diff options
57 files changed, 979 insertions, 333 deletions
diff --git a/.gitignore b/.gitignore index 1ce082113..e1c6ef949 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /.graveyard +/TODO diff --git a/.rsync-filter b/.rsync-filter index 364a79864..67ec05fc3 100644 --- a/.rsync-filter +++ b/.rsync-filter @@ -1,3 +1,4 @@ - /.git - /.graveyard +- /TODO P /.version-suffix diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 91aabb716..21ae20ea0 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -1,6 +1,7 @@ { config, pkgs, ... }: let shack-ip = config.krebs.build.host.nets.shack.ip4.addr; + influx-host = "127.0.0.1"; in { imports = [ @@ -23,6 +24,58 @@ in <stockholm/krebs/2configs/shack/muell_caller.nix> <stockholm/krebs/2configs/shack/radioactive.nix> <stockholm/krebs/2configs/shack/share.nix> + { + systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate + #systemd.services.telegraf.environment = { + # "MIBDIRS" : ""; # extra mibs like ADSL + #}; + services.telegraf = { + enable = true; + extraConfig = { + inputs = { + snmp = { + agents = [ "10.0.1.3:161" ]; + version = 2; + community = "shack"; + name = "snmp"; + field = [ + { + name = "hostname"; + oid = "RFC1213-MIB::sysName.0"; + is_tag = true; + } + { + name = "load-percent"; #cisco + oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9"; + } + { + name = "uptime"; + oid = "DISMAN-EVENT-MIB::sysUpTimeInstance"; + } + ]; + table = [{ + name = "snmp"; + inherit_tags = [ "hostname" ]; + oid = "IF-MIB::ifXTable"; + field = [{ + name = "ifName"; + oid = "IF-MIB::ifName"; + is_tag = true; + }]; + }]; + }; + }; + outputs = { + influxdb = { + urls = [ "http://${influx-host}:8086" ]; + database = "telegraf"; + write_consistency = "any"; + timeout = "5s"; + }; + }; + }; + }; + } ]; # use your own binary cache, fallback use cache.nixos.org (which is used by @@ -86,6 +139,9 @@ in boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; + # without it `/nix/store` is not added grub paths + boot.loader.grub.copyKernels = true; + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; swapDevices = [ @@ -100,6 +156,7 @@ in users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.ulrich.pubkey config.krebs.users.makefu-omo.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup ]; time.timeZone = "Europe/Berlin"; diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix index 2d8d78e33..7e8d278f6 100644 --- a/krebs/2configs/shack/muell_caller.nix +++ b/krebs/2configs/shack/muell_caller.nix @@ -6,8 +6,8 @@ let name = "muell_caller-2017-06-01"; src = pkgs.fetchgit { url = "https://github.com/shackspace/muell_caller/"; - rev = "bbd4009"; - sha256 = "1bfnfl2vdh0p5wzyz5p48qh04vvsg2445avg86fzhzragx25fqv0"; + rev = "ee4e499"; + sha256 = "0q1v07q633sbqg4wkgf0zya2bnqrikpyjhzp05iwn2vcs8rvsi3k"; }; buildInputs = [ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 93211d9d4..610c20bb4 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -186,6 +186,17 @@ let }; repo = types.submodule ({ config, ... }: { options = { + admins = mkOption { + type = types.listOf types.user; + default = []; + description = '' + List of users that should be able to do everything with this repo. + + This option is currently not used by krebs.git but instead can be + used to create rules. See e.g. <stockholm/lass/2configs/git.nix> for + an example. + ''; + }; cgit = { desc = mkOption { type = types.nullOr types.str; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 4e2d6df99..ca3c8b45b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -34,6 +34,7 @@ with import <stockholm/lib>; HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB -----END RSA PUBLIC KEY----- ''; + tinc.port = 993; }; }; ssh.privkey.path = <secrets/ssh.id_ed25519>; @@ -294,6 +295,37 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t"; }; + helios = { + cores = 8; + nets = { + retiolum = { + ip4.addr = "10.243.133.117"; + ip6.addr = "42:0:0:0:0:0:3:7105"; + aliases = [ + "helios.r" + "cgit.helios.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAp+SRmP5MoCSYInx4Dm5MLZzNyXVgfo/CDoeUlUT35X0yE7WHGWsG + wHPCu+3RWfBUjuqNdb0qiGtRi3Q/LwznwBROPOX8gMXia/DgCLbIjn5Rx081pTIo + 3epbUCFtNgyDWg8IHF87ZnVBXTYAy5g4tz9u8kw82D8mR18o595TuZ9t5pDc/Kvi + fPHZenT6cd6FtL9uankX/jan1PRP9xTrhpE8dAQ6g+7XH7knMK3cno/Ztis5YzHt + Ith0bsIjk5of7hhITj0MXtTikjDqWxkpF5mfOK1cG/rC1goTmB9AfcENUBnu9iAM + I/alzqk3CEczznLyaOckfx2fRuar912LAdiJ5v7VPztfvN1p3gIxq5M0Rgkq+98B + H/s32xNRBPvqoIleKnhwE9gfrCLaAVqpaMkgKRvgsTkSDNYNhh4smQ3eAKKwwDH/ + QG3sfP8xyNyDFhBtCiDGkf9hNqBBMaKjZoh8DasZNtcfOop3fGw7jmUUbB6cG8cp + +EfYbcb5mVpmrIyXgOTwwYcp7tn+zkd4Wa8C9Q98eFTs0HGVGxGX9Hj6PM/kXK4C + aIqIQVNpnJ/9cOwT8JFIriG1MWTOXbamUusKTLs8SRp3ZkyM7XUEcLL5HMh09rUw + rzEAmE7TywXVhd7j2IaEy+bx2dfGQH2bFoh6Drm6Olo+ySi1utB5dGkCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpx9jJnn4QMGO8BOrGOLRN1rgpIkR14sQb8S+otWEL"; + }; iso = { ci = false; cores = 1; @@ -349,6 +381,85 @@ with import <stockholm/lib>; }; }; }; + eddie = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.170"; + ip6.addr = "42:4992:6a6d:700::1"; + aliases = [ "eddie.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d + j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm + 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF + 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua + KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq + iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t + 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD + kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u + hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay + pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ + lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + borg = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.171"; + ip6.addr = "42:4992:6a6d:700::2"; + aliases = [ "borg.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0bHZApTM7Hl4qqNakSwq + bt7zJoTVK9ePoC3Mue1VmJ1mCKMaxKdzlO31kPeHtkilAzgyIJdgikyKFlApGsQL + aIuU9h55X7TbikoDD6ghbSrAe3Pgc+sJ3OZ7wO7Qb8CKgJvEbkk/u68YiJgyTjYD + HNjIQzlsGdpoSke9vwC8qWanfgN7c2MMGtakqfXDjYjCgp7O43i+SMupkMSXIXMA + 5XUFh/vVp6xgPxBofcw0uQIyZ5v4PPFjnGPm4rnMbFzbhubntHjDadwGd5Niyw4O + zNNKNchTLfNiuNGqTZeYd0kJ5fNMKykhpSs+ou34MvexvpuyPlFuotnPXN/nOMml + 3nwiqzthzPuBZRLswxT0WvlA8wlbeTOKJ0wTIR4dDuAF+euDtoNocVEN5PJNc7yN + fmwAV6geESoJbZQMSCtAp1NioaBlRPp1pFfoM/GotHywuFrTIxyoIBiYhkpWyQvq + WYw5j13IKqkL7jDchhoBmcardmh+AP5bL3uQ84BgaYNwFzHp04qIRrrdpF0eMaHB + /8zaqsNLn4/zQJB5ffkelwoIqfvLPQeCMLzHGHgP5xUnWgmZZGiiDLvhuaMeNq4U + EpCKoTL178sPOgNfHfd8mEqx0qKYuPrNQEdlpa5xOZqwx56pfYpGWY+KtF2FHLhS + iO64GCJqCi1MKBYx/NhaxKMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + inspector = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.172"; + ip6.addr = "42:4992:6a6d:800::1"; + aliases = [ "inspector.