diff options
49 files changed, 832 insertions, 419 deletions
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 9e5f8c52e..9c491c8a1 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -8,6 +8,7 @@ imports = [ # Include the results of the hardware scan. <stockholm/jeschli> + <stockholm/jeschli/2configs/virtualbox.nix> ./hardware-configuration.nix # ./dcso-vpn.nix ]; diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix new file mode 100644 index 000000000..83640801f --- /dev/null +++ b/jeschli/1systems/bolide/config.nix @@ -0,0 +1,142 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + <stockholm/jeschli> + <stockholm/jeschli/2configs/urxvt.nix> + ]; + + krebs.build.host = config.krebs.hosts.bolide; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sdb"; # or "nodev" for efi only + boot.initrd.luks.devices = [ { + name = "bla"; + device = "/dev/disk/by-uuid/53f1eeaf-a7ac-456c-a2af-778dd8b8d5b0"; + preLVM = true; + allowDiscards = true; + } ]; +# networking.hostName = "bolide"; # Define your hostname. + networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + environment.shellAliases = { + n = "nix-shell"; + stocki = pkgs.writeDash "deploy" '' + cd ~/stockholm + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bolide"' + ''; + }; + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ + wget vim + # system helper + ag + curl + copyq + dmenu + git + i3lock + keepass + networkmanagerapplet + rsync + terminator + tmux + wget + # rxvt_unicode + # editors + emacs + # internet + thunderbird + chromium + google-chrome + # programming languages + go + gcc + ghc + python35 + python35Packages.pip + # go tools + golint + gotools + # dev tools + elmPackages.elm + gnumake + jetbrains.pycharm-professional + jetbrains.webstorm + jetbrains.goland + # document viewer + zathura + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.bash.enableCompletion = true; + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + services.xserver.displayManager.sddm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.xmonad.enableContribAndExtras = true; + # Enable touchpad support. + # services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + # services.xserver.displayManager.sddm.enable = true; + # services.xserver.desktopManager.plasma5.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.jeschli = { + isNormalUser = true; + uid = 1000; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "17.09"; # Did you read the comment? + +} + diff --git a/jeschli/1systems/bolide/hardware-configuration.nix b/jeschli/1systems/bolide/hardware-configuration.nix new file mode 100644 index 000000000..183b29e42 --- /dev/null +++ b/jeschli/1systems/bolide/hardware-configuration.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" "wl" ]; + boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; + + fileSystems."/" = + { device = "/dev/bolide-pool/bolide-root"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/bolide-pool/bolide-home"; + fsType = "ext4"; + }; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3aeb67c4-5b6e-4df2-8013-607fe0fb8525"; + fsType = "ext4"; + }; + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 8; + powerManagement.cpuFreqGovernor = "powersave"; +} diff --git a/jeschli/1systems/bolide/source.nix b/jeschli/1systems/bolide/source.nix new file mode 100644 index 000000000..0bd7af50f --- /dev/null +++ b/jeschli/1systems/bolide/source.nix @@ -0,0 +1,4 @@ +import <stockholm/jeschli/source.nix> { + name = "bolide"; + secure = true; +} diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 2dec45795..e4109c638 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -35,6 +35,13 @@ time.timeZone = "Europe/Amsterdam"; nixpkgs.config.allowUnfree = true; # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget + environment.shellAliases = { + n = "nix-shell"; + stocki = pkgs.writeDash "deploy" '' + cd ~/stockholm + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="brauerei"' + ''; + }; environment.systemPackages = with pkgs; [ # system helper ag diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix index 010089017..76e718699 100644 --- a/jeschli/1systems/enklave/config.nix +++ b/jeschli/1systems/enklave/config.nix @@ -4,6 +4,7 @@ imports = [ <stockholm/jeschli> <stockholm/jeschli/2configs/retiolum.nix> + <stockholm/jeschli/2configs/IM.nix> <stockholm/jeschli/2configs/os-templates/CentOS-7-64bit.nix> { networking.dhcpcd.allowInterfaces = [ diff --git a/jeschli/2configs/IM.nix b/jeschli/2configs/IM.nix new file mode 100644 index 000000000..171b78242 --- /dev/null +++ b/jeschli/2configs/IM.nix @@ -0,0 +1,56 @@ +with (import <stockholm/lib>); +{ config, lib, pkgs, ... }: +let + tmux = pkgs.writeDashBin "tmux" '' + export TERM=xterm-256color + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' + set-option -g default-terminal screen-256color + ''} "$@" + ''; +in { + + services.bitlbee = { + enable = true; + portNumber = 6666; + plugins = [ + pkgs.bitlbee-facebook + pkgs.bitlbee-steam + pkgs.bitlbee-discord + ]; + libpurple_plugins = [ pkgs.telegram-purple ]; + }; + + users.extraUsers.chat = { + home = "/home/chat"; + uid = genid "chat"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + jeschli.pubkey + jeschli-bln.pubkey + jeschli-brauerei.pubkey + ]; + packages = [ tmux ]; + }; + + + systemd.services.chat = { + description = "chat environment setup"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = false; + + path = [ + pkgs.rxvt_unicode.terminfo + ]; + + serviceConfig = { + User = "chat"; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = "${tmux}/bin/tmux -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; + ExecStop = "${tmux}/bin/tmux kill-session -t IM"; + }; + }; +} diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix index 6d788d283..0ac3708bb 100644 --- a/jeschli/2configs/default.nix +++ b/jeschli/2configs/default.nix @@ -23,6 +23,9 @@ with import <stockholm/lib>; proot populate + # aliases + (writeDashBin "irc" "ssh chat@enklave -t tmux a") + #style most rxvt_unicode.terminfo diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix index 1a2231a86..7721b1d40 100644 --- a/jeschli/2configs/vim.nix +++ b/jeschli/2configs/vim.nix @@ -1,5 +1,6 @@ { config, pkgs, ... }: +with import <stockholm/lib>; let customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { name = "vim-javascript"; @@ -16,72 +17,84 @@ let owner = "mxw"; repo = "vim-jsx"; rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; - sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; }; }; + in { -# { environment.systemPackages = [ (pkgs.vim_configurable.customize { name = "vim"; - - vimrcConfig.customRC = '' - set nocompatible - - :imap jk <Esc> - :vmap v v - :map gr :GoRun<Enter> - :nnoremap <S-TAB> :bnext<CR> - :nnoremap <C-TAB> <c-w><c-w> - :map nf :NERDTreeToggle<CR> - set autowrite - set number - set ruler - set path+=** - set wildmenu - - noremap x "_x - set clipboard=unnamedplus - - let g:jsx_ext_required = 0 - - let g:go_list_type = "quickfix" - let g:go_test_timeout = '10s' - let g:go_fmt_command = "goimports" - let g:go_snippet_case_type = "camelcase" - let g:go_highlight_types = 1 - let g:go_highlight_fields = 1 - let g:go_highlight_functions = 1 - let g:go_highlight_methods = 1 - let g:go_highlight_extra_types = 1 - autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 - let g:rehash256 = 1 - let g:molokai_original = 1 - colorscheme molokai - let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] - let g:go_metalinter_autosave = 1 - " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] - " let g:go_def_mode = 'godef' - " let g:go_decls_includes = "func,type" - - - " Trigger configuration. Do not use <tab> if you use https://github.com/Valloric/YouCompleteMe. - let g:UltiSnipsExpandTrigger="<c-e>" - let g:UltiSnipsJumpForwardTrigger="<c-t>" - let g:UltiSnipsJumpBackwardTrigger="<c-q>" - - " If you want :UltiSnipsEdit to split your window. - let g:UltiSnipsEditSplit="vertical" - - if has('persistent_undo') "check if your vim version supports it - set undofile "turn on the feature - set undodir=$HOME/.vim/undo "directory where the undo files will be stored - endif + vimrcConfig.customRC = let + colorscheme = ''colorscheme molokai''; + setStatements = '' + set autowrite + set clipboard=unnamedplus + set nocompatible + set path+=** + set ruler + set undodir=$HOME/.vim/undo "directory where the undo files will be stored + set undofile "turn on the feature + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set listchars=trail:¶ ''; - + remapStatements = '' + imap jk <Esc> + map gr :GoRun<Enter> " Map gr to execute go run + map nf :NERDTreeToggle<CR> + nnoremap <C-TAB> <c-w><c-w> + nnoremap <S-TAB> :bnext<CR> + noremap x "_x + vmap v v + ''; + settingsForGo = '' + let g:go_decls_includes = "func,type" + let g:go_def_mode = 'godef' + let g:go_fmt_command = "goimports" + let g:go_highlight_extra_types = 1 + let g:go_highlight_fields = 1 + let g:go_highlight_functions = 1 + let g:go_highlight_methods = 1 + let g:go_highlight_types = 1 + let g:go_list_type = "quickfix" + let g:go_metalinter_autosave = 1 + let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] + let g:go_snippet_case_type = "camelcase" + let g:go_test_timeout = '10s' + let g:jsx_ext_required = 0 + let g:molokai_original = 1 + let g:rehash256 = 1 + ''; + settingsForElm = '' + let g:polyglot_disabled = ['elm'] + let g:elm_detailed_complete = 1 + let g:elm_format_autosave = 1 + let g:elm_syntastic_show_warnings = 1 + ''; + in '' + ${colorscheme} + ${remapStatements} + ${setStatements} + ${settingsForElm} + ${settingsForGo} + " I dont know what this line is about + autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 + ''; vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; vimrcConfig.vam.pluginDictionaries = [ - { names = [ "undotree" "molokai" "Syntastic" "ctrlp" "surround" "snipmate" "nerdtree" "easymotion"]; } + { names = [ + "ctrlp" + "easymotion" + "molokai" + "nerdtree" + "snipmate" + "surround" + "Syntastic" + "undotree" + "elm-vim" + ]; + } { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } @@ -89,4 +102,35 @@ in { ]; }) ]; + + # set up the directories up if they are not there. +# Needs to be changed. +# vim = let +# dirs = { +# backupdir = "$HOME/.cache/vim/backup"; +# swapdir = "$HOME/.cache/vim/swap"; +# undodir = "$HOME/.cache/vim/undo"; +# }; +# files = { +# viminfo = "$HOME/.cache/vim/info"; +# }; +# +# mkdirs = let +# dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); +# in assert out != ""; out; +# alldirs = attrValues dirs ++ map dirOf (attrValues files); +# in unique (sort lessThan alldirs); +# in +# pkgs.symlinkJoin { +# name = "vim"; +# paths = [ +# (pkgs.writeDashBin "vim" '' +# set -efu +# (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) +# exec ${pkgs.vim}/bin/vim "$@" +# '') +# pkgs.vim +# ]; +# }; + } diff --git a/jeschli/2configs/virtualbox.nix b/jeschli/2configs/virtualbox.nix new file mode 100644 index 000000000..b2cb851a1 --- /dev/null +++ b/jeschli/2configs/virtualbox.