summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--krebs/3modules/fetchWallpaper.nix7
-rw-r--r--krebs/3modules/iptables.nix3
-rw-r--r--krebs/3modules/lass/default.nix51
-rw-r--r--krebs/3modules/lass/default.pgp52
-rw-r--r--krebs/3modules/lass/pgp/mors.pgp51
-rw-r--r--krebs/3modules/lass/pgp/shodan.pgp30
-rw-r--r--krebs/3modules/lass/ssh/helios.rsa1
-rw-r--r--krebs/3modules/lass/ssh/mors.rsa1
-rw-r--r--krebs/3modules/lass/ssh/shodan.rsa1
-rw-r--r--krebs/3modules/lass/ssh/uriel.rsa1
-rw-r--r--krebs/3modules/makefu/default.nix44
-rw-r--r--krebs/3modules/nginx.nix2
-rw-r--r--krebs/3modules/per-user.nix5
-rw-r--r--krebs/3modules/retiolum.nix4
-rw-r--r--krebs/5pkgs/default.nix13
-rw-r--r--krebs/5pkgs/fortclientsslvpn/default.nix4
-rw-r--r--krebs/5pkgs/repo-sync/default.nix4
-rw-r--r--lass/1systems/cloudkrebs.nix6
-rw-r--r--lass/1systems/dishfire.nix27
-rw-r--r--lass/1systems/echelon.nix3
-rw-r--r--lass/1systems/helios.nix13
-rw-r--r--lass/1systems/mors.nix165
-rw-r--r--lass/1systems/prism.nix81
-rw-r--r--lass/1systems/shodan.nix76
-rw-r--r--lass/1systems/uriel.nix6
-rw-r--r--lass/2configs/backups.nix135
-rw-r--r--lass/2configs/baseX.nix7
-rw-r--r--lass/2configs/browsers.nix24
-rw-r--r--lass/2configs/buildbot-standalone.nix55
-rw-r--r--lass/2configs/default.nix (renamed from lass/2configs/base.nix)34
-rw-r--r--lass/2configs/downloading.nix3
-rw-r--r--lass/2configs/exim-retiolum.nix10
-rw-r--r--lass/2configs/exim-smarthost.nix51
-rw-r--r--lass/2configs/fastpoke-pages.nix101
-rw-r--r--lass/2configs/fetchWallpaper.nix2
-rw-r--r--lass/2configs/games.nix2
-rw-r--r--lass/2configs/git.nix9
-rw-r--r--lass/2configs/krebs-pass.nix21
-rw-r--r--lass/2configs/mail.nix110
-rw-r--r--lass/2configs/mpv.nix49
-rw-r--r--lass/2configs/newsbot-js.nix1
-rw-r--r--lass/2configs/pass.nix3
-rw-r--r--lass/2configs/programs.nix1
-rw-r--r--lass/2configs/radio.nix195
-rw-r--r--lass/2configs/vim.nix5
-rw-r--r--lass/2configs/websites/domsen.nix90
-rw-r--r--lass/2configs/websites/fritz.nix75
-rw-r--r--lass/2configs/websites/sqlBackup.nix28
-rw-r--r--lass/2configs/websites/util.nix229
-rw-r--r--lass/2configs/websites/wohnprojekt-rhh.de.nix19
-rw-r--r--lass/2configs/weechat.nix1
-rw-r--r--lass/2configs/xserver/default.nix21
-rw-r--r--lass/3modules/default.nix6
-rw-r--r--lass/3modules/ejabberd/config.nix93
-rw-r--r--lass/3modules/ejabberd/default.nix57
-rw-r--r--lass/3modules/mysql-backup.nix86
-rw-r--r--lass/3modules/per-user.nix53
-rw-r--r--lass/4lib/default.nix2
-rw-r--r--lass/5pkgs/acronym/default.nix11
-rw-r--r--lass/5pkgs/default.nix3
-rw-r--r--lass/5pkgs/mk_sql_pair/default.nix19
-rw-r--r--lass/5pkgs/untilport/default.nix18
-rw-r--r--lass/5pkgs/urban/default.nix21
-rw-r--r--lass/5pkgs/xmonad-lass/Main.hs149
-rw-r--r--lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs52
-rw-r--r--makefu/1systems/gum.nix4
-rw-r--r--makefu/1systems/pornocauster.nix30
-rw-r--r--makefu/1systems/vbob.nix26
-rw-r--r--makefu/2configs/base-gui.nix10
-rw-r--r--makefu/2configs/default.nix8
-rw-r--r--makefu/2configs/exim-retiolum.nix3
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix3
-rw-r--r--makefu/2configs/hw/tp-x220.nix8
-rw-r--r--makefu/2configs/omo-share.nix26
-rw-r--r--makefu/2configs/steam.nix6
-rw-r--r--makefu/2configs/temp-share-samba.nix28
-rw-r--r--makefu/3modules/awesome-extra.nix40
-rw-r--r--makefu/3modules/default.nix2
-rw-r--r--makefu/3modules/taskserver.nix60
-rw-r--r--makefu/5pkgs/awesomecfg/full.cfg10
-rw-r--r--makefu/5pkgs/default.nix5
-rw-r--r--makefu/5pkgs/devpi/default.nix70
-rw-r--r--makefu/5pkgs/skytraq-logger/default.nix31
-rw-r--r--makefu/5pkgs/taskserver/default.nix43
84 files changed, 2213 insertions, 702 deletions
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index 53fe0839d..0adcec3d8 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -40,11 +40,12 @@ let
};
};
- fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" ''
- #! ${pkgs.bash}/bin/bash
+ fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
+ set -euf
mkdir -p ${shell.escape cfg.stateDir}
- curl -s -o ${shell.escape cfg.stateDir}/wallpaper -z ${shell.escape cfg.stateDir}/wallpaper ${shell.escape cfg.url}
+ cd ${shell.escape cfg.stateDir}
+ curl -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
'';
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index 9596229de..bb06a9388 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -20,6 +20,7 @@ let
flatten
length
hasAttr
+ hasPrefix
mkEnableOption
mkOption
mkIf
@@ -123,7 +124,7 @@ let
buildRule = tn: cn: rule:
#target validation test:
- assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}")));
+ assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target || hasPrefix "DNAT" rule.target;
#predicate validation test:
#maybe use iptables-test
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index b4686894e..65da85ac4 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -12,6 +12,7 @@ with config.krebs.lib;
aliases = [
"dishfire.internet"
];
+ ssh.port = 45621;
};
retiolum = {
via = internet;
@@ -40,10 +41,11 @@ with config.krebs.lib;
cores = 2;
nets = rec {
internet = {
- ip4.addr = "162.252.241.33";
+ ip4.addr = "104.233.79.118";
aliases = [
"echelon.internet"
];
+ ssh.port = 45621;
};
retiolum = {
via = internet;
@@ -79,6 +81,7 @@ with config.krebs.lib;
aliases = [
"prism.internet"
];
+ ssh.port = 45621;
};
retiolum = {
via = internet;
@@ -143,6 +146,7 @@ with config.krebs.lib;
aliases = [
"cloudkrebs.internet"
];
+ ssh.port = 45621;
};
retiolum = {
via = internet;
@@ -174,6 +178,7 @@ with config.krebs.lib;
gg23 = {
ip4.addr = "10.23.1.12";
aliases = ["uriel.gg23"];
+ ssh.port = 45621;
};
retiolum = {
ip4.addr = "10.243.81.176";
@@ -205,6 +210,7 @@ with config.krebs.lib;
gg23 = {
ip4.addr = "10.23.1.11";
aliases = ["mors.gg23"];
+ ssh.port = 45621;
};
retiolum = {
ip4.addr = "10.243.0.2";
@@ -257,21 +263,56 @@ with config.krebs.lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7";
};
+ shodan = {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.4";
+ ip6.addr = "42:0:0:0:0:0:0:50d4";
+ aliases = [
+ "shodan.retiolum"
+ "shodan.r"
+ "cgit.shodan.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT
+ YYZgM2lBkYcDN3/LdGaFFKrQQSGiF90oXA2wFqPuIfycx+1+TENGCzF8pExwbTd7
+ ROSVnISbghXYDgr3TqkjpPmnM+piFKymMDBGhxWuy1bw1AUfvRzhQwPAvtjB4VvF
+ 7AVN/Z9dAZ/LLmYfYq7fL8V7PzQNvR+f5DP6+Eubx0xCuyuo63bWuGgp3pqKupx4
+ xsixtMQPuqMBvOUo0SBCCPa9a+6I8dSwqAmKWM5BhmNlNCRDi37mH/m96av7SIiZ
+ V29hwypVnmLoJEFiDzPMCdiH9wJNpHuHuQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
+ };
};
users = {
lass = {
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
mail = "lass@mors.retiolum";
- pgp.pubkeys.default = builtins.readFile ./default.pgp;
+ pubkey = builtins.readFile ./ssh/mors.rsa;
+ pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp;
};
lass-uriel = {
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
mail = "lass@uriel.retiolum";
+ pubkey = builtins.readFile ./ssh/uriel.rsa;
};
lass-helios = {
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios";
mail = "lass@helios.retiolum";
+ pubkey = builtins.readFile ./ssh/helios.rsa;
+ };
+ lass-shodan = {
+ mail = "lass@shodan.retiolum";
+ pubkey = builtins.readFile ./ssh/shodan.rsa;
+ pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp;
+ };
+ fritz = {
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};
};
}
diff --git a/krebs/3modules/lass/default.pgp b/krebs/3modules/lass/default.pgp
deleted file mode 100644
index 38e2fa8df..000000000
--- a/krebs/3modules/lass/default.pgp
+++ /dev/null
@@ -1,52 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2
-
-mQINBFSZ3/oBEADYvRPoLdDkASIArXyWR5ccugJQURxMDgphAGrvj6qskSkn0chF
-gnc/kcQr4aVTaDFdonSyHjYvspDOZm5BgHAICCu1PL8rkMTGS+vHM5dlwnok6IKy
-e2aLjLPq5sHyp4+Zeq1eHe5TQ1cgN0cPdMMnEHd8GQke21pRQ5Vz79s8qRfWlt1Y
-+OQ5uY/52iZ9qJ11/N4bPPe/Zm63sRTpGw14i8UCgBAsMQOG1XPUX2/IJc1CC9+1
-Ohn/hPCbIdCbwOs7/HFFMRWmV6w4ul9gr7Js0owkWAS8FNOactS2i2SSwdONetKs
-UbCVQ1PubPBZvh2Vij/oUBK5BvfNDR6nRYhOjYbt6PW/Q6bjqGecjnlO98dpcqag
-+8bdl1JY9FpE4RzfuRgAFjVbtNztrmm9t6EuOHGZ5ec34TG9+i02ixh0YTEDK/Yt
-my2MfIbGUbeIYRKJscqgxKkL6nv4x0lOvs8nDiUmqztGdSdTGni+BAWZz3+1xaJH
-DTyQ36qYauBb5FWneRTBeagrDOAvvk/WxS+fMFZpnQovevOQBqxEL62fntikmMFn
-ddPgq7R1VPdivvr+BO8yMI8i45Vn9EzIJR02WAp7oAsT966yzopVT4JLT8++CVPh
-/VBrFID9yRyWjW5IJPsMsOt7z3UJaP08ua0UG4uVqo6dT6IdR8jKKxYdvwARAQAB
-tCBsYXNzdWx1cyA8bGFzc3VsdXNAYWlkc2JhbGxzLmRlPokCPQQTAQoAJwUCVJnf
-+gIbAwUJBaOagAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAyqvthRFEnnviI
-D/95QdNgttsly9CUeHKGfNGlJ2NgDepqob/VR2385q7cXCbFftRIsD0vaWYfsQ87
-kbKs3fpeHz8teKqZtMnXYkPIaSK0TcoaqQtyfkmj+agP2YRSkNYonlmmCiCWkodP
-2VnnmRUSwHcgxS14xsUHh13JXsU5nTHDAdJqOxUX6l6Lxb989h7Q8wTn5SX1XRVd
-0U5P7fNXKvVF34J6uGyWraxQLOqJEEzi82F/61hbI6zVPhxu/R+qmiSqgHIlp0ax
-u+8u3eyDVP1q95AMPaL1GsNYDcSl5njbkEbruSmjVcO99cD1ZLAODFJuaa+h/IvQ
-HoPnFL3hRo0SHt/RimokboJL7nx5jT/0y+FtGuPMVKUqiLApOfoeWeHWVKgMLV/0
-1+O4jEDRMNSIClI2YHdgyuQPBuHkaYXrrpDpJnYDEz2qAiijx+xIAPzifxebuVFV
-NQl/XnXlzTmYrt0GHfCrNZa/ZtsqQqnJSRpydjey+ATGgs+3Oqa6z8lHhYx83ST2
-cGsUmSnzk0TnxXmqwWxb3aGA0kO50atrObWwNXud7n3hu4V0FWwfHXUk8gJxtMN6
-IenjLcI0WyLwSKvTazF6GSgtUhwNgON88eiqLS8CWdop4CEyEUfxFoZeQoS72Yzq
-4pSOYPnbRDcBn2zkYaWyCTmf9qvWbZOu0Sl2lfy9n5LiKrkCDQRUmd/6ARAAq+Mt
-/9LohA9Qnz/GjE504h38G3USXgEV9/ctr2PXkc2onW67u45trLSYLyCK6kDq3VIN
-/3uLt8Pr+IL41NntW1exRtqohVeKI38CCqR5RP9tVxLkyxnpA/SPpSvOjWhyBkph
-MRXYta1+nBHwxSaPcc2e+15pk/cYgg0cTY7Nvgo+wL4bgI+b2OHwwIwRov/t4aim
-0y63OaCG82NqWrX7i2ONaR8RsZ8RHLnC+TyFaoj0mdp+vp4WFwxbqcIq+Vvn1m5j
-gPlkzXK4Yrykp2IULGuj+qZyS043FzZYhbxZoE85zIMtQ5gV/ktaP25+YsU1bwb9
-75FQvdMM827bbOJJ67/l96asQNg1TMzosL8/t9xLPDry4YYu8kRIPZgKWvT0Eg1Q
-AWzWJCXplTdPlhj660OCGuuyv/XJIbhqtBVZhIyR7gs6EZHZ6FHax7F41fEWGgSv
-WVAMrjrnG4XYAyCP1yiW1i7/ogCzKXYvV42tzBFuPcza6jhBnU17w5E7nwYaEWgA
-02Ai7aTK9WDAi8j8emQ8XppU9hqEILSvR5tG4R0YOAUbIUplIpnpf8KcEhNy48ei
-MuhiTJBjPyu7bRJoZXvipNPjqhESGlvrcr1QKuEqPLRcfLo3DOt3zgxBqOZZGHKL
-ckaud05wevMPK09F7taLgwBCHOmAxiMa5NQVjL8AEQEAAYkCJQQYAQoADwUCVJnf
-+gIbDAUJBaOagAAKCRAyqvthRFEnngGYD/wP77ax6yczKT/AHEvqyMMRPigLHIHy
-XIWt8uNKwbn1RTXuH9Nj1rtVuj7ck4jscNwmDYeT52ZDxHQjLHWgAG0CBq6afdBi
-VwLur6M7jv0EwY/SMed+QD1+a59kiO8+difwLDF+Q50lYQ4fmSGsfdQ4Qxesm92r
-Y1Q/xFg1K9MNZbItpzYTE4P+ii4kU5BnWwExX2OEhhlrNUjJhA30HvvUID6bsguq
-Jl7mWnGpS5YYqPxiABNI++TzYXQvP95nWGROvdx2vSPuJ756S8VJ81LL7BmQyQzq
-8S/ciHjmgtgLRyncqqXl1uJBqtK+50vEFHxJrANdDNzD+K4S7+23DpRsmEl/2ECQ
-laGsU6HtYbnr+hc1alE4uNMEN1/a75EFI59BISnUm8jIy1nLhcIXMhFh4JuG7kGk
-2ePa4Gv2DafMR8N0WYPIhP3LIIDP0s9gv2QSA+5BmI9OhZDkz9Ubuut1+PMfWCXm
-aNmF2Bh8puTffsFxGJSiQ4CXDzuNRqMR5wB0OCnB/WAnuZhRAJhXmgR8FJY+EvTN
-PcA1QZIZ0hQGVf8eJ5Gx4W1w2Q6mQCGnCy1XtEkZP0BOP0Or5CMtqP/VSuwaF4wh