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG + EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ + 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF + m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw + WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd + eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 + OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau + ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x + B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG + q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj + 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { lass = { @@ -356,6 +467,10 @@ with import <stockholm/lib>; pubkey = builtins.readFile ./ssh/mors.rsa; pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp; }; + lass-helios = { + mail = "lass@helios.r"; + pubkey = builtins.readFile ./ssh/helios.rsa; + }; lass-uriel = { mail = "lass@uriel.r"; pubkey = builtins.readFile ./ssh/uriel.rsa; diff --git a/krebs/3modules/lass/pgp/helios.pgp b/krebs/3modules/lass/pgp/helios.pgp new file mode 100644 index 000000000..dc6d07d6b --- /dev/null +++ b/krebs/3modules/lass/pgp/helios.pgp @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFm/8D0BEAC+kY6ELukGkQh4xJ+haYGYi6FdCCUgM+BqAXQ9s7FnzyrNCbTq +x5O2b3Np96NANCCWSMIcAIXt/AzfvxY7awtsFNlXolMMMEdkHbEXQCgJahK1P5iD +q7DWlwwXNy+oPdl7ZGtfhK+d698aI6eFS0SamElH4B4IFaGzSXC0ec1Cva+3QM1d +FPRmRByMllTxEcxI6P1gIAtZGXwPLPGVPYuoRQFM+3w+VPgBcWTLPYcLyvLj0r8o +Gv/JSyZHNEu5Rtyl+8G6/8W/u7+J4lzO4V6Y6+UPomvfyCkreqsQp/bB8Nw9LYN2 +zNttaxM5zu7FBY2e+OwFsxNC5nnIvSVY2qYUps6Lxuv1cxKY+3lZKhMcc8+p+j2g +QNdfys3Hk4fdZ5YBaQ/v30kS7ZpAkILCYw7g5HJ18pdoULNWYMUaJF/1Qim2mU72 +5wuCzwsWyA6BQFoBSlDPQ24ypGMVKynl6Xh3uGG/K1OcTvhUgzF3J+jcntOY698b +4Lum/zffWQsVuXZlroydMjtn7Pfr3W8nzLynhCTWruW8+irb/Qut8q04KjfR0UyE +hdc+kohQemfhk4y0CA0xuzRBRxagKo2LUFTUL312r2TZV+vLWtdToV3HzDuFJokq +FCxoVm/4M6BQQ3IxDHBVO6BmqIlAGq9cheao3t9XciERPMSHXZzZKV/3CQARAQAB +tA1sYXNzQGhlbGlvcy5yiQJOBBMBCAA4FiEEwAWygS5dtGA5vC/hQM6NxyLSe0oF +Alm/8D0CGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQQM6NxyLSe0rm5hAA +jxqcevdjJt+b4FstIiiNhhjU62/9Tl4qoKgR1/BwAIfDoMWduPrw9ldQky36O923 +VMYKiZBoUzdXRLzL0ay/ewXdSONllUwnFLvil78SQOuJTe5JKM6N0IiEVSEhNjRr +zylFk7SpY2MOIc0p3eHutD4oq0PcWnOer5R1z7u0mVJRYVoJOu7IIxqj7jb8JRAh +FbLBbu2mFBcXMLKyWFCTB4nROeoTBcfKTnBuDYhaIEUCLo2RpMYqBJiVJvvFLglA +XowKFjuE/g5Yne2GB5zx1GVRkjZsE9mGL7L5mlyucMwYqWeJzkNfB7cz58ZFN9EG +9hzUlaEahPxnC6/AeF9ev/9/SF6bPM/nq36xBXj7W5lOewc5p5GigHkh94VN+bdw +/KluD5rUErO+v3ag+5Tr8FzjtbjlARRo/vz5YWRGS4yqGiXlUUchAPEzflLYxfD1 +CSH+i0eWMrm5t+BYiPZHL8DSbGI1BM5EhHZ69dS7bUAO1qL7oQObQv+755fLV6+q ++ir7GHuxtNma58PS+BDiWJnIqmDJ029u188YM4dGL+EWF2AS4cUh2y6CZCOq77Gt +NmMCZyQjg2KB1jsL5XHySB14/uN3vlSSz9V+ZT/sAK09Z4atfYNnMHBAbC00GSbH +VqQf+OIascVZWAzqExk4fjnVYjTaoIZHaNd5aT/61S25Ag0EWb/wPQEQAJwoiiHG +NhuBFBEjZYJsONfJayGE4qWSU//54gJaitSgDLV8G0NYQrxqSNAZMAux6g9BSSrD +s/LbN5U1KgKpLTHjiSXUFoQFZ44AeTSQkUeelbtMVz13ohjpDInkye3sM9Jr4Zw+ +wwgg3zRi49YR6EU78c81ehPjVyxBPg2mmguBShz1zn5r6GjzniU4p3P5Hwf5F+eu +kRekG9hlCbVz+Ibl8U/t1JQZBqSIX45svdIYqeal5LWSgUG4o8gbenggNFPi3Olz +IOoTRMGKe6HCjTzv+xML7Q9bCMkUdyIfrrG0QDj3g+VZmZYAXdKjLLujAAU18Sh0 +SekPenVE0DNvmB7HHw+Bo+4aq6wWC9+BDb31NpJzNY64zEuUZsnustEmAXM2UIKS +HRzfgnZRRyD99H128a95FNpZrG5H+QgpdTE4PxsZn6fFtCRy6/a/W79VfCdHCahz +ptthyMeE81uZ28VTBXOHgK8Wawt3xjJCRksCau3xNUgRuSPoAWUPY2tLrJ9wKbxp +uL4fY8x8M2d9G4U03DfQDGP9JUskqLThnJf7Jo42XTmkJd9hRBL0kMCIfolEcyEh +pSQqbevUnFRiipv1x90Tn9Cax06ZkHkovuyIniRve/MvX8mCzzlUv1bjVNC0d71+ +z3G8fXlhDZGCkLQu6M1MlmUZxu05UfQnk5kBABEBAAGJAjYEGAEIACAWIQTABbKB +Ll20YDm8L+FAzo3HItJ7SgUCWb/wPQIbDAAKCRBAzo3HItJ7SuI3D/0Y3A2+ZbeH +q3SCAXBs4yOv7cffT4KwDHIC2vp9I868xj0Fw9hCdN1X9Y6hfj6nilI4EKW5ozsg +xs1kqGlclqqpag5ZmFbD1y/DzEpgdlysDJPgdD9FlF0mN+tTS543d0SOyydD2N8X +el5h4T2VaEBYfwKoDyN7LnCtGoiUSE3Nw99BNJ7zGma+46NRUWjv1eByMMhxvXJF +ASKn4Ok1olhINH43tQ3TGx9XdG19GS0+OnyOlfdagKwma73A2caUAyjIXBrmR5NU +Pb3aiyMzxm6DpCupqWkQgCC/EG8HgYhPGJ6TAK2QfMWX1TjERcPGtVbTE7BbRNLd +LdaIuo+5ROVseBTYDC8VbACkV7eh1fVhUmpZa81uQotCRJ+jsYGT4Lyon44roSGn +7G+rYgS2yv/2JXSTMBa45MReEPCgkSwZ6u9jvbs7vWzao+4tILsgO9RqNw1kiN9o +LMLMVVCFmgNMCHxegmNIJYRryQkFZA5vQR2gPS3FYY3NfVGhFHMvsOK+jx415o2O +gF76EJcexglPWhyqBc5meyw1x6pjoPTNGLnFzH1rdyyYilUyFexy3TSam60Ov/Aj +cszX0D4M2Fnk9ncSq03ujflVYpVTNtkSVH0K9OY7rwjp78WycxiYzk1OQHogh18L +Du4S2e/am91kQGaz490BV9XNw4I70e4dQQ== +=gkzg +-----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/lass/ssh/helios.rsa b/krebs/3modules/lass/ssh/helios.rsa new file mode 100644 index 000000000..58f81726c --- /dev/null +++ b/krebs/3modules/lass/ssh/helios.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGZE0z5+0A42GHI2VYrN9Ra60EwlKqARZUi9e0pbiQxwKi42Y3+Jy2UIAB9rUW51Pw0K6L2FzHZyk9w4fMWjAB+OSaGi8CViGOrBmP8Xm0TSd6a725RSOKTH1jv4u54W6+VQcZpe4RepsuasvN4Rd3FYz1O0ffiroPYS0Hs7ui3HG5rZZsz+FArJ/s2mL525P9VQwMlCAdrepWXgGSPSa/ogmhMCSRttV5R0WCnvXYA4aq45scxjxIWXu/Y/FggslSpRGEnRChHiua5kPWqREC1eNbMOjYJc7OxDIZjzcwHcDHH3U1oIBEjNY8UqMFy3t87cm0BTH9yA6qQnkexCmbRGA0mnAJ1XskgL6KcZuYw+zRo6zVmnZCgRyheenBJhQy/28ZDSwCDBOayl6tAbWivesUZb0/nqucvbdRxTDd6nbSH8q8Cp1qZvP1yrhZ9X2m4Rm66UenHOPOEiyOoVQgfYb2EFHsYVN62shGcfaaL8g4rjUXsUJEheGX5ll5MOMSclUhI8Zk31APq/xuLGGIn+tipjOSX2OVZrSE+KkgitMxOOF1kx33IQGnBKQD8K/a9vVmpTrTAnfXR5oJrXp+XRZ3viXr0rUkG5KfS/zjL8ZC8ckeSkX75BLbPbimUa6TfA/lddipb76zOOOREiD4Sw+MkGDh5xnzwxMY05fjOUmk/v++WcOTTNyrknygdaC8Qx0Gv4Wxmcd+LzmIc5wZZjenwYhp4KpR55EIP966uBUcD+HlkHZnNNZUzOJA8NE+oPQbaM3qCuThe9q9hVYt08/rZ9ANwgb/ChCwEOYLNnofdgrvDb91qenwEUiE9wy79Dwgqh2SRAMN4ZTxRrVjw3potBMRuNc5HMDDXbKfGF1T6O+vBPpcQ8x+rztBDpF/lqjGqoCqyFNG/VnFHFZ5kjLkLmx6S69iRL7wg/KI1NA14tdSLJZ2qDqo5n8rbnGeAWTQB8ZgzhPO39fyOYGCdTJ8e2dIDEw8SUWaVsTnkc/PHOcGAMt2LrL6USszrLSQgU4ediPBWJjX4jk2wxLRPyBz8Z2QLWrsxV0bh1CstIsbBh1p8jMXAKJ+UXqzRWGR5T6d7lensqM0/uWqzu++w6/whQQh9Hzs6GX8l+ELMn0szkRaM9dZpAz5p9HHdYkANwsIIe8CPznRvudQ0CPManTQsjR8GZ3RjGx002VUdbDh5xx7P9Efsa6m8kkNCbUNMSHjmvC9M2sR5ww2WsnvpGBCU8sNYf4y9QvKI1LIYkG1MObhEKHyf5wxFp25bwHyxPkHGULhJKM/MdDT42flddEJCTEwiCPVuaJsr7Adr6Oni4kzY+S7CiP7YArM0v2Vg9mgVmi11koF9hcZ6zyyKAWVviDRLVIA0/eY66T/FiSS/g12zW1keuhFipNEWyZdD/r8LwfDpInAAqN5g65dx6eoyoB6AZatEwwsnn6zcDP51B1q0TC9Y+TXK5TSBE50oFxa2SLu4Gj7YOi1AoRqKxSPVktE= lass@helios diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 79fa27bad..e80becfa7 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -32,52 +32,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_rsa>; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; - cd = { - ci = true; - cores = 2; - extraZones = { - # TODO generate krebsco.de zone from nets and don't use extraZones at all - "krebsco.de" = '' - cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} - ''; - }; - nets = { - internet = { - ip4.addr = "45.62.237.203"; - aliases = [ - "cd.i" - "cd.krebsco.de" - ]; - ssh.port = 11423; - }; - retiolum = { - via = config.krebs.hosts.cd.nets.internet; - ip4.addr = "10.243.113.222"; - ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af3"; - aliases = [ - "cd.r" - "cgit.cd.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ - rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4 - e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN - sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v - CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0 - PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V - LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk - DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW - ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK - jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5 - Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6"; - }; ju = { external = true; nets = { diff --git a/krebs/5pkgs/simple/git-preview/default.nix b/krebs/5pkgs/simple/git-preview/default.nix new file mode 100644 index 000000000..f20f2a636 --- /dev/null +++ b/krebs/5pkgs/simple/git-preview/default.nix @@ -0,0 +1,15 @@ +{ coreutils, git, stdenv, writeDashBin }: + +writeDashBin "git-preview" '' + PATH=${stdenv.lib.makeBinPath [ + coreutils + git + ]}''${PATH+:$PATH} + hashes=$(git log --format=%h "..