diff options
91 files changed, 1112 insertions, 894 deletions
diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix index d859833ac..49b814793 100644 --- a/jeschli/1systems/bolide/config.nix +++ b/jeschli/1systems/bolide/config.nix @@ -14,6 +14,7 @@ in <stockholm/jeschli/2configs/urxvt.nix> <stockholm/jeschli/2configs/i3.nix> <stockholm/jeschli/2configs/emacs.nix> + <stockholm/jeschli/2configs/rust.nix> ]; krebs.build.host = config.krebs.hosts.bolide; diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix index 2eefb23fb..b56b76acb 100644 --- a/jeschli/1systems/reagenzglas/config.nix +++ b/jeschli/1systems/reagenzglas/config.nix @@ -1,23 +1,11 @@ { config, pkgs, ... }: -with pkgs; -let - rebuild_script = pkgs.writeTextFile { - name="rebuild"; - text='' - #!/usr/bin/env sh - set -eu - sudo cp -r /etc/nixos ~/old-nixos - sudo cp -r $HOME/nixos /etc/ - sudo nixos-rebuild switch - ''; - executable=true; - }; -in + { imports = [ <stockholm/jeschli> <stockholm/jeschli/2configs/emacs.nix> + <stockholm/jeschli/2configs/python.nix> ./desktop.nix ./i3-configuration.nix ./hardware-configuration.nix @@ -27,7 +15,7 @@ in boot.loader.systemd-boot.enable = true; # Wireless network with network manager - krebs.build.host = config.krebs.hosts.brauerei; + krebs.build.host = config.krebs.hosts.reagenzglas; # networking.hostName = "nixos"; # Define your hostname. networking.networkmanager.enable = true; @@ -49,14 +37,9 @@ in wget vim git firefox rofi + ag ]; - # How I rebuild the system - environment.shellAliases = { - rebuild = rebuild_script; - }; - - # Define a user account. Don't forget to set a password with ‘passwd’. users.users.ombi = { isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index bc9cfdb4b..d243017f1 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -1,6 +1,14 @@ { config, pkgs, ... }: let + pkgsWithOverlay = import <nixpkgs-unstable> { + overlays = [ + (import (builtins.fetchTarball { + url = https://github.com/nix-community/emacs-overlay/archive/master.tar.gz; + })) + ]; + }; + orgAgendaView = import ./emacs-org-agenda.nix; packageRepos = '' @@ -47,6 +55,9 @@ let magit = '' (global-set-key (kbd "C-x g") 'magit-status) ; "Most Magit commands are commonly invoked from the status buffer" + + (with-eval-after-load 'magit + (require 'forge)) ''; windowCosmetics = '' @@ -145,8 +156,6 @@ let (global-set-key (kbd "<f8>") 'delete-other-windows) ''; - - dotEmacs = pkgs.writeText "dot-emacs" '' ${packageRepos} @@ -164,9 +173,11 @@ let ${myFunctionKeys} ''; - emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ + #emacsWithCustomPackages + emacsPkgs= epkgs: [ #testing epkgs.melpaPackages.gitlab + epkgs.melpaPackages.forge # emacs convenience epkgs.melpaPackages.ag @@ -177,7 +188,7 @@ let epkgs.melpaPackages.monokai-alt-theme # development - epkgs.melpaStablePackages.magit + epkgs.melpaPackages.magit epkgs.melpaPackages.nix-mode epkgs.melpaPackages.go-mode epkgs.melpaPackages.haskell-mode @@ -196,20 +207,26 @@ let epkgs.melpaPackages.org-mime epkgs.elpaPackages.which-key - ]); + ]; +emacsWithOverlay = (pkgsWithOverlay.emacsWithPackagesFromUsePackage { + config = builtins.readFile dotEmacs; # builtins.readFile ./emacs.el; + # Package is optional, defaults to pkgs.emacs + package = pkgsWithOverlay.emacsGit; + # Optionally provide extra packages not in the configuration file + extraEmacsPackages = emacsPkgs; + }); myEmacs = pkgs.writeDashBin "my-emacs" '' - exec ${emacsWithCustomPackages}/bin/emacs -q -l ${dotEmacs} "$@" + exec ${emacsWithOverlay}/bin/emacs -q -l ${dotEmacs} "$@" ''; myEmacsWithDaemon = pkgs.writeDashBin "my-emacs-daemon" '' - exec ${emacsWithCustomPackages}/bin/emacs -q -l ${dotEmacs} --daemon + exec ${emacsWithOverlay}/bin/emacs -q -l ${dotEmacs} --daemon ''; myEmacsClient = pkgs.writeDashBin "meclient" '' - exec ${emacsWithCustomPackages}/bin/emacsclient --create-frame + exec ${emacsWithOverlay}/bin/emacsclient --create-frame ''; - in { environment.systemPackages = [ myEmacs myEmacsWithDaemon myEmacsClient diff --git a/jeschli/2configs/python.nix b/jeschli/2configs/python.nix new file mode 100644 index 000000000..0c32e1fc8 --- /dev/null +++ b/jeschli/2configs/python.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + python37 + python37Packages.pip + pipenv + ]; +} diff --git a/jeschli/2configs/rust.nix b/jeschli/2configs/rust.nix new file mode 100644 index 000000000..dbd90ebf5 --- /dev/null +++ b/jeschli/2configs/rust.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + rustup + ]; +} diff --git a/jeschli/krops.nix b/jeschli/krops.nix index 30b06c1e6..9a8a76676 100644 --- a/jeschli/krops.nix +++ b/jeschli/krops.nix @@ -29,9 +29,9 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = pkgs.krops.writeDeploy "${name}-deploy" { + deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" { source = source { test = false; }; - target = "root@${name}/var/src"; + inherit target; }; # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 6321b6cc4..6493c6df4 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -14,6 +14,8 @@ <stockholm/krebs/2configs/news.nix> <stockholm/krebs/2configs/news-spam.nix> <stockholm/krebs/2configs/shack/prometheus/node.nix> + <stockholm/krebs/2configs/shack/prometheus/server.nix> + <stockholm/krebs/2configs/shack/prometheus/unifi.nix> <stockholm/krebs/2configs/shack/gitlab-runner.nix> ## Collect local statistics via collectd and send to collectd diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 6e53637e6..e47c43fe1 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -62,9 +62,9 @@ in <stockholm/krebs/2configs/shack/netbox.nix> # prometheus.shack - <stockholm/krebs/2configs/shack/prometheus/server.nix> + #<stockholm/krebs/2configs/shack/prometheus/server.nix> <stockholm/krebs/2configs/shack/prometheus/node.nix> - <stockholm/krebs/2configs/shack/prometheus/unifi.nix> + #<stockholm/krebs/2configs/shack/prometheus/unifi.nix> # grafana.shack <stockholm/krebs/2configs/shack/grafana.nix> diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix index da5cac36d..578bb0750 100644 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ b/krebs/2configs/shack/glados/multi/wasser.nix @@ -12,7 +12,7 @@ let retain = false; qos = 1; }; - seconds = 30; + seconds = 20; in { switch = [ diff --git a/krebs/2configs/shack/mqtt_sub.nix b/krebs/2configs/shack/mqtt_sub.nix index a8427dde4..bd0b6df85 100644 --- a/krebs/2configs/shack/mqtt_sub.nix +++ b/krebs/2configs/shack/mqtt_sub.nix @@ -29,6 +29,8 @@ in { User = "nobody"; ExecStart = "${pkg}/bin/sub-new"; PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; }; }; } diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix index 19768cb2e..33f6b8c89 100644 --- a/krebs/2configs/shack/muell_caller.nix +++ b/krebs/2configs/shack/muell_caller.nix @@ -33,9 +33,10 @@ in { chown nobody /tmp/tell.json ''; ExecStart = "${pkg}/bin/call-muell --cfg /tmp/tell.json --mode mpd loop 60"; - Restart = "always"; PrivateTmp = true; PermissionsStartOnly = true; + Restart = "always"; + RestartSec = "15"; }; }; } diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 39d49918d..5ae80d780 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -6,7 +6,7 @@ let url = "https://git.shackspace.de/rz/muell_mail"; rev = "861ec25ab22797d8961efb32e72d79e113aa9f0f"; sha256 = "sha256:18cw95zbr7isv4cw80cbpd84n5z208fwh5390i6j10jkn398mjq2"; - }) {}; + }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; home = "/var/lib/muell_mail"; cfg = toString <secrets/shack/muell_mail.js>; in { @@ -26,8 +26,9 @@ in { WorkingDirectory = home; PermissionsStartOnly = true; ExecStart = "${pkg}/bin/muell_mail"; - Restart = "always"; PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; }; }; } diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index 1e6843bdf..9168c9ba7 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -36,8 +36,9 @@ in { ''; WorkingDirectory = home; ExecStart = "${pkg}/bin/muellshack"; - Restart = "always"; PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; }; }; } diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 63772f182..8cf0007b8 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -46,8 +46,9 @@ in { ''; WorkingDirectory = home; ExecStart = "${pkg}/bin/node-light"; - Restart = "always"; PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; }; }; } diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index af3f129c1..4118e7a72 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -22,8 +22,9 @@ in { serviceConfig = { User = "powermeter"; ExecStart = "${pkg}/bin/powermeter-serial2mqtt"; - Restart = "always"; PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; }; }; @@ -33,8 +34,9 @@ in { serviceConfig = { User = "powermeter"; ExecStart = "${pkg}/bin/powermeter-mqtt2socket"; - Restart = "always"; PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; }; }; diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix index 12f757e89..7f6f38610 100644 --- a/krebs/2configs/shack/prometheus/server.nix +++ b/krebs/2configs/shack/prometheus/server.nix @@ -28,7 +28,6 @@ "-storage.local.index-cache-size.label-name-to-label-values 2097152" "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040" ]; - alertmanagerURL = [ "http://localhost:9093" ]; rules = [ '' ALERT node_down @@ -161,6 +160,12 @@ ]; } ]; + alertmanagers = [ + { scheme = "http"; + path_prefix = "/"; + static_configs = [ { targets = [ "localhost:9093" ]; } ]; + } + ]; alertmanager = { enable = true; listenAddress = "0.0.0.0"; diff --git a/krebs/2configs/shack/radioactive.nix b/krebs/2configs/shack/radioactive.nix index 566146d6e..286a73aae 100644 --- a/krebs/2configs/shack/radioactive.nix +++ b/krebs/2configs/shack/radioactive.nix @@ -27,9 +27,10 @@ in { serviceConfig = { User = "nobody"; # TODO separate user ExecStart = "${pkg}/bin/radioactive-add-many loop 60"; - Restart = "always"; PrivateTmp = true; PermissionsStartOnly = true; + Restart = "always"; + RestartSec = "15"; }; }; } diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 94a509520..4892a8723 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -164,7 +164,7 @@ let client_max_body_size 32M; ''; locations = { - "/".extraConfig = "proxy_set_header Host $http_host;"; + "/".extraConfig = "proxy_set_header Host $host;"; "/".proxyPass = "http://unix:${server.workDir}/gunicorn-${name}.sock"; "/static/".extraConfig = '' alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 244de1a0d..cbf24effe 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -27,7 +27,7 @@ let hostname = config.networking.hostName; getJobs = pkgs.writeDash "get_jobs" '' set -efu - ${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix >&2 + ${pkgs.nix}/bin/nix-build --no-out-link --quiet --show-trace -Q ./ci.nix >&2 json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" echo "$json" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \ | while read -r host builder; do diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index f12dda097..1546cac62 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -426,20 +426,19 @@ in { ip4.addr = "10.243.29.175"; aliases = [ "qubasa.r" ]; tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ioASTOx6Vndp316u89Z - f+9WgfyVGw9deP2pQjoHnsPjBqRrsDCQGFO/U1ILQn0AWskQpHWHRir7Q6cI90jm - 8MqqGVymVFbeYbrOLHLjp+2fle9iU9DfST4O76TQwF/3elLf3tpGFS8EB+qF3Ig7 - aVOf5TuHPWWj6VtGTuWW9I8MsPnNykyRstlWXEztIs2zQrc0cO1IGd1QVarDGqTs - KR4Zm7PvF7U193NzPLaH6jcdjF37FETLrNxAu88M+YnvXBp4oRHeJmvBloazpH0v - aSb3+vNRlViMSlf9ImpAHlFRyvYYDAWlIY0nyeNUJna1ImGloSStLtBAhFAwc65j - kmrXeK3TVAoGZQOvSbjFmI/nBgfHEOnz/9aRVHGUNoQ/nAM6UhALFEZV6sdjX6W4 - 3p670DEO5fiI3fqqErkscbv8zSEjfmxV4YGMXVMw8Ub87fGwQEF17uDLeqD0k9AB - 7umwrWP53YffauAqinma0I6RcLRVRfJ2vhyBH1mKwAAW55WU6DpBTydy46kxy/Oz - k9Cnxw7oMydUAAdnf5Axgs+dcx43lnXvGsoHi4lZycYhqtPe2YI152HAbGfmrixV - Slzh8aiinBkLYW2VzJNTRmHvB3njjeua4/guXwe00G7MIs3UDMIieJNcVxb+E07v - vF2rqhqU9b+1MQRhIPsBf4cCAwEAAQ== - -----END PUBLIC KEY----- + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA65g1Xql+S+Dd90uDpSVxzGRTL8n4DHc1p9T8u9h7ioytC9B+e2dQ + RU/y3gdJ0gXxrbth36MhTANuUonnqpHvsWwUDCQRbxLEFh8avlzLsecWvwrIt3zL + 102EaVurRySUa83D6TK8ZsDa2+ADY7tEzfFMJhT53g7MpBNIeOquB0rR6hVYBbHc + 3B+QtwdM8dx1gO/5+FsPYhJbR7ARczYHsj7Eyb8NbdzthEO0ICDgwzmcXTJfVHGR + qfT7DUolXsu7uSPMLB+Pe/leI7XcQ2VFukpVGP0fZv0mSMxavFlcFVkLgdbAEd2H + DPEBEcJpLR4Hw3HlO1kPPufaUdoeNhUmTkIp76mkCbanS1P/aFNFFcVB+a/+tpdK + z5pG8K3qANg5txp6sAatPchvkeQelIg11lvT9luc+nFsTEW6Ky5nDLo60luZVFnn + i1bdVeOojXR0u7M2gMqQZcSuscvy8APe48S8vPsqoiob1l/r77B7iNrWDwH8IutW + u8fpC64CbhlR76Orp3xTZPmJQCRT8XYpKDDoq5Z7prdlAEz3U6wEfVckVv+f1dmU + odG0zDTsmyKhkWWmZbPgPrOEUvAVoSpSLSQQxPR+UHArlgYe+2dAf8IHYqrgmhuO + D4Lga4nNwTyVbCZ8vUu5b/lnGCLpNcVj22WVQTdAJzNsCVTdIM2V5hcCAwEAAQ== + -----END RSA PUBLIC KEY----- ''; }; }; diff --git a/krebs/3modules/external/palo.nix b/krebs/3modules/external/palo.nix index 05808714c..e81dd9b58 100644 --- a/krebs/3modules/external/palo.nix +++ b/krebs/3modules/external/palo.nix @@ -28,31 +28,30 @@ in { }; }; }; - kruck = { + schasch = { owner = config.krebs.users.palo; nets = { retiolum = { - ip4.addr = "10.243.23.3"; + ip4.addr = "10.243.23.2"; tinc.port = 720; - aliases = [ - "kruck.r" - "video.kruck.r" - ]; + aliases = [ "schasch.r" ]; tinc.pubkey = tinc-for "palo"; }; }; + syncthing.id = "FLY7DHI-TJLEQBJ-JZNC4YV-NBX53Z2-ZBRWADL-BKSFXYZ-L4FMDVH-MOSEVAQ"; }; - schasch = { + sterni = { owner = config.krebs.users.palo; nets = { retiolum = { - ip4.addr = "10.243.23.2"; + ip4.addr = "10.243.23.3"; tinc.port = 720; - aliases = [ "schasch.r" ]; + aliases = [ + "sterni.r" + ]; tinc.pubkey = tinc-for "palo"; }; }; - syncthing.id = "FLY7DHI-TJLEQBJ-JZNC4YV-NBX53Z2-ZBRWADL-BKSFXYZ-L4FMDVH-MOSEVAQ"; }; workhorse = { owner = config.krebs.users.palo; @@ -79,9 +78,7 @@ in { }; users = { palo = { - }; - palo-pepe = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCe3j1dk8o7e0cFn+RepOjdeYcS0YcG0d6NnsMoq8pjqzLRuvOVN4CmsuRo4UJtWOUVv8kIWLcegks2RXbKOSTFAnvEIpPlSmL3BgvFGmUiOmPw1w93yxdVnfd9kJ6SBNuS+kFspKPvOEV9yVpjTywKZ0qKWjRd89Vz2+8aFJ/R3hyE+YqpzlzYbrucEIXbEWESqnzrx61NrWwd1ueHj0RYMDBjIJjVfIIK3W32vQ//pYJio1di0PpOPK2Ya0yugSixymuQBvzCgaedVeLdJ0k1d7d5iVb4LjCR8zg0Jnf1RLfpqRrFYwMJpwuhtIEevfNrhzqZA58QgHO6iOg50FeaD5k1rlWfoOvX2rcV5iqCC9jClIfMKzePdm+MeVorBXp+bflOhyPJG+Qrz6NTE9Ohe5A71Z0bBa96MEoW1hyrLCn0+z+Cx5kt7n2QzAAa/VPNjRDZeHbsu26MrvViEoh+FcPqx4DUIUaDRs/TNIvMGAl14E6gur68AI01a0PZJ/gnqZeOJKuyz4pKT0nIcg0EvkjXM2uEJ9m8h4IBAqTUYMZYm7iJBfpbwT6ePxFfah4q960orBUwW87CyPu/wDGmDblQ7dpkuw+skpzNgOGzerDyGAGKOsjGfYZpqsv9303S2f7884NAIK1ohgpMELytEYpY4YNi2KQYfHhgoQRJ5w== palo@pepe"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBYNJVuyyZmc2pCkLWjhl0/hMMb7elmI81/9LAGtk8Tz4TmVderTMohwQkaTYznwPOPuKfU1sSMLCB8rYXdAO5nqWC4bGjXJ/+D8/UKfGjSqRQ7UkfpOF3NAm+pqUSFjaVXi1BWd+jxmsD0uRks0PyNSywZfgjn5LYpD3SpxyFy/17P/PJ9vX6PELjeYvNGH3l5cXDwYky3ZZJol7quBJ5yrA6I536A4wNDzg2ow+MRVu51/nIJdnbbsC/dDHgmdRWnStOzvsA+xSEMeKvLW3CaSPINr/bMGxOPrefr79bg59gkw9Wxp51fkx0o18N1liTRfWXau+GFNGMxFluELhfGXYOH9HLedLt8H38zs5vgJ9IY+tlOzMKud5njiNkuG503AiqY2H7coN7VeVA5+6L7tmwFbCMhPal4MS0VKHNBmCTDY5QMURYUajKiUh8n5IcbuTsPM+lEszm16g5iB+XQ1vpjza5ds6DRL1H6pUF/UpUzYUlqh2RnE+CyLsFO2MB/o72NoSWRfmn7/nsg6eEg/9kSn+dwj2ythjuEkMG28Yhm/XjaGnuAE/ZpIeRDozIQNGcHpzPHMd95olfNJW7+fLi+CvSFZa9l+tdS8PoRnCdHOsO4zvESJZ2rDn0Zt0Az6XNRJfYTABDlYPGCnWN4vmlnEJqQARSSiKBDhSgPw== palo@workout"; }; }; } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 78f3542fa..dc5c9ca3c 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -602,42 +602,6 @@ in { ci = false; syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; }; - morpheus = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.0.19"; - ip6.addr = r6 "012f"; - aliases = [ - "morpheus.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY - T7yWiKaUuBJThWged9PdPltLUEMmv+ubQqpWHZq442VWSS36r1yMSGpUeKK+oYMN - /Sfu+1yC4m2uXno95wpJZIcDfbbn26jT6ldJ4Yd97zyrXKljvcdrz3wZzQq0tojh - S5Q59x/aQMJbnQpnlFnMIEVgULuFPW16+vPGsXIPdYNggaF1avcBaFl8i3M0EZVz - Swn4hArDynDJhR7M0QdlwOpOh7O+1iOnmXqqei3LxMVHb+YtzfHgxOPxggUsy7CR - bj9uBR9loGwgmZwaxXd1Vfbw8kn/feOb9FcW73u+SZyzwEA9HFRV0jGQe3P9mGfI - Bwe02DOTVXEB8jTAGCw5T3bXLIOX8kqdlCECuAWFfrt8H+GjZDuGUWRcMn32orMz - sMvkab95ZOHK6Q31mrhILOIOdyZWKPZIabL3HF6CZtu52h6MDHbmGS0w0OJYhj2+ - VnT9ZBoaeooVg8QOE43rCXvmL5vzhLKrj4s/53wTGG5SpzLs9Q9rrJVgAnz4YQ7j - 3Ov5q3Zxyr+vO6O7Pb5X49vCQw/jzK41S0/15GEmKcoxXemzeZCpX1mbeeTUtLvA - U7OJwldrElzictBJ1gT94L4BDvoGZVqAkXJCJPamfsWaiw6SsMqtTfECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - wiregrill = { - ip6.addr = w6 "012f"; - aliases = [ - "morpheus.w" - ]; - wireguard.pubkey = "BdiIHJjJQThmZD8DehxPGA+bboBHjljedwaRaV5yyDY="; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f "; - }; hilum = { cores = 1; nets = { @@ -681,6 +645,11 @@ in { }; users = rec { lass = lass-blue; + lass-yubikey = { + mail = lass.mail; + pubkey = builtins.readFile ./ssh/yubikey.rsa; + pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp; + }; lass-blue = { mail = "lass@blue.r"; pubkey = builtins.readFile ./ssh/blue.rsa; diff --git a/krebs/3modules/lass/pgp/yubikey.pgp b/krebs/3modules/lass/pgp/yubikey.pgp new file mode 100644 index 000000000..0c7791ce8 --- /dev/null +++ b/krebs/3modules/lass/pgp/yubikey.pgp @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF2iTTQBEAChyVXMTAd7NWUHV1iepW+ZjvCedpr5AQR7kT6btSYPJCjiCNEy +aCesw0OFyodQDhEZhKldBdvCnvTxKF/GtBuSKrvFhm7uxJgtT7/VS82IB57Ezmog +3AaX95D7tRHKf0I0coWKk+5Yaq2SpNyjTYmG65y93/Hf1PMt4v+oySGfEz/f+R4P +rsyIJBfpXOyVKwd7zy4Hj0mqzbsNy9aP7Fk3zMUv+M3A0D33XCd+dm/ogzQpI4vw +xlzd5my5R+b7uGwrCHZg9Egp4gbeSChgQc/5ZIcYrUncVVP6OMAjlHfdJFQEOmru +eLtuoXwSSSlU8c85O2PV/1/ClkrGGn2zT+UmKnOz1RK405MCOB35wkyboZ4efk2m +28LVoYRaoN1yTW7c3CsHpOAIXLsP91LmcHmRI59UHAkNmtlZKS95titv6Dwe3yZj +iyOE7McfxpxR0K9P3vUSr42XRYHLJFQuZDCDeReMomGzy8X9EQhUi0cH1BcfZfSD +dvcXC9IWpdWickU2wFkDkTECSyJTbC4JPpTQQtj/LAP+zya3tdobnpPn9Msj99WX +yLFkKUGWy9yxmDRYst6ErAZMY84J+dqZkm+mLQw9x1jKWIVZDNlwP+Jrz7VMqc1g +S2gg1BVl6Nts8Z7foZV6w5IYLr7g3noUm7+NhD83jKTJw8AsHU5RIaJnwwARAQAB +tB1sYXNzdWx1cyA8bGFzc3VsdXNAbGFzc3VsLnVzPokCTAQTAQoANhYhBNvNdXhG +Bps5LqlAHWZXvoqNHugHBQJdok00AhsBBAsJCAcEFQoJCAUWAgMBAAIeAQIXgAAK +CRBmV76KjR7oB3AdD/0TaW3wUWaUhNr5B3clDrTOHL94Ztzsg/Xjr1b/KT1sygad +WAanuwGvdmFr4x+eshrTijIXmh5giBwi+QnG7+VX2hlOKuJ+j+0zR2n7i4KVwAuQ +SRcQ8TGnBCrWLl80NjnGOky5Nmq4qCzpxhtuFcWixaqlBa3GnXDfecDfBDrcD1T9 +z63gPJ2Ghovoub1UGp01A+4ZBXD4yc1ZEGmhLFA8Aih4BPdsD6cfXWsAi5Nx8FmC +KvNEg4FeMGV13ZEAF8cxaIS/xq9R2xdgYt+lImaDson/ODIoeg+k5B9ntSGs2H9N +YoFDlSiB4/a6mBkZm6BA649aL2FjbfOaIB3V07ynzkrSDeUvES9ybnyqbkvd2Slf +4us4me9zroOo2UQn1fJVWfPFRFb7aAoBIAIHNVmf1vtMYe9tQQ5o1Mcxb0sixaqO +To4fBaaz1WOtrH6NdEWD3OHUkJrFJb/2dVfvR4bHxdWxtF+WdKkbRfdRmYPVAwVf +PhasEaaTOZ5r0QghOnjF0YL0YAqvJLx/roz54mNTgavH5BzXjYd9koW0csbWghXd +p7BfBwGjfaJfPq6MK+Ifk0WH2Dr5mbSFUw1QdEx9dYZJUDuwu7np5ctd62sjZkwY +ppZlgf+gp+OVjGz+yiTAlQ3PB3wCs23qKtdypxsA7G056TNNkwMcBLN16ngLD7kC +DQRdok2SARAA/FdD3ji4pAe3C8ziLQfxq2LJX2QPmySoqr0nZWZ2XmZu58w9fVZh +SSaKpdmqXfR1qSxIw8Pz+7i5Hh2dcG6dJleAMNYYTc7sm4EUDqLtUaQSNVtXrmCE +SwWcsOPybgHwQNIBd6CTgtQON+iNe6xA/b6nLw5/4ITalkTe43Kv3yVZbvo7X8x+ +c+eIyhYx1UZjbndagH26FXB+WJ22QsNgQrPAYdltn57eQ2m8u9LBCtQl00DLUbv4 ++1SDvVAlal3Es62m0u97tKx2FOoJBehMBc+Czle5/6hS6xKgKgArdKfUcfLch7Au +FtOd2n+HpCCUskApEgH9s7pcMFmioL9V366x1sgTZoRE+qhs81255hjnK8oWQ6+E +F+D3YHPKb8b9wDLMfvwXZLPQPyNpAuDczDBrbAZ7s2CvQ4icOYJLBGzQo0bHAHTs +N6p/mTAfwLHrgKEDY+YLLqaogdZ0O7wL+jgrL6fuKqALuIJqO/6FBVXfyR5rvUGs +8R9rdy39x0NkWdyt+I0kXf50cWVi/tSi47HGYJpc1JSjFOfLjpQihij+nWlMnaF4 +bpeJBUYx5FZlIou4a7+aRsPQC7P58tcMSFR7gKlomBacBQoVkf8iZ6ml0aWRTZnr +s2XOGn7h6A4AoeLr1i4U8XkJGHatunhvhXJTPHk0QZvgfq92gQc3IdUAEQEAAYkE +cgQYAQoAJhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJdok2SAhsCBQkB4TOAAkAJ +EGZXvoqNHugHwXQgBBkBCgAdFiEEVAotn4qIhqe83vdsfheGip18nM8FAl2iTZIA +CgkQfheGip18nM9DVxAAuqX7iztddbttkIfN65R5XJPjz7NRg0AI8G+1qnkvF3c2 +ufNjL++BJSvlbi/2ov92S+0CPF08E4kDsHjA/JM782D6lDfSZltW4YBBqkJZdtiP +ElcIqIhM6EX7fs3Ag/RjUVPb4tYkH20xcNhyl+0RdBuSvR0+KOXXBfoNmsyQM4/h +UKiWW3vGOZOBmYPNcvAQcMs+p4D5JHQcOyxgtXyiXU/VxvUWI7cH6I7daRDTFR3L +4zXoIrRwqEgxIqof2Zm4smoHDLfXxGQrcjj6eKkn/gt/T7qYxnhcG5guS2DwIay5 +c7xV1xuB7pDgM1On56heD21DI4vtXXnTkjo7/6hsw2e6TBcn295fEekvBupYVwaz +efBSlr2f3xxlDvd35D5tWZRVGspzxO15DcTaTglOeNtRnYGRwHwE/tiJ0G0uwGfv +aI0xeexuhnTfvEkpJ4SJ/iMl+FpOw7I35H7mz8MrRNMjtR+Es8gzuw7hNErmbh0S +LZvddoPnqt9kF8ayA1iz1X9KiBkkj3EbvI99jYjdDDm5lsxCZKLSX4r9Mp236K6D +MGlifRN2AfdXziXhPABQkKE5m7kcn1gALn9Mcg5HgeXTdxan6QP35ygDtmNldJGE +P+AWAZ4RwaFK8P3/oqQ/8XhnkwH5n2SPd8WQqnldvrtajUzUegvJUstLS5B1TFQl +Ug/9EV4nuVrGU0uFQLFKLzCXAxWGQPwFwJW4XI4SfhHzyXm8nuJLAKJunxxYni9z +7bIe297hNCMLh8VwW6WkGCz4v9BfURE1jUEPeuu0biCHxa+U8vd1l/CIgAYbNTgj +8eNsN6hV4X9fpGaW0YjDtGSkl1FMC+4YLXm8xRHzdM0RpZpRMaUKSuAYJzi21LGa +QyhdrTn77RvbkeFu0I3b8If5QLTFxLTkAM2IwfyHd7ytlhl6vxHaUwh8djop9jjc +Ty+bSyEjEIZyR+buj3CVUiheQXWw6rGFdR/TLGERWMf6rYF/fuXp5s6jmRCPmB0d +7iX3WkZ6XvjW6wuM9TaBhK3PixPHcHss8uwhtg7+WeVqRAr4VWTFxTIy60vacDvL +5Sskqas4JWnYxfuFpm60IDnBS2kkHM07O+PY2x4S5o+7S0qT9RPtcvqVtAp8eont +2ovc9fXn4UpbeENFeytwed65QrFYDLGlNtq66iO2kp2mX/sFk634TUZ04vyz6nut +senoOofrZefND2uhzJ8pyJkYWTWBsmGitn0JPSBxbIil7PSDBbqEdHE/fD6QnOdw +dmDrFJUdcDzwdBDlmn80VOmooyR8pfrH5u6wKfNZ9xBjVsh1z6lWQbuBgXtltTtE +5rJJvZ7Pawt8nmb+UW0WxCL3TsWCG3sq1MV8ryU/9l0hTEK5Ag0EXaJN1gEQANML +yxoeknGlTtkG640UP5ZkUEojwXxlni3v2dpWEaEJO9yqvkELCWum5pRz+iDzoDFS +lUPnP3YKVFkLbAlk56abIAQ6VK7wkOSHCw1F7LlCY830bRkgGJ8/b8us9KpET6Am +ei7OGYVtqNBUodEJi6XkH5q9RLQeVR+7ynt0LTAxO/mMFYc3nhccrhadubhh5rTd +e/UcxBL/zYx8tCBy2F4ep6Anx02HOauTwaqk4KLhB9IcdS8sJQHFY7iEVWNcovwF +8luGEGPJOdOPTMZz4jD4aWFqbT6ragWaG8tisLEe9UhET2LL3r/4DIgAJY4bwg5T +ZyK/1j+Nj1IyYkQ9A6YF96Y5XCi9DF0MYq9NytWNnMCT8F4QCCDRWhgql714/Er/ +qfwnT2M6m8P4OS1sAHv5vDDYXezB0WrJNstYvhtHhi4ctuolBuwOb7nyIBlZovhk +5/6IAFmoUprfGHOuttEcPTRDGv737cR1cYaz5QMuz2svNU3ivI/tYfIQwMAjv84A +ZN2wl63QkghYo/dm9a5Ex78CNwZD/z7HOE3zD+Rd0C9/hXLpVVhN0mKmDzgJHPUo +VDk//P3YgzM+dtUWWPJ1FfaTz2543V9MwVWUJQj0DIgl4noLHX3wkd/d4gYGAhlW +kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYWIQTb +zXV4RgabOS6pQB1mV76KjR7oBwUCXaJN1gIbDAUJAeEzgAAKCRBmV76KjR7oB4ke +D/94TykloLIX2yjqUgsIbzPNH4Q+wzXYAUwhPaY9WlRsnwMJdoWxLVvMDF44JxKj +nzUi5UctaeI2GylLv5G2na5/trRnvIAQq0IyMCz7+mQwSDcZL1UgWpoljRnKbPYs +dYSS1t7LLjP9So4YXeHlAu6tKfF5XkUvB8yfcpupPF+mhfIGPMDRPMBuO3GovpNk +Gutgrzo3dttRr5b4lwFv6uZBw906b5dgKf82nC3zhvJ0q45VFPmBvriCMHdCzR+E +i6Lv06/xSe/ksY2m2Ma16M5n/cvPdl0NFMSwPz/VctEbWV+HoIJs/swW3l5xSV1f +06GQ9h+kaTlF7UUaXWqgiKaOBpvjgVhg88AUwxbpkH/BN1MJ3ww3XAk8gyI7AW0P +60Xzj0q8zlKxYWxaDWCrBc0yCfC0ulChetVGGaJ9WWRVu2ZjPLwHoZmwEpevSrNc +0UmO4jtB/5ojCzTI+l5lLHDLYjAZFDvA2qaLfgs5roQvEaGxW9MDpuz10AclrUfV +u6UikxdivbYssVA0/ytdiIDmITONY6kNL3PLSA7Ki/N3oz4s5WpPFUOBL3wPmpW/ +MXq/d/GvzbgjXHHWdPKrC3sz12/R+PUzr+dTQeJR72eW+6QQqAEmEhS8xfffjsvQ +z3unfvv/4c/mVInpnGBuQXNFYbZxgEsFxbzVavnwppvAirkCDQRdok4KARAAyG97 +rjKhP8Uie1i/16SekDo+GkpodBmvhrZiZdwg75YxriHhgioe2AKKmQItOdZOY+mV +qMA63FmByDlPodHmQnrIAn/gr7p5V3lM+l0oVTI8maPO39iT7Nh6W/rv4ni8eMBk +L6P2cPPaTpcv76qWl/WcMiEflPNSAFaxyIapq04rafthcIILWmOBbQ+liMn9YT7a +6w3nF/Ig4Zxx7hoQE6/HrTC8HcENpCAceQQYAqIrlu8F5y1AQVWHjtyCPee1z/8l +PNnPg40lSbXozg5kQDP965Pge6XReUoUVVRcgeiSUfkHdYPIkh/tkFy1MtzTNize +buadqE41Ds6BD1maO5cpGc5iFnf+YY01vWIhwvgPMbAsUKrPOw/RyvYSwOrnWegh +pKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm64rKyYS8RIilqTCmIHnpoSIq3n1wOlMV +X4sB4N4CfAZRAbI9LZfx1QEYn0dst9+mCDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh +81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN +6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BPg6qZH7JeMnlOZXXOg8K5VcLkiGuL1brO +Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJhYhBNvN +dXhGBps5LqlAHWZXvoqNHugHBQJdok4KAhsgBQkB4TOAAAoJEGZXvoqNHugHSVkP +/iEIS7oVZuXBRYCv6GSfrS7b8h5NH8TFiu89sl3B0aRjRXhcsCgutFHVa4ztJqjF +rzuzmZ/6dlZ2F/LGu1Qzgu8Vd3VNFTuxanUE5W82mFqTcYij1G2HjN0gBoOhscl3 +Oy5zsYfP4gyB3pypPujcqhKfFxxW4V7HK8CvspQ6Anh8TrrAobM7b5gREm3BUvl+ +VH7ErYLy13XkH2dNhUeAY2lNLLBbftwBE3RDFtaT9on/e4FZycgtfOM9fXOqdNXk +EQW4fXBoazWWYXXcVMro0+KTpITjXdX9F613C9xwLEATS8OVIDxQZFuyrl1r/Dty +keEn2OKi1RVdZhW7aV09ckKKeH1X/89850WDQatrsREjLXfJBJU94XKwekFC0wsw +uUJkyf5tb/FbAQg8fTMLhVv1D+IqkEISSwr3JmRZXqDEAYqCZHHWqnRrB8mm6eoB +vI93yMV1bkxb2/aI4xBtGKhPzfLIiiV5PevmnDOq08htU/Jr6VGhW+Wm1/qnHmPw +JE1J+yH8NHJQ6NemztSomK8K9J23zgJfgb24Eztc8zIBcNb2CWJ9BgkSYy1BLFy4 +gsfSx3i91GdfsjMpBL7o4/rjdlJGbt76k18dSyWJEdtwYYKwGYvNes21GwbZ/aOx +z8vpeBc06aBx5UOb4Y22HNfG9hDfuuDhGP7Kl0b0LIqq +=U2Jf +-----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/lass/ssh/yubikey.rsa b/krebs/3modules/lass/ssh/yubikey.rsa new file mode 100644 index 000000000..349bb4aab --- /dev/null +++ b/krebs/3modules/lass/ssh/yubikey.