-4FLYTOLZ7oDr2ErK/bhnpuoPoUU0y3n7AG/nhtmqenlMPLWB246XnEoJMb6Ar8vW
-It6jrzDh3+COSQ==
-=0gFT
------END PGP PUBLIC KEY BLOCK-----
diff --git a/krebs/3modules/lass/pgp/mors.pgp b/krebs/3modules/lass/pgp/mors.pgp
new file mode 100644
index 000000000..6d985f0e2
--- /dev/null
+++ b/krebs/3modules/lass/pgp/mors.pgp
@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBFcWQhEBEADwt+hHRZxZx05USejn4x5LVWqqg5I2nIzjwI8pVyBra2AmXaMA
+SAImFk1W6oM35rwYmez6TG8QC7RPRUrMHX2aAdDwJ/VtU/b87q0ICwlMxYUnikg1
+tsHV4kRB7ukm+Rs0ECMqZzjwdlbiEEfQ6VPUrIBzDHeD0idkC82DonZ6xe083klH
+LpO36ckBOtyaoZZspzRu5yB76vsbeviVqsQ9WTQ8GoQk1i6FUbTbtOlvjhtx05Rk
+ic66RrfFSM/ElLe5yA96kZd7m/Sn9WIRwRj3clxnT1vAVpMlpISsTutEQtuG3MDX
+tT3EPVSSZEEcY1xxlJF+u1JZu4QqqtH+nczjshv+z3HZdmGd7OGqmgI8D3Ly/Ufi
+Uyz+ewZbhbgy/XSHqwriUbnMuE9OKxx0LqlQLA59+/icT+upW4TexiHKd6PYeSeJ
+kCxUEAmzqxsnilmwbehQrmmhI7uzxT8YxNGjF5mRJ1zOY55praTMKlp3MOxKvVPn
+EZSyWm/22CuUZZEX0XR6TBgkL71VoGrlaezADzhHu9i5yBwbNCuiE2CYcS5IuDf+
+GkoKGtWeLbXTXccWOaIItSzlVUcJx3D009kTXeLEo2T1RPpz41LMvqWkUlZg4CA1
+zMAcudsXDtXGJEvS3dZAaiUUdASktzNL/ltuW/CXITJ0V7UjmA0pOyLDOQARAQAB
+tBlsYXNzdWx1cyA8bGFzc0BsYXNzdWwudXM+iQI3BBMBCAAhBQJXFkIRAhsDBQsJ
+CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEInoKVKXan5NFVsP/RfU4dychz5eadnN
+/iCybL2eXCkpNbSJaPVqKKmBqY4oDEqK0NekwgOiWXFuFI6BpNyTW5z1a2PaBgF2
+bG5K/k/aGnzUUqH+LhtMCYr90UjJPtsrgi+C5poL4e2EsPN1SASSOSYFtYY1EQCe
+NcYut2foM/PjviJKuS9t/kJxmZn8Vi3+qQKSwys219IQuXqos44aihjnwEL+TR6D
+MgcDCW2QSCqB5kfksjustSihDck8ZkT+nISTrSdZVPzROcyBeswN/UqjOUBZd1p1
+sO7SqDaBnzovRD3G4kyscepPWChnOFCIq9tuE2Mai2QliQ4q1Bn0+8uhLPLG+nQI
+leL/6pFXY9ecjmpqrSAXEysDUgfpiqJzDtv8WC3fY7wl88/ROiHrgF8x5P4PmUMl
+oTfe+BGQar6BNV3rStPsW6Ogm6Mu6WNVXCRIJboM+ev3JdVSGF/ehnmb06EGCIrI
+ahWbMViDSAjOvM92By/RJkP8ADCN2ezvdf86Ubyib5EyRoleu0WHvtO1mLQn0pIP
+cYCGXrnQlkduC7ENS942hLUq976LPH1ZatM26gaN1MKxN03v+6e9E6jtxUH3wWk1
+oDGddTl+zu4fqUxEAA391sPMhp+DTVxXmPKvpnJivKAsL2Hkg0vKQt6VQNEv2Lgm
+G8vdqOcapWLBcddR9d0DpFgkZNQCuQINBFcWQhEBEADgv6HfZQyxuiFpHQbt59s4
+7mA4AmzgjA1GiS73xo16qjwLieKPJWlrgPk4OOwqQpdygZ9LAhH+FIqcGo4wCNKL
+1qiMQeQcFOACvLOfxpv8F1TkOc9IbQUoMPxXEYRK/c0ZtaWpe8dy4QL3tDwS/ovk
+sCZBpvXdpJXDuccfTQ23UPozWKs21JAIKqbO7p5n86VGr0Co07xmBsxOK6ylK8YM
+ftBjugfbxfmFApW2lAsjeDe7J5RY6W5NaeMg/IxTy6wkfoz1UjwtQaRvp1XbWqPz
+Ib+mx8AeRQQXzuVKxS20ZVgazSZHg1PYu9PoKTIWK0NLd68CydcQ4q6F3PjNytFH
+tDM13q5kWmTU0yFy2OWvy4JAq2z02C+Z+/+nffp0ZfsdEeVNm5ZvlDLmOYMWFzDj
+OScYgBYIAvAs3pYV+xl6pxvdTyI3JXed7Q889e36TC3mwUIR4sL+oOfctA7Swzkr
+aU8uMCwIE6ppGsxIcXQt15sUjgM5THXzAQXVkbM8i1x9F0JjP7bFMWcIP1pmqcaO
+6znM2D/wocY+RO3xYj0GLFgRBW2O/pJUWrWHInpO3mrwZeRMGZix5nZH8U6cvfD5
+9SwIVdyKj6sZklcS2JJclBDrAudYUbckAuV7KI1ZWcU4kVS3joYdWcFQO3vOxJW5
+mGXML9roJXeXN664iNBgpQARAQABiQIfBBgBCAAJBQJXFkIRAhsMAAoJEInoKVKX
+an5NGhcP/jkeR/fYPYuYEUWLGBxq2hFhwMssiJ+pwx5Nj+Kh9rLm90LBLCcwBVu0
+ILbaePkPCmin8p9F+AOy11DsWb5lBrlyUqU6+ID9nY/WbNL5ZYl6zIBmuYQ5qFEA
+n5NQD6hLllC6wyOqIeKXrnkvFJMW8+W0aYRQh7hhpAzyJz9gawXWvWY45NhWl3Tm
+S3LfJbA5nM6uZvO0VU7LERgfwTgPSjMwYVQGtktndy9N4Avi1N02l5BEmuZoXwTC
+oQuW6LiAPGE2ztXztyNGnUYUAGMWl22UTezqfU/aOG9Qum+QebwTgBUH4pTgLiV/
+pWxXib517wGkect/0Yd+zcya8lA7x1EzFFMb3i4ToawIz76I2ncIlpC2q31x2nVI
+6fBW4kfu8AR7XW9Yyv+plIuva1AeTf+sMc7FSb5CpOmjjLpUfQ96vZvQwarcEip7
+UmOBoAoFdhtwJotskBOje52AUgDIBWZrIfH1bq7/NjAO73UdR1mJkOpY01qQXkED
+TiLeIBGYqseCbnJNi1PVOVNEOT4Up3/RSjpAu8dBrXKqx7yS8bKlVk3RsIDlgyb4
+rWMc88uBl57YsjSnQN36LN7j0hPpb0TAD1OsPI1pepsKUAPZKA2EAyLXKyQ3oLqN
+DWU4ZWpIi8+RKm3UpWgQ9qN4tuRHvVX/AQjEW1LkhfmR2VIqnrkv
+=fgFG
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/krebs/3modules/lass/pgp/shodan.pgp b/krebs/3modules/lass/pgp/shodan.pgp
new file mode 100644
index 000000000..543b05b71
--- /dev/null
+++ b/krebs/3modules/lass/pgp/shodan.pgp
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQENBFc/U8EBCADaPobNwlm8oI3cVtDhsdHpW7gyNTloqM1JdUPoJ30kS8xIbKfF
+U+UWEj+/G0hXg3jGpqsYKzCegLcZuvKrLuyWas3nFync/KeWjPpmQWh8h/AQ63gi
+6FjikRS9iDHEnUBqXXymG6JOo9NrGX7viWcPx+rQzvXOFxVYt1JJY+Ki30tSL+0l
+igJBJ+x2qndnlPZE9uyKjYC9+9NlZ04h5WOponTtgIddBlBPhIOAW+f5mBVeWuaK
+8wPBY2z98ZIclwdTohCpBRjs/EAEhN+2djSjyJti2TARceMKV2ZLRoUh6bNqj3xV
+Y4IkDe47dS8rRmH/xj+9odJjtlbFHDmtElcfABEBAAG0HWxhc3NAc2hvZGFuLnIg
+PGxhc3NAc2hvZGFuLnI+iQE3BBMBCAAhBQJXP1PBAhsDBQsJCAcCBhUICQoLAgQW
+AgMBAh4BAheAAAoJECOf1I8qjNLnWCsH/Rr70NVjCpqou5JRJqc9NMYJflH8qUSR
+xxYsVXaLjf1sa5X0qbq1u5EaYQGsdP7qKuLggoom7CGBhG3WZnfhuLi9y2IXAFo8
+RprBmrTmXgpXqm8IrcWMDJUEwhjUn+x1iCnGUfmbUpIdBIj8HsCfDUmg+WT0GflT
+9tfYR0v1vRzK6WWYEobP9abhZdjOHIS8cXDgFVREllKjjOcLzsB23I9g1nlvX3+W
+J7iliC4s1OGvcpw0MHl/1KRpSBXK3we0WTNZLIJXr8W+BvURYxhVfbvgjHuv6K0h
+J0a/me8nkh05pdRLLGL+C8eFjAXALnTIxgiVNGjtXBAR+/HN2//iG665AQ0EVz9T
+wQEIAMsxDQ3Y5SL2gI1EjEuCc6RyTSBmsna9g/wKjzUbcB9zpEN9i85NDRvvfGn6
+ihxI9Z1rvn8zr8MKu9OcZB2XEQDriHUcS4IxnZzdbUIKOtR+1BjZvMKupbw+KHag
+WoeUh+tfb50bEMy/Z6Mp5mLOyXMyyiGS3CHJ6sHUXTub6kuHQnAOqiMsqnegZMcS
+sF+NpSNoSngC060jgh7fl4T8M3Vuv9NKGu9+0J48QR+LFsKe/7LwRQ9HFSH4sPeD
+vQI1BEo4piXthwd6mUHCbish38H77PGO0kKHaJ0HkBu+3tKXP1JJdm9SiN+ypUIB
+FyfLpaWf6pcc/0QX6qE4gL00MI0AEQEAAYkBHwQYAQgACQUCVz9TwQIbDAAKCRAj
+n9SPKozS5w85B/4o2Zf7oLqjNmOu+YE0fNJmbGCETNotNnE/GToiejNAM9B/rYJe
+qjM9/kq0GJKVfKKrBGA0YQy9O847TVW26gPeiEgS7DO1Dl9YiLJJVzUGlOPijTIJ
+A3LmMCLU/M3+a/33HGjm7gYk+aRwqOwHeC+f1pder8InoC3ebWupfcQsWkwTVqZk
+lrLzoywjqQcdjAYFJp1c0ZxXyrgOS4dIGMU+o+DDCyK/ry9UGd3ZacMqDsyWO51A
+iXDMtvVsuxbIP5o3muF9kEX7hx4EF7+MzRI3FjYwlHLNw+v3OVhfOxuPSt71VOiC
+G2aT2z4sz8+qbOIIG3JX99osG6v683lvDUCW
+=s4OM
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/krebs/3modules/lass/ssh/helios.rsa b/krebs/3modules/lass/ssh/helios.rsa
new file mode 100644
index 000000000..c2a54b621
--- /dev/null
+++ b/krebs/3modules/lass/ssh/helios.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios
diff --git a/krebs/3modules/lass/ssh/mors.rsa b/krebs/3modules/lass/ssh/mors.rsa
new file mode 100644
index 000000000..172fd2dda
--- /dev/null
+++ b/krebs/3modules/lass/ssh/mors.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors
diff --git a/krebs/3modules/lass/ssh/shodan.rsa b/krebs/3modules/lass/ssh/shodan.rsa
new file mode 100644
index 000000000..3ee08ad41
--- /dev/null
+++ b/krebs/3modules/lass/ssh/shodan.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDV+EscrUKgsu6iO94lJQ45o0t9QV88H7RrbLCsysgesQqiCbq0XNJKSrKI4T/o5dBNfoHMi4FSuPsF3YzffvMOWmdluHRBIhDJSDiFaraHr1zu7fHDO8gsUf/a3H3LPHtRRoXQFNsIK5NRLR35WpKt+zG6GK/WLBzb2N4MR3Ym5Qo2OepW3pgMWjjbmiUbGGiao9OWgx5tjjT8PLHIWdoEmJsaE5UnOWebqY+xfkWXMLdzMBPyEdCVwUO7X3Ip0Zk/BJFSqtIHBqQtp+njgeRwfkL2xabge3VGALAnQg5iYXzT8kfzIu/wfaoSdGkdPWxMo80KDiJJlpLj1oC3ABmDj01Hgu9p+g5Em0SFevcenspTii3IvYqdq+eg5+pPny4ki9748t6FlWRsrjrmjdQVVMWbhx42+lsyxIYsdXhwWMqNwTNzvY7Fxy3/8XE14pYWCV5eEll2/hSNfI6AcOoJ0vfHvOXsY6GVMYklXDIFzmiJOpyox+DnTahyUqQ6IcLH73vp9boVK31kf8EC7VDp8ms2ZiXz9nfPYltiUOtKKG0gqg9Jgs7xthpX82WYEp2+PXzPCHWs4WXs3OsUzQ8ykXXD2A7JMVBBv0FaMD4aBsOe7hU20/sO+/J/uuPe5xnpI//uFK4KkYCmDHZcZ3Qzh9CQTISwFvOBbYtRWbDo5w== lass@shodan
diff --git a/krebs/3modules/lass/ssh/uriel.rsa b/krebs/3modules/lass/ssh/uriel.rsa
new file mode 100644
index 000000000..015b57837
--- /dev/null
+++ b/krebs/3modules/lass/ssh/uriel.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 814e6929b..7d4bef9ad 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -270,8 +270,8 @@ with config.krebs.lib;
'';
};
};
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch";
+ #ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch";
};
wbob = rec {
cores = 1;
@@ -409,6 +409,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
ip6.addr = "42:9898:a8be:ce56:0ee3:b99c:42c5:109e";
aliases = [
"heidi.r"
+ "heidi.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -424,6 +425,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
+
soundflower = rec {
cores = 1;
nets = {
@@ -479,12 +481,12 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+
- 4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA
- 9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI
- 2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9
- 0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb
- FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB
+ MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d
+ fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs
+ e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1
+ KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99
+ oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf
+ wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
@@ -594,7 +596,28 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
};
-
+ } // { # hosts only maintained in stockholm, not owned by me
+ tpsw = {
+ cores = 2;
+ owner = config.krebs.users.ciko; # main laptop
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.183.236";
+ ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c";
+ aliases = [ "tpsw.r" "tpsw.retiolum" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
+ Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
+ WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
+ OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
+ 0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
+ pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
};
users = rec {
makefu = {
@@ -615,6 +638,9 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob";
};
+ ciko = {
+ mail = "wieczorek.stefan@googlemail.com";
+ };
exco = {
mail = "dickbutt@excogitation.de";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de";
diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix
index 6af93a570..fc7fcca6f 100644
--- a/krebs/3modules/nginx.nix
+++ b/krebs/3modules/nginx.nix
@@ -119,7 +119,7 @@ let
to-server = { server-names, listen, locations, extraConfig, ssl, ... }: ''
server {
- server_name ${toString server-names};
+ server_name ${toString (unique server-names)};
${concatMapStringsSep "\n" (x: indent "listen ${x};") listen}
${optionalString ssl.enable (indent ''
listen 443 ssl;
diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix
index 13da5c4c3..93a7d2293 100644
--- a/krebs/3modules/per-user.nix
+++ b/krebs/3modules/per-user.nix
@@ -26,7 +26,10 @@ let
environment = {
etc = flip mapAttrs' cfg (name: { packages, ... }: {
name = "per-user/${name}";
- value.source = pkgs.symlinkJoin "per-user.${name}" packages;
+ value.source = pkgs.symlinkJoin {
+ name = "per-user.${name}";
+ paths = packages;
+ };
});
profiles = ["/etc/per-user/$LOGNAME"];
};
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix
index 5aaeb5a30..5a035fa50 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@@ -102,6 +102,10 @@ let
The list of hosts in the network which the client will try to connect
to. These hosts should have an 'Address' configured which points to a
routeable IPv4 or IPv6 address.
