diff options
42 files changed, 717 insertions, 216 deletions
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 9e5f8c52e..9c491c8a1 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -8,6 +8,7 @@ imports = [ # Include the results of the hardware scan. <stockholm/jeschli> + <stockholm/jeschli/2configs/virtualbox.nix> ./hardware-configuration.nix # ./dcso-vpn.nix ]; diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix new file mode 100644 index 000000000..83640801f --- /dev/null +++ b/jeschli/1systems/bolide/config.nix @@ -0,0 +1,142 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + <stockholm/jeschli> + <stockholm/jeschli/2configs/urxvt.nix> + ]; + + krebs.build.host = config.krebs.hosts.bolide; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sdb"; # or "nodev" for efi only + boot.initrd.luks.devices = [ { + name = "bla"; + device = "/dev/disk/by-uuid/53f1eeaf-a7ac-456c-a2af-778dd8b8d5b0"; + preLVM = true; + allowDiscards = true; + } ]; +# networking.hostName = "bolide"; # Define your hostname. + networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + environment.shellAliases = { + n = "nix-shell"; + stocki = pkgs.writeDash "deploy" '' + cd ~/stockholm + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bolide"' + ''; + }; + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ + wget vim + # system helper + ag + curl + copyq + dmenu + git + i3lock + keepass + networkmanagerapplet + rsync + terminator + tmux + wget + # rxvt_unicode + # editors + emacs + # internet + thunderbird + chromium + google-chrome + # programming languages + go + gcc + ghc + python35 + python35Packages.pip + # go tools + golint + gotools + # dev tools + elmPackages.elm + gnumake + jetbrains.pycharm-professional + jetbrains.webstorm + jetbrains.goland + # document viewer + zathura + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.bash.enableCompletion = true; + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + services.xserver.displayManager.sddm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.xmonad.enableContribAndExtras = true; + # Enable touchpad support. + # services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + # services.xserver.displayManager.sddm.enable = true; + # services.xserver.desktopManager.plasma5.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.jeschli = { + isNormalUser = true; + uid = 1000; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "17.09"; # Did you read the comment? + +} + diff --git a/jeschli/1systems/bolide/hardware-configuration.nix b/jeschli/1systems/bolide/hardware-configuration.nix new file mode 100644 index 000000000..183b29e42 --- /dev/null +++ b/jeschli/1systems/bolide/hardware-configuration.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" "wl" ]; + boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; + + fileSystems."/" = + { device = "/dev/bolide-pool/bolide-root"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/bolide-pool/bolide-home"; + fsType = "ext4"; + }; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3aeb67c4-5b6e-4df2-8013-607fe0fb8525"; + fsType = "ext4"; + }; + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 8; + powerManagement.cpuFreqGovernor = "powersave"; +} diff --git a/jeschli/1systems/bolide/source.nix b/jeschli/1systems/bolide/source.nix new file mode 100644 index 000000000..0bd7af50f --- /dev/null +++ b/jeschli/1systems/bolide/source.nix @@ -0,0 +1,4 @@ +import <stockholm/jeschli/source.nix> { + name = "bolide"; + secure = true; +} diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 2dec45795..e4109c638 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -35,6 +35,13 @@ time.timeZone = "Europe/Amsterdam"; nixpkgs.config.allowUnfree = true; # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget + environment.shellAliases = { + n = "nix-shell"; + stocki = pkgs.writeDash "deploy" '' + cd ~/stockholm + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="brauerei"' + ''; + }; environment.systemPackages = with pkgs; [ # system helper ag diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix index 010089017..76e718699 100644 --- a/jeschli/1systems/enklave/config.nix +++ b/jeschli/1systems/enklave/config.nix @@ -4,6 +4,7 @@ imports = [ <stockholm/jeschli> <stockholm/jeschli/2configs/retiolum.nix> + <stockholm/jeschli/2configs/IM.nix> <stockholm/jeschli/2configs/os-templates/CentOS-7-64bit.nix> { networking.dhcpcd.allowInterfaces = [ diff --git a/jeschli/2configs/IM.nix b/jeschli/2configs/IM.nix new file mode 100644 index 000000000..171b78242 --- /dev/null +++ b/jeschli/2configs/IM.nix @@ -0,0 +1,56 @@ +with (import <stockholm/lib>); +{ config, lib, pkgs, ... }: +let + tmux = pkgs.writeDashBin "tmux" '' + export TERM=xterm-256color + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' + set-option -g default-terminal screen-256color + ''} "$@" + ''; +in { + + services.bitlbee = { + enable = true; + portNumber = 6666; + plugins = [ + pkgs.bitlbee-facebook + pkgs.bitlbee-steam + pkgs.bitlbee-discord + ]; + libpurple_plugins = [ pkgs.telegram-purple ]; + }; + + users.extraUsers.chat = { + home = "/home/chat"; + uid = genid "chat"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + jeschli.pubkey + jeschli-bln.pubkey + jeschli-brauerei.pubkey + ]; + packages = [ tmux ]; + }; + + + systemd.services.chat = { + description = "chat environment setup"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = false; + + path = [ + pkgs.rxvt_unicode.terminfo + ]; + + serviceConfig = { + User = "chat"; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = "${tmux}/bin/tmux -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; + ExecStop = "${tmux}/bin/tmux kill-session -t IM"; + }; + }; +} diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix index 6d788d283..0ac3708bb 100644 --- a/jeschli/2configs/default.nix +++ b/jeschli/2configs/default.nix @@ -23,6 +23,9 @@ with import <stockholm/lib>; proot populate + # aliases + (writeDashBin "irc" "ssh chat@enklave -t tmux a") + #style most rxvt_unicode.terminfo diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix index 1a2231a86..7721b1d40 100644 --- a/jeschli/2configs/vim.nix +++ b/jeschli/2configs/vim.nix @@ -1,5 +1,6 @@ { config, pkgs, ... }: +with import <stockholm/lib>; let customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { name = "vim-javascript"; @@ -16,72 +17,84 @@ let owner = "mxw"; repo = "vim-jsx"; rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; - sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; }; }; + in { -# { environment.systemPackages = [ (pkgs.vim_configurable.customize { name = "vim"; - - vimrcConfig.customRC = '' - set nocompatible - - :imap jk <Esc> - :vmap v v - :map gr :GoRun<Enter> - :nnoremap <S-TAB> :bnext<CR> - :nnoremap <C-TAB> <c-w><c-w> - :map nf :NERDTreeToggle<CR> - set autowrite - set number - set ruler - set path+=** - set wildmenu - - noremap x "_x - set clipboard=unnamedplus - - let g:jsx_ext_required = 0 - - let g:go_list_type = "quickfix" - let g:go_test_timeout = '10s' - let g:go_fmt_command = "goimports" - let g:go_snippet_case_type = "camelcase" - let g:go_highlight_types = 1 - let g:go_highlight_fields = 1 - let g:go_highlight_functions = 1 - let g:go_highlight_methods = 1 - let g:go_highlight_extra_types = 1 - autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 - let g:rehash256 = 1 - let g:molokai_original = 1 - colorscheme molokai - let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] - let g:go_metalinter_autosave = 1 - " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] - " let g:go_def_mode = 'godef' - " let g:go_decls_includes = "func,type" - - - " Trigger configuration. Do not use <tab> if you use https://github.com/Valloric/YouCompleteMe. - let g:UltiSnipsExpandTrigger="<c-e>" - let g:UltiSnipsJumpForwardTrigger="<c-t>" - let g:UltiSnipsJumpBackwardTrigger="<c-q>" - - " If you want :UltiSnipsEdit to split your window. - let g:UltiSnipsEditSplit="vertical" - - if has('persistent_undo') "check if your vim version supports it - set undofile "turn on the feature - set undodir=$HOME/.vim/undo "directory where the undo files will be stored - endif + vimrcConfig.customRC = let + colorscheme = ''colorscheme molokai''; + setStatements = '' + set autowrite + set clipboard=unnamedplus + set nocompatible + set path+=** + set ruler + set undodir=$HOME/.vim/undo "directory where the undo files will be stored + set undofile "turn on the feature + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set listchars=trail:¶ ''; - + remapStatements = '' + imap jk <Esc> + map gr :GoRun<Enter> " Map gr to execute go run + map nf :NERDTreeToggle<CR> + nnoremap <C-TAB> <c-w><c-w> + nnoremap <S-TAB> :bnext<CR> + noremap x "_x + vmap v v + ''; + settingsForGo = '' + let g:go_decls_includes = "func,type" + let g:go_def_mode = 'godef' + let g:go_fmt_command = "goimports" + let g:go_highlight_extra_types = 1 + let g:go_highlight_fields = 1 + let g:go_highlight_functions = 1 + let g:go_highlight_methods = 1 + let g:go_highlight_types = 1 + let g:go_list_type = "quickfix" + let g:go_metalinter_autosave = 1 + let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] + let g:go_snippet_case_type = "camelcase" + let g:go_test_timeout = '10s' + let g:jsx_ext_required = 0 + let g:molokai_original = 1 + let g:rehash256 = 1 + ''; + settingsForElm = '' + let g:polyglot_disabled = ['elm'] + let g:elm_detailed_complete = 1 + let g:elm_format_autosave = 1 + let g:elm_syntastic_show_warnings = 1 + ''; + in '' + ${colorscheme} + ${remapStatements} + ${setStatements} + ${settingsForElm} + ${settingsForGo} + " I dont know what this line is about + autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 + ''; vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; vimrcConfig.vam.pluginDictionaries = [ - { names = [ "undotree" "molokai" "Syntastic" "ctrlp" "surround" "snipmate" "nerdtree" "easymotion"]; } + { names = [ + "ctrlp" + "easymotion" + "molokai" + "nerdtree" + "snipmate" + "surround" + "Syntastic" + "undotree" + "elm-vim" + ]; + } { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } @@ -89,4 +102,35 @@ in { ]; }) ]; + + # set up the directories up if they are not there. +# Needs to be changed. +# vim = let +# dirs = { +# backupdir = "$HOME/.cache/vim/backup"; +# swapdir = "$HOME/.cache/vim/swap"; +# undodir = "$HOME/.cache/vim/undo"; +# }; +# files = { +# viminfo = "$HOME/.cache/vim/info"; +# }; +# +# mkdirs = let +# dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); +# in assert out != ""; out; +# alldirs = attrValues dirs ++ map dirOf (attrValues files); +# in unique (sort lessThan alldirs); +# in +# pkgs.symlinkJoin { +# name = "vim"; +# paths = [ +# (pkgs.writeDashBin "vim" '' +# set -efu +# (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) +# exec ${pkgs.vim}/bin/vim "$@" +# '') +# pkgs.vim +# ]; +# }; + } diff --git a/jeschli/2configs/virtualbox.nix b/jeschli/2configs/virtualbox.nix new file mode 100644 index 000000000..b2cb851a1 --- /dev/null +++ b/jeschli/2configs/virtualbox.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.markus; + +in { + #services.virtualboxHost.enable = true; + virtualisation.virtualbox.host.enable = true; + + users.extraUsers = { + virtual = { + name = "virtual"; + description = "user for running VirtualBox"; + home = "/home/virtual"; + useDefaultShell = true; + extraGroups = [ "vboxusers" "audio" ]; + createHome = true; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(virtual) NOPASSWD: ALL + ''; +} diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index d2664ef84..67257eacd 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -7,7 +7,6 @@ <stockholm/krebs/2configs/secret-passwords.nix> <stockholm/krebs/2configs/hw/x220.nix> - <stockholm/krebs/2configs/buildbot-krebs.nix> <stockholm/krebs/2configs/stats/puyak-client.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/prism.nix> diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 9d6955e7e..6addb0818 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -2,6 +2,9 @@ let shack-ip = config.krebs.build.host.nets.shack.ip4.addr; influx-host = "127.0.0.1"; + ext-if = "et0"; + external-mac = "52:54:b0:0b:af:fe"; + in { imports = [ @@ -12,7 +15,6 @@ in <stockholm/krebs/2configs/stats/wolf-client.nix> <stockholm/krebs/2configs/graphite.nix> - <stockholm/krebs/2configs/buildbot-krebs.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/prism.nix> @@ -112,7 +114,7 @@ in networking = { firewall.enable = false; firewall.allowedTCPPorts = [ 8088 8086 8083 ]; - interfaces.enp0s3.ip4 = [{ + interfaces."${ext-if}".ip4 = [{ address = shack-ip; prefixLength = 20; }]; @@ -161,6 +163,9 @@ in config.krebs.users.makefu-omo.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" + ''; time.timeZone = "Europe/Berlin"; sound.enable = false; diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 84b7d9c0e..48da88a8d 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -58,7 +58,7 @@ let ref = "heads/master"; }; }; - krebs.git = defineRepo name true; + krebs.git = defineRepo name false; }; in { diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index c7e882742..ed9bfad29 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -163,6 +163,43 @@ with import <stockholm/lib>; }; }; + bolide = { + nets = { + retiolum = { + ip4.addr = "10.243.27.31"; + ip6.addr = "42::31"; + aliases = [ + "bolide.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEAn9mkcX4WvyClMxiHgpvM7nNFbGuUVIxM71luzhfroTxMxcWBcik+ + m7ensF256uQeUw4+y/d3wVj06ARnJubdGa1zrM54ghLp6dDTULnUhPfgIbCeP+Zz + A9hlZsD+yx9ZkPmSMhaakz5dKVlx9KFy4IrS42uGCquXIZ979loZ0372MxYxmPEY + sIiuZXQcLOiJa5ajJMHS2UEkr4rCvpa/nOJ3AcEl0QbCjX1WALjPZEw9Ogrwergy + tv0d8dkXHB80DZ4sEjA7+BxB/sVrI4YpT9diTqEHNlkhjYjk6x9o0aBAIfJoyFYK + Yo2eb8SYN4qwoNbtXr5JLvT0i6thT2R+jXm9h11NIGS91x4cJc2P7eIZI2J33gsV + VOfcZ4BfJSQSbd1G12EpgzM6UlorNGMqG2DfH3XPbQ0Ez19tNlEUqlbT3dnvVA5y + kpwWDEJrZB3SDvwtHQf9/4j/jXFlMNu4GE1kcwm+a4LvGFne37atY3irv3xZ9ih4 + ygRbKfFFmxTqK3Cl2Vwxf/dsUm/P+hVF5nzROu7v7wkyU90nYp/AnpXywc4rEAVj + M8/7H6OlY59yqElJkSdsMum7HtytpsvvenQWW85Ycz+/Ti3nmYuaILgme2Q6JfA3 + c6aNRv8A31m4GIuacHNGJOi2WfJab076bYw82HnX4bVoft9i2SxjZrXr75euz/4k + jGC4A4YQnrUi4wTBiSc3jm69wb3NXHYoKHjDIwDUUI91vUOKaTO/09RlAYr5EWT3 + nekSaOu9nCrpTR6dq+yc4MktFjHBKPs2ReFKfDHkYzKiNSn5Ei9g3QhpCMF1LE19 + RDvBbFawXtH3M8JHofalwsek44eso0tWA3RzFmiH2WzSLD2UV8a2la9vIfJbMvw3 + LqunwCgC0QWtSTjh+X6H0MBKcGcie5bisKfkXQExx0cnNERDoXpe1E8g5EmJBt2B + 8anRC6thNhpAuMTB8hZy+RP9AsRBxUE9lr9oKDH3JrHRBk1S4LktuNL3Zf8UqnRO + s7hGPzr8nw5yXV61xXFmXwA0snBsNfo83XpuiWJgz2qrz6/EWLZBgnLNyq22udxl + O9EGExulbija5rmrSp1MGi7K2K2qAx06KP3C1TerpSY0BW6ZhX/4MK/WIRihDBG4 + JLg/gxX/4FES2qGmjCkW74TQDHq6B8xFuJQ3y5nD1cZBN4+VDNb1+mQbR06Zn0Sc + pDASYWimJzqxR+s/cr0a8PwoE/RdjwOYlXIOW4tDcK12Am6XRRf87cycG9ueNzhy + RwrvUJ4JMyUA5sbo2sbumAMqiytNZ7ReRVK6S5IiMpysr4/lHb2OQSPhQArDCprg + KXNgncRZsrL9VgVueVmOp45qkAkapeQ8wQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { @@ -176,5 +213,8 @@ with import <stockholm/lib>; jeschli-brauerei = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"; }; + jeschli-bolide = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGnLjnFw3OYJJy/ID9RCWHTtnVcKRfROIj1tJdJZoOWzGMY+kgyCN/WNBg7JJtCW22yU5O3ftSdN851URCBZ6FgYmcvURBxUOKPlyX5EoxUrrnbmtxJM9+OIT3Dt2RWfrqX6aEQ57nwe/qIFKo9UaoedB/FOzsw1f3U5zBxVuWVRQrsnPxkbPWHmPAGB4CvL897tb83uecDexmGZpLe/0dN4768i2nYaSwrNL+HtqZCvkEqEmnfHlmqqXhiuq83q8su/WSXAtDbUVucG3frgOir14YCbrWKf59+MugxhYOEYBqp+KME5+niFGoulg+NBW/HzH6U+DiH4RFBJhCu1Gr jeschli@bolide"; + }; }; } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0567d58ba..1634a62ac 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -3,6 +3,9 @@ with import <stockholm/lib>; { + dns.providers = { + "lassul.us" = "zones"; + }; hosts = mapAttrs (_: recursiveUpdate { owner = config.krebs.users.lass; ci = true; @@ -80,6 +83,18 @@ with import <stockholm/lib>; prism IN A ${nets.internet.ip4.addr} paste IN A ${nets.internet.ip4.addr} ''; + "lassul.us" = '' + $TTL 3600 + @ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300) + 60 IN NS ns16.ovh.net. + 60 IN NS dns16.ovh.net. + 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + 60 IN TXT v=spf1 mx -all + cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + io 60 IN NS ions.lassul.us. + ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + ''; }; nets = rec { internet = { @@ -443,7 +458,8 @@ with import <stockholm/lib>; external = true; nets = rec { internet = { - ip4.addr = "129.215.90.4"; + # eddie.thalheim.io + ip4.addr = "129.215.197.11"; aliases = [ "eddie.i" ]; }; retiolum = rec { diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index cc09313f7..8dbdc7e65 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -32,40 +32,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_rsa>; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; - ju = { - external = true; - nets = { - gg23 = { - ip4.addr = "10.23.1.144"; - aliases = [ - "ju.gg23" - ]; - }; - retiolum = { - ip4.addr = "10.243.13.39"; - ip6.addr = "42::1339"; - aliases = [ - "ju.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAy2xyuOJ/G7uuXz8SfL8mkeX/YwAqnty98/h4BGHwd4ENLt2cUtim - BUjVFIWdIMRds+4H8UtveGSeuYgRs3CpQeNuAeq20YlwoxeZgsc8mA+FP/zeN10n - OAaP/+BTLKAHQ3Ixq41vLrFXU4Ah53YhOw1LqxQG80Tcr4J8Yehx+mrdGhcDnp2p - 4QpMLtMoAn0dQ3K5muZUQzGMHamLIril8hDKkJPqBVN0DRQ2lAVcK70AcqyuFIUM - rWkG8gI7AT1bhZ3viIMX9wjpuA3BaitqIEyUCjWv2ZLy2HmTDGGfhEqNYdx/pXKt - HToZk1XPnNfopFFtOHiSh1P06VqPex6MIHpbgEf7cVlxxNUOH2qssPGbo6ulzGyo - YLeJZNP+1GxPLtyBBSiFApGdJBH8aMlQlz0vjFIdmJbIbUhSSi1TOtbQuB1SCvYO - rp9Hm9Ah0508kxLfGlmKdQ3zO3wKbmPqCjwqSGsgtHn3KZzhgr+pTwgHIKdur1VU - yW0vvj2ofyajgAb53cM77ScIHwbimkZ0/CbAVeM1z7OXOQ5ruXW/FVCZPe+clY2F - ah6UOM5FdI+AYWOhkbP1EP0DGugHs5YUgTxOMMwot1TkxD/y4CZ/ctukoWZrIHHR - vKpLhs9nWcnVXRP/trLtVl2okhs1vTYqgArgH6C0jbSXoNQbnZ+a860CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM6dL0fQ8Bd0hER0Xa3I2pAWVHdnwOBaAZhbDlLJmUu"; - }; kaepsele = { external = true; nets = { diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 78c1c6ec1..cbc62102c 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -81,6 +81,9 @@ prepare_debian() { } prepare_nixos_iso() { + _which() ( + type -p "$1" + ) mountpoint /mnt type git 2>/dev/null || nix-env -iA nixos.git diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index 518e80d0e..bcfcbf76b 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -123,7 +123,7 @@ rec { script = pkgs.writeDash "lambda-pl" '' if [ "$#" -gt 0 ]; then curl -SsL --max-time 5 "$1" | - perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)(?: - youtube)?\s*<\/title/si' + perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' fi ''; }); diff --git a/krebs/5pkgs/simple/ftb/default.nix b/krebs/5pkgs/simple/ftb/default.nix new file mode 100644 index 000000000..199c12b44 --- /dev/null +++ b/krebs/5pkgs/simple/ftb/default.nix @@ -0,0 +1,51 @@ +{ stdenv, fetchurl, makeDesktopItem +, jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm +, openjdk +, mesa, openal +, useAlsa ? false, alsaOss ? null }: +with stdenv.lib; + +assert useAlsa -> alsaOss != null; + +let + desktopItem = makeDesktopItem { + name = "minecraft"; + exec = "minecraft"; + icon = "minecraft"; + comment = "A sandbox-building game"; + desktopName = "Minecraft"; + genericName = "minecraft"; + categories = "Game;"; + }; + +in stdenv.mkDerivation { + name = "ftb"; + + src = fetchurl { + url = "http://ftb.cursecdn.com/FTB2/launcher/FTB_Launcher.jar"; + sha256 = "10ga4jgyfsj5dy4rj2rla0fpnfpnxv8r3bmxpqpwn7fsry4il79v"; + }; + + phases = "installPhase"; + + installPhase = '' + set -x + mkdir -pv $out/bin + cp -v $src $out/ftb.jar + + cat > $out/bin/ftb << EOF + #!