summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitmodules3
-rw-r--r--kartei/lass/default.nix2
-rw-r--r--lass/1systems/aergia/config.nix167
-rw-r--r--lass/1systems/aergia/disk.nix63
-rw-r--r--lass/1systems/aergia/install.sh3
-rw-r--r--lass/1systems/aergia/physical.nix117
-rw-r--r--lass/1systems/aergia/source.nix21
-rw-r--r--lass/1systems/blue/config.nix22
-rw-r--r--lass/1systems/blue/physical.nix7
-rw-r--r--lass/1systems/blue/source.nix17
-rw-r--r--lass/1systems/coaxmetal/config.nix63
-rw-r--r--lass/1systems/coaxmetal/physical.nix59
-rw-r--r--lass/1systems/coaxmetal/source.nix21
-rw-r--r--lass/1systems/daedalus/config.nix115
-rw-r--r--lass/1systems/daedalus/physical.nix24
-rw-r--r--lass/1systems/dishfire/config.nix13
-rw-r--r--lass/1systems/dishfire/physical.nix21
-rw-r--r--lass/1systems/echelon/config.nix17
-rw-r--r--lass/1systems/echelon/physical.nix33
-rw-r--r--lass/1systems/green/config.nix75
-rw-r--r--lass/1systems/green/physical.nix7
-rw-r--r--lass/1systems/green/source.nix6
-rw-r--r--lass/1systems/hilum/config.nix33
-rw-r--r--lass/1systems/hilum/disk.nix43
-rwxr-xr-xlass/1systems/hilum/flash-stick.sh43
-rw-r--r--lass/1systems/hilum/physical.nix53
-rw-r--r--lass/1systems/icarus/config.nix30
-rw-r--r--lass/1systems/icarus/physical.nix49
-rw-r--r--lass/1systems/lasspi/config.nix25
-rw-r--r--lass/1systems/lasspi/physical.nix45
-rw-r--r--lass/1systems/littleT/config.nix30
-rw-r--r--lass/1systems/littleT/physical.nix25
-rw-r--r--lass/1systems/mors/config.nix167
-rw-r--r--lass/1systems/mors/physical.nix48
-rw-r--r--lass/1systems/mors/source.nix21
-rw-r--r--lass/1systems/neoprism/config.nix51
-rw-r--r--lass/1systems/neoprism/disk.nix118
-rw-r--r--lass/1systems/neoprism/physical.nix79
-rw-r--r--lass/1systems/orange/config.nix25
-rw-r--r--lass/1systems/orange/physical.nix7
-rw-r--r--lass/1systems/prism/backup.nix37
-rw-r--r--lass/1systems/prism/config.nix380
-rw-r--r--lass/1systems/prism/physical.nix107
-rw-r--r--lass/1systems/radio/config.nix24
-rw-r--r--lass/1systems/radio/physical.nix7
-rw-r--r--lass/1systems/radio/source.nix6
-rw-r--r--lass/1systems/shodan/config.nix28
-rw-r--r--lass/1systems/shodan/physical.nix45
-rw-r--r--lass/1systems/skynet/config.nix41
-rw-r--r--lass/1systems/skynet/physical.nix29
-rw-r--r--lass/1systems/styx/config.nix116
-rw-r--r--lass/1systems/styx/physical.nix38
-rw-r--r--lass/1systems/ubik/config.nix276
-rw-r--r--lass/1systems/ubik/physical.nix7
-rw-r--r--lass/1systems/wizard/config.nix287
-rwxr-xr-xlass/1systems/wizard/generate-iso.sh7
-rwxr-xr-xlass/1systems/wizard/run-vm.sh7
-rw-r--r--lass/1systems/wizard/test.nix10
-rw-r--r--lass/1systems/xerxes/config.nix76
-rw-r--r--lass/1systems/xerxes/physical.nix73
-rw-r--r--lass/1systems/yellow/config.nix45
-rw-r--r--lass/1systems/yellow/physical.nix7
-rw-r--r--lass/2configs/AP.nix83
-rw-r--r--lass/2configs/IM.nix38
-rw-r--r--lass/2configs/ableton.nix20
-rw-r--r--lass/2configs/alacritty.nix134
-rw-r--r--lass/2configs/antimicrox/default.nix39
-rw-r--r--lass/2configs/antimicrox/empty.gamecontroller.amgp20
-rw-r--r--lass/2configs/antimicrox/mouse.gamecontroller.amgp281
-rw-r--r--lass/2configs/atuin-server.nix10
-rw-r--r--lass/2configs/autotether.nix16
-rw-r--r--lass/2configs/baseX.nix196
-rw-r--r--lass/2configs/bgt-bot/bgt-check.sh57
-rw-r--r--lass/2configs/bgt-bot/default.nix44
-rw-r--r--lass/2configs/binary-cache/client.nix17
-rw-r--r--lass/2configs/binary-cache/proxy.nix13
-rw-r--r--lass/2configs/binary-cache/server.nix31
-rw-r--r--lass/2configs/bird.nix13
-rw-r--r--lass/2configs/bitcoin.nix34
-rw-r--r--lass/2configs/bitlbee.nix34
-rw-r--r--lass/2configs/blue-host.nix116
-rw-r--r--lass/2configs/blue.nix33
-rw-r--r--lass/2configs/boot/coreboot.nix10
-rw-r--r--lass/2configs/boot/stock-x220.nix8
-rw-r--r--lass/2configs/boot/universal.nix11
-rw-r--r--lass/2configs/br.nix51
-rw-r--r--lass/2configs/browsers.nix8
-rw-r--r--lass/2configs/c-base.nix115
-rw-r--r--lass/2configs/ciko.nix20
-rw-r--r--lass/2configs/codimd.nix70
-rw-r--r--lass/2configs/consul.nix40
-rw-r--r--lass/2configs/container-networking.nix22
-rw-r--r--lass/2configs/copyq.nix37
-rw-r--r--lass/2configs/default.nix249
-rw-r--r--lass/2configs/docker.nix6
-rw-r--r--lass/2configs/dunst.nix277
-rw-r--r--lass/2configs/elster.nix24
-rw-r--r--lass/2configs/et-server.nix7
-rw-r--r--lass/2configs/exim-retiolum.nix15
-rw-r--r--lass/2configs/exim-smarthost.nix62
-rw-r--r--lass/2configs/fetchWallpaper.nix11
-rw-r--r--lass/2configs/firefoxPatched.nix58
-rw-r--r--lass/2configs/fonts.nix14
-rw-r--r--lass/2configs/fysiirc.nix69
-rw-r--r--lass/2configs/games.nix96
-rw-r--r--lass/2configs/gc.nix9
-rw-r--r--lass/2configs/gg23.nix93
-rw-r--r--lass/2configs/git-brain.nix56
-rw-r--r--lass/2configs/git.nix206
-rw-r--r--lass/2configs/go.nix19
-rw-r--r--lass/2configs/green-host.nix6
-rw-r--r--lass/2configs/green-hosts/cryfs.nix95
-rw-r--r--lass/2configs/green-hosts/ecryptfs.nix99
-rw-r--r--lass/2configs/green-hosts/plain-bindfs.nix90
-rw-r--r--lass/2configs/green-hosts/plain-permown.nix88
-rw-r--r--lass/2configs/green-hosts/plain.nix87
-rw-r--r--lass/2configs/green-hosts/securefs.nix101
-rw-r--r--lass/2configs/gsm-wiki.nix46
-rw-r--r--lass/2configs/hardening.nix11
-rw-r--r--lass/2configs/hass/default.nix125
-rw-r--r--lass/2configs/hass/lib.nix256
-rw-r--r--lass/2configs/hass/pyscript/.gitignore1
-rw-r--r--lass/2configs/hass/pyscript/default.nix26
-rw-r--r--lass/2configs/hass/pyscript/shell.nix51
-rw-r--r--lass/2configs/hass/rooms/bett.nix39
-rw-r--r--lass/2configs/hass/rooms/essen.nix9
-rw-r--r--lass/2configs/hass/rooms/nass.nix10
-rw-r--r--lass/2configs/hass/zigbee.nix76
-rw-r--r--lass/2configs/hfos.nix48
-rw-r--r--lass/2configs/home-media.nix102
-rw-r--r--lass/2configs/htop.nix43
-rw-r--r--lass/2configs/hw/brcmfmac4356-pcie.txt125
-rw-r--r--lass/2configs/hw/gpd-pocket.nix28
-rw-r--r--lass/2configs/hw/x220.nix50
-rw-r--r--lass/2configs/iodined.nix20
-rw-r--r--lass/2configs/libvirt.nix33
-rw-r--r--lass/2configs/livestream.nix12
-rw-r--r--lass/2configs/logf.nix24
-rw-r--r--lass/2configs/mail.nix272
-rw-r--r--lass/2configs/mail/internet-gateway.nix48
-rw-r--r--lass/2configs/matrix.nix62
-rw-r--r--lass/2configs/mc.nix344
-rw-r--r--lass/2configs/minecraft.nix13
-rw-r--r--lass/2configs/monitoring/alert-rules.nix208
-rw-r--r--lass/2configs/monitoring/prometheus.nix110
-rw-r--r--lass/2configs/monitoring/telegraf.nix163
-rw-r--r--lass/2configs/mouse.nix20
-rw-r--r--lass/2configs/mpv.nix103
-rw-r--r--lass/2configs/muchsync.nix40
-rw-r--r--lass/2configs/mumble-reminder.nix107
-rw-r--r--lass/2configs/murmur.nix37
-rw-r--r--lass/2configs/network-manager.nix25
-rw-r--r--lass/2configs/networkd.nix20
-rw-r--r--lass/2configs/nfs-dl.nix22
-rw-r--r--lass/2configs/orange-host.nix19
-rw-r--r--lass/2configs/os-templates/CAC-CentOS-6.5-64bit.nix47
-rw-r--r--lass/2configs/os-templates/CAC-CentOS-7-64bit.nix47
-rw-r--r--lass/2configs/otp-ssh.nix18
-rw-r--r--lass/2configs/pass.nix21
-rw-r--r--lass/2configs/paste.nix146
-rw-r--r--lass/2configs/pipewire.nix35
-rw-r--r--lass/2configs/power-action.nix45
-rw-r--r--lass/2configs/ppp/umts-stick.nix33
-rw-r--r--lass/2configs/ppp/x220-modem.nix32
-rw-r--r--lass/2configs/print.nix19
-rw-r--r--lass/2configs/prism-share.nix42
-rw-r--r--lass/2configs/privoxy-retiolum.nix21
-rw-r--r--lass/2configs/privoxy.nix7
-rw-r--r--lass/2configs/programs.nix54
-rw-r--r--lass/2configs/reaktor-coders.nix56
-rw-r--r--lass/2configs/realwallpaper.nix52
-rw-r--r--lass/2configs/rebuild-on-boot.nix18
-rw-r--r--lass/2configs/red-host.nix163
-rw-r--r--lass/2configs/redis.nix8
-rw-r--r--lass/2configs/retiolum.nix55
-rw-r--r--lass/2configs/review.nix14
-rw-r--r--lass/2configs/riot.nix87
-rw-r--r--lass/2configs/rtl-sdr.nix6
-rw-r--r--lass/2configs/searx.nix23
-rw-r--r--lass/2configs/services/coms/default.nix6
-rw-r--r--lass/2configs/services/coms/jitsi.nix43
-rw-r--r--lass/2configs/services/coms/murmur.nix47
-rw-r--r--lass/2configs/services/coms/proxy.nix41
-rw-r--r--lass/2configs/services/flix/container-host.nix40
-rw-r--r--lass/2configs/services/flix/default.nix316
-rw-r--r--lass/2configs/services/flix/proxy.nix12
-rw-r--r--lass/2configs/services/git/default.nix21
-rw-r--r--lass/2configs/services/git/proxy.nix23
-rw-r--r--lass/2configs/services/radio/container-host.nix23
-rw-r--r--lass/2configs/services/radio/controls.html83
-rw-r--r--lass/2configs/services/radio/default.nix348
-rw-r--r--lass/2configs/services/radio/news.nix131
-rw-r--r--lass/2configs/services/radio/proxy.nix17
-rw-r--r--lass/2configs/services/radio/radio.liq112
-rw-r--r--lass/2configs/services/radio/shell.nix7
-rw-r--r--lass/2configs/services/radio/weather.nix60
-rw-r--r--lass/2configs/services/radio/weather_for_ips.py48
-rw-r--r--lass/2configs/skype.nix27
-rw-r--r--lass/2configs/smartd.nix17
-rw-r--r--lass/2configs/snapclient.nix12
-rw-r--r--lass/2configs/snapserver.nix30
-rw-r--r--lass/2configs/ssh-cryptsetup.nix15
-rw-r--r--lass/2configs/starcraft.nix22
-rw-r--r--lass/2configs/steam.nix29
-rw-r--r--lass/2configs/sync/decsync.nix10
-rw-r--r--lass/2configs/sync/sync.nix15
-rw-r--r--lass/2configs/sync/the_playlist.nix9
-rw-r--r--lass/2configs/sync/weechat.nix6
-rw-r--r--lass/2configs/syncthing.nix15
-rw-r--r--lass/2configs/termite.nix22
-rw-r--r--lass/2configs/tests/dummy-secrets/bepasty-secret.nix1
-rw-r--r--lass/2configs/tests/dummy-secrets/cbase.txt0
-rw-r--r--lass/2configs/tests/dummy-secrets/grafana_security.nix4
-rw-r--r--lass/2configs/tests/dummy-secrets/hashedPasswords.nix1
-rw-r--r--lass/2configs/tests/dummy-secrets/icecast-admin-pw1
-rw-r--r--lass/2configs/tests/dummy-secrets/icecast-source-pw1
-rw-r--r--lass/2configs/tests/dummy-secrets/initrd/ssh.ed25519_key0
-rw-r--r--lass/2configs/tests/dummy-secrets/iodinepw.nix1
-rw-r--r--lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv3
-rw-r--r--lass/2configs/tests/dummy-secrets/mails.nix1
-rw-r--r--lass/2configs/tests/dummy-secrets/mysql_rootPassword1
-rw-r--r--lass/2configs/tests/dummy-secrets/nix-serve.key1
-rw-r--r--lass/2configs/tests/dummy-secrets/nordvpn.txt0
-rw-r--r--lass/2configs/tests/dummy-secrets/repos.nix1
-rw-r--r--lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv4
-rw-r--r--lass/2configs/tests/dummy-secrets/searx.key1
-rw-r--r--lass/2configs/tests/dummy-secrets/ssh-tor.priv0
-rw-r--r--lass/2configs/tests/dummy-secrets/ssh.id_ed255193
-rw-r--r--lass/2configs/tests/dummy-secrets/ssh.id_rsa3
-rw-r--r--lass/2configs/tests/dummy-secrets/syncthing.cert0
-rw-r--r--lass/2configs/tests/dummy-secrets/syncthing.key0
-rw-r--r--lass/2configs/tests/dummy-secrets/torrent-auth3
-rw-r--r--lass/2configs/tests/dummy-secrets/transmission-pw1
-rw-r--r--lass/2configs/texlive.nix12
-rw-r--r--lass/2configs/themes.nix75
-rw-r--r--lass/2configs/tmux.nix47
-rw-r--r--lass/2configs/tor-initrd.nix49
-rw-r--r--lass/2configs/tor-ssh.nix16
-rw-r--r--lass/2configs/tv.nix194
-rw-r--r--lass/2configs/ubik-host.nix26
-rw-r--r--lass/2configs/urxvt.nix37
-rw-r--r--lass/2configs/vim.nix349
-rw-r--r--lass/2configs/virtualbox.nix24
-rw-r--r--lass/2configs/websites/default.nix20
-rw-r--r--lass/2configs/websites/domsen.nix454
-rw-r--r--lass/2configs/websites/flix.lassul.us.nix13
-rw-r--r--lass/2configs/websites/lassulus.nix74
-rw-r--r--lass/2configs/websites/ref.ptkk.de/default.nix89
-rw-r--r--lass/2configs/websites/sqlBackup.nix30
-rw-r--r--lass/2configs/websites/util.nix246
-rw-r--r--lass/2configs/weechat.nix214
-rw-r--r--lass/2configs/weron/client.nix20
-rw-r--r--lass/2configs/weron/signaler.nix13
-rw-r--r--lass/2configs/wine.nix25
-rw-r--r--lass/2configs/wiregrill.nix59
-rw-r--r--lass/2configs/xdg-open.nix67
-rw-r--r--lass/2configs/xmonad.nix236
-rw-r--r--lass/2configs/xonsh.nix7
-rw-r--r--lass/2configs/yellow-mounts/samba.nix15
-rw-r--r--lass/2configs/yubikey.nix62
-rw-r--r--lass/2configs/zsh.nix144
-rw-r--r--lass/3modules/autowifi.nix38
-rw-r--r--lass/3modules/default.nix18
-rw-r--r--lass/3modules/dnsmasq.nix48
-rw-r--r--lass/3modules/drbd.nix159
-rw-r--r--lass/3modules/folderPerms.nix104
-rw-r--r--lass/3modules/hosts.nix12
-rw-r--r--lass/3modules/klem.nix75
-rw-r--r--lass/3modules/mysql-backup.nix86
-rw-r--r--lass/3modules/news.nix76
-rw-r--r--lass/3modules/nichtparasoup.nix161
-rw-r--r--lass/3modules/pyload.nix55
-rw-r--r--lass/3modules/screenlock.nix40
-rw-r--r--lass/3modules/usershadow.nix139
-rw-r--r--lass/4lib/default.nix10
-rw-r--r--lass/5pkgs/acronym/default.nix16
m---------lass/5pkgs/autowifi0
-rw-r--r--lass/5pkgs/bank/default.nix14
-rw-r--r--lass/5pkgs/default.nix24
-rw-r--r--lass/5pkgs/deploy/default.nix6
-rw-r--r--lass/5pkgs/dl/default.nix29
-rw-r--r--lass/5pkgs/dls/default.nix13
-rw-r--r--lass/5pkgs/drbd9/default.nix35
-rw-r--r--lass/5pkgs/emot-menu/default.nix34
-rw-r--r--lass/5pkgs/firefoxPlugins/noscript.nix28
-rw-r--r--lass/5pkgs/firefoxPlugins/ublock.nix31
-rw-r--r--lass/5pkgs/firefoxPlugins/vimperator.nix19
-rw-r--r--lass/5pkgs/graphml2json/default.nix12
-rw-r--r--lass/5pkgs/htmlparser/default.nix15
-rw-r--r--lass/5pkgs/init/default.nix107
-rwxr-xr-xlass/5pkgs/init/run-vm.sh7
-rw-r--r--lass/5pkgs/init/test.nix13
-rwxr-xr-xlass/5pkgs/init/test.sh11
-rw-r--r--lass/5pkgs/install-system/default.nix35
-rw-r--r--lass/5pkgs/knav/default.nix26
-rw-r--r--lass/5pkgs/l-gen-secrets/default.nix82
-rw-r--r--lass/5pkgs/logify/default.nix7
-rw-r--r--lass/5pkgs/mk_sql_pair/default.nix19
-rw-r--r--lass/5pkgs/mpv-poll/default.nix40
-rw-r--r--lass/5pkgs/nichtparasoup/default.nix15
-rw-r--r--lass/5pkgs/nichtparasoup/exception.patch13
-rw-r--r--lass/5pkgs/nix-index-update/default.nix9
-rw-r--r--lass/5pkgs/nm-dmenu/default.nix10
-rw-r--r--lass/5pkgs/otpmenu/default.nix11
-rw-r--r--lass/5pkgs/pop/default.nix10
-rw-r--r--lass/5pkgs/q/default.nix286
-rw-r--r--lass/5pkgs/review-mail-queue/default.nix39
-rw-r--r--lass/5pkgs/rs/default.nix6
-rw-r--r--lass/5pkgs/searx/default.nix69
-rw-r--r--lass/5pkgs/sshify/default.nix39
-rw-r--r--lass/5pkgs/sshvnc/default.nix11
-rw-r--r--lass/5pkgs/super-vnc/default.nix38
-rw-r--r--lass/5pkgs/sxiv/default.nix27
-rw-r--r--lass/5pkgs/tdlib-purple/default.nix51
-rw-r--r--lass/5pkgs/unimenu/default.nix101
-rw-r--r--lass/5pkgs/urban/default.nix21
-rw-r--r--lass/5pkgs/xephyrify/default.nix62
-rw-r--r--lass/5pkgs/xml2json/default.nix17
-rw-r--r--lass/5pkgs/xonsh2/default.nix56
-rw-r--r--lass/5pkgs/yt-next/default.nix13
-rw-r--r--lass/default.nix9
-rw-r--r--lass/krops.nix145
-rw-r--r--lass/tombstone1
323 files changed, 2 insertions, 17632 deletions
diff --git a/.gitmodules b/.gitmodules
index 4779748c8..38bb83ee3 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -4,9 +4,6 @@
[submodule "submodules/krops"]
path = submodules/krops
url = https://cgit.krebsco.de/krops
-[submodule "lass/5pkgs/autowifi"]
- path = lass/5pkgs/autowifi
- url = https://github.com/Lassulus/autowifi
[submodule "submodules/disko"]
path = submodules/disko
url = https://github.com/nix-community/disko
diff --git a/kartei/lass/default.nix b/kartei/lass/default.nix
index 9ccf1c72d..fac48a8ba 100644
--- a/kartei/lass/default.nix
+++ b/kartei/lass/default.nix
@@ -17,7 +17,7 @@ in {
hosts = lib.mapAttrs (_: lib.recursiveUpdate {
owner = config.krebs.users.lass;
consul = true;
- ci = true;
+ ci = false;
monitoring = true;
}) (
lib.genAttrs hostFiles (host: import (./. + "/${host}.nix") {
diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix
deleted file mode 100644
index 9b7409bcc..000000000
--- a/lass/1systems/aergia/config.nix
+++ /dev/null
@@ -1,167 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- <stockholm/lass>