+
+ In stockholm this can be done by configuring:
+ krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.addrs4 =
+ [ "${external-ip} ${external-port}" ]
'';
};
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index bcc894b2c..53fc4de44 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -36,6 +36,19 @@ with config.krebs.lib;
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
+ #buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> {
+ # inherit (pkgs.pythonPackages) twisted jinja2;
+ # dateutil = pkgs.pythonPackages.dateutil_1_5;
+ # sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override {
+ # doCheck = false;
+ # });
+ #};
+
+ # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
+ symlinkJoin = { name, paths, ... }@args: let
+ x = pkgs.symlinkJoin args;
+ in if typeOf x != "lambda" then x else pkgs.symlinkJoin name paths;
+
test = {
infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};
};
diff --git a/krebs/5pkgs/fortclientsslvpn/default.nix b/krebs/5pkgs/fortclientsslvpn/default.nix
index 602766f46..11d567408 100644
--- a/krebs/5pkgs/fortclientsslvpn/default.nix
+++ b/krebs/5pkgs/fortclientsslvpn/default.nix
@@ -5,6 +5,10 @@ stdenv.mkDerivation rec {
# forticlient will be copied into /tmp before execution. this is necessary as
# the software demands $base to be writeable
+ # mkdir /etc/ppp ; touch /etc/ppp/options
+ ## i still have not found which tool uses tail ... i tried redirecting it in forticlientsslvpn and subproc
+ # ln -s /run/current-system/sw/bin/tail /usr/bin/tail
+
src = fetchurl {
# archive.org mirror:
# https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz
diff --git a/krebs/5pkgs/repo-sync/default.nix b/krebs/5pkgs/repo-sync/default.nix
index 789c03f36..7cba87b09 100644
--- a/krebs/5pkgs/repo-sync/default.nix
+++ b/krebs/5pkgs/repo-sync/default.nix
@@ -2,7 +2,7 @@
with python3Packages; buildPythonPackage rec {
name = "repo-sync-${version}";
- version = "0.2.5";
+ version = "0.2.6";
disabled = isPy26 || isPy27;
propagatedBuildInputs = [
docopt
@@ -11,7 +11,7 @@ with python3Packages; buildPythonPackage rec {
];
src = fetchurl {
url = "https://pypi.python.org/packages/source/r/repo-sync/repo-sync-${version}.tar.gz";
- sha256 = "1a59bj0vc5ajq8indkvkdk022yzvvv5mjb57hk3xf1j3wpr85p84";
+ sha256 = "1hqa9qw9qg7mxgniqzys9szycs05llg4yik8a9wz94a437zzarsk";
};
meta = {
homepage = http://github.com/makefu/repo-sync;
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index 6cfba567a..a3cc9d7b3 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -8,11 +8,13 @@ in {
imports = [
../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
+ ../2configs/default.nix
+ ../2configs/exim-retiolum.nix
../2configs/retiolum.nix
- ../2configs/fastpoke-pages.nix
../2configs/git.nix
../2configs/realwallpaper.nix
+ ../2configs/realwallpaper-server.nix
+ ../2configs/privoxy-retiolum.nix
{
networking.interfaces.enp2s1.ip4 = [
{
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index c7d016cd3..b5e551952 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -4,9 +4,9 @@
imports = [
../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- ../2configs/base.nix
+ ../2configs/default.nix
+ ../2configs/exim-retiolum.nix
../2configs/git.nix
- ../2configs/websites/fritz.nix
{
boot.loader.grub = {
device = "/dev/vda";
@@ -26,10 +26,19 @@
fsType = "ext4";
};
+ fileSystems."/srv/http" = {
+ device = "/dev/pool/srv_http";
+ fsType = "ext4";
+ };
+
fileSystems."/boot" = {
device = "/dev/vda1";
fsType = "ext4";
};
+ fileSystems."/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
}
{
networking.dhcpcd.allowInterfaces = [
@@ -40,6 +49,20 @@
{
sound.enable = false;
}
+ {
+ environment.systemPackages = with pkgs; [
+ mk_sql_pair
+ ];
+ }
+ {
+ imports = [
+ ../2configs/websites/fritz.nix
+ ];
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.dishfire;
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index 80611ee80..97734a7bd 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -8,7 +8,8 @@ in {
imports = [
../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
+ ../2configs/default.nix
+ ../2configs/exim-retiolum.nix
../2configs/retiolum.nix
../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index cc98c2c5b..10b00de47 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -5,10 +5,13 @@ with builtins;
imports = [
../.
../2configs/baseX.nix
+ ../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/programs.nix
../2configs/git.nix
../2configs/pass.nix
+ ../2configs/fetchWallpaper.nix
+ ../2configs/backups.nix
#{
# users.extraUsers = {
# root = {
@@ -52,6 +55,16 @@ with builtins;
"/boot" = {
device = "/dev/sda1";
};
+
+ "/home" = {
+ device = "/dev/pool/home";
+ fsType = "ext4";
+ };
+
+ "/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
};
#services.udev.extraRules = ''
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 1f7a13c56..a7a1fd253 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -4,6 +4,7 @@
imports = [
../.
../2configs/baseX.nix
+ ../2configs/exim-retiolum.nix
../2configs/programs.nix
../2configs/bitcoin.nix
../2configs/browsers.nix
@@ -13,7 +14,7 @@
../2configs/elster.nix
../2configs/steam.nix
../2configs/wine.nix
- ../2configs/texlive.nix
+ #../2configs/texlive.nix
../2configs/binary-caches.nix
#../2configs/ircd.nix
../2configs/chromium-patched.nix
@@ -26,6 +27,8 @@
../2configs/libvirt.nix
../2configs/fetchWallpaper.nix
../2configs/cbase.nix
+ ../2configs/mail.nix
+ ../2configs/krebs-pass.nix
#../2configs/buildbot-standalone.nix
{
#risk of rain port
@@ -33,124 +36,28 @@
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
];
}
- {
- #static-nginx-test
- imports = [
- ../3modules/static_nginx.nix
- ];
- lass.staticPage."testserver.de" = {
- #sslEnable = true;
- #certificate = "${toString <secrets>}/testserver.de/server.cert";
- #certificate_key = "${toString <secrets>}/testserver.de/server.pem";
- ssl = {
- enable = true;
- certificate = "${toString <secrets>}/testserver.de/server.cert";
- certificate_key = "${toString <secrets>}/testserver.de/server.pem";
- };
- };
- networking.extraHosts = ''
- 10.243.0.2 testserver.de
- '';
- }
#{
- # #wordpress-test
- # #imports = singleton (sitesGenerators.createWordpress "testserver.de");
- # imports = [
- # ../3modules/wordpress_nginx.nix
- # ];
- # lass.wordpress."testserver.de" = {
- # multiSite = {
- # "1" = "testserver.de";
- # "2" = "bla.testserver.de";
- # };
- # };
-
# services.mysql = {
# enable = true;
# package = pkgs.mariadb;
# rootPassword = "<secrets>/mysql_rootPassword";
# };
- # networking.extraHosts = ''
- # 10.243.0.2 testserver.de
- # '';
- # krebs.iptables.tables.filter.INPUT.rules = [
- # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- # ];
#}
#{
- # #owncloud-test
- # #imports = singleton (sitesGenerators.createWordpress "testserver.de");
- # imports = [
- # ../3modules/owncloud_nginx.nix
- # ];
- # lass.owncloud."owncloud-test.de" = {
+ # services.elasticsearch = {
+ # enable = true;
+ # plugins = [
+ # # pkgs.elasticsearchPlugins.elasticsearch_kopf
+ # ];
+ # };
+ #}
+ #{
+ # services.postgresql = {
+ # enable = true;
+ # package = pkgs.postgresql;
# };
-
- # #services.mysql = {
- # # enable = true;
- # # package = pkgs.mariadb;
- # # rootPassword = "<secrets>/mysql_rootPassword";
- # #};
- # networking.extraHosts = ''
- # 10.243.0.2 owncloud-test.de
- # '';
- # krebs.iptables.tables.filter.INPUT.rules = [
- # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- # ];
#}
{
- containers.pythonenv = {
- config = {
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
-
- environment = {
- systemPackages = with pkgs; [
- git
- libxml2
- libxslt
- libzip
- python27Full
- python27Packages.buildout
- stdenv
- zlib
- ];
-
- pathsToLink = [ "/include" ];
-
- shellInit = ''
- # help pip to find libz.so when building lxml
- export LIBRARY_PATH=/var/run/current-system/sw/lib
- # ditto for header files, e.g. sqlite
- export C_INCLUDE_PATH=/var/run/current-system/sw/include
- '';
- };
-
- };
- };
- }
- {
- services.mysql = {
- enable = true;
- package = pkgs.mariadb;
- rootPassword = "<secrets>/mysql_rootPassword";
- };
- }
- {
- services.elasticsearch = {
- enable = true;
- plugins = [
- # pkgs.elasticsearchPlugins.elasticsearch_kopf
- ];
- };
- }
- {
- services.postgresql = {
- enable = true;
- package = pkgs.postgresql;
- };
}
];
@@ -158,15 +65,6 @@
networking.wireless.enable = true;
- networking.extraHosts = ''
- 213.239.205.240 wohnprojekt-rhh.de
- 213.239.205.240 karlaskop.de
- 213.239.205.240 makeup.apanowicz.de
- 213.239.205.240 pixelpocket.de
- 213.239.205.240 reich-gebaeudereinigung.de
- 213.239.205.240 o.ubikmedia.de
- '';
-
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
@@ -206,7 +104,7 @@
fsType = "ext4";
};
- "/mnt/backups" = {
+ "/bku" = {
device = "/dev/big/backups";
fsType = "ext4";
};
@@ -277,14 +175,14 @@
emulateWheel = true;
};
- #services.xserver = {
- # videoDriver = "intel";
- # vaapiDrivers = [ pkgs.vaapiIntel ];
- # deviceSection = ''
- # Option "AccelMethod" "sna"
- # BusID "PCI:0:2:0"
- # '';
- #};
+ services.xserver = {
+ videoDriver = "intel";
+ vaapiDrivers = [ pkgs.vaapiIntel ];
+ deviceSection = ''
+ Option "AccelMethod" "sna"
+ BusID "PCI:0:2:0"
+ '';
+ };
environment.systemPackages = with pkgs; [
acronym
@@ -293,6 +191,9 @@
get
teamspeak_client
hashPassword
+ urban
+ mk_sql_pair
+ remmina
];
#TODO: fix this shit
@@ -324,16 +225,4 @@
];
};
};
-
- #touchpad config
- services.xserver.synaptics = {
- enable = true;
- accelFactor = "0.035";
- additionalOptions = ''
- Option "FingerHigh" "60"
- Option "FingerLow" "60"
- '';
- tapButtons = false;
- twoFingerScroll = true;
- };
}
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 20c919b9b..6ed80ac39 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -2,15 +2,32 @@
let
ip = config.krebs.build.host.nets.internet.ip4.addr;
+
+ inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
+ manageCerts
+ ;
+
in {
imports = [
../.
- ../2configs/base.nix
+ ../2configs/default.nix
+ ../2configs/exim-smarthost.nix
../2configs/downloading.nix
- ../2configs/git.nix
../2configs/ts3.nix
../2configs/bitlbee.nix
../2configs/weechat.nix
+ ../2configs/privoxy-retiolum.nix
+ ../2configs/radio.nix
+ ../2configs/buildbot-standalone.nix
+ {
+ imports = [
+ ../2configs/git.nix
+ ( manageCerts [ "cgit.lassul.us" ])
+ ];
+ krebs.nginx.servers.cgit.server-names = [
+ "cgit.lassul.us"
+ ];
+ }
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
@@ -77,6 +94,18 @@ in {
device = "/dev/pool/download";
};
+ fileSystems."/srv/http" = {
+ device = "/dev/pool/http";
+ };
+
+ fileSystems."/srv/o.ubikmedia.de-data" = {
+ device = "/dev/pool/owncloud-ubik-data";
+ };
+
+ fileSystems."/bku" = {
+ device = "/dev/pool/bku";
+ };
+
}
{
sound.enable = false;
@@ -117,7 +146,7 @@ in {
}
{
users.users.chat.openssh.authorizedKeys.keys = [
- "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH"
+ "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBQjn/3n283RZkBs2CFqbpukyQ3zkLIjewRpKttPa5d4PUiT7/vOlutWH5EP4BxXQSoeZStx8D2alGjxfK+nfDvRJGGofpm23cN4j4i24Fcam1y1H7wqRXO1qbz5AB3qPg== JuiceSSH"
config.krebs.users.lass-uriel.pubkey
];
}
@@ -130,15 +159,57 @@ in {
../2configs/websites/domsen.nix
];
krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
{
services.tor = {
enable = true;
- client.enable = true;
};
}
+ {
+ security.acme = {
+ certs."lassul.us" = {
+ email = "lass@lassul.us";
+ webroot = "/var/lib/acme/challenges/lassul.us";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ "full.pem"
+ ];
+ user = "ejabberd";
+ };
+ };
+ krebs.nginx.servers."lassul.us" = {
+ server-names = [ "lassul.us" ];
+ locations = [
+ (lib.nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/lassul.us/;
+ '')
+ ];
+ };
+ lass.ejabberd = {
+ enable = true;
+ hosts = [ "lassul.us" ];
+ certfile = "/var/lib/acme/lassul.us/full.pem";
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
+ ];
+ }
+ {
+ imports = [
+ ../2configs/realwallpaper-server.nix
+ ];
+ krebs.nginx.servers."lassul.us".locations = [
+ (lib.nameValuePair "/wallpaper.png" ''
+ alias /tmp/wallpaper.png;
+ '')
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
new file mode 100644
index 000000000..6829428ff
--- /dev/null
+++ b/lass/1systems/shodan.nix
@@ -0,0 +1,76 @@
+{ config, pkgs, ... }:
+
+with builtins;
+{
+ imports = [
+ ../.
+ ../2configs/baseX.nix
+ ../2configs/exim-retiolum.nix
+ ../2configs/browsers.nix
+ ../2configs/programs.nix
+ ../2configs/fetchWallpaper.nix
+ ../2configs/backups.nix
+ #{
+ # users.extraUsers = {
+ # root = {
+ # openssh.authorizedKeys.keys = map readFile [
+ # ../../krebs/Zpubkeys/uriel.ssh.pub
+ # ];
+ # };
+ # };
+ #}
+ {
+ #x220 config from mors
+ #TODO: make x220 config file (or look in other user dir)
+ hardware.trackpoint = {
+ enable = true;
+ sensitivity = 220;
+ speed = 0;
+ emulateWheel = true;
+ };
+
+ services.xserver = {
+ videoDriver = "intel";
+ vaapiDrivers = [ pkgs.vaapiIntel ];
+ deviceSection = ''
+ Option "AccelMethod" "sna"
+ BusID "PCI:0:2:0"
+ '';
+ };
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.shodan;
+
+ networking.wireless.enable = true;
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ boot = {
+ loader.grub.enable = true;
+ loader.grub.version = 2;
+ loader.grub.device = "/dev/sda";
+
+ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ #kernelModules = [ "kvm-intel" "msr" ];
+ kernelModules = [ "msr" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/pool/nix";
+ fsType = "ext4";
+ };
+
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+ };
+
+ #services.udev.extraRules = ''
+ # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
+ # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
+ #'';
+}
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 4e4eca21f..92996c181 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -5,6 +5,7 @@ with builtins;
imports = [
../.