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.markus; + +in { + #services.virtualboxHost.enable = true; + virtualisation.virtualbox.host.enable = true; + + users.extraUsers = { + virtual = { + name = "virtual"; + description = "user for running VirtualBox"; + home = "/home/virtual"; + useDefaultShell = true; + extraGroups = [ "vboxusers" "audio" ]; + createHome = true; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(virtual) NOPASSWD: ALL + ''; +} diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index d2664ef84..67257eacd 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -7,7 +7,6 @@ <stockholm/krebs/2configs/secret-passwords.nix> <stockholm/krebs/2configs/hw/x220.nix> - <stockholm/krebs/2configs/buildbot-krebs.nix> <stockholm/krebs/2configs/stats/puyak-client.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/prism.nix> diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 9d6955e7e..6addb0818 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -2,6 +2,9 @@ let shack-ip = config.krebs.build.host.nets.shack.ip4.addr; influx-host = "127.0.0.1"; + ext-if = "et0"; + external-mac = "52:54:b0:0b:af:fe"; + in { imports = [ @@ -12,7 +15,6 @@ in <stockholm/krebs/2configs/stats/wolf-client.nix> <stockholm/krebs/2configs/graphite.nix> - <stockholm/krebs/2configs/buildbot-krebs.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/prism.nix> @@ -112,7 +114,7 @@ in networking = { firewall.enable = false; firewall.allowedTCPPorts = [ 8088 8086 8083 ]; - interfaces.enp0s3.ip4 = [{ + interfaces."${ext-if}".ip4 = [{ address = shack-ip; prefixLength = 20; }]; @@ -161,6 +163,9 @@ in config.krebs.users.makefu-omo.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" + ''; time.timeZone = "Europe/Berlin"; sound.enable = false; diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix index b75233871..f4c1290c2 100644 --- a/krebs/2configs/go.nix +++ b/krebs/2configs/go.nix @@ -8,6 +8,7 @@ with import <stockholm/lib>; krebs.go = { enable = true; }; + networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; virtualHosts.go = { diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 90a1a111f..3780e0d7d 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -14,7 +14,6 @@ with import <stockholm/lib>; boot = { kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; - extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; kernelParams = [ "acpi_backlight=none" ]; }; diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index c7e882742..ed9bfad29 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -163,6 +163,43 @@ with import <stockholm/lib>; }; }; + bolide = { + nets = { + retiolum = { + ip4.addr = "10.243.27.31"; + ip6.addr = "42::31"; + aliases = [ + "bolide.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEAn9mkcX4WvyClMxiHgpvM7nNFbGuUVIxM71luzhfroTxMxcWBcik+ + m7ensF256uQeUw4+y/d3wVj06ARnJubdGa1zrM54ghLp6dDTULnUhPfgIbCeP+Zz + A9hlZsD+yx9ZkPmSMhaakz5dKVlx9KFy4IrS42uGCquXIZ979loZ0372MxYxmPEY + sIiuZXQcLOiJa5ajJMHS2UEkr4rCvpa/nOJ3AcEl0QbCjX1WALjPZEw9Ogrwergy + tv0d8dkXHB80DZ4sEjA7+BxB/sVrI4YpT9diTqEHNlkhjYjk6x9o0aBAIfJoyFYK + Yo2eb8SYN4qwoNbtXr5JLvT0i6thT2R+jXm9h11NIGS91x4cJc2P7eIZI2J33gsV + VOfcZ4BfJSQSbd1G12EpgzM6UlorNGMqG2DfH3XPbQ0Ez19tNlEUqlbT3dnvVA5y + kpwWDEJrZB3SDvwtHQf9/4j/jXFlMNu4GE1kcwm+a4LvGFne37atY3irv3xZ9ih4 + ygRbKfFFmxTqK3Cl2Vwxf/dsUm/P+hVF5nzROu7v7wkyU90nYp/AnpXywc4rEAVj + M8/7H6OlY59yqElJkSdsMum7HtytpsvvenQWW85Ycz+/Ti3nmYuaILgme2Q6JfA3 + c6aNRv8A31m4GIuacHNGJOi2WfJab076bYw82HnX4bVoft9i2SxjZrXr75euz/4k + jGC4A4YQnrUi4wTBiSc3jm69wb3NXHYoKHjDIwDUUI91vUOKaTO/09RlAYr5EWT3 + nekSaOu9nCrpTR6dq+yc4MktFjHBKPs2ReFKfDHkYzKiNSn5Ei9g3QhpCMF1LE19 + RDvBbFawXtH3M8JHofalwsek44eso0tWA3RzFmiH2WzSLD2UV8a2la9vIfJbMvw3 + LqunwCgC0QWtSTjh+X6H0MBKcGcie5bisKfkXQExx0cnNERDoXpe1E8g5EmJBt2B + 8anRC6thNhpAuMTB8hZy+RP9AsRBxUE9lr9oKDH3JrHRBk1S4LktuNL3Zf8UqnRO + s7hGPzr8nw5yXV61xXFmXwA0snBsNfo83XpuiWJgz2qrz6/EWLZBgnLNyq22udxl + O9EGExulbija5rmrSp1MGi7K2K2qAx06KP3C1TerpSY0BW6ZhX/4MK/WIRihDBG4 + JLg/gxX/4FES2qGmjCkW74TQDHq6B8xFuJQ3y5nD1cZBN4+VDNb1+mQbR06Zn0Sc + pDASYWimJzqxR+s/cr0a8PwoE/RdjwOYlXIOW4tDcK12Am6XRRf87cycG9ueNzhy + RwrvUJ4JMyUA5sbo2sbumAMqiytNZ7ReRVK6S5IiMpysr4/lHb2OQSPhQArDCprg + KXNgncRZsrL9VgVueVmOp45qkAkapeQ8wQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { @@ -176,5 +213,8 @@ with import <stockholm/lib>; jeschli-brauerei = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"; }; + jeschli-bolide = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGnLjnFw3OYJJy/ID9RCWHTtnVcKRfROIj1tJdJZoOWzGMY+kgyCN/WNBg7JJtCW22yU5O3ftSdN851URCBZ6FgYmcvURBxUOKPlyX5EoxUrrnbmtxJM9+OIT3Dt2RWfrqX6aEQ57nwe/qIFKo9UaoedB/FOzsw1f3U5zBxVuWVRQrsnPxkbPWHmPAGB4CvL897tb83uecDexmGZpLe/0dN4768i2nYaSwrNL+HtqZCvkEqEmnfHlmqqXhiuq83q8su/WSXAtDbUVucG3frgOir14YCbrWKf59+MugxhYOEYBqp+KME5+niFGoulg+NBW/HzH6U+DiH4RFBJhCu1Gr jeschli@bolide"; + }; }; } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 37bb31563..1634a62ac 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -458,7 +458,8 @@ with import <stockholm/lib>; external = true; nets = rec { internet = { - ip4.addr = "129.215.90.4"; + # eddie.thalheim.io + ip4.addr = "129.215.197.11"; aliases = [ "eddie.i" ]; }; retiolum = rec { diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 78c1c6ec1..cbc62102c 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -81,6 +81,9 @@ prepare_debian() { } prepare_nixos_iso() { + _which() ( + type -p "$1" + ) mountpoint /mnt type git 2>/dev/null || nix-env -iA nixos.git diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index 518e80d0e..bcfcbf76b 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -123,7 +123,7 @@ rec { script = pkgs.writeDash "lambda-pl" '' if [ "$#" -gt 0 ]; then curl -SsL --max-time 5 "$1" | - perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)(?: - youtube)?