diff options
65 files changed, 717 insertions, 599 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1946f269e..6d2f15063 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,5 +15,6 @@ nur-packages makefu: - git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD - git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git - git push --force deploy HEAD:master + - curl -XPOST http://nur-update.herokuapp.com/update?repo=makefu after_script: - rm -f deploy.key diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 7352d36e9..a3b8cab39 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -106,6 +106,7 @@ in { }; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; + syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU"; }; archprism = { cores = 1; @@ -326,6 +327,13 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "5ce7"; + aliases = [ + "skynet.w" + ]; + wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU="; + }; }; secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; @@ -487,6 +495,46 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD"; }; + + green = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.66"; + ip6.addr = r6 "12ee"; + aliases = [ + "green.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk + uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx + ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477 + n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI + hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6 + m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6 + BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1 + pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy + 2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk + UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA + udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT + 3MVh92sFyMVYkJcL7SISk80CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "12ee"; + aliases = [ + "green.w" + ]; + wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk="; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 "; + syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM"; + }; + phone = { nets = { wiregrill = { @@ -494,12 +542,12 @@ in { aliases = [ "phone.w" ]; - wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw="; + wireguard.pubkey = "MRicxap2VxPnzmXoOqqjQNGWJ54cQC8Tfy28+IXXsxM="; }; }; external = true; ci = false; - syncthing.id = "V6D4CKT-7POOIKX-KB6UM7R-3R774RB-DSZ26FE-MSW3VTO-6AIJCIA-ZHJXKA7"; + syncthing.id = "DUFMX7V-HNR6WXM-LZB5LJE-TM6QIOH-MTGHEUJ-QSD3XIY-YRFJLOR-G6Y3XQB"; }; morpheus = { cores = 1; diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa index 3d35b76e4..675ba8df2 100644 --- a/krebs/3modules/lass/ssh/android.rsa +++ b/krebs/3modules/lass/ssh/android.rsa @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPH4c2zQCaCmus4T9GvaY1lrgVR9CKV3Fx1vRn1K1XB u0_a194@android +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPF7RHU4q6w1f3xWcfeAD6u23jDs2fd/H3IuxdT5G1ZL diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 3c60eec4b..34879fd3f 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -11,8 +11,7 @@ let }) cfg.peers; folders = map (folder: { - inherit (folder) path type; - id = folder.path; + inherit (folder) path id type; devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers; rescanIntervalS = folder.rescanInterval; fsWatcherEnabled = folder.watch; @@ -83,13 +82,18 @@ in folders = mkOption { default = []; - type = types.listOf (types.submodule ({ + type = types.listOf (types.submodule ({ config, ... }: { options = { path = mkOption { type = types.absolute-pathname; }; + id = mkOption { + type = types.str; + default = config.path; + }; + peers = mkOption { type = types.listOf types.str; default = []; diff --git a/krebs/5pkgs/simple/q-power_supply.nix b/krebs/5pkgs/simple/q-power_supply.nix new file mode 100644 index 000000000..87f900194 --- /dev/null +++ b/krebs/5pkgs/simple/q-power_supply.nix @@ -0,0 +1,126 @@ +{ gawk, gnused, writeDashBin }: + +writeDashBin "q-power_supply" '' + power_supply() {( + set -efu + uevent=$1 + eval "$(${gnused}/bin/sed -n ' + s/^\([A-Z_]\+=[0-9A-Za-z_-]*\)$/export \1/p + ' $uevent)" + case $POWER_SUPPLY_NAME in + AC) + exit # not battery + ;; + esac + exec </dev/null + exec ${gawk}/bin/awk ' + function die(s) { + printf "%s: %s\n", name, s + exit 1 + } + + function print_hm(h, m) { + m = (h - int(h)) * 60 + return sprintf("%dh%dm", h, m) + } + + function print_bar(n, r, t1, t2, t_col) { + t1 = int(r * n) + t2 = n - t1 + if (r >= .42) t_col = "1;32" + else if (r >= 23) t_col = "1;33" + else if (r >= 11) t_col = "1;31" + else t_col = "5;1;31" + return sgr(t_col) strdup("■", t1) sgr(";30") strdup("■", t2) sgr() + } + + function sgr(p) { + return "\x1b[" p "m" + } + + function strdup(s,n,t) { + t = sprintf("%"n"s","") + gsub(/ /,s,t) + return t + } + + END { + name = ENVIRON["POWER_SUPPLY_NAME"] + + charge_unit = "Ah" + charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6 + charge_full = ENVIRON["POWER_SUPPLY_CHARGE_FULL"] / 10^6 + + current_unit = "A" + current_now = ENVIRON["POWER_SUPPLY_CURRENT_NOW"] / 10^6 + + energy_unit = "Wh" + energy_now = ENVIRON["POWER_SUPPLY_ENERGY_NOW"] / 10^6 + energy_full = ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6 + + power_unit = "W" + power_now = ENVIRON["POWER_SUPPLY_POWER_NOW"] / 10^6 + + voltage_unit = "V" + voltage_now = ENVIRON["POWER_SUPPLY_VOLTAGE_NOW"] / 10^6 + voltage_min_design = ENVIRON["POWER_SUPPLY_VOLTAGE_MIN_DESIGN"] / 10^6 + + #printf "charge_now: %s\n", charge_now + #printf "charge_full: %s\n", charge_full + #printf "current_now: %s\n", current_now + #printf "energy_now: %s\n", energy_now + #printf "energy_full: %s\n", energy_full + #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] + #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6 + #printf "power_now: %s\n", power_now + #printf "voltage_now: %s\n", voltage_now + + if (current_now == 0 && voltage_now != 0) { + current_now = power_now / voltage_now + } + if (power_now == 0) { + power_now = current_now * voltage_now + } + if (charge_now == 0 && voltage_min_design != 0) { + charge_now = energy_now / voltage_min_design + } + if (energy_now == 0) { + energy_now = charge_now * voltage_min_design + } + if (charge_full == 0 && voltage_min_design != 0) { + charge_full = energy_full / voltage_min_design + } + if (energy_full == 0) { + energy_full = charge_full * voltage_min_design + } + + if (charge_now == 0 || charge_full == 0) { + die("unknown charge") + } + + charge_ratio = charge_now / charge_full + + out = out name + out = out sprintf(" %s", print_bar(10, charge_ratio)) + out = out sprintf(" %d%", charge_ratio * 100) + out = out sprintf(" %.2f%s", charge_now, charge_unit) + if (current_now != 0) { + out = out sprintf("/%.1f%s", current_now, current_unit) + } + out = out sprintf(" %d%s", energy_full, energy_unit) + if (power_now != 0) { + out = out