$1") + end=$(echo "$hashes" | head -1) + start=$(echo "$hashes" | tail -1) + # exit if no diff was found + test -z "$start" && exit 0 + shift + git diff "$start^..$end" "$@" +'' diff --git a/krebs/5pkgs/simple/weechat/default.nix b/krebs/5pkgs/simple/weechat/default.nix deleted file mode 100644 index c703ca8bf..000000000 --- a/krebs/5pkgs/simple/weechat/default.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ stdenv, fetchurl, ncurses, openssl, aspell, gnutls -, zlib, curl , pkgconfig, libgcrypt -, cmake, makeWrapper, libiconv -, asciidoctor # manpages -, guileSupport ? true, guile -, luaSupport ? true, lua5 -, perlSupport ? true, perl -, pythonPackages -, rubySupport ? true, ruby -, tclSupport ? true, tcl -, extraBuildInputs ? [] }: - -assert guileSupport -> guile != null; -assert luaSupport -> lua5 != null; -assert perlSupport -> perl != null; -assert rubySupport -> ruby != null; -assert tclSupport -> tcl != null; - -let - inherit (pythonPackages) python pycrypto pync; -in - -stdenv.mkDerivation rec { - version = "1.8"; - name = "weechat-${version}"; - - src = fetchurl { - url = "http://weechat.org/files/src/weechat-${version}.tar.bz2"; - sha256 = "10km0437lg9ms6f16h20s89l2w9f9g597rykybxb16s95ql48z08"; - }; - - outputs = [ "out" "doc" ]; - - enableParallelBuilding = true; - cmakeFlags = with stdenv.lib; [ - "-DENABLE_MAN=ON" - "-DENABLE_DOC=ON" - ] - ++ optionals stdenv.isDarwin ["-DICONV_LIBRARY=${libiconv}/lib/libiconv.dylib" "-DCMAKE_FIND_FRAMEWORK=LAST"] - ++ optional (!guileSupport) "-DENABLE_GUILE=OFF" - ++ optional (!luaSupport) "-DENABLE_LUA=OFF" - ++ optional (!perlSupport) "-DENABLE_PERL=OFF" - ++ optional (!rubySupport) "-DENABLE_RUBY=OFF" - ++ optional (!tclSupport) "-DENABLE_TCL=OFF" - ; - - buildInputs = with stdenv.lib; [ - ncurses python openssl aspell gnutls zlib curl pkgconfig - libgcrypt pycrypto makeWrapper - cmake - asciidoctor - ] - ++ optional guileSupport guile - ++ optional luaSupport lua5 - ++ optional perlSupport perl - ++ optional rubySupport ruby - ++ optional tclSupport tcl - ++ extraBuildInputs; - - NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix}" - # Fix '_res_9_init: undefined symbol' error - + (stdenv.lib.optionalString stdenv.isDarwin "-DBIND_8_COMPAT=1 -lresolv"); - - postInstall = with stdenv.lib; '' - NIX_PYTHONPATH="$out/lib/${python.libPrefix}/site-packages" - wrapProgram "$out/bin/weechat" \ - ${optionalString perlSupport "--prefix PATH : ${perl}/bin"} \ - --prefix PATH : ${pythonPackages.python}/bin \ - --prefix PYTHONPATH : "$PYTHONPATH" \ - --prefix PYTHONPATH : "$NIX_PYTHONPATH" - ''; - - meta = { - homepage = http://www.weechat.org/; - description = "A fast, light and extensible chat client"; - license = stdenv.lib.licenses.gpl3; - maintainers = with stdenv.lib.maintainers; [ lovek323 garbas the-kenny ]; - platforms = stdenv.lib.platforms.unix; - }; -} diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix new file mode 100644 index 000000000..196e6765a --- /dev/null +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -0,0 +1,118 @@ +with import <stockholm/lib>; +{ utillinux, writeDash }: + +opt-spec: cmd-spec: let + + cmd = cmd-spec opts; + + cmd-script = + if typeOf cmd == "set" + then "exec ${cmd}" + else cmd; + + opts = mapAttrs (name: value: value // rec { + long = value.long or (replaceStrings ["_"] ["-"] name); + ref = value.ref or "\"\$${varname}\""; + short = value.short or null; + switch = value.switch or false; + varname = value.varname or (replaceStrings ["-"] ["_"] name); + }) opt-spec; + + # true if b requires a to define its default value + opts-before = a: b: + test ".*[$]${stringAsChars (c: "[${c}]") a.varname}\\>.*" (b.default or ""); + + opts-list = let + sort-out = toposort opts-before (attrValues opts); + in + if sort-out ? result + then sort-out.result + else throw "toposort output: ${toJSON sort-out}"; + + wrapper-name = + if typeOf cmd == "set" && cmd ? name + then "${cmd.name}-getopt" + else "getopt-wrapper"; + +in writeDash wrapper-name '' + set -efu + + wrapper_name=${shell.escape wrapper-name} + + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + unset ${opt.varname} + '') opts)} + + args=$(${utillinux}/bin/getopt \ + -l ${shell.escape + (concatMapStringsSep "," + (opt: opt.long + optionalString (!opt.switch) ":") + (filter (opt: opt.long != null) + (attrValues opts)))} \ + -n "$wrapper_name" \ + -o ${shell.escape + (concatMapStringsSep "" + (opt: opt.short + optionalString (!opt.switch) ":") + (filter (opt: opt.short != null) + (attrValues opts)))} \ + -s sh \ + -- "$@") + if \test $? != 0; then exit 1; fi + eval set -- "$args" + + while :; do + case $1 in + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + (${concatMapStringsSep "|" shell.escape (filter (x: x != "") [ + (optionalString (opt.long != null) "--${opt.long}") + (optionalString (opt.short != null) "-${opt.short}") + ])}) + ${if opt.switch then /* sh */ '' + ${opt.varname}=true + shift + '' else /* sh */ '' + ${opt.varname}=$2 + shift 2 + ''} + ;; + '') (filterAttrs + (_: opt: opt.long != null || opt.short != null) + opts))} + --) + shift + break + esac + done + + ${concatMapStringsSep "\n" + (opt: /* sh */ '' + if \test "''${${opt.varname}+1}" != 1; then + printf '%s: missing mandatory option '--%s'\n' \ + "$wrapper_name" \ + ${shell.escape opt.long} + error=1 + fi + '') + (filter + (x: ! hasAttr "default" x) + (attrValues opts))} + if test "''${error+1}" = 1; then + exit 1 + fi + + ${concatMapStringsSep "\n" + (opt: /* sh */ '' + if \test "''${${opt.varname}+1}" != 1; then + ${opt.varname}=${opt.default} + fi + '') + (filter + (hasAttr "default") + opts-list)} + + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + export ${opt.varname} + '') opts)} + + ${cmd-script} "$@" +'' diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix new file mode 100644 index 000000000..37bdc0290 --- /dev/null +++ b/lass/1systems/helios/config.nix @@ -0,0 +1,87 @@ +with import <stockholm/lib>; +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/mouse.nix> + <stockholm/lass/2configs/pass.nix> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/otp-ssh.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + { # automatic hardware detection + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + + fileSystems."/" = + { device = "/dev/pool/root"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/1F60-17C6"; + fsType = "vfat"; + }; + + fileSystems."