${stdenv.shell} + + export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]} + ${if useAlsa then "${alsaOss}/bin/aoss" else "" } \ + ${jre}/bin/java -jar $out/ftb.jar + EOF + + chmod +x $out/bin/ftb + + mkdir -p $out/share/applications + ln -s ${desktopItem}/share/applications/* $out/share/applications/ + + ${openjdk}/bin/jar xf $out/ftb.jar favicon.png + ''; +} diff --git a/krebs/source.nix b/krebs/source.nix index b952aa2a2..fcc7fb74f 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -1,22 +1,25 @@ with import <stockholm/lib>; -host@{ name, secure ? false }: let +host@{ name, secure ? false, override ? {} }: let builder = if getEnv "dummy_secrets" == "true" then "buildbot" else "krebs"; _file = <stockholm> + "/krebs/1systems/${name}/source.nix"; in - evalSource (toString _file) { - nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; - secrets = getAttr builder { - buildbot.file = toString <stockholm/krebs/6tests/data/secrets>; - krebs.pass = { - dir = "${getEnv "HOME"}/brain"; - name = "krebs-secrets/${name}"; + evalSource (toString _file) [ + { + nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; + secrets = getAttr builder { + buildbot.file = toString <stockholm/krebs/6tests/data/secrets>; + krebs.pass = { + dir = "${getEnv "HOME"}/brain"; + name = "krebs-secrets/${name}"; + }; }; - }; - stockholm.file = toString <stockholm>; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "0b30c1dd4c638e318957fc6a9198cf2429e38cb5"; # nixos-17.09 @ 2018-01-04 - }; - } + stockholm.file = toString <stockholm>; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + ref = "b222a0713f4a689519686421b3fbf5ca0c9bd3da"; # nixos-17.09 @ 2018-01-23 + }; + } + override + ] diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 8ec744584..609fae3c8 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -40,6 +40,9 @@ with import <stockholm/lib>; zathura skype wine + geeqie + vlc + minecraft ]; nixpkgs.config.firefox.enableAdobeFlash = true; services.xserver.enable = true; diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index fc30a3478..f53e93f26 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -131,7 +131,6 @@ with import <stockholm/lib>; services.xserver.displayManager.sessionCommands = '' ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal - ${pkgs.systemd}/bin/systemctl start xresources.service ''; networking.hostName = lib.mkForce "BLN02NB0162"; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c231a0b10..936666a73 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -192,7 +192,7 @@ with import <stockholm/lib>; ''; }; - #nix.package = pkgs.nixUnstable; + nix.package = pkgs.nixUnstable; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" ]; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 03e9f6eeb..087aaab06 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -289,13 +289,6 @@ in { alias /var/realwallpaper/realwallpaper.png; ''; } - { - services.minecraft-server.enable = true; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 25565"; target = "ACCEPT"; } - { predicate = "-p udp --dport 25565"; target = "ACCEPT"; } - ]; - } <stockholm/krebs/2configs/reaktor-krebs.nix> <stockholm/lass/2configs/dcso-dev.nix> { @@ -307,7 +300,7 @@ in { jeschli-brauerei ]; repo = [ config.krebs.git.repos.stockholm ]; - perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ]; + perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ]; } ]; } @@ -318,6 +311,8 @@ in { RandomizedDelaySec = "2min"; }; } + <stockholm/lass/2configs/downloading.nix> + <stockholm/lass/2configs/minecraft.nix> ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 59ea0ecb7..5ca024574 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -53,6 +53,7 @@ in { time.timeZone = "Europe/Berlin"; + programs.ssh.agentTimeout = "10m"; programs.ssh.startAgent = true; services.openssh.forwardX11 = true; @@ -85,6 +86,8 @@ in { screengrab slock sxiv + timewarrior + taskwarrior termite xclip xorg.xbacklight @@ -104,15 +107,40 @@ in { xlibs.fontschumachermisc ]; - lass.xserver.enable = true; + #lass.xserver.enable = true; services.xserver = { + enable = true; layout = "us"; + display = mkForce 0; xkbModel = "evdev"; xkbVariant = "altgr-intl"; xkbOptions = "caps:backspace"; + displayManager.lightdm.enable = true; + windowManager.default = "xmonad"; + windowManager.session = [{ + name = "xmonad"; + start = '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: + ${pkgs.coreutils}/bin/sleep infinity + ''; + }]; + }; + + systemd.user.services.xmonad = { + wantedBy = [ "graphical-session.target" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + RXVT_SOCKET = "%t/urxvtd-socket"; + XMONAD_DATA_DIR = "/tmp"; + }; + serviceConfig = { + SyslogIdentifier = "xmonad"; + ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; + ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown"; + }; + restartIfChanged = false; }; - services.urxvtd.enable = true; krebs.xresources.enable = true; lass.screenlock.enable = true; } diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 9459cfd6f..cbbd54b6b 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -35,7 +35,10 @@ let useDefaultShell = true; createHome = true; }; - lass.browser.paths.