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIb3uuMqE/xSJ7WL/XpJ6QOj4aSmh0Ga+GtmJl3CDvljGuIeGCKh7YAoqZAi051k5j6ZWowDrcWYHIOU+h0eZCesgCf+CvunlXeUz6XShVMjyZo87f2JPs2Hpb+u/ieLx4wGQvo/Zw89pOly/vqpaX9ZwyIR+U81IAVrHIhqmrTitp+2FwggtaY4FtD6WIyf1hPtrrDecX8iDhnHHuGhATr8etMLwdwQ2kIBx5BBgCoiuW7wXnLUBBVYeO3II957XP/yU82c+DjSVJtejODmRAM/3rk+B7pdF5ShRVVFyB6JJR+Qd1g8iSH+2QXLUy3NM2LN5u5p2oTjUOzoEPWZo7lykZzmIWd/5hjTW9YiHC+A8xsCxQqs87D9HK9hLA6udZ6CGkq4hG/6wFwNjSMnv30IcHZzx6IBihNGbrisrJhLxEiKWpMKYgeemhIirefXA6UxVfiwHg3gJ8BlEBsj0tl/HVARifR2y336YINEn8AsHGhwrPTBFOnBTmfA/VnP1NlWHzXCfVimP6YVvdoGCCnAwvFuJ+ZuxmZ3UzBb2TenZZOzwzV0sUzZk0D1CaSBFJUU3oZNOkDIM6z5lIZgzsyKwb38S8Vs3HYE+Dqpkfsl4yeU5ldc6DwrlVwuSIa4vVus4eWD3gDGFrx98yaqOx17pc4CC9KXk/2TjtJY5xmQ== lass@yubikey diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index ab24d9096..f9e8d485c 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -184,7 +184,7 @@ in { nixos.unstable IN CNAME krebscode.github.io. o.euer IN A ${nets.internet.ip4.addr} photostore IN A ${nets.internet.ip4.addr} - pigstarter IN A ${nets.internet.ip4.addr} + pigstarter IN CNAME makefu.github.io. share.euer IN A ${nets.internet.ip4.addr} wg.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix index 78f2b8ebd..71e2b541a 100644 --- a/krebs/3modules/power-action.nix +++ b/krebs/3modules/power-action.nix @@ -16,7 +16,7 @@ let default = "BAT0"; }; user = mkOption { - type = types.string; + type = types.str; default = "power-action"; }; startAt = mkOption { diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index 09e552010..d59569317 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -333,18 +333,18 @@ let rutorrent-imp = { services.phpfpm = { # phpfpm does not have an enable option - poolConfigs = { - rutorrent = '' - user = ${nginx-user} - group = ${nginx-group} - listen = ${fpm-socket} - listen.owner = ${nginx-user} - listen.group = ${nginx-group} - pm = dynamic - pm.max_children = 5 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 + pools.rutorrent = { + user = nginx-user; + group = nginx-group; + listen = fpm-socket; + settings = { + "pm" = "dynamic"; + "pm.max_children" = 5; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 1; + "pm.max_spare_servers" = 3; + }; + extraConfig = '' chdir = / php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix index 8b7165860..572a8029c 100644 --- a/krebs/5pkgs/haskell/email-header.nix +++ b/krebs/5pkgs/haskell/email-header.nix @@ -10,22 +10,11 @@ with import <stockholm/lib>; rev = "7b179bd31192ead8afe7a0b6e34bcad4039deaa8"; sha256 = "12j2n3sbvzjnw99gga7kkdygm8n3qx2lh8q26ad6a53xm5whnz59"; }; - "18.09" = { - version = "0.4.1-tv1"; - rev = "refs/tags/v${cfg.version}"; - sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; - }; - "19.03" = { - version = "0.4.1-tv1"; - rev = "refs/tags/v${cfg.version}"; - sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; - }; - "19.09" = { - version = "0.4.1-tv1"; - rev = "refs/tags/v${cfg.version}"; - sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; - }; - }.${versions.majorMinor version}; + }.${versions.majorMinor version} or { + version = "0.4.1-tv1"; + rev = "refs/tags/v${cfg.version}"; + sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; + }; in mkDerivation { pname = "email-header"; diff --git a/krebs/5pkgs/simple/bitlbee-discord/default.nix b/krebs/5pkgs/simple/bitlbee-discord/default.nix deleted file mode 100644 index c01b87d6b..000000000 --- a/krebs/5pkgs/simple/bitlbee-discord/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoreconfHook, pkgconfig, glib }: - -with stdenv.lib; -stdenv.mkDerivation rec { - name = "bitlbee-discord-2017-12-27"; - - src = fetchFromGitHub { - rev = "6a03db169ad44fee55609ecd16e19f3c0f99a182"; - owner = "sm00th"; - repo = "bitlbee-discord"; - sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95"; - }; - - nativeBuildInputs = [ autoreconfHook pkgconfig ]; - buildInputs = [ bitlbee glib ]; - - preConfigure = '' - export BITLBEE_PLUGINDIR=$out/lib/bitlbee - ./autogen.sh - ''; - - meta = { - description = "Bitlbee plugin for Discord"; - - homepage = https://github.com/sm00th/bitlbee-discord; - license = licenses.gpl2Plus; - platforms = stdenv.lib.platforms.linux; - }; -} diff --git a/krebs/5pkgs/simple/cholerab/default.nix b/krebs/5pkgs/simple/cholerab/default.nix index 94514fe44..007776164 100644 --- a/krebs/5pkgs/simple/cholerab/default.nix +++ b/krebs/5pkgs/simple/cholerab/default.nix @@ -1,7 +1,16 @@ -{ fetchgit, callPackage }: let - src = fetchgit { - url = "https://github.com/krebs/cholerab"; +{ stdenv, fetchFromGitHub, pandoc }: +stdenv.mkDerivation { + name = "cholerab"; + src = fetchFromGitHub { + owner = "krebs"; + repo = "cholerab"; rev = "25d7ef051d6fc74d99b155e768b3c650296a230c"; sha256 = "1pymw7v2ql42iq825ccx98s4fp9jsz5b2hjr1qad6bamfc6i7yy9"; }; -in callPackage src {} + phases = [ "buildPhase" ]; + buildPhase = '' + mkdir -p $out/share/man/man1 + ${pandoc}/bin/pandoc -s -t man $src/thesauron.md -o $out/share/man/man1/thesauron.1 + ${pandoc}/bin/pandoc -s -t man $src/enterprise-patterns.md -o $out/share/man/man1/enterprise-patterns.1 + ''; +} diff --git a/krebs/5pkgs/simple/go-shortener/default.nix b/krebs/5pkgs/simple/go-shortener/default.nix index 4d1bef2be..5e734553b 100644 --- a/krebs/5pkgs/simple/go-shortener/default.nix +++ b/krebs/5pkgs/simple/go-shortener/default.nix @@ -1,11 +1,11 @@ -{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-8_x, pkgs }: +{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-12_x, pkgs }: with lib; let nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> { inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; - nodejs = nodejs-8_x; + nodejs = nodejs-12_x; libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; }; @@ -34,7 +34,7 @@ in stdenv.mkDerivation { ]; buildInputs = [ - nodejs-8_x + nodejs-12_x makeWrapper ]; @@ -43,7 +43,7 @@ in stdenv.mkDerivation { cp index.js $out/ cat > $out/go << EOF - ${nodejs-8_x}/bin/node $out/index.js + ${nodejs-12_x}/bin/node $out/index.js EOF chmod +x $out/go diff --git a/krebs/5pkgs/simple/newsbot-js/default.nix b/krebs/5pkgs/simple/newsbot-js/default.nix index cc362b86a..055e6b476 100644 --- a/krebs/5pkgs/simple/newsbot-js/default.nix +++ b/krebs/5pkgs/simple/newsbot-js/default.nix @@ -1,11 +1,11 @@ -{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-8_x, pkgs, icu }: +{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-12_x, pkgs, icu }: with lib; let nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> { inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; - nodejs = nodejs-8_x; + nodejs = nodejs-12_x; libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; }; @@ -36,7 +36,7 @@ in stdenv.mkDerivation { ]; buildInputs = [ - nodejs-8_x + nodejs-12_x makeWrapper ]; @@ -45,7 +45,7 @@ in stdenv.mkDerivation { cp newsbot.js $out/ cat > $out/newsbot << EOF - ${nodejs-8_x}/bin/node $out/newsbot.js + ${nodejs-12_x}/bin/node $out/newsbot.js EOF chmod +x $out/newsbot diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index f1dd0bf6d..01230b439 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "021d733ea3f87b8c9232020b4e606d08eaca160b", - "date": "2019-09-20T08:20:21+02:00", - "sha256": "13600nzrakvg2hsfg5yr7x0jp9m762nvjyddf07q60d3m7vx9jxy", + "rev": "7952807791daf3c60c99f10f371f732d897e3de8", + "date": "2019-10-13T01:14:01+02:00", + "sha256": "1h9wg0arazbyj8xfgvfhzn2gw6ya8sgcxscy1n5j182b5xri1xdk", "fetchSubmodules": false } diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index 08354357a..9b5d7ccd8 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs-channels \ - --rev refs/heads/nixos-19.03' \ + --rev refs/heads/nixos-19.09' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index df8868034..bd559944a 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -34,6 +34,7 @@ with import <stockholm/lib>; ]; }; environment.systemPackages = with pkgs; [ + ark pavucontrol #firefox chromium @@ -58,7 +59,7 @@ with import <stockholm/lib>; krebs.per-user.bitcoin.packages = [ pkgs.electrum pkgs.electron-cash - pkgs.altcoins.litecoin + pkgs.litecoin ]; users.extraUsers = { bitcoin = { diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index 998fa1478..f57d275d8 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: { imports = [ <stockholm/lass> @@ -14,15 +14,19 @@ krebs.build.host = config.krebs.hosts.hilum; - boot.loader.grub.extraEntries = '' - menuentry "grml" { - iso_path=/isos/grml.iso - export iso_path - search --set=root --file $iso_path - loopback loop $iso_path - root=(loop) - configfile /boot/grub/loopback.cfg - loopback --delete loop - } - ''; + boot.loader.grub = { + extraEntries = '' + submenu isos { + source /grub/autoiso.cfg + } + ''; + extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation { + name = "autoiso.cfg"; + src = pkgs.grub2.src; + phases = [ "unpackPhase" "installPhase" ]; + installPhase = '' + cp docs/autoiso.cfg $out + ''; + }); + }; } diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index d8c8699ae..86727700f 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: { imports = [ @@ -14,20 +14,13 @@ <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/games.nix> <stockholm/lass/2configs/bitcoin.nix> - <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/wine.nix> - <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/nfs-dl.nix> - <stockholm/lass/2configs/prism-share.nix> + #<stockholm/lass/2configs/prism-share.nix> <stockholm/lass/2configs/ssh-cryptsetup.nix> ]; krebs.build.host = config.krebs.hosts.icarus; - - environment.systemPackages = with pkgs; [ - macchanger - dpass - ]; programs.adb.enable = true; } diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix deleted file mode 100644 index cab267d54..000000000 --- a/lass/1systems/morpheus/config.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; -{ - imports = [ - <stockholm/lass> - - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/power-action.nix> - <stockholm/lass/2configs/baseX.nix> - <stockholm/lass/2configs/games.nix> - <stockholm/lass/2configs/steam.nix> - ]; - - krebs.build.host = config.krebs.hosts.morpheus; - - networking.wireless.enable = false; - networking.networkmanager.enable = true; - - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - - nixpkgs.config.packageOverrides = super: { - steam = super.steam.override { - withPrimus = true; - extraPkgs = p: with p; [ - glxinfo - nettools - bumblebee - ]; - }; - }; - - - services.xserver.desktopManager.default = "none"; - services.xserver.displayManager.lightdm.autoLogin = { - enable = true; - user = "lass"; - timeout = 5; - }; -} diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix deleted file mode 100644 index 0f08acb2d..000000000 --- a/lass/1systems/morpheus/physical.