../2configs/baseX.nix
+ ../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/games.nix
../2configs/pass.nix
@@ -47,6 +48,11 @@ with builtins;
fsType = "ext4";
};
+ "/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
+
"/boot" = {
device = "/dev/sda1";
};
diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix
new file mode 100644
index 000000000..7d3046d43
--- /dev/null
+++ b/lass/2configs/backups.nix
@@ -0,0 +1,135 @@
+{ config, lib, ... }:
+with config.krebs.lib;
+{
+
+ krebs.backup.plans = {
+ } // mapAttrs (_: recursiveUpdate {
+ snapshots = {
+ daily = { format = "%Y-%m-%d"; retain = 7; };
+ weekly = { format = "%YW%W"; retain = 4; };
+ monthly = { format = "%Y-%m"; retain = 12; };
+ yearly = { format = "%Y"; };
+ };
+ }) {
+ dishfire-http-prism = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
+ startAt = "03:00";
+ };
+ dishfire-http-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; };
+ startAt = "03:05";
+ };
+ dishfire-http-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-http"; };
+ startAt = "03:10";
+ };
+ dishfire-sql-prism = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
+ startAt = "03:15";
+ };
+ dishfire-sql-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; };
+ startAt = "03:20";
+ };
+ dishfire-sql-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-sql"; };
+ startAt = "03:25";
+ };
+ prism-bitlbee-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; };
+ startAt = "03:25";
+ };
+ prism-bitlbee-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-bitlbee"; };
+ startAt = "03:25";
+ };
+ prism-chat-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
+ startAt = "03:30";
+ };
+ prism-chat-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; };
+ startAt = "03:35";
+ };
+ prism-sql-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
+ startAt = "03:40";
+ };
+ prism-sql-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; };
+ startAt = "03:45";
+ };
+ prism-http-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
+ startAt = "03:50";
+ };
+ prism-http-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; };
+ startAt = "03:55";
+ };
+ uriel-home-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.uriel; path = "/home"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/uriel-home"; };
+ startAt = "04:00";
+ };
+ mors-home-uriel = {
+ method = "push";
+ src = { host = config.krebs.hosts.mors; path = "/home"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; };
+ startAt = "05:00";
+ };
+ dishfire-http-helios = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-http"; };
+ startAt = "12:00";
+ };
+ dishfire-sql-helios = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-sql"; };
+ startAt = "12:15";
+ };
+ prism-sql-helios = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.helios; path = "/bku/prism-sql_dumps"; };
+ startAt = "12:30";
+ };
+ prism-http-helios = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.helios; path = "/bku/prism-http"; };
+ startAt = "12:45";
+ };
+ };
+}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 6c52240af..16f7502ac 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -4,9 +4,10 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
imports = [
- ./base.nix
+ ./default.nix
#./urxvt.nix
./xserver
+ ./mpv.nix
];
users.extraUsers.mainUser.extraGroups = [ "audio" ];
@@ -33,17 +34,19 @@ in {
dmenu
gitAndTools.qgit
+ lm_sensors
much
+ nmap
pavucontrol
powertop
push
slock
sxiv
+ xclip
xorg.xbacklight
xsel
zathura
- mpv
mpv-poll
yt-next
#window manager stuff
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 47a16d4cb..ea79053ce 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -14,7 +14,7 @@ let
useDefaultShell = true;
createHome = true;
};
- lass.per-user.${name}.packages = packages;
+ krebs.per-user.${name}.packages = packages;
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
@@ -35,7 +35,7 @@ let
useDefaultShell = true;
createHome = true;
};
- lass.per-user.${name}.packages = packages;
+ krebs.per-user.${name}.packages = packages;
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
@@ -59,20 +59,10 @@ in {
imports = [
( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] )
- ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
- ( createChromiumUser "wk" [ "audio" ] [ pkgs.chromium ] )
- ( createChromiumUser "fb" [ "audio" ] [ pkgs.chromium ] )
- ( createChromiumUser "gm" [ "audio" ] [ pkgs.chromium ] )
- ( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] )
+ ( createChromiumUser "cr" [ "video" "audio" ] [ pkgs.chromium ] )
+ ( createChromiumUser "wk" [ "video" "audio" ] [ pkgs.chromium ] )
+ ( createChromiumUser "fb" [ "video" "audio" ] [ pkgs.chromium ] )
+ ( createChromiumUser "gm" [ "video" "audio" ] [ pkgs.chromium ] )
+ ( createChromiumUser "com" [ "video" "audio" ] [ pkgs.chromium ] )
];
-
- nixpkgs.config.packageOverrides = pkgs : {
- flash = pkgs.chromium.override {
- # pulseSupport = true;
- enablePepperFlash = true;
- };
- #chromium = pkgs.chromium.override {
- # pulseSupport = true;
- #};
- };
}
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 8c71553fe..604d0728d 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -1,15 +1,16 @@
{ lib, config, pkgs, ... }:
{
- #networking.firewall.allowedTCPPorts = [ 8010 9989 ];
- krebs.buildbot.master = {
+ krebs.buildbot.master = let
+ stockholm-mirror-url = http://cgit.prism/stockholm ;
+ in {
slaves = {
testslave = "lasspass";
};
change_source.stockholm = ''
- stockholm_repo = 'http://cgit.mors/stockholm'
+ stockholm_repo = '${stockholm-mirror-url}'
cs.append(changes.GitPoller(
stockholm_repo,
- workdir='stockholm-poller', branch='master',
+ workdir='stockholm-poller', branches=True,
project='stockholm',
pollinterval=120))
'';
@@ -20,10 +21,12 @@
builderNames=["fast-tests"]))
'';
fast-tests-scheduler = ''
- # test the master real quick
+ # test everything real quick
sched.append(schedulers.SingleBranchScheduler(
- change_filter=util.ChangeFilter(branch="master"),
- name="fast-master-test",
+ ## all branches
+ change_filter=util.ChangeFilter(branch_re=".*"),
+ # treeStableTimer=10,
+ name="fast-all-branches",
builderNames=["fast-tests"]))
'';
};
@@ -38,7 +41,10 @@
deps = [ "gnumake", "jq","nix","rsync" ]
# TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
- nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
+ nixshell = ["nix-shell",
+ "-I", "stockholm=.",
+ "-I", "nixpkgs=/var/src/nixpkgs",
+ "-p" ] + deps + [ "--run" ]
# prepare addShell function
def addShell(factory,**kwargs):
@@ -48,13 +54,26 @@
fast-tests = ''
f = util.BuildFactory()
f.addStep(grab_repo)
- addShell(f,name="mors-eval",env=env,
- command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"])
+ for i in [ "prism", "mors", "echelon" ]:
+ addShell(f,name="populate-{}".format(i),env=env,
+ command=nixshell + \
+ ["{}( make system={} eval.config.krebs.build.populate \
+ | jq -er .)".format("!" if "failing" in i else "",i)])
+
+ addShell(f,name="build-test-minimal",env=env,
+ command=nixshell + \
+ ["nix-instantiate \
+ --show-trace --eval --strict --json \
+ -I nixos-config=./shared/1systems/test-minimal-deploy.nix \
+ -I secrets=. \
+ -A config.system.build.toplevel"]
+ )
bu.append(util.BuilderConfig(name="fast-tests",
slavenames=slavenames,
factory=f))
- '';
+
+ '';
};
enable = true;
web.enable = true;
@@ -72,7 +91,17 @@
masterhost = "localhost";
username = "testslave";
password = "lasspass";
- packages = with pkgs;[ git nix ];
- extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
+ packages = with pkgs;[ git nix gnumake jq rsync ];
+ extraEnviron = {
+ NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix";
+ };
+ };
+ krebs.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 9989"; target = "ACCEPT"; }
+ ];
+ };
};
}
diff --git a/lass/2configs/base.nix b/lass/2configs/default.nix
index 8017d4270..1c06acf38 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/default.nix
@@ -7,10 +7,11 @@ with config.krebs.lib;
../2configs/zsh.nix
../2configs/mc.nix
../2configs/retiolum.nix
+ ./backups.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
- (import /root/secrets/hashedPasswords.nix);
+ (import <secrets/hashedPasswords.nix>);
}
{
users.extraUsers = {
@@ -18,7 +19,7 @@ with config.krebs.lib;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-uriel.pubkey
- config.krebs.users.lass-helios.pubkey
+ config.krebs.users.lass-shodan.pubkey
];
};
mainUser = {
@@ -29,10 +30,12 @@ with config.krebs.lib;
createHome = true;
useDefaultShell = true;
extraGroups = [
+ "fuse"
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-uriel.pubkey
+ config.krebs.users.lass-shodan.pubkey
];
};
};
@@ -45,7 +48,6 @@ with config.krebs.lib;
krebs = {
enable = true;
search-domain = "retiolum";
- exim-retiolum.enable = true;
build = {
user = config.krebs.users.lass;
source = mapAttrs (_: mkDefault) ({
@@ -54,8 +56,8 @@ with config.krebs.lib;
#secrets-common = "/home/lass/secrets/common";
stockholm = "/home/lass/stockholm";
nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "40c586b7ce2c559374df435f46d673baf711c543";
+ url = https://github.com/lassulus/nixpkgs;
+ rev = "f632f8edaf80ffa8bf0b8c9b9064cae3ccbe3894";
dev = "/home/lass/src/nixpkgs";
};
} // optionalAttrs config.krebs.build.host.secure {
@@ -85,9 +87,12 @@ with config.krebs.lib;
MANPAGER=most
'';
+ nixpkgs.config.allowUnfree = true;
+
environment.systemPackages = with pkgs; [
#stockholm
git
+ gnumake
jq
parallel
proot
@@ -102,12 +107,20 @@ with config.krebs.lib;
#network
iptables
+ iftop
#stuff for dl
aria2
#neat utils
krebspaste
+ psmisc
+ untilport
+
+ #unpack stuff
+ p7zip
+ unzip
+ unrar
];
programs.bash = {
@@ -145,10 +158,6 @@ with config.krebs.lib;
'';
};
- security.setuidPrograms = [
- "sendmail"
- ];
-
services.openssh = {
enable = true;
hostKeys = [
@@ -165,6 +174,13 @@ with config.krebs.lib;
krebs.iptables = {
enable = true;
tables = {
+ nat.PREROUTING.rules = [
+ { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
+ { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
+ ];
+ nat.OUTPUT.rules = [
+ { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
+ ];
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 115cb8b61..3639a743a 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -3,7 +3,7 @@
with config.krebs.lib;
let
- rpc-password = import <secrets/transmission-pw.nix>;
+ rpc-password = import <secrets/transmission-pw>;
in {
imports = [
../3modules/folderPerms.nix
@@ -20,6 +20,7 @@ in {
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
+ config.krebs.users.lass-uriel.pubkey
];
};
diff --git a/lass/2configs/exim-retiolum.nix b/lass/2configs/exim-retiolum.nix
new file mode 100644
index 000000000..c07b6c15a
--- /dev/null
+++ b/lass/2configs/exim-retiolum.nix
@@ -0,0 +1,10 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+{
+ krebs.exim-retiolum.enable = true;
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
+ ];
+}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
new file mode 100644
index 000000000..8199f2bd7
--- /dev/null
+++ b/lass/2configs/exim-smarthost.nix
@@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+{
+ krebs.exim-smarthost = {
+ enable = true;
+ dkim = [
+ { domain = "lassul.us"; }
+ ];
+ sender_domains = [
+ "lassul.us"
+ "aidsballs.de"
+ ];
+ relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+ config.krebs.hosts.mors
+ config.krebs.hosts.uriel
+ config.krebs.hosts.helios
+ ];
+ internet-aliases = with config.krebs.users; [
+ { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
+ { from = "lass@lassul.us"; to = lass.mail; }
+ { from = "lassulus@lassul.us"; to = lass.mail; }
+ { from = "test@lassul.us"; to = lass.mail; }
+ { from = "outlook@lassul.us"; to = lass.mail; }
+ { from = "steuer@aidsballs.de"; to = lass.mail; }
+ { from = "lass@aidsballs.de"; to = lass.mail; }
+ { from = "wordpress@ubikmedia.de"; to = lass.mail; }
+ { from = "finanzamt@lassul.us"; to = lass.mail; }
+ { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
+ ];
+ system-aliases = [
+ { from = "mailer-daemon"; to = "postmaster"; }
+ { from = "postmaster"; to = "root"; }
+ { from = "nobody"; to = "root"; }
+ { from = "hostmaster"; to = "root"; }
+ { from = "usenet"; to = "root"; }
+ { from = "news"; to = "root"; }
+ { from = "webmaster"; to = "root"; }
+ { from = "www"; to = "root"; }
+ { from = "ftp"; to = "root"; }
+ { from = "abuse"; to = "root"; }
+ { from = "noc"; to = "root"; }
+ { from = "security"; to = "root"; }
+ { from = "root"; to = "lass"; }
+ ];
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
+ ];
+}
diff --git a/lass/2configs/fastpoke-pages.nix b/lass/2configs/fastpoke-pages.nix
deleted file mode 100644
index bf6ea8952..000000000
--- a/lass/2configs/fastpoke-pages.nix
+++ /dev/null
@@ -1,101 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-let
- createStaticPage = domain:
- {
- krebs.nginx.servers."${domain}" = {
- server-names = [
- "${domain}"
- "www.${domain}"
- ];
- locations = [
- (nameValuePair "/" ''
- root /var/lib/http/${domain};
- '')
- ];
- };
- #networking.extraHosts = ''
- # 10.243.206.102 ${domain}
- #'';
- users.extraUsers = {
- ${domain} = {
- name = domain;
- home = "/var/lib/http/${domain}";
- createHome = true;
- };
- };
- };
-
-in {
- imports = map createStaticPage [
- "habsys.de"
- "pixelpocket.de"
- "karlaskop.de"
- "ubikmedia.de"
- "apanowicz.de"
- ];
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
- ];
- };
- };
-
-
- krebs.nginx = {
- enable = true;
- servers = {
- #"habsys.de" = {
- # server-names = [
- # "habsys.de"
- # "www.habsys.de"
- # ];
- # locations = [
- # (nameValuePair "/" ''
- # root /var/lib/http/habsys.de;
- # '')
- # ];
- #};
-
- #"karlaskop.de" = {
- # server-names = [
- # "karlaskop.de"
- # "www.karlaskop.de"
- # ];
- # locations = [
- # (nameValuePair "/" ''
- # root /var/lib/http/karlaskop.de;
- # '')
- # ];
- #};
-
- #"pixelpocket.de" = {
- # server-names = [
- # "pixelpocket.de"
- # "www.karlaskop.de"
- # ];
- # locations = [
- # (nameValuePair "/" ''
- # root /var/lib/http/karlaskop.de;
- # '')
- # ];
- #};
-
- };
- };
-
- #services.postgresql = {
- # enable = true;
- #};
-
- #config.services.vsftpd = {
- # enable = true;
- # userlistEnable = true;
- # userlistFile = pkgs.writeFile "vsftpd-userlist" ''
- # '';
- #};
-}
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index 9c27706cb..f3b65e816 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -5,7 +5,7 @@ let
in {
krebs.fetchWallpaper = {
enable = true;
- url = "echelon/wallpaper.png";
+ url = "cloudkrebs/wallpaper.png";
};
}
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 6043a8759..0eec97922 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -13,7 +13,7 @@ in {
name = "games";
description = "user playing games";
home = "/home/games";
- extraGroups = [ "audio" "video" "input" ];
+ extraGroups = [ "audio" "video" "input" "loot" ];
createHome = true;
useDefaultShell = true;
};
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 0aab298c7..aac3f6e02 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -35,6 +35,10 @@ let
newsbot-js = {};
kimsufi-check = {};
realwallpaper = {};
+ xmonad-stockholm = {};
+ the_playlist = {};
+ } // mapAttrs make-public-repo-silent {
+ the_playlist = {};
};
restricted-repos = mapAttrs make-restricted-repo (
@@ -62,6 +66,11 @@ let
};
};
+ make-public-repo-silent = name: { desc ? null, ... }: {
+ inherit name desc;
+ public = true;
+ };
+
make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: {
inherit name collaborators desc;
public = false;
diff --git a/lass/2configs/krebs-pass.nix b/lass/2configs/krebs-pass.nix
new file mode 100644
index 000000000..a605bc84b
--- /dev/null
+++ b/lass/2configs/krebs-pass.nix
@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+
+let
+
+ #TODO: tab-completion
+ krebs-pass = pkgs.writeDashBin "krebs-pass" ''
+ PASSWORD_STORE_DIR=$HOME/.krebs-pass \
+ exec ${pkgs.pass}/bin/pass $@
+ '';
+
+ krebs-passmenu = pkgs.writeDashBin "krebs-passmenu" ''
+ PASSWORD_STORE_DIR=$HOME/.krebs-pass \
+ exec ${pkgs.pass}/bin/passmenu $@
+ '';
+
+in {
+ krebs.per-user.lass.packages = [
+ krebs-pass
+ krebs-passmenu
+ ];
+}
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
new file mode 100644
index 000000000..72d6f987f
--- /dev/null
+++ b/lass/2configs/mail.nix
@@ -0,0 +1,110 @@
+{ pkgs, ... }:
+
+let
+
+ msmtprc = pkgs.writeText "msmtprc" ''
+ defaults
+ logfile ~/.msmtp.log
+ account prism
+ host prism.r
+ account default: prism
+ '';
+
+ msmtp = pkgs.writeDashBin "msmtp" ''
+ exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
+ '';
+
+ muttrc = pkgs.writeText "muttrc" ''
+ # gpg
+ source ${pkgs.mutt-kz}/share/doc/mutt-kz/samples/gpg.rc
+ set pgp_use_gpg_agent = yes
+ set pgp_sign_as = 0x976A7E4D
+ set crypt_autosign = yes
+ set crypt_replyencrypt = yes
+ set crypt_verify_sig = yes
+ set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f"
+
+ macro index \Cv \
+ "<enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \
+ <enter-command> set crypt_verify_sig=yes<enter> \
+ <display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
+ 'Verify PGP signature and open the message'
+
+ macro pager \Cv \
+ "<exit><enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \
+ <enter-command> set crypt_verify_sig=yes<enter> \
+ <display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
+ 'Verify PGP signature'
+
+
+ # notmuch
+ set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir
+ set nm_record = yes
+ set nm_record_tags = "-inbox me archive"
+ set virtual_spoolfile=yes # enable virtual folders
+ set sendmail="msmtp" # enables parsing of outgoing mail
+ set use_from=yes
+ set envelope_from=yes
+
+ set index_format="%4C %Z %?GI?%GI& ? %[%d/%b] %-16.15F %?M?(%3M)& ? %s %> %?g?%g?"