/home" = + { device = "/dev/pool/home"; + fsType = "btrfs"; + }; + + nix.maxJobs = lib.mkDefault 8; + } + { # crypto stuff + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + devices = [{ + name = "luksroot"; + device = "/dev/nvme0n1p3"; + }]; + }; + } + { + services.xserver.dpi = 200; + fonts.fontconfig.dpi = 200; + lass.myFont = "-schumacher-clean-*-*-*-*-25-*-*-*-*-*-iso10646-1"; + } + ]; + krebs.build.host = config.krebs.hosts.helios; + + krebs.git.rules = [ + { + user = [ config.krebs.users.lass-helios ]; + repo = [ config.krebs.git.repos.stockholm ]; + perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ]; + } + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.wireless.enable = true; + hardware.enableRedistributableFirmware = true; + + environment.systemPackages = with pkgs; [ + vim + rxvt_unicode + git + rsync + hashPassword + thunderbird + dpass + ]; + + users.users = { + root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass-helios.pubkey + ]; + }; + + programs.ssh.startAgent = lib.mkForce true; + + services.tlp.enable = true; +} diff --git a/lass/1systems/helios/source.nix b/lass/1systems/helios/source.nix new file mode 100644 index 000000000..bfe4dca4c --- /dev/null +++ b/lass/1systems/helios/source.nix @@ -0,0 +1,4 @@ +import <stockholm/lass/source.nix> { + name = "helios"; + secure = true; +} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 4d2f8b0f8..8b90cce77 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -38,7 +38,7 @@ with import <stockholm/lib>; { lass.umts = { enable = true; - modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_C12AD95CB7B78F90-if09"; + modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09"; initstrings = '' Init1 = AT+CFUN=1 Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 @@ -133,6 +133,7 @@ with import <stockholm/lib>; iodine macchanger + dpass ]; #TODO: fix this shit diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 3a99e65a0..f6390ce4d 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -27,6 +27,12 @@ in { lass ALL= (root) NOPASSWD:SETENV: ${pkgs.sshuttle}/bin/.sshuttle-wrapped ''; } + { #font magic + options.lass.myFont = mkOption { + type = types.str; + default = "-schumacher-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; + }; + } ]; users.extraUsers.mainUser.extraGroups = [ "audio" "video" ]; @@ -73,6 +79,7 @@ in { youtube-tools rxvt_unicode + termite ]; fonts.fonts = [ diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index a70d58828..c9d7a369a 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -42,6 +42,7 @@ with import <stockholm/lib>; { from = "securityfocus@lassul.us"; to = lass.mail; } { from = "radio@lassul.us"; to = lass.mail; } { from = "btce@lassul.us"; to = lass.mail; } + { from = "raf@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 7bce93ae1..3991acadc 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -14,7 +14,7 @@ let root-desc = "keep calm and engage"; }; }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + repos = repos; rules = rules; }; @@ -87,8 +87,8 @@ let public = true; }; - make-restricted-repo = name: { collaborators ? [], announce ? false, hooks ? {}, ... }: { - inherit collaborators name; + make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? false, hooks ? {}, ... }: { + inherit admins collaborators name; public = false; hooks = optionalAttrs announce { post-receive = pkgs.git-hooks.irc-announce { @@ -111,15 +111,20 @@ let repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ - optional repo.public { - user = attrValues config.krebs.users; + optional (length (repo.admins or []) > 0) { + user = repo.admins; repo = [ repo ]; - perm = fetch; + perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ optional (length (repo.collaborators or []) > 0) { user = repo.collaborators; repo = [ repo ]; perm = fetch; + } ++ + optional repo.public { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; }; in out diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index e7779f53e..fb76c5735 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -1,12 +1,14 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { krebs.iptables = { tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } - { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + filter.INPUT.rules = let + tincport = toString config.krebs.build.host.nets.retiolum.tinc.port; + in [ + { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; } + { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; } ]; }; }; diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 29800dbeb..7f36fcd90 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -106,9 +106,10 @@ let pkgs.vimPlugins.undotree (pkgs.vimUtils.buildVimPlugin { name = "file-line-1.0"; - src = pkgs.fetchgit { - url = git://github.com/bogado/file-line; - rev = "refs/tags/1.0"; + src = pkgs.fetchFromGitHub { + owner = "bogado"; + repo = "file-line"; + rev = "1.0"; sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; }; }) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 93b817c3b..17c39a5f4 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -6,22 +6,70 @@ let genid ; + servephpBB = domains: + let + domain = head domains; + + in { + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + serverAliases = domains; + extraConfig = '' + index index.php; + root /srv/http/${domain}/; + access_log /tmp/nginx_acc.log; + error_log /tmp/nginx_err.log; + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + client_max_body_size 100m; + ''; + locations."/".extraConfig = '' + try_files $uri $uri/ /index.php?$args; + ''; + locations."~ \.php(?:$|/)".extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; + fastcgi_intercept_errors on; + ''; + #Directives to send expires headers and turn off 404 error logging. + locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = '' + access_log off; + log_not_found off; + expires max; + ''; + }; + services.phpfpm.poolConfigs."${domain}" = '' + listen = /srv/http/${domain}/phpfpm.pool + user = nginx + group = nginx + pm = dynamic + pm.max_children = 25 + pm.start_servers = 5 + pm.min_spare_servers = 3 + pm.max_spare_servers = 20 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; + in { imports = [ ./default.nix ../git.nix + (servephpBB [ "rote-allez-fraktion.de" ]) ]; security.acme = { certs."lassul.us" = { - email = "lass@lassul.us"; - webroot = "/var/lib/acme/acme-challenges"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - "full.pem" - ]; allowKeysForGroup = true; group = "lasscert"; }; @@ -71,13 +119,11 @@ in { ]; services.nginx.virtualHosts."lassul.us" = { + enableACME = true; serverAliases = [ "lassul.us" ]; locations."/".extraConfig = '' root /srv/http/lassul.us; ''; - locations."/.well-known/acme-challenge".extraConfig = '' - root /var/lib/acme/challenges/lassul.us/; - ''; locations."