-
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/pipewire.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/network-manager.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/sync/sync.nix>
- <stockholm/lass/2configs/games.nix>
- <stockholm/lass/2configs/steam.nix>
- <stockholm/lass/2configs/wine.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/yellow-mounts/samba.nix>
- <stockholm/lass/2configs/pass.nix>
- <stockholm/lass/2configs/mail.nix>
- <stockholm/lass/2configs/bitcoin.nix>
- # <stockholm/lass/2configs/xonsh.nix>
- <stockholm/lass/2configs/review.nix>
- <stockholm/lass/2configs/dunst.nix>
- <stockholm/lass/2configs/print.nix>
- <stockholm/lass/2configs/br.nix>
- <stockholm/lass/2configs/c-base.nix>
- # steam-deck like experience https://github.com/Jovian-Experiments/Jovian-NixOS
- {
- imports = [
- "${builtins.fetchTarball "https://github.com/Jovian-Experiments/Jovian-NixOS/archive/master.tar.gz"}/modules"
- ];
- jovian.steam.enable = true;
- }
- { # autorandrs
- services.autorandr = {
- enable = true;
- hooks.postswitch.reset_usb = ''
- echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized
- ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert
- '';
- profiles = {
- default = {
- fingerprint = {
- eDP = "00ffffffffffff00288931000100000016200104805932780a0dc9a05747982712484c0000000101010101010101010101010101010108700088a1401360c820a300d9870000001ead4a0088a1401360c820a30020c23100001e000000fd0016480f5a1e000a202020202020000000fc0047504431303031480a2020202000cf";
- };
- config = {
- eDP = {
- enable = true;
- primary = true;
- position = "0x0";
- mode = "2560x1600";
- rate = "60.01";
- transform = [
- [ 0.750000 0.000000 0.000000 ]
- [ 0.000000 0.750000 0.000000 ]
- [ 0.000000 0.000000 1.000000 ]
- ];
- # scale = {
- # x = 0.599991;
- # y = 0.599991;
- # };
- };
- };
- };
- docked2 = {
- fingerprint = {
- eDP = config.services.autorandr.profiles.default.fingerprint.eDP;
- DisplayPort-8 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c5a8780a070384d4030203500b9882100001af4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000009";
- DisplayPort-7 = "00ffffffffffff0020a32f00010000000c190103807341780acf74a3574cb02309484c21080081c0814081800101010101010101010104740030f2705a80b0588a00501d7400001e023a801871382d40582c4500501d7400001e000000fc00484953454e53450a2020202020000000fd00324b0f451e000a2020202020200172020333714f5f5e5d01020400101113001f2021222909070715075057070083010000e200f96d030c002000183c200060010203662150b051001b304070360056005300001e011d8018711c1620582c2500c48e2100009e011d007251d01e206e285500c48e2100001800000000000000000000000000000000000000000000ea";
- };
- config = {
- DisplayPort-7 = {
- enable = true;
- position = "2560x0";
- mode = "1920x1080";
- rate = "60.00";
- };
- DisplayPort-8 = config.services.autorandr.profiles.docked1.config.DisplayPort-1;
- eDP = config.services.autorandr.profiles.docked1.config.eDP;
- };
- };
- docked1 = {
- fingerprint = {
- eDP = config.services.autorandr.profiles.default.fingerprint.eDP;
- DisplayPort-1 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c000000000000000000000000000000000000f4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000040";
- };
- config = {
- DisplayPort-1 = {
- enable = true;
- primary = true;
- position = "0x0";
- mode = "2560x1440";
- rate = "165.08";
- };
- eDP = config.services.autorandr.profiles.default.config.eDP // {
- primary = false;
- position = "640x1440";
- };
- };
- };
- docked1_hack = {
- fingerprint = {
- eDP = config.services.autorandr.profiles.default.fingerprint.eDP;
- HDMI-A-0 = "00ffffffffffff0010ac31d14c3346300f20010380462878ea26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030901ee63c000a20202020202001db020346f14d030212110113042f141f05103f2309070783010000e200ea67030c001000383c67d85dc4017888006d1a0000020b3090e607622c622ce305c000e606050162622c40e7006aa0a0675008209804b9882100001a6fc200a0a0a05550302035001d4e3100001a000000000000000000000000000000000000000000fc";
- };
- config = {
- HDMI-A-0 = {
- enable = true;
- primary = true;
- position = "0x0";
- mode = "2560x1440";
- rate = "165.08";
- };
- eDP = config.services.autorandr.profiles.default.config.eDP // {
- primary = false;
- position = "640x1440";
- };
- };
- };
- };
- };
- }
- ];
-
- system.stateVersion = "22.11";
-
- krebs.build.host = config.krebs.hosts.aergia;
-
- environment.systemPackages = with pkgs; [
- brain
- bank
- l-gen-secrets
- generate-secrets
- nixpkgs-review
- pipenv
- ];
-
- programs.adb.enable = true;
-
- hardware.bluetooth = {
- enable = true;
- powerOnBoot = true;
- };
- hardware.pulseaudio.package = pkgs.pulseaudioFull;
-
- nix.trustedUsers = [ "root" "lass" ];
-
- # nix.extraOptions = ''
- # extra-experimental-features = nix-command flakes
- # '';
-
- services.tor = {
- enable = true;
- client.enable = true;
- };
-
- documentation.nixos.enable = true;
- boot.binfmt.emulatedSystems = [
- "aarch64-linux"
- ];
-
- boot.cleanTmpDir = true;
- programs.noisetorch.enable = true;
-}
diff --git a/lass/1systems/aergia/disk.nix b/lass/1systems/aergia/disk.nix
deleted file mode 100644
index 233b320e4..000000000
--- a/lass/1systems/aergia/disk.nix
+++ /dev/null
@@ -1,63 +0,0 @@
-{ lib, ... }:
-{
- disk = {
- main = {
- type = "disk";
- device = "/dev/nvme0n1";
- content = {
- type = "table";
- format = "gpt";
- partitions = [
- {
- name = "boot";
- start = "0";
- end = "1M";
- part-type = "primary";
- flags = ["bios_grub"];
- }
- {
- name = "ESP";
- start = "1MiB";
- end = "1GiB";
- fs-type = "fat32";
- bootable = true;
- content = {
- type = "filesystem";
- format = "vfat";
- mountpoint = "/boot";
- };
- }
- {
- name = "root";
- start = "1GiB";
- end = "100%";
- content = {
- type = "luks";
- name = "aergia1";
- content = {
- type = "btrfs";
- extraArgs = "-f"; # Override existing partition
- subvolumes = {
- # Subvolume name is different from mountpoint
- "/rootfs" = {
- mountpoint = "/";
- };
- # Mountpoints inferred from subvolume name
- "/home" = {
- mountOptions = [];
- mountpoint = "/home";
- };
- "/nix" = {
- mountOptions = [];
- mountpoint = "/nix";
- };
- };
- };
- };
- }
- ];
- };
- };
- };
-}
-
diff --git a/lass/1systems/aergia/install.sh b/lass/1systems/aergia/install.sh
deleted file mode 100644
index 0e4f0ab4c..000000000
--- a/lass/1systems/aergia/install.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-target=$1
diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix
deleted file mode 100644
index e76460d20..000000000
--- a/lass/1systems/aergia/physical.nix
+++ /dev/null
@@ -1,117 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-{
- imports = [
- ./config.nix
- (modulesPath + "/installer/scan/not-detected.nix")
- <stockholm/lass/2configs/antimicrox>
- ];
- disko.devices = import ./disk.nix;
-
- networking.hostId = "deadbeef";
- # boot.loader.efi.canTouchEfiVariables = true;
- boot.loader.grub = {
- enable = true;
- device = "/dev/nvme0n1";
- efiSupport = true;
- efiInstallAsRemovable = true;
- };
-
- # boot.kernelPackages = pkgs.linuxPackages_latest;
-
- boot.kernelParams = [
- # use less power with pstate
- "amd_pstate=passive"
-
- # suspend
- "resume_offset=178345675"
- ];
-
- boot.kernelModules = [
- # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html
- # On recent AMD CPUs this can be more energy efficient.
- "amd-pstate"
- "kvm-amd"
- ];
-
- # hardware.cpu.amd.updateMicrocode = true;
-
- services.xserver.videoDrivers = [
- "amdgpu"
- ];
-
- boot.initrd.availableKernelModules = [
- "nvme"
- "thunderbolt"
- "xhci_pci"
- "usbhid"
- ];
-
- boot.initrd.kernelModules = [
- "amdgpu"
- ];
-
- environment.systemPackages = [
- pkgs.vulkan-tools
- (pkgs.writers.writeDashBin "set_tdp" ''
- set -efux
- watt=$1
- value=$(( $watt * 1000 ))
- ${pkgs.ryzenadj}/bin/ryzenadj --stapm-limit="$value" --fast-limit="$value" --slow-limit="$value"
- '')
- ];
-
- # corectrl
- programs.corectrl = {
- enable = true;
- gpuOverclock = {
- enable = true;
- ppfeaturemask = "0xffffffff";
- };
- };
- users.users.mainUser.extraGroups = [ "corectrl" ];
-
- # keyboard quirks
- services.xserver.displayManager.sessionCommands = ''
- ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert
- '';
- services.udev.extraHwdb = /* sh */ ''
- # disable back buttons
- evdev:input:b0003v2F24p0135* # /dev/input/event2
- KEYBOARD_KEY_70026=reserved
- KEYBOARD_KEY_70027=reserved
- '';
-
- # update cpu microcode
- hardware.cpu.amd.updateMicrocode = true;
-
- hardware.opengl.enable = true;
- hardware.opengl.extraPackages = [
- pkgs.amdvlk
- pkgs.rocm-opencl-icd
- pkgs.rocm-opencl-runtime
- ];
-
- # suspend to disk
- swapDevices = [{
- device = "/swapfile";
- }];
- boot.resumeDevice = "/dev/mapper/aergia1";
- services.logind.lidSwitch = "suspend-then-hibernate";
- services.logind.extraConfig = ''
- HandlePowerKey=hibernate
- '';
- # systemd.sleep.extraConfig = ''
- # HibernateDelaySec=1800
- # '';
-
- # firefox touchscreen support
- environment.sessionVariables.MOZ_USE_XINPUT2 = "1";
-
- # enable thunderbolt
- services.hardware.bolt.enable = true;
-
- # reinit usb after docking station connect
- services.udev.extraRules = ''
- SUBSYSTEM=="drm", ACTION=="change", RUN+="${pkgs.dash}/bin/dash -c 'echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized'"
- '';
-}
diff --git a/lass/1systems/aergia/source.nix b/lass/1systems/aergia/source.nix
deleted file mode 100644
index abbf26c75..000000000
--- a/lass/1systems/aergia/source.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ lib, pkgs, test, ... }: let
- npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
-in {
- nixpkgs = (if test then lib.mkForce ({ derivation = let
- rev = npkgs.rev;
- sha256 = npkgs.sha256;
- in ''
- with import (builtins.fetchTarball {
- url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
- sha256 = "${sha256}";
- }) {};
- pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = "${rev}";
- sha256 = "${sha256}";
- }
- ''; }) else {
- git.ref = lib.mkForce npkgs.rev;
- });
-}
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
deleted file mode 100644
index c4286cca3..000000000
--- a/lass/1systems/blue/config.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
-
- <stockholm/lass/2configs/blue.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/sync/sync.nix>
- <stockholm/lass/2configs/sync/decsync.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.blue;
-
- networking.nameservers = [ "1.1.1.1" ];
-
- time.timeZone = "Europe/Berlin";
- users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
-}
diff --git a/lass/1systems/blue/physical.nix b/lass/1systems/blue/physical.nix
deleted file mode 100644
index b6aa3a894..000000000
--- a/lass/1systems/blue/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = false;
-}
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
deleted file mode 100644
index 0b2bf5f5b..000000000
--- a/lass/1systems/blue/source.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ lib, pkgs, test, ... }:
-if test then {} else {
- nixpkgs = lib.mkIf (! test) (lib.mkForce {
- file = {
- path = toString (pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
- sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
- });
- useChecksum = true;
- };
- });
- nixpkgs-unstable = lib.mkForce {
- file.path = "/var/empty";
- };
-}
diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix
deleted file mode 100644
index 7fd76974b..000000000
--- a/lass/1systems/coaxmetal/config.nix
+++ /dev/null
@@ -1,63 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- <stockholm/lass>
-
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/network-manager.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/sync/sync.nix>
- <stockholm/lass/2configs/games.nix>
- <stockholm/lass/2configs/steam.nix>
- <stockholm/lass/2configs/wine.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/yellow-mounts/samba.nix>
- <stockholm/lass/2configs/pass.nix>
- <stockholm/lass/2configs/mail.nix>
- <stockholm/lass/2configs/bitcoin.nix>
- <stockholm/lass/2configs/review.nix>
- <stockholm/lass/2configs/dunst.nix>
- # <stockholm/krebs/2configs/ircd.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.coaxmetal;
-
- environment.systemPackages = with pkgs; [
- brain
- bank
- l-gen-secrets
- (pkgs.writeDashBin "deploy" ''
- set -eu
- export SYSTEM="$1"
- $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
- '')
- (pkgs.writeDashBin "usb-tether-on" ''
- adb shell su -c service call connectivity 33 i32 1 s16 text
- '')
- (pkgs.writeDashBin "usb-tether-off" ''
- adb shell su -c service call connectivity 33 i32 0 s16 text
- '')
- ];
-
- programs.adb.enable = true;
-
- hardware.bluetooth = {
- enable = true;
- powerOnBoot = true;
- };
- hardware.pulseaudio.package = pkgs.pulseaudioFull;
-
- nix.trustedUsers = [ "root" "lass" ];
-
- services.tor = {
- enable = true;
- client.enable = true;
- };
-
- documentation.nixos.enable = true;
-}
diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix
deleted file mode 100644
index 6be047300..000000000
--- a/lass/1systems/coaxmetal/physical.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-{
- imports = [
- ./config.nix
- (modulesPath + "/installer/scan/not-detected.nix")
- ];
-
- networking.hostId = "e0c335ea";
- boot.zfs.requestEncryptionCredentials = true;
- boot.zfs.enableUnstable = true;
- boot.loader.efi.canTouchEfiVariables = true;
- boot.loader.grub = {
- enable = true;
- # device = "/dev/disk/by-id/nvme-WDC_PC_SN730_SDBQNTY-1T00-1001_205349800040";
- device = "nodev";
- efiSupport = true;
- # efiInstallAsRemovable = true;
- };
-
- services.xserver.videoDrivers = [
- "amdgpu"
- ];
-
- hardware.opengl.extraPackages = [ pkgs.amdvlk ];
- environment.variables.VK_ICD_FILENAMES =
- "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
-
- boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-amd" ];
-
- fileSystems."/" = {
- device = "zpool/root/root";
- fsType = "zfs";
- };
-
- fileSystems."/home" = {
- device = "zpool/root/home";
- fsType = "zfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/50A7-1889";
- fsType = "vfat";
- };
-
- services.logind.lidSwitch = "ignore";
- services.logind.lidSwitchDocked = "ignore";
-
- # Mouse stuff
- services.xserver.libinput.enable = lib.mkForce false;
- services.xserver.synaptics.enable = true;
-
- services.xserver.displayManager.sessionCommands = ''
- xinput disable 'ETPS/2 Elantech Touchpad'
- xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation' 1
- xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Button' 2
- xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Axes' 6 7 4 5
- '';
-}
diff --git a/lass/1systems/coaxmetal/source.nix b/lass/1systems/coaxmetal/source.nix
deleted file mode 100644
index abbf26c75..000000000
--- a/lass/1systems/coaxmetal/source.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ lib, pkgs, test, ... }: let
- npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
-in {
- nixpkgs = (if test then lib.mkForce ({ derivation = let
- rev = npkgs.rev;
- sha256 = npkgs.sha256;
- in ''
- with import (builtins.fetchTarball {
- url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
- sha256 = "${sha256}";
- }) {};
- pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = "${rev}";
- sha256 = "${sha256}";
- }
- ''; }) else {
- git.ref = lib.mkForce npkgs.rev;
- });
-}
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
deleted file mode 100644
index c34dc0acf..000000000
--- a/lass/1systems/daedalus/config.nix
+++ /dev/null