\s*<\/title/si' + perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' fi ''; }); diff --git a/krebs/5pkgs/simple/ftb/default.nix b/krebs/5pkgs/simple/ftb/default.nix new file mode 100644 index 000000000..841e2ea00 --- /dev/null +++ b/krebs/5pkgs/simple/ftb/default.nix @@ -0,0 +1,37 @@ +{ stdenv, fetchurl +, jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm +, openjdk +, mesa, openal +, useAlsa ? false, alsaOss ? null }: +with stdenv.lib; + +assert useAlsa -> alsaOss != null; + +stdenv.mkDerivation { + name = "ftb"; + + src = fetchurl { + url = "http://ftb.cursecdn.com/FTB2/launcher/FTB_Launcher.jar"; + sha256 = "0pyh83hhni97ryvz6yy8lyiagjrlx67cwr780s2bja92rxc1sqpj"; + }; + + phases = "installPhase"; + + installPhase = '' + set -x + mkdir -pv $out/bin + cp -v $src $out/ftb.jar + + cat > $out/bin/ftb << EOF + #!${stdenv.shell} + + export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]} + ${if useAlsa then "${alsaOss}/bin/aoss" else "" } \ + ${jre}/bin/java -jar $out/ftb.jar + EOF + + chmod +x $out/bin/ftb + + ${openjdk}/bin/jar xf $out/ftb.jar favicon.png + ''; +} diff --git a/krebs/source.nix b/krebs/source.nix index b952aa2a2..27450c2a3 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -1,22 +1,25 @@ with import <stockholm/lib>; -host@{ name, secure ? false }: let +host@{ name, secure ? false, override ? {} }: let builder = if getEnv "dummy_secrets" == "true" then "buildbot" else "krebs"; _file = <stockholm> + "/krebs/1systems/${name}/source.nix"; in - evalSource (toString _file) { - nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; - secrets = getAttr builder { - buildbot.file = toString <stockholm/krebs/6tests/data/secrets>; - krebs.pass = { - dir = "${getEnv "HOME"}/brain"; - name = "krebs-secrets/${name}"; + evalSource (toString _file) [ + { + nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; + secrets = getAttr builder { + buildbot.file = toString <stockholm/krebs/6tests/data/secrets>; + krebs.pass = { + dir = "${getEnv "HOME"}/brain"; + name = "krebs-secrets/${name}"; + }; }; - }; - stockholm.file = toString <stockholm>; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "0b30c1dd4c638e318957fc6a9198cf2429e38cb5"; # nixos-17.09 @ 2018-01-04 - }; - } + stockholm.file = toString <stockholm>; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + ref = "2062ac5aa2dc0770322272e3d2b647cf431dd893"; # nixos-17.09 @ 2018-02-09 + }; + } + override + ] diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index fc30a3478..f53e93f26 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -131,7 +131,6 @@ with import <stockholm/lib>; services.xserver.displayManager.sessionCommands = '' ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal - ${pkgs.systemd}/bin/systemctl start xresources.service ''; networking.hostName = lib.mkForce "BLN02NB0162"; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c231a0b10..936666a73 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -192,7 +192,7 @@ with import <stockholm/lib>; ''; }; - #nix.package = pkgs.nixUnstable; + nix.package = pkgs.nixUnstable; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" ]; } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 65e8f15a4..5ca024574 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -53,6 +53,7 @@ in { time.timeZone = "Europe/Berlin"; + programs.ssh.agentTimeout = "10m"; programs.ssh.startAgent = true; services.openssh.forwardX11 = true; @@ -106,15 +107,40 @@ in { xlibs.fontschumachermisc ]; - lass.xserver.enable = true; + #lass.xserver.enable = true; services.xserver = { + enable = true; layout = "us"; + display = mkForce 0; xkbModel = "evdev"; xkbVariant = "altgr-intl"; xkbOptions = "caps:backspace"; + displayManager.lightdm.enable = true; + windowManager.default = "xmonad"; + windowManager.session = [{ + name = "xmonad"; + start = '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: + ${pkgs.coreutils}/bin/sleep infinity + ''; + }]; + }; + + systemd.user.services.xmonad = { + wantedBy = [ "graphical-session.target" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + RXVT_SOCKET = "%t/urxvtd-socket"; + XMONAD_DATA_DIR = "/tmp"; + }; + serviceConfig = { + SyslogIdentifier = "xmonad"; + ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; + ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown"; + }; + restartIfChanged = false; }; - services.urxvtd.enable = true; krebs.xresources.enable = true; lass.screenlock.enable = true; } diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index cd10313fc..56c091a6e 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -19,9 +19,9 @@ let ${pkgs.copyq}/bin/copyq config text_wrap true ''; in { - systemd.services.copyq = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; + systemd.user.services.copyq = { + wantedBy = [ "graphical-session.target" ]; + requires = [ "xmonad.service" ]; environment = { DISPLAY = ":${toString config.services.xserver.display}"; }; @@ -35,7 +35,6 @@ in { Restart = "always"; RestartSec = "15s"; StartLimitBurst = 0; - User = "lass"; }; }; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 6cea271c1..50362cda4 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -73,6 +73,10 @@ in { extraGroups = [ "audio" "video" "input" "loot" ]; createHome = true; useDefaultShell = true; + packages = with pkgs; [ + ftb + minecraft + ]; }; }; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 4a2199b39..1fe87c666 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -81,7 +81,7 @@ let server = "irc.r"; verbose = config.krebs.build.host.name == "prism"; # TODO define branches in some kind of option per repo - branches = [ "master" "staging*" ]; + branches = [ "master" ]; }; }; }; @@ -100,7 +100,7 @@ let nick = config.krebs.build.host.name; channel = "#xxx"; server = "irc.r"; - verbose = true; + verbose = false; # TODO define branches in some