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib, ... }: -{ - imports = [ - <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ./config.nix - ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostId = "60ce7e88"; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.kernelParams = [ "acpi_osi=!" ''acpi_osi="Windows 2009"'' ]; - - hardware.bumblebee.enable = true; - hardware.bumblebee.group = "video"; - - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/DF3B-4528"; - fsType = "vfat"; - }; - - nix.maxJobs = lib.mkDefault 8; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a586807ef..e957279e2 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -184,7 +184,7 @@ with import <stockholm/lib>; imports = [ <stockholm/lass/2configs/realwallpaper.nix> ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' + services.nginx.virtualHosts."lassul.us".locations."= /wallpaper.png".extraConfig = '' alias /var/realwallpaper/realwallpaper.png; ''; } @@ -261,41 +261,6 @@ with import <stockholm/lib>; hostAddress = "10.233.2.3"; localAddress = "10.233.2.4"; }; - services.nginx.virtualHosts."rote-allez-fraktion.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - extraConfig = '' - proxy_set_header Host rote-allez-fraktion.de; - proxy_pass http://10.233.2.4; - ''; - }; - }; - } - { - imports = [ <stockholm/lass/2configs/backup.nix> ]; - lass.restic = genAttrs [ - "daedalus" - "icarus" - "littleT" - "mors" - "shodan" - "skynet" - ] (dest: { - dirs = [ - "/home/chat/.weechat" - "/bku/sql_dumps" - ]; - passwordFile = (toString <secrets>) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/prism"; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }); } { users.users.download.openssh.authorizedKeys.keys = [ @@ -379,7 +344,7 @@ with import <stockholm/lib>; services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' if ($scheme != "https") { - rewrite ^ https://$host$uri permanent; + rewrite ^ https://$host$request_uri permanent; } auth_basic "Restricted Content"; auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index 2d25bc88a..8630d0f4b 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -28,6 +28,12 @@ export SYSTEM="$1" $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; + usb-tether-on = pkgs.writeDash "usb-tether-on" '' + adb shell su -c service call connectivity 33 i32 1 s16 text + ''; + usb-tether-off = pkgs.writeDash "usb-tether-off" '' + adb shell su -c service call connectivity 33 i32 0 s16 text + ''; }; services.xserver = { @@ -66,26 +72,8 @@ programs.adb.enable = true; - services.logind.lidSwitch = "ignore"; - services.acpid = { - enable = true; - lidEventCommands = '' - export DISPLAY=:${toString config.services.xserver.display} - case "$1" in - "button/lid LID close") - ${pkgs.xorg.xinput}/bin/xinput disable 'pointer: Mouse for Windows' - ${pkgs.xorg.xinput}/bin/xinput disable 'keyboard: Mouse for Windows' - ${pkgs.acpilight}/bin/xbacklight -get > /tmp/pre_lid_brightness - ${pkgs.acpilight}/bin/xbacklight -set 0 - ;; - "button/lid LID open") - ${pkgs.xorg.xinput}/bin/xinput enable 'pointer: Mouse for Windows' - ${pkgs.xorg.xinput}/bin/xinput enable 'keyboard: Mouse for Windows' - ${pkgs.acpilight}/bin/xbacklight -set $(cat /tmp/pre_lid_brightness) - ;; - esac - ''; - }; + services.logind.lidSwitch = "suspend"; + lass.screenlock.enable = lib.mkForce false; systemd.services.suspend-again = { after = [ "suspend.target" ]; diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix index 5d60dfc45..77cf2206b 100644 --- a/lass/1systems/xerxes/physical.nix +++ b/lass/1systems/xerxes/physical.nix @@ -13,9 +13,8 @@ }; boot.loader.efi.canTouchEfiVariables = true; - # TODO fix touchscreen boot.blacklistedKernelModules = [ - "goodix" + "sdhci_pci" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; @@ -46,7 +45,7 @@ swapDevices = [ ]; boot.extraModprobeConfig = '' - options zfs zfs_arc_max=1073741824 + options zfs zfs_arc_max=107374182 ''; nix.maxJobs = lib.mkDefault 4; @@ -74,13 +73,10 @@ services.xserver = { videoDrivers = [ "intel" ]; - deviceSection = '' - Option "TearFree" "true" - ''; displayManager.sessionCommands = '' echo nonono > /tmp/xxyy (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right) - (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1) + (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1) ''; }; } diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index cda0d0a33..d049bdee6 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -47,7 +47,7 @@ with import <stockholm/lib>; }; virtualHosts.default = { default = true; - locations."/Nginx-Fancyindex-Theme-dark" = { + locations."=/Nginx-Fancyindex-Theme-dark" = { extraConfig = '' alias ${pkgs.fetchFromGitHub { owner = "Naereen"; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index ecbb7541f..52d694c46 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -10,6 +10,7 @@ in { ./copyq.nix ./urxvt.nix ./xdg-open.nix + ./yubikey.nix { hardware.pulseaudio = { enable = true; @@ -54,7 +55,7 @@ in { time.timeZone = "Europe/Berlin"; programs.ssh.agentTimeout = "10m"; - programs.ssh.startAgent = true; + programs.ssh.startAgent = false; services.openssh.forwardX11 = true; environment.systemPackages = with pkgs; [ @@ -62,11 +63,11 @@ in { acpilight ag cabal2nix - cholerab dic dmenu font-size fzfmenu + gimp gitAndTools.qgit git-preview gnome3.dconf diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index c0085995d..eafab400c 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,100 +1,13 @@ { config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - - mainUser = config.users.extraUsers.mainUser; - - browser-select = let - sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) - (mapAttrsToList (name: value: { inherit name value; }) - config.lass.browser.paths); - in pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) - case $BROWSER in - ${concatMapStringsSep "\n" (n: '' - ${n.name}) - export BIN=${n.value.path}/bin/${n.name} - ;; - '') (sortedPaths)} - esac - $BIN "$@" - ''; - - createUser = script: name: groups: precedence: dpi: - { - lass.xjail.${name} = { - inherit script groups dpi; - }; - environment.systemPackages = [ - config.lass.xjail-bins.${name} - (pkgs.writeDashBin "cx-${name}" '' - DISPLAY=:${toString (genid_uint31 name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip - '') - ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; - - createChromiumUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.chromium}/bin/chromium "$@" - '') name groups precedence 80; - - createFirefoxUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.firefox}/bin/firefox "$@" - '') name groups precedence 80; - - createQuteUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.qutebrowser}/bin/qutebrowser "$@" - '') name groups precedence 60; - -in { - - lass.browser.select = browser-select; - - environment.systemPackages = [ - browser-select - ]; - +{ + lass.browser.config = { + cr = { groups = [ "audio" "video" ]; precedence = 9; }; + }; programs.chromium = { enable = true; extensions = [ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium + "ihlenndgcmojhcghmfjfneahoeklbjjh" #cVim ]; }; - - imports = [ - { - options.lass.browser.select = mkOption { - type = types.path; - }; - options.lass.browser.paths = mkOption { - type = types.attrsOf (types.submodule ({ - options = { - path = mkOption { - type = types.path; - }; - precedence = mkOption { - type = types.int; - default = 0; - }; - }; - })); - }; - } - ( createFirefoxUser "ff" [ "audio" ] 11 ) - ( createQuteUser "qb" [ "audio" ] 10 ) - ( createChromiumUser "cr" [ "audio" "video" ] 9 ) - ( createChromiumUser "gm" [ "video" "audio" ] 8 ) - ( createChromiumUser "wk" [ "audio" ] 0 ) - ( createChromiumUser "fb" [ "audio" ] 0 ) - ( createChromiumUser "com" [ "audio" ] 0 ) - ( createChromiumUser "fin" [] (-1) ) - ]; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 972b4760a..27242b129 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -23,8 +23,8 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey - config.krebs.users.lass-shodan.pubkey - config.krebs.users.lass-icarus.pubkey + config.krebs.users.lass-xerxes.pubkey + config.krebs.users.lass-yubikey.pubkey ]; }; mainUser = { @@ -42,6 +42,8 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey + config.krebs.users.lass-xerxes.pubkey + config.krebs.users.lass-yubikey.pubkey ]; }; }; @@ -173,13 +175,7 @@ with import <stockholm/lib>; ''; }; - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; + services.openssh.enable = true; services.journald.extraConfig = '' SystemMaxUse=1G @@ -190,7 +186,9 @@ with import <stockholm/lib>; enable = true; tables = { nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-i retiolum -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } + { predicate = "-i wiregrill -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } + { predicate = "-p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } ]; nat.OUTPUT.rules = [ @@ -217,7 +215,4 @@ with import <stockholm/lib>; networking.dhcpcd.extraConfig = '' noipv4ll ''; - services.netdata = { - enable = true; - }; } diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index d1e6b195b..a82672998 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -15,6 +15,7 @@ with import <stockholm/lib>; relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors config.krebs.hosts.blue + config.krebs.hosts.xerxes ]; internet-aliases = with config.krebs.users; [ { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822 @@ -106,6 +107,10 @@ with import <stockholm/lib>; { from = "ubisoft@lassul.us"; to = lass.mail; } { from = "kottezeller@lassul.us"; to = lass.mail; } { from = "pie@lassul.us"; to = lass.mail; } + { from = "vebit@lassul.us"; to = lass.mail; } + { from = "vcvrack@lassul.us"; to = lass.mail; } + { from = "epic@lassul.us"; to = lass.mail; } + { from = "microsoft@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index a3acb82bb..c0e6beba4 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -10,7 +10,7 @@ let doom = pkgs.writeDash "doom" '' DOOM_DIR=''${DOOM_DIR:-~/doom/} ${vdoom} \ - -file $DOOM_DIR/lib/brutalv20.pk3 \ + -file $DOOM_DIR/lib/brutalv21.pk3 \ "$@" ''; doom1 = pkgs.writeDashBin "doom1" '' @@ -56,15 +56,6 @@ let ''; in { - environment.systemPackages = with pkgs; [ - dolphinEmu - doom1 - doom2 - vdoom1 - vdoom2 - vdoomserver - ]; - users.extraUsers = { games = { name = "games"; @@ -76,7 +67,14 @@ in { packages = with pkgs; [ minecraft steam-run + scummvm dolphinEmu + doom1 + doom2 + vdoom1 + vdoom2 + vdoomserver + retroarchBare ]; }; }; diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index a1bb26049..0ddb63a03 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -3,6 +3,6 @@ with import <stockholm/lib>; { nix.gc = { - automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer); + automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer); }; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 7650f4294..ced0d7955 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -180,7 +180,7 @@ let with git // config.krebs.users; repo: singleton { - user = [ lass lass-mors lass-shodan lass-icarus lass-blue ]; + user = [ lass lass-mors lass-shodan lass-icarus lass-blue lass-xerxes ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index 5649041f9..89b119347 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, pkgs, ... }: { imports = [ <stockholm/krebs/2configs/hw/x220.nix> @@ -8,7 +8,20 @@ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + extraModulePackages = [ + config.boot.kernelPackages.tp_smapi + config.boot.kernelPackages.acpi_call + ]; + kernelModules = [ + "acpi_call" + "tp_smapi" + ]; }; + + environment.systemPackages = [ + pkgs.tpacpi-bat + ]; + fileSystems = { "/" = { device = "/dev/mapper/pool-root"; @@ -33,4 +46,10 @@ services.logind.lidSwitch = "ignore"; services.logind.lidSwitchDocked = "ignore"; + services.tlp.enable = true; + services.tlp.extraConfig = '' + START_CHARGE_THRESH_BAT0=80 + STOP_CHARGE_THRESH_BAT0=95 + ''; + } diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 1c253a6c5..156ebcae7 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -2,7 +2,7 @@ { krebs.per-user.lass.packages = with pkgs; [ - pass + (pass.withExtensions (ext: [ ext.pass-otp ])) gnupg ]; diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index b4efd42fc..b24d7af3e 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -230,11 +230,11 @@ in { proxy_set_header X-Real-IP $remote_addr; proxy_pass http://localhost:8000; ''; - locations."