@@ -1,115 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
-
-{
- imports = [
- <stockholm/lass>
-
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/pipewire.nix>
- # <stockholm/lass/2configs/nfs-dl.nix>
- {
- # bubsy config
- users.users.bubsy = {
- uid = genid "bubsy";
- home = "/home/bubsy";
- group = "users";
- createHome = true;
- extraGroups = [
- "audio"
- "networkmanager"
- "pipewire"
- # "plugdev"
- ];
- useDefaultShell = true;
- isNormalUser = true;
- };
- networking.networkmanager.enable = true;
- networking.wireless.enable = mkForce false;
- # programs.chromium = {
- # enable = true;
- # extensions = [
- # "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
- # ];
- # };
- environment.systemPackages = with pkgs; [
- ark
- pavucontrol
- #firefox
- chromium
- hexchat
- networkmanagerapplet
- libreoffice
- audacity
- zathura
- skypeforlinux
- wine
- geeqie
- vlc
- zsnes
- telegram-desktop
- ];
- # services.udev.packages = [ pkgs.ledger-udev-rules ];
- nixpkgs.config.firefox.enableAdobeFlash = true;
- services.xserver.enable = true;
- services.xserver.displayManager.lightdm.enable = true;
- services.xserver.desktopManager.plasma5.enable = true;
- services.tlp.enable = lib.mkForce false;
- services.xserver.layout = "de";
- }
- {
- users = {
- groups.plugdev = {};
- users = {
- bitcoin = {
- name = "bitcoin";
- description = "user for bitcoin stuff";
- home = "/home/bitcoin";
- isNormalUser = true;
- useDefaultShell = true;
- createHome = true;
- extraGroups = [
- "audio"
- "networkmanager"
- "plugdev"
- ];
- packages = [
- pkgs.electrum
- pkgs.electron-cash
- pkgs.ledger-live-desktop
- ];
- };
- };
- };
- hardware.ledger.enable = true;
- security.sudo.extraConfig = ''
- bubsy ALL=(bitcoin) NOPASSWD: ALL
- '';
- }
- {
- #remote control
- environment.systemPackages = with pkgs; [
- x11vnc
- # torbrowser
- ];
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }
- ];
- }
- ];
-
- time.timeZone = "Europe/Berlin";
-
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
-
- krebs.build.host = config.krebs.hosts.daedalus;
-}
diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix
deleted file mode 100644
index d10ced7da..000000000
--- a/lass/1systems/daedalus/physical.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- imports = [
- ./config.nix
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/coreboot.nix>
- ];
-
- fileSystems = {
- "/bku" = {
- device = "/dev/mapper/pool-bku";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- "/backups" = {
- device = "/dev/pool/backup";
- fsType = "ext4";
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
- '';
-}
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix
deleted file mode 100644
index 279cad10b..000000000
--- a/lass/1systems/dishfire/config.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/monitoring/prometheus.nix>
- <stockholm/lass/2configs/monitoring/telegraf.nix>
- <stockholm/lass/2configs/consul.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.dishfire;
-}
diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix
deleted file mode 100644
index ca013132f..000000000
--- a/lass/1systems/dishfire/physical.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
- imports = [
- ./config.nix
- (modulesPath + "/profiles/qemu-guest.nix")
- ];
-
- boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
- boot.loader.grub.devices = [ "/dev/sda" ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/84053adc-49bc-4e02-8a19-3838bf3a43fd";
- fsType = "ext4";
- };
-
- swapDevices = [ ];
-}
diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix
deleted file mode 100644
index eacdff782..000000000
--- a/lass/1systems/echelon/config.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, pkgs, ... }:
-{
- imports = [
- <stockholm/lass>
-
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/tor-initrd.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/green-host.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.echelon;
-
- boot.tmpOnTmpfs = true;
-
-}
-
diff --git a/lass/1systems/echelon/physical.nix b/lass/1systems/echelon/physical.nix
deleted file mode 100644
index fbacc3927..000000000
--- a/lass/1systems/echelon/physical.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-{
- imports = [
- ./config.nix
- (modulesPath + "/profiles/qemu-guest.nix")
- ];
-
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.efiInstallAsRemovable = true;
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
-
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.initrd.luks.devices.luksroot.device = "/dev/sda3";
-
- networking.useDHCP = false;
- networking.interfaces.ens18.useDHCP = true;
-
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/5186edb1-9234-48ae-8679-61facb56b818";
- fsType = "xfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/56D1-34A0";
- fsType = "vfat";
- };
-
-}
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
deleted file mode 100644
index 81b8b909b..000000000
--- a/lass/1systems/green/config.nix
+++ /dev/null
@@ -1,75 +0,0 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/mail.nix>
-
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/sync/sync.nix>
- <stockholm/lass/2configs/sync/decsync.nix>
-
- <stockholm/lass/2configs/weechat.nix>
- <stockholm/lass/2configs/bitlbee.nix>
-
- <stockholm/lass/2configs/pass.nix>
-
- <stockholm/lass/2configs/git-brain.nix>
- <stockholm/lass/2configs/et-server.nix>
- <stockholm/lass/2configs/consul.nix>
-
- <stockholm/lass/2configs/atuin-server.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.green;
-
- krebs.sync-containers3.inContainer = {
- enable = true;
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y";
- };
-
- systemd.tmpfiles.rules = [
- "d /home/lass/.local/share 0700 lass users -"
- "d /home/lass/.local 0700 lass users -"
- "d /home/lass/.config 0700 lass users -"
-
- "d /var/state/lass_mail 0700 lass users -"
- "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail"
-
- "d /var/state/lass_ssh 0700 lass users -"
- "L+ /home/lass/.ssh - - - - ../../var/state/lass_ssh"
- "d /var/state/lass_gpg 0700 lass users -"
- "L+ /home/lass/.gnupg - - - - ../../var/state/lass_gpg"
- "d /var/state/lass_sync 0700 lass users -"
- "L+ /home/lass/sync - - - - ../../var/state/lass_sync"
-
- "d /var/state/git 0700 git nogroup -"
- "L+ /var/lib/git - - - - ../../var/state/git"
- ];
-
- users.users.mainUser.openssh.authorizedKeys.keys = [
- config.krebs.users.lass-android.pubkey
- config.krebs.users.lass-tablet.pubkey
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKgpZwye6yavIs3gUIYvSi70spDa0apL2yHR0ASW74z8" # weechat ssh tunnel
- ];
-
- krebs.iptables.tables.nat.PREROUTING.rules = [
- { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; }
- ];
-
- # workaround for ssh access from yubikey via android
- services.openssh.extraConfig = ''
- HostKeyAlgorithms +ssh-rsa
- PubkeyAcceptedAlgorithms +ssh-rsa
- '';
-
- services.dovecot2 = {
- enable = true;
- mailLocation = "maildir:~/Maildir";
- };
-
- networking.firewall.allowedTCPPorts = [ 143 ];
-}
diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix
deleted file mode 100644
index 8577daf34..000000000
--- a/lass/1systems/green/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = true;
-}
diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix
deleted file mode 100644
index 4acdb0c26..000000000
--- a/lass/1systems/green/source.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ lib, pkgs, test, ... }: let
- npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
-in if test then {} else {
- nixpkgs.git.ref = lib.mkForce npkgs.rev;
- nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
-}
diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix
deleted file mode 100644
index 953b5d0d4..000000000
--- a/lass/1systems/hilum/config.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, pkgs, ... }:
-{
- imports = [
- <stockholm/lass>
-
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/network-manager.nix>
- <stockholm/lass/2configs/syncthing.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.hilum;
-
- boot.loader.grub = {
- extraEntries = ''
- submenu isos {
- source /grub/autoiso.cfg
- }
- '';
- extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation {
- name = "autoiso.cfg";
- src = pkgs.grub2.src;
- phases = [ "unpackPhase" "installPhase" ];
- installPhase = ''
- cp docs/autoiso.cfg $out
- '';
- });
- };
-
- services.logind.lidSwitch = "ignore";
- services.logind.lidSwitchDocked = "ignore";
-
- boot.tmpOnTmpfs = true;
-}
diff --git a/lass/1systems/hilum/disk.nix b/lass/1systems/hilum/disk.nix
deleted file mode 100644
index b5199d432..000000000
--- a/lass/1systems/hilum/disk.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ lib, disk, keyFile, ... }:
-{
- disk = {
- main = {
- type = "disk";
- device = disk;
- content = {
- type = "table";
- format = "gpt";
- partitions = [
- {
- name = "boot";
- start = "0";
- end = "1M";
- flags = ["bios_grub"];
- }
- {
- name = "ESP";
- start = "1M";
- end = "50%";
- bootable = true;
- content = {
- type = "filesystem";
- format = "vfat";
- mountpoint = "/boot";
- };
- }
- {
- name = "root";
- start = "50%";
- end = "100%";
- content = {
- type = "filesystem";
- format = "ext4";
- mountpoint = "/";
- };
- }
- ];
- };
- };
- };
-}
-
diff --git a/lass/1systems/hilum/flash-stick.sh b/lass/1systems/hilum/flash-stick.sh
deleted file mode 100755
index 9846ea087..000000000
--- a/lass/1systems/hilum/flash-stick.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/sh
-set -efux
-
-disk=$1
-
-cd "$(dirname "$0")"
-export NIXPKGS_ALLOW_UNFREE=1
-(umask 077; pass show admin/hilum/luks > /tmp/hilum.luks)
-trap 'rm -f /tmp/hilum.luks' EXIT
-echo "$disk" > /tmp/hilum-disk
-trap 'rm -f /tmp/hilum-disk' EXIT
-
-stockholm_root=$(git rev-parse --show-toplevel)
-ssh root@localhost -t -- $(nix-build \
- --no-out-link \
- -I nixpkgs=/var/src/nixpkgs \
- -I stockholm="$stockholm_root" \
- -I secrets="$stockholm_root"/lass/2configs/tests/dummy-secrets \
- -E "with import <nixpkgs> {}; (pkgs.nixos [
- {
- luksPassFile = \"/tmp/hilum.luks\";
- mainDisk = \"$disk\";
- disko.rootMountPoint = \"/mnt/hilum\";
- }
- ./physical.nix
- ]).disko"
-)
-rm -f /tmp/hilum.luks
-$(nix-build \
- --no-out-link \
- -I nixpkgs=/var/src/nixpkgs \
- "$stockholm_root"/lass/krops.nix -A populate \
- --argstr name hilum \
- --argstr target "root@localhost/mnt/hilum/var/src" \
- --arg force true
-)
-ssh root@localhost << SSH
-set -efux
-mkdir -p /mnt/hilum/etc
-NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-bootloader --no-root-password --root /mnt/hilum -I /var/src
-nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader
-umount -Rv /mnt/hilum
-SSH
diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix
deleted file mode 100644
index 9caf8e531..000000000
--- a/lass/1systems/hilum/physical.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- {
- # nice hack to carry around state passed impurely at the beginning
- options.mainDisk = let
- tryFile = path: default:
- if lib.elem (builtins.baseNameOf path) (lib.attrNames (builtins.readDir (builtins.dirOf path))) then
- builtins.readFile path
- else
- default
- ;
- in lib.mkOption {
- type = lib.types.str;
- default = tryFile "/etc/hilum-disk" (tryFile "/tmp/hilum-disk" "/dev/sdz");
- };
- config.environment.etc.hilum-disk.text = config.mainDisk;
- }
- {
- options.luksPassFile = lib.mkOption {
- type = lib.types.nullOr lib.types.str;
- default = null;
- };
- }
- ];
-
- disko.devices = import ./disk.nix {
- inherit lib;
- disk = config.mainDisk;
- keyFile = config.luksPassFile;
- };
-
- boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- boot.loader.grub.enable = true;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.device = config.mainDisk;
- boot.loader.grub.efiInstallAsRemovable = true;
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-
- #weird bug with nixos-enter
- services.logrotate.enable = false;
-}
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
deleted file mode 100644
index e789b09da..000000000
--- a/lass/1systems/icarus/config.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-{
- imports = [
- <stockholm/lass>
-
- <stockholm/lass/2configs/mouse.nix>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/git.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/pipewire.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/games.nix>
- <stockholm/lass/2configs/bitcoin.nix>
- <stockholm/lass/2configs/wine.nix>
- #<stockholm/lass/2configs/prism-share.nix>
- <stockholm/lass/2configs/network-manager.nix>
- <stockholm/lass/2configs/snapclient.nix>
- <stockholm/lass/2configs/consul.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.icarus;
-
-
- environment.systemPackages = [ pkgs.chromium ];
-}
diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix
deleted file mode 100644
index 0b1aff4a8..000000000
--- a/lass/1systems/icarus/physical.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- imports = [
- ./config.nix
- #<stockholm/lass/2configs/hw/x220.nix>
- #<stockholm/lass/2configs/boot/universal.nix>
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- <stockholm/krebs/2configs/hw/x220.nix>
- ];
-
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.efiInstallAsRemovable = true;
- boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6";
- boot.initrd.luks.devices.ssd.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6-part3";
-
- boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "sd_mod" "sdhci_pci" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/298eb635-8db2-4c15-a73d-2e0d6afa10e8";
- fsType = "xfs";
- };
-
- fileSystems."/home" = {
- device = "/dev/disk/by-uuid/eec94bef-e745-4d95-ad17-4df728f5fd31";
- fsType = "xfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/D975-2CAB";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
- '';
-
- services.logind.lidSwitch = "ignore";
-}
diff --git a/lass/1systems/lasspi/config.nix b/lass/1systems/lasspi/config.nix
deleted file mode 100644
index d2207627d..000000000
--- a/lass/1systems/lasspi/config.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-in
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.lasspi;
-
- networking = {
- networkmanager = {
- enable = true;
- };
- };
- environment.systemPackages = with pkgs; [
- vim
- rxvt-unicode-unwrapped.terminfo
- ];
- services.openssh.enable = true;
-
- system.stateVersion = "22.05";
-}
diff --git a/lass/1systems/lasspi/physical.nix b/lass/1systems/lasspi/physical.nix
deleted file mode 100644
index 07efb5ca5..000000000
--- a/lass/1systems/lasspi/physical.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-{
- imports = [
- (modulesPath + "/installer/scan/not-detected.nix")
- ./config.nix
- ];
-
- boot = {
- # kernelPackages = pkgs.linuxPackages_rpi4;
- tmpOnTmpfs = true;
- initrd.availableKernelModules = [ "usbhid" "usb_storage" "xhci_pci" ];
- # ttyAMA0 is the serial console broken out to the GPIO
- kernelParams = [
- "8250.nr_uarts=1"
- "console=ttyAMA0,115200"
- "console=tty1"
- # Some gui programs need this
- "cma=128M"
- ];
- };
-
- # boot.loader.raspberryPi = {
- # enable = true;
- # version = 4;
- # # uboot.enable = true;
- # };
- boot.loader.grub.enable = false;
- boot.loader.generic-extlinux-compatible.enable = true;
-
- # Required for the Wireless firmware
- hardware.enableRedistributableFirmware = true;
-
- networking.interfaces.eth0.useDHCP = true;
-
- # Assuming this is installed on top of the disk image.