= /retiolum-hosts.tar.bz2".extraConfig = '' alias ${config.krebs.tinc.retiolum.hostsArchive}; ''; diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix index 2fbc31677..adbcd353d 100644 --- a/lass/2configs/xresources.nix +++ b/lass/2configs/xresources.nix @@ -8,8 +8,8 @@ let URxvt*scrollBar: false URxvt*urgentOnBell: true URxvt*SaveLines: 4096 - URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 - URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 + URxvt*font: ${config.lass.myFont} + URxvt*boldFont: ${config.lass.myFont} ! ref https://github.com/muennich/urxvt-perls URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl diff --git a/lass/3modules/umts.nix b/lass/3modules/umts.nix index c93c65ad2..207278440 100644 --- a/lass/3modules/umts.nix +++ b/lass/3modules/umts.nix @@ -61,6 +61,7 @@ let ''; wvdial-defaults = '' + [Dialer Defaults] Modem = ${cfg.modem} ${cfg.initstrings} Modem Type = Analog Modem @@ -70,6 +71,7 @@ let Password = ${cfg.password} Stupid Mode = 1 Idle Seconds = 0 + PPPD Path = ${pkgs.ppp}/bin/pppd ''; imp = { @@ -77,6 +79,10 @@ let umts = "sudo ${umts-bin}/bin/umts"; }; + environment.systemPackages = [ + pkgs.ppp + ]; + security.sudo.extraConfig = '' lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts ''; diff --git a/lass/5pkgs/acronym/default.nix b/lass/5pkgs/acronym/default.nix index 9f6f95587..8380b220a 100644 --- a/lass/5pkgs/acronym/default.nix +++ b/lass/5pkgs/acronym/default.nix @@ -6,7 +6,7 @@ pkgs.writeScriptBin "acronym" '' acro=$1 - curl -s http://www.acronymfinder.com/$acro.html \ + curl -L -s http://www.acronymfinder.com/$acro.html \ | grep 'class="result-list__body__rank"' \ | sed ' s/.*title="\([^"]*\)".*/\1/ diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 6e6ba56fa..46633ba1a 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -1,8 +1,9 @@ -{ pkgs, ... }@args: +{ config, pkgs, ... }@args: { nixpkgs.config.packageOverrides = rec { acronym = pkgs.callPackage ./acronym/default.nix {}; + dpass = pkgs.callPackage ./dpass {}; ejabberd = pkgs.callPackage ./ejabberd { erlang = pkgs.erlangR16; }; @@ -20,7 +21,7 @@ rs = pkgs.callPackage ./rs/default.nix {}; urban = pkgs.callPackage ./urban/default.nix {}; xml2json = pkgs.callPackage ./xml2json/default.nix {}; - xmonad-lass = import ./xmonad-lass.nix { inherit pkgs; }; + xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; }; yt-next = pkgs.callPackage ./yt-next/default.nix {}; }; } diff --git a/lass/5pkgs/dpass/default.nix b/lass/5pkgs/dpass/default.nix new file mode 100644 index 000000000..7e75d50c7 --- /dev/null +++ b/lass/5pkgs/dpass/default.nix @@ -0,0 +1,12 @@ +{ pass, writeOut, writeDash, ... }: + +writeOut "dsco-pass" { + "/bin/dpass".link = writeDash "dpass" '' + PASSWORD_STORE_DIR=$HOME/.dpasswordstore \ + exec ${pass}/bin/pass $@ + ''; + "/bin/dpassmenu".link = writeDash "dpassmenu" '' + PASSWORD_STORE_DIR=$HOME/.dpasswordstore \ + exec ${pass}/bin/passmenu $@ + ''; +} diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 67a1dc787..0a2945c21 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: pkgs.writeHaskell "xmonad-lass" { executables.xmonad = { extra-depends = [ @@ -40,7 +40,7 @@ import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin)) import XMonad.Layout.NoBorders (smartBorders) -import XMonad.Prompt (autoComplete, searchPredicate, XPConfig) +import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Util.EZConfig (additionalKeysP) import XMonad.Layout.SimpleFloat (simpleFloat) @@ -51,7 +51,7 @@ urxvtcPath :: FilePath urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc" myFont :: String -myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" +myFont = "${config.lass.myFont}" main :: IO () main = getArgs >>= \case @@ -99,6 +99,7 @@ myKeyMap = , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") + , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") , ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%") @@ -107,13 +108,14 @@ myKeyMap = , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill") , ("M4-a", focusUrgent) - , ("M4-S-r", renameWorkspace def) - , ("M4-S-a", addWorkspacePrompt def) + , ("M4-S-r", renameWorkspace myXPConfig) + , ("M4-S-a", addWorkspacePrompt myXPConfig) , ("M4-S-<Backspace>", removeEmptyWorkspace) , ("M4-S-c", kill1) , ("M4-<Esc>", toggleWS) , ("M4-S-<Enter>", spawn urxvtcPath) , ("M4-x", floatNext True >> spawn urxvtcPath) + , ("M4-c", floatNext True >> spawn "${pkgs.termite}/bin/termite") , ("M4-f", floatNext True) , ("M4-b", sendMessage ToggleStruts) @@ -141,8 +143,13 @@ forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () forkFile path args env = xfork (executeFile path False args env) >> return () +myXPConfig :: XPConfig +myXPConfig = def + { font = myFont + } + autoXPConfig :: XPConfig -autoXPConfig = def +autoXPConfig = myXPConfig { autoComplete = Just 5000 } diff --git a/lass/source.nix b/lass/source.nix index 01631bef1..9cc08299b 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -15,7 +15,7 @@ in # 87a4615 & 334ac4f # + acme permissions for groups # fd7a8f1 - ref = "d151161"; + ref = "2d3b4fe"; }; secrets.file = getAttr builder { buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>; diff --git a/lib/shell.nix b/lib/shell.nix index f9779028e..5be8d6759 100644 --- a/lib/shell.nix +++ b/lib/shell.nix @@ -7,10 +7,13 @@ rec { let isSafeChar = testString "[-+./0-9:=A-Z_a-z]"; in - stringAsChars (c: - if isSafeChar c then c - else if c == "\n" then "'\n'" - else "\\${c}"); + x: + if x == "" then "''" + else stringAsChars (c: + if isSafeChar c then c + else if c == "\n" then "'\n'" + else "\\${c}" + ) x; # # shell script generators diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 934bfa685..2f288e708 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -40,7 +40,7 @@ in { # services <stockholm/makefu/2configs/share/gum.nix> <stockholm/makefu/2configs/sabnzbd.nix> - <stockholm/makefu/2configs/torrent.nix> + # <stockholm/makefu/2configs/torrent.nix> <stockholm/makefu/2configs/iodined.nix> <stockholm/makefu/2configs/vpn/openvpn-server.nix> <stockholm/makefu/2configs/dnscrypt/server.nix> diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 4c93a7a3e..32cd3f900 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -60,6 +60,7 @@ in { <stockholm/makefu/2configs/stats/nodisk-client.nix> # logs to influx <stockholm/makefu/2configs/stats/external/aralast.nix> + <stockholm/makefu/2configs/stats/telegraf> # services <stockholm/makefu/2configs/syncthing.nix> @@ -77,6 +78,9 @@ in { ## as long as pyload is not in nixpkgs: # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload + + # Temporary: + <stockholm/makefu/2configs/temp/rst-issue.nix> ]; makefu.full-populate = true; makefu.server.primary-itf = primaryInterface; diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index faa29f3db..892eb1095 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -56,7 +56,6 @@ with import <stockholm/lib>; <stockholm/makefu/2configs/git/brain-retiolum.nix> <stockholm/makefu/2configs/tor.nix> <stockholm/makefu/2configs/vpn/vpngate.nix> - <stockholm/makefu/2configs/steam.nix> # <stockholm/makefu/2configs/buildbot-standalone.nix> # Hardware diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 0865a0841..51e69d8b7 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -14,17 +14,20 @@ in { # scanners are printers just in reverse anyway services.saned.enable = true; - users.users."${mainUser}".extraGroups = [ "scanner" ]; + users.users."