/recent".extraConfig = '' + locations."= /recent".extraConfig = '' alias /tmp/played; ''; }; - virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let + virtualHosts."lassul.us".locations."= /the_playlist".extraConfig = let html = pkgs.writeText "index.html" '' <!DOCTYPE html> <html lang="en"> @@ -260,7 +260,7 @@ in { }; krebs.syncthing.folders."the_playlist" = { path = "/home/radio/music/the_playlist"; - peers = [ "mors" "phone" "prism" ]; + peers = [ "mors" "phone" "prism" "xerxes" ]; }; krebs.permown."/home/radio/music/the_playlist" = { owner = "radio"; diff --git a/lass/2configs/starcraft.nix b/lass/2configs/starcraft.nix index 742b877e8..c95a610e7 100644 --- a/lass/2configs/starcraft.nix +++ b/lass/2configs/starcraft.nix @@ -1,36 +1,5 @@ { config, pkgs, ... }: let mainUser = config.users.extraUsers.mainUser; - newWine = pkgs.wineStaging; - #newWine = pkgs.wineStaging.overrideAttrs (old: { - # name = "wine-3.7"; - # buildInputs = old.buildInputs ++ [ - # pkgs.libuuid.bin - # pkgs.autoconf.out - # ]; - # src = pkgs.fetchurl { - # url = "https://dl.winehq.org/wine/source/3.x/wine-3.7.tar.xz"; - # sha256 = "1drbzk3y0m14lkq3vzwwkvain5shykgcbmyzh6gcb5r4sxh3givn"; - # }; - # postPatch = old.postPatch or "" + '' - # patchShebangs tools - # cp -r ${pkgs.fetchFromGitHub { - # sha256 = "0kam73jqhah7bzji5csxxhhfdp6byhzpcph6xnzjqz2aic5xk7xi"; - # owner = "wine-staging"; - # repo = "wine-staging"; - # rev = "v3.7"; - # }}/patches . - # chmod +w patches - # cd patches - # patchShebangs gitapply.sh - # ./patchinstall.sh DESTDIR="$PWD/.." --all - # cd .. - # ''; - - #}); - #newWine = (import (builtins.fetchGit { - # url = "https://github.com/NixOS/nixpkgs"; - # rev = "696c6bed4e8e2d9fd9b956dea7e5d49531e9d13f"; - #}) {}).wineStaging; in { users.users= { starcraft = { @@ -40,7 +9,7 @@ in { "video" ]; packages = [ - newWine + pkgs.wineWowPackages.minimal pkgs.winetricks pkgs.mpg123 ]; diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix index e1b523e3a..701e5047e 100644 --- a/lass/2configs/steam.nix +++ b/lass/2configs/steam.nix @@ -11,9 +11,8 @@ # ##TODO: make steam module nixpkgs.config.steam.java = true; - environment.systemPackages = with pkgs; [ - steam - ]; + + users.users.games.packages = [ pkgs.steam ]; #ports for inhome streaming krebs.iptables = { diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix index 5b92d0919..d0cfdf478 100644 --- a/lass/2configs/ts3.nix +++ b/lass/2configs/ts3.nix @@ -10,8 +10,8 @@ { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; } { predicate = "-p udp --dport 9987"; target = "ACCEPT"; } ##file transfer port - #{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; } - #{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 30033"; target = "ACCEPT"; } + { predicate = "-p udp --dport 30033"; target = "ACCEPT"; } ##query port #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; } #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 9980e0501..b9673de70 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,7 +26,6 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (servePage [ "jarugadesign.de" "www.jarugadesign.de" ]) (servePage [ "freemonkey.art" "www.freemonkey.art" @@ -41,6 +40,7 @@ in { "youthtube.xyz" "joemisch.com" "weirdwednesday.de" + "jarugadesign.de" "www.apanowicz.de" "www.nirwanabluete.de" @@ -50,6 +50,7 @@ in { "www.ubikmedia.de" "www.joemisch.com" "www.weirdwednesday.de" + "www.jarugadesign.de" "aldona2.ubikmedia.de" "apanowicz.ubikmedia.de" @@ -64,6 +65,7 @@ in { "freemonkey.ubikmedia.de" "jarugadesign.ubikmedia.de" "crypto4art.ubikmedia.de" + "jarugadesign.ubikmedia.de" ]) ]; @@ -250,14 +252,13 @@ in { lines = 1000; }; }; + services.restic.backups.domsen = { initialize = true; - extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ]; - repository = "sftp:efOVcMWSZ@wilhelmstr2.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; + repository = "/backups/domsen"; passwordFile = toString <secrets> + "/domsen_backup_pw"; timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; paths = [ - "/srv/http" "/home/domsen/Mail" "/home/ms/Mail" "/home/klabusterbeere/Mail" @@ -270,32 +271,32 @@ in { }; boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576"; + krebs.syncthing.folders = { + domsen-backups = { + path = "/backups/domsen"; + peers = [ "domsen-backup" ]; + }; + domsen-backup-srv-http = { + path = "/srv/http"; + peers = [ "domsen-backup" ]; + }; + }; + + system.activationScripts.domsen-backups = '' + ${pkgs.coreutils}/bin/chmod 750 /backups + ''; + krebs.permown = { - "/srv/http/ubikmedia.de" = { - owner = "domsen"; - group = "nginx"; + "/backups/domsen" = { + owner = "backup"; + group = "syncthing"; umask = "0007"; }; - "/srv/http/o.ubikmedia.de" = { - owner = "domsen"; + "/srv/http" = { + owner = "syncthing"; group = "nginx"; umask = "0007"; }; - "/srv/http/freemonkey.art" = { - owner = "domsen"; - group = "nginx"; - umask = "0002"; - }; - "/srv/http/jarugadesign.de" = { - owner = "domsen"; - group = "nginx"; - umask = "0002"; - }; - "/srv/http/reich-gebaeudereinigung.de" = { - owner = "domsen"; - group = "nginx"; - umask = "0002"; - }; }; } diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 526909e8a..f04f312d0 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -21,29 +21,6 @@ in { krebs.tinc_graphs.enable = true; - users.users.lass-stuff = { - uid = genid_uint31 "lass-stuff"; - description = "lassul.us blog cgi stuff"; - home = "/var/empty"; - }; - - services.phpfpm.poolConfigs."lass-stuff" = '' - listen = /var/run/lass-stuff.socket - user = lass-stuff - group = nginx - pm = dynamic - pm.max_children = 5 - pm.start_servers = 1 - pm.min_spare_servers = 1 - pm.max_spare_servers = 1 - listen.owner = lass-stuff - listen.group = nginx - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - security.limit_extensions = - ''; - users.groups.lasscert.members = [ "dovecot2" "ejabberd" @@ -60,48 +37,33 @@ in { locations."= /retiolum-hosts.tar.bz2".extraConfig = '' alias ${config.krebs.tinc.retiolum.hostsArchive}; ''; + locations."= /hosts".extraConfig = '' + alias ${pkgs.krebs-hosts_combined}; + ''; locations."= /retiolum.hosts".extraConfig = '' alias ${pkgs.krebs-hosts-retiolum}; ''; locations."= /wireguard-key".extraConfig = '' alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey}; ''; - locations."/tinc".extraConfig = '' + locations."/tinc/".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; - locations."/krebspage".extraConfig = '' + locations."= /krebspage".extraConfig = '' default_type "text/html"; alias ${pkgs.krebspage}/index.html; ''; - # TODO make this work! - locations."= /ddate".extraConfig = let - script = pkgs.writeBash "test" '' - echo "hello world" - ''; - #script = pkgs.exec "ddate-wrapper" { - # filename = "${pkgs.ddate}/bin/ddate"; - # argv = []; - #}; - in '' - gzip off; - fastcgi_pass unix:/var/run/lass-stuff.socket; - include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param DOCUMENT_ROOT /var/empty; - fastcgi_param SCRIPT_FILENAME ${script}; - fastcgi_param SCRIPT_NAME ${script}; - ''; - - locations."/init".extraConfig = let + locations."= /init".extraConfig = let initscript = pkgs.init.override { pubkey = config.krebs.users.lass.pubkey; }; in '' alias ${initscript}; ''; - locations."/pub".extraConfig = '' + locations."= /pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; ''; - locations."/pub1".extraConfig = '' + locations."= /pub1".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; ''; }; diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index a807f7160..bffa1036b 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -60,21 +60,23 @@ rec { expires max; ''; }; - services.phpfpm.poolConfigs."${domain}" = '' - listen = /srv/http/${domain}/phpfpm.pool - user = nginx - group = nginx - pm = dynamic - pm.max_children = 25 - pm.start_servers = 5 - pm.min_spare_servers = 3 - pm.max_spare_servers = 20 - listen.owner = nginx - listen.group = nginx - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - ''; + services.phpfpm.pools."${domain}" = { + user = "nginx"; + group = "nginx"; + extraConfig = '' + listen = /srv/http/${domain}/phpfpm.pool + pm = dynamic + pm.max_children = 25 + pm.start_servers = 5 + pm.min_spare_servers = 3 + pm.max_spare_servers = 20 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; }; serveOwncloud = domains: @@ -169,22 +171,24 @@ rec { access_log off; ''; }; - services.phpfpm.poolConfigs."${domain}" = '' - listen = /srv/http/${domain}/phpfpm.pool - user = nginx - group = nginx - pm = dynamic - pm.max_children = 32 - pm.max_requests = 500 - pm.start_servers = 2 - pm.min_spare_servers = 2 - pm.max_spare_servers = 5 - listen.owner = nginx - listen.group = nginx - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - ''; + services.phpfpm.pools."${domain}" = { + user = "nginx"; + group = "nginx"; + extraConfig = '' + listen = /srv/http/${domain}/phpfpm.pool + pm = dynamic + pm.max_children = 32 + pm.max_requests = 500 + pm.start_servers = 2 + pm.min_spare_servers = 2 + pm.max_spare_servers = 5 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; }; serveWordpress = domains: @@ -220,21 +224,23 @@ rec { expires max; ''; }; - services.phpfpm.poolConfigs."${domain}" = '' - listen = /srv/http/${domain}/phpfpm.pool - user = nginx - group = nginx - pm = dynamic - pm.max_children = 25 - pm.start_servers = 5 - pm.min_spare_servers = 3 - pm.max_spare_servers = 20 - listen.owner = nginx - listen.group = nginx - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - ''; + services.phpfpm.pools."${domain}" = { + user = "nginx"; + group = "nginx"; + extraConfig = '' + listen = /srv/http/${domain}/phpfpm.pool + pm = dynamic + pm.max_children = 25 + pm.start_servers = 5 + pm.min_spare_servers = 3 + pm.max_spare_servers = 20 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; }; } diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix new file mode 100644 index 000000000..e6482c58c --- /dev/null +++ b/lass/2configs/yubikey.