- fileSystems = {
- "/" = {
- device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
- fsType = "ext4";
- options = [ "noatime" ];
- };
- };
-
- powerManagement.cpuFreqGovernor = "ondemand";
-}
diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix
deleted file mode 100644
index adf8aeeb1..000000000
--- a/lass/1systems/littleT/config.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
-
-{
- imports = [
- <stockholm/lass>
-
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/blue-host.nix>
- <stockholm/lass/2configs/green-host.nix>
- <stockholm/lass/2configs/syncthing.nix>
- ];
-
- networking.networkmanager.enable = true;
- networking.wireless.enable = mkForce false;
- time.timeZone = "Europe/Berlin";
-
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
-
- krebs.build.host = config.krebs.hosts.littleT;
-}
diff --git a/lass/1systems/littleT/physical.nix b/lass/1systems/littleT/physical.nix
deleted file mode 100644
index 550f058a8..000000000
--- a/lass/1systems/littleT/physical.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
- fileSystems."/" =
- { device = "rpool/root";
- fsType = "zfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/5B2E-3734";
- fsType = "vfat";
- };
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.efiInstallAsRemovable = true;
- boot.loader.grub.device = "nodev";
- networking.hostId = "584248c6";
-
- boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
- boot.kernelModules = [ "kvm-intel" ];
-
-}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
deleted file mode 100644
index 23f8a1184..000000000
--- a/lass/1systems/mors/config.nix
+++ /dev/null
@@ -1,167 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-{
- imports = [
- <stockholm/lass>
-
- <stockholm/lass/2configs/mouse.nix>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/pipewire.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/bitcoin.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/games.nix>
- <stockholm/lass/2configs/pass.nix>
- <stockholm/lass/2configs/elster.nix>
- <stockholm/lass/2configs/steam.nix>
- <stockholm/lass/2configs/wine.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/mail.nix>
- <stockholm/lass/2configs/logf.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/sync/sync.nix>
- <stockholm/lass/2configs/sync/decsync.nix>
- <stockholm/lass/2configs/sync/weechat.nix>
- <stockholm/lass/2configs/sync/the_playlist.nix>
- #<stockholm/lass/2configs/c-base.nix>
- <stockholm/lass/2configs/br.nix>
- <stockholm/lass/2configs/ableton.nix>
- <stockholm/lass/2configs/dunst.nix>
- <stockholm/lass/2configs/rtl-sdr.nix>
- <stockholm/lass/2configs/print.nix>
- <stockholm/lass/2configs/network-manager.nix>
- <stockholm/lass/2configs/yellow-mounts/samba.nix>
- <stockholm/lass/2configs/ppp/x220-modem.nix>
- <stockholm/lass/2configs/ppp/umts-stick.nix>
- # <stockholm/lass/2configs/remote-builder/morpheus.nix>
- # <stockholm/lass/2configs/remote-builder/prism.nix>
- <stockholm/lass/2configs/consul.nix>
- <stockholm/lass/2configs/networkd.nix>
- <stockholm/lass/2configs/autotether.nix>
- {
- krebs.iptables.tables.filter.INPUT.rules = [
- #risk of rain
- { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
- #quake3
- { predicate = "-p tcp --dport 27950:27965"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; }
- ];
- }
- {
- services.nginx = {
- enable = true;
- virtualHosts.default = {
- default = true;
- serverAliases = [
- "localhost"
- "${config.krebs.build.host.name}"
- "${config.krebs.build.host.name}.r"
- ];
- locations."~ ^/~(.+?)(/.*)?\$".extraConfig = ''
- alias /home/$1/public_html$2;
- '';
- };
- };
- }
- {
- services.redis.enable = true;
- }
- {
- environment.systemPackages = [
- pkgs.ovh-zone
- pkgs.bank
- pkgs.adb-sync
- pkgs.transgui
- ];
- }
- {
- services.tor = {
- enable = true;
- client.enable = true;
- };
- }
- ];
-
- krebs.build.host = config.krebs.hosts.mors;
-
- environment.systemPackages = with pkgs; [
- acronym
- brain
- cac-api
- sshpass
- get
- hashPassword
- urban
- mk_sql_pair
- remmina
- transmission
-
- macchanger
-
- dnsutils
- woeusb
- (pkgs.writeDashBin "play-on" ''
- HOST=$(echo 'styx\nshodan' | fzfmenu)
- ssh -t "$HOST" -- mpv "$@"
- '')
- ];
-
- #TODO: fix this shit
- ##fprint stuff
- ##sudo fprintd-enroll $USER to save fingerprints
- #services.fprintd.enable = true;
- #security.pam.services.sudo.fprintAuth = true;
-
- users.extraGroups = {
- loot = {
- members = [
- config.users.extraUsers.mainUser.name
- "firefox"
- "chromium"
- "google"
- "virtual"
- ];
- };
- };
-
- krebs.repo-sync.timerConfig = {
- OnCalendar = "00:37";
- };
-
- nixpkgs.config.android_sdk.accept_license = true;
- programs.adb.enable = true;
-
-
- services.earlyoom = {
- enable = true;
- freeMemThreshold = 5;
- };
-
-
- # It may leak your data, but look how FAST it is!1!!
- # https://make-linux-fast-again.com/
- boot.kernelParams = [
- "noibrs"
- "noibpb"
- "nopti"
- "nospectre_v2"
- "nospectre_v1"
- "l1tf=off"
- "nospec_store_bypass_disable"
- "no_stf_barrier"
- "mds=off"
- "mitigations=off"
- ];
-
- boot.binfmt.emulatedSystems = [
- "aarch64-linux"
- ];
-
- nix.trustedUsers = [ "root" "lass" ];
-
- services.nscd.enableNsncd = true;
-
-}
diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix
deleted file mode 100644
index 2ffbf88c0..000000000
--- a/lass/1systems/mors/physical.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{
- imports = [
- ./config.nix
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/universal.nix>
- ];
-
- boot.kernelParams = [ "acpi_backlight=native" ];
-
- fileSystems = {
- "/bku" = {
- device = "/dev/mapper/pool-bku";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- "/home/virtual" = {
- device = "/dev/mapper/pool-virtual";
- fsType = "ext4";
- };
- "/backups" = {
- device = "/dev/pool/backup";
- fsType = "ext4";
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:37:15:d9", NAME="et0"
- '';
-
- #TODO activationScripts seem broken, fix them!
- #activationScripts
- #split up and move into base
- system.activationScripts.powertopTunables = ''
- #Runtime PMs
- echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control'
- '';
-}
diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix
deleted file mode 100644
index abbf26c75..000000000
--- a/lass/1systems/mors/source.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ lib, pkgs, test, ... }: let
- npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
-in {
- nixpkgs = (if test then lib.mkForce ({ derivation = let
- rev = npkgs.rev;
- sha256 = npkgs.sha256;
- in ''
- with import (builtins.fetchTarball {
- url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
- sha256 = "${sha256}";
- }) {};
- pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = "${rev}";
- sha256 = "${sha256}";
- }
- ''; }) else {
- git.ref = lib.mkForce npkgs.rev;
- });
-}
diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix
deleted file mode 100644
index 79402959e..000000000
--- a/lass/1systems/neoprism/config.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/mail/internet-gateway.nix>
- <stockholm/lass/2configs/binary-cache/server.nix>
- <stockholm/lass/2configs/matrix.nix>
- <stockholm/lass/2configs/gsm-wiki.nix>
-
- # sync-containers
- <stockholm/lass/2configs/consul.nix>
- <stockholm/lass/2configs/services/flix/container-host.nix>
- <stockholm/lass/2configs/services/radio/container-host.nix>
- <stockholm/lass/2configs/ubik-host.nix>
- <stockholm/lass/2configs/orange-host.nix>
- <stockholm/krebs/2configs/hotdog-host.nix>
-
- # other containers
- <stockholm/lass/2configs/riot.nix>
-
- # proxying of services
- <stockholm/lass/2configs/services/radio/proxy.nix>
- <stockholm/lass/2configs/services/flix/proxy.nix>
- <stockholm/lass/2configs/services/coms/proxy.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.neoprism;
-
- networking.firewall.allowedTCPPorts = [ 80 443 ];
- security.acme.acceptTerms = true;
- security.acme.defaults.email = "acme@lassul.us";
- services.nginx = {
- enable = true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedTlsSettings = true;
-
- enableReload = true;
-
- virtualHosts.default = {
- default = true;
- locations."= /etc/os-release".extraConfig = ''
- default_type text/plain;
- alias /etc/os-release;
- '';
- locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
- };
- };
-}
diff --git a/lass/1systems/neoprism/disk.nix b/lass/1systems/neoprism/disk.nix
deleted file mode 100644
index c5bd44c94..000000000
--- a/lass/1systems/neoprism/disk.nix
+++ /dev/null
@@ -1,118 +0,0 @@
-{ lib, ... }:
-{
- disk = (lib.genAttrs [ "/dev/nvme0n1" "/dev/nvme1n1" ] (disk: {
- type = "disk";
- device = disk;
- content = {
- type = "gpt";
- partitions = {
- boot = {
- size = "1M";
- type = "EF02";
- };
- ESP = {
- size = "1G";
- content = {
- type = "mdraid";
- name = "boot";
- };
- };
- zfs = {
- size = "100%";
- content = {
- type = "zfs";
- pool = "zroot";
- };
- };
- };
- };
- })) // {
- hdd1 = {
- type = "disk";
- device = "/dev/sda";
- content = {
- type = "zfs";
- pool = "tank";
- };
- };
- };
- mdadm = {
- boot = {
- type = "mdadm";
- level = 1;
- metadata = "1.0";
- content = {
- type = "filesystem";
- format = "vfat";
- mountpoint = "/boot";
- };
- };
- };
- zpool = {
- zroot = {
- type = "zpool";
- mode = "mirror";
- mountpoint = "/";
- rootFsOptions = {
- };
- datasets.reserved = {
- type = "zfs_fs";
- options.refreservation = "1G";
- };
- };
- tank = {
- type = "zpool";
- datasets = {
- reserved = {
- type = "zfs_fs";
- options.refreservation = "1G";
- };
- containers = {
- type = "zfs_fs";
- mountpoint = "/var/lib/containers";
- options = {
- canmount = "noauto";
- };
- };
- home = {
- type = "zfs_fs";
- mountpoint = "/home";
- options = {
- canmount = "noauto";
- };
- };
- srv = {
- type = "zfs_fs";
- mountpoint = "/srv";
- options = {
- canmount = "noauto";
- };
- };
- libvirt = {
- type = "zfs_fs";
- mountpoint = "/var/lib/libvirt";
- options = {
- canmount = "noauto";
- };
- };
- # encrypted = {
- # type = "zfs_fs";
- # options = {
- # canmount = "noauto";
- # mountpoint = "none";
- # encryption = "aes-256-gcm";
- # keyformat = "passphrase";
- # keylocation = "prompt";
- # };
- # };
- # "encrypted/download" = {
- # type = "zfs_fs";
- # mountpoint = "/var/download";
- # options = {
- # canmount = "noauto";
- # };
- # };
- };
- };
- };
-}
diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix
deleted file mode 100644
index cc7734f39..000000000
--- a/lass/1systems/neoprism/physical.nix
+++ /dev/null
@@ -1,79 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- disko.devices = import ./disk.nix;
- networking.hostId = "9c0a74ac";
-
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.devices = [
- config.disko.devices.disk."/dev/nvme0n1".device
- config.disko.devices.disk."/dev/nvme1n1".device
- ];
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
- boot.kernelModules = [ "kvm-amd" ];
- hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-
- # networking config
- networking.useNetworkd = true;
- systemd.network = {
- enable = true;
- config = {
- networkConfig.SpeedMeter = true;
- };
- # netdevs.ext-br.netdevConfig = {
- # Kind = "bridge";
- # Name = "ext-br";
- # MACAddress = "a8:a1:59:0f:2d:69";
- # };
- # networks.ext-br = {
- # name = "ext-br";
- # address = [
- # "95.217.192.59/26"
- # "2a01:4f9:4a:4f1a::1/64"
- # ];
- # gateway = [
- # "95.217.192.1"
- # "fe80::1"
- # ];
- # };
- networks.eth0 = {
- #bridge = [ "ext-br" ];
- matchConfig.Name = "eth0";
- address = [
- "95.217.192.59/26"
- "2a01:4f9:4a:4f1a::1/64"
- ];
- gateway = [
- "95.217.192.1"
- "fe80::1"
- ];
- };
- };
-
- networking.useDHCP = false;
- # boot.initrd.network = {
- # enable = true;
- # ssh = {
- # enable = true;
- # authorizedKeys = [ config.krebs.users.lass.pubkey ];
- # port = 2222;
- # hostKeys = [
- # (<secrets/ssh.id_ed25519>)
- # (<secrets/ssh.id_rsa>)
- # ];
- # };
- # };
- # boot.kernelParams = [
- # "net.ifnames=0"
- # "ip=dhcp"
- # "boot.trace"
- # ];
-}
diff --git a/lass/1systems/orange/config.nix b/lass/1systems/orange/config.nix
deleted file mode 100644
index 47867c31f..000000000
--- a/lass/1systems/orange/config.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/mumble-reminder.nix>
- <stockholm/lass/2configs/services/git>
- ];
-
- krebs.build.host = config.krebs.hosts.orange;
-
- services.nginx.enable = true;
- networking.firewall.allowedTCPPorts = [ 80 443 ];
- security.acme = {
- acceptTerms = true;
- defaults.email = "acme@lassul.us";
- };
-
- krebs.sync-containers3.inContainer = {
- enable = true;
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWzKuXrwQopBc1mzb2VpljmwAs7Y8bRl9a8hBXLC+l";
- };
-}
diff --git a/lass/1systems/orange/physical.nix b/lass/1systems/orange/physical.nix
deleted file mode 100644
index 8577daf34..000000000
--- a/lass/1systems/orange/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = true;
-}
diff --git a/lass/1systems/prism/backup.nix b/lass/1systems/prism/backup.nix
deleted file mode 100644
index 52b4142b9..000000000
--- a/lass/1systems/prism/backup.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- services.postgresqlBackup.enable = true;
-
- systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
-
- services.borgbackup.jobs.hetzner = {
- paths = [
- "/var/backup"
- ];
- exclude = [
- "*.pyc"
- ];
- repo = "u364341@u364341.your-storagebox.de:/./hetzner";
- encryption.mode = "none";
- compression = "auto,zstd";
- startAt = "daily";
- # TODO: change backup key
- environment.BORG_RSH = "ssh -oPort=23 -i ${toString <secrets> + "/borgbackup.ssh.id25519"}";
- preHook = ''
- set -x
- '';
-
- postHook = ''
- cat > /var/log/telegraf/borgbackup-job-hetzner.service <<EOF
- task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
- EOF
- '';
-
- prune.keep = {
- within = "1d"; # Keep all archives from the last day
- daily = 7;
- weekly = 4;
- monthly = 0;
- };
- };
-}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
deleted file mode 100644
index 29244f8a3..000000000
--- a/lass/1systems/prism/config.nix
+++ /dev/null
@@ -1,380 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-{
- imports = [
- ./backup.nix
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/libvirt.nix>
- <stockholm/lass/2configs/tv.nix>
- <stockholm/lass/2configs/websites/lassulus.nix>
- <stockholm/lass/2configs/services/git/proxy.nix>
- <stockholm/lass/2configs/monitoring/telegraf.nix>
- <stockholm/lass/2configs/consul.nix>
- {
- services.nginx.enable = true;
- imports = [
- <stockholm/lass/2configs/websites/domsen.nix>
- ];
- # needed by domsen.nix ^^
- lass.usershadow = {
- enable = true;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
- ];
- }
- { # TODO make new hfos.nix out of this vv
- users.users.riot = {
- uid = genid_uint31 "riot";
- isNormalUser = true;
- extraGroups = [ "libvirtd" ];
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
- ];
- };
- krebs.iptables.tables.filter.FORWARD.rules = mkBefore [
- { v6 = false; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; }
- { v6 = false; predicate = "--source 95.216.1.130"; target = "ACCEPT"; }
- ];
- }
- {
- users.users.tv = {
- uid = genid_uint31 "tv";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.tv.pubkey
- ];
- };
- users.users.makefu = {
- uid = genid_uint31 "makefu";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.makefu.pubkey
- ];
- };
- users.extraUsers.dritter = {
- uid = genid_uint31 "dritter";
- isNormalUser = true;
- extraGroups = [
- "download"
- ];
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
- ];
- };
- users.extraUsers.juhulian = {
- uid = 1339;
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
- ];
- };
- users.users.hellrazor = {
- uid = genid_uint31 "hellrazor";
- isNormalUser = true;
- extraGroups = [
- "download"
- ];
- openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
- };
- }
- {
- services.nginx.virtualHosts."radio.lassul.us" = {
- enableACME = true;
- addSSL = true;
- locations."/" = {
- # recommendedProxySettings = true;
- proxyWebsockets = true;
- proxyPass = "http://radio.r";
- extraConfig = ''
- proxy_set_header Host radio.r;
- # get source ip for weather reports
- proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr";
- '';
- };
- };
- krebs.htgen.radio-redirect = {
- port = 8000;
- scriptFile = pkgs.writers.writeDash "redir" ''
- printf 'HTTP/1.1 301 Moved Permanently\r\n'
- printf "Location: http://radio.lassul.us''${Request_URI}\r\n"
- printf '\r\n'
- '';
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
- ];
- }
- <stockholm/lass/2configs/exim-smarthost.nix>
- <stockholm/lass/2configs/privoxy-retiolum.nix>
- <stockholm/lass/2configs/binary-cache/server.nix>
- <stockholm/lass/2configs/binary-cache/proxy.nix>
- <stockholm/lass/2configs/iodined.nix>
- <stockholm/lass/2configs/paste.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/reaktor-coders.nix>
- <stockholm/lass/2configs/ciko.nix>