${mainUser}".extraGroups = [ "scanner" "lp" ]; hardware.sane = { enable = true; - extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; + extraBackends = [ ]; # $ scanimage -p --format=jpg --mode=Gray --source="Automatic Document Feeder" -v --batch="lol%d.jpg" --resolution=150 # requires 'sane-extra', scan via: - extraConfig."magicolor" = '' - net 10.42.20.30 0x2098 - ''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf + #extraConfig."magicolor" = '' + # net 10.42.20.30 0x2098 + #''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf + extraConfig."xerox_mfp" = '' + tcp 192.168.1.5 + ''; #home printer SCX-3205W }; } diff --git a/makefu/2configs/stats/telegraf/default.nix b/makefu/2configs/stats/telegraf/default.nix new file mode 100644 index 000000000..4da6561d6 --- /dev/null +++ b/makefu/2configs/stats/telegraf/default.nix @@ -0,0 +1,20 @@ +{...}: +let + url = "http://localhost:8086"; +in { + imports = [ + ./europastats.nix + ]; + services.telegraf = { + enable = true; + extraConfig = { + agent.debug = true; + outputs = { + influxdb = [{ + urls = [ url ]; + database = "telegraf"; + }]; + }; + }; + }; +} diff --git a/makefu/2configs/stats/telegraf/europastats.nix b/makefu/2configs/stats/telegraf/europastats.nix new file mode 100644 index 000000000..9249280c5 --- /dev/null +++ b/makefu/2configs/stats/telegraf/europastats.nix @@ -0,0 +1,43 @@ +{ pkgs, ...}: +let + pkg = with pkgs.python3Packages;buildPythonPackage rec { + rev = "be31da7"; + name = "europastats-${rev}"; + propagatedBuildInputs = [ + requests2 + docopt + ]; + src = pkgs.fetchgit { + url = "http://cgit.euer.krebsco.de/europastats"; + inherit rev; + sha256 = "0qj18vgj9nm6aisyqhk3iz3rf8xp7mn5jc6sfylcaw588a9sjfvc"; + }; + }; +in { + services.telegraf.extraConfig.inputs.exec = [ + { + commands = [ "${pkg}/bin/europa-attractions"]; + timeout = "1m"; + data_format = "json"; + name_override = "europawaiting"; + interval = "1m"; + tag_keys = [ + "status" + "type" + "name" + ]; + } + { + commands = [ "${pkg}/bin/europa-weather"]; + timeout = "20s"; + data_format = "json"; + name_override = "europaweather"; + interval = "10m"; + tag_keys = [ + "type" + "name" + "offset" + ]; + } + ]; +} diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index c7a116918..7755e2872 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -7,6 +7,7 @@ ./extra-gui.nix ./games.nix ./media.nix + ./scanner-tools.nix ./sec.nix ./sec-gui.nix ./studio.nix diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 47f06287b..8e815da5e 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -1,8 +1,10 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = with pkgs; [ - steam + imports = [ + ./steam.nix + ]; + users.users.makefu.packages = with pkgs; [ games-user-env ]; } diff --git a/makefu/2configs/tools/scanner-tools.nix b/makefu/2configs/tools/scanner-tools.nix new file mode 100644 index 000000000..ef2e913e4 --- /dev/null +++ b/makefu/2configs/tools/scanner-tools.nix @@ -0,0 +1,7 @@ +{ + # ln -s /run/current-system/sw/bin/xsane ~/.gimp-2.8/plug-ins/xsane + nixpkgs.config.packageOverrides = pkgs: { + xsaneGimp = pkgs.xsane.override { gimpSupport = true; }; + }; +} + diff --git a/makefu/2configs/steam.nix b/makefu/2configs/tools/steam.nix index d4ec84abf..dbe51270d 100644 --- a/makefu/2configs/steam.nix +++ b/makefu/2configs/tools/steam.nix @@ -1,6 +1,10 @@ {pkgs, ...}: { - environment.systemPackages = [ pkgs.steam ]; + environment.systemPackages = [ + (pkgs.steam.override { + newStdcpp = true; + }) + ]; hardware.opengl.driSupport32Bit = true; hardware.pulseaudio.support32Bit = true; } diff --git a/makefu/2configs/virtualisation/docker.nix b/makefu/2configs/virtualisation/docker.nix index ddef9e371..951bdbf26 100644 --- a/makefu/2configs/virtualisation/docker.nix +++ b/makefu/2configs/virtualisation/docker.nix @@ -1,8 +1,9 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { virtualisation.docker.enable = true; environment.systemPackages = with pkgs;[ docker docker_compose ]; + users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "docker" ]; } diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix index 3d1d9fe75..e62a3f748 100644 --- a/makefu/2configs/vncserver.nix +++ b/makefu/2configs/vncserver.nix @@ -33,7 +33,7 @@ in { serviceConfig = { User = "nobody"; ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}"; - PrivateTmp = true; + PrivateTmp = true; }; }; }; @@ -6,43 +6,38 @@ let # high level commands # - # usage: deploy - # [--force-populate] - # [--quiet] - # [--source=PATH] - # --system=SYSTEM - # [--target=TARGET] - # [--user=USER] - cmds.deploy = pkgs.writeDash "cmds.deploy" '' + cmds.deploy = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target.default = /* sh */ "$system"; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeDash "cmds.deploy" '' set -efu - command=deploy - . ${init.args} - \test -n "''${quiet-}" || quiet=false - \test -n "''${target-}" || target=$system - \test -n "''${user-}" || user=$LOGNAME - \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix . ${init.env} - . ${init.proxy} + . ${init.proxy opts} exec ${utils.deploy} - ''; - - # usage: install - # [--force-populate] - # [--quiet] - # [--source=PATH] - # --system=SYSTEM - # --target=TARGET - # [--user=USER] - cmds.install = pkgs.writeBash "cmds.install" '' + ''); + + cmds.install = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target = {}; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeBash "cmds.install" '' set -efu - command=install - . ${init.args} - \test -n "''${quiet-}" || quiet=false - \test -n "''${user-}" || user=$LOGNAME - \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix . ${init.env} if \test "''${using_proxy-}" != true; then @@ -55,7 +50,7 @@ let # TODO inline prepare.sh? fi - . ${init.proxy} + . ${init.proxy opts} # Reset PATH because we need access to nixos-install. # TODO provide nixos-install instead of relying on prepare.sh @@ -75,30 +70,28 @@ let cd exec nixos-install - ''; - - # usage: test - # [--force-populate] - # [--quiet] - # [--source=PATH] - # --system=SYSTEM - # --target=TARGET - # [--user=USER] - cmds.test = pkgs.writeDash "cmds.test" /* sh */ '' + ''); + + cmds.test = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target = {}; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeDash "cmds.test" /* sh */ '' set -efu export dummy_secrets=true - command=test - . ${init.args} - \test -n "''${quiet-}" || quiet=false - \test -n "''${user-}" || user=$LOGNAME - \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix . ${init.env} - . ${init.proxy} + . ${init.proxy opts} exec ${utils.build} config.system.build.toplevel - ''; + ''); # # low level commands @@ -118,19 +111,13 @@ let # usage: parse-target [--default=TARGET] TARGET # TARGET = [USER@]HOST[:PORT][/PATH] - cmds.parse-target = pkgs.writeDash "cmds.parse-target" '' + cmds.parse-target = pkgs.withGetopt { + default_target = { + long = "default"; + short = "d"; + }; + } (opts: pkgs.writeDash "cmds.parse-target" '' set -efu - args=$(${pkgs.utillinux}/bin/getopt -n "$0" -s sh \ - -o d: \ - -l default: \ - -- "$@") - if \test $? != 0; then exit 1; fi - eval set -- "$args" - default_target= - while :; do case $1 in - -d|--default) default_target=$2; shift 2;; - --) shift; break;; - esac; done target=$1; shift for arg; do echo "$0: bad argument: $arg" >&2; done if \test $# != 0; then exit 2; fi @@ -149,7 +136,7 @@ let ($default_target | parse) + ($target | parse | sanitize) | . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) } ''} - ''; + ''); # usage: quote [ARGS...] cmds.quote = pkgs.writeDash "cmds.quote" '' @@ -163,28 +150,6 @@ let echo ''; - init.args = pkgs.writeText "init.args" /* sh */ '' - args=$(${pkgs.utillinux}/bin/getopt -n "$command" -s sh \ - -o Qs:t:u: \ - -l force-populate,quiet,source:,system:,target:,user: \ - -- "$@") - if \test $? != 0; then exit 1; fi - eval set -- "$args" - force_populate=false - source_file= - while :; do case $1 in - --force-populate) force_populate=true; shift;; - -Q|--quiet) quiet=true; shift;; - --source) source_file=$2; shift 2;; - -s|--system) system=$2; shift 2;; - -t|--target) target=$2; shift 2;; - -u|--user) user=$2; shift 2;; - --) shift; break;; - esac; done - for arg; do echo "$command: bad argument: $arg" >&2; done - if \test $# != 0; then exit 2; fi - ''; - init.env = pkgs.writeText "init.env" /* sh */ '' export quiet export system @@ -201,7 +166,7 @@ let export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" ''; - init.proxy = pkgs.writeText "init.proxy" /* sh */ '' + init.proxy = opts: pkgs.writeText "init.proxy" /* sh */ '' if \test "''${using_proxy-}" != true; then source=$(get-source "$source_file") @@ -219,11 +184,12 @@ let NIX_PATH=$(quote "$target_path") \ STOCKHOLM_VERSION=$(quote "$STOCKHOLM_VERSION") \ nix-shell --run "$(quote " - quiet=$(quote "$quiet") \ - system=$(quote "$system") \ - target=$(quote "$target") \ + ${lib.concatStringsSep " " (lib.mapAttrsToList + (name: opt: /* sh */ "${opt.varname}=\$(quote ${opt.ref})") + opts + )} \ using_proxy=true \ - $(quote "$command" "$@") + $(quote "$0" "$@") ")" fi fi diff --git a/tv/1systems/cd/config.nix b/tv/1systems/cd/config.nix deleted file mode 100644 index 341a62e45..000000000 --- a/tv/1systems/cd/config.nix +++ /dev/null @@ -1,35 +0,0 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let - - bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1"; - -in { - krebs.build.host = config.krebs.hosts.cd; - - imports = [ - <stockholm/tv> - <stockholm/tv/2configs/hw/CAC-Developer-2.nix> - <stockholm/tv/2configs/fs/CAC-CentOS-7-64bit.nix> - <stockholm/tv/2configs/exim-smarthost.nix> - <stockholm/tv/2configs/retiolum.nix> - ]; - - networking = let - address = config.krebs.build.host.nets.internet.ip4.addr; - in { - defaultGateway = bestGuessGateway address; - interfaces.enp2s1.ip4 = singleton { - inherit address; - prefixLength = 24; - }; - nameservers = ["8.8.8.8"]; - }; - - environment.systemPackages = with pkgs; [ - iftop - iotop - iptables - nethogs - tcpdump - ]; -} diff --git a/tv/1systems/cd/source.nix b/tv/1systems/cd/source.nix deleted file mode 100644 index 019e8bc22..000000000 --- a/tv/1systems/cd/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/tv/source.nix> { - name = "cd"; -} diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix index 79b5aa269..5c593894a 100644 --- a/tv/1systems/wu/config.nix +++ b/tv/1systems/wu/config.nix @@ -8,7 +8,6 @@ with import <stockholm/lib>; <stockholm/tv/2configs/hw/w110er.nix> <stockholm/tv/2configs/exim-retiolum.nix> <stockholm/tv/2configs/gitrepos.nix> - <stockholm/tv/2configs/im.nix> <stockholm/tv/2configs/mail-client.nix> <stockholm/tv/2configs/man.nix> <stockholm/tv/2configs/nginx/public_html.nix> diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 0abd544ce..0363c983d 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -16,6 +16,7 @@ with import <stockholm/lib>; <stockholm/tv/2configs/pulse.nix> <stockholm/tv/2configs/retiolum.nix> <stockholm/tv/2configs/binary-cache> + <stockholm/tv/2configs/br.nix> <stockholm/tv/2configs/xserver> { environment.systemPackages = with pkgs; [ @@ -155,5 +156,10 @@ with import <stockholm/lib>; # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "15.09"; + tv.nixpkgs-overlays = { + krebs = "/home/tv/stockholm/krebs/5pkgs"; + tv = "/home/tv/stockholm/tv/5pkgs"; + }; + virtualisation.virtualbox.host.enable = true; } diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index 46e3f70f2..f76fb2e01 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -52,12 +52,6 @@ with import <stockholm/lib>; dst = { host = config.krebs.hosts.zu; path = "/bku/xu-home"; }; startAt = "06:20"; }; - xu-pull-cd-home = { - method = "pull"; - src = { host = config.krebs.hosts.cd; path = "/home"; }; - dst = { host = config.krebs.hosts.xu; path = "/bku/cd-home"; }; - startAt = "07:00"; - }; xu-pull-ni-ejabberd = { method = "pull"; src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; }; @@ -76,12 +70,6 @@ with import <stockholm/lib>; dst = { host = config.krebs.hosts.xu; path = "/bku/zu-home"; }; startAt = "05:00"; }; - zu-pull-cd-home = { - method = "pull"; - src = { host = config.krebs.hosts.cd; path = "/home"; }; - dst = { host = config.krebs.hosts.zu; path = "/bku/cd-home"; }; - startAt = "06:30"; - }; zu-pull-ni-ejabberd = { method = "pull"; src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; }; diff --git a/tv/2configs/br.nix b/tv/2configs/br.nix new file mode 100644 index 000000000..c7eb20e90 --- /dev/null +++ b/tv/2configs/br.nix @@ -0,0 +1,49 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: { + + imports = [ + <nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix> + ]; + + krebs.nixpkgs.allowUnfreePredicate = pkg: any (flip hasPrefix pkg.name) [ + "brother-udev-rule-type1-" + "brscan4-" + "mfcl2700dnlpr-" + ]; + + hardware.sane = { + enable = true; + brscan4 = { + enable = true; + netDevices = { + bra = { + model = "MFCL2700DN"; + ip = "10.23.1.214"; + }; + }; + }; + }; + + services.saned.enable = true; + + # usage: scanimage -d "$(find-scanner bra)" --batch --format=tiff --resolution 150 -x 211 -y 298 + environment.systemPackages = [ + (pkgs.writeDashBin "find-scanner" '' + set -efu + name=$1 + ${pkgs.sane-backends}/bin/scanimage -f '%m %d + ' \ + | ${pkgs.gawk}/bin/awk -v dev="*$name" '$1 == dev { print $2; exit }' \ + | ${pkgs.gnugrep}/bin/grep . + '') + ]; + + services.printing = { + enable = true; + drivers = [ + pkgs.mfcl2700dncupswrapper + ]; + }; + + systemd.services.cups.serviceConfig.PrivateTmp = true; +} diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 241a16b25..9ad0253a3 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -90,11 +90,7 @@ with import <stockholm/lib>; environment.variables = { NIX_PATH = mkForce (concatStringsSep ":" [ "secrets=/var/src/stockholm/null" - "nixpkgs-overlays=${pkgs.runCommand "nixpkgs-overlays" {} '' - mkdir $out - ln -s /home/tv/stockholm/krebs/5pkgs $out/krebs - ln -s /home/tv/stockholm/tv/5pkgs $out/tv - ''}" + "nixpkgs-overlays=${config.tv.nixpkgs-overlays}" "/var/src" ]); }; diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 859dc122c..e252f2e1d 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -52,7 +52,7 @@ in { systemd.services.charybdis = { wantedBy = [ "multi-user.target" ]; requires = [ "secret.service" ]; - after = [ "network.target" "secret.service" ]; + after = [ "network-online.target" "secret.service" ]; environment = { BANDB_DBPATH = "${cfg.user.home}/ban.db"; }; diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 83dc212a6..57ffbfab8 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -6,6 +6,7 @@ _: ./ejabberd ./hosts.nix ./iptables.nix + ./nixpkgs-overlays.nix ./x0vncserver.nix ]; } diff --git