+
+ virtual-mailboxes \
+ "INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\
+ "Unread" "notmuch://?query=tag:unread"\
+ "TODO" "notmuch://?query=tag:TODO"\
+ "Starred" "notmuch://?query=tag:*"\
+ "Archive" "notmuch://?query=tag:archive"\
+ "Sent" "notmuch://?query=tag:sent"\
+ "Junk" "notmuch://?query=tag:junk"
+
+ tag-transforms "junk" "k" \
+ "unread" "u" \
+ "replied" "↻" \
+ "TODO" "T" \
+
+ # notmuch bindings
+ macro index \\\\ "<vfolder-from-query>" # looks up a hand made query
+ macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
+ macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred
+ macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred
+
+
+ #killed
+ bind index d noop
+ bind pager d noop
+
+ bind pager S noop
+ macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
+ macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
+
+ bind index t noop
+ bind pager t noop
+ macro index t "<modify-labels>+TODO\n" # tag as Archived
+
+
+ # sidebar
+ set sidebar_width = 20
+ set sidebar_visible = yes # set to "no" to disable sidebar view at startup
+ color sidebar_new yellow default
+ # sidebar bindings
+ bind index <left> sidebar-prev # got to previous folder in sidebar
+ bind index <right> sidebar-next # got to next folder in sidebar
+ bind index <space> sidebar-open # open selected folder from sidebar
+ # sidebar toggle
+ macro index ,@) "<enter-command> set sidebar_visible=no; macro index ~ ,@( 'Toggle sidebar'<Enter>"
+ macro index ,@( "<enter-command> set sidebar_visible=yes; macro index ~ ,@) 'Toggle sidebar'<Enter>"
+ macro index ~ ,@( 'Toggle sidebar' # toggle the sidebar
+ '';
+
+ mutt = pkgs.writeDashBin "mutt" ''
+ exec ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@
+ '';
+
+in {
+ environment.systemPackages = [
+ msmtp
+ mutt
+ pkgs.much
+ pkgs.notmuch
+ ];
+}
diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix
new file mode 100644
index 000000000..ff5698e4e
--- /dev/null
+++ b/lass/2configs/mpv.nix
@@ -0,0 +1,49 @@
+{ pkgs, lib, ... }:
+
+let
+
+ mpv-config = pkgs.writeText "mpv-config" ''
+ script=${lib.concatStringsSep "," [
+ good
+ delete
+ ]}
+ '';
+ mpv = pkgs.writeDashBin "mpv" ''
+ exec ${pkgs.mpv}/bin/mpv --no-config --include=${mpv-config} "$@"
+ '';
+
+ moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
+ tmp_dir = "${dir}"
+
+ function move_current_track_${key}()
+ track = mp.get_property("path")
+ os.execute("mkdir -p '" .. tmp_dir .. "'")
+ os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
+ print("moved '" .. track .. "' to " .. tmp_dir)
+ end
+
+ mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
+ '';
+
+ good = moveToDir "G" "./.good";
+ delete = moveToDir "D" "./.graveyard";
+
+ deleteCurrentTrack = pkgs.writeText "delete.lua" ''
+ deleted_tmp = "./.graveyard"
+
+ -- Delete the current track by moving it to the `deleted_tmp` location.
+ function delete_current_track()
+ track = mp.get_property("path")
+ os.execute("mkdir -p '" .. deleted_tmp .. "'")
+ os.execute("mv '" .. track .. "' '" .. deleted_tmp .. "'")
+ print("'" .. track .. "' deleted.")
+ end
+
+ mp.add_key_binding("D", "delete_current_track", delete_current_track)
+ '';
+
+in {
+ krebs.per-user.lass.packages = [
+ mpv
+ ];
+}
diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix
index d7c68bd7d..636b44395 100644
--- a/lass/2configs/newsbot-js.nix
+++ b/lass/2configs/newsbot-js.nix
@@ -154,7 +154,6 @@ let
telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news
the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news
tigsource|http://www.tigsource.com/feed/|#news
- times|http://www.thetimes.co.uk/tto/news/rss|#news
tinc|http://tinc-vpn.org/news/index.rss|#news
topix_b|http://www.topix.com/rss/wire/de/berlin|#news
torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news
diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix
index 33eca0a17..5bd2f2f7f 100644
--- a/lass/2configs/pass.nix
+++ b/lass/2configs/pass.nix
@@ -1,10 +1,9 @@
{ config, pkgs, ... }:
{
- environment.systemPackages = with pkgs; [
+ krebs.per-user.lass.packages = with pkgs; [
pass
gnupg1
];
- services.xserver.startGnuPGAgent = true;
}
diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix
index e4840383f..6cf23deaf 100644
--- a/lass/2configs/programs.nix
+++ b/lass/2configs/programs.nix
@@ -8,7 +8,6 @@
htop
i3lock
mosh
- mpv
pass
pavucontrol
pv
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
new file mode 100644
index 000000000..17be327b9
--- /dev/null
+++ b/lass/2configs/radio.nix
@@ -0,0 +1,195 @@
+{ config, pkgs, ... }:
+
+with config.krebs.lib;
+
+let
+ name = "radio";
+ mainUser = config.users.extraUsers.mainUser;
+ inherit (config.krebs.lib) genid;
+
+ admin-password = import <secrets/icecast-admin-pw>;
+ source-password = import <secrets/icecast-source-pw>;
+
+ add_random = pkgs.writeDashBin "add_random" ''
+ mpc add "$(mpc ls | shuf -n1)"
+ '';
+
+ skip_track = pkgs.writeDashBin "skip_track" ''
+ ${add_random}/bin/add_random
+ echo skipping: "$(${print_current}/bin/print_current)"
+ ${pkgs.mpc_cli}/bin/mpc -q next
+ '';
+
+ print_current = pkgs.writeDashBin "print_current" ''
+ echo "$(${pkgs.mpc_cli}/bin/mpc current -f %file%) \
+ $(${pkgs.mpc_cli}/bin/mpc current -f %file% \
+ | ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@http://www.youtube.com/watch?v=\1@')"
+ '';
+
+in {
+ users.users = {
+ "${name}" = rec {
+ inherit name;
+ group = name;
+ uid = genid name;
+ description = "radio manager";
+ home = "/home/${name}";
+ useDefaultShell = true;
+ createHome = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
+ };
+ };
+
+ users.groups = {
+ "radio" = {};
+ };
+
+ krebs.per-user.${name}.packages = with pkgs; [
+ add_random
+ skip_track
+ print_current
+ ncmpcpp
+ mpc_cli
+ tmux
+ ];
+
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
+ '';
+
+ services.mpd = {
+ enable = true;
+ group = "radio";
+ musicDirectory = "/home/radio/the_playlist/music";
+ extraConfig = ''
+ audio_output {
+ type "shout"
+ encoding "ogg"
+ name "my cool stream"
+ host "localhost"
+ port "8000"
+ mount "/radio.ogg"
+
+ # This is the source password in icecast.xml
+ password "${source-password}"
+
+ # Set either quality or bit rate
+ # quality "5.0"
+ bitrate "128"
+
+ format "44100:16:1"
+
+ # Optional Parameters
+ user "source"
+ # description "here is my long description"
+ # genre "jazz"
+ } # end of audio_output
+
+ '';
+ };
+
+ services.icecast = {
+ enable = true;
+ hostname = "config.krebs.build.host.name";
+ admin.password = admin-password;
+ extraConf = ''
+ <authentication>
+ <source-password>${source-password}</source-password>
+ </authentication>
+ '';
+ };
+
+ krebs.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
+ ];
+ };
+ };
+
+ systemd.timers.radio = {
+ description = "radio autoadder timer";
+ wantedBy = [ "timers.target" ];
+
+ timerConfig = {
+ OnCalendar = "*:*";
+ };
+ };
+
+ systemd.services.radio = let
+ autoAdd = pkgs.writeDash "autoAdd" ''
+ LIMIT=$1 #in secconds
+
+ timeLeft () {
+ playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
+ currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
+ expr ''${playlistDuration:-0} - ''${currentTime:-0}
+ }
+
+ if test $(timeLeft) -le $LIMIT; then
+ ${add_random}/bin/add_random
+ fi
+ '';
+ in {
+ description = "radio playlist autoadder";
+ after = [ "network.target" ];
+
+ path = with pkgs; [
+ gawk
+ mpc_cli
+ ];
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ Restart = "always";
+ ExecStart = "${autoAdd} 100";
+ };
+ };
+
+ krebs.Reaktor = {
+ enable = true;
+ nickname = "the_playlist|r";
+ channels = [ "#the_playlist" ];
+ extraEnviron = {
+ REAKTOR_HOST = "irc.freenode.org";
+ };
+ plugins = with pkgs.ReaktorPlugins; [
+ (buildSimpleReaktorPlugin "skip" {
+ script = "${skip_track}/bin/skip_track";
+ pattern = "^skip$";
+ })
+ (buildSimpleReaktorPlugin "current" {
+ script = "${print_current}/bin/print_current";
+ pattern = "^current$";
+ })
+ ];
+ };
+ krebs.nginx.servers."lassul.us".locations = let
+ html = pkgs.writeText "index.html" ''
+ <!DOCTYPE html>
+ <html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <title>lassulus playlist</title>
+ </head>
+ <body>
+ <div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
+ <iframe src="https://kiwiirc.com/client/irc.freenode.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
+ </div>
+ <div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
+ <audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>
+ </div>
+ <!-- page content -->
+ </body>
+ </html>
+ '';
+ in [
+ (nameValuePair "/the_playlist" ''
+ default_type "text/html";
+ alias ${html};
+ '')
+ ];
+}
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index b40227c61..8295d9d49 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -147,13 +147,8 @@ in {
vimrcConfig.vam.pluginDictionaries = [
{ names = [
"brogrammer"
- "commentary"
- "extradite"
"file-line"
- "fugitive"
"Gundo"
- "mustang2"
- "unimpaired"
]; }
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
];
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 109c216c0..45d09c3b9 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -1,35 +1,73 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
-{
+let
+ inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ genid
+ ;
+ inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
+ ssl
+ servePage
+ serveOwncloud
+ serveWordpress;
+
+ msmtprc = pkgs.writeText "msmtprc" ''
+ account prism
+ host localhost
+ account default: prism
+ '';
+
+ sendmail = pkgs.writeDash "msmtp" ''
+ exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
+ '';
+
+in {
imports = [
- ../../3modules/static_nginx.nix
- ../../3modules/owncloud_nginx.nix
- ../../3modules/wordpress_nginx.nix
- ];
+ ./sqlBackup.nix
+ (ssl [ "reich-gebaeudereinigung.de" ])
+ (servePage [ "reich-gebaeudereinigung.de" ])
- lass.staticPage = {
- "karlaskop.de" = {};
- "makeup.apanowicz.de" = {};
- "pixelpocket.de" = {};
- "reich-gebaeudereinigung.de" = {};
- };
+ (ssl [ "karlaskop.de" ])
+ (servePage [ "karlaskop.de" ])
- lass.owncloud = {
- "o.ubikmedia.de" = {
- instanceid = "oc8n8ddbftgh";
- };
- };
+ (ssl [ "makeup.apanowicz.de" ])
+ (servePage [ "makeup.apanowicz.de" ])
- services.mysql = {
- enable = true;
- package = pkgs.mariadb;
- rootPassword = toString (<secrets/mysql_rootPassword>);
- };
+ (ssl [ "pixelpocket.de" ])
+ (servePage [ "pixelpocket.de" ])
- #lass.wordpress = {
- # "ubikmedia.de" = {
- # };
- #};
+ (ssl [ "o.ubikmedia.de" ])
+ (serveOwncloud [ "o.ubikmedia.de" ])
+
+ (ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ])
+ (serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ])
+ ];
+
+ lass.mysqlBackup.config.all.databases = [
+ "ubikmedia_de"
+ "o_ubikmedia_de"
+ ];
+
+ users.users.domsen = {
+ uid = genid "domsen";
+ description = "maintenance acc for domsen";
+ home = "/home/domsen";
+ useDefaultShell = true;
+ extraGroups = [ "nginx" ];
+ createHome = true;
+ };
+ #services.phpfpm.phpOptions = ''
+ # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ # sendmail_path = ${sendmail} -t
+ #'';
+ services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
+ options = ''
+ extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ sendmail_path = ${sendmail} -t -i"
+ '';
+ } ''
+ cat ${pkgs.php}/etc/php-recommended.ini > $out
+ echo "$options" >> $out
+ '';
}
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 073f3de14..63efbecb6 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -1,33 +1,54 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
-{
+let
+ inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ genid
+ head
+ nameValuePair
+ ;
+ inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
+ ssl
+ servePage
+ serveWordpress
+ ;
+in {
imports = [
- ../../3modules/static_nginx.nix
- ../../3modules/owncloud_nginx.nix
- ../../3modules/wordpress_nginx.nix
+ ./sqlBackup.nix
+ (ssl [ "biostase.de" "www.biostase.de" ])
+ (serveWordpress [ "biostase.de" "www.biostase.de" ])
+
+ (ssl [ "radical-dreamers.de" "www.radical-dreamers.de" ])
+ (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])
+
+ (ssl [ "gs-maubach.de" "www.gs-maubach.de" ])
+ (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ])
+
+ (ssl [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
+ (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
+
+ (ssl [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
+ (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
+
+ (ssl [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
+ (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
+
+ (ssl [ "eastuttgart.de" "www.eastuttgart.de" ])
+ (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
+
+ (ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
+ (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
];
- lass.staticPage = {
- "biostase.de" = {};
- "gs-maubach.de" = {};
- "spielwaren-kern.de" = {};
- "societyofsimtech.de" = {};
- "ttf-kleinaspach.de" = {};
- "edsn.de" = {};
- "eab.berkeley.edu" = {};
- "habsys.de" = {};
- };
-
- #lass.owncloud = {
- # "o.ubikmedia.de" = {
- # instanceid = "oc8n8ddbftgh";
- # };
- #};
-
- #services.mysql = {
- # enable = true;
- # package = pkgs.mariadb;
- # rootPassword = toString (<secrets/mysql_rootPassword>);
- #};
+ lass.mysqlBackup.config.all.databases = [
+ "biostase_de"
+ "eastuttgart_de"
+ "radical_dreamers_de"
+ "spielwaren_kern_de"
+ "ttf_kleinaspach_de"
+ ];
+
+ users.users.root.openssh.authorizedKeys.keys = [
+ config.krebs.users.fritz.pubkey
+ ];
}
diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix
new file mode 100644
index 000000000..7cb4b320e
--- /dev/null
+++ b/lass/2configs/websites/sqlBackup.nix
@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+{
+ krebs.secret.files.mysql_rootPassword = {
+ path = "${config.services.mysql.dataDir}/mysql_rootPassword";
+ owner.name = "root";
+ source-path = toString <secrets> + "/mysql_rootPassword";
+ };
+
+ services.mysql = {
+ enable = true;
+ package = pkgs.mariadb;
+ rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
+ };
+
+ systemd.services.mysql = {
+ requires = [ "secret.service" ];
+ after = [ "secret.service" ];
+ };
+
+ lass.mysqlBackup = {
+ enable = true;
+ config.all = {
+ password = toString (<secrets/mysql_rootPassword>);
+ };
+ };
+}
+
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
new file mode 100644
index 000000000..330d8ba86
--- /dev/null
+++ b/lass/2configs/websites/util.nix
@@ -0,0 +1,229 @@
+{ lib, pkgs, ... }:
+
+with lib;
+
+rec {
+
+ manageCerts = domains:
+ let
+ domain = head domains;
+ in {
+ security.acme = {
+ certs."${domain}" = {
+ email = "lassulus@gmail.com";
+ webroot = "/var/lib/acme/challenges/${domain}";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ ];
+ group = "nginx";
+ allowKeysForGroup = true;
+ extraDomains = genAttrs domains (_: null);
+ };
+ };
+
+ krebs.nginx.servers."${domain}" = {
+ server-names = domains;
+ locations = [
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/${domain}/;
+ '')
+ ];
+ };
+ };
+
+ ssl = domains:
+ {
+ imports = [
+ ( manageCerts domains )
+ ( activateACME (head domains) )
+ ];
+ };
+
+ activateACME = domain:
+ {
+ krebs.nginx.servers.${domain} = {
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/${domain}/fullchain.pem";
+ certificate_key = "/var/lib/acme/${domain}/key.pem";
+ };
+ };
+ };
+
+ servePage = domains:
+ let
+ domain = head domains;
+ in {
+ krebs.nginx.servers.${domain} = {
+ server-names = domains;
+ locations = [
+ (nameValuePair "/" ''
+ root /srv/http/${domain};
+ '')
+ ];
+ };
+ };
+
+ serveOwncloud = domains:
+ let
+ domain = head domains;
+ in {
+ krebs.nginx.servers."${domain}" = {
+ server-names = domains;
+ extraConfig = ''
+ # Add headers to serve security related headers
+ add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+ add_header X-Content-Type-Options nosniff;
+ add_header X-Frame-Options "SAMEORIGIN";
+ add_header X-XSS-Protection "1; mode=block";
+ add_header X-Robots-Tag none;
+
+ # Path to the root of your installation
+ root /srv/http/${domain}/;
+ # set max upload size
+ client_max_body_size 10G;
+ fastcgi_buffers 64 4K;
+
+ # Disable gzip to avoid the removal of the ETag header
+ gzip off;
+
+ # Uncomment if your server is build with the ngx_pagespeed module
+ # This module is currently not supported.
+ #pagespeed off;
+
+ index index.php;
+ error_page 403 /core/templates/403.php;
+ error_page 404 /core/templates/404.php;
+
+ rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
+ rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;
+
+ # The following 2 rules are only needed for the user_webfinger app.
+ # Uncomment it if you're planning to use this app.
+ rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+ rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+ '';
+ locations = [
+ (nameValuePair "/robots.txt" ''
+ allow all;
+ log_not_found off;
+ access_log off;
+ '')
+ (nameValuePair "~ ^/(build|tests|config|lib|3rdparty|templates|data)/" ''
+ deny all;
+ '')
+
+ (nameValuePair "~ ^/(?:autotest|occ|issue|indie|db_|console)" ''
+ deny all;
+ '')
+
+ (nameValuePair "/" ''
+ rewrite ^/remote/(.*) /remote.php last;
+ rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
+ try_files $uri $uri/ =404;
+ '')
+
+ (nameValuePair "~ \.php(?:$|/)" ''
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ include ${pkgs.nginx}/conf/fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param HTTPS on;
+ fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
+ fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
+ fastcgi_intercept_errors on;
+ '')
+
+ # Adding the cache control header for js and css files
+ # Make sure it is BELOW the location ~ \.php(?:$|/) { block
+ (nameValuePair "~* \.(?:css|js)$" ''
+ add_header Cache-Control "public, max-age=7200";
+ # Add headers to serve security related headers
+ add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+ add_header X-Content-Type-Options nosniff;
+ add_header X-Frame-Options "SAMEORIGIN";
+ add_header X-XSS-Protection "1; mode=block";
+ add_header X-Robots-Tag none;
+ # Optional: Don't log access to assets
+ access_log off;
+ '')
+
+ # Optional: Don't log access to other assets
+ (nameValuePair "~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$" ''
+ access_log off;
+ '')
+ ];
+ };
+ services.phpfpm.poolConfigs."${domain}" = ''
+ listen = /srv/http/${domain}/phpfpm.pool
+ user = nginx
+ group = nginx
+ pm = dynamic
+ pm.max_children = 5
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 3
+ listen.owner = nginx
+ listen.group = nginx
+ # errors to journal
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ catch_workers_output = yes
+ '';
+ };
+
+ serveWordpress = domains:
+ let
+ domain = head domains;
+
+ in {
+ krebs.nginx.servers."${domain}" = {
+ server-names = domains;
+ extraConfig = ''
+ root /srv/http/${domain}/;
+ index index.php;
+ access_log /tmp/nginx_acc.log;
+ error_log /tmp/nginx_err.log;
+ error_page 404 /404.html;
+ error_page 500 502 503 504 /50x.html;
+ '';
+ locations = [
+ (nameValuePair "/" ''
+ try_files $uri $uri/ /index.php?$args;
+ '')
+ (nameValuePair "~ \.php$" ''
+ fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
+ include ${pkgs.nginx}/conf/fastcgi.conf;
+ '')
+ #(nameValuePair "~ /\\." ''
+ # deny all;
+ #'')
+ #Directives to send expires headers and turn off 404 error logging.
+ (nameValuePair "~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$" ''
+ access_log off;
+ log_not_found off;
+ expires max;
+ '')
+ ];
+ };
+ services.phpfpm.poolConfigs."${domain}" = ''
+ listen = /srv/http/${domain}/phpfpm.pool
+ user = nginx
+ group = nginx
+ pm = dynamic
+ pm.max_children = 5
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 3
+ listen.owner = nginx
+ listen.group = nginx
+ # errors to journal
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ catch_workers_output = yes
+ '';
+ };
+
+}
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
index ac784d4c7..fb1a58109 100644
--- a/lass/2configs/websites/wohnprojekt-rhh.de.nix
+++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix
@@ -1,14 +1,19 @@
-{ config, ... }:
+{ config, pkgs, lib, ... }:
-{
+let
+ inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ genid
+ ;
+ inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
+ ssl
+ servePage
+ ;
+in {
imports = [
- ../../3modules/static_nginx.nix
+ ( ssl [ "wohnprojekt-rhh.de" ])
+ ( servePage [ "wohnprojekt-rhh.de" ])
];
- lass.staticPage = {
- "wohnprojekt-rhh.de" = {};
- };
-
users.users.laura = {
home = "/srv/http/wohnprojekt-rhh.de";
createHome = true;
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
index 98f5df42a..5e14871ac 100644
--- a/lass/2configs/weechat.nix
+++ b/lass/2configs/weechat.nix
@@ -16,6 +16,7 @@ in {
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
+ config.krebs.users.lass-shodan.pubkey
];
};
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index 30afd787e..80c947a7b 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -40,8 +40,8 @@ let
};
};
- security.setuidPrograms = [
- "slock"
+ krebs.per-user.lass.packages = [
+ pkgs.rxvt_unicode_with-plugins
];
systemd.services.display-manager.enable = false;
@@ -52,7 +52,7 @@ let
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = xmonad-environment;
- restartIfChanged = false;
+ restartIfChanged = true;
serviceConfig = {
ExecStart = "${xmonad-start}/bin/xmonad";
ExecStop = "${xmonad-stop}/bin/xmonad-stop";
@@ -82,12 +82,7 @@ let
# XXX JSON is close enough :)
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
- "cr"
- "gm"
- "ff"
- "IM"
- "mail"
- "stockholm"
+ "dashboard"
]);
};
@@ -96,6 +91,9 @@ let
set -efu
export PATH; PATH=${makeSearchPath "bin" ([
pkgs.rxvt_unicode
+ pkgs.i3lock
+ pkgs.pulseaudioLight
+ pkgs.xorg.xbacklight
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
settle() {(
# Use PATH for a clean journal
@@ -114,7 +112,8 @@ let
xmonad-stop = pkgs.writeScriptBin "xmonad-stop" ''
#! /bin/sh
- exec ${pkgs.xmonad-lass}/bin/xmonad --shutdown
+ ${pkgs.xmonad-lass}/bin/xmonad --shutdown
+ ${pkgs.coreutils}/bin/sleep 2s
'';
xserver-environment = {
@@ -128,7 +127,7 @@ let
xserver = pkgs.writeScriptBin "xserver" ''
#! /bin/sh
set -efu
- exec ${pkgs.xorg.xorgserver}/bin/X \
+ exec ${pkgs.xorg.xorgserver.out}/bin/X \
:${toString config.services.xserver.display} \
vt${toString config.services.xserver.tty} \
-config ${import ./xserver.conf.nix args} \
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index f891498c2..380d83a91 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -1,11 +1,11 @@
_:
{
imports = [
- ./xresources.nix
+ ./ejabberd
./folderPerms.nix
- ./per-user.nix
+ ./mysql-backup.nix
./urxvtd.nix
- ./xresources.nix
./wordpress_nginx.nix
+ ./xresources.nix
];
}
diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix
new file mode 100644
index 000000000..9a4882644
--- /dev/null
+++ b/lass/3modules/ejabberd/config.nix
@@ -0,0 +1,93 @@
+{ config, ... }: with config.krebs.lib; let
+ cfg = config.lass.ejabberd;
+
+ # XXX this is a placeholder that happens to work the default strings.
+ toErlang = builtins.toJSON;
+in toFile "ejabberd.conf" ''
+ {loglevel, 3}.
+ {hosts, ${toErlang cfg.hosts}}.
+ {listen,
+ [
+ {5222, ejabberd_c2s, [
+ starttls,
+ {certfile, ${toErlang cfg.certfile}},
+ {access, c2s},
+ {shaper, c2s_shaper},
+ {max_stanza_size, 65536}
+ ]},
+ {5269, ejabberd_s2s_in, [
+ {shaper, s2s_shaper},
+ {max_stanza_size, 131072}
+ ]},
+ {5280, ejabberd_http, [
+ captcha,
+ http_bind,
+ http_poll,
+ web_admin
+ ]}
+ ]}.
+ {s2s_use_starttls, required}.
+ {s2s_certfile, ${toErlang cfg.s2s_certfile}}.
+ {auth_method, internal}.
+ {shaper, normal, {maxrate, 1000}}.
+ {shaper, fast, {maxrate, 50000}}.
+ {max_fsm_queue, 1000}.
+ {acl, local, {user_regexp, ""}}.
+ {access, max_user_sessions, [{10, all}]}.
+ {access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
+ {access, local, [{allow, local}]}.
+ {access, c2s, [{deny, blocked},
+ {allow, all}]}.
+ {access, c2s_shaper, [{none, admin},
+ {normal, all}]}.
+ {access, s2s_shaper, [{fast, all}]}.
+ {access, announce, [{allow, admin}]}.
+ {access, configure, [{allow, admin}]}.
+ {access, muc_admin, [{allow, admin}]}.
+ {access, muc_create, [{allow, local}]}.
+ {access, muc, [{allow, all}]}.
+ {access, pubsub_createnode, [{allow, local}]}.
+ {access, register, [{allow, local}]}.
+ {language, "en"}.
+ {modules,
+ [
+ {mod_adhoc, []},
+ {mod_announce, [{access, announce}]},
+ {mod_blocking,[]},
+ {mod_caps, []},
+ {mod_configure,[]},
+ {mod_disco, []},
+ {mod_irc, []},
+ {mod_http_bind, []},
+ {mod_last, []},
+ {mod_muc, [
+ {access, muc},
+ {access_create, muc_create},
+ {access_persistent, muc_create},
+ {access_admin, muc_admin}
+ ]},
+ {mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
+ {mod_ping, []},
+ {mod_privacy, []},
+ {mod_private, []},
+ {mod_pubsub, [
+ {access_createnode, pubsub_createnode},
+ {ignore_pep_from_offline, true},
+ {last_item_cache, false},
+ {plugins, ["flat", "hometree", "pep"]}
+ ]},
+ {mod_register, [
+ {welcome_message, {"Welcome!",
+ "Hi.\nWelcome to this XMPP server."}},
+ {ip_access, [{allow, "127.0.0.0/8"},
+ {allow, "0.0.0.0/0"}]},
+ {access, register}
+ ]},
+ {mod_roster, []},
+ {mod_shared_roster,[]},
+ {mod_stats, []},
+ {mod_time, []},
+ {mod_vcard, []},
+ {mod_version, []}
+ ]}.
+''
diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix
new file mode 100644
index 000000000..c68f32ef0
--- /dev/null
+++ b/lass/3modules/ejabberd/default.nix
@@ -0,0 +1,57 @@
+{ config, lib, pkgs, ... }@args: with config.krebs.lib; let
+ cfg = config.lass.ejabberd;
+in {
+ options.lass.ejabberd = {
+ enable = mkEnableOption "lass.ejabberd";
+ certfile = mkOption {
+ type = types.str;
+ };
+ hosts = mkOption {
+ type = with types; listOf str;
+ };
+ pkgs.ejabberdctl = mkOption {
+ type = types.package;
+ default = pkgs.writeDashBin "ejabberdctl" ''
+ set -efu
+ export SPOOLDIR=${shell.escape cfg.user.home}
+ export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
+ exec ${pkgs.ejabberd}/bin/ejabberdctl \
+ --logs ${shell.escape cfg.user.home} \
+ --spool ${shell.escape cfg.user.home} \
+ "$@"
+ '';
+ };
+ s2s_certfile = mkOption {
+ type = types.str;
+ default = cfg.certfile;
+ };
+ user = mkOption {
+ type = types.user;
+ default = {
+ name = "ejabberd";
+ home = "/var/ejabberd";
+ };
+ };
+ };
+ config = lib.mkIf cfg.enable {
+ environment.systemPackages = [ cfg.pkgs.ejabberdctl ];
+
+ systemd.services.ejabberd = {
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = "yes";
+ PermissionsStartOnly = "true";
+ SyslogIdentifier = "ejabberd";
+ User = cfg.user.name;
+ ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start";
+ };
+ };
+
+ users.users.${cfg.user.name} = {
+ inherit (cfg.user) home name uid;
+ createHome = true;
+ };
+ };
+}
diff --git a/lass/3modules/mysql-backup.nix b/lass/3modules/mysql-backup.nix
new file mode 100644
index 000000000..d2ae67171
--- /dev/null
+++ b/lass/3modules/mysql-backup.nix
@@ -0,0 +1,86 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ cfg = config.lass.mysqlBackup;
+
+ out = {
+ options.lass.mysqlBackup = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "mysqlBackup";
+ config = mkOption {
+ type = with types; attrsOf (submodule ({ config, ... }: {
+ options = {
+ name = mkOption {
+ type = types.str;
+ default = config._module.args.name;
+ };
+ startAt = mkOption {
+ type = with types; nullOr str; # TODO systemd.time(7)'s calendar event
+ default = "*-*-* 01:15:00";
+ };
+ user = mkOption {
+ type = str;
+ default = "root";
+ };
+ password = mkOption {
+ type = nullOr str;
+ default = null;
+ description = ''
+ path to a file containing the mysqlPassword for the specified user.
+ '';
+ };
+ databases = mkOption {
+ type = listOf str;
+ default = [];
+ };
+ location = mkOption {
+ type = str;
+ default = "/bku/sql_dumps";
+ };
+ };
+ }));
+ description = "configuration for mysqlBackup";
+ };
+ };
+
+ imp = {
+
+ #systemd.timers =
+ # mapAttrs (_: plan: {
+ # wantedBy = [ "timers.target" ];
+ # timerConfig = plan.timerConfig;
+ #}) cfg.config;
+
+ systemd.services =
+ mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" {
+ path = with pkgs; [
+ mysql
+ gzip
+ ];
+ serviceConfig = rec {
+ ExecStart = start plan;
+ SyslogIdentifier = ExecStart.name;
+ Type = "oneshot";
+ User = plan.user;
+ };
+ startAt = plan.startAt;
+ }) cfg.config;
+ };
+
+
+ start = plan: let
+ backupScript = plan: db:
+ "mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz";
+
+ in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" ''
+ ${concatMapStringsSep "\n" (backupScript plan) plan.databases}
+ '';
+
+
+in out
diff --git a/lass/3modules/per-user.nix b/lass/3modules/per-user.nix
deleted file mode 100644
index f8d357ce2..000000000
--- a/lass/3modules/per-user.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-let
- cfg = config.lass.per-user;
-
- out = {
- options.lass.per-user = api;
- config = imp;
- };
-
- api = mkOption {
- type = with types; attrsOf (submodule {
- options = {
- packages = mkOption {
- type = listOf path;
- default = [];
- };
- };
- });
- default = {};
- };
-
- imp = {
- #
- # TODO only shellInit and use well-known paths
- #
- environment.shellInit = ''
- if test -e ${user-profiles}/"$LOGNAME"; then
- . ${user-profiles}/"$LOGNAME"
- fi
- '';
- environment.interactiveShellInit = ''
- if test -e ${user-profiles}/"$LOGNAME"; then
- . ${user-profiles}/"$LOGNAME"
- fi
- '';
- environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
- };
-
- user-profiles = pkgs.runCommand "user-profiles" {} ''
- mkdir $out
- ${concatStrings (mapAttrsToList (logname: { packages, ... }: ''
- cat > $out/${logname} <<\EOF
- ${optionalString (length packages > 0) (
- let path = makeSearchPath "bin" packages; in
- ''export PATH="$PATH":${escapeShellArg path}''
- )}
- EOF
- '') cfg)}
- '';
-
-in out
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix
index a751a2995..56943b7ac 100644
--- a/lass/4lib/default.nix
+++ b/lass/4lib/default.nix
@@ -2,7 +2,7 @@
with lib;
-{
+rec {
getDefaultGateway = ip:
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
diff --git a/lass/5pkgs/acronym/default.nix b/lass/5pkgs/acronym/default.nix
index 53d5d015a..9f6f95587 100644
--- a/lass/5pkgs/acronym/default.nix
+++ b/lass/5pkgs/acronym/default.nix
@@ -1,13 +1,16 @@
{ pkgs, ... }:
pkgs.writeScriptBin "acronym" ''
+
#! ${pkgs.bash}/bin/bash
acro=$1
curl -s http://www.acronymfinder.com/$acro.html \
- | grep 'class="result-list__body__rank"' \
- | sed 's/.*title="\([^"]*\)".*/\1/' \
- | sed 's/^.* - //' \
- | sed "s/&#39;/'/g"
+ | grep 'class="result-list__body__rank"' \
+ | sed '
+ s/.*title="\([^"]*\)".*/\1/
+ s/^.* - //
+ s/&#39;/'\'''/g
+ '
''
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 0c9dd94ca..467867f63 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -8,7 +8,10 @@
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
};
+ mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
+ untilport = pkgs.callPackage ./untilport/default.nix {};
+ urban = pkgs.callPackage ./urban/default.nix {};
xmonad-lass =
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
pkgs.haskellPackages.callPackage src {};
diff --git a/lass/5pkgs/mk_sql_pair/default.nix b/lass/5pkgs/mk_sql_pair/default.nix
new file mode 100644
index 000000000..738a8daf6
--- /dev/null
+++ b/lass/5pkgs/mk_sql_pair/default.nix
@@ -0,0 +1,19 @@
+{ pkgs, ... }:
+
+pkgs.writeScriptBin "mk_sql_pair" ''
+ #!/bin/sh
+
+ name=$1
+ password=$2
+
+ if [ $# -ne 2 ]; then
+ echo '$1=name, $2=password'
+ exit 23;
+ fi
+
+ cat <<EOF
+ create database $name;
+ create user $name;
+ grant all on $name.* to $name@'localhost' identified by '$password';
+ EOF
+''
diff --git a/lass/5pkgs/untilport/default.nix b/lass/5pkgs/untilport/default.nix
new file mode 100644
index 000000000..61bcc2b89
--- /dev/null
+++ b/lass/5pkgs/untilport/default.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+
+pkgs.writeDashBin "untilport" ''
+ set -euf
+
+ usage() {
+ echo 'untiport $target $port'
+ echo 'Sleeps until the destinated port is reachable.'