- <stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/fysiirc.nix>
- <stockholm/lass/2configs/bgt-bot>
- <stockholm/lass/2configs/matrix.nix>
- <stockholm/krebs/2configs/mastodon-proxy.nix>
- {
- services.tor = {
- enable = true;
- };
- }
- {
- imports = [
- <stockholm/lass/2configs/realwallpaper.nix>
- ];
- services.nginx.virtualHosts."lassul.us".locations = {
- "= /wallpaper-marker.png".extraConfig = ''
- alias /var/realwallpaper/realwallpaper-marker.png;
- '';
- "= /wallpaper.png".extraConfig = ''
- alias /var/realwallpaper/realwallpaper.png;
- '';
- "= /wallpaper-stars-berlin.png".extraConfig = ''
- alias /var/realwallpaper/realwallpaper-krebs-stars-berlin.png;
- '';
- };
- }
- <stockholm/lass/2configs/minecraft.nix>
- <stockholm/lass/2configs/codimd.nix>
- <stockholm/lass/2configs/go.nix>
- {
- lass.nichtparasoup.enable = true;
- services.nginx = {
- enable = true;
- virtualHosts."lol.lassul.us" = {
- forceSSL = true;
- enableACME = true;
- locations."/".extraConfig = ''
- proxy_pass http://localhost:5001;
- '';
- };
- };
- }
- {
- imports = [
- <stockholm/lass/2configs/wiregrill.nix>
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = mkOrder 999 [
- { v6 = false; predicate = "-s 10.244.0.0/16"; target = "ACCEPT"; }
- { v4 = false; predicate = "-s 42:1::/32"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.filter.FORWARD.rules = mkBefore [
- { predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; }
- { predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.POSTROUTING.rules = [
- { v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; }
- { v6 = false; predicate = "-s 10.244.0.0/16 ! -d 10.244.0.0/16"; target = "MASQUERADE"; }
- ];
- services.dnsmasq = {
- enable = true;
- resolveLocalQueries = false;
-
- extraConfig= ''
- bind-interfaces
- interface=wiregrill
- interface=retiolum
- '';
- };
- }
- {
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT"; }
- ];
- }
- <stockholm/lass/2configs/services/coms/jitsi.nix>
- <stockholm/lass/2configs/services/coms/murmur.nix>
- {
-
- services.nginx.virtualHosts."flix.lassul.us" = {
- forceSSL = true;
- enableACME = true;
- locations."/" = {
- proxyPass = "http://yellow.r:8096";
- proxyWebsockets = true;
- recommendedProxySettings = true;
- };
- };
- services.nginx.virtualHosts."lassul.us" = {
- locations."^~ /flix/".extraConfig = ''
- if ($scheme != "https") {
- rewrite ^ https://$host$request_uri permanent;
- }
- auth_basic "Restricted Content";
- auth_basic_user_file ${pkgs.writeText "flix-user-pass" ''
- krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
- ''};
- proxy_pass http://yellow.r:80/;
- proxy_set_header Accept-Encoding "";
- sub_filter "https://lassul.us/" "https://lassul.us/flix/";
- sub_filter_once off;
- '';
- locations."^~ /chatty/".extraConfig = ''
- rewrite ^ https://$host/flix/$request_uri permanent;
- '';
- #locations."^~ /transmission".return = "301 https://$host/transmission/web/";
- locations."^~ /transmission/".extraConfig = ''
- if ($scheme != "https") {
- rewrite ^ https://$host$request_uri permanent;
- }
- auth_basic "Restricted Content";
- auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''
- krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
- ''};
- proxy_pass_header X-Transmission-Session-Id;
- proxy_pass http://10.233.2.14:9091;
- '';
- };
-
- users.groups.download = {};
- users.users = {
- download = {
- createHome = false;
- group = "download";
- name = "download";
- home = "/var/download";
- useDefaultShell = true;
- uid = genid "download";
- isSystemUser = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- lass.pubkey
- lass-android.pubkey
- makefu.pubkey
- palo.pubkey
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
- "AAAAB3NzaC1yc2EAAAADAQABAAABgQC4ECL9NSCWqs4KVe+FF+2BPtl5Bv5aQPHqnXllCyiESZykwRKLx6/AbF5SbUAUMVZtp9oDSdp28m3BvVeWJ/q7hAbIxUtfd/jp+JBRZ8Kj6K5GzUO7Bhgl/o0A7xEjAeOKHiYuLjdPMcFUyl6Ah4ey/mcQYf6AdU0+hYUDeUlKe/YxxYD6202W0GJq2xGdIqs/TbopT9iaX+sv0wdXDVfFY72nFqOUwJW3u6O2viKKRugrz/eo50Eo3ts7pYz/FpDXExrUvV9Vu/bQ34pa8nKgF3/AKQHgmzljNQSVZKyAV8OY0UFonjBMXCBg2tXtwfnlzdx2SyuQVv55x+0AuRKsi85G2xLpXu1A3921pseBTW6Q6kbYK9eqxAay2c/kNbwNqFnO+nCvQ6Ier/hvGddOtItMu96IuU2E7mPN6WgvM8/3fjJRFWnZxFxqu/k7iH+yYT8qwRgdiSqZc76qvkYEuabdk2itstTRY0A3SpI3hFMZDw/7bxgMZtqpfyoRk5s= philip@shiki11:15 <Profpatsch> AAAAB3NzaC1yc2EAAAADAQABAAABgQC4ECL9NSCWqs4KVe+FF+2BPtl5Bv5aQPHqnXllCyiESZykwRKLx6/AbF5SbUAUMVZtp9oDSdp28m3BvVeWJ/q7hAbIxUtfd/jp+JBRZ8Kj6K5GzUO7Bhgl/o0A7xEjAeOKHiYuLjdPMcFUyl6Ah4ey/mcQYf6AdU0+hYUDeUlKe/YxxYD6202W0GJq2xGdIqs/TbopT9iaX+sv0wdXDVfFY72nFqOUwJW3u6O2viKKRugrz/eo50Eo3ts7pYz/FpDXExrUvV9Vu/bQ34pa8nKgF3/AKQHgmzljNQSVZKyAV8OY0UFonjBMXCBg2tXtwfnlzdx2SyuQVv55x+0AuRKsi85G2xLpXu1A3921pseBTW6Q6kbYK9eqxAay2c/kNbwNqFnO+nCvQ6Ier/hvGddOtItMu96IuU2E7mPN6WgvM8/3fjJRFWnZxFxqu/k7iH+yYT8qwRgdiSqZc76qvkYEuabdk2itstTRY0A3SpI3hFMZDw/7bxgMZtqpfyoRk5s= philip@shiki"
- mic92.pubkey
- qubasa.pubkey
- ];
- };
- };
-
- system.activationScripts.downloadFolder = ''
- mkdir -p /var/download
- chmod 775 /var/download
- ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
- chown download: /var/download/finished
- '';
-
- fileSystems."/export/download" = {
- device = "/var/lib/containers/yellow/var/download/finished";
- options = [ "bind" ];
- };
- services.nfs.server = {
- enable = true;
- exports = ''
- /export 42::/16(insecure,ro,crossmnt)
- '';
- lockdPort = 4001;
- mountdPort = 4002;
- statdPort = 4000;
- };
-
- services.samba = {
- enable = true;
- enableNmbd = false;
- extraConfig = ''
- workgroup = WORKGROUP
- netbios name = PRISM
- server string = ${config.networking.hostName}
- # only allow retiolum addresses
- hosts allow = 42::/16 10.243.0.0/16 10.244.0.0/16
-
- # Use sendfile() for performance gain
- use sendfile = true
-
- # No NetBIOS is needed
- disable netbios = true
-
- # Only mangle non-valid NTFS names, don't care about DOS support
- mangled names = illegal
-
- # Performance optimizations
- socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
-
- # Disable all printing
- load printers = false
- disable spoolss = true
- printcap name = /dev/null
-
- map to guest = Bad User
- max log size = 50
- dns proxy = no
- security = user
-
- [global]
- syslog only = yes
- '';
- shares.public = {
- comment = "Warez";
- path = "/export";
- public = "yes";
- "only guest" = "yes";
- "create mask" = "0644";
- "directory mask" = "2777";
- writable = "no";
- printable = "no";
- };
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- # smbd
- { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
- ];
- }
- { # acme fallback for neoprism migration
- services.nginx.virtualHosts."lassul.us".acmeFallbackHost = "orange.r";
- services.nginx.virtualHosts."radio.lassul.us".acmeFallbackHost = "neoprism.r";
- services.nginx.virtualHosts."flix.lassul.us".acmeFallbackHost = "neoprism.r";
- services.nginx.virtualHosts."jitsi.lassul.us".acmeFallbackHost = "neoprism.r";
- services.nginx.virtualHosts."cgit.lassul.us".acmeFallbackHost = "orange.r";
- services.nginx.virtualHosts."mail.lassul.us".acmeFallbackHost = "neoprism.r";
- services.nginx.virtualHosts."mumble.lassul.us".acmeFallbackHost = "neoprism.r";
- services.nginx.virtualHosts."mail.ubikmedia.eu" = {
- enableACME = true;
- forceSSL = true;
- acmeFallbackHost = "ubik.r";
- locations."/" = {
- recommendedProxySettings = true;
- proxyWebsockets = true;
- proxyPass = "https://ubik.r";
- };
- };
- }
- ];
-
- krebs.build.host = config.krebs.hosts.prism;
- services.earlyoom = {
- enable = true;
- freeMemThreshold = 5;
- };
-
- # prism rsa hack
- services.openssh.hostKeys = [{
- path = toString <secrets> + "ssh.id_rsa";
- type = "rsa";
- }];
-}
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
deleted file mode 100644
index 2260aa648..000000000
--- a/lass/1systems/prism/physical.nix
+++ /dev/null
@@ -1,107 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.swraid.enable = true;
-
- fileSystems."/" = {
- device = "rpool/root/nixos";
- fsType = "zfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/d155d6ff-8e89-4876-a9e7-d1b7ba6a4804";
- fsType = "ext4";
- };
-
- fileSystems."/backups" = {
- device = "tank/backups";
- fsType = "zfs";
- };
-
- fileSystems."/srv/http" = {
- device = "tank/srv-http";
- fsType = "zfs";
- };
-
- fileSystems."/var/download" = {
- device = "tank/download";
- fsType = "zfs";
- };
-
- fileSystems."/var/lib/containers" = {
- device = "tank/containers";
- fsType = "zfs";
- };
-
- fileSystems."/home" = {
- device = "tank/home";
- fsType = "zfs";
- };
-
- fileSystems."/var/lib/nextcloud" = {
- device = "tank/nextcloud";
- fsType = "zfs";
- };
-
- fileSystems."/var/lib/libvirt" = {
- device = "tank/libvirt";
- fsType = "zfs";
- };
-
- fileSystems."/var/realwallpaper/archive" = {
- device = "tank/wallpaper";
- fsType = "zfs";
- };
-
- # silence mdmonitor.service failures
- # https://github.com/NixOS/nixpkgs/issues/72394
- environment.etc."mdadm.conf".text = ''
- MAILADDR root
- '';
-
- nix.maxJobs = lib.mkDefault 8;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
-
- # we don't pay for power there and this might solve a problem we observed at least once
- # https://www.thomas-krenn.com/de/wiki/PCIe_Bus_Error_Status_00001100_beheben
- boot.kernelParams = [ "pcie_aspm=off" "net.ifnames=0" "nomodeset" ];
- networking.dhcpcd.enable = false;
-
-
- networking.useNetworkd = lib.mkForce false;
- systemd.network.enable = lib.mkForce false;
- # bridge config
- networking.bridges."ext-br".interfaces = [ "eth0" ];
- networking = {
- hostId = "2283aaae";
- defaultGateway = "95.216.1.129";
- defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; };
- # Use google's public DNS server
- nameservers = [ "8.8.8.8" ];
- interfaces.ext-br.ipv4.addresses = [
- {
- address = "95.216.1.150";
- prefixLength = 26;
- }
- ];
- interfaces.ext-br.ipv6.addresses = [
- {
- address = "2a01:4f9:2a:1e9::1";
- prefixLength = 64;
- }
- ];
- };
-
-}
diff --git a/lass/1systems/radio/config.nix b/lass/1systems/radio/config.nix
deleted file mode 100644
index 00e9bd3fe..000000000
--- a/lass/1systems/radio/config.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
-
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/services/radio>
- ];
-
- krebs.build.host = config.krebs.hosts.radio;
-
- security.acme = {
- acceptTerms = true;
- defaults.email = "acme@lassul.us";
- };
-
- krebs.sync-containers3.inContainer = {
- enable = true;
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvPKdbVwMEFCDMyNAzR8NdVjTbQL2G+03Xomxn6KKFt";
- };
-}
diff --git a/lass/1systems/radio/physical.nix b/lass/1systems/radio/physical.nix
deleted file mode 100644
index 8577daf34..000000000
--- a/lass/1systems/radio/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = true;
-}
diff --git a/lass/1systems/radio/source.nix b/lass/1systems/radio/source.nix
deleted file mode 100644
index 4acdb0c26..000000000
--- a/lass/1systems/radio/source.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ lib, pkgs, test, ... }: let
- npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
-in if test then {} else {
- nixpkgs.git.ref = lib.mkForce npkgs.rev;
- nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
-}
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
deleted file mode 100644
index 0bea37e5c..000000000
--- a/lass/1systems/shodan/config.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- <stockholm/lass>
-
- <stockholm/lass/2configs/mouse.nix>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/pipewire.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/wine.nix>
- <stockholm/lass/2configs/bitcoin.nix>
- <stockholm/lass/2configs/yellow-mounts/samba.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/consul.nix>
- <stockholm/lass/2configs/snapclient.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.shodan;
-
- services.logind.lidSwitch = "ignore";
- services.logind.lidSwitchDocked = "ignore";
- nix.trustedUsers = [ "root" "lass" ];
- system.stateVersion = "22.05";
-}
diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix
deleted file mode 100644
index f94edcf9b..000000000
--- a/lass/1systems/shodan/physical.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{
- #TODO reinstall with correct layout and use lass/hw/x220
- imports = [
- ./config.nix
- <stockholm/krebs/2configs/hw/x220.nix>
- ];
-
- boot = {
- loader.grub.enable = true;
- loader.grub.version = 2;
- loader.grub.device = "/dev/sda";
-
- initrd.luks.devices.lusksroot.device = "/dev/sda2";
- initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- };
- fileSystems = {
- "/" = {
- device = "/dev/pool/nix";
- fsType = "btrfs";
- };
-
- "/boot" = {
- device = "/dev/sda1";
- };
- "/home" = {
- device = "/dev/mapper/pool-home";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- "/bku" = {
- device = "/dev/pool/bku";
- fsType = "btrfs";
- };
- "/backups" = {
- device = "/dev/pool/backup";
- fsType = "ext4";
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
- SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:69:ea:71", NAME="int0"
- '';
-}
diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
deleted file mode 100644
index 4da4dffb8..000000000
--- a/lass/1systems/skynet/config.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-{
- imports = [
- <stockholm/lass>
-
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/blue-host.nix>
- <stockholm/lass/2configs/green-host.nix>
- <stockholm/lass/2configs/power-action.nix>
- <stockholm/lass/2configs/syncthing.nix>
- {
- services.xserver.enable = true;
- services.xserver.desktopManager.xfce.enable = true;
-
- users.users.discordius = {
- uid = genid "diskordius";
- isNormalUser = true;
- extraGroups = [
- "audio"
- "networkmanager"
- ];
- };
- environment.systemPackages = with pkgs; [
- google-chrome
- ];
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
- }
- ];
-
- krebs.build.host = config.krebs.hosts.skynet;
-
- networking.wireless.enable = false;
- networking.networkmanager.enable = true;
-
- services.logind.lidSwitch = "ignore";
- services.logind.lidSwitchDocked = "ignore";
-}
diff --git a/lass/1systems/skynet/physical.nix b/lass/1systems/skynet/physical.nix
deleted file mode 100644
index 1ac9708c7..000000000
--- a/lass/1systems/skynet/physical.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{
- imports = [
- ./config.nix
- <stockholm/krebs/2configs/hw/x220.nix>
- ];
-
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.efiInstallAsRemovable = true;
- boot.loader.grub.device = "nodev";
-
- networking.hostId = "06442b9a";
-
- fileSystems."/" = {
- device = "rpool/root";
- fsType = "zfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/0876-B308";
- fsType = "vfat";
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
- '';
-}
diff --git a/lass/1systems/styx/config.nix b/lass/1systems/styx/config.nix
deleted file mode 100644
index 988cbca75..000000000
--- a/lass/1systems/styx/config.nix
+++ /dev/null
@@ -1,116 +0,0 @@
-{ config, pkgs, ... }:
-
-with import <stockholm/lib>;
-{
- imports = [
- <stockholm/lass>
-
- <stockholm/lass/2configs/mouse.nix>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/pipewire.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/nfs-dl.nix>
- <stockholm/lass/2configs/yellow-mounts/samba.nix>
- <stockholm/lass/2configs/gg23.nix>
- <stockholm/lass/2configs/hass>
- <stockholm/lass/2configs/green-host.nix>
- <stockholm/krebs/2configs/news-host.nix>
- # <stockholm/lass/2configs/br.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/home-media.nix>
- <stockholm/lass/2configs/syncthing.nix>
- # <stockholm/lass/2configs/idc.nix>
- <stockholm/lass/2configs/ppp/umts-stick.nix>
- <stockholm/lass/2configs/snapserver.nix>
- <stockholm/lass/2configs/snapclient.nix>
- <stockholm/lass/2configs/consul.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.styx;
-
- networking.firewall.interfaces.int0.allowedTCPPorts = [ config.services.smokeping.port ];
- networking.firewall.interfaces.retiolum.allowedTCPPorts = [ config.services.smokeping.port ];
- networking.firewall.interfaces.wiregrill.allowedTCPPorts = [ config.services.smokeping.port ];
- krebs.power-action.enable = mkForce false;
-
- environment.systemPackages = with pkgs; [
- wol
- (writeDashBin "wake-alien" ''
- ${wol}/bin/wol -h 10.42.0.255 10:65:30:68:83:a3
- '')
- (writers.writeDashBin "iptv" ''
- set -efu
- /run/current-system/sw/bin/mpv \
- --audio-display=no --audio-channels=stereo \
- --audio-samplerate=48000 --audio-format=s16 \
- --ao-pcm-file=/run/snapserver/snapfifo --ao=pcm \
- --audio-delay=-1 \
- --playlist=https://iptv-org.github.io/iptv/index.nsfw.m3u \
- --idle=yes \
- --input-ipc-server=/tmp/mpv.ipc \
- "$@"
- '')
- ];
-
- users.users.mainUser.openssh.authorizedKeys.keys = [
- config.krebs.users.lass-android.pubkey
- ];
- # http://10.42.0.1:8081/smokeping.fcgi
- services.smokeping = {
- enable = true;
- host = null;
- targetConfig = ''