sprintf("/%.1f%s", power_now, power_unit) + } + if (current_now != 0) { + out = out sprintf(" %s", print_hm(charge_now / current_now)) + } + + print out + } + ' + )} + + for uevent in /sys/class/power_supply/*/uevent; do + power_supply "$uevent" || : + done +'' diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 28c98ceb2..1ee21020b 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "8abca4bc7b8b313c6e3073d074d623d1095c0dba", - "date": "2019-03-07T09:54:51+01:00", - "sha256": "1qhhlqkwzxwhq8ga4n7p4zg4nrhl79m6x4qd0pgaic6n4z5m82gr", + "rev": "222950952f15f6b1e9f036b80440b597f23e652d", + "date": "2019-04-05T10:07:50+02:00", + "sha256": "1hfchhy8vlc333sglabk1glkcnv4mrnarm9j4havqn7g5ri68vrd", "fetchSubmodules": false } diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index d740403da..a287f548b 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -13,17 +13,24 @@ with import <stockholm/lib>; krebs.build.host = config.krebs.hosts.blue; + krebs.syncthing.folders = [ + { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + ]; + environment.shellAliases = { deploy = pkgs.writeDash "deploy" '' set -eu export SYSTEM="$1" - $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) + $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; }; networking.nameservers = [ "1.1.1.1" ]; - lass.restic = genAttrs [ + services.restic.backups = genAttrs [ "daedalus" "icarus" "littleT" @@ -31,20 +38,19 @@ with import <stockholm/lib>; "shodan" "skynet" ] (dest: { - dirs = [ - "/home/" - "/var/lib" + initialize = true; + extraOptions = [ + "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" ]; + repository = "sftp:backup@${dest}.r:/backups/blue"; passwordFile = (toString <secrets>) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/blue"; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" + timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; + paths = [ + "/home/" + "/var/lib" ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; }); + time.timeZone = "Europe/Berlin"; users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ]; } diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index a52771a4d..21f3a8bd5 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,20 +1,14 @@ { lib, pkgs, ... }: { nixpkgs = lib.mkForce { - derivation = let - rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; - sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; - in '' - with import (builtins.fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; - sha256 = "${sha256}"; - }) {}; - pkgs.fetchFromGitHub { + file = { + path = toString (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs"; - rev = "${rev}"; - sha256 = "${sha256}"; - } - ''; + rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; + sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; + }); + useChecksum = true; + }; }; } diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix index 33a0cb473..d10ced7da 100644 --- a/lass/1systems/daedalus/physical.nix +++ b/lass/1systems/daedalus/physical.nix @@ -11,6 +11,10 @@ fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; + "/backups" = { + device = "/dev/pool/backup"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix new file mode 100644 index 000000000..6ae157e38 --- /dev/null +++ b/lass/1systems/green/config.nix @@ -0,0 +1,28 @@ +with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/mail.nix> + + #<stockholm/lass/2configs/blue.nix> + <stockholm/lass/2configs/syncthing.nix> + ]; + + krebs.build.host = config.krebs.hosts.green; + + krebs.syncthing.folders = [ + { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + ]; + + + #networking.nameservers = [ "1.1.1.1" ]; + + #time.timeZone = "Europe/Berlin"; +} diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix new file mode 100644 index 000000000..7499ff723 --- /dev/null +++ b/lass/1systems/green/physical.nix @@ -0,0 +1,8 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = false; + environment.variables.NIX_REMOTE = "daemon"; +} diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix new file mode 100644 index 000000000..21f3a8bd5 --- /dev/null +++ b/lass/1systems/green/source.nix @@ -0,0 +1,14 @@ +{ lib, pkgs, ... }: +{ + nixpkgs = lib.mkForce { + file = { + path = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; + sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; + }); + useChecksum = true; + }; + }; +} diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 868d75083..06b1e7366 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -18,6 +18,8 @@ <stockholm/lass/2configs/wine.nix> <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/nfs-dl.nix> + <stockholm/lass/2configs/prism-share.nix> ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index f35ebff56..250d96e53 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -49,6 +49,16 @@ with import <stockholm/lib>; ]; } { + krebs.syncthing.folders = [ + { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } + ]; + } + { lass.umts = { enable = true; modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09"; diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix index 680dc9bde..25425f146 100644 --- a/lass/1systems/mors/physical.nix +++ b/lass/1systems/mors/physical.nix @@ -15,6 +15,10 @@ device = "/dev/mapper/pool-virtual"; fsType = "ext4"; }; + "/backups" = { + device = "/dev/pool/backup"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 23746d210..b3b7ac0df 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -109,25 +109,6 @@ with import <stockholm/lib>; localAddress = "10.233.2.2"; }; } - { - #onondaga - systemd.services."container@onondaga".reloadIfChanged = mkForce false; - containers.onondaga = { - config = { ... }: { - imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.5"; - localAddress = "10.233.2.6"; - }; - } <stockholm/lass/2configs/exim-smarthost.nix> <stockholm/lass/2configs/ts3.nix> <stockholm/lass/2configs/privoxy-retiolum.nix> @@ -139,7 +120,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/reaktor-coders.nix> <stockholm/lass/2configs/ciko.nix> <stockholm/lass/2configs/container-networking.nix> - <stockholm/lass/2configs/monitoring/prometheus-server.nix> { # quasi bepasty.nix imports = [ <stockholm/lass/2configs/bepasty.nix> @@ -286,6 +266,7 @@ with import <stockholm/lib>; "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbsRjUwOMnxAt/K6A2M/33PbwQCEYVfqfmkXBwkw/L+ZLCnVxfdxJ79ds1k6kyUVcxfHcvxGvUCcM0wr4T7aaP79fsfSf3lcOgySeAtkQjfQL+IdMk0FQVz612cTPg2uWhMFvHGkGSBvSbKNw72RnUaw9qlF8fBx22FozrlmnbY4APTXeqwiF0VeBMq8qr4H9NdIoIFIcq398jn/Na8gYLUfmuDw18AWCt+u7Eg0B/qIU0hi/gK40Lk9+g8Nn19SCad1YOgNDG7aNpEwgT7I7BNXC5oLD31QKKuXmBa/mCLqRLAGW2sJ2ZhBR4tPLMgNrxtn2jxzVVjY+v3bWQnPocB9H9PsdtdNrULLfeJ4y9a3p3kfOzOgYMrnPAjasrkiIyOBBNEFAn/bbvpH01glbF8tVMcPOSD+W89oxTBEgqk6w34QAfySDMW34dIUHeq82v+X0wN9SK6xbBRBsjSpAC4ZcNyzl1JLIMcdZ5mbQXakD3kzDFs5kfjxlkrp3S5gqiSmCp5w/osykjxSH6wnPPCcgzpCBNGRULKw5vbzDSnLAQ3nSYB9tIj4Hp62XymsxVnY+6MsVVy206BYAXrKJomK7sIeLL2wIMYNnAUdSBjqQ5IEE2m+5+YaK0NMNsk2munNrN96ZE3r5xe/BDqfaLMpPfosOTXBtT7tLMlV6zkQ== palo@workout" ]; } { @@ -386,6 +367,7 @@ with import <stockholm/lib>; lass-icarus.pubkey lass-daedalus.pubkey lass-helios.pubkey + lass-android.pubkey makefu.pubkey wine-mors.pubkey ]; diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 4a550d0a4..41508127c 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -38,6 +38,10 @@ device = "/dev/pool/bku"; fsType = "btrfs"; }; + "/backups" = { + device = "/dev/pool/backup"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 9d8bcd7be..8b3b2814f 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -11,7 +11,8 @@ with import <stockholm/lib>; system.activationScripts.downloadFolder = '' mkdir -p /var/download - chown download:download /var/download + chown transmission:download /var/download + chown transmission:download /var/download/finished chmod 775 /var/download ''; @@ -43,7 +44,7 @@ with import <stockholm/lib>; fancyindex ]; }; - virtualHosts."dl" = { + virtualHosts.default = { default = true; locations."/Nginx-Fancyindex-Theme-dark" = { extraConfig = '' diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix index d23cf9a43..94272fdb0 100644 --- a/lass/2configs/backup.nix +++ b/lass/2configs/backup.nix @@ -2,19 +2,11 @@ with import <stockholm/lib>; { - fileSystems = { - "/backups" = { - device = "/dev/pool/backup"; - fsType = "ext4"; - }; - }; users.users.backup = { useDefaultShell = true; home = "/backups"; createHome = true; openssh.authorizedKeys.keys = with config.krebs.hosts; [ - mors.ssh.pubkey - prism.ssh.pubkey blue.ssh.pubkey ]; }; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1d2d1173d..26d6622ae 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -79,6 +79,7 @@ in { taskwarrior termite xclip + xephyrify xorg.xbacklight xorg.xhost xsel diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index cdd77e847..aad8411b1 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -23,8 +23,8 @@ with (import <stockholm/lib>); krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";} - { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";} - { predicate = "-i wiregrill -p tcp --dport 9999"; target = "ACCEPT";} + { predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";} + { predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";} ]; systemd.services.chat = let diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 085cc04b7..972b4760a 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -4,10 +4,10 @@ with import <stockholm/lib>; imports = [ <stockholm/krebs/2configs/nscd-fix.nix> ./binary-cache/client.nix + ./backup.nix ./gc.nix ./mc.nix ./vim.nix - ./monitoring/node-exporter.nix ./zsh.nix ./htop.nix ./security-workarounds.nix @@ -42,8 +42,6 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey - config.krebs.users.lass-shodan.pubkey - config.krebs.users.lass-icarus.pubkey ]; }; }; @@ -211,6 +209,7 @@ with import <stockholm/lib>; { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } { predicate = "-i retiolum -p udp -m udp --dport 53"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 19999"; target = "ACCEPT"; } ]; }; }; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 555295422..aec59261c 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -97,6 +97,9 @@ with import <stockholm/lib>; { from = "csv-direct@lassul.us"; to = lass.mail; } { from = "nintendo@lassul.us"; to = lass.mail; } { from = "overleaf@lassul.us"; to = lass.mail; } + { from = "box@lassul.us"; to = lass.mail; } + { from = "paloalto@lassul.us"; to = lass.mail; } + { from = "subtitles@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 52d380b7c..0803846aa 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -60,7 +60,10 @@ let paypal = [ "to:paypal@lassul.us" ]; ptl = [ "to:ptl@posttenebraslab.ch" ]; retiolum = [ "to:lass@mors.r" ]; - security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ]; + security = [ + "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" + "to:security-announce@lists.apple.com" + ]; shack = [ "to:shackspace.de" ]; steam = [ "to:steam@lassul.us" ]; tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ]; @@ -225,6 +228,7 @@ in { msmtp mutt pkgs.notmuch + pkgs.muchsync pkgs.haskellPackages.much tag-new-mails tag-old-mails diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix deleted file mode 100644 index 561e3a25c..000000000 --- a/lass/2configs/monitoring/node-exporter.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; } - { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; } - ]; - services.prometheus.exporters = { - node = { - enable = true; - enabledCollectors = [ - "systemd" - ]; - }; - }; -} diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix deleted file mode 100644 index b7083c776..000000000 --- a/lass/2configs/monitoring/prometheus-server.nix +++ /dev/null @@ -1,217 +0,0 @@ -{ pkgs, lib, config, ... }: -{ - #networking = { - # firewall.allowedTCPPorts = [ - # 3000 # grafana - # 9090 # prometheus - # 9093 # alertmanager - # ]; - # useDHCP = true; - #}; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; } - ]; - - services = { - prometheus = { - enable = true; - extraFlags = [ - "-storage.local.retention 8760h" - "-storage.local.series-file-shrink-ratio 0.3" - "-storage.local.memory-chunks 2097152" - "-storage.local.max-chunks-to-persist 1048576" - "-storage.local.index-cache-size.fingerprint-to-metric 2097152" - "-storage.local.index-cache-size.fingerprint-to-timerange 1048576" - "-storage.local.index-cache-size.label-name-to-label-values 2097152" - "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040" - ]; - alertmanagerURL = [ "http://localhost:9093" ]; - rules = [ - '' - ALERT node_down - IF up == 0 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Node is down.", - description = "{{$labels.alias}} has been down for more than 5 minutes." - } - ALERT node_systemd_service_failed - IF node_systemd_unit_state{state="failed"} == 1 - FOR 4m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.", - description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}." - } - ALERT node_filesystem_full_90percent - IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Filesystem is running out of space soon.", - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem." - } - ALERT node_filesystem_full_in_4h - IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.", - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours" - } - ALERT node_filedescriptors_full_in_3h - IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum - FOR 20m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.", - description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours" - } - ALERT node_load1_90percent - IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9 - FOR 1h - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Running on high load.", - description = "{{$labels.alias}} is running with > 90% total load for at least 1h." - } - ALERT node_cpu_util_90percent - IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90 - FOR 1h - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: High CPU utilization.", - description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h." - } - ALERT node_ram_using_90percent - IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1 - FOR 30m - LABELS { - severity="page" - } - ANNOTATIONS { - summary="{{$labels.alias}}: Using lots of RAM.", - description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.", - } - ALERT node_swap_using_80percent - IF node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached) > node_memory_SwapTotal * 0.8 - FOR 10m - LABELS { - severity="page" - } - ANNOTATIONS { - summary="{{$labels.alias}}: Running out of swap soon.", - description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now." - } - '' - ]; - scrapeConfigs = [ - { - job_name = "node"; - scrape_interval = "10s"; - static_configs = [ - { - targets = [ - ] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts)); - #labels = { - # alias = "prometheus.example.com"; - #}; - } - ]; - } - ]; - alertmanager = { - enable = true; - listenAddress = "0.0.0.0"; - configuration = { - "global" = { - "smtp_smarthost" = "smtp.example.com:587"; - "smtp_from" = "alertmanager@example.com"; - }; - "route" = { - "group_by" = [ "alertname" "alias" ]; - "group_wait" = "30s"; - "group_interval" = "2m"; - "repeat_interval" = "4h"; - "receiver" = "team-admins"; - }; - "receivers" = [ - { - "name" = "team-admins"; - "email_configs" = [ - { - "to" = "devnull@example.com"; - } - ]; - "webhook_configs" = [ - { - "url" = "http://127.0.0.1:14813/prometheus-alerts"; - "send_resolved" = true; - } - ]; - } - ]; - }; - }; - }; - grafana = { - enable = true; - addr = "0.0.0.0"; - domain = "grafana.example.com"; - rootUrl = "https://grafana.example.com/"; - auth.anonymous.enable = true; - auth.anonymous.org_role = "Admin"; - }; - }; - services.logstash = { - enable = true; - inputConfig = '' - http { - port => 14813 - host => "127.0.0.1" - } - ''; - filterConfig = '' - if ([alerts]) { - ruby { - code => ' - lines = [] - event["alerts"].each {|p| - lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}" - } - event["output"] = lines.join("\n") - ' - } - } - ''; - outputConfig = '' - file { path => "/tmp/logs.json" codec => "json_lines" } - irc { - channels => [ "#noise" ] - host => "irc.r" - nick => "alarm" - codec => "json_lines" - format => "%{output}" - } - ''; - #plugins = [ ]; - }; -} diff --git a/lass/2configs/prism-share.nix b/lass/2configs/prism-share.nix new file mode 100644 index 000000000..70e616ec6 --- /dev/null +++ b/lass/2configs/prism-share.nix @@ -0,0 +1,39 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: + +{ + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 139"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 445"; target = "ACCEPT"; } + { predicate = "-p udp --dport 137"; target = "ACCEPT"; } + { predicate = "-p udp --dport 138"; target = "ACCEPT"; } + ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + services.samba = { + enable = true; + enableNmbd = true; + shares = { + incoming = { + path = "/mnt/prism"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 4baec1976..7fd6a2a29 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -29,7 +29,7 @@ in { hooks.url-title { activate = "match"; - pattern = ''@([^ ]+) (.*)$''; + pattern = ''^@([^ ]+) (.*)$''; command = 1; arguments = [2]; env.HOME = config.krebs.reaktor2.coders.stateDir; @@ -66,7 +66,7 @@ in { } { activate = "match"; - pattern = ''!([^ ]+)(?:\s*(.*))?''; + pattern = ''^!([^ ]+)(?:\s*(.*))?''; command = 1; arguments = [2]; commands = { diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 164e89679..842abc195 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -3,6 +3,7 @@ with import <stockholm/lib>; { services.syncthing = { enable = true; + group = "syncthing"; }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} @@ -14,7 +15,15 @@ with import <stockholm/lib>; key = toString <secrets/syncthing.key>; peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); folders = [ - { path = "/tmp/testsync"; peers = [ "icarus" "mors" "skynet" ]; } + { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism"]; } ]; }; + + system.activationScripts.syncthing-home = '' + ${pkgs.coreutils}/bin/chmod a+x /home/lass + ''; + + lass.ensure-permissions = [ + { folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; } + ]; } diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index cfb835d78..cd270bdf8 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -6,7 +6,6 @@ let in { #services.virtualboxHost.enable = true; virtualisation.virtualbox.host.enable = true; - nixpkgs.config.virtualbox.enableExtensionPack = true; virtualisation.virtualbox.host.enableHardening = false; users.extraUsers = { diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 7fb248139..b58484773 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -94,7 +94,7 @@ in { config = { adminpassFile = toString <secrets> + "/nextcloud_pw"; }; - #https = true; + https = true; nginx.enable = true; }; services.nginx.virtualHosts."o.xanf.org" = { @@ -234,11 +234,13 @@ in { createHome = true; }; + krebs.on-failure.plans.restic-backups-domsen = {}; services.restic.backups.domsen = { initialize = true; - extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ]; + extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ]; repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; passwordFile = toString <secrets> + "/domsen_backup_pw"; + timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; paths = [ "/srv/http" "/home/domsen/Mail" diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 71a5cdda9..02d7ffc8c 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -6,8 +6,6 @@ let in { users.users= { wine = { - name = "wine"; - description = "user for running wine"; home = "/home/wine"; useDefaultShell = true; extraGroups = [ diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 76cac9f56..53106b03b 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -28,8 +28,8 @@ } zle -N down-line-or-local-history - setopt share_history - setopt hist_ignore_dups + setopt SHARE_HISTORY + setopt HIST_IGNORE_ALL_DUPS # setopt inc_append_history bindkey '^R' history-incremental-search-backward diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 613c7c8ac..59043aeb1 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -3,6 +3,7 @@ _: imports = [ ./dnsmasq.nix ./ejabberd + ./ensure-permissions.nix ./folderPerms.nix ./hosts.nix ./mysql-backup.nix diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix new file mode 100644 index 000000000..36edc1127 --- /dev/null +++ b/lass/3modules/ensure-permissions.