+ echo 'ex: untilport google.de 80 && echo "google is now reachable"'
+ }
+
+
+ if [ $# -ne 2 ]; then
+ usage
+ else
+ until ${pkgs.netcat-openbsd}/bin/nc -z "$@"; do sleep 1; done
+ fi
+''
diff --git a/lass/5pkgs/urban/default.nix b/lass/5pkgs/urban/default.nix
new file mode 100644
index 000000000..fb8adaed9
--- /dev/null
+++ b/lass/5pkgs/urban/default.nix
@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+
+pkgs.writeScriptBin "urban" ''
+ #!/bin/sh
+ set -euf
+ term=$1
+ curl -LsS 'http://www.urbandictionary.com/define.php?term='"$term" \
+ | sed 's/<\/\?a\>[^>]*>//g' \
+ | sed 's/<\([^>]*\)>/\n<\1\n/g' \
+ | grep . \
+ | sed -n '/<div class=.meaning./,/<\/div/p' \
+ | sed 's/<div class=.meaning./-----/' \
+ | grep -v '^</div\>' \
+ | grep -v '^<br\>' \
+ | sed '
+ s/&quot;/"/g
+ s/&#39;/'\'''/g
+ s/&gt;/>/g
+ s/&lt;/>/g
+ '
+''
diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs
index 503df3be7..d7c66bf4d 100644
--- a/lass/5pkgs/xmonad-lass/Main.hs
+++ b/lass/5pkgs/xmonad-lass/Main.hs
@@ -5,56 +5,37 @@
module Main where
+import XMonad
+import qualified XMonad.StackSet as W
import Control.Exception
-import Text.Read (readEither)
-import XMonad
+import Data.List (isInfixOf)
+import System.Environment (getArgs, withArgs, getEnv)
import System.IO (hPutStrLn, stderr)
-import System.Environment (getArgs, withArgs, getEnv, getEnvironment)
-import System.Posix.Process (executeFile)
-import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
- , removeEmptyWorkspace)
-import XMonad.Actions.GridSelect
+import Text.Read (readEither)
+import XMonad.Actions.CopyWindow (copy, kill1)
import XMonad.Actions.CycleWS (toggleWS)
---import XMonad.Actions.CopyWindow ( copy )
-import XMonad.Layout.NoBorders ( smartBorders )
-import qualified XMonad.StackSet as W
-import Data.Map (Map)
-import qualified Data.Map as Map
--- TODO import XMonad.Layout.WorkspaceDir
+import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
+import XMonad.Actions.DynamicWorkspaces (withWorkspace)
+import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
+import XMonad.Hooks.FloatNext (floatNext)
+import XMonad.Hooks.FloatNext (floatNextHook)
+import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
+import XMonad.Hooks.Place (placeHook, smart)
+import XMonad.Hooks.UrgencyHook (focusUrgent)
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
--- import XMonad.Layout.Tabbed
---import XMonad.Layout.MouseResizableTile
-import XMonad.Layout.Reflect (reflectVert)
import XMonad.Layout.FixedColumn (FixedColumn(..))
-import XMonad.Hooks.Place (placeHook, smart)
-import XMonad.Hooks.FloatNext (floatNextHook)
-import XMonad.Actions.PerWorkspaceKeys (chooseAction)
-import XMonad.Layout.PerWorkspace (onWorkspace)
---import XMonad.Layout.BinarySpacePartition
+import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
+import XMonad.Layout.NoBorders (smartBorders)
+import XMonad.Prompt (autoComplete, searchPredicate, XPConfig)
+import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
+import XMonad.Stockholm.Shutdown (sendShutdownEvent, handleShutdownEvent)
import XMonad.Util.EZConfig (additionalKeysP)
-import XMonad.Prompt (autoComplete, defaultXPConfig, XPConfig, mkXPrompt)
-import XMonad.Hooks.UrgencyHook (focusUrgent, withUrgencyHook, urgencyBorderColor, BorderUrgencyHook(BorderUrgencyHook))
-import XMonad.Actions.DynamicWorkspaces (addWorkspacePrompt, removeEmptyWorkspace, renameWorkspace, withWorkspace)
-import XMonad.Hooks.FloatNext (floatNext, floatNextHook)
-import XMonad.Prompt.Workspace
-import XMonad.Actions.CopyWindow (copy, kill1)
-import qualified Data.Map as M
-import XMonad.Hooks.ManageDocks (avoidStruts, manageDocks, ToggleStruts(ToggleStruts))
-
---import XMonad.Actions.Submap
-import XMonad.Stockholm.Pager
-import XMonad.Stockholm.Rhombus
-import XMonad.Stockholm.Shutdown
-
myTerm :: String
myTerm = "urxvtc"
-myRootTerm :: String
-myRootTerm = "urxvtc -name root-urxvt -e su -"
-
myFont :: String
myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
@@ -67,18 +48,12 @@ mainNoArgs :: IO ()
mainNoArgs = do
workspaces0 <- getWorkspaces0
xmonad'
- -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
- -- urgencyConfig { remindWhen = Every 1 }
- -- $ withUrgencyHook borderUrgencyHook "magenta"
- -- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never }
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def
{ terminal = myTerm
, modMask = mod4Mask
, workspaces = workspaces0
, layoutHook = smartBorders $ myLayoutHook
- -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
- --, handleEventHook = handleTimerEvent
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
, startupHook = spawn "echo emit XMonadStartup"
, normalBorderColor = "#1c1c1c"
@@ -88,7 +63,7 @@ mainNoArgs = do
myLayoutHook = defLayout
where
- defLayout = (avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1
+ defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1)
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
@@ -96,7 +71,7 @@ xmonad' conf = do
path <- getEnv "XMONAD_STATE"
try (readFile path) >>= \case
Right content -> do
- hPutStrLn stderr ("resuming from " ++ path)
+ hPutStrLn stderr ("resuming from " ++ path ++ "; state = " ++ show content)
withArgs ("--resume" : lines content) (xmonad conf)
Left e -> do
hPutStrLn stderr (displaySomeException e)
@@ -118,19 +93,21 @@ displaySomeException :: SomeException -> String
displaySomeException = displayException
+myKeyMap :: [([Char], X ())]
myKeyMap =
- [ ("M4-<F11>", spawn "/var/setuid-wrappers/slock")
+ [ ("M4-<F11>", spawn "i3lock -i /var/lib/wallpaper/wallpaper -f")
, ("M4-p", spawn "passmenu --type")
- --, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"")
, ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
, ("<XF86AudioLowerVolume>", spawn "pactl -- set-sink-volume 0 -4%")
, ("<XF86AudioMute>", spawn "pactl -- set-sink-mute 0 toggle")
, ("<XF86AudioMicMute>", spawn "pactl -- set-source-mute 1 toggle")
- , ("<XF86Launch1>", gridselectWorkspace myWSConfig W.view)
+ , ("<XF86Launch1>", gridselectWorkspace gridConfig W.view)
+ , ("<XF86MonBrightnessUp>", spawn "xbacklight -steps 1 -time 1 -inc 3")
+ , ("<XF86MonBrightnessDown>", spawn "xbacklight -steps 1 -time 1 -dec 3")
, ("M4-a", focusUrgent)
- , ("M4-S-r", renameWorkspace defaultXPConfig)
- , ("M4-S-a", addWorkspacePrompt defaultXPConfig)
+ , ("M4-S-r", renameWorkspace def)
+ , ("M4-S-a", addWorkspacePrompt def)
, ("M4-S-<Backspace>", removeEmptyWorkspace)
, ("M4-S-c", kill1)
, ("M4-<Esc>", toggleWS)
@@ -139,66 +116,34 @@ myKeyMap =
, ("M4-f", floatNext True)
, ("M4-b", sendMessage ToggleStruts)
- , ("M4-v", withWorkspace myXPConfig (windows . W.view))
- , ("M4-S-v", withWorkspace myXPConfig (windows . W.shift))
- , ("M4-C-v", withWorkspace myXPConfig (windows . copy))
+ , ("M4-v", withWorkspace autoXPConfig (windows . W.view))
+ , ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift))
+ , ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
+
+ , ("M4-m", withFocused minimizeWindow)
+ , ("M4-S-m", sendMessage RestoreNextMinimizedWin)
- -- , (_4 , xK_q ) & \k -> (k, goToSelected myCNConfig { gs_navigate = makeGSNav k } )
- -- , (_4S, xK_q ) & \k -> (k, bringSelected myCNConfig { gs_navigate = makeGSNav k } )
- -- , (_4C, xK_q ) & \k -> (k, withSelectedWindow ( \a -> get >>= \s -> put s { windowset = copyWindow a (W.tag $ W.workspace $ W.current $ windowset s) (windowset s) } ) myCNConfig { gs_navigate = makeGSNav k } )
+ , ("M4-q", windowPromptGoto infixAutoXPConfig)
+ , ("M4-C-q", windowPromptBringCopy infixAutoXPConfig)
- --, ("M4-<F1>", perWorkspaceAction workspaceConfigs)
, ("M4-S-q", return ())
]
-myGSConfig = defaultGSConfig
- { gs_cellheight = 50
- , gs_cellpadding = 2
- , gs_navigate = navNSearch
- , gs_font = myFont
- }
-
-myXPConfig :: XPConfig
-myXPConfig = defaultXPConfig
+autoXPConfig :: XPConfig
+autoXPConfig = def
{ autoComplete = Just 5000
}
-myWSConfig = myGSConfig
- { gs_cellwidth = 50
+infixAutoXPConfig :: XPConfig
+infixAutoXPConfig = autoXPConfig
+ { searchPredicate = isInfixOf
}
-pagerConfig :: PagerConfig
-pagerConfig = def
- { pc_font = myFont
- , pc_cellwidth = 64
- --, pc_cellheight = 36 -- TODO automatically keep screen aspect
- --, pc_borderwidth = 1
- --, pc_matchcolor = "#f0b000"
- , pc_matchmethod = MatchPrefix
- --, pc_colors = pagerWorkspaceColors
- , pc_windowColors = windowColors
- }
- where
- windowColors _ _ _ True _ = ("#ef4242","#ff2323")
- windowColors wsf m c u wf = do
- let y = defaultWindowColors wsf m c u wf
- if m == False && wf == True
- then ("#402020", snd y)
- else y
-
-wGSConfig :: GSConfig Window
-wGSConfig = def
- { gs_cellheight = 20
- , gs_cellwidth = 192
- , gs_cellpadding = 5
- , gs_font = myFont
+gridConfig :: GSConfig WorkspaceId
+gridConfig = def
+ { gs_cellwidth = 100
+ , gs_cellheight = 30
+ , gs_cellpadding = 2
, gs_navigate = navNSearch
+ , gs_font = myFont
}
-
-
-(&) :: a -> (a -> c) -> c
-(&) = flip ($)
-
-allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
-allWorkspaceNames ws =
- return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]
diff --git a/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs b/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs
deleted file mode 100644
index bba7c8c60..000000000
--- a/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs
+++ /dev/null
@@ -1,52 +0,0 @@
-module Util.PerWorkspaceConfig
- ( WorkspaceConfig (..)
- , WorkspaceConfigs
- , switchToWorkspace
- , defaultWorkspaceConfig
- , perWorkspaceAction
- , perWorkspaceTermAction
--- , myLayoutHack
- )
-where
-
-import XMonad
-import XMonad.Core (LayoutClass)
-import Control.Monad (when)
-
-import qualified Data.Map as M
-import qualified XMonad.StackSet as W
-
-data WorkspaceConfig l =
- WorkspaceConfig
- { switchAction :: X ()
- , startAction :: X ()
- , keyAction :: X ()
- , termAction :: X ()
- }
-
-type WorkspaceConfigs l = M.Map WorkspaceId (WorkspaceConfig l)
-
-defaultWorkspaceConfig = WorkspaceConfig
- { switchAction = return ()
- , startAction = return ()
- , keyAction = return ()
- , termAction = spawn "urxvtc"
- }
-
-whenLookup wsId cfg a =
- when (M.member wsId cfg) (a $ cfg M.! wsId)
-
-switchToWorkspace :: WorkspaceConfigs l -> WorkspaceId -> X ()
-switchToWorkspace cfg wsId = do
- windows $ W.greedyView wsId
- wins <- gets (W.integrate' . W.stack . W.workspace . W.current . windowset)
- when (null wins) $ whenLookup wsId cfg startAction
- whenLookup wsId cfg switchAction
-
-perWorkspaceAction :: WorkspaceConfigs l -> X ()
-perWorkspaceAction cfg = withWindowSet $ \s -> whenLookup (W.currentTag s) cfg keyAction
-
-perWorkspaceTermAction :: WorkspaceConfigs l -> X ()
-perWorkspaceTermAction cfg = withWindowSet $ \s -> case M.lookup (W.currentTag s) cfg of
- Just x -> termAction x
- _ -> termAction defaultWorkspaceConfig
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 7bac4398c..17b2b5093 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -41,6 +41,8 @@ in {
];
};
+ makefu.taskserver.enable = true;
+
krebs.nginx.servers.cgit = {
server-names = [ "cgit.euer.krebsco.de" ];
listen = [ "${external-ip}:80" "${internal-ip}:80" ];
@@ -86,6 +88,8 @@ in {
21032
# tinc-retiolum
21031
+ # taskserver
+ 53589
];
allowedUDPPorts = [
# tinc
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 88c187758..fa39b121c 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -26,6 +26,7 @@
# services
../2configs/git/brain-retiolum.nix
../2configs/tor.nix
+ ../2configs/steam.nix
# ../2configs/buildbot-standalone.nix
# hardware specifics are in here
@@ -35,23 +36,36 @@
# ../2configs/mediawiki.nix
#../2configs/wordpress.nix
../2configs/nginx/public_html.nix
+
+ # temporary modules
+ # ../2configs/temp/share-samba.nix
+ # ../2configs/temp/elkstack.nix
+ # ../2configs/temp/sabnzbd.nix
];
+
krebs.nginx = {
default404 = false;
servers.default.listen = [ "80 default_server" ];
servers.default.server-names = [ "_" ];
};
- krebs.retiolum.enable = true;
- # steam
- hardware.opengl.driSupport32Bit = true;
- hardware.pulseaudio.support32Bit = true;
+
+ environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ];
+
+ virtualisation.docker.enable = true;
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
- networking.firewall.allowedTCPPorts = [
- 25
- 80
- ];
+ networking.firewall.allowedTCPPorts = [ 80 ];
+ networking.firewall.allowedUDPPorts = [ 665 ];
krebs.build.host = config.krebs.hosts.pornocauster;
+
+ krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11";
+ krebs.retiolum = {
+ enable = true;
+ connectTo = [ "omo" "gum" "prism" ];
+ };
+ networking.extraHosts = ''
+ 192.168.1.11 omo.local
+ '';
}
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 5e2382f37..8b71b1393 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -1,9 +1,7 @@
-#
-#
-#
{ lib, config, pkgs, ... }:
{
krebs.build.host = config.krebs.hosts.vbob;
+ makefu.awesome.modkey = "Mod1";
imports =
[ # Include the results of the hardware scan.
../.