a/tv/3modules/nixpkgs-overlays.nix b/tv/3modules/nixpkgs-overlays.nix new file mode 100644 index 000000000..4eb7a86bd --- /dev/null +++ b/tv/3modules/nixpkgs-overlays.nix @@ -0,0 +1,23 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: { + + options.tv.nixpkgs-overlays = mkOption { + apply = src: + pkgs.runCommand "nixpkgs-overlays" {} '' + mkdir $out + ${concatStringsSep "\n" (mapAttrsToList (name: path: + "ln -s ${shell.escape path} $out/${shell.escape name}" + ) src)} + '' // { + inherit src; + }; + type = types.attrsOf types.absolute-pathname; + }; + + config = { + tv.nixpkgs-overlays = { + krebs = mkDefault "/var/src/stockholm/krebs/5pkgs"; + tv = mkDefault "/var/src/stockholm/tv/5pkgs"; + }; + }; +} diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 8a7a613ba..1796609a9 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -24,6 +24,10 @@ foldl' mergeAttrs {} "$@" ''; + gitAndTools = super.gitAndTools // { + inherit (self) diff-so-fancy; + }; + ff = self.writeDashBin "ff" '' exec ${self.firefoxWrapper}/bin/firefox "$@" ''; diff --git a/tv/5pkgs/simple/diff-so-fancy.nix b/tv/5pkgs/simple/diff-so-fancy.nix new file mode 100644 index 000000000..9ce6d9234 --- /dev/null +++ b/tv/5pkgs/simple/diff-so-fancy.nix @@ -0,0 +1,48 @@ +{stdenv, git, perl, ncurses, coreutils, fetchFromGitHub, makeWrapper, ...}: + +stdenv.mkDerivation rec { + name = "diff-so-fancy-${version}"; + version = "ed8cf17"; + + src = fetchFromGitHub { + owner = "so-fancy"; + repo = "diff-so-fancy"; + rev = "ed8cf1763d38bdd79ceb55a73b9ce7e30f1e184d"; + sha256 = "176qn0w2rn6mr5ymvkblyiznqq7yyibfsnnjfivcyhz69w6yr9r9"; + }; + + # Perl is needed here for patchShebangs + nativeBuildInputs = [ perl makeWrapper ]; + + buildPhase = null; + + installPhase = '' + mkdir -p $out/bin $out/lib/diff-so-fancy + + # diff-so-fancy executable searches for it's library relative to + # itself, so we are copying executable to lib, and only symlink it + # from bin/ + cp diff-so-fancy $out/lib/diff-so-fancy + cp -r lib $out/lib/diff-so-fancy + ln -s $out/lib/diff-so-fancy/diff-so-fancy $out/bin + + # ncurses is needed for `tput` + wrapProgram $out/lib/diff-so-fancy/diff-so-fancy \ + --prefix PATH : "${git}/share/git/contrib/diff-highlight" \ + --prefix PATH : "${git}/bin" \ + --prefix PATH : "${coreutils}/bin" \ + --prefix PATH : "${ncurses.out}/bin" + ''; + + meta = with stdenv.lib; { + homepage = https://github.com/so-fancy/diff-so-fancy; + description = "Good-looking diffs filter for git"; + license = licenses.mit; + platforms = platforms.all; + longDescription = '' + diff-so-fancy builds on the good-lookin' output of git contrib's + diff-highlight to upgrade your diffs' appearances. + ''; + maintainers = with maintainers; [ fpletz ]; + }; +} diff --git a/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix b/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix new file mode 100644 index 000000000..1ef018b33 --- /dev/null +++ b/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix @@ -0,0 +1,45 @@ +{ coreutils, dpkg, fetchurl, gnugrep, gnused, makeWrapper, mfcl2700dnlpr, +perl, stdenv }: + +stdenv.mkDerivation rec { + name = "mfcl2700dncupswrapper-${meta.version}"; + + src = fetchurl { + url = "http://download.brother.com/welcome/dlf102086/${name}.i386.deb"; + sha256 = "07w48mah0xbv4h8vsh1qd5cd4b463bx8y6gc5x9pfgsxsy6h6da1"; + }; + + nativeBuildInputs = [ dpkg makeWrapper ]; + + phases = [ "installPhase" ]; + + installPhase = '' + dpkg-deb -x $src $out + + basedir=${mfcl2700dnlpr}/opt/brother/Printers/MFCL2700DN + dir=$out/opt/brother/Printers/MFCL2700DN + + substituteInPlace $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN \ + --replace /usr/bin/perl ${perl}/bin/perl \ + --replace "basedir =~" "basedir = \"$basedir\"; #" \ + --replace "PRINTER =~" "PRINTER = \"MFCL2700DN\"; #" + + wrapProgram $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN \ + --prefix PATH : ${stdenv.lib.makeBinPath [ coreutils gnugrep gnused ]} + + mkdir -p $out/lib/cups/filter + mkdir -p $out/share/cups/model + + ln $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN $out/lib/cups/filter + ln $dir/cupswrapper/brother-MFCL2700DN-cups-en.ppd $out/share/cups/model + ''; + + meta = { + description = "Brother MFC-L2700DN CUPS wrapper driver"; + homepage = "http://www.brother.com/"; + license = stdenv.lib.licenses.gpl2Plus; + maintainers = [ stdenv.lib.maintainers.tv ]; + platforms = stdenv.lib.platforms.linux; + version = "3.2.0-1"; + }; +} diff --git a/tv/5pkgs/simple/mfcl2700dnlpr/default.nix b/tv/5pkgs/simple/mfcl2700dnlpr/default.nix new file mode 100644 index 000000000..fc11b53e9 --- /dev/null +++ b/tv/5pkgs/simple/mfcl2700dnlpr/default.nix @@ -0,0 +1,44 @@ +{ coreutils, dpkg, fetchurl, ghostscript, gnugrep, gnused, pkgsi686Linux, makeWrapper, perl, stdenv, which }: + +stdenv.mkDerivation rec { + name = "mfcl2700dnlpr-${meta.version}"; + + src = fetchurl { + url = "http://download.brother.com/welcome/dlf102085/${name}.i386.deb"; + sha256 = "170qdzxlqikzvv2wphvfb37m19mn13az4aj88md87ka3rl5knk4m"; + }; + + nativeBuildInputs = [ dpkg makeWrapper ]; + + phases = [ "installPhase" ]; + + installPhase = '' + dpkg-deb -x $src $out + + dir=$out/opt/brother/Printers/MFCL2700DN + + substituteInPlace $dir/lpd/filter_MFCL2700DN \ + --replace /usr/bin/perl ${perl}/bin/perl \ + --replace "BR_PRT_PATH =~" "BR_PRT_PATH = \"$dir\"; #" \ + --replace "PRINTER =~" "PRINTER = \"MFCL2700DN\"; #" + + wrapProgram $dir/lpd/filter_MFCL2700DN \ + --prefix PATH : ${stdenv.lib.makeBinPath [ + coreutils ghostscript gnugrep gnused which + ]} + + interpreter=${pkgsi686Linux.stdenv.cc.libc.out}/lib/ld-linux.so.2 + patchelf --set-interpreter "$interpreter" $dir/inf/braddprinter + patchelf --set-interpreter "$interpreter" $dir/lpd/brprintconflsr3 + patchelf --set-interpreter "$interpreter" $dir/lpd/rawtobr3 + ''; + + meta = { + description = "Brother MFC-L2700DN LPR driver"; + homepage = "http://www.brother.com/"; + license = stdenv.lib.licenses.unfree; + maintainers = [ stdenv.lib.maintainers.tv ]; + platforms = stdenv.lib.platforms.linux; + version = "3.2.0-1"; + }; +} diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix index 2e7aa5cf2..655c75e1b 100644 --- a/tv/5pkgs/simple/q/default.nix +++ b/tv/5pkgs/simple/q/default.nix @@ -262,7 +262,7 @@ let ''; q-todo = '' - TODO_file=$HOME/TODO + TODO_file=$PWD/TODO if test -e "$TODO_file"; then ${pkgs.coreutils}/bin/cat "$TODO_file" \ | ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) ' @@ -294,13 +294,7 @@ in pkgs.writeBashBin "q" '' set -eu export PATH=/var/empty - (${q-todo}) || : - if [ "$PWD" != "$HOME" ]; then - (HOME=$PWD; ${q-todo}) || : - fi - echo ${q-cal} - echo ${q-isodate} ${q-sgtdate} (${q-gitdir}) & @@ -311,4 +305,14 @@ pkgs.writeBashBin "q" '' (${q-online}) & (${q-thermal_zone}) & wait + if test "$PWD" != "$HOME" && test -e "$HOME/TODO"; then + TODO_home_entries=$(cd; (${q-todo}) | ${pkgs.coreutils}/bin/wc -l) + if test "$TODO_home_entries" = 1; then + TODO_format='There is %d entry in ~/TODO' + else + TODO_format='There are %d entries in ~/TODO' + fi + printf "\x1b[38;5;238m$TODO_format\x1b[m\n" "$TODO_home_entries" + fi + (${q-todo}) || : '' |