- probe = FPing
- menu = top
- title = top
-
- + Local
- menu = Local
- title = Local Network
- ++ LocalMachine
- menu = Local Machine
- title = This host
- host = localhost
-
- + Internet
- menu = internet
- title = internet
-
- ++ CloudflareDNS
- menu = Cloudflare DNS
- title = Cloudflare DNS server
- host = 1.1.1.1
-
- ++ GoogleDNS
- menu = Google DNS
- title = Google DNS server
- host = 8.8.8.8
-
- + retiolum
- menu = retiolum
- title = retiolum
-
- ++ gum
- menu = gum.r
- title = gum.r
- host = gum.r
-
- ++ ni
- menu = ni.r
- title = ni.r
- host = ni.r
-
- ++ prism
- menu = prism.r
- title = prism.r
- host = prism.r
- '';
- };
-
- # for usb internet
- hardware.usbWwan.enable = true;
-}
-
diff --git a/lass/1systems/styx/physical.nix b/lass/1systems/styx/physical.nix
deleted file mode 100644
index 284bbb333..000000000
--- a/lass/1systems/styx/physical.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- boot.loader.grub.enable = true;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.device = "/dev/disk/by-id/ata-SanDisk_SSD_G5_BICS4_20248F446514";
- boot.loader.grub.efiInstallAsRemovable = true;
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/ee5c9099-17fa-401e-852e-67cb4ae068f4";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/EAA5-88A9";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="3c:7c:3f:7e:e2:39", NAME="et0"
- SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:78:91:50", NAME="int0"
- '';
-}
diff --git a/lass/1systems/ubik/config.nix b/lass/1systems/ubik/config.nix
deleted file mode 100644
index 3afbf6bd1..000000000
--- a/lass/1systems/ubik/config.nix
+++ /dev/null
@@ -1,276 +0,0 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.ubik;
-
- krebs.sync-containers3.inContainer = {
- enable = true;
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBFGMjH0+Dco6DVFZbByENMci8CFTLXCL7j53yctPnM";
- };
-
- security.acme = {
- acceptTerms = true;
- defaults.email = "acme@lassul.us";
- };
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-
- # nextcloud
- services.nginx.virtualHosts."c.apanowicz.de" = {
- enableACME = true;
- forceSSL = true;
- };
- services.nextcloud = {
- enable = true;
- enableBrokenCiphersForSSE = false;
- hostName = "c.apanowicz.de";
- package = pkgs.nextcloud25;
- config.adminpassFile = "/run/nextcloud.pw";
- https = true;
- maxUploadSize = "9001M";
- };
- systemd.services.nextcloud-setup.serviceConfig.ExecStartPre = [
- "+${pkgs.writeDash "copy-pw" ''
- ${pkgs.rsync}/bin/rsync \
- --chown nextcloud:nextcloud \
- --chmod 0700 \
- /var/src/secrets/nextcloud.pw /run/nextcloud.pw
- ''}"
- ];
-
- # mail
- lass.usershadow.enable = true;
- services.nginx.virtualHosts."mail.ubikmedia.eu" = {
- enableACME = true;
- forceSSL = true;
- };
- services.roundcube = {
- enable = true;
- hostName = "mail.ubikmedia.eu";
- extraConfig = ''
- $config['smtp_debug'] = true;
- $config['smtp_host'] = "localhost:25";
- '';
- };
- services.dovecot2 = {
- enable = true;
- showPAMFailure = true;
- mailLocation = "maildir:~/Mail";
- sslServerCert = "/var/lib/acme/mail.ubikmedia.eu/fullchain.pem";
- sslServerKey = "/var/lib/acme/mail.ubikmedia.eu/key.pem";
- };
- krebs.exim-smarthost = {
- ssl_cert = "/var/lib/acme/mail.ubikmedia.eu/fullchain.pem";
- ssl_key = "/var/lib/acme/mail.ubikmedia.eu/key.pem";
- authenticators.PLAIN = ''
- driver = plaintext
- public_name = PLAIN
- server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
- '';
- authenticators.LOGIN = ''
- driver = plaintext
- public_name = LOGIN
- server_prompts = "Username:: : Password::"
- server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
- # server_condition = ''${run{/run/current-system/sw/bin/debug_exim ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
- '';
- internet-aliases = [
- { from = "dma@ubikmedia.de"; to = "domsen"; }
- { from = "dma@ubikmedia.eu"; to = "domsen"; }
- { from = "hallo@apanowicz.de"; to = "domsen"; }
- { from = "bruno@apanowicz.de"; to = "bruno"; }
- { from = "mail@jla-trading.com"; to = "jla-trading"; }
- { from = "jms@ubikmedia.eu"; to = "jms"; }
- { from = "ms@ubikmedia.eu"; to = "ms"; }
- { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
- { from = "kontakt@alewis.de"; to ="klabusterbeere"; }
- { from = "hallo@jarugadesign.de"; to ="kasia"; }
- { from = "noreply@beeshmooth.ch"; to ="besmooth@gmx.ch"; }
-
- { from = "testuser@ubikmedia.eu"; to = "testuser"; }
- ];
- sender_domains = [
- "jla-trading.com"
- "ubikmedia.eu"
- "ubikmedia.de"
- "apanowicz.de"
- "alewis.de"
- "jarugadesign.de"
- "beesmooth.ch"
- "event-extra.de"
- ];
- dkim = [
- { domain = "ubikmedia.eu"; }
- { domain = "apanowicz.de"; }
- { domain = "beesmooth.ch"; }
- ];
- };
-
- # users
- users.users.UBIK-SFTP = {
- uid = pkgs.stockholm.lib.genid_uint31 "UBIK-SFTP";
- home = "/home/UBIK-SFTP";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.xanf = {
- uid = pkgs.stockholm.lib.genid_uint31 "xanf";
- group = "xanf";
- home = "/home/xanf";
- useDefaultShell = true;
- createHome = false; # creathome forces permissions
- isNormalUser = true;
- };
-
- users.users.domsen = {
- uid = pkgs.stockholm.lib.genid_uint31 "domsen";
- description = "maintenance acc for domsen";
- home = "/home/domsen";
- useDefaultShell = true;
- extraGroups = [ "syncthing" "download" "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.bruno = {
- uid = pkgs.stockholm.lib.genid_uint31 "bruno";
- home = "/home/bruno";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.jla-trading = {
- uid = pkgs.stockholm.lib.genid_uint31 "jla-trading";
- home = "/home/jla-trading";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.jms = {
- uid = pkgs.stockholm.lib.genid_uint31 "jms";
- home = "/home/jms";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.ms = {
- uid = pkgs.stockholm.lib.genid_uint31 "ms";
- home = "/home/ms";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.testuser = {
- uid = pkgs.stockholm.lib.genid_uint31 "testuser";
- home = "/home/testuser";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.bui = {
- uid = pkgs.stockholm.lib.genid_uint31 "bui";
- home = "/home/bui";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.klabusterbeere = {
- uid = pkgs.stockholm.lib.genid_uint31 "klabusterbeere";
- home = "/home/klabusterbeere";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.kasia = {
- uid = pkgs.stockholm.lib.genid_uint31 "kasia";
- home = "/home/kasia";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.XANF_TEAM = {
- uid = pkgs.stockholm.lib.genid_uint31 "XANF_TEAM";
- group = "xanf";
- home = "/home/XANF_TEAM";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.dif = {
- uid = pkgs.stockholm.lib.genid_uint31 "dif";
- home = "/home/dif";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.lavafilms = {
- uid = pkgs.stockholm.lib.genid_uint31 "lavafilms";
- home = "/home/lavafilms";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.movematchers = {
- uid = pkgs.stockholm.lib.genid_uint31 "movematchers";
- home = "/home/movematchers";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.blackphoton = {
- uid = pkgs.stockholm.lib.genid_uint31 "blackphoton";
- home = "/home/blackphoton";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.line = {
- uid = pkgs.stockholm.lib.genid_uint31 "line";
- home = "/home/line";
- useDefaultShell = true;
- # extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.avada = {
- uid = pkgs.stockholm.lib.genid_uint31 "avada";
- home = "/home/avada";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.familienrat = {
- uid = pkgs.stockholm.lib.genid_uint31 "familienrat";
- home = "/home/familienrat";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
-}
diff --git a/lass/1systems/ubik/physical.nix b/lass/1systems/ubik/physical.nix
deleted file mode 100644
index 8577daf34..000000000
--- a/lass/1systems/ubik/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = true;
-}
diff --git a/lass/1systems/wizard/config.nix b/lass/1systems/wizard/config.nix
deleted file mode 100644
index 5e69171ce..000000000
--- a/lass/1systems/wizard/config.nix
+++ /dev/null
@@ -1,287 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-let
-
- icon = pkgs.writeText "icon" ''
- //
- //
- _ //
- .' . // '.
- '_ '_\/_' `_
- . . \\ . .
- .==. ` \\' .'
- .\| //bd\\ \,
- \_'`._\\__//_.'`.;
- `.__ __,' \\
- | | \\
- | | `
- | |
- | |
- |____|
- l42 ==' '==
- '';
-
- messenger = pkgs.writeText "message" ''
- .
- | \/|
- (\ _ ) )|/|
- (/ _----. /.'.'
- .-._________.. .' @ _\ .'
- '.._______. '. / (_| .')
- '._____. / '-/ | _.'
- '.______ ( ) ) \
- '..____ '._ ) )
- .' __.--\ , , // ((
- '.' mrf| \/ (_.'(
- ' \ .'
- \ (
- \ '.
- \ \ '.)
- '-'-'
- '';
-
- waiting = pkgs.writeText "waiting" ''
- Z
- Z
- z
- z
- * '
- / \
- /___\
- ( - - )
- ) L ( .--------------.
- __()(-)()__ | \ |
- .~~ )()()() ~. | . :
- / )()() ` | `-.__________)
- | )() ~ | : :
- | ) | : |
- | _ | | [ ## :
- \ ~~-. | , oo_______.'
- `_ ( \) _____/~~~~ `--___
- | ~`-) ) `-. `--- ( - a:f -
- | '///` | `-.
- | | | | `-.
- | | | | `-.
- | | |\ |
- | | | \|
- `-. | | |
- `-| '
- '';
-
- wizard = pkgs.writers.writeDash "wizard" ''
- cat ${icon}
-
- echo -n '${''
- welcome to the computer wizard
- first we will check for internet connectivity
-
- ''}'
-
- read -p '(press enter to continue...)' key
- until ping -c1 8.8.8.8; do
- ${pkgs.nm-dmenu}/bin/nm-dmenu
- done
-
- mode=$(echo -n '${''
- 1. Help of the wizard
- 2. Install NixOS
- 3. I know what I need to do
- ''}' | ${pkgs.fzf}/bin/fzf --reverse)
- case "$mode" in
- 1*)
- echo 'mode_1' > /tmp/mode
- clear
- echo 'waiting for the messenger to reach the wizard'
- cat ${messenger}
-
- # get pubkeys
- mkdir -p /root/.ssh/
- touch /root/.ssh/authorized_keys
- curl -Ss 'https://lassul.us/mors.pub' >> /root/.ssh/authorized_keys
- curl -Ss 'https://lassul.us/blue.pub' >> /root/.ssh/authorized_keys
- curl -Ss 'https://lassul.us/yubi.pub' >> /root/.ssh/authorized_keys
-
- # write via irc
- systemctl start hidden-ssh-announce.service
- tmux new-session -s help ${pkgs.writers.writeDash "waiting" ''
- cat ${waiting}
- read -p 'waiting for the wizard to wake up' key
- ${pkgs.bashInteractive}/bin/bash
- ''}
- ;;
- 2*)
- echo 'mode_2' > /tmp/mode
- ${pkgs.nixos-installer}/bin/nixos-installer
- ;;
- 3*)
- echo 'mode_3' > /tmp/mode
- ;;
- *)
- echo 'no mode selected'
- ;;
- esac
- '';
-
-in {
- imports = [
- <stockholm/krebs>
- <stockholm/lass/3modules>
- <stockholm/lass/2configs/vim.nix>
- # <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-base.nix>
- {
- nixpkgs.config.packageOverrides = import <stockholm/lass/5pkgs> pkgs;
- krebs.enable = true;
- krebs.build.user = config.krebs.users.lass;
- krebs.build.host = {};
- }
- # {
- # systemd.services.wizard = {
- # description = "Computer Wizard";
- # wantedBy = [ "multi-user.target" ];
- # serviceConfig = {
- # ExecStart = pkgs.writers.writeDash "wizard" ''
- # set -efu
- # cat <<EOF
- # welcome to the computer wizard
- # you can choose between the following modes
- # echo -n '1\n2\n3' | ${pkgs.fzf}/bin/fzf
- # EOF
- # '';
- # StandardInput = "tty";
- # StandardOutput = "tty";
- # # TTYPath = "/dev/tty1";
- # TTYPath = "/dev/ttyS0";
- # TTYReset = true;
- # TTYVTDisallocate = true;
- # Restart = "always";
- # };
- # };
- # }
- ];
-
- networking.hostName = "wizard";
- nixpkgs.config.allowUnfree = true;
-
- # users.extraUsers = {
- # root = {
- # openssh.authorizedKeys.keys = [
- # config.krebs.users.lass.pubkey
- # config.krebs.users.lass-mors.pubkey
- # ];
- # };
- # };
-
- environment.systemPackages = with pkgs; [
- #stockholm
- git
- gnumake
- jq
- parallel
- proot
- populate
-
- #style
- most
- rxvt-unicode-unwrapped.terminfo
-
- #monitoring tools
- htop
- iotop
-
- #network
- iptables
- iftop
- nm-dmenu
-
- #stuff for dl
- aria2
-
- #neat utils
- chntpw
- hashPassword
- krebspaste
- pciutils
- psmisc
- tmux
- usbutils
-
- #unpack stuff
- p7zip
- unzip
- unrar
-
- #data recovery
- ddrescue
- ntfs3g
- dosfstools
-
- nixos-installer
- ];
-
- environment.extraInit = ''
- EDITOR=vim
- '';
-
- programs.bash = {
- enableCompletion = true;
- interactiveShellInit = ''
- HISTCONTROL='erasedups:ignorespace'
- HISTSIZE=65536
- HISTFILESIZE=$HISTSIZE
-
- shopt -s checkhash
- shopt -s histappend histreedit histverify
- shopt -s no_empty_cmd_completion
- complete -d cd
- '';
- promptInit = ''
- if test $UID = 0; then
- PS1='\[\033[1;31m\]\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
- elif test $UID = 1337; then
- PS1='\[\033[1;32m\]\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
- else
- PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
- fi
- if test -n "$SSH_CLIENT"; then
- PS1='\[\033[35m\]\h'" $PS1"
- PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
- fi
- if ! test -e /tmp/mode; then
- ${wizard}
- fi
- '';
- };
-
- services.openssh.enable = true;
- systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
-
- networking.firewall = {
- enable = true;
- allowedTCPPorts = [ 22 ];
- };
- networking.networkmanager.enable = true;
- networking.wireless.enable = mkForce false;
-
- krebs.hidden-ssh = {
- enable = true;
- channel = "##lassulus-wizard";
- message = "lassulus: torify sshn root@";
- };
- systemd.services.hidden-ssh-announce.wantedBy = mkForce [];
- services.getty.autologinUser = lib.mkForce "root";
-
- nixpkgs.config.packageOverrides = super: {
- dmenu = pkgs.writeDashBin "dmenu" ''
- ${pkgs.fzf}/bin/fzf \
- --history=/dev/null \
- --print-query \
- --prompt=\"$PROMPT\"
- '';
- };
-
- boot.tmpOnTmpfs = true;
-}
diff --git a/lass/1systems/wizard/generate-iso.sh b/lass/1systems/wizard/generate-iso.sh
deleted file mode 100755
index 6c8f1532e..000000000
--- a/lass/1systems/wizard/generate-iso.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env nix-shell
-#! nix-shell -i bash -p nixos-generators
-
-set -xefu
-
-WD=$(dirname "$0")
-nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f install-iso
diff --git a/lass/1systems/wizard/run-vm.sh b/lass/1systems/wizard/run-vm.sh
deleted file mode 100755
index 13914ad5f..000000000
--- a/lass/1systems/wizard/run-vm.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env nix-shell
-#! nix-shell -i bash -p nixos-generators
-
-set -efu
-
-WD=$(dirname "$0")
-nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f vm-nogui --run
diff --git a/lass/1systems/wizard/test.nix b/lass/1systems/wizard/test.nix
deleted file mode 100644
index 165b9f14d..000000000
--- a/lass/1systems/wizard/test.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- imports = [
- ./config.nix
- ];
- virtualisation.emptyDiskImages = [
- 8000
- ];
- virtualisation.memorySize = 1024;
-}
diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix
deleted file mode 100644
index d1ee4cf71..000000000
--- a/lass/1systems/xerxes/config.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- <stockholm/lass>
-
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/pipewire.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/network-manager.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/sync/sync.nix>
- <stockholm/lass/2configs/steam.nix>
- <stockholm/lass/2configs/wine.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/pass.nix>
- <stockholm/lass/2configs/mail.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.xerxes;
-
- environment.shellAliases = {
- deploy = pkgs.writeDash "deploy" ''
- set -eu
- export SYSTEM="$1"
- $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
- '';
- usb-tether-on = pkgs.writeDash "usb-tether-on" ''
- adb shell su -c service call connectivity 33 i32 1 s16 text
- '';
- usb-tether-off = pkgs.writeDash "usb-tether-off" ''
- adb shell su -c service call connectivity 33 i32 0 s16 text
- '';
- };
-
- services.xserver = {
- displayManager.lightdm.autoLogin.enable = true;
- displayManager.lightdm.autoLogin.user = "lass";
- };
-
- boot.blacklistedKernelModules = [ "xpad" ];
- systemd.services.xboxdrv = {
- wantedBy = [ "multi-user.target" ];
- script = ''
- ${pkgs.xboxdrv.overrideAttrs(o: {
- patches = o.patches ++ [ (pkgs.fetchurl {
- url = "https://patch-diff.githubusercontent.com/raw/xboxdrv/xboxdrv/pull/251.patch";
- sha256 = "17784y20mxqrlhgvwvszh8lprxrvgmb7ah9dknmbhj5jhkjl8wq5";
- }) ];
- })}/bin/xboxdrv --type xbox360 --dbus disabled -D
- '';
- };
-
- programs.adb.enable = true;
-
- services.logind.lidSwitch = "suspend";
- lass.screenlock.enable = lib.mkForce false;
-
- hardware.bluetooth = {
- enable = true;
- powerOnBoot = true;
- };
- hardware.pulseaudio.package = pkgs.pulseaudioFull;
- # hardware.pulseaudio.configFile = pkgs.writeText "default.pa" ''
- # load-module module-bluetooth-policy
- # load-module module-bluetooth-discover
- # ## module fails to load with
- # ## module-bluez5-device.c: Failed to get device path from module arguments
- # ## module.c: Failed to load module "module-bluez5-device" (argument: ""): initialization failed.