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + yubikey-personalization + ]; + + services.udev.packages = with pkgs; [ yubikey-personalization ]; + services.pcscd.enable = true; + + environment.shellInit = '' + if [ "$UID" -eq 1337 ]; then + export GPG_TTY="$(tty)" + gpg-connect-agent /bye + export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" + fi + ''; + + programs = { + ssh.startAgent = false; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; +} diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 53106b03b..05964eb51 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -8,6 +8,7 @@ zsh-newuser-install() { :; } ''; interactiveShellInit = '' + unsetopt nomatch # no matches found urls setopt autocd extendedglob bindkey -e diff --git a/lass/3modules/autowifi.nix b/lass/3modules/autowifi.nix index 930d99727..9aa1a2d28 100644 --- a/lass/3modules/autowifi.nix +++ b/lass/3modules/autowifi.nix @@ -11,101 +11,28 @@ in { type = types.str; default = "/etc/wifis"; }; + enablePrisonBreak = mkOption { + type = types.bool; + default = false; + }; }; - config = { + config = lib.mkIf cfg.enable { systemd.services.autowifi = { description = "Automatic wifi connector"; wantedBy = [ "multi-user.target" ]; + path = [ pkgs.networkmanager ]; serviceConfig = { Type = "simple"; Restart = "always"; RestartSec = "10s"; - ExecStart = pkgs.writers.writePython3 "autowifi" {} /* python3 */ '' - import subprocess - import time - import urllib.request - - - def connect(ssid, psk=None): - subprocess.run(["${pkgs.networkmanager}/bin/nmcli", "connection", "delete", "autowifi"]) - print("connecting to {}".format(ssid)) - if psk is None: - subprocess.run(["${pkgs.networkmanager}/bin/nmcli", "device", "wifi", "connect", ssid, "name", "autowifi"]) - else: - subprocess.run(["${pkgs.networkmanager}/bin/nmcli", "device", "wifi", "connect", ssid, "name", "autowifi", "password", psk]) - - - def scan(): - wifis_raw = subprocess.check_output(["${pkgs.networkmanager}/bin/nmcli", "-t", "device", "wifi", "list", "--rescan", "yes"]) - wifis_list = wifis_raw.split(b'\n') - wifis = [] - for line in wifis_list: - ls = line.split(b':') - if len(ls) == 8: - wifis.append({"ssid": ls[1], "signal": int(ls[5]), "crypto": ls[7]}) - return wifis - - - def get_known_wifis(): - wifis_lines = [] - with open('${cfg.knownWifisFile}') as f: - wifis_lines = f.read().splitlines() - wifis = [] - for line in wifis_lines: - ls = line.split(':') - wifis.append({"ssid": ls[0].encode(), "psk": ls[1].encode()}) - return wifis - - - def check_internet(): - try: - beacon = urllib.request.urlopen('http://krebsco.de/secret') - except: # noqa - print("no internet") - return False - if beacon.read() == b'1337\n': - return True - print("no internet") - return False - - - def is_wifi_open(wifi): - if wifi['crypto'] == ${"b''"}: - return True - else: - return False - - - def is_wifi_seen(wifi, seen_wifis): - for seen_wifi in seen_wifis: - if seen_wifi["ssid"] == wifi["ssid"]: - return True - return False - - - def bloop(): - while True: - if not check_internet(): - wifis = scan() - known_wifis = get_known_wifis() - known_seen_wifis = [wifi for wifi in known_wifis if is_wifi_seen(wifi, wifis)] - for wifi in known_seen_wifis: - connect(wifi['ssid'], wifi['psk']) - if check_internet(): - continue - open_wifis = filter(is_wifi_open, wifis) - for wifi in open_wifis: - connect(wifi['ssid']) - if check_internet(): - continue - time.sleep(10) - - - bloop() - ''; + ExecStart = "${autowifi}/bin/autowifi"; }; }; + + networking.networkmanager.dispatcherScripts = mkIf cfg.enablePrisonBreak [ + { source = "${pkgs.callPackage <stockholm/makefu/5pkgs/prison-break}/bin/prison-break"; } + ]; }; } diff --git a/lass/3modules/browsers.nix b/lass/3modules/browsers.nix new file mode 100644 index 000000000..ccb108f8a --- /dev/null +++ b/lass/3modules/browsers.nix @@ -0,0 +1,87 @@ +{ config, lib, pkgs, ... }: +with import <stockholm/lib>; +let + + cfg = config.lass.browser; + + browserScripts = { + chromium = "${pkgs.chromium}/bin/chromium"; + firefox = "${pkgs.firefox.override { + extraNativeMessagingHosts = [ pkgs.tridactyl-native ]; + }}/bin/firefox"; + qutebrowser = "${pkgs.qutebrowser}/bin/qutebrowser"; + }; + + browser-select = let + sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) + (mapAttrsToList (name: value: { inherit name value; }) + cfg.config); + in if (lib.length sortedPaths) > 1 then + pkgs.writeScriptBin "browser-select" '' + BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) + case $BROWSER in + ${concatMapStringsSep "\n" (n: '' + ${n.name}) + export BIN=${config.lass.xjail-bins.${n.name}}/bin/${n.name} + ;; + '') (sortedPaths)} + esac + $BIN "$@" + '' + else + let + name = (lib.head sortedPaths).name; + in pkgs.writeScriptBin "browser-select2" '' + ${config.lass.xjail-bins.${name}}/bin/${name} "$@" + '' + ; + +in { + options.lass.browser = { + select = mkOption { + type = types.path; + }; + config = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + name = mkOption { + type = types.str; + default = config._module.args.name; + }; + precedence = mkOption { + type = types.int; + default = 0; + }; + user = mkOption { + type = types.str; + default = config._module.args.name; + }; + browser = mkOption { + type = types.enum (attrNames browserScripts); + default = "chromium"; + }; + groups = mkOption { + type = types.listOf types.str; + default = []; + }; + }; + })); + default = {}; + }; + }; + + config = (mkIf (cfg.config != {}) { + lass.xjail = mapAttrs' (name: browser: + nameValuePair name { + script = browserScripts.${browser.browser}; + groups = browser.groups; + } + ) cfg.config; + environment.systemPackages = (map (browser: + config.lass.xjail-bins.${browser.name} + ) (attrValues cfg.config)) ++ [ + browser-select + ]; + lass.browser.select = browser-select; + }); +} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 1195cd3d4..90dcb9d9c 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -15,5 +15,6 @@ _: ./usershadow.nix ./xjail.nix ./autowifi.nix + ./browsers.nix ]; } diff --git a/lass/5pkgs/autowifi/autowifi.py b/lass/5pkgs/autowifi/autowifi.py new file mode 100644 index 000000000..fa3d007e7 --- /dev/null +++ b/lass/5pkgs/autowifi/autowifi.py @@ -0,0 +1,228 @@ +import subprocess +import time +import urllib.request +import logging +import argparse +import socket +import struct +import signal +import os + +wifiDB = '' +logger = logging.getLogger() +got_signal = False + + +def signal_handler(signum, frame): + global got_signal + got_signal = True + + +def get_default_gateway() -> str: + """Read the default gateway directly from /proc.""" + with open("/proc/net/route") as fh: + for line in fh: + fields = line.strip().split() + if fields[1] != '00000000' or not int(fields[3], 16) & 2: + continue + + return socket.inet_ntoa(struct.pack("<L", int(fields[2], 16))) + + +def connect(ssid, psk=None): + subprocess.run( + ["nmcli", "connection", "delete", "autowifi"], + stdout=subprocess.PIPE, + ) + logging.info('connecting to %s', ssid) + if psk is None: + subprocess.run( + [ + "nmcli", + "device", + "wifi", + "connect", + ssid, + "name", + "autowifi", + ], + stdout=subprocess.PIPE, + ) + else: + subprocess.run( + [ + "nmcli", + "device", + "wifi", + "connect", + ssid, + "name", + "autowifi", + "password", + psk, + ], + stdout=subprocess.PIPE, + ) + time.sleep(5) + + +def scan(): + logging.debug('scanning wifis') + wifis_raw = subprocess.check_output([ + "nmcli", + "-t", + "device", + "wifi", + "list", + "--rescan", + "yes", + ]) + wifis_list = wifis_raw.split(b'\n') + logging.debug('scanning wifis finished') + wifis = [] + for line in wifis_list: + logging.debug(line) + ls = line.split(b':') + if len(ls) == 8: + wifis.append({ + "ssid": ls[1], + "signal": int(ls[5]), + "crypto": ls[7] + }) + return wifis + + +def get_known_wifis(): + wifis_lines = [] + with open(wifiDB) as f: + wifis_lines = f.read().splitlines() + wifis = [] + for line in wifis_lines: + ls = line.split('/') + wifis.append({"ssid": ls[0].encode(), "psk": ls[1].encode()}) + return wifis + + +def check_network(): + logging.debug('checking network') + + global got_signal + if got_signal: + logging.info('got disconnect signal') + got_signal = False + return False + else: + gateway = get_default_gateway() + if gateway: + response = subprocess.run( + [ + 'ping', + '-q', + '-c', + '1', + gateway, + ], + stdout=subprocess.PIPE, + ) + if response.returncode == 0: + logging.debug('host %s is up', gateway) + return True + else: + logging.debug('host %s is down', gateway) + return False + else: + logging.debug('no gateway') + return False + + +def check_internet(): + logging.debug('checking internet') + + try: + with open('./dummy_internet') as f: + dummy_content = f.read() + if dummy_content == 'xxx\n': + return True + beacon = urllib.request.urlopen('http://krebsco.de/secret') + except Exception as e: # noqa + logging.debug(e) + logging.info('no internet exc') + return False + if beacon.read() == b'1337\n': + return True + logging.info('no internet oh') + return False + + +def is_wifi_open(wifi): + if wifi['crypto'] == b'': + return True + else: + return False + + +def is_wifi_seen(wifi, seen_wifis): + for seen_wifi in seen_wifis: + if seen_wifi["ssid"] == wifi["ssid"]: + return True + return False + + +def main(): + parser = argparse.ArgumentParser() + + parser.add_argument( + '-c', '--config', + dest='config', + help='wifi config file to use', + default='/etc/wifis', + ) + + parser.add_argument( + '-l', '--loglevel', + dest='loglevel', + help='loglevel to use', + default=logging.INFO, + ) + + parser.add_argument( + '-p', '--pidfile', + dest='pidfile', + help='file to write the pid to', + default=None, + ) + + args = parser.parse_args() + + global wifiDB + wifiDB = args.config + logger.setLevel(args.loglevel) + + signal.signal(signal.SIGUSR1, signal_handler) + + if args.pidfile: + with open(args.pidfile, 'w+') as f: + f.write(str(os.getpid())) + + while True: + if not check_network(): + wifis = scan() + known_wifis = get_known_wifis() + known_seen_wifis = [ + wifi for wifi in known_wifis if is_wifi_seen(wifi, wifis) + ] + for wifi in known_seen_wifis: + connect(wifi['ssid'], wifi['psk']) + if check_network(): + break + open_wifis = filter(is_wifi_open, wifis) + for wifi in open_wifis: + connect(wifi['ssid']) + + if check_network(): + break + time.sleep(10) + + +if __name__ == '__main__': + main() diff --git a/lass/5pkgs/autowifi/default.nix b/lass/5pkgs/autowifi/default.nix new file mode 100644 index 000000000..d565a6bb6 --- /dev/null +++ b/lass/5pkgs/autowifi/default.nix @@ -0,0 +1 @@ +pkgs.writers.writePython3Bin "autowifi" {} ./autowifi.py diff --git a/lass/5pkgs/bank/default.nix b/lass/5pkgs/bank/default.nix new file mode 100644 index 000000000..9f3a44d79 --- /dev/null +++ b/lass/5pkgs/bank/default.nix @@ -0,0 +1,14 @@ +{ writeDashBin, coreutils, pass, hledger, diffutils }: + +writeDashBin "bank" '' + tmp=$(mktemp) + ${pass}/bin/pass show hledger > $tmp + ${hledger}/bin/hledger --file=$tmp "$@" + ${pass}/bin/pass show hledger | if ${diffutils}/bin/diff $tmp -; then + exit 0 + else + ${coreutils}/bin/cat $tmp | ${pass}/bin/pass insert -m hledger + fi + ${coreutils}/bin/rm $tmp +'' + diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 9d6f8e00c..c0aef513f 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -109,6 +109,7 @@ myKeyMap = [ ("M4-<F11>", spawn "${config.lass.screenlock.command}") , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") + , ("M4-S-p", spawn "${pkgs.otpmenu}/bin/otpmenu") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") , ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons") @@ -116,8 +117,8 @@ myKeyMap = , ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") - , ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%") - , ("<XF86MonBrightnessUp>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -inc 1") + , ("<XF86MonBrightnessDown>", spawn "${pkgs.acpilight}/bin/xbacklight -time 0 -dec 1") + , ("<XF86MonBrightnessUp>", spawn "${pkgs.acpilight}/bin/xbacklight -time 0 -inc 1") , ("<XF86Launch1>", gridselectWorkspace gridConfig W.view) , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill") @@ -158,15 +159,15 @@ myKeyMap = ${pkgs.xclip}/bin/xclip -o | ${pkgs.xdotool}/bin/xdotool type -f - ''}") - , ("M4-<F5>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1") - , ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10") - , ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") - , ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") + , ("M4-<F5>", spawn "${pkgs.acpilight}/bin/xbacklight -set 1") + , ("M4-<F6>", spawn "${pkgs.acpilight}/bin/xbacklight -set 10") + , ("M4-<F7>", spawn "${pkgs.acpilight}/bin/xbacklight -set 33") + , ("M4-<F8>", spawn "${pkgs.acpilight}/bin/xbacklight -set 100") , ("M4-<F9>", spawn "${pkgs.redshift}/bin/redshift -O 4000 -g 0.9:0.8:0.8") , ("M4-<F10>", spawn "${pkgs.redshift}/bin/redshift -x") - , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") + , ("M4-u", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") , ("M4-s", spawn "${pkgs.knav}/bin/knav") , ("<Print>", spawn "${pkgs.flameshot-once}/bin/flameshot-once") diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index fd6a555d4..e4208f1c1 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -19,20 +19,6 @@ self: super: let mapAttrs (name: _: path + "/${name}") (filterAttrs (_: eq "directory") (readDir path)); -in { - bank = self.writeDashBin "bank" '' - tmp=$(mktemp) - ${self.pass}/bin/pass show hledger > $tmp - ${self.hledger}/bin/hledger --file=$tmp "$@" - ${self.pass}/bin/pass show hledger | if ${self.diffutils}/bin/diff $tmp -; then - exit 0 - else - ${self.coreutils}/bin/cat $tmp | ${self.pass}/bin/pass insert -m hledger - fi - ${self.coreutils}/bin/rm $tmp - ''; -} - -// mapAttrs (_: flip callPackage {}) +in mapAttrs (_: flip callPackage {}) (filterAttrs (_: dir: pathExists (dir + "/default.nix")) (subdirsOf ./.)) diff --git a/lass/5pkgs/otpmenu/default.nix b/lass/5pkgs/otpmenu/default.nix new file mode 100644 index 000000000..fe6d5b94c --- /dev/null +++ b/lass/5pkgs/otpmenu/default.nix @@ -0,0 +1,10 @@ +{ pkgs }: +pkgs.writeDashBin "otpmenu" '' +x=$(${pkgs.pass}/bin/pass git ls-files '*/otp.gpg' \ + | ${pkgs.gnused}/bin/sed 's:/otp\.gpg$::' \ + | ${pkgs.dmenu}/bin/dmenu +) + +otp=$(${(pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))}/bin/pass otp code "$x/otp") +printf %s "$otp" | ${pkgs.xdotool}/bin/xdotool type -f - +'' diff --git a/lass/krops.nix b/lass/krops.nix index 12652216a..da5933df3 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -5,11 +5,6 @@ pkgs ; - host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then - import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; } - else - {} - ; source = { test }: lib.evalSource ([ (krebs-source { test = test; }) @@ -24,7 +19,12 @@ }; }; } - ] ++ (lib.optional (! test) host-source)); + (if (lib.pathExists (./. + "/1systems/${name}/source.nix")) && (! test) then + import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs test; } + else + {} + ) + ]); in { diff --git a/makefu/0tests/data/secrets/mysql_rootPassword b/makefu/0tests/data/secrets/mysql_rootPassword new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/secrets/mysql_rootPassword diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index ad9a3324b..ea18c68ac 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -58,7 +58,7 @@ # Krebs <stockholm/makefu/2configs/tinc/retiolum.nix> - # <stockholm/makefu/2configs/share/gum-client.nix> + <stockholm/makefu/2configs/share/gum-client.nix> # <stockholm/makefu/2configs/share/temp-share-samba.nix> @@ -93,23 +93,18 @@ <stockholm/makefu/2configs/binary-cache/lass.nix> # Hardware - <stockholm/makefu/2configs/hw/tp-x230.nix> + <stockholm/makefu/2configs/hw/tp-x230.nix> # + bluetooth # <stockholm/makefu/2configs/hw/mceusb.nix> - # <stockholm/makefu/2configs/hw/tpm.nix> + <stockholm/makefu/2configs/hw/tpm.nix> # <stockholm/makefu/2configs/hw/rtl8812au.nix> <stockholm/makefu/2configs/hw/network-manager.nix> # <stockholm/makefu/2configs/hw/stk1160.nix> # <stockholm/makefu/2configs/hw/irtoy.nix> # <stockholm/makefu/2configs/hw/malduino_elite.nix> <stockholm/makefu/2configs/hw/switch.nix> - <stockholm/makefu/2configs/hw/bluetooth.nix> # <stockholm/makefu/2configs/hw/rad1o.nix> <stockholm/makefu/2configs/hw/smartcard.nix> - - { - services.upower.enable = true; - users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ]; - } + <stockholm/makefu/2configs/hw/upower.nix> # Filesystem <stockholm/makefu/2configs/fs/sda-crypto-root-home.nix> @@ -147,9 +142,6 @@ ]; }; } - # { - # services.zerotierone.enable = true; - # } ]; @@ -167,12 +159,8 @@ krebs.build.host = config.krebs.hosts.x; - krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" "nextgum" ]; + krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ]; - networking.extraHosts = '' - 192.168.1.11 omo.local - 80.92.65.53 www.wifionice.de wifionice.de - ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; # avoid full boot dir @@ -199,13 +187,4 @@ services.syncthing.user = lib.mkForce "makefu"; services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/"; - # latest kernel (5.0) has issues with wifi card - boot.kernelPackages = pkgs.linuxPackages; - # Bugfix for wifi card - powerManagement.resumeCommands = '' - sleep 2 - echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove - sleep 3 - echo 1 > /sys/bus/pci/rescan - ''; } diff --git a/makefu/2configs/bureautomation/multi/10h_timers.nix b/makefu/2configs/bureautomation/multi/10h_timers.nix index 53bfd3725..8cdaa8cfd 100644 --- a/makefu/2configs/bureautomation/multi/10h_timers.nix +++ b/makefu/2configs/bureautomation/multi/10h_timers.nix @@ -57,7 +57,7 @@ let "Trotz schwerer Männergrippe ist ${name} heute im Büro erschienen.", "${name} kenne keine Parteien mehr, ${name} kenne nur noch Arbeitsplätze", "${name}, Frage nicht, was dein Arbeitsplatz für dich tun kann. Frage, was du für deinen Arbeitsplatz tun kannst", - "${name} läuft bis in den Jemen - für sein Unternehmen. ${name} schwimmt bis nach Birma - für meine Firma", + "${name} läuft bis in den Jemen - für sein Unternehmen. ${name} schwimmt bis nach Birma - für seine Firma", "Der Cyberian ${name} ist gekommen um die Bahnwelt vor Cyber-Angriffen zu schützen", "Alles paletto im Ghetto, ${name}?", "Hach, ${name}, wenn du hier rein kommst fühlt es sich gleich wieder an wie Montag.", @@ -147,7 +147,7 @@ let } { service = "homeassistant.turn_on"; entity_id = [ - "switch.fernseher" + # "switch.fernseher" "script.blitz_10s" "script.announce_${name}" ]; diff --git a/makefu/2configs/bureautomation/multi/frosch.nix b/makefu/2configs/bureautomation/multi/frosch.nix new file mode 100644 index 000000000..de93ce2b7 --- /dev/null +++ b/makefu/2configs/bureautomation/multi/frosch.nix @@ -0,0 +1,95 @@ +{ lib }: +let + + random_pommes = '' {{ [ + "Nur ein Pommes Tag ist ein guter Tag", + "Schaut wie schön sie fliegen, die Pommes Seifenblasen", + "zwo ... eins ... Pommes Zeit", + "I cannot believe it is not Pommes", + "Naja, wenn es sonst schon nichts anderes gibt, kann man jetzt auch pommes nehmen", + "Wenn Aramark was kann, dann ist es frittieren", + "Einmal das Hauptgericht mit Pommes, ohne Hauptgericht", + "Rieche ich da etwa Pommes? JA!", + "Pommes ist auch nur Gemüse,also keine Reue und schlag zu!", + "Mit nur fünf Portionen Pommes kann man schon satt werden.", + "Heute für Sie, 15 Pommes von hand abgezählt", + "Der Weltmarktpreis von Pommes ist durch verschiedene Weltkrisen leider so hoch, dass Aramark den Verkaufspreis verdoppeln musste.", + "Vorfreude, schönste Freude, Freude bei Aramark. Pommes in die Schale rein, alle Kunden werden glücklich sein.", + "In 15 Minuten ist es wieder so weit, es ist Pommes Zeit!"] | random }}''; +in { + sensor = [ + { platform = "mqtt"; + name = "frosch brightness"; + device_class = "illuminance"; + state_topic = "/bam/frosch/sensor/brightness/state"; + availability_topic = "/bam/frosch/status"; + payload_available = "online"; + payload_not_available = "offline"; + } + ]; + binary_sensor = [ + { platform = "mqtt"; + name = "frosch auge"; + state_topic = "/bam/frosch/binary_sensor/froschauge/state"; + availability_topic = "/bam/frosch/status"; + payload_available = "online"; + payload_not_available = "offline"; + } + ]; + switch = [ + { platform = "mqtt"; + name = "frosch blasen"; + state_topic = "/bam/frosch/switch/blasen/state"; + command_topic = "/bam/frosch/switch/blasen/command"; + availability_topic = "/bam/frosch/status"; + payload_available = "online"; + payload_not_available = "offline"; + } + ]; + light = []; + automation = [ + { alias = "Pommeszeit"; + trigger = { + platform = "time"; + at = "12:15:00"; + }; + condition = { + condition = "state"; + entity_id = "binary_sensor.pommes"; # from multi/aramark.nix + state = "on"; + }; + action = [ + { service = "homeassistant.turn_on"; + entity_id = [ + "script.pommes_announce" + "script.seifenblasen_30s" # from script/multi_blink.nix + ]; + } + ]; + } + ]; + script = { + pommes_announce = { + alias = "Random Pommes announce"; + sequence = [ + { + service = "media_player.play_media"; + data = { + entity_id = "media_player.mpd"; + media_content_type = "playlist"; + media_content_id = "ansage"; + }; + } + { delay.seconds = 5; } + { + service = "tts.google_say"; + entity_id = "media_player.mpd"; + data_template = { + message = random_pommes; + language = "de"; + }; + } + ]; + }; + }; +} diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 6f073fd4c..59dfa3203 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -110,6 +110,10 @@ let add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; + add_header X-Frame-Options SAMEORIGIN; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + # Optional: Don't log access to assets access_log off; ''; @@ -118,23 +122,25 @@ let access_log off; ''; }; - services.phpfpm.poolConfigs."${domain}" = '' - listen = ${socket} - user = nginx - group = nginx - pm = dynamic - pm.max_children = 32 - pm.max_requests = 500 - pm.start_servers = 2 - pm.min_spare_servers = 2 - pm.max_spare_servers = 5 - listen.owner = nginx - listen.group = nginx - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - env[PATH] = ${lib.makeBinPath [ pkgs.php ]} - catch_workers_output = yes - ''; + services.phpfpm.pools."${domain}" = { + user = "nginx"; + group = "nginx"; + listen = socket; + settings = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.max_requests" = 500; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 5; + }; + extraConfig = '' + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + env[PATH] = ${lib.makeBinPath [ pkgs.php ]} + catch_workers_output = yes + ''; + }; services.phpfpm.phpOptions = '' opcache.enable=1 opcache.enable_cli=1 @@ -171,27 +177,29 @@ in { networking.firewall.allowedTCPPorts = [ 80 443 ]; services.redis.enable = true; - services.mysql = { - enable = false; - package = pkgs.mariadb; - rootPassword = config.krebs.secret.files.mysql_rootPassword.path; - initialDatabases = [ - # Or use writeText instead of literalExample? - #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; } - { - name = "nextcloud"; - schema = pkgs.writeText "nextcloud.sql" - '' - create user if not exists 'nextcloud'@'localhost' identified by 'password'; - grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password'; - ''; - } - ]; - }; + + #services.mysql = { + # enable = false; + # package = pkgs.mariadb; + # rootPassword = config.krebs.secret.files.mysql_rootPassword.path; + # initialDatabases = [ + # # Or use writeText instead of literalExample? + # #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; } + # { + # name = "nextcloud"; + # schema = pkgs.writeText "nextcloud.sql" + # '' + # create user if not exists 'nextcloud'@'localhost' identified by 'password'; + # grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password'; + # ''; + # } + # ]; + #}; + # dataDir is only defined after mysql is enabled - # krebs.secret.files.mysql_rootPassword = { - # path = "${config.services.mysql.dataDir}/mysql_rootPassword"; - # owner.name = "root"; - # source-path = toString <secrets> + "/mysql_rootPassword"; - # }; + #krebs.secret.files.mysql_rootPassword = { + # path = "${config.services.mysql.dataDir}/mysql_rootPassword"; + # owner.name = "root"; + # source-path = toString <secrets> + "/mysql_rootPassword"; + #}; } diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix index a6ded0a3e..37d1affb7 100644 --- a/makefu/2configs/hw/tp-x230.nix +++ b/makefu/2configs/hw/tp-x230.nix @@ -7,7 +7,6 @@ with import <stockholm/lib>; # configured media keys inside awesomerc # sound.mediaKeys.enable = true; - hardware.bluetooth.enable = true; # possible i915 powersave options: # options i915 enable_rc6=1 enable_fbc=1 semaphores=1 diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 5570bec55..564925db5 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -4,6 +4,7 @@ imports = [ ./tpm.nix ./ssd.nix + ./bluetooth.nix ]; boot.kernelModules = [ diff --git a/makefu/2configs/hw/upower.nix b/makefu/2configs/hw/upower.nix new file mode 100644 index 000000000..a3932fed3 --- /dev/null +++ b/makefu/2configs/hw/upower.