kind of option per repo branches = [ "master" "staging*" ]; }; diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 962efaf3f..7c58e8c5f 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -1,3 +1,4 @@ +with import <stockholm/lib>; { pkgs, ... }: let @@ -19,6 +20,14 @@ let text/html; ${pkgs.elinks}/bin/elinks -dump ; copiousoutput; ''; + mailboxes = { + wireguard = [ "wireguard@lists.zx2c4" ]; + c-base = [ "c-base.org" ]; + security = [ "seclists.org" "security" "bugtraq" ]; + nix-devel = [ "nix-devel@googlegroups.com" ]; + shack = [ "shackspace.de" ]; + }; + muttrc = pkgs.writeText "muttrc" '' # gpg source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc @@ -72,22 +81,15 @@ let ''} %r |" virtual-mailboxes \ - "Unread" "notmuch://?query=tag:unread"\ - "INBOX" "notmuch://?query=tag:inbox \ - and NOT to:nix-devel\ - and NOT to:shackspace\ - and NOT to:security\ - and NOT to:c-base" \ - "shack" "notmuch://?query=to:shackspace"\ - "c-base" "notmuch://?query=to:c-base"\ - "security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\ - "nix" "notmuch://?query=to:nix-devel"\ - "radio" "notmuch://?query=to:radio or tag:radio"\ - "TODO" "notmuch://?query=tag:TODO"\ - "Starred" "notmuch://?query=tag:*"\ - "Archive" "notmuch://?query=tag:archive"\ - "Sent" "notmuch://?query=tag:sent"\ - "Junk" "notmuch://?query=tag:junk" + "Unread" "notmuch://?query=tag:unread"\ + "INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT to:${f}") (flatten (attrValues mailboxes))}"\ + ${concatMapStringsSep "\n" (i: ''${" "}"${i.name}" "notmuch://?query=${concatMapStringsSep " or " (f: "to:${f}") i.value}"\'') (mapAttrsToList nameValuePair mailboxes)} + "BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT to:${f}") (flatten (attrValues mailboxes))}"\ + "TODO" "notmuch://?query=tag:TODO"\ + "Starred" "notmuch://?query=tag:*"\ + "Archive" "notmuch://?query=tag:archive"\ + "Sent" "notmuch://?query=tag:sent"\ + "Junk" "notmuch://?query=tag:junk" tag-transforms "junk" "k" \ "unread" "u" \ diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 7f531bf3a..a83d51f1d 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -118,6 +118,7 @@ in { if test $(timeLeft) -le $LIMIT; then ${add_random}/bin/add_random fi + ${pkgs.mpc_cli}/bin/mpc play > /dev/null ''; in { description = "radio playlist autoadder"; diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 728c0cc0d..add30fbf1 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -1,5 +1,6 @@ { config, lib, pkgs, ... }: { + environment.systemPackages = [ pkgs.fzf ]; programs.zsh = { enable = true; shellInit = '' @@ -37,6 +38,10 @@ zle -N edit-command-line bindkey "^X^E" edit-command-line + #fzf inclusion + source ${pkgs.fzf}/share/fzf/completion.zsh + source ${pkgs.fzf}/share/fzf/key-bindings.zsh + #completion magic autoload -Uz compinit compinit @@ -52,8 +57,6 @@ sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp"; }}/LS_COLORS) - # export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -' - #beautiful colors alias ls='ls --color' # zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} @@ -69,25 +72,6 @@ alias la='ls -la' #fancy window title magic - case $TERM in - (*xterm* | *rxvt*) - function precmd { - if test -n "$SSH_CLIENT"; then - echo -ne "\033]0;$$ $USER@$HOST $PWD\007" - else - echo -ne "\033]0;$$ $USER@$PWD\007" - fi - } - # This is seen while the shell waits for a command to complete. - function preexec { - if test -n "$SSH_CLIENT"; then - echo -ne "\033]0;$$ $USER@$HOST $PWD $1\007" - else - echo -ne "\033]0;$$ $USER@$PWD $1\007" - fi - } - ;; - esac ''; promptInit = '' # TODO: figure out why we need to set this here @@ -98,27 +82,59 @@ autoload -U promptinit promptinit - error='%(?..%F{red}%?%f )' + p_error='%(?..%F{red}%?%f )' + t_error='%(?..%? )' case $UID in 0) - username='%F{red}root%f ' + p_username='%F{red}root%f' + t_username='root' ;; 1337) - username="" + p_username="" + t_username="" ;; *) - username='%F{blue}%n%f ' + p_username='%F{blue}%n%f' + t_username='%n' ;; esac if test -n "$SSH_CLIENT"; then - PROMPT="$error$username@%F{magenta}%M%f %~ " + p_hostname='@%F{magenta}%M%f ' + t_hostname='@%M ' else - PROMPT="$error$username%~ " + p_hostname="" + t_hostname="" fi + + #check if in nix shell + if test -n "$buildInputs"; then + p_nixshell='%F{green}[s]%f ' + t_nixshell='[s] ' + else + p_nixshell="" + t_nixshell="" + fi + + PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ " + TITLE="$t_error$t_username$t_hostname$t_nixshell%~" + case $TERM in + (*xterm* | *rxvt*) + function precmd { + PROMPT_EVALED="$(print -P $TITLE)" + echo -ne "\033]0;$$ $PROMPT_EVALED\007" + } + # This is seen while the shell waits for a command to complete. + function preexec { + PROMPT_EVALED="$(print -P $TITLE)" + echo -ne "\033]0;$$ $PROMPT_EVALED $1\007" + } + ;; + esac ''; }; - users.users.mainUser.shell = "/run/current-system/sw/bin/zsh"; - users.users.root.shell = "/run/current-system/sw/bin/zsh"; + environment.shellAliases.ns = "nix-shell --command zsh"; + + users.defaultUserShell = "/run/current-system/sw/bin/zsh"; } diff --git a/lass/source.nix b/lass/source.nix index 8ca3fe3c0..e3332c5de 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -8,10 +8,7 @@ in evalSource (toString _file) [ { nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; - nixpkgs.git = { - url = https://github.com/nixos/nixpkgs; - ref = "92d088e"; - }; + nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs; secrets = getAttr builder { buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>; lass.pass = { diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index f473d9e4c..a656fdce3 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -109,6 +109,8 @@ in { #} { # wireguard server + # opkg install wireguard luci-proto-wireguard + # TODO: networking.nat # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; @@ -136,9 +138,23 @@ in { allowedIPs = [ "10.244.0.3/32" ]; publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } ]; }; } + { # iperf3 + networking.firewall.allowedUDPPorts = [ 5201 ]; + networking.firewall.allowedTCPPorts = [ 5201 ]; + } ]; makefu.dl-dir = "/var/download"; diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index ce3ffbcf3..1e087fef4 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -19,7 +19,7 @@ let # __FRONT_ # |* d0 | # | | - # |* d3 | + # |* d1 | # | | # |* d3 | # | | @@ -68,6 +68,7 @@ in { <stockholm/makefu/2configs/syncthing.nix> <stockholm/makefu/2configs/mqtt.nix> <stockholm/makefu/2configs/remote-build/slave.nix> + <stockholm/makefu/2configs/deployment/google-muell.nix> # security diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index f44211b93..6434ba273 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -18,7 +18,7 @@ in { <stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/mqtt.nix> - # <stockholm/makefu/2configs/gui/wbob-kiosk.nix> + <stockholm/makefu/2configs/gui/wbob-kiosk.nix> <stockholm/makefu/2configs/stats/client.nix> @@ -31,6 +31,63 @@ in { # Services <stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/share/wbob.nix> + (let + musicDirectory = "/data/music"; + in { + services.mpd = { + enable = true; + inherit musicDirectory; + # dataDir = "/home/anders/.mpd"; + network.listenAddress = "any"; + extraConfig = '' + audio_output { + type "pulse" + name "Local MPD" + server "127.0.0.1" + } + ''; + }; + # open because of truestedInterfaces + # networking.firewall.allowedTCPPorts = [ 6600 4713 ]; + services.samba.shares.music = { + path = musicDirectory; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + + sound.enable = true; + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + # systemWide = true; + support32Bit = true; + zeroconf.discovery.enable = true; + zeroconf.publish.enable = true; + tcp = { + enable = true; + anonymousClients.allowAll = true; + anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ]; + }; + configFile = pkgs.writeText "default.pa" '' + load-module module-udev-detect + load-module module-bluetooth-policy + load-module module-bluetooth-discover + load-module module-native-protocol-unix + load-module module-always-sink + load-module module-console-kit + load-module module-systemd-login + load-module module-intended-roles + load-module module-position-event-sounds + load-module module-filter-heuristics + load-module module-filter-apply + load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 + load-module module-switch-on-connect + ''; + }; + # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + hardware.bluetooth.enable = true; + }) # Sensors <stockholm/makefu/2configs/stats/telegraf> @@ -147,7 +204,10 @@ in { boot.loader.grub.device = rootdisk; hardware.cpu.intel.updateMicrocode = true; boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; + + boot.kernelModules = [ "kvm-intel" + "snd-seq" "snd-rawmidi" + ]; fileSystems = { "/" = { device = rootdisk + "-part1"; @@ -174,66 +234,4 @@ in { serverAddress = "x.r"; }; }; - security.wrappers.fping = { - source = "${pkgs.fping}/bin/fping"; - setuid = true; - }; - services.smokeping = { - enable = true; - targetConfig = '' - probe = FPing - menu = Top - title = Network Latency Grapher - remark = Welcome to this SmokePing website. - - + network - menu = Net latency - title = Network latency (ICMP pings) - - ++ google - probe = FPing - host = google.de - ++ webde - probe = FPing - host = web.de - - + services - menu = Service latency - title = Service latency (DNS, HTTP) - - ++ HTTP - menu = HTTP latency - title = Service latency (HTTP) - - +++ webdeping - probe = EchoPingHttp - host = web.de - - +++ googwebping - probe = EchoPingHttp - host = google.de - - #+++ webwww - #probe = Curl - #host = web.de - - #+++ googwebwww - #probe = Curl - #host = google.de - ''; - probeConfig = '' - + FPing - binary = /run/wrappers/bin/fping - + EchoPingHttp - pings = 5 - url = / - - #+ Curl - ## probe-specific variables - #binary = ${pkgs.curl}/bin/curl - #step = 60 - ## a default for this target-specific variable - #urlformat = http://%host%/ - ''; - }; } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 3686acb6e..d5a9bdcfb 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -59,9 +59,10 @@ with import <stockholm/lib>; # Hardware <stockholm/makefu/2configs/hw/tp-x230.nix> + # <stockholm/makefu/2configs/hw/tpm.nix> <stockholm/makefu/2configs/hw/rtl8812au.nix> - <stockholm/makefu/2configs/hw/wwan.nix> - # <stockholm/makefu/2configs/hw/stk1160.nix> + <stockholm/makefu/2configs/hw/network-manager.nix> + <stockholm/makefu/2configs/hw/stk1160.nix> # <stockholm/makefu/2configs/rad1o.nix> # Filesystem @@ -82,12 +83,9 @@ with import <stockholm/lib>; makefu.server.primary-itf = "wlp3s0"; makefu.full-populate = true; - makefu.umts.apn = "web.vodafone.de"; nixpkgs.config.allowUnfree = true; - - # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ]; @@ -99,11 +97,15 @@ with import <stockholm/lib>; krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; networking.extraHosts = '' - 192.168.1.11 omo.local + 192.168.1.11 omo.local ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; nix.package = pkgs.nixUnstable; environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; + nixpkgs.overlays = [ (import <python/overlay.nix>) ]; + + # environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; }; + } diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix new file mode 100644 index 000000000..f23789ee5 --- /dev/null +++ b/makefu/2configs/deployment/google-muell.