- # # load-module module-bluez5-device
- # # load-module module-bluez5-discover
- # '';
-}
diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix
deleted file mode 100644
index 5a6f07215..000000000
--- a/lass/1systems/xerxes/physical.nix
+++ /dev/null
@@ -1,73 +0,0 @@
-{ pkgs, lib, ... }:
-{
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.loader.grub = {
- enable = true;
- device = "/dev/sda";
- efiSupport = true;
- efiInstallAsRemovable = true;
- };
-
- boot.blacklistedKernelModules = [
- "sdhci_pci"
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
- boot.initrd.luks.devices.crypted.device = "/dev/sda3";
- boot.kernelModules = [ "kvm-intel" ];
- boot.kernelParams = [
- "fbcon=rotate:1"
- "boot.shell_on_fail"
- ];
-
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/8efd0c22-f712-46bf-baad-1fbf19d9ec25";
- fsType = "xfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/7F23-DDB4";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- boot.extraModprobeConfig = ''
- options zfs zfs_arc_max=107374182
- '';
-
- nix.maxJobs = lib.mkDefault 4;
-
- networking.hostId = "9b0a74ac";
- networking.networkmanager.enable = true;
-
- hardware.opengl.enable = true;
-
- services.tlp.enable = true;
- services.tlp.extraConfig = ''
- CPU_SCALING_GOVERNOR_ON_AC=ondemand
- CPU_SCALING_GOVERNOR_ON_BAT=powersave
- CPU_MIN_PERF_ON_AC=0
- CPU_MAX_PERF_ON_AC=100
- CPU_MIN_PERF_ON_BAT=0
- CPU_MAX_PERF_ON_BAT=30
- '';
-
- services.logind.extraConfig = ''
- HandlePowerKey=suspend
- IdleAction=suspend
- IdleActionSec=300
- '';
-
- services.xserver = {
- videoDrivers = [ "intel" ];
- displayManager.sessionCommands = ''
- (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right)
- (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1)
- '';
- };
-}
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
deleted file mode 100644
index 2da93b8fd..000000000
--- a/lass/1systems/yellow/config.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ config, lib, pkgs, ... }: let
- vpnPort = 1637;
- torrentport = 56709; # port forwarded in airvpn webinterface
-in {
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/services/flix>
- ];
-
- krebs.build.host = config.krebs.hosts.yellow;
-
- krebs.sync-containers3.inContainer = {
- enable = true;
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN737BAP36KiZO97mPKTIUGJUcr97ps8zjfFag6cUiYL";
- };
-
- networking.useHostResolvConf = false;
- networking.useNetworkd = true;
-
- networking.wg-quick.interfaces.airvpn.configFile = "/var/src/secrets/airvpn.conf";
- services.transmission.settings.peer-port = torrentport;
-
- # only allow traffic through openvpn
- krebs.iptables = {
- enable = true;
- tables.filter.INPUT.rules = [
- { predicate = "-i airvpn -p tcp --dport ${toString torrentport}"; target = "ACCEPT"; }
- { predicate = "-i airvpn -p udp --dport ${toString torrentport}"; target = "ACCEPT"; }
- ];
- tables.filter.OUTPUT = {
- policy = "DROP";
- rules = [
- { predicate = "-o lo"; target = "ACCEPT"; }
- { predicate = "-p udp --dport ${toString vpnPort}"; target = "ACCEPT"; }
- { predicate = "-o airvpn"; target = "ACCEPT"; }
- { predicate = "-o retiolum"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; }
- { v6 = false; predicate = "-o eth0 -d 10.233.2.0/24"; target = "ACCEPT"; }
- ];
- };
- };
-}
diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix
deleted file mode 100644
index b6aa3a894..000000000
--- a/lass/1systems/yellow/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = false;
-}
diff --git a/lass/2configs/AP.nix b/lass/2configs/AP.nix
deleted file mode 100644
index e38475381..000000000
--- a/lass/2configs/AP.nix
+++ /dev/null
@@ -1,83 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-let
- wifi = "wlp0s29u1u2";
-in {
- boot.extraModulePackages = [
- pkgs.linuxPackages.rtl8814au
- ];
- networking.networkmanager.unmanaged = [ wifi "et0" ];
-
- systemd.services.hostapd = {
- description = "hostapd wireless AP";
- path = [ pkgs.hostapd ];
- wantedBy = [ "network.target" ];
-
- after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ];
-
- serviceConfig = {
- ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" ''
- interface=${wifi}
- hw_mode=a
- channel=36
- ieee80211d=1
- country_code=DE
- ieee80211n=1
- ieee80211ac=1
- wmm_enabled=1
-
- # 5ghz
- ssid=krebsing
- auth_algs=1
- wpa=2
- wpa_key_mgmt=WPA-PSK
- rsn_pairwise=CCMP
- wpa_passphrase=aidsballz
- ''}";
- Restart = "always";
- };
- };
-
- networking.bridges.br0.interfaces = [
- wifi
- "et0"
- ];
-
- networking.interfaces.br0.ipv4.addresses = [
- { address = "10.99.0.1"; prefixLength = 24; }
- ];
- services.dhcpd4 = {
- enable = true;
- interfaces = [ "br0" ];
- extraConfig = ''
- option subnet-mask 255.255.255.0;
- option routers 10.99.0.1;
- option domain-name-servers 1.1.1.1, 8.8.8.8;
- subnet 10.99.0.0 netmask 255.255.255.0 {
- range 10.99.0.100 10.99.0.200;
- }
- '';
- };
-
- boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
- krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; predicate = "-d 10.99.0.0/24 -o br0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-s 10.99.0.0/24 -i br0"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i br0 -o br0"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i br0 -o br0"; target = "ACCEPT"; }
- { v6 = false; predicate = "-o br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
- { v6 = false; predicate = "-i br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
- { v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.POSTROUTING.rules = [
- #TODO find out what this is about?
- { v6 = false; predicate = "-s 10.99.0.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
- { v6 = false; predicate = "-s 10.99.0.0/24 -d 255.255.255.255"; target = "RETURN"; }
-
- { v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24"; target = "MASQUERADE"; }
- { v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
- { v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
- ];
-}
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
deleted file mode 100644
index 8db2a05d6..000000000
--- a/lass/2configs/IM.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-with (import <stockholm/lib>);
-{ config, lib, pkgs, ... }: let
- weechat = pkgs.weechat.override {
- configure = { availablePlugins, ... }: {
- scripts = with pkgs.weechatScripts; [
- weechat-matrix
- ];
- };
- };
-
- tmux = "/run/current-system/sw/bin/tmux";
-
-in {
- imports = [
- ./bitlbee.nix
- ];
- environment.systemPackages = [ weechat ];
- systemd.services.chat = {
- description = "chat environment setup";
- environment.WEECHAT_HOME = "\$HOME/.weechat";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- restartIfChanged = false;
-
- path = [
- pkgs.rxvt-unicode-unwrapped.terminfo
- ];
-
- serviceConfig = {
- User = "lass";
- RemainAfterExit = true;
- Type = "oneshot";
- ExecStart = "${tmux} -2 new-session -d -s IM ${weechat}/bin/weechat";
- ExecStop = "${tmux} kill-session -t IM"; # TODO run save in weechat
- };
- };
-}
diff --git a/lass/2configs/ableton.nix b/lass/2configs/ableton.nix
deleted file mode 100644
index 9d6f481b0..000000000
--- a/lass/2configs/ableton.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, pkgs, ... }: let
- mainUser = config.users.extraUsers.mainUser;
-in {
- users.users= {
- ableton = {
- isNormalUser = true;
- extraGroups = [
- "audio"
- "video"
- ];
- packages = [
- pkgs.wine
- pkgs.winetricks
- ];
- };
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(ableton) NOPASSWD: ALL
- '';
-}
diff --git a/lass/2configs/alacritty.nix b/lass/2configs/alacritty.nix
deleted file mode 100644
index 7f24e4a2e..000000000
--- a/lass/2configs/alacritty.nix
+++ /dev/null
@@ -1,134 +0,0 @@
-{ config, lib, pkgs, ... }: let
-
- alacritty-cfg = extrVals: builtins.toJSON ({
- font = let
- family = "Iosevka Term SS15";
- in {
- normal = {
- family = family;
- style = "Regular";
- };
- bold = {
- family = family;
- style = "Bold";
- };
- italic = {
- family = family;
- style = "Italic";
- };
- bold_italic = {
- family = family;
- style = "Bold Italic";
- };
- size = 12;
- };
- live_config_reload = true;
- window.dimensions = {
- columns = 80;
- lines = 20;
- };
- env.WINIT_X11_SCALE_FACTOR = "1.0";
- # window.opacity = 0;
- hints.enabled = [
- {
- regex = ''(mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\u0000-\u001F\u007F-\u009F<>"\s{-}\^⟨⟩`]+'';
- command = "/run/current-system/sw/bin/xdg-open";
- post_processing = true;
- mouse.enabled = true;
- binding = {
- key = "U";
- mods = "Alt";
- };
- }
- ];
- } // extrVals);
-
- alacritty = pkgs.symlinkJoin {
- name = "alacritty";
- paths = [
- (pkgs.writeDashBin "alacritty" ''
- ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml msg create-window "$@" ||
- ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml "$@"
- '')
- pkgs.alacritty
- ];
- };
-
-in {
- environment.etc = {
- "themes/light/alacritty.yaml".text = alacritty-cfg {
- colors = {
- # Default colors
- primary = {
- # hard contrast: background = '#f9f5d7'
- # background = "#fbf1c7";
- background = "#f9f5d7";
- # soft contrast: background = '#f2e5bc'
- foreground = "#3c3836";
- };
-
- # Normal colors
- normal = {
- black = "#fbf1c7";
- red = "#cc241d";
- green = "#98971a";
- yellow = "#d79921";
- blue = "#458588";
- magenta = "#b16286";
- cyan = "#689d6a";
- white = "#7c6f64";
- };
-
- # Bright colors
- bright = {
- black = "#928374";
- red = "#9d0006";
- green = "#79740e";
- yellow = "#b57614";
- blue = "#076678";
- magenta = "#8f3f71";
- cyan = "#427b58";
- white = "#3c3836";
- };
- };
- };
- "themes/dark/alacritty.yaml".text = alacritty-cfg {
- colors = {
- # Default colors
- primary = {
- background = "0x000000";
- foreground = "0xffffff";
- };
- cursor = {
- text = "0xF81CE5";
- cursor = "0xffffff";
- };
-
- # Normal colors
- normal = {
- black = "0x000000";
- red = "0xfe0100";
- green = "0x33ff00";
- yellow = "0xfeff00";
- blue = "0x0066ff";
- magenta = "0xcc00ff";
- cyan = "0x00ffff";
- white = "0xd0d0d0";
- };
-
- # Bright colors
- bright = {
- black = "0x808080";
- red = "0xfe0100";
- green = "0x33ff00";
- yellow = "0xfeff00";
- blue = "0x0066ff";
- magenta = "0xcc00ff";
- cyan = "0x00ffff";
- white = "0xFFFFFF";
- };
- };
- };
- };
- environment.systemPackages = [ alacritty ];
-}
diff --git a/lass/2configs/antimicrox/default.nix b/lass/2configs/antimicrox/default.nix
deleted file mode 100644
index 2b683b8bc..000000000
--- a/lass/2configs/antimicrox/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- systemd.services.antimicrox = {
- after = [ "display-manager.service" ];
- wantedBy = [ "multi-user.target" ];
- environment = {
- DISPLAY = ":0";
- };
- serviceConfig = {
- User = config.users.users.mainUser.name;
- ExecStartPre = lib.singleton (pkgs.writeDash "init_state" "echo 0 > /tmp/gamepad.state");
- ExecStart = "${pkgs.antimicrox}/bin/antimicrox --hidden --profile ${./mouse.gamecontroller.amgp}";
- };
- };
-
- services.udev.extraRules = ''
- KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_node=uinput"
- '';
-
- environment.systemPackages = [
- pkgs.antimicrox
- (pkgs.writers.writeDashBin "gamepad_mouse_disable" ''
- echo 1 > /tmp/gamepad.state
- ${pkgs.antimicrox}/bin/antimicrox --profile ${./empty.gamecontroller.amgp}
- '')
- (pkgs.writers.writeDashBin "gamepad_mouse_enable" ''
- echo 0 > /tmp/gamepad.state
- ${pkgs.antimicrox}/bin/antimicrox --profile ${./mouse.gamecontroller.amgp}
- '')
- (pkgs.writers.writeDashBin "gamepad_mouse_toggle" ''
- state=$(${pkgs.coreutils}/bin/cat /tmp/gamepad.state)
- if [ "$state" = 1 ]; then
- /run/current-system/sw/bin/gamepad_mouse_enable
- else
- /run/current-system/sw/bin/gamepad_mouse_disable
- fi
- '')
- ];
-}
diff --git a/lass/2configs/antimicrox/empty.gamecontroller.amgp b/lass/2configs/antimicrox/empty.gamecontroller.amgp
deleted file mode 100644
index 0257bfe71..000000000
--- a/lass/2configs/antimicrox/empty.gamecontroller.amgp
+++ /dev/null
@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<gamecontroller configversion="19" appversion="3.3.2">
- <!--The SDL name for a joystick is included for informational purposes only.-->
- <sdlname>XInput Controller</sdlname>
- <!--The Unique ID for a joystick is included for informational purposes only.-->
- <uniqueID>030000005e0400008e020000010100001118654</uniqueID>
- <stickAxisAssociation index="2" xAxis="3" yAxis="4"/>
- <stickAxisAssociation index="1" xAxis="1" yAxis="2"/>
- <vdpadButtonAssociations index="1">
- <vdpadButtonAssociation axis="0" button="12" direction="1"/>
- <vdpadButtonAssociation axis="0" button="13" direction="4"/>
- <vdpadButtonAssociation axis="0" button="14" direction="8"/>
- <vdpadButtonAssociation axis="0" button="15" direction="2"/>
- </vdpadButtonAssociations>
- <names>
- <controlstickname index="2">R Stick</controlstickname>
- <controlstickname index="1">L Stick</controlstickname>
- </names>
- <sets/>
-</gamecontroller>
diff --git a/lass/2configs/antimicrox/mouse.gamecontroller.amgp b/lass/2configs/antimicrox/mouse.gamecontroller.amgp
deleted file mode 100644
index 743618f54..000000000
--- a/lass/2configs/antimicrox/mouse.gamecontroller.amgp
+++ /dev/null
@@ -1,281 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<gamecontroller configversion="19" appversion="3.3.2">
- <!--The SDL name for a joystick is included for informational purposes only.-->
- <sdlname>XInput Controller</sdlname>
- <!--The Unique ID for a joystick is included for informational purposes only.-->
- <uniqueID>030000005e0400008e020000010100001118654</uniqueID>
- <stickAxisAssociation index="2" xAxis="3" yAxis="4"/>
- <stickAxisAssociation index="1" xAxis="1" yAxis="2"/>
- <vdpadButtonAssociations index="1">
- <vdpadButtonAssociation axis="0" button="12" direction="1"/>
- <vdpadButtonAssociation axis="0" button="13" direction="4"/>
- <vdpadButtonAssociation axis="0" button="14" direction="8"/>
- <vdpadButtonAssociation axis="0" button="15" direction="2"/>
- </vdpadButtonAssociations>
- <names>
- <controlstickname index="2">Stick 2</controlstickname>
- <controlstickname index="1">Stick 1</controlstickname>
- </names>
- <sets>
- <set index="1">
- <stick index="2">
- <deadZone>1</deadZone>
- <maxZone>29501</maxZone>
- <modifierZone>1412</modifierZone>
- <diagonalRange>90</diagonalRange>
- <squareStick>100</squareStick>
- <stickbutton index="1">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- <accelerationmultiplier>4</accelerationmultiplier>
- <startaccelmultiplier>20</startaccelmultiplier>
- <minaccelthreshold>3</minaccelthreshold>
- <extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
- <slots>
- <slot>
- <code>1</code>
- <mode>mousemovement</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="3">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- <accelerationmultiplier>4</accelerationmultiplier>
- <startaccelmultiplier>20</startaccelmultiplier>
- <minaccelthreshold>3</minaccelthreshold>
- <extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
- <slots>
- <slot>
- <code>4</code>
- <mode>mousemovement</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="2">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- </stickbutton>
- <stickbutton index="5">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- <accelerationmultiplier>4</accelerationmultiplier>
- <startaccelmultiplier>20</startaccelmultiplier>
- <minaccelthreshold>3</minaccelthreshold>
- <extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
- <slots>
- <slot>
- <code>2</code>
- <mode>mousemovement</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="4">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- </stickbutton>
- <stickbutton index="7">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- <accelerationmultiplier>4</accelerationmultiplier>
- <startaccelmultiplier>20</startaccelmultiplier>
- <minaccelthreshold>3</minaccelthreshold>
- <extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
- <slots>
- <slot>
- <code>3</code>
- <mode>mousemovement</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="6">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- </stickbutton>
- <stickbutton index="8">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- </stickbutton>
- </stick>
- <stick index="1">
- <deadZone>2578</deadZone>
- <maxZone>30799</maxZone>
- <stickbutton index="1">
