"; pubkey = builtins.readFile ./ssh/green.ed25519; - pgp.pubkeys.default = builtins.readFile ./pgp/green.pgp; }; lass-mors = { mail = "lass@mors.r"; diff --git a/krebs/3modules/lass/pgp/blue.pgp b/krebs/3modules/lass/pgp/blue.pgp deleted file mode 100644 index e7a1ac0e1..000000000 --- a/krebs/3modules/lass/pgp/blue.pgp +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFr9fAEBEACz2E2E7uBulVBBtPmk9IR2yB+uAWSe8Hi7vNiGc1Dbs40jzWuy -AqouqyC5xnVw66+cQaYOsgXiwencmu/cFEV2x2uRLDVh1E/fvc8yxAOizEIY0jm/ -WZ/4IWvTZLVPF3BOhM4p/HGNbdZhRc4RoljLTB34VuY1KSMhs3Vx7n3HgZzdbD7D -itUFU4oY5CnkQp4yl1Htat08cZmbD51VTZB1hDw2Uea+VuMQ/ImRtTqW+Ss4xyPA -DwUE/vRM3CKwBvcjbNL3uUqc5dtZuvruuFeK3ScmdNLytcgXqJzLlwuzHmSt/Tnc -DQZWKGiHnMvrAOkMEvsmiKhboWSAq4sRUPhISqZ7MSvPfhaH5Gcmhi+hL8FZhGY0 -qF7MNLHoimw6MBV6FIIA0vCDn2p5Vwc7L+LqLjWqAvxdfVoeUJjUWbWWNNWg4Tw7 -9e7rAR86e4AvhCZRubRn1aOfKGF5vg/El98OeIwBFQHpr7uznKfjmAEpoGveV+vG -amptMCBAr4Hw76U708XWOQkZ2GDY9cfdxUllhAmmPrNQ/OcT2b4x0xKvMi4nA5G8 -PBOFErkS61zNxsHgpFe2isG+VDqYLfeQhOdB101Qn6IHw3KxyW85CwImUpdRLMUi -0wtcA7M5GB94HRZ8qW6LtFBjwqm2NGudB0alfIWIq7KuRMXus3sJKQ2gDQARAQAB -tBlsYXNzQGJsdWUuciA8bGFzc0BibHVlLnI+iQJOBBMBCAA4FiEEuOpc8JA44Pd5 -NXyK8UJeZkL6H7wFAlr9fAECGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ -8UJeZkL6H7ygPQ/+JydbB0IX64ojm34YaeWKVdM5D7JFBdNuKgbAMf0Uhcja6YcU -0YRvuOPpw4lNZqV/1yxDXGHJrVfGolq6uz28oWr+9VUD8QXH9ODm1EMLsU8Jb1Nh -SE+rWSAhEmdw8l9Bi12wq4v/z/JC93/VJLnBGOL8LDEsJ9OatUw71KIt/a50ERoz -uCZbMeLPym8WqSK1kjQehL5pj97BzxmBNpFYwqaniTAuqTN6bhs2ws+k89vjaWIP -T+bEqsJV/vR9KZcNlmKlTQwbsjQ1BZ9EuV4EBL6IAMrqxDeY3mFnT+EpkabfIVSh -38KmG+4PZDXaj6rCsrsH2pUKaZ/Z6Mr3lmFb/1aaK3xKiQyxcMrbcixIIVI8ihTM -HUC3DFFlA7+02b67QomWFLRiZid4gCry7xhZyryQJkN2l20fzRjWf0myzcPO0qxc -y39gUyEqy1oeaffCc1QgDJH2Hvf+P9StyMZIulNuCKJ9tfQR5nkkDAy/2p405Lmf -mdKOMha6bZ+mA5HbmjMqwyFPHEtU6t/mUhlh7mYqNYAJikuqV00N6nTKVrBb2IfK -atoHeUcmvMWBGL7+x3zxwf2pnum6a5iDES2ir87ltOGKGDeMt2Y/Ap30P+uZGnn1 -AiRu2bGkCiQ/WH1StJhAhJeleUfdbOa7/voc14nl3rewqyhqYd8dlI+TWAu5Ag0E -Wv18AQEQAOFMwY2ky5TyRrDqJosq0y/9+8D6RiXlyOnyTQ+bqu4mDEaVu3xNcKLH -CQsTM7gDR9pivapoDo84CK8w519DHCA2EpNGTDO4twcQ3jKqPth809LnibwdKJCe -qsfxsIfN8LbpKDOygZ2av11gcT0ye9uOMkiiRSE2MMGDU/50sskecavUAExDgwFs -v72ReU3fXRfTqYT6p/i/qMB7GbS8PlKFz61JKHDceS5GJUZJ5OWOoq7ZMCz6zrLW -2mQIJ7kblGCJKUnx/lZ5y9nqSCk7jer2qENxWNPOCwD48A78u1Bz8xSN5D1gFO3f -YSKh60kK5UljwkvRD7NvAcg2ifwL1e+/7v8WV9OsHDUBEiJO05tsjJ76QwHnEq6j -4peArcTAHWZ4uGncAgYN/Uii+0vs3oVDsZ9d2uLJxuR3h6T4XVejeuZ3j3o/XX/E -aZwcdH3VpKqEjdG4c4TMz96bN7ZN2DbgTf40rwPFKgWnvhCA9dWlmfy9pW2z2hyg -rJaRGXd/4znj5YlMliDrL4/Yp9j1J1CsoZM68er6/zMU1SA9U/y+MVqMoPCPlczx -mbwWQm1JH6fZv2SzHbZOrZYWKVWX+jPZQV6SjKwSiVrLlZJ0Z8u00HBRRRzXLwXa -OLL/dGP1v+msMv1oCJT1AsMcBEE3bY1efnDP1XK8vBLzoMKGS1RtABEBAAGJAjYE -GAEIACAWIQS46lzwkDjg93k1fIrxQl5mQvofvAUCWv18AQIbDAAKCRDxQl5mQvof -vOC1D/wO+tGKz/y5dc/ifJGTndxoHnU8tarboDll0kcdpTGU7It+ReNustqJZj5v -HK4V/ZXUw5+y6ZasNa/mFYY8oACOI40SlMdyt708XfPqYKXOpnM0oGRGfALi+oKg -iIzYtXsqYk5ZYSFWpgxajHef9HMmHNJ8riSVRugUPubPMKPR65DOXl+BdVIlQw7o -2g3s4Lii0IRKov3BvB51oJMhRK2Ne55VDBid32oIoqXLXS2E2gJQegioAiDUA5J4 -1f96RCeYfxOgaPj/o4eiXK0H3owA3W78/tIjq5218PCIYFsOKPhrSqJ7ZF/5yGwW -ppVzsaz1sE9oULR0VOFUwjpYmyH32WwKkLF6mKumb8Q7Pd/FJq0I3/kxD/OrlNVZ -8UCX0CzxMyfEeSUfScunKLMfopEGxXTR4l8jew7CwxX08H0nkqyegDZSN8MjYxQL -V/zoL+aPjYh1WYf1L8wyBZjQbA6khHwYRZPaHrGfGaCGC8MHiSjPb/nt54+vZXtt -17LcX4VvHwWIBf88JpZO9eyTFPdYIZANSyo6ltbRoomuAywuA5IibCwh/BXi/aVa -Jro4UvbiwMqbVgSAt15VAwEK1Re/NNLBTcVVMHsWr5WNmo0s2C7+j+iIMPEOwhRs -ZFj74cztyOF/dGeCv9ycW29g+ejXaPpFOYQz0A9bBdkEdTGWhQ== -=D854 ------END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/lass/pgp/green.pgp b/krebs/3modules/lass/pgp/green.pgp deleted file mode 100644 index 96b2b38e4..000000000 --- a/krebs/3modules/lass/pgp/green.pgp +++ /dev/null @@ -1,40 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQGNBGAMS3EBDACzbsaP9nhJ8GrAk5JLlz+ruDbEGuvJXvh+spVq9i9TCCGAraPo -z8Tmgsw6SJhJMW/170OZJ+GMMEDRpRbvh8tLZ0jsTIwINasRjC68tF9dgjjPZdNN -cVOpFw4Wf4ueMmoEG/9Xyehm+YEJFTj5wul2uJtfj5NJB43daDn4e3ieGExd+zE0 -FTP4yAmxVMbN4BiyZPX7CxeTzJS0g4aVnMq9RqtYbxd1Uv++LmPh1ZkEyNNKItfC -nRFeZzjhnmD7LvwsixE2ENnbiL9Ho7Mc4C7kRKSJ+LvXH6ChJJtDy9ApVA+u90i5 -Rd7y9rdzFY+NCHusWg0/U/t2FoLc/hRa0eLE1KFtzWzH35TMl8R/7NrPztTwT/fH -xt3qSiwMUvH9X9TGvh5N0WwqgtEe6mpZvpq+4gyOiyA+EwE73rnxG2DzmM6CFHyo -Qm/OOfjuFH+l0PkAqti+f41SqlEOiOAAFzgz7gaTdJ8gXs8piOGxk4U5EK/p1OTW -4e6DrxqcxmHgoAUAEQEAAbQMbGFzc0BncmVlbi5yiQHUBBMBCAA+FiEE6Ed5jGI3 -gop09K1NMwheLc2Sjz0FAmAMS3ECGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwEC -HgECF4AACgkQMwheLc2Sjz0otwv+I8Sw0ENqy6SsrZSGDtmhAouCeTIUseRQ66tp -UFnxDVPYhhdM2ubTtIqOfx20Xdy/7N/POyYMJ5VR+IaFcB9wUlrhdjwUlCtoUipx -EycZloccMPGySxAxR3Kcy/SFzUKWwQ10/mfSQg/4+vYayZNuSvEpviMEZn0prpmw -jwFJcHOu0NL+7eYULMdit1BDaZfBaAu/otKn18878+0hVimyjW27564uXtJYnbf1 -hUVGvPLaSo74XBFra+kujcA3zIjWiPn6dRA5dzLrRRkb30Unl1+0a9QwY3wd3vCV -UHWSgDNaV+o7yPTuxoMsfrxHPAc3JlaKM6ka/EdK04tbgMH/N7FHXqDqCEIBWML4 -1/+HxkP2UW59zLefQwvBqWcF6bA7kgHGhIDkg1yg7ygP0t2mH6ktuEAYYr24BFx7 -b8nK/jhK+rp3LomLTLQ6e/6mikfoDr636sB1/Bc+pTdWsJnuQTzaWBDloVEr/2hz -/K5+wH2kgSKaWYUtaR6wiMbVKq3HuQGNBGAMS3EBDAC1xQNCJD3hlnihHBv7jxfH -CI5HdnUEh1eP8mUKjSE+Z0xGEMq8Z9sbTHQxtDdmC4ZOq1Kkt2LmtQQQAIH+Qnu6 -RYFOAPRmegouIxg4S3eTPZhZRo1ZqCphqbL2mQ9ifNrG3VVvQGXNvjo3Cuwj0uzx -EDtOilKEtHZhG0cfehGV+nO1n/g50EQMC7JkFWnryxVL8i4l3KstOdj+LcIT6c27 -EE2fzOUekeltBHGRFSM1Yzmn2lxruuK4I8zoiqak2St1788ay//F9tiZPfhWRb6+ -DF+JgRLCXatqTJppPpkui1irw6jN5ZabjyS7GBtH+5wpnvuMEMr484OXEg17VnCd -Tx/RTLyjfffDtTkC4M7oiAr5SUbkJjVkEuwjxp1N19epD8gzrBQC2W7XKM3z+mtG -ZLJtiW5hM+QylMv7VWxbQ21ObJmUqBQUZLPlpl3dlGU/ILw3U4urBibD9oPT2QAX -J6Db/STyl6w0bzRbMJmaEM4P0FcdEKTuw7tOpl5zBUkAEQEAAYkBtgQYAQgAIBYh -BOhHeYxiN4KKdPStTTMIXi3Nko89BQJgDEtxAhsMAAoJEDMIXi3Nko89yc8MAJKg -M5lbA/PJYlIju/qWKWt7yZbsIGuDfmuKfYftjXDOqskEqDyYgr31Txd43bWM6Ec7 -gb5JVmtzvLull0/KRwMcKAFNTXIYcb3jKpanwWRgHQlt/D6zlQula73WxwNUlZWl -Q8FCWjGa2hC8oKlTbtzm5osdcK+YhlpTpK5y4Mrg0f9Rcd297ygFQSDInpGq7ILY -sFat3HU7w9oPp9Q5RS8/EmrvAx1kFj9mZRs4L9inJJnHFpb1R6snojcKPwEyIWBi -+PFZ6ns296FjW9C+Ci7C+aaAzVDM7NAwU0/EhWeDKKHITU3Zaz4gnShesKBiVxhI -JQNFCjWlnc+o3RqbAhDQhlwFrCZWUxQi1qWy4U88IYqR9hxV0eNtGSRmwnGCT9RV -Nxb6CjtmHpgUmzyvwBpBJya8bLYu5tCKnUodtFiq/poxEfI5WrP6pu5l648AwuPa -ioovprweDWs38Q8wd/SuoaUtIoj378UDXq8acFvHHnOS/bBBfAE9tutY1ycJdg== -=Fg3f ------END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/5pkgs/simple/generate-secrets/default.nix b/krebs/5pkgs/simple/generate-secrets/default.nix index a800ff543..f9a7450f7 100644 --- a/krebs/5pkgs/simple/generate-secrets/default.nix +++ b/krebs/5pkgs/simple/generate-secrets/default.nix @@ -1,20 +1,21 @@ { pkgs }: -pkgs.writeDashBin "generate-secrets" '' +pkgs.writers.writeDashBin "generate-secrets" '' + set -eu HOSTNAME="$1" TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + cd $TMPDIR + PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1) HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null - ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null - ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null + ${pkgs.tinc_pre}/bin/tinc --config "$TMPDIR" generate-keys 4096 >/dev/null cat <<EOF > $TMPDIR/hashedPasswords.nix { root = "$HASHED_PASSWORD"; } EOF - cd $TMPDIR for x in *; do ${pkgs.coreutils}/bin/cat $x | ${pkgs.brain}/bin/brain insert -m krebs-secrets/$HOSTNAME/$x > /dev/null done @@ -31,9 +32,12 @@ pkgs.writeDashBin "generate-secrets" '' aliases = [ "$HOSTNAME.r" ]; - tinc.pubkey = ${"''"} - $(cat $TMPDIR/retiolum.rsa_key.pub) - ${"''"}; + tinc = { + pubkey = ${"''"} + $(cat $TMPDIR/rsa_key.pub) + ${"''"}; + pubkey_ed25519 = "$(cut -d ' ' -f 3 $TMPDIR/ed25519_key.pub)"; + }; }; }; ssh.privkey.path = <secrets/ssh.id_ed25519>; diff --git a/krebs/5pkgs/simple/untilport/default.nix b/krebs/5pkgs/simple/untilport/default.nix index 61bcc2b89..2930fd1eb 100644 --- a/krebs/5pkgs/simple/untilport/default.nix +++ b/krebs/5pkgs/simple/untilport/default.nix @@ -13,6 +13,6 @@ pkgs.writeDashBin "untilport" '' if [ $# -ne 2 ]; then usage else - until ${pkgs.netcat-openbsd}/bin/nc -z "$@"; do sleep 1; done + until ${pkgs.libressl.nc}/bin/nc -z "$@"; do sleep 1; done fi '' diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 71367c2f1..30be112d1 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "7f9b6e2babf232412682c09e57ed666d8f84ac2d", - "date": "2022-02-21T09:47:16+01:00", - "path": "/nix/store/4vd9z4b2s4jfn96ypdfavizy6908l71h-nixpkgs", - "sha256": "03nb8sbzgc3c0qdr1jbsn852zi3qp74z4qcy7vrabvvly8rbixp2", + "rev": "2a3aac479caeba0a65b2ad755fe5f284f1fde74d", + "date": "2022-05-09T07:45:23+00:00", + "path": "/nix/store/56hy8l0ky71qdx5zibjzzg0q8ivkk7vc-nixpkgs", + "sha256": "0px2fk64s56qxd8ir8xg8bsj5yz1w399ps4xfkyx29n2ywp9ar7c", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index e7760128f..970ffa20a 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "47cd6702934434dd02bc53a67dbce3e5493e33a2", - "date": "2022-03-04T16:09:08+01:00", - "path": "/nix/store/xbb640k873m7nmchdrnijl0f9n540ys6-nixpkgs", - "sha256": "1rvp9gx7n0gppc86bcysaybw79zl3y8yninsgz6rawdjprzvg7y6", + "rev": "fd3e33d696b81e76b30160dfad2efb7ac1f19879", + "date": "2022-04-30T11:27:15+02:00", + "path": "/nix/store/4n9dqxd8j90h0j99n8pyim6n5q1zviwg-nixpkgs", + "sha256": "1liw3glyv1cx0bxgxnq2yjp0ismg0np2ycg72rqghv75qb73zf9h", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/lass/2configs/alacritty.nix