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, buildPythonPackage, ... }: +with import <stockholm/lib>; +let + pkg = pkgs.ampel; + home = "/var/lib/ampel"; + sec = "${toString <secrets>}/google-muell.json"; + ampelsec = "${home}/google-muell.json"; + esp = "192.168.1.23"; + sleepval = "1800"; +in { + users.users.ampel = { + uid = genid "ampel"; + createHome = true; + isSystemUser = true; + inherit home; + }; + systemd.services.google-muell-ampel = { + description = "Send led change to rgb cubes"; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "ampel"; + ExecStartPre = pkgs.writeDash "copy-ampel-secrets" '' + cp ${sec} ${ampelsec} + chown ampel ${ampelsec} + ''; + ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}"; + PermissionsStartOnly = true; + Restart = "always"; + RestartSec = 10; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index 292b6679d..d34b66125 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -2,25 +2,7 @@ let mq = "192.168.8.11"; - - pkg = pkgs.python3Packages.buildPythonPackage { - name = "ampel-master"; - - src = pkgs.fetchgit { - url = "http://cgit.euer.krebsco.de/ampel"; - rev = "531741b"; - sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c"; - }; - propagatedBuildInputs = with pkgs.python3Packages; [ - docopt - paho-mqtt - requests - pytz - influxdb - httplib2 - google_api_python_client - ]; - }; + pkg = pkgs.ampel; in { systemd.services.led-fader = { description = "Send led change to message queue"; diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix index 9e16a384a..ecbca9ea3 100644 --- a/makefu/2configs/deployment/photostore.krebsco.de.nix +++ b/makefu/2configs/deployment/photostore.krebsco.de.nix @@ -26,14 +26,16 @@ in { services.nginx = { enable = mkDefault true; virtualHosts."photostore.krebsco.de" = { - locations = { - "/".extraConfig = '' - uwsgi_pass unix://${wsgi-sock}; - uwsgi_param UWSGI_CHDIR ${workdir}; - uwsgi_param UWSGI_MODULE cuserver.main; - uwsgi_param UWSGI_CALLABLE app; - include ${pkgs.nginx}/conf/uwsgi_params; - ''; + enableACME = true; + forceSSL = true; + locations = { + "/".extraConfig = '' + uwsgi_pass unix://${wsgi-sock}; + uwsgi_param UWSGI_CHDIR ${workdir}; + uwsgi_param UWSGI_MODULE cuserver.main; + uwsgi_param UWSGI_CALLABLE app; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; }; }; }; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index da246f66a..eacbd99cf 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -53,15 +53,6 @@ let make-krebs-repo = with git; name: { cgit ? {}, ... }: { inherit cgit name; public = true; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - nick = config.networking.hostName; - verbose = config.krebs.build.host.name == "gum"; - channel = "#xxx"; - # TODO remove the hardcoded hostname - server = "irc.r"; - }; - }; }; diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index daa0282b8..861a9327e 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -48,13 +48,14 @@ in fonts = [ pkgs.terminus_font ]; }; - environment.systemPackages = with pkgs;[ - pavucontrol - xlockmore - rxvt_unicode-with-plugins - firefox - ]; - users.extraUsers.${mainUser}.extraGroups = [ "audio" ]; + users.users.${mainUser} = { + extraGroups = [ "audio" ]; + packages = with pkgs;[ + pavucontrol + xlockmore + rxvt_unicode-with-plugins + ]; + }; hardware.pulseaudio = { enable = true; diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix index 4b7a0c333..7db749227 100644 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -1,11 +1,13 @@ -{ lib, ... }: +{ pkgs, lib, ... }: { imports = [ ./base.nix ]; + users.users.makefu.packages = [ pkgs.chromium ]; services.xserver = { layout = lib.mkForce "de"; + xkbVariant = lib.mkForce ""; windowManager = lib.mkForce { awesome.enable = false; @@ -16,7 +18,7 @@ # xrandrHeads = [ "HDMI1" "HDMI2" ]; # prevent screen from turning off, disable dpms displayManager.sessionCommands = '' - xset s off -dpms + xset -display :0 s off -dpms xrandr --output HDMI2 --right-of HDMI1 ''; }; diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix new file mode 100644 index 000000000..7e29849b1 --- /dev/null +++ b/makefu/2configs/hw/network-manager.nix @@ -0,0 +1,37 @@ +{ pkgs, lib, ... }: +{ + users.users.makefu = { + extraGroups = [ "networkmanager" ]; + packages = with pkgs;[ + networkmanagerapplet + gnome3.gnome_keyring gnome3.dconf + ]; + }; + networking.wireless.enable = lib.mkForce false; + + systemd.services.modemmanager = { + description = "ModemManager"; + after = [ "network-manager.service" ]; + bindsTo = [ "network-manager.service" ]; + wantedBy = [ "network-manager.service" ]; + serviceConfig = { + ExecStart = "${pkgs.modemmanager}/bin/ModemManager"; + PrivateTmp = true; + Restart = "always"; + RestartSec = "5"; + }; + }; + networking.networkmanager.enable = true; + + # TODO: put somewhere else + services.xserver.displayManager.sessionCommands = '' + ${pkgs.clipit}/bin/clipit & + ${pkgs.networkmanagerapplet}/bin/nm-applet & + ''; + +# nixOSUnstable +# networking.networkmanager.wifi = { +# powersave = true; +# scanRandMacAddress = true; +# }; +} diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix new file mode 100644 index 000000000..4ac639a25 --- /dev/null +++ b/makefu/2configs/hw/stk1160.nix @@ -0,0 +1,13 @@ +{ pkgs, lib, ... }: +{ + # TODO: un-pin linuxPackages somehow + nixpkgs.config.packageOverrides = pkgs: { + linux_4_14 = pkgs.linux_4_14.override { + extraConfig = '' + MEDIA_ANALOG_TV_SUPPORT y + VIDEO_STK1160_COMMON m + VIDEO_STK1160 m + ''; + }; + }; +} diff --git a/makefu/2configs/hw/wwan.nix b/makefu/2configs/hw/wwan.nix deleted file mode 100644 index 0eb0c97d7..000000000 --- a/makefu/2configs/hw/wwan.nix +++ /dev/null @@ -1,8 +0,0 @@ -_: - -{ - makefu.umts = { - enable = true; - modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01"; - }; -} diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index af0e81df5..fa4eb827c 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -14,8 +14,6 @@ _: ./snapraid.nix ./torrent.nix ./udpt.nix - ./umts.nix - ./wvdial.nix ]; } diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix deleted file mode 100644 index 86669945a..000000000 --- a/makefu/3modules/umts.