${name}.path = bin; + lass.browser.paths.${name} = { + path = bin; + inherit precedence; + }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; @@ -80,6 +83,14 @@ in { browser-select ]; + programs.chromium = { + enable = true; + extensions = [ + "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin + "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium + ]; + }; + imports = [ { options.lass.browser.select = mkOption { @@ -102,8 +113,9 @@ in { ( createFirefoxUser "ff" [ "audio" ] 10 ) ( createChromiumUser "cr" [ "video" "audio" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) - ( createChromiumUser "wk" [ "video" "audio" ] ) - ( createChromiumUser "fb" [ "video" "audio" ] ) - ( createChromiumUser "com" [ "video" "audio" ] ) + ( createChromiumUser "wk" [ "video" "audio" ] 0 ) + ( createChromiumUser "fb" [ "video" "audio" ] 0 ) + ( createChromiumUser "com" [ "video" "audio" ] 0 ) + ( createChromiumUser "fin" [] (-1) ) ]; } diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index cd10313fc..56c091a6e 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -19,9 +19,9 @@ let ${pkgs.copyq}/bin/copyq config text_wrap true ''; in { - systemd.services.copyq = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; + systemd.user.services.copyq = { + wantedBy = [ "graphical-session.target" ]; + requires = [ "xmonad.service" ]; environment = { DISPLAY = ":${toString config.services.xserver.display}"; }; @@ -35,7 +35,6 @@ in { Restart = "always"; RestartSec = "15s"; StartLimitBurst = 0; - User = "lass"; }; }; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index c68aee330..5a5f1b347 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,11 +2,12 @@ with import <stockholm/lib>; { config, pkgs, ... }: { imports = [ - ../2configs/binary-cache/client.nix - ../2configs/gc.nix - ../2configs/mc.nix - ../2configs/vim.nix - ../2configs/monitoring/client.nix + ./binary-cache/client.nix + ./gc.nix + ./mc.nix + ./vim.nix + ./monitoring/client.nix + ./zsh.nix ./htop.nix ./backups.nix ./security-workarounds.nix diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 94191fcb7..0219f5216 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -54,6 +54,11 @@ with import <stockholm/lib>; { from = "bitstamp@lassul.us"; to = lass.mail; } { from = "bitcoin.de@lassul.us"; to = lass.mail; } { from = "ableton@lassul.us"; to = lass.mail; } + { from = "dhl@lassul.us"; to = lass.mail; } + { from = "sipgate@lassul.us"; to = lass.mail; } + { from = "coinexchange@lassul.us"; to = lass.mail; } + { from = "verwaltung@lassul.us"; to = lass.mail; } + { from = "gearbest@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 6cea271c1..50362cda4 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -73,6 +73,10 @@ in { extraGroups = [ "audio" "video" "input" "loot" ]; createHome = true; useDefaultShell = true; + packages = with pkgs; [ + ftb + minecraft + ]; }; }; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 4a2199b39..1fe87c666 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -81,7 +81,7 @@ let server = "irc.r"; verbose = config.krebs.build.host.name == "prism"; # TODO define branches in some kind of option per repo - branches = [ "master" "staging*" ]; + branches = [ "master" ]; }; }; }; @@ -100,7 +100,7 @@ let nick = config.krebs.build.host.name; channel = "#xxx"; server = "irc.r"; - verbose = true; + verbose = false; # TODO define branches in some kind of option per repo branches = [ "master" "staging*" ]; }; diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 962efaf3f..7c58e8c5f 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -1,3 +1,4 @@ +with import <stockholm/lib>; { pkgs, ... }: let @@ -19,6 +20,14 @@ let text/html; ${pkgs.elinks}/bin/elinks -dump ; copiousoutput; ''; + mailboxes = { + wireguard = [ "wireguard@lists.zx2c4" ]; + c-base = [ "c-base.org" ]; + security = [ "seclists.org" "security" "bugtraq" ]; + nix-devel = [ "nix-devel@googlegroups.com" ]; + shack = [ "shackspace.de" ]; + }; + muttrc = pkgs.writeText "muttrc" '' # gpg source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc @@ -72,22 +81,15 @@ let ''} %r |" virtual-mailboxes \ - "Unread" "notmuch://?query=tag:unread"\ - "INBOX" "notmuch://?query=tag:inbox \ - and NOT to:nix-devel\ - and NOT to:shackspace\ - and NOT to:security\ - and NOT