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: with import <stockholm/lib>; + +let + + cfg = config.lass.ensure-permissions; + +in + +{ + options.lass.ensure-permissions = mkOption { + default = []; + type = types.listOf (types.submodule ({ + options = { + + folder = mkOption { + type = types.absolute-pathname; + }; + + owner = mkOption { + # TODO user type + type = types.str; + default = "root"; + }; + + group = mkOption { + # TODO group type + type = types.str; + default = "root"; + }; + + permission = mkOption { + # TODO permission type + type = types.str; + default = "u+rw,g+rw"; + }; + + }; + })); + }; + + config = mkIf (cfg != []) { + + system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: '' + ${pkgs.coreutils}/bin/mkdir -p ${plan.folder} + ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder} + ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder} + '') cfg; + systemd.services = + listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "always"; + RestartSec = 10; + ExecStart = pkgs.writeDash "ensure-perms" '' + ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \ + | while IFS= read -r FILE; do + ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null + ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null + done + ''; + }; + }) cfg) + ; + + }; +} diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix index 29c3861f2..b5c69b65a 100644 --- a/lass/3modules/screenlock.nix +++ b/lass/3modules/screenlock.nix @@ -13,15 +13,18 @@ let api = { enable = mkEnableOption "screenlock"; command = mkOption { - type = types.str; - default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1"; + type = types.path; + default = pkgs.writeDash "screenlock" '' + ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 + sleep 3 + ''; }; }; imp = { systemd.services.screenlock = { before = [ "sleep.target" ]; - wantedBy = [ "sleep.target" ]; + requiredBy = [ "sleep.target" ]; environment = { DISPLAY = ":${toString config.services.xserver.display}"; }; diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 1f2e7110e..9d6f8e00c 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -133,7 +133,7 @@ myKeyMap = , ("M4-f", floatNext True) , ("M4-b", sendMessage ToggleStruts) - , ("M4-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) ) + , ("M4-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.greedyView) ) , ("M4-S-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) ) , ("M4-C-v", withWorkspace autoXPConfig (windows . copy)) @@ -169,6 +169,7 @@ myKeyMap = , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") , ("M4-s", spawn "${pkgs.knav}/bin/knav") + , ("<Print>", spawn "${pkgs.flameshot-once}/bin/flameshot-once") --, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView)) --, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView)) @@ -220,7 +221,7 @@ gridConfig = def allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] allWorkspaceNames ws = - return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws] + return $ map W.tag (W.hidden ws ++ (map W.workspace $ W.visible ws)) ++ [W.tag $ W.workspace $ W.current ws] ''; }; } diff --git a/lass/krops.nix b/lass/krops.nix index d64454ea5..12652216a 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -11,7 +11,7 @@ {} ; - source = { test }: lib.evalSource [ + source = { test }: lib.evalSource ([ (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; @@ -24,8 +24,7 @@ }; }; } - host-source - ]; + ] ++ (lib.optional (! test) host-source)); in { diff --git a/makefu/0tests/data/secrets/hass/router.nix b/makefu/0tests/data/secrets/hass/router.nix new file mode 100644 index 000000000..e16c76dff --- /dev/null +++ b/makefu/0tests/data/secrets/hass/router.nix @@ -0,0 +1 @@ +"" diff --git a/makefu/0tests/data/secrets/hass/telegram-bot.json b/makefu/0tests/data/secrets/hass/telegram-bot.json new file mode 100644 index 000000000..1e1857df9 --- /dev/null +++ b/makefu/0tests/data/secrets/hass/telegram-bot.json @@ -0,0 +1,5 @@ +{ + "platform": "polling", + "api_key": "1:A", + "allowed_chat_ids": [ 0, 1 ] +} diff --git a/makefu/2configs/bureautomation/automation/10h_timer.nix b/makefu/2configs/bureautomation/automation/10h_timer.nix index a311d468c..dd747114e 100644 --- a/makefu/2configs/bureautomation/automation/10h_timer.nix +++ b/makefu/2configs/bureautomation/automation/10h_timer.nix @@ -2,8 +2,9 @@ { alias = "start Felix 10h"; trigger = { platform = "state"; - entity_id = "binary_sensor.redbutton"; - to = "on"; + entity_id = [ "device_tracker.felix_phone" "device_tracker.felix_laptop" ]; + from = "not_home"; + to = "home"; }; condition = { condition = "and"; @@ -127,7 +128,13 @@ }; action = [ - # TODO: Pushbullet + { + service = "notify.telegrambot"; + data = { + title = "Zu lange Felix!"; + message = "Du bist schon 10 Stunden auf Arbeit, geh jetzt gefälligst nach Hause!"; + }; + } { service = "homeassistant.turn_on"; entity_id = [ diff --git a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix index 9e6574300..c632a9e69 100644 --- a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix +++ b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix @@ -1,9 +1,10 @@ [ - { alias = "Turn on Fernseher on movement"; + { alias = "Turn on Fernseher on group home"; trigger = { platform = "state"; - entity_id = "binary_sensor.motion"; - to = "on"; + entity_id = "group.team"; + from = "not_home"; + to = "home"; }; action = { service = "homeassistant.turn_on"; @@ -13,28 +14,38 @@ ]; }; } - { alias = "Turn off Fernseher 10 minutes after last movement"; + { alias = "Turn off Fernseher after last in group left"; trigger = [ { # trigger when movement was detected at the time platform = "state"; - entity_id = "binary_sensor.motion"; - to = "off"; - for.minutes = 10; + entity_id = "group.team"; + from = "home"; + to = "not_home"; } - { # trigger at 20:00 no matter what + { # trigger at 18:00 no matter what # to avoid 'everybody left before 18:00:00' platform = "time"; at = "18:00:00"; } ]; - action = { - service = "homeassistant.turn_off"; - entity_id = [ - "switch.fernseher" - "switch.feuer" - "light.status_felix" - ]; - }; + action = [ + { + service = "homeassistant.turn_off"; + entity_id = [ + "switch.fernseher" + "switch.feuer" + "light.status_felix" + "light.status_daniel" + ]; + } + { + service = "notify.telegrambot"; + data = { + title = "Bureau Shutdown"; + message = "All devices are turned off due to {{ trigger.platform }} - {{ trigger }}"; + }; + } + ]; condition = { condition = "and"; conditions = [ @@ -44,10 +55,10 @@ after = "18:00:00"; # weekday = [ "mon" "tue" "wed" "thu" "fri" ]; } - { + { # if anybody is still there condition = "state"; - entity_id = "binary_sensor.motion"; - state = "off"; + entity_id = "group.team"; + state = "not_home"; } ]; }; diff --git a/makefu/2configs/bureautomation/automation/nachtlicht.nix b/makefu/2configs/bureautomation/automation/nachtlicht.nix index 066e9b06c..2becd4a39 100644 --- a/makefu/2configs/bureautomation/automation/nachtlicht.nix +++ b/makefu/2configs/bureautomation/automation/nachtlicht.nix @@ -9,7 +9,7 @@ action = { service = "homeassistant.turn_off"; - entity_id = [ "switch.nachtlicht" ]; + entity_id = [ "group.nachtlicht" ]; }; } @@ -37,7 +37,7 @@ action = { service = "homeassistant.turn_on"; - entity_id = [ "switch.nachtlicht" ]; + entity_id = [ "group.nachtlicht" ]; }; } ] diff --git a/makefu/2configs/bureautomation/device_tracker/openwrt.nix b/makefu/2configs/bureautomation/device_tracker/openwrt.nix new file mode 100644 index 000000000..0db9821a1 --- /dev/null +++ b/makefu/2configs/bureautomation/device_tracker/openwrt.nix @@ -0,0 +1,14 @@ +[ + { platform = "luci"; + name = "router"; + host = "192.168.8.1"; + username = "root"; + password = import <secrets/hass/router.nix>; + interval_seconds = 30; # instead of 12seconds + consider_home = 300; # 5 minutes timeout + new_device_defaults = { + track_new_devices = true; + hide_if_away = false; + }; + } +] diff --git a/makefu/2configs/bureautomation/devices/users.nix b/makefu/2configs/bureautomation/devices/users.nix new file mode 100644 index 000000000..305c0ca86 --- /dev/null +++ b/makefu/2configs/bureautomation/devices/users.nix @@ -0,0 +1,17 @@ +{ + thorsten-phone = { + name = "Thorsten"; + mac = "8c:f5:a3:bc:83:a0"; + track = true; + hide_if_away = true; + }; + felix-laptop = { + name = "Felix"; + mac = "6c:88:14:b4:43:9c"; + track = true; + hide_if_away = true; + }; + # b0:e5:ed:52:ee:43 - honor8 + # 38:94:96:b0:13:c7 - android-4ef03e4f4a14b6b9 + # ac:5f:3e:cc:b8:5e - Galaxy S7 +} diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix index 007d00b09..4e5fe7b63 100644 --- a/makefu/2configs/bureautomation/hass.nix +++ b/makefu/2configs/bureautomation/hass.nix @@ -1,8 +1,9 @@ { pkgs, lib, ... }: let + kodi-host = "192.168.8.11"; in { networking.firewall.allowedTCPPorts = [ 8123 ]; - + state = [ "/var/lib/hass/known_devices.yaml" ]; services.home-assistant = { enable = true; config = { @@ -33,7 +34,8 @@ in { retain = true; }; }; - switch = (import ./switch/tasmota_switch.nix); + switch = (import ./switch/tasmota_switch.nix) ++ + (import ./switch/rfbridge.nix); light = (import ./light/statuslight.nix) ++ (import ./light/buzzer.nix); timer = { @@ -53,8 +55,20 @@ in { notify = [ { platform = "kodi"; - name = "wbob"; - host = "192.168.8.11"; + name = "wbob-kodi"; + host = kodi-host; + } + { + platform = "telegram"; + name = "telegrambot"; + chat_id = builtins.elemAt + (builtins.fromJSON (builtins.readFile + <secrets/hass/telegram-bot.json>)).allowed_chat_ids 0; + } + ]; + media_player = [ + { platform = "kodi"; + host = kodi-host; } ]; script = (import ./script/multi_blink.nix) {inherit lib;}; @@ -70,6 +84,10 @@ in { camera = (import ./camera/verkehrskamera.nix); + # not yet released + #person = + # (import ./person/team.nix ); + frontend = { }; http = { }; conversation = {}; @@ -77,41 +95,63 @@ in { logbook = {}; tts = [ { platform = "google";} ]; recorder = {}; + telegram_bot = [ + (builtins.fromJSON + (builtins.readFile <secrets/hass/telegram-bot.json>)) + ]; group = { default_view = { view = "yes"; entities = [ "group.sensors" + "group.camera" "group.outside" + "group.team" + "group.nachtlicht" "group.switches" - "group.automation" - # "group.camera" ]; }; automation = [ - "timer.felix_10h" - "script.blitz_10s" - "script.buzz_red_led_fast" - "camera.Baumarkt" ]; switches = [ "switch.bauarbeiterlampe" "switch.blitzdings" "switch.fernseher" "switch.feuer" - "switch.nachtlicht" "light.status_felix" "light.status_daniel" "light.buslicht" - "light.redbutton_buzzer" ]; - - camera = [ ]; + team = [ + "device_tracker.thorsten_phone" + "device_tracker.felix_phone" + "device_tracker.ecki_tablet" + "device_tracker.daniel_phone" + "device_tracker.carsten_phone" + # "person.thorsten" + # "person.felix" + # "person.ecki" + # "person.daniel" + ]; + camera = [ + "camera.Baumarkt" + "camera.Autobahn_Heilbronn" + "camera.Autobahn_Singen" + ]; + nachtlicht = [ + "switch.nachtlicht_a" + "switch.nachtlicht_b" + "switch.nachtlicht_c" + "switch.nachtlicht_d" + ]; sensors = [ - "binary_sensor.motion" - "binary_sensor.redbutton" + "media_player.kodi" + "script.blitz_10s" + "script.buzz_red_led_fast" + "timer.felix_10h" "sensor.easy2_dht22_humidity" "sensor.easy2_dht22_temperature" + # "binary_sensor.redbutton" ]; outside = [ # "sensor.ditzingen_pm10" @@ -120,8 +160,7 @@ in { "sensor.dark_sky_humidity" # "sensor.dark_sky_pressure" "sensor.dark_sky_hourly_summary" - "camera.Autobahn_Heilbronn" - "camera.Autobahn_Singen" + "device_tracker.router" ]; }; # only for automation @@ -131,7 +170,7 @@ in { automation = (import ./automation/bureau-shutdown.nix) ++ (import ./automation/nachtlicht.nix) ++ (import ./automation/10h_timer.nix); - + device_tracker = (import ./device_tracker/openwrt.nix ); }; }; } diff --git a/makefu/2configs/bureautomation/light/statuslight.nix b/makefu/2configs/bureautomation/light/statuslight.nix index 3a9582f2f..0acab7281 100644 --- a/makefu/2configs/bureautomation/light/statuslight.nix +++ b/makefu/2configs/bureautomation/light/statuslight.nix @@ -8,20 +8,20 @@ let inherit name; retain = false; qos = 1; - optimistic = false; + #optimistic = true; # state - # TODO: currently broken, will not use the custom state topic - state_topic = "/bam/${topic}/stat/POWER"; command_topic = "/bam/${topic}/cmnd/POWER"; + state_topic = "/bam/${topic}/tele/STATE"; + value_template = "{{ value_json.POWER }}"; availability_topic = "/bam/${topic}/tele/LWT"; - payload_on= "ON"; - payload_off= "OFF"; + payload_on = "ON"; + payload_off = "OFF"; payload_available= "Online"; payload_not_available= "Offline"; # brightness - brightness_state_topic = "/bam/${topic}/stat/Dimmer"; + brightness_state_topic = "/bam/${topic}/tele/STATE"; + brightness_value_template = "{{value_json.Dimmer}}"; brightness_command_topic = "/bam/${topic}/cmnd/Dimmer"; - brightness_value_template = "{{ value_json.Dimmer }}"; brightness_scale = 100; # color rgb_state_topic = "/bam/${topic}/stat/Color"; @@ -29,10 +29,11 @@ let rgb_command_mode = "hex"; rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}"; # effects - effect_state_topic = "/bam/${topic}/stat/Scheme"; + effect_state_topic = "/bam/${topic}/tele/STATE"; + effects_value_template = "{{value_json.Scheme}}"; effect_command_topic = "/bam/${topic}/cmnd/Scheme"; effect_value_template = "{{ value_json.Scheme }}"; - effect_list = [ + effect_list = [ 0 # single color for LED light 1 # start wake up sequence (same as Wakeup) 2 # cycle up through colors using Speed option diff --git a/makefu/2configs/bureautomation/person/team.nix b/makefu/2configs/bureautomation/person/team.nix new file mode 100644 index 000000000..e18c42194 --- /dev/null +++ b/makefu/2configs/bureautomation/person/team.nix @@ -0,0 +1,29 @@ +[ + { name = "Thorsten"; + id = 1; + device_trackers = [ + "device_tracker.thorsten_phone" + "device_tracker.thorsten_arbeitphone" + ]; + } + { name = "Felix"; + id = 2; + device_trackers = [ + "device_tracker.felix_phone" + "device_tracker.felix_laptop" + ]; + } + { name = "Ecki"; + id = 3; + device_trackers = [ + "device_tracker.ecki_phone" + "device_tracker.ecki_tablet" + ]; + } + { name = "Daniel"; + id = 4; + device_trackers = [ + "device_tracker.daniel_phone" + ]; + } +] diff --git a/makefu/2configs/bureautomation/switch/rfbridge.nix b/makefu/2configs/bureautomation/switch/rfbridge.nix new file mode 100644 index 000000000..1336549a3 --- /dev/null +++ b/makefu/2configs/bureautomation/switch/rfbridge.nix @@ -0,0 +1,17 @@ +let + topic = "rfbridge"; + bridge = name: payload_on: payload_off: + { platform = "mqtt"; + inherit name payload_on payload_off; + command_topic = "/bam/${topic}/cmnd/rfcode"; + availability_topic = "/bam/${topic}/tele/LWT"; + payload_available= "Online"; + payload_not_available= "Offline"; + }; +in +[ + (bridge "Nachtlicht A" "#414551" "#414554") + (bridge "Nachtlicht B" "#415151" "#415154") + (bridge "Nachtlicht C" "#415451" "#415454") + (bridge "Nachtlicht D" "#41551F" "#415514") +] diff --git a/makefu/2configs/bureautomation/switch/tasmota_switch.nix b/makefu/2configs/bureautomation/switch/tasmota_switch.nix index b00a8e454..115bae0cc 100644 --- a/makefu/2configs/bureautomation/switch/tasmota_switch.nix +++ b/makefu/2configs/bureautomation/switch/tasmota_switch.nix @@ -2,18 +2,21 @@ let tasmota_plug = name: topic: { platform = "mqtt"; inherit name; - state_topic = "/bam/${topic}/stat/POWER"; + state_topic = "/bam/${topic}/tele/STATE"; + value_template = "{{ value_json.POWER }}"; command_topic = "/bam/${topic}/cmnd/POWER"; availability_topic = "/bam/${topic}/tele/LWT"; payload_on= "ON"; payload_off= "OFF"; payload_available= "Online"; payload_not_available= "Offline"; + retain = false; + qos = 1; }; in [ (tasmota_plug "Bauarbeiterlampe" "plug") (tasmota_plug "Blitzdings" "plug2") (tasmota_plug "Fernseher" "plug3") (tasmota_plug "Feuer" "plug4") - (tasmota_plug "Nachtlicht" "plug5") + (tasmota_plug "Blaulicht" "plug5") ] diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix index d14a611b4..8a58e44de 100644 --- a/makefu/2configs/editor/vim.nix +++ b/makefu/2configs/editor/vim.nix @@ -23,6 +23,7 @@ in { vimrcConfig.vam.pluginDictionaries = [ { names = [ "undotree" # "YouCompleteMe" + "LanguageClient-neovim" "vim-better-whitespace" ]; } # vim-nix handles indentation better but does not perform sanity { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc index 8cdab55db..96c505ba8 100644 --- a/makefu/2configs/editor/vimrc +++ b/makefu/2configs/editor/vimrc @@ -96,3 +96,14 @@ augroup Binary au BufWritePost *.bin if &bin | %!xxd au BufWritePost *.bin set nomod | endif augroup END + +let g:LanguageClient_serverCommands = { +\ 'python': ['pyls'] +\ } +nnoremap <F6> :call LanguageClient_contextMenu()<CR> +nnoremap <silent> gh :call LanguageClient_textDocument_hover()<CR> +nnoremap <silent> gd :call LanguageClient_textDocument_definition()<CR> +nnoremap <silent> gr :call LanguageClient_textDocument_references()<CR> +nnoremap <silent> gs :call LanguageClient_textDocument_documentSymbol()<CR> +nnoremap <silent> <F2> :call LanguageClient_textDocument_rename()<CR> +nnoremap <silent> gf :call LanguageClient_textDocument_formatting()<CR> diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index b6554e040..6844fdfe4 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -10,6 +10,7 @@ ./games.nix ./media.nix ./mobility.nix + ./pcmanfm-extra.nix ./scanner-tools.nix ./sec.nix ./sec-gui.nix diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 582d941a6..41bfef270 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -6,7 +6,7 @@ chromium feh clipit - firefox + # firefox keepassx pcmanfm evince diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index fe25bd49a..23da9d577 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -2,10 +2,15 @@ { users.users.makefu.packages = with pkgs;[ - python3 - python3Packages.pyserial + (python3.withPackages(ps: [ + ps.python-language-server + # the following plugins are optional, they provide type checking, import sorting and code formatting + ps.pyls-mypy ps.pyls-isort ps.pyls-black + ps.virtualenv + ])) picocom - python3Packages.virtualenv + python3.pkgs.pyserial + python3.pkgs.virtualenv # embedded gi flashrom @@ -26,6 +31,6 @@ nix-review # git-related tig - init-host + (pkgs.callPackage ./init-host {}) ]; } diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 3d26cc574..dfb4183df 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -14,5 +14,6 @@ saleae-logic gitAndTools.gitFull signal-desktop + rambox ]; } diff --git a/makefu/5pkgs/init-host/default.nix b/makefu/2configs/tools/init-host/default.nix index d1d3f7195..d1d3f7195 100644 --- a/makefu/5pkgs/init-host/default.nix +++ b/makefu/2configs/tools/init-host/default.nix diff --git a/makefu/2configs/tools/pcmanfm-extra.nix b/makefu/2configs/tools/pcmanfm-extra.nix new file mode 100644 index 000000000..2d5d20f80 --- /dev/null +++ b/makefu/2configs/tools/pcmanfm-extra.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: +{ + users.users.makefu.packages = with pkgs; [ + pcmanfm + lxqt.lxqt-policykit + shared_mime_info + lxmenu-data + ]; + environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; + services.gnome3.gvfs.enable = true; +} diff --git a/makefu/5pkgs/bento4/default.nix b/makefu/5pkgs/bento4/default.nix deleted file mode 100644 index 6f5f1deba..000000000 --- a/makefu/5pkgs/bento4/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ stdenv, fetchFromGitHub -, cmake -}: -stdenv.mkDerivation rec { - name = "bento4-${version}"; - version = "1.5.1-624"; - - src = fetchFromGitHub { - owner = "axiomatic-systems"; - repo = "Bento4"; - rev = "v${version}"; - sha256 = "1cq6vhrq3n3lc1n454slbc66qdyqam2srxgdhfpyfxbq5c4y06nf"; - }; - - nativeBuildInputs = [ cmake ]; - installPhase = '' - mkdir -p $out/{lib,bin} - find -iname '*.so' -exec mv --target-directory="$out/lib" {} \; - find -maxdepth 1 -executable -type f -exec mv --target-directory="$out/bin" {} \; - ''; - - meta = with stdenv.lib; { - description = "Full-featured MP4 format and MPEG DASH library and tools"; - homepage = http://bento4.com; - license = licenses.gpl3; - maintainers = with maintainers; [ makefu ]; - platforms = with platforms; linux; - }; -} diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 8ae41427c..1ae10459f 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -1,4 +1,4 @@ -self: super: +self: super: with super.lib; with builtins; let # This callPackage will try to detect obsolete overrides. callPackage = path: args: let diff --git a/makefu/5pkgs/prison-break/default.nix b/makefu/5pkgs/prison-break/default.nix new file mode 100644 index 000000000..f86ac3762 --- /dev/null +++ b/makefu/5pkgs/prison-break/default.nix @@ -0,0 +1,20 @@ +{pkgs, fetchFromGitHub}: +with pkgs.python3.pkgs; + +buildPythonPackage rec { + pname = "prison-break"; + version = "0.1.0"; + src = fetchFromGitHub { + owner = "makefu"; + repo = pname; + rev = "5eed6371e151e716faafa054e005bd98d77b4b5d"; + sha256 = "170zs9grbgkx83ghg6pm13v7vhi604y44j550ypp2x26nidaw63j"; + }; + propagatedBuildInputs = [ + docopt + requests + beautifulsoup4 + (callPackage ./straight-plugin.nix {}) + ]; + checkInputs = [ black ]; +} diff --git a/makefu/5pkgs/prison-break/straight-plugin.nix b/makefu/5pkgs/prison-break/straight-plugin.nix new file mode 100644 index 000000000..606c60b5d --- /dev/null +++ b/makefu/5pkgs/prison-break/straight-plugin.nix @@ -0,0 +1,22 @@ +{ lib +, buildPythonPackage +, fetchPypi +}: + +buildPythonPackage rec { + pname = "straight-plugin"; + version = "1.5.0"; + + src = fetchPypi { + pname = "straight.plugin"; + inherit version; + sha256 = "818a7641068932ed6436d0af0a3bb77bbbde29df0a7142c8bd1a249e7c2f0d38"; + }; + + meta = with lib; { + description = "A simple namespaced plugin facility"; + homepage = https://github.com/ironfroggy/straight.plugin; + license = licenses.mit; + maintainers = [ maintainers.makefu ]; + }; +} diff --git a/makefu/5pkgs/targetcli/default.nix b/makefu/5pkgs/targetcli/default.nix deleted file mode 100644 index 927c34c5a..000000000 --- a/makefu/5pkgs/targetcli/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ pkgs, fetchFromGitHub, ... }: -with pkgs.python2Packages; -let - version = "2.1"; - rtslib = buildPythonPackage rec { - pname = "rtslib"; - inherit version; - src = fetchFromGitHub { - owner = "datera"; - repo = "rtslib"; - rev = version; - sha256 = "1d58k9i4xigfqgycyismsqzkz65ssjdri2v9fg0wpica1klyyv22"; - }; - propagatedBuildInputs = [ ipaddr netifaces configobj ]; - }; - configshell = buildPythonPackage rec { - pname = "configshell"; - version = "1.6"; - src = fetchFromGitHub { - owner = "datera"; - repo = "configshell"; - rev = version; - sha256 = "14n7xbcaicsvwajv1aihz727dlkn6zfaqjbnn7mcpns83c2hms7y"; - }; - propagatedBuildInputs = [ pyparsing ]; - }; - - tcm-py = buildPythonPackage rec { - pname = "tcm-py"; - version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; - src = fetchFromGitHub { - owner = "datera"; - repo = "lio-utils"; - rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; - sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0"; - } + "/tcm-py"; - propagatedBuildInputs = [ ]; - }; - - lio-py = buildPythonPackage rec { - pname = "lio-py"; - version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; - src = fetchFromGitHub { - owner = "datera"; - repo = "lio-utils"; - rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; - sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0"; - } + "/lio-py"; - propagatedBuildInputs = [ ]; - }; - -in buildPythonApplication rec { - pname = "targetcli"; - inherit version; - - propagatedBuildInputs = [ rtslib configshell lio-py tcm-py ]; - - src = fetchFromGitHub { - owner = "datera"; - repo = "targetcli"; - rev = version; - sha256 = "10nax7761g93qzky01y3hra8i4s11cgyy9w5w6l8781lj21lgi3d"; - }; -} diff --git a/submodules/nix-writers b/submodules/nix-writers -Subproject d856f05daff9cd726d1e798f1bb9a18eecbe2f5 +Subproject c528cf970e292790b414b4c1c8c8e9d7e73b2a7 diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix index 7906b968f..e17282e17 100644 --- a/tv/5pkgs/simple/q/default.nix +++ b/tv/5pkgs/simple/q/default.nix @@ -102,131 +102,6 @@ let ' ''; - q-power_supply = let - power_supply = pkgs.writeBash "power_supply" '' - set -efu - uevent=$1 - eval "$(${pkgs.gnused}/bin/sed -n ' - s/^\([A-Z_]\+=[0-9A-Za-z_-]*\)$/export \1/p - ' $uevent)" - case $POWER_SUPPLY_NAME in - AC) - exit # not battery - ;; - esac - exec </dev/null - exec ${pkgs.gawk}/bin/awk ' - function die(s) { - printf "%s: %s\n", name, s - exit 1 - } - - function print_hm(h, m) { - m = (h - int(h)) * 60 - return sprintf("%dh%dm", h, m) - } - - function print_bar(n, r, t1, t2, t_col) { - t1 = int(r * n) - t2 = n - t1 - if (r >= .42) t_col = "1;32" - else if (r >= 23) t_col = "1;33" - else if (r >= 11) t_col = "1;31" - else t_col = "5;1;31" - return sgr(t_col) strdup("■", t1) sgr(";30") strdup("■", t2) sgr() - } - - function sgr(p) { - return "\x1b[" p "m" - } - - function strdup(s,n,t) { - t = sprintf("%"n"s","") - gsub(/ /,s,t) - return t - } - - END { - name = ENVIRON["POWER_SUPPLY_NAME"] - - charge_unit = "Ah" - charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6 - charge_full = ENVIRON["POWER_SUPPLY_CHARGE_FULL"] / 10^6 - - current_unit = "A" - current_now = ENVIRON["POWER_SUPPLY_CURRENT_NOW"] / 10^6 - - energy_unit = "Wh" - energy_now = ENVIRON["POWER_SUPPLY_ENERGY_NOW"] / 10^6 - energy_full = ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6 - - power_unit = "W" - power_now = ENVIRON["POWER_SUPPLY_POWER_NOW"] / 10^6 - - voltage_unit = "V" - voltage_now = ENVIRON["POWER_SUPPLY_VOLTAGE_NOW"] / 10^6 - voltage_min_design = ENVIRON["POWER_SUPPLY_VOLTAGE_MIN_DESIGN"] / 10^6 - - #printf "charge_now: %s\n", charge_now - #printf "charge_full: %s\n", charge_full - #printf "current_now: %s\n", current_now - #printf "energy_now: %s\n", energy_now - #printf "energy_full: %s\n", energy_full - #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] - #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6 - #printf "power_now: %s\n", power_now - #printf "voltage_now: %s\n", voltage_now - - if (current_now == 0 && voltage_now != 0) { - current_now = power_now / voltage_now - } - if (power_now == 0) { - power_now = current_now * voltage_now - } - if (charge_now == 0 && voltage_min_design != 0) { - charge_now = energy_now / voltage_min_design - } - if (energy_now == 0) { - energy_now = charge_now * voltage_min_design - } - if (charge_full == 0 && voltage_min_design != 0) { - charge_full = energy_full / voltage_min_design - } - if (energy_full == 0) { - energy_full = charge_full * voltage_min_design - } - - if (charge_now == 0 || charge_full == 0) { - die("unknown charge") - } - - charge_ratio = charge_now / charge_full - - out = out name - out = out sprintf(" %s", print_bar(10, charge_ratio)) - out = out sprintf(" %d%", charge_ratio * 100) - out = out sprintf(" %.2f%s", charge_now, charge_unit) - if (current_now != 0) { - out = out sprintf("/%.1f%s", current_now, current_unit) - } - out = out sprintf(" %d%s", energy_full, energy_unit) - if (power_now != 0) { - out = out sprintf("/%.1f%s", power_now, power_unit) - } - if (current_now != 0) { - out = out sprintf(" %s", print_hm(charge_now / current_now)) - } - - print out - } - ' - ''; - in '' - for uevent in /sys/class/power_supply/*/uevent; do - ${power_supply} "$uevent" || : - done - ''; - q-virtualization = /* sh */ '' echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)" ''; @@ -302,7 +177,7 @@ pkgs.writeBashBin "q" '' ${q-sgtdate} (${q-gitdir}) & (${q-intel_backlight}) & - (${q-power_supply}) & + ${pkgs.q-power_supply}/bin/q-power_supply & (${q-virtualization}) & (${q-wireless}) & (${q-online}) & |