b/lass/2configs/alacritty.nix new file mode 100644 index 000000000..a57dc7c25 --- /dev/null +++ b/lass/2configs/alacritty.nix @@ -0,0 +1,99 @@ +{ config, lib, pkgs, ... }: let + + alacritty-cfg = extrVals: builtins.toJSON ({ + font = { + normal = { + family = "Inconsolata"; + style = "Regular"; + }; + bold = { + family = "Inconsolata"; + style = "Bold"; + }; + italic = { + family = "Inconsolata"; + style = "Italic"; + }; + bold_italic = { + family = "Inconsolata"; + style = "Bold Italic"; + }; + size = 8; + }; + live_config_reload = true; + window.dimensions = { + columns = 80; + lines = 20; + }; + # window.opacity = 0; + hints.enabled = [ + { + regex = ''(mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\u0000-\u001F\u007F-\u009F<>"\s{-}\^⟨⟩`]+''; + command = "/run/current-system/sw/bin/xdg-open"; + post_processing = true; + mouse.enabled = true; + binding = { + key = "U"; + mods = "Alt"; + }; + } + ]; + } // extrVals); + + alacritty = pkgs.symlinkJoin { + name = "alacritty"; + paths = [ + (pkgs.writeDashBin "alacritty" '' + ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml "$@" + '') + pkgs.alacritty + ]; + }; + +in { + environment.etc = { + "themes/light/alacritty.yaml".text = alacritty-cfg { + colors = { + # Default colors + primary = { + # hard contrast: background = '#f9f5d7' + # background = "#fbf1c7"; + background = "#f9f5d7"; + # soft contrast: background = '#f2e5bc' + foreground = "#3c3836"; + }; + + # Normal colors + normal = { + black = "#fbf1c7"; + red = "#cc241d"; + green = "#98971a"; + yellow = "#d79921"; + blue = "#458588"; + magenta = "#b16286"; + cyan = "#689d6a"; + white = "#7c6f64"; + }; + + # Bright colors + bright = { + black = "#928374"; + red = "#9d0006"; + green = "#79740e"; + yellow = "#b57614"; + blue = "#076678"; + magenta = "#8f3f71"; + cyan = "#427b58"; + white = "#3c3836"; + }; + }; + }; + "themes/dark/alacritty.yaml".text = alacritty-cfg { + colors.primary = { + background = "#000000"; + foreground = "#ffffff"; + }; + }; + }; + environment.systemPackages = [ alacritty ]; +} diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 59d1e0182..22a3037d7 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -4,6 +4,7 @@ let user = config.krebs.build.user; in { imports = [ + ./alacritty.nix ./mpv.nix ./power-action.nix ./copyq.nix @@ -13,6 +14,7 @@ in { ./pipewire.nix ./tmux.nix ./xmonad.nix + ./themes.nix { krebs.per-user.lass.packages = [ pkgs.sshuttle @@ -55,7 +57,7 @@ in { environment.systemPackages = with pkgs; [ acpi acpilight - ag + ripgrep cabal2nix dic dmenu @@ -96,12 +98,17 @@ in { '') ]; - fonts.fonts = with pkgs; [ - hack-font - hasklig - symbola - xlibs.fontschumachermisc - ]; + fonts = { + fontDir.enable = true; + enableGhostscriptFonts = true; + + fonts = with pkgs; [ + hack-font + xorg.fontschumachermisc + terminus_font_ttf + inconsolata + ]; + }; services.udev.extraRules = '' SUBSYSTEM=="backlight", ACTION=="add", \ diff --git a/lass/2configs/fysiirc.nix b/lass/2configs/fysiirc.nix index f3c1d5b7c..e12eda42e 100644 --- a/lass/2configs/fysiirc.nix +++ b/lass/2configs/fysiirc.nix @@ -54,14 +54,20 @@ in { name = "reaktor2-fysiweb-github"; }; script = ''. ${pkgs.writeDash "github-irc" '' - set -efu + set -xefu case "$Method $Request_URI" in "POST /") - payload=$(head -c "$req_content_length" \ - | sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \ - | xargs -0 echo -e \ - ) - echo "$payload" | ${format-github-message}/bin/format-github-message + payload=$(head -c "$req_content_length") + echo "$payload" >&2 + payload2=$payload + payload2=$(echo "$payload" | tr '\n' ' ' | tr -d '\r') + if [ "$payload" != "$payload2" ]; then + echo "payload has been mangled" >&2 + else + echo "payload not mangled" >&2 + fi + echo "$payload2" > /tmp/last_fysi_payload + echo "$payload2" | ${format-github-message}/bin/format-github-message printf 'HTTP/1.1 200 OK\r\n' printf 'Connection: close\r\n' printf '\r\n' diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index 8f93e0cec..cc8189f51 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -19,6 +19,7 @@ let in { imports = [ + ./pyscript ./zigbee.nix ./rooms/bett.nix ./rooms/essen.nix diff --git a/lass/2configs/hass/pyscript/.gitignore b/lass/2configs/hass/pyscript/.gitignore new file mode 100644 index 000000000..282debf56 --- /dev/null +++ b/lass/2configs/hass/pyscript/.gitignore @@ -0,0 +1 @@ +hass_token diff --git a/lass/2configs/hass/pyscript/default.nix b/lass/2configs/hass/pyscript/default.nix new file mode 100644 index 000000000..c56967e4b --- /dev/null +++ b/lass/2configs/hass/pyscript/default.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: +{ + systemd.tmpfiles.rules = [ + "L+ /var/lib/hass/custom_components/pyscript - - - - ${pkgs.fetchzip { + url = "https://github.com/custom-components/pyscript/releases/download/1.3.2/hass-custom-pyscript.zip"; + sha256 = "0cqdjj46s5xp4mqxb0ic790jm1xp3z0zr2n9f7bsfl5zpvdshl8z"; + stripRoot = false; + }}" + ]; + + services.home-assistant = { + package = (pkgs.home-assistant.overrideAttrs (old: { + doInstallCheck = false; + })).override { + extraPackages = pp: [ pp.croniter ]; + }; + config.pyscript = { + allow_all_imports = true; + hass_is_global = true; + }; + }; + + networking.firewall.interfaces.retiolum.allowedTCPPortRanges = [ + { from = 50321; to = 50341; } # for ipython interactive debugging + ]; +} diff --git a/lass/2configs/hass/pyscript/shell.nix b/lass/2configs/hass/pyscript/shell.nix new file mode 100644 index 000000000..3cfac0275 --- /dev/null +++ b/lass/2configs/hass/pyscript/shell.nix @@ -0,0 +1,51 @@ +{ pkgs ? import <nixpkgs> {} }: let + + hass_host = "styx.r"; + hass_token = builtins.readFile ./hass_token; + + mach-nix = import (builtins.fetchGit { + url = "https://github.com/DavHau/mach-nix/"; + ref = "refs/tags/3.4.0"; + }) { + pkgs = pkgs; + }; + pyenv = mach-nix.mkPython { + requirements = '' + hass_pyscript_kernel + ''; + }; + jupyter = import (builtins.fetchGit { + url = https://github.com/tweag/jupyterWith; + ref = "master"; + }) {}; + + pyscriptKernel = { + spec = pkgs.runCommand "pyscript" {} '' + mkdir -p $out/kernels/pyscript + cp ${kernel_json} $out/kernels/pyscript/kernel.json + cp ${pyscript_conf} $out/kernels/pyscript/pyscript.conf + ''; + runtimePackages = [ pyenv ]; + }; + + kernel_json = pkgs.writeText "kernel.json" (builtins.toJSON { + argv = [ + "${pyenv}/bin/python3" "-m" "hass_pyscript_kernel" + "-f" "{connection_file}" + ]; + display_name = "hass_pyscript"; + language = "python"; + }); + + pyscript_conf = pkgs.writeText "pyscript.conf" '' + [homeassistant] + hass_host = ${hass_host} + hass_url = http://''${hass_host}:8123 + hass_token = ${hass_token} + ''; + + jupyterEnvironment = jupyter.jupyterlabWith { + kernels = [ pyscriptKernel ]; + }; + +in jupyterEnvironment.env diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix index 0c59b9592..61bdefab5 100644 --- a/lass/2configs/network-manager.nix +++ b/lass/2configs/network-manager.nix @@ -11,6 +11,7 @@ "vboxnet*" ]; }; + systemd.services.NetworkManager-wait-online.enable = false; users.users.mainUser = { extraGroups = [ "networkmanager" ]; packages = with pkgs; [ diff --git a/lass/2configs/pipewire.nix b/lass/2configs/pipewire.nix index 24de0e9ed..f6ccd48d4 100644 --- a/lass/2configs/pipewire.nix +++ b/lass/2configs/pipewire.nix @@ -10,7 +10,7 @@ environment.systemPackages = with pkgs; [ alsaUtils - pulseaudioLight + pulseaudio ponymix ]; @@ -22,4 +22,15 @@ pulse.enable = true; jack.enable = true; }; + + systemd.services.wireplumber = { + environment = { + HOME = "/var/lib/wireplumber"; + DISPLAY = ":0"; + }; + path = [ + pkgs.dbus + ]; + serviceConfig.StateDirectory = "wireplumber"; + }; } diff --git a/lass/2configs/print.nix b/lass/2configs/print.nix index e2d021641..c2b3e8377 100644 --- a/lass/2configs/print.nix +++ b/lass/2configs/print.nix @@ -3,7 +3,7 @@ services.printing = { enable = true; drivers = [ - pkgs.foomatic_filters + pkgs.foomatic-filters pkgs.gutenprint ]; }; diff --git a/lass/2configs/themes.nix b/lass/2configs/themes.nix new file mode 100644 index 000000000..e020c62c4 --- /dev/null +++ b/lass/2configs/themes.nix @@ -0,0 +1,65 @@ +{ config, lib, pkgs, ... }: let + + switch-theme = pkgs.writers.writeDashBin "switch-theme" '' + set -efux + if [ "$1" = toggle ]; then + if [ "$(${pkgs.coreutils}/bin/cat /var/theme/current_theme)" = dark ]; then + ${placeholder "out"}/bin/switch-theme light + else + ${placeholder "out"}/bin/switch-theme dark + fi + elif test -e "/etc/themes/$1"; then + ${pkgs.rsync}/bin/rsync --chown=lass:users -a --delete "/etc/themes/$1/" /var/theme/config/ + echo "$1" > /var/theme/current_theme + ${pkgs.coreutils}/bin/chown lass:users /var/theme/current_theme + ${pkgs.xorg.xrdb}/bin/xrdb -merge /var/theme/config/xresources + ${pkgs.procps}/bin/pkill -HUP xsettingsd + else + echo "theme $1 not found" + fi + ''; + +in { + systemd.services.xsettingsd = { + wantedBy = [ "multi-user.target" ]; + after = [ "display-manager.service" ]; + environment.DISPLAY = ":0"; + serviceConfig = { + ExecStart = "${pkgs.xsettingsd}/bin/xsettingsd -c /var/theme/config/xsettings.conf"; + User = "lass"; + Restart = "always"; + RestartSec = "15s"; + }; + }; + systemd.tmpfiles.rules = [ + "d /var/theme/ 755 lass users" + ]; + environment.systemPackages = [ + switch-theme + ]; + environment.etc = { + "themes/light/xsettings.conf".text = '' + Net/ThemeName "Adwaita" + ''; + "themes/light/xresources".text = '' + *background: #ffffff + *foreground: #000000 + ''; + "themes/dark/xsettings.conf".text = '' + Net/ThemeName "Adwaita-dark" + ''; + "themes/dark/xresources".text = '' + *background: #000000 + *foreground: #ffffff + ''; + }; + system.activationScripts.theme.text = '' + export DISPLAY=:0 + if test -e /var/theme/current_theme; then + ${switch-theme}/bin/switch-theme "$(cat /var/theme/current_theme)" || + ${switch-theme}/bin/switch-theme dark + else + ${switch-theme}/bin/switch-theme dark + fi + ''; +} diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix index 099900d90..3b372189c 100644 --- a/lass/2configs/xmonad.nix +++ b/lass/2configs/xmonad.nix @@ -5,7 +5,7 @@ enable = true; extraPackages = hs: [ hs.extra - hs.xmonad-stockholm + hs.xmonad-contrib ]; config = /* haskell */ '' {-# LANGUAGE LambdaCase #-} @@ -53,9 +53,6 @@ import XMonad.Util.NamedWindows (getName) import XMonad.Util.Run (safeSpawn) import XMonad.Util.Ungrab (unGrab) -import XMonad.Stockholm.Shutdown (newShutdownEventHandler, shutdown) -import XMonad.Stockholm.Pager (defaultWindowColors, pager, MatchMethod(MatchPrefix), PagerConfig(..)) - data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show) instance UrgencyHook LibNotifyUrgencyHook where @@ -74,15 +71,8 @@ myFont :: String myFont = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1" main :: IO () -main = getArgs >>= \case - [] -> main' - ["--shutdown"] -> shutdown - args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure - -main' :: IO () -main' = do - handleShutdownEvent <- newShutdownEventHandler - launch $ ewmh +main = do + xmonad $ ewmh $ withUrgencyHook LibNotifyUrgencyHook $ def { terminal = myTerm @@ -94,7 +84,6 @@ main' = do (\path -> forkFile path [] Nothing) , normalBorderColor = "#1c1c1c" , focusedBorderColor = "#ff0000" - , handleEventHook = handleShutdownEvent , workspaces = [ "dashboard", "sys", "wp" ] } `additionalKeysP` myKeyMap @@ -104,6 +93,8 @@ myLayoutHook = defLayout floatHooks = composeAll [ className =? "Pinentry" --> doCenterFloat + , className =? "Pager" --> doCenterFloat + , title =? "pager" --> doCenterFloat , title =? "fzfmenu" --> doCenterFloat , title =? "glxgears" --> doCenterFloat , resource =? "Dialog" --> doFloat @@ -123,9 +114,9 @@ myKeyMap = , ("M4-S-q", restart "xmonad" True) - , ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") - , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") - , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") + , ("<XF86AudioMute>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") + , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") + , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") , ("<XF86MonBrightnessDown>", spawn "${pkgs.acpilight}/bin/xbacklight -time 0 -dec 1") , ("<XF86MonBrightnessUp>", spawn "${pkgs.acpilight}/bin/xbacklight -time 0 -inc 1") , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill") @@ -148,8 +139,9 @@ myKeyMap = , ("M4-f", floatNext True) , ("M4-b", spawn "/run/current-system/sw/bin/klem") - , ("M4-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.greedyView) ) - , ("M4-S-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) ) + , ("M4-v", spawn "${pkgs.pager}/bin/pager view") + -- , ("M4-S-v", spawn "${pkgs.pager}/bin/pager shift") + , ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift)) , ("M4-C-v", withWorkspace autoXPConfig (windows . copy)) , ("M4-m", withFocused minimizeWindow) @@ -166,7 +158,7 @@ myKeyMap = , ("M4-<F4>", spawn "${pkgs.nm-dmenu}/bin/nm-dmenu") , ("M4-<Insert>", spawn "${pkgs.writeDash "paste" '' - ${pkgs.coreutils}/bin/sleep 0.1 + ${pkgs.coreutils}/bin/sleep 0.4 ${pkgs.xclip}/bin/xclip -o | ${pkgs.xdotool}/bin/xdotool type -f - ''}") @@ -182,6 +174,7 @@ myKeyMap = , ("M4-<F12>", spawn "${pkgs.systemd}/bin/systemctl suspend -i") , ("M4-u", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") + , ("M4-y", spawn "/run/current-system/sw/bin/switch-theme toggle") , ("M4-s", spawn "${pkgs.knav}/bin/knav") , ("M4-i", spawn "/run/current-system/sw/bin/screenshot") @@ -210,21 +203,6 @@ infixAutoXPConfig = autoXPConfig { searchPredicate = isInfixOf } -pagerConfig :: PagerConfig -pagerConfig = def - { pc_font = myFont - , pc_cellwidth = 64 - , pc_matchmethod = MatchPrefix - , pc_windowColors = windowColors - } - where - windowColors _ _ _ True _ = ("#ef4242","#ff2323") - windowColors wsf m c u wf = do - let y = defaultWindowColors wsf m c u wf - if m == False && wf == True - then ("#402020", snd y) - else y - gridConfig :: GSConfig WorkspaceId gridConfig = def { gs_cellwidth = 100 @@ -234,9 +212,6 @@ gridConfig = def , gs_font = myFont } -allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] -allWorkspaceNames ws = - return $ map W.tag (W.hidden ws ++ (map W.workspace $ W.visible ws)) ++ [W.tag $ W.workspace $ W.current ws] ''; }; } diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix index 6cf28c3c2..d999a4334 100644 --- a/lass/5pkgs/l-gen-secrets/default.nix +++ b/lass/5pkgs/l-gen-secrets/default.nix @@ -8,8 +8,8 @@ pkgs.writeDashBin "l-gen-secrets" '' ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null - ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wiregrill.key - ${pkgs.coreutils}/bin/cat $TMPDIR/wiregrill.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wiregrill.pub + ${pkgs.wireguard-tools}/bin/wg genkey > $TMPDIR/wiregrill.key + ${pkgs.coreutils}/bin/cat $TMPDIR/wiregrill.key | ${pkgs.wireguard-tools}/bin/wg pubkey > $TMPDIR/wiregrill.pub cat <<EOF > $TMPDIR/hashedPasswords.nix { root = "$HASHED_PASSWORD"; |