to:c-base" \ - "shack" "notmuch://?query=to:shackspace"\ - "c-base" "notmuch://?query=to:c-base"\ - "security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\ - "nix" "notmuch://?query=to:nix-devel"\ - "radio" "notmuch://?query=to:radio or tag:radio"\ - "TODO" "notmuch://?query=tag:TODO"\ - "Starred" "notmuch://?query=tag:*"\ - "Archive" "notmuch://?query=tag:archive"\ - "Sent" "notmuch://?query=tag:sent"\ - "Junk" "notmuch://?query=tag:junk" + "Unread" "notmuch://?query=tag:unread"\ + "INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT to:${f}") (flatten (attrValues mailboxes))}"\ + ${concatMapStringsSep "\n" (i: ''${" "}"${i.name}" "notmuch://?query=${concatMapStringsSep " or " (f: "to:${f}") i.value}"\'') (mapAttrsToList nameValuePair mailboxes)} + "BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT to:${f}") (flatten (attrValues mailboxes))}"\ + "TODO" "notmuch://?query=tag:TODO"\ + "Starred" "notmuch://?query=tag:*"\ + "Archive" "notmuch://?query=tag:archive"\ + "Sent" "notmuch://?query=tag:sent"\ + "Junk" "notmuch://?query=tag:junk" tag-transforms "junk" "k" \ "unread" "u" \ diff --git a/lass/2configs/minecraft.nix b/lass/2configs/minecraft.nix new file mode 100644 index 000000000..aa33dcccc --- /dev/null +++ b/lass/2configs/minecraft.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: + +{ + users.users = { + mc = { + name = "mc"; + description = "user playing mc"; + home = "/home/mc"; + createHome = true; + useDefaultShell = true; + packages = with pkgs; [ + tmux + ]; + }; + }; + krebs.per-user.mc.packages = [ pkgs.jdk ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 25565"; target = "ACCEPT"; } + { predicate = "-p udp --dport 25565"; target = "ACCEPT"; } + ]; +} diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 7f531bf3a..a83d51f1d 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -118,6 +118,7 @@ in { if test $(timeLeft) -le $LIMIT; then ${add_random}/bin/add_random fi + ${pkgs.mpc_cli}/bin/mpc play > /dev/null ''; in { description = "radio playlist autoadder"; diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 4d33aa79d..add30fbf1 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -1,5 +1,6 @@ { config, lib, pkgs, ... }: { + environment.systemPackages = [ pkgs.fzf ]; programs.zsh = { enable = true; shellInit = '' @@ -7,10 +8,8 @@ zsh-newuser-install() { :; } ''; interactiveShellInit = '' - #unsetopt nomatch setopt autocd extendedglob bindkey -e - zstyle :compinstall filename '/home/lass/.zshrc' #history magic bindkey "[A" up-line-or-local-history @@ -39,8 +38,11 @@ zle -N edit-command-line bindkey "^X^E" edit-command-line + #fzf inclusion + source ${pkgs.fzf}/share/fzf/completion.zsh + source ${pkgs.fzf}/share/fzf/key-bindings.zsh + #completion magic - fpath=(~/.zsh/completions $fpath) autoload -Uz compinit compinit zstyle ':completion:*' menu select @@ -48,14 +50,16 @@ #enable automatic rehashing of $PATH zstyle ':completion:*' rehash true - - #eval $( dircolors -b ~/.LS_COLORS ) - - # export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -' + eval $(dircolors -b ${pkgs.fetchFromGitHub { + owner = "trapd00r"; + repo = "LS_COLORS"; + rev = "master"; + sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp"; + }}/LS_COLORS) #beautiful colors alias ls='ls --color' - zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} + # zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} #emacs bindings bindkey "[7~" beginning-of-line @@ -66,27 +70,8 @@ #aliases alias ll='ls -l' alias la='ls -la' - alias pinginet='ping 8.8.8.8' - alias du='du -hd1' - alias qiv="qiv -f -m" - alias zshres="source ~/.zshrc" #fancy window title magic - case $TERM in - (*xterm* | *rxvt*) - - # Write some info to terminal title. - # This is seen when the shell prompts for input. - function precmd { - print -Pn "\e]0;%(1j,%j job%(2j|s|); ,)%~\a" - } - # Write command and args to terminal title. - # This is seen while the shell waits for a command to complete. - function preexec { - printf "\033]0;%s\a" "$1" - } - ;; - esac ''; promptInit = '' # TODO: figure out why we need to set this here @@ -97,26 +82,59 @@ autoload -U promptinit promptinit - error='%(?..%F{red}%?%f )' + p_error='%(?..%F{red}%?%f )' + t_error='%(?..