@@ -19,6 +17,10 @@
device ="/dev/disk/by-label/nixstore";
fsType = "ext4";
};
+ fileSystems."/var/lib/docker" = {
+ device ="/dev/disk/by-label/nix-docker";
+ fsType = "ext4";
+ };
#makefu.buildbot.master.enable = true;
# allow vbob to deploy self
users.extraUsers = {
@@ -28,11 +30,14 @@
};
environment.systemPackages = with pkgs;[
fortclientsslvpn
- buildbot
- buildbot-slave
get
logstash
+ docker
+ devpi-web
+ devpi-client
];
+ # virtualisation.docker.enable = true;
+
networking.firewall.allowedTCPPorts = [
25
@@ -42,18 +47,21 @@
krebs.retiolum = {
enable = true;
- extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000";
connectTo = [
+ "omo"
"gum"
];
};
- networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000";
+ networking.extraHosts = ''
+ 172.17.20.190 gitlab
+ 172.17.62.27 svbittool01 tool
+ '';
+
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
- options = "rw,uid=9001,gid=9001";
+ options = [ "rw" "uid=9001" "gid=9001" ];
};
}
-
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index b807957ba..f7d6991c5 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -14,7 +14,6 @@
with config.krebs.lib;
let
mainUser = config.krebs.build.user.name;
- awesomecfg = pkgs.awesomecfg.full;
in
{
imports = [ ];
@@ -36,14 +35,7 @@ in
};
# lid switch is handled via button presses
services.logind.extraConfig = mkDefault "HandleLidSwitch=ignore";
- nixpkgs.config.packageOverrides = pkgs: rec {
- awesome = pkgs.stdenv.lib.overrideDerivation pkgs.awesome (oldAttrs : {
- postFixup = ''
- cp ${awesomecfg} $out/etc/xdg/awesome/rc.lua
- '';
- });
- };
-
+ makefu.awesome.enable = true;
i18n.consoleFont = "Lat2-Terminus16";
fonts = {
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 20faf7896..62daed8be 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -22,7 +22,7 @@ with config.krebs.lib;
source = mapAttrs (_: mkDefault) {
nixpkgs = {
url = https://github.com/nixos/nixpkgs;
- rev = "40c586b7ce2c559374df435f46d673baf711c543"; # unstable @ 2016-02-27, tested on wry
+ rev = "63b9785"; # stable @ 2016-06-01
};
secrets = "/home/makefu/secrets/${config.krebs.build.host.name}/";
stockholm = "/home/makefu/stockholm";
@@ -75,7 +75,7 @@ with config.krebs.lib;
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
-
+ nix.nixPath = [ "/var/src" ];
environment.variables = {
NIX_PATH = mkForce "/var/src";
EDITOR = mkForce "vim";
@@ -126,6 +126,7 @@ with config.krebs.lib;
nixpkgs.config.packageOverrides = pkgs: {
nano = pkgs.runCommand "empty" {} "mkdir -p $out";
tinc = pkgs.tinc_pre;
+ gnupg1compat = super.gnupg1compat.override { gnupg = self.gnupg21; };
};
services.cron.enable = false;
@@ -138,6 +139,9 @@ with config.krebs.lib;
"time.apple.com"
"time.nist.gov"
];
+ nix.extraOptions = ''
+ auto-optimise-store = true
+ '';
security.setuidPrograms = [ "sendmail" ];
services.journald.extraConfig = ''
diff --git a/makefu/2configs/exim-retiolum.nix b/makefu/2configs/exim-retiolum.nix
index 34943f593..910066e0a 100644
--- a/makefu/2configs/exim-retiolum.nix
+++ b/makefu/2configs/exim-retiolum.nix
@@ -2,9 +2,10 @@
with config.krebs.lib;
{
+ networking.firewall.allowedTCPPorts = [ 25 ];
+
krebs.exim-retiolum.enable = true;
environment.systemPackages = with pkgs; [
msmtp
];
-
}
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 0b69dbcaf..44d759488 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -15,6 +15,9 @@ let
tinc_graphs = {
desc = "Tinc Advanced Graph Generation";
};
+ stockholm-init = {
+ desc = "Build new Stockholm hosts";
+ };
cac-api = { };
init-stockholm = {
desc = "Init stuff for stockholm";
diff --git a/makefu/2configs/hw/tp-x220.nix b/makefu/2configs/hw/tp-x220.nix
index 0a471bde0..be3d1eb70 100644
--- a/makefu/2configs/hw/tp-x220.nix
+++ b/makefu/2configs/hw/tp-x220.nix
@@ -4,8 +4,10 @@ with config.krebs.lib;
{
imports = [ ./tp-x2x0.nix ];
-
- boot.kernelModules = [ "kvm-intel" ];
+ boot = {
+ kernelModules = [ "kvm-intel" "acpi_call" ];
+ extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+ };
services.xserver = {
videoDriver = "intel";
@@ -15,6 +17,8 @@ with config.krebs.lib;
'';
};
+ security.rngd.enable = true;
+
services.xserver.displayManager.sessionCommands =''
xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1
xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2
diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix
index c943e3d9a..7e9842e14 100644
--- a/makefu/2configs/omo-share.nix
+++ b/makefu/2configs/omo-share.nix
@@ -13,6 +13,16 @@ in {
omo-share = {
listen = [ "${local-ip}:80" ];
locations = singleton (nameValuePair "/" ''
+
+ access_log off;
+ # sendfile off;
+ # tcp_nopush on;
+ # aio on;
+ sendfile on;
+ sendfile_max_chunk 512k;
+ directio 512;
+ aio threads;
+ mp4;
autoindex on;
root /media;
limit_rate_after 100m;
@@ -24,7 +34,6 @@ in {
keepalive_timeout 65;
keepalive_requests 200;
reset_timedout_connection on;
- sendfile on;
tcp_nopush on;
gzip off;
'');
@@ -48,7 +57,6 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
-
emu = {
path = "/media/crypt1/emu";
"read only" = "yes";
@@ -61,6 +69,20 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
+ crypt0-rw = {
+ path = "/media/crypt0/";
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "no";
+ "valid users" = "makefu";
+ };
+ crypt1-rw = {
+ path = "/media/crypt1/";
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "no";
+ "valid users" = "makefu";
+ };
};
extraConfig = ''
guest account = smbguest
diff --git a/makefu/2configs/steam.nix b/makefu/2configs/steam.nix
new file mode 100644
index 000000000..d4ec84abf
--- /dev/null
+++ b/makefu/2configs/steam.nix
@@ -0,0 +1,6 @@
+{pkgs, ...}:
+{
+ environment.systemPackages = [ pkgs.steam ];
+ hardware.opengl.driSupport32Bit = true;
+ hardware.pulseaudio.support32Bit = true;
+}
diff --git a/makefu/2configs/temp-share-samba.nix b/makefu/2configs/temp-share-samba.nix
new file mode 100644
index 000000000..5f21e3bf7
--- /dev/null
+++ b/makefu/2configs/temp-share-samba.nix
@@ -0,0 +1,28 @@
+{config, ... }:{
+ users.users.smbguest = {
+ name = "smbguest";
+ uid = config.ids.uids.smbguest;
+ description = "smb guest user";
+ home = "/var/empty";
+ };
+ services.samba = {
+ enable = true;
+ shares = {
+ share-home = {
+ path = "/home/share/";
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ };
+ extraConfig = ''
+ guest account = smbguest
+ map to guest = bad user
+ # disable printing
+ load printers = no
+ printing = bsd
+ printcap name = /dev/null
+ disable spoolss = yes
+ '';
+ };
+}
diff --git a/makefu/3modules/awesome-extra.nix b/makefu/3modules/awesome-extra.nix
new file mode 100644
index 000000000..b12556486
--- /dev/null
+++ b/makefu/3modules/awesome-extra.nix
@@ -0,0 +1,40 @@
+{config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+ cfg = config.makefu.awesome;
+ out = {
+ options.makefu.awesome = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+ api = {
+ enable = mkEnableOption "awesome custom config";
+ modkey = mkOption {
+ type = types.str;
+ description = "Modkey to be used";
+ default = "Mod4";
+ };
+ baseConfig = mkOption {
+ type = types.path;
+ description = ''
+ rc.lua file to be used as default
+ This module will use substituteAll to replace strings before writing to
+ /etc/xdg/awesome/rc.lua
+ '';
+ default = pkgs.awesomecfg.full;
+ };
+ };
+ imp = {
+ # TODO: configure display manager as well
+ nixpkgs.config.packageOverrides = pkgs: rec {
+ awesome = pkgs.stdenv.lib.overrideDerivation pkgs.awesome (oldAttrs : {
+ postFixup = let
+ rclua = pkgs.substituteAll {
+ src = cfg.baseConfig;
+ inherit (cfg) modkey;
+ };
+ in "cp ${rclua} $out/etc/xdg/awesome/rc.lua";
+ });
+ };
+ };
+in out
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index f007a8418..853bdca04 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -4,6 +4,8 @@ _:
imports = [
./snapraid.nix
./umts.nix
+ ./taskserver.nix
+ ./awesome-extra.nix
];
}
diff --git a/makefu/3modules/taskserver.nix b/makefu/3modules/taskserver.nix
new file mode 100644
index 000000000..41247fff3
--- /dev/null
+++ b/makefu/3modules/taskserver.nix
@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+ cfg = config.makefu.taskserver;
+
+ out = {
+ options.makefu.taskserver = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "taskserver";
+
+ workingDir = mkOption {
+ type = types.str;
+ default = "/var/lib/taskserver";
+ };
+
+ package = mkOption {
+ type = types.package;
+ default = pkgs.taskserver;
+ };
+
+
+ };
+
+ imp = {
+ environment.systemPackages = [ cfg.package ];
+ systemd.services.taskserver = {
+ description = "taskd server";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ restartIfChanged = true;
+ unitConfig = {
+ Documentation = "http://taskwarrior.org/docs/#taskd" ;
+ # https://taskwarrior.org/docs/taskserver/configure.html
+ ConditionPathExists = "${cfg.workingDir}/config";
+ };
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}";
+ WorkingDirectory = cfg.workingDir;
+ PrivateTmp = true;
+ InaccessibleDirectories = "/home /boot /opt /mnt /media";
+ User = "taskd";
+ };
+ };
+
+ users.users.taskd = {
+ uid = genid "taskd";
+ home = cfg.workingDir;
+ createHome = true;
+ };
+ users.groups.taskd.gid = genid "taskd";
+ };
+
+in
+out
+
diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg
index c1b58aa90..f42aea003 100644
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@@ -83,13 +83,11 @@ vicious.register(batwidget, vicious.widgets.bat, "$2%", 61, "BAT0")
-- {{{ Variable definitions
-- Themes define colours, icons, and wallpapers
-- beautiful.init("/usr/share/awesome/themes/default/theme.lua")
--- ./qbx8r72yzaxpz41zq00902zwajl31b5h-awesome-3.5.6/share/awesome/lib/beautiful.lua
---
--- Find the default theme
---
--- beautiful.init("/nix/store/qbx8r72yzaxpz41zq00902zwajl31b5h-awesome-3.5.6/share/awesome/themes/default/theme.lua")
+-- @awesome@/share/awesome/lib/beautiful.lua
+-- beautiful.init("@awesome@/share/awesome/themes/default/theme.lua")
+-- Find the default theme
function find_default_theme()
-- find the default lua theme in the package path
for path in package.path:gmatch('([^;]+);') do
@@ -115,7 +113,7 @@ browser = "firefox"
-- If you do not like this or do not have such a key,
-- I suggest you to remap Mod4 to another key using xmodmap or other tools.
-- However, you can use another modifier like Mod1, but it may interact with others.
-modkey = "Mod4"
+modkey = "@modkey@"
-- Table of layouts to cover with awful.layout.inc, order matters.
local layouts =
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 8caab433e..6d227fa6d 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -9,8 +9,11 @@ in
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
awesomecfg = callPackage ./awesomecfg {};
- nodemcu-uploader = callPackage ./nodemcu-uploader {};
mycube-flask = callPackage ./mycube-flask {};
+ nodemcu-uploader = callPackage ./nodemcu-uploader {};
tw-upload-plugin = callPackage ./tw-upload-plugin {};
+ inherit (callPackage ./devpi {}) devpi-web devpi-server;
+ skytraq-logger = callPackage ./skytraq-logger/ {};
+ taskserver = callPackage ./taskserver {};
};
}
diff --git a/makefu/5pkgs/devpi/default.nix b/makefu/5pkgs/devpi/default.nix
new file mode 100644
index 000000000..0df8ecd2c
--- /dev/null
+++ b/makefu/5pkgs/devpi/default.nix
@@ -0,0 +1,70 @@
+{ pkgs ? import <nixpkgs> {} }:
+with pkgs.stdenv.lib;
+let
+ execnet14 = pkgs.python3Packages.buildPythonPackage rec {
+ name = "execnet-1.4.1";
+
+ src = pkgs.fetchurl {
+ url = "https://pypi.python.org/packages/source/e/execnet/${name}.tar.gz";
+ sha256 = "1rpk1vyclhg911p3hql0m0nrpq7q7mysxnaaw6vs29cpa6kx8vgn";
+ };
+
+ propagatedBuildInputs = with pkgs.python3Packages;
+ [ setuptools_scm apipkg ];
+ meta = {
+ description = "rapid multi-Python deployment";
+ license = licenses.gpl2;
+ };
+ };
+
+ devpi-web = pkgs.python3Packages.buildPythonPackage rec {
+ name = "devpi-web";
+ version = "3.0.0";
+
+ src = pkgs.fetchurl {
+ url = "https://pypi.python.org/packages/source/d/devpi-web/devpi-web-${version}.tar.gz";
+ sha256 = "156abxyhj17a8cg38hpyr31qkjb61mb2kggsxij4p4xvy9jwkbwi";
+ };
+
+ propagatedBuildInputs = with pkgs.python3Packages;
+ [ devpi-server pyramid_chameleon beautifulsoup4 Whoosh defusedxml ];
+
+ meta = {
+ homepage = https://bitbucket.org/hpk42/devpi;
+ description = "a web view for devpi-server";
+ license = licenses.mit;
+ maintainers = with maintainers; [ makefu ];
+ };
+ };
+ devpi-server = pkgs.python3Packages.buildPythonPackage rec {
+ name = "devpi-server";
+ version = "3.0.2";
+
+ # original postFixup adds "import sys; sys.argv[0] = 'devpi-server'" to
+ # `.devpi-server-wrapped` which
+ # results in "not existing devpi-server: 'devpi-server'"
+ postFixup = "";
+
+ src = pkgs.fetchurl {
+ url = "https://pypi.python.org/packages/source/d/devpi-server/devpi-server-${version}.tar.gz";
+ sha256 = "14r1024i3x2pb72khyzvi56sh9smpdswmrbc88xvjxnalmzfn99d";
+ };
+
+ propagatedBuildInputs = with pkgs.python3Packages;
+ [ devpi-common execnet14 itsdangerous pluggy waitress pyramid ];
+ buildInputs = with pkgs.python3Packages; [ pytest beautifulsoup4 webtest ];
+
+ meta = {
+ homepage = https://bitbucket.org/hpk42/devpi;
+ description = "Devpi Server";
+ license = licenses.mit;
+ maintainers = with maintainers; [ makefu ];
+ };
+ };
+
+in {
+ inherit devpi-server;
+ devpi-web = pkgs.python3.buildEnv.override {
+ extraLibs = [ devpi-web devpi-server ];
+ };
+}
diff --git a/makefu/5pkgs/skytraq-logger/default.nix b/makefu/5pkgs/skytraq-logger/default.nix
new file mode 100644
index 000000000..1ad81594a
--- /dev/null
+++ b/makefu/5pkgs/skytraq-logger/default.nix
@@ -0,0 +1,31 @@
+{ stdenv, lib, pkgs, fetchFromGitHub, ... }:
+stdenv.mkDerivation rec {
+ name = "skytraq-datalogger-${version}";
+ version = "4966a8";
+ src = fetchFromGitHub {
+ owner = "makefu";
+ repo = "skytraq-datalogger";
+ rev = version ;
+ sha256 = "1qaszrs7638kc9x4qq4m1yxqmk8jw7wajywvdk4wc2i007p89v3y";
+ };
+ buildFlags = "CC=gcc";
+ makeFlags = "PREFIX=bin/ DESTDIR=$(out)";
+
+ preInstall = ''
+ mkdir -p $out/bin
+ '';
+ #patchPhase = ''
+ # sed -i -e 's#/usr/bin/gcc#gcc#' -e Makefile
+ #'';
+
+ buildInputs = with pkgs;[
+ curl
+ gnugrep
+ ];
+
+ meta = {
+ homepage = http://github.com/makefu/skytraq-datalogger;
+ description = "datalogger for skytraq";
+ license = lib.licenses.gpl2;
+ };
+}
diff --git a/makefu/5pkgs/taskserver/default.nix b/makefu/5pkgs/taskserver/default.nix
new file mode 100644
index 000000000..a1502b4d6
--- /dev/null
+++ b/makefu/5pkgs/taskserver/default.nix
@@ -0,0 +1,43 @@
+{ stdenv, fetchurl, cmake, libuuid, gnutls, makeWrapper }:
+
+stdenv.mkDerivation rec {
+ name = "taskserver-${version}";
+ version = "1.1.0";
+
+ enableParallelBuilding = true;
+
+ src = fetchurl {
+ url = "http://www.taskwarrior.org/download/taskd-${version}.tar.gz";
+ sha256 = "1d110q9vw8g5syzihxymik7hd27z1592wkpz55kya6lphzk8i13v";
+ };
+
+ patchPhase = ''
+ pkipath=$out/share/taskd/pki
+ mkdir -p $pkipath
+ cp -r pki/* $pkipath
+ echo "patching paths in pki/generate"
+ sed -i "s#^\.#$pkipath#" $pkipath/generate
+ for f in $pkipath/generate* ;do
+ i=$(basename $f)
+ echo patching $i
+ sed -i \
+ -e 's/which/type -p/g' \
+ -e 's#^\. ./vars#if test -e ./vars;then . ./vars; else echo "cannot find ./vars - copy the template from '$pkipath'/vars into the working directory";exit 1; fi#' $f
+
+ echo wrapping $i
+ makeWrapper $pkipath/$i $out/bin/taskd-pki-$i \
+ --prefix PATH : ${gnutls}/bin/
+ done
+ '';
+
+ buildInputs = [ makeWrapper ];
+ nativeBuildInputs = [ cmake libuuid gnutls ];
+
+ meta = {
+ description = "Server for synchronising Taskwarrior clients";
+ homepage = http://taskwarrior.org;
+ license = stdenv.lib.licenses.mit;
+ platforms = stdenv.lib.platforms.linux;
+ maintainers = with stdenv.lib.maintainers; [ matthiasbeyer makefu ];
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 18:46:00 +0000
[cgit] Unable to lock slot /tmp/cgit/f6200000.lock: No such file or directory (2)