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + services.upower.enable = true; + users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ]; +} + diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix index 765fef535..c9db15b73 100644 --- a/makefu/2configs/nginx/euer.mon.nix +++ b/makefu/2configs/nginx/euer.mon.nix @@ -32,7 +32,7 @@ in { auth_basic "Needs Autherization to visit"; auth_basic_user_file ${authFile}; proxy_http_version 1.1; - proxy_set_header Host $http_host; + proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; ''; diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 732c27784..a6766eeec 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -23,25 +23,22 @@ let in { state = [ base-dir ]; services.phpfpm = { - # phpfpm does not have an enable option - poolConfigs = { - euer-wiki = '' - user = ${user} - group = ${group} - listen = ${fpm-socket} - listen.owner = ${user} - listen.group = ${group} - env[twconf] = ${base-cfg}; - pm = dynamic - pm.max_children = 5 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 - chdir = / - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - ''; + pools.euer-wiki = { + inherit user group; + listen = fpm-socket; + settings = { + "pm" = "dynamic"; + "pm.max_children" = 5; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 1; + "pm.max_spare_servers" = 3; + "chdir" = "/"; + "php_admin_value[error_log]" = "stderr"; + "php_admin_flag[log_errors]" = "on"; + "catch_workers_output" = "yes"; + + }; + phpEnv.twconf = base-cfg; }; }; diff --git a/makefu/2configs/tools/pcmanfm-extra.nix b/makefu/2configs/tools/pcmanfm-extra.nix index 2d5d20f80..f28f9a91a 100644 --- a/makefu/2configs/tools/pcmanfm-extra.nix +++ b/makefu/2configs/tools/pcmanfm-extra.nix @@ -7,5 +7,5 @@ lxmenu-data ]; environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; - services.gnome3.gvfs.enable = true; + services.gvfs.enable = true; } diff --git a/makefu/3modules/opentracker.nix b/makefu/3modules/opentracker.nix index 202231fa1..6c65b82b6 100644 --- a/makefu/3modules/opentracker.nix +++ b/makefu/3modules/opentracker.nix @@ -18,7 +18,7 @@ let }; args = mkOption { - type = types.string; + type = types.separatedString; description = '' see https://erdgeist.org/arts/software/opentracker/ for all params ''; diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 1ae10459f..bbd99ffe7 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -25,15 +25,15 @@ in { patches = [ ./custom/quodlibet/single-digit-discnumber.patch ./custom/quodlibet/remove-override-warning.patch ]; }); - rclone = super.pkgs.stdenv.lib.overrideDerivation super.rclone (old: { - postInstall = old.postInstall + '' + #rclone = super.pkgs.stdenv.lib.overrideDerivation super.rclone (old: { + # postInstall = old.postInstall + '' - $bin/bin/rclone genautocomplete zsh _rclone - install -D -m644 _rclone $bin/share/zsh/vendor-completions/_rclone - $bin/bin/rclone genautocomplete bash _rclone - install -D -m644 _rclone $bin/etc/bash_completion.d/rclone - ''; - }); + # $out/bin/rclone genautocomplete zsh _rclone + # install -D -m644 _rclone $out/share/zsh/vendor-completions/_rclone + # $out/bin/rclone genautocomplete bash _rclone + # install -D -m644 _rclone $out/etc/bash_completion.d/rclone + # ''; + #}); alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; diff --git a/makefu/5pkgs/pico2wave/default.nix b/makefu/5pkgs/pico2wave/default.nix index 5302e8bf3..b2d18fee1 100644 --- a/makefu/5pkgs/pico2wave/default.nix +++ b/makefu/5pkgs/pico2wave/default.nix @@ -41,4 +41,11 @@ stdenv.mkDerivation rec { --set NIX_REDIRECTS /usr/share/pico/lang=$out/share/pico/lang ''; + meta = with stdenv.lib; { + description = "Text-to-speech engine"; + homepage = https://android.googlesource.com/platform/external/svox; + platforms = platforms.linux; + license = licenses.asl20; + maintainers = with maintainers; [ abbradar ]; + }; } diff --git a/makefu/5pkgs/pkg2zip/default.nix b/makefu/5pkgs/pkg2zip/default.nix index 36c3d7176..9ab3f67df 100644 --- a/makefu/5pkgs/pkg2zip/default.nix +++ b/makefu/5pkgs/pkg2zip/default.nix @@ -1,13 +1,13 @@ { stdenv, lib, pkgs, fetchFromGitHub, ... }: stdenv.mkDerivation rec { - name = "pkg2zip-2017-12-01"; - rev = "fccad26"; + name = "pkg2zip-2018-06-15"; + rev = "9222c4e00235dfe7914e9db0cc352da07e63d9f9"; src = fetchFromGitHub { owner = "mmozeiko"; repo = "pkg2zip"; inherit rev; - sha256 = "1sq9yx5cbllmc0yyxhvb6c0yq1mkd1mn8njgkkgxz8alw9zwlarp"; + sha256 = "1zz3vi12c2c4d48vvvkdl66fx5mdszcnv7lwwlgi4b8lfn1gvkr9"; }; installPhase = '' diff --git a/makefu/5pkgs/python-firetv/default.nix b/makefu/5pkgs/python-firetv/default.nix deleted file mode 100644 index 593f4e718..000000000 --- a/makefu/5pkgs/python-firetv/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ lib, pkgs, python2Packages, ... }: -# requires libusb1 from unstable -with python2Packages; let - - python-adb = buildPythonPackage rec { - pname = "adb"; - version = "1.2.0"; - - src = fetchPypi { - inherit pname version; - sha256 = "0v4my47ikgkbq04gdllpx6kql5cfh7dnpq2fk72x03z74mqri7v8"; - }; - - propagatedBuildInputs = [ libusb1 m2crypto ]; - meta = { - homepage = https://github.com/google/python-adb; - description = "Python ADB + Fastboot implementation"; - license = lib.licenses.asl20; - }; - }; -in - buildPythonPackage rec { - name = "python-firetv-${version}"; - version = "1.0.5"; - - src = pkgs.fetchFromGitHub { - owner = "happyleavesaoc"; - repo = "python-firetv"; - # rev = version; - rev = "55406c6"; - sha256 = "1r2yighilchs0jvcvbngkjxkk7gp588ikcl64x7afqzxc6zxv7wp"; - }; - - propagatedBuildInputs = [ python-adb flask pyyaml ]; - meta = { - homepage = https://github.com/happyleavesaoc/python-firetv; - description = "provides state informations and some control of an amazon firetv"; - license = lib.licenses.mit; - }; -} diff --git a/makefu/5pkgs/shiori/default.nix b/makefu/5pkgs/shiori/default.nix index 91e6b3997..c604fbbde 100644 --- a/makefu/5pkgs/shiori/default.nix +++ b/makefu/5pkgs/shiori/default.nix @@ -4,13 +4,13 @@ let in builder rec { name = "shiori-${version}"; - version = "1.6.0-master"; + version = "1.6.0-warc"; goPackagePath = "github.com/go-shiori/shiori"; src = fetchFromGitHub { owner = "go-shiori"; repo = "shiori"; - rev = "c77b17caf8fcdf336adea33d0e4ac7ab13c10bc5"; - sha256 = "11c5yxkmawwpswk256d151ixmj1vlnhrhsbfp9xan1v5cbqpkxdm"; + rev = "83f133dd07bf661d3c4cf03043392100da489559"; + sha256 = "02b17hjbh4w0ip0snd8hmdjmbc2w1pv9sws9cf9r8w09c225nw2i"; }; goDeps = ./deps.nix; } diff --git a/makefu/5pkgs/shiori/deps.nix b/makefu/5pkgs/shiori/deps.nix index d1ee2b17f..67d237fa9 100644 --- a/makefu/5pkgs/shiori/deps.nix +++ b/makefu/5pkgs/shiori/deps.nix @@ -109,6 +109,15 @@ }; } { + goPackagePath = "github.com/go-shiori/dom"; + fetch = { + type = "git"; + url = "https://github.com/go-shiori/dom"; + rev = "6867c1fcf154"; + sha256 = "10lhp58qy798vs5mazkhpxq4s5g42j2hps61y7c1npabp17k7zfm"; + }; + } + { goPackagePath = "github.com/go-shiori/go-readability"; fetch = { type = "git"; @@ -118,6 +127,15 @@ }; } { + goPackagePath = "github.com/go-shiori/warc"; + fetch = { + type = "git"; + url = "https://github.com/go-shiori/warc"; + rev = "7b3c5582fd83"; + sha256 = "0cgwfbiv83mswl1sxqrycn9fsrc3z8ms2q5rm6mvr7rsp3v1m6g4"; + }; + } + { goPackagePath = "github.com/go-sql-driver/mysql"; fetch = { type = "git"; @@ -401,8 +419,8 @@ fetch = { type = "git"; url = "https://github.com/stretchr/testify"; - rev = "v1.3.0"; - sha256 = "0wjchp2c8xbgcbbq32w3kvblk6q6yn533g78nxl6iskq6y95lxsy"; + rev = "v1.4.0"; + sha256 = "187i5g88sxfy4vxpm7dw1gwv29pa2qaq475lxrdh5livh69wqfjb"; }; } { @@ -410,8 +428,8 @@ fetch = { type = "git"; url = "https://github.com/tdewolff/parse"; - rev = "v2.3.7"; - sha256 = "014y2r3pf7x091x4hsclczmn734hpnn8f5lkaspq72jl3p21icj4"; + rev = "v2.3.4"; + sha256 = "00hclphbjgc5vjrqgnclp72v8c45k35vmj84d2a0f7bw8cc88zcd"; }; } { @@ -419,8 +437,8 @@ fetch = { type = "git"; url = "https://github.com/tdewolff/test"; - rev = "v1.0.0"; - sha256 = "10vyp4bhanzg3yl9k8zqfdrxpsmx8yc53xv4lqxfymd7jjyqgssj"; + rev = "v1.0.5"; + sha256 = "1f53nzfbs5gmn5bvqj3rzi15r9mxn8vq3f850rq3amwlfz927v9a"; }; } { @@ -455,8 +473,8 @@ fetch = { type = "git"; url = "https://go.googlesource.com/crypto"; - rev = "4def268fd1a4"; - sha256 = "1bfsnari529gw34cz0zqk3d9mrkcj1ay35kangri8kbgll0ss5a6"; + rev = "f99c8df09eb5"; + sha256 = "0jwi6c6366999mnpzwx3a2kr7hzvdx97qfwiphx0r7cy0mpf28hf"; }; } { @@ -473,8 +491,8 @@ fetch = { type = "git"; url = "https://go.googlesource.com/net"; - rev = "ca1201d0de80"; - sha256 = "16j9xyby1vfl4ch6wqzafxxxnxvcp8vhzknpchwabci1f2zcsn6i"; + rev = "d98b1b443823"; + sha256 = "1vzwpy56g056dsq304xga3d55jg2cxx89bijpfwjlhwyqyskybsz"; }; } { @@ -491,8 +509,8 @@ fetch = { type = "git"; url = "https://go.googlesource.com/sys"; - rev = "51ab0e2deafa"; - sha256 = "0xdhpckbql3bsqkpc2k5b1cpnq3q1qjqjjq2j3p707rfwb8nm91a"; + rev = "c178f38b412c"; + sha256 = "1r6v8xnvb4z5vdckbj6vd08kn6h4ivr9hvdpgq4drj6l1mp79rf7"; }; } { @@ -509,8 +527,8 @@ fetch = { type = "git"; url = "https://go.googlesource.com/tools"; - rev = "6d4652c779c4"; - sha256 = "0dh2q4pkq2l3682d2win7wp9aahcm669s7aa77hqk9my8hdqskqs"; + rev = "72853e10c5a3"; + sha256 = "06v42k857lcivcar3fq8yjc782hny0m5yf20sb7ij5jva0gab026"; }; } { @@ -527,8 +545,8 @@ fetch = { type = "git"; url = "https://github.com/golang/appengine"; - rev = "v1.6.1"; - sha256 = "0zxlvwzxwkwz4bs4h9zc9979dx76y4xf9ks4d22bclg47dv59yry"; + rev = "v1.6.4"; + sha256 = "07r8zj9wk5w33bpmi808xgindqnfpvi4hf7glgcpimlg6n66lsrp"; }; } { diff --git a/makefu/5pkgs/uhub/default.nix b/makefu/5pkgs/uhub/default.nix new file mode 100644 index 000000000..66dfebc3b --- /dev/null +++ b/makefu/5pkgs/uhub/default.nix @@ -0,0 +1,48 @@ +{ stdenv, fetchpatch, fetchFromGitHub, cmake, openssl, sqlite, pkgconfig, systemd +, tlsSupport ? false }: + +assert tlsSupport -> openssl != null; + +stdenv.mkDerivation rec { + pname = "uhub"; + version = "2019-06-18"; + + src = fetchFromGitHub { + owner = "janvidar"; + repo = "uhub"; + rev = "78a703924064a92cedeb0a5aab5a80d8f77db73e"; + sha256 = "1dqmj08salhbcdlkglbi03hn9jzgmhjqlb0iysafpzrrwi0mca1z"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ cmake sqlite systemd ] ++ stdenv.lib.optional tlsSupport openssl; + + outputs = [ "out" + "mod_example" + "mod_welcome" + "mod_logging" + "mod_auth_simple" + "mod_auth_sqlite" + "mod_chat_history" + "mod_chat_only" + "mod_topic" + "mod_no_guest_downloads" + ]; + + patches = [ + <nixpkgs/pkgs/servers/uhub/plugin-dir.patch> + ]; + + cmakeFlags = '' + -DSYSTEMD_SUPPORT=ON + ${if tlsSupport then "-DSSL_SUPPORT=ON" else "-DSSL_SUPPORT=OFF"} + ''; + + meta = with stdenv.lib; { + description = "High performance peer-to-peer hub for the ADC network"; + homepage = https://www.uhub.org/; + license = licenses.gpl3; + maintainers = [ maintainers.ehmry ]; + platforms = platforms.unix; + }; +} diff --git a/makefu/krops.nix b/makefu/krops.nix index 36c882d7e..6913a5c63 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -71,7 +71,7 @@ (lib.mkIf ( host-src.home-manager ) { home-manager.git = { url = https://github.com/rycee/home-manager; - ref = "ff602cb906e3dd5d5f89c7c1d0fae65bc67119a0"; + ref = "f856c78a4a220f44b64ce5045f228cbb9d4d9f31"; }; }) ]; |