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let - nixpkgs-1509 = import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs-channels"; - rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; - sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; - }) {}; - - wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113 - - # TODO: currently it is only netzclub - umts-bin = pkgs.writeScriptBin "umts" '' - #!/bin/sh - set -euf - systemctl start umts - trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT - echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf - journalctl -xfu umts - ''; - - wvdial-defaults = '' - Phone = *99***1# - Dial Command = ATDT - Modem = ${cfg.modem-device} - Baud = 460800 - Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0 - Init2 = ATZ - Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 - ISDN = 0 - Modem Type = Analog Modem - Username = netzclub - Password = netzclub - Stupid Mode = 1 - Idle Seconds = 0''; - - cfg = config.makefu.umts; - - out = { - options.makefu.umts = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "umts"; - - modem-device = mkOption { - default = "/dev/ttyUSB0"; - type = types.str; - description = '' - path to modem device, use <filename>/dev/serial/by-id/...</filename> - to avoid race conditions. - ''; - }; - apn = mkOption { - default = "pinternet.interkom.de"; - type = types.str; - description = '' - apn to use for dailing - ''; - }; - }; - - imp = { - environment.shellAliases = { - umts = "sudo ${umts-bin}/bin/umts"; - }; - environment.systemPackages = [ ]; - - environment.wvdial.dialerDefaults = wvdial-defaults; - - systemd.services.umts = { - description = "UMTS wvdial Service"; - serviceConfig = { - Type = "simple"; - Restart = "always"; - RestartSec = "10s"; - ExecStart = "${wvdial}/bin/wvdial -n"; - }; - }; - }; -in out diff --git a/makefu/3modules/wvdial.nix b/makefu/3modules/wvdial.nix deleted file mode 100644 index 1ed929ed4..000000000 --- a/makefu/3modules/wvdial.nix +++ /dev/null @@ -1,71 +0,0 @@ -# Global configuration for wvdial. - -{ config, lib, pkgs, ... }: - -with lib; - -let - - configFile = '' - [Dialer Defaults] - PPPD PATH = ${pkgs.ppp}/sbin/pppd - ${config.environment.wvdial.dialerDefaults} - ''; - - cfg = config.environment.wvdial; - -in -{ - ###### interface - - options = { - - environment.wvdial = { - - dialerDefaults = mkOption { - default = ""; - type = types.str; - example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"''; - description = '' - Contents of the "Dialer Defaults" section of - <filename>/etc/wvdial.conf</filename>. - ''; - }; - - pppDefaults = mkOption { - default = '' - noipdefault - usepeerdns - defaultroute - persist - noauth - ''; - type = types.str; - description = "Default ppp settings for wvdial."; - }; - - }; - - }; - - ###### implementation - - config = mkIf (cfg.dialerDefaults != "") { - - environment = { - - etc = - [ - { source = pkgs.writeText "wvdial.conf" configFile; - target = "wvdial.conf"; - } - { source = pkgs.writeText "wvdial" cfg.pppDefaults; - target = "ppp/peers/wvdial"; - } - ]; - - }; - - }; - -} diff --git a/makefu/5pkgs/ampel/default.nix b/makefu/5pkgs/ampel/default.nix new file mode 100644 index 000000000..86518b9b8 --- /dev/null +++ b/makefu/5pkgs/ampel/default.nix @@ -0,0 +1,27 @@ +{ lib, pkgs, fetchFromGitHub, ... }: + +with pkgs.python3Packages;buildPythonPackage rec { + name = "ampel-${version}"; + version = "0.2"; + + propagatedBuildInputs = [ + docopt + paho-mqtt + requests + pytz + influxdb + httplib2 + google_api_python_client + ]; + + src = pkgs.fetchgit { + url = "http://cgit.euer.krebsco.de/ampel"; + rev = "d8a0250"; + sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f"; + }; + meta = { + homepage = http://cgit.euer.krebsco.de/ampel; + description = "change colors of rgb cubes"; + license = lib.licenses.asl20; + }; +} diff --git a/makefu/5pkgs/pfsshell/default.nix b/makefu/5pkgs/pfsshell/default.nix new file mode 100644 index 000000000..fc6b37069 --- /dev/null +++ b/makefu/5pkgs/pfsshell/default.nix @@ -0,0 +1,27 @@ +{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }: +stdenv.mkDerivation rec { + pname = "pfsshell"; + version = "64f8c2"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "makefu"; + repo = "pfsshell"; + rev = version; + sha256 = "01lbqf8s91p8id58xa16fp555i03vfycqvhv7qzpnrjy6yvp9dm8"; + }; + + buildInputs = [ ]; + + makeFlags = [ ]; + + installPhase = '' + mkdir -p $out/bin + cp pfsshell $out/bin + ''; + + meta = { + homepage = https://github.com/uyjulian/pfsshell ; + description = "browse and transfer files to/from PFS filesystems"; + }; +} diff --git a/makefu/source.nix b/makefu/source.nix index c22c82f32..f06c9454f 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,7 +13,7 @@ let then "buildbot" else "makefu"; _file = <stockholm> + "/makefu/1systems/${name}/source.nix"; - ref = "0f19bee"; # nixos-17.09 @ 2018-01-05 + ref = "cd36b3d"; # nixos-17.09 @ 2018-02-06 # + do_sqlite3 ruby: 55a952be5b5 # + signal: 0f19beef3 |