%? )' case $UID in 0) - username='%F{red}root%f ' + p_username='%F{red}root%f' + t_username='root' ;; 1337) - username="" + p_username="" + t_username="" ;; *) - username='%F{blue}%n%f ' + p_username='%F{blue}%n%f' + t_username='%n' ;; esac if test -n "$SSH_CLIENT"; then - PROMPT="$error$username@%F{magenta}%M%f %~ " + p_hostname='@%F{magenta}%M%f ' + t_hostname='@%M ' else - PROMPT="$error$username%~ " + p_hostname="" + t_hostname="" fi + + #check if in nix shell + if test -n "$buildInputs"; then + p_nixshell='%F{green}[s]%f ' + t_nixshell='[s] ' + else + p_nixshell="" + t_nixshell="" + fi + + PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ " + TITLE="$t_error$t_username$t_hostname$t_nixshell%~" + case $TERM in + (*xterm* | *rxvt*) + function precmd { + PROMPT_EVALED="$(print -P $TITLE)" + echo -ne "\033]0;$$ $PROMPT_EVALED\007" + } + # This is seen while the shell waits for a command to complete. + function preexec { + PROMPT_EVALED="$(print -P $TITLE)" + echo -ne "\033]0;$$ $PROMPT_EVALED $1\007" + } + ;; + esac ''; }; - users.users.mainUser.shell = "/run/current-system/sw/bin/zsh"; + environment.shellAliases.ns = "nix-shell --command zsh"; + + users.defaultUserShell = "/run/current-system/sw/bin/zsh"; } diff --git a/lass/source.nix b/lass/source.nix index 46c6d31dc..e3332c5de 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -8,10 +8,7 @@ in evalSource (toString _file) [ { nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; - nixpkgs.git = { - url = https://github.com/nixos/nixpkgs; - ref = "d202e30"; - }; + nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs; secrets = getAttr builder { buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>; lass.pass = { diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index f473d9e4c..a656fdce3 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -109,6 +109,8 @@ in { #} { # wireguard server + # opkg install wireguard luci-proto-wireguard + # TODO: networking.nat # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; @@ -136,9 +138,23 @@ in { allowedIPs = [ "10.244.0.3/32" ]; publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } ]; }; } + { # iperf3 + networking.firewall.allowedUDPPorts = [ 5201 ]; + networking.firewall.allowedTCPPorts = [ 5201 ]; + } ]; makefu.dl-dir = "/var/download"; diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 3686acb6e..a32db91e1 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -61,7 +61,7 @@ with import <stockholm/lib>; <stockholm/makefu/2configs/hw/tp-x230.nix> <stockholm/makefu/2configs/hw/rtl8812au.nix> <stockholm/makefu/2configs/hw/wwan.nix> - # <stockholm/makefu/2configs/hw/stk1160.nix> + <stockholm/makefu/2configs/hw/stk1160.nix> # <stockholm/makefu/2configs/rad1o.nix> # Filesystem @@ -86,6 +86,7 @@ with import <stockholm/lib>; nixpkgs.config.allowUnfree = true; + environment.systemPackages = [ pkgs.passwdqc-utils ]; # configure pulseAudio to provide a HDMI sink as well @@ -103,7 +104,4 @@ with import <stockholm/lib>; ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; - - nix.package = pkgs.nixUnstable; - environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; } diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix index 9e16a384a..ecbca9ea3 100644 --- a/makefu/2configs/deployment/photostore.krebsco.de.nix +++ b/makefu/2configs/deployment/photostore.krebsco.de.nix @@ -26,14 +26,16 @@ in { services.nginx = { enable = mkDefault true; virtualHosts."photostore.krebsco.de" = { - locations = { - "/".extraConfig = '' - uwsgi_pass unix://${wsgi-sock}; - uwsgi_param UWSGI_CHDIR ${workdir}; - uwsgi_param UWSGI_MODULE cuserver.main; - uwsgi_param UWSGI_CALLABLE app; - include ${pkgs.nginx}/conf/uwsgi_params; - ''; + enableACME = true; + forceSSL = true; + locations = { + "/".extraConfig = '' + uwsgi_pass unix://${wsgi-sock}; + uwsgi_param UWSGI_CHDIR ${workdir}; + uwsgi_param UWSGI_MODULE cuserver.main; + uwsgi_param UWSGI_CALLABLE app; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; }; }; }; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index da246f66a..eacbd99cf 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -53,15 +53,6 @@ let make-krebs-repo = with git; name: { cgit ? {}, ... }: { inherit cgit name; public = true; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - nick = config.networking.hostName; - verbose = config.krebs.build.host.name == "gum"; - channel = "#xxx"; - # TODO remove the hardcoded hostname - server = "irc.r"; - }; - }; }; diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix new file mode 100644 index 000000000..4ac639a25 --- /dev/null +++ b/makefu/2configs/hw/stk1160.nix @@ -0,0 +1,13 @@ +{ pkgs, lib, ... }: +{ + # TODO: un-pin linuxPackages somehow + nixpkgs.config.packageOverrides = pkgs: { + linux_4_14 = pkgs.linux_4_14.override { + extraConfig = '' + MEDIA_ANALOG_TV_SUPPORT y + VIDEO_STK1160_COMMON m + VIDEO_STK1160 m + ''; + }; + }; +} diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 59619f9b5..6598393a2 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -297,7 +297,7 @@ let { viminfo = "$HOME/.cache/vim/info"; }; - mkdirs = let + need-dirs = let dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); in assert out != ""; out; alldirs = attrValues dirs ++ map dirOf (attrValues files); @@ -308,7 +308,7 @@ let { paths = [ (pkgs.writeDashBin "vim" '' set -efu - (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString need-dirs}) exec ${pkgs.vim}/bin/vim "$@" '') pkgs.vim |