- <mouseacceleration>linear</mouseacceleration>
- <slots>
- <slot>
- <code>4</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="3">
- <mouseacceleration>linear</mouseacceleration>
- <slots>
- <slot>
- <code>7</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="2">
- <mouseacceleration>linear</mouseacceleration>
- </stickbutton>
- <stickbutton index="5">
- <mouseacceleration>linear</mouseacceleration>
- <slots>
- <slot>
- <code>5</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="4">
- <mouseacceleration>linear</mouseacceleration>
- </stickbutton>
- <stickbutton index="7">
- <mouseacceleration>linear</mouseacceleration>
- <slots>
- <slot>
- <code>6</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="6">
- <mouseacceleration>linear</mouseacceleration>
- </stickbutton>
- <stickbutton index="8">
- <mouseacceleration>linear</mouseacceleration>
- </stickbutton>
- </stick>
- <dpad index="1">
- <dpadbutton index="12">
- <wheelspeedx>2</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- </dpadbutton>
- <dpadbutton index="1">
- <wheelspeedx>10</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- <slots>
- <slot>
- <code>0x1000013</code>
- <mode>keyboard</mode>
- </slot>
- </slots>
- </dpadbutton>
- <dpadbutton index="3">
- <wheelspeedx>2</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- </dpadbutton>
- <dpadbutton index="2">
- <wheelspeedx>2</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- <slots>
- <slot>
- <code>0x1000014</code>
- <mode>keyboard</mode>
- </slot>
- </slots>
- </dpadbutton>
- <dpadbutton index="4">
- <wheelspeedx>2</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- <slots>
- <slot>
- <code>0x1000015</code>
- <mode>keyboard</mode>
- </slot>
- </slots>
- </dpadbutton>
- <dpadbutton index="6">
- <wheelspeedx>2</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- </dpadbutton>
- <dpadbutton index="9">
- <wheelspeedx>2</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- </dpadbutton>
- <dpadbutton index="8">
- <wheelspeedx>2</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- <slots>
- <slot>
- <code>0x1000012</code>
- <mode>keyboard</mode>
- </slot>
- </slots>
- </dpadbutton>
- </dpad>
- <trigger index="6">
- <deadZone>2000</deadZone>
- <throttle>positivehalf</throttle>
- <triggerbutton index="1">
- <mousespeedx>100</mousespeedx>
- <mousespeedy>100</mousespeedy>
- </triggerbutton>
- <triggerbutton index="2">
- <mousespeedx>100</mousespeedx>
- <mousespeedy>100</mousespeedy>
- <slots>
- <slot>
- <code>250</code>
- <mode>mousespeedmod</mode>
- </slot>
- </slots>
- </triggerbutton>
- </trigger>
- <trigger index="5">
- <throttle>positivehalf</throttle>
- </trigger>
- <button index="11">
- <slots>
- <slot>
- <code>1</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </button>
- <button index="2">
- <slots>
- <slot>
- <code>3</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </button>
- <button index="1">
- <slots>
- <slot>
- <code>1</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </button>
- <button index="4">
- <slots>
- <slot>
- <code>0x1000004</code>
- <mode>keyboard</mode>
- </slot>
- </slots>
- </button>
- <button index="3">
- <slots>
- <slot>
- <code>2</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </button>
- <button index="5">
- <slots>
- <slot>
- <code>1</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </button>
- </set>
- </sets>
-</gamecontroller>
diff --git a/lass/2configs/atuin-server.nix b/lass/2configs/atuin-server.nix
deleted file mode 100644
index 05d3b4fd4..000000000
--- a/lass/2configs/atuin-server.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- services.atuin = {
- enable = true;
- host = "0.0.0.0";
- maxHistoryLength = 1000000;
- openFirewall = true;
- };
-
-}
diff --git a/lass/2configs/autotether.nix b/lass/2configs/autotether.nix
deleted file mode 100644
index 98712303e..000000000
--- a/lass/2configs/autotether.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- systemd.services.usb_tether = {
- script = ''
- ${pkgs.android-tools}/bin/adb -s QV770FAMEK wait-for-device
- ${pkgs.android-tools}/bin/adb -s QV770FAMEK shell svc usb setFunctions rndis
- '';
- };
- services.udev.extraRules = ''
- ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="fce/320d/510", TAG+="systemd", ENV{SYSTEMD_WANTS}="usb_tether.service"
- '';
- systemd.network.networks.android = {
- matchConfig.Name = "enp0s20u1";
- DHCP = "yes";
- };
-}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
deleted file mode 100644
index e5b1f0b90..000000000
--- a/lass/2configs/baseX.nix
+++ /dev/null
@@ -1,196 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-let
- user = config.krebs.build.user;
-in {
- imports = [
- ./alacritty.nix
- ./mpv.nix
- ./power-action.nix
- ./urxvt.nix
- ./xdg-open.nix
- ./yubikey.nix
- ./pipewire.nix
- ./tmux.nix
- ./xmonad.nix
- ./themes.nix
- ./fonts.nix
- {
- users.users.mainUser.packages = [
- pkgs.sshuttle
- ];
- security.sudo.extraConfig = ''
- lass ALL= (root) NOPASSWD:SETENV: ${pkgs.sshuttle}/bin/.sshuttle-wrapped
- '';
- }
- { #font magic
- options.lass.fonts = {
- regular = mkOption {
- type = types.str;
- default = "xft:Iosevka Term SS15:style=regular";
- };
- bold = mkOption {
- type = types.str;
- default = "xft:Iosevka Term SS15:style=bold";
- };
- italic = mkOption {
- type = types.str;
- default = "xft:Iosevka Term SS15:style=italic";
- };
- };
- config.krebs.xresources.resources.X = ''
- *.font: ${config.lass.fonts.regular}
- *.boldFont: ${config.lass.fonts.bold}
- *.italicFont: ${config.lass.fonts.italic}
- '';
- }
- ];
-
- users.users.mainUser.extraGroups = [ "audio" "pipewire" "video" ];
-
- time.timeZone = "Europe/Berlin";
-
- programs.ssh.agentTimeout = "10m";
- programs.ssh.startAgent = false;
- services.openssh.forwardX11 = true;
-
- environment.systemPackages = with pkgs; [
- acpi
- acpilight
- ripgrep
- cabal2nix
- dic
- dmenu
- font-size
- fzfmenu
- gimp
- gitAndTools.gh
- git-crypt
- git-preview
- dconf
- iodine
- libarchive
- lm_sensors
- ncdu
- nix-index
- nixpkgs-review
- nmap
- pavucontrol
- ponymix
- powertop
- rxvt-unicode
- sshvnc
- sxiv
- nsxiv
- taskwarrior
- termite
- transgui
- wirelesstools
- x11vnc
- xclip
- xephyrify
- xorg.xmodmap
- xorg.xhost
- xdotool
- xsel
- zathura
- flameshot
- (pkgs.writeDashBin "screenshot" ''
- set -efu
-
- ${pkgs.flameshot}/bin/flameshot gui &&
- ${pkgs.klem}/bin/klem
- '')
- (pkgs.writers.writeDashBin "IM" ''
- ${pkgs.mosh}/bin/mosh green.r -- tmux new-session -A -s IM -- weechat
- '')
- (pkgs.writers.writeDashBin "deploy_hm" ''
- target=$1
- shift
-
- hm_profile=$(${pkgs.home-manager}/bin/home-manager -f ~/sync/stockholm/lass/2configs/home-manager.nix build "$@")
- nix-copy-closure --to "$target" "$hm_profile"
- ssh "$target" -- "$hm_profile"/activate
- '')
- zbar
- ];
-
- services.udev.extraRules = ''
- SUBSYSTEM=="backlight", ACTION=="add", \
- RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", \
- RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
- '';
-
- services.xserver = {
- enable = true;
- layout = "us";
- display = mkForce 0;
- xkbVariant = "altgr-intl";
- xkbOptions = "caps:escape";
- libinput.enable = true;
- exportConfiguration = true;
- displayManager = {
- lightdm.enable = true;
- defaultSession = "none+xmonad";
- sessionCommands = ''
- ${pkgs.xorg.xhost}/bin/xhost +LOCAL:
- '';
- };
- };
-
- nixpkgs.config.packageOverrides = super: {
- dmenu = pkgs.writeDashBin "dmenu" ''
- ${pkgs.fzfmenu}/bin/fzfmenu "$@"
- '';
- };
-
- krebs.xresources.enable = true;
-
- lass.klem = {
- kpaste.script = pkgs.writeDash "kpaste-wrapper" ''
- ${pkgs.kpaste}/bin/kpaste \
- | ${pkgs.coreutils}/bin/tail -1 \
- | ${pkgs.coreutils}/bin/tr -d '\r\n'
- '';
- go = {
- target = "STRING";
- script = "${pkgs.goify}/bin/goify";
- };
- "go.lassul.us" = {
- target = "STRING";
- script = pkgs.writeDash "go.lassul.us" ''
- export GO_HOST='go.lassul.us'
- ${pkgs.goify}/bin/goify
- '';
- };
- qrcode = {
- target = "image";
- script = pkgs.writeDash "zbar" ''
- ${pkgs.zbar}/bin/zbarimg -q --raw -
- '';
- };
- ocr = {
- target = "image";
- script = pkgs.writeDash "gocr" ''
- ${pkgs.netpbm}/bin/pngtopnm - \
- | ${pkgs.gocr}/bin/gocr -
- '';
- };
- };
-
- services.clipmenu.enable = true;
-
- # synchronize all the clipboards
- systemd.user.services.autocutsel = {
- enable = true;
- wantedBy = [ "graphical-session.target" ];
- after = [ "graphical-session.target" ];
- serviceConfig = {
- Type = "forking";
- ExecStart = pkgs.writers.writeDash "autocutsel" ''
- ${pkgs.autocutsel}/bin/autocutsel -fork -selection PRIMARY
- ${pkgs.autocutsel}/bin/autocutsel -fork -selection CLIPBOARD
- '';
- };
- };
-}
diff --git a/lass/2configs/bgt-bot/bgt-check.sh b/lass/2configs/bgt-bot/bgt-check.sh
deleted file mode 100644
index 30185ba18..000000000
--- a/lass/2configs/bgt-bot/bgt-check.sh
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/bin/sh
-# needs in path:
-# curl gnugrep jq
-# creates and manages $PWD/state
-set -xeuf
-
-send_reaktor(){
- # usage: send_reaktor "text"
- echo "send_reaktor: $1"
- curl -fsS "http://localhost:$REAKTOR_PORT" \
- -H content-type:application/json \
- -d "$(jq -n \
- --arg text "$1" \
- --arg channel "$IRC_CHANNEL" \
- '{
- command:"PRIVMSG",
- params:[$channel,$text]
- }'
- )"
-}
-
-live=$(shuf -n1 <<EOF
-Binärgewitter Liveshow hat begonnen! http://stream.radiotux.de:8000/binaergewitter.mp3
-EOF
-)
-
-offline=$(shuf -n1 <<EOF
-Live stream vorbei
-EOF
-)
-error=$(shuf -n1 <<EOF
-something went wrong
-EOF
-)
-
-if curl -Ss http://stream.radiotux.de:8000 | grep -q 'Mount Point /binaergewitter'; then
- state='live'
-else
- state='offline'
-fi
-prevstate=$(cat state ||:)
-
-if test "$state" == "$(cat state)";then
- #echo "current and last state is the same ($state), doing nothing"
- :
-else
- echo "API state and last state differ ( '$state' != '$prevstate')"
- if test "$state" == 'live';then
- send_reaktor "$live"
- elif test "$state" == 'offline';then
- send_reaktor "$offline"
- else
- send_reaktor "$error"
- fi
- echo 'updating state'
- printf "%s" "$state" > state
-fi
diff --git a/lass/2configs/bgt-bot/default.nix b/lass/2configs/bgt-bot/default.nix
deleted file mode 100644
index 6f9e33704..000000000
--- a/lass/2configs/bgt-bot/default.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-
- bot_port = "7654";
- irc_channel = "#binaergewitter";
-in
-{
- krebs.reaktor2.bgt-announce = {
- hostname = "irc.libera.chat";
- port = "6697";
- nick = "bgt-announce";
- API.listen = "inet://127.0.0.1:${bot_port}";
- plugins = [
- {
- plugin = "register";
- config = {
- channels = [
- irc_channel
- ];
- };
- }
- ];
- };
- systemd.services.check_bgt_show = {
- startAt = "*:0/5";
- environment = {
- IRC_CHANNEL = irc_channel;
- REAKTOR_PORT = bot_port;
- };
- path = with pkgs; [
- curl
- gnugrep
- jq
- ];
- script = builtins.readFile ./bgt-check.sh;
- serviceConfig = {
- DynamicUser = true;
- StateDirectory = "bgt-announce";
- WorkingDirectory = "/var/lib/bgt-announce";
- PrivateTmp = true;
- };
- };
-}
-
diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix
deleted file mode 100644
index de15aff92..000000000
--- a/lass/2configs/binary-cache/client.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, ... }:
-
-{
- nix = {
- binaryCaches = [
- "http://cache.prism.r"
- "http://cache.neoprism.r"
- "https://cache.nixos.org/"
- ];
- binaryCachePublicKeys = [
- "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
- "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI="
- "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
- ];
- };
-}
-
diff --git a/lass/2configs/binary-cache/proxy.nix b/lass/2configs/binary-cache/proxy.nix
deleted file mode 100644
index a6ecb044d..000000000
--- a/lass/2configs/binary-cache/proxy.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, lib, pkgs, ...}:
-{
- services.nginx = {
- enable = true;
- virtualHosts."cache.krebsco.de" = {
- enableACME = true;
- forceSSL = true;
- locations."/".extraConfig = ''
- proxy_pass http://cache.neoprism.r/;
- '';
- };
- };
-}
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
deleted file mode 100644
index 490601641..000000000
--- a/lass/2configs/binary-cache/server.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ config, lib, pkgs, ...}:
-{
- # nixpkgs.config.packageOverrides = p: {
- # nix-serve = p.haskellPackages.nix-serve-ng;
- # };
- # generate private key with:
- # nix-store --generate-binary-cache-key my-secret-key my-public-key
- services.nix-serve = {
- enable = true;
- secretKeyFile = toString <secrets> + "/nix-serve.key";
- port = 5005;
- };
-
- services.nginx = {
- enable = true;
- virtualHosts.nix-serve = {
- serverAliases = [ "cache.${config.networking.hostName}.r" ];
- locations."/".extraConfig = ''
- proxy_pass http://localhost:${toString config.services.nix-serve.port};
- '';
- locations."= /nix-cache-info".extraConfig = ''
- alias ${pkgs.writeText "cache-info" ''
- StoreDir: /nix/store
- WantMassQuery: 1
- Priority: 42
- ''};
- '';
- };
- };
-}
-
diff --git a/lass/2configs/bird.nix b/lass/2configs/bird.nix
deleted file mode 100644
index 3fc265cd7..000000000
--- a/lass/2configs/bird.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, ... }:
-
-{
- config.services.bird = {
- enable = true;
- config = ''
- router id 192.168.122.1;
- protocol device {
- scan time 10;
- }
- '';
- };
-}
diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix
deleted file mode 100644
index e9dd055f9..000000000
--- a/lass/2configs/bitcoin.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.mainUser;
-in {
-
- users.extraUsers = {
- bitcoin = {
- name = "bitcoin";
- description = "user for bitcoin stuff";
- home = "/home/bitcoin";
- useDefaultShell = true;
- createHome = true;
- packages = [ pkgs.electrum ];
- isNormalUser = true;
- };
- monero = {
- name = "monero";
- description = "user for monero stuff";
- home = "/home/monero";
- useDefaultShell = true;
- createHome = true;
- packages = [
- pkgs.monero
- pkgs.monero-gui
- ];
- isNormalUser = true;
- };
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(bitcoin) ALL
- ${mainUser.name} ALL=(monero) ALL
- '';
-}
diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix
deleted file mode 100644
index 43573d893..000000000
--- a/lass/2configs/bitlbee.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-with (import <stockholm/lib>);
-{ config, lib, pkgs, ... }:
-
-{
- services.bitlbee = {
- enable = true;
- portNumber = 6666;
- plugins = [
- pkgs.bitlbee-facebook
- pkgs.bitlbee-steam
- pkgs.bitlbee-discord
- ];
- libpurple_plugins = [
- # pkgs.telegram-purple
- # pkgs.tdlib-purple
- # pkgs.purple-gowhatsapp
- ];
- configDir = "/var/state/bitlbee";
- };
-
- systemd.services.bitlbee.serviceConfig = {
- ExecStartPre = [
- "+${pkgs.writeDash "setup-bitlbee" ''
- ${pkgs.coreutils}/bin/chown bitlbee:bitlbee /var/state/bitlbee || :
- ''}"
- ];
- ReadWritePaths = [
- "/var/state/bitlbee"
- ];
- };
- systemd.tmpfiles.rules = [
- "d /var/state/bitlbee 0700 - - -"
- ];
-}
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
deleted file mode 100644
index 532e55fe5..000000000
--- a/lass/2configs/blue-host.nix
+++ /dev/null
@@ -1,116 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-let
- all_hosts = [
- "icarus"
- "shodan"
- "daedalus"
- "skynet"
- "prism"
- "littleT"
- ];
- remote_hosts = filter (h: h != config.networking.hostName) all_hosts;
-
-in {
- imports = [
- <stockholm/lass/2configs/container-networking.nix>
- { #hack for already defined
- systemd.services."container@blue".reloadIfChanged = mkForce false;
- systemd.services."container@blue".preStart = ''
- ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
- '';
- systemd.services."container@blue".preStop = ''
- /run/wrappers/bin/fusermount -u /var/lib/containers/blue
- '';
- }
- ];
-
- system.activationScripts.containerPermissions = ''
- mkdir -p /var/lib/containers
- chmod 711 /var/lib/containers
- '';
-
- containers.blue = {
- config = { ... }: {
- environment.systemPackages = [
- pkgs.git
- pkgs.rxvt-unicode-unwrapped.terminfo
- ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.9";
- localAddress = "10.233.2.10";
- };
-
-
- #systemd.services = builtins.listToAttrs (map (host:
- # let
- # in nameValuePair "sync-blue-${host}" {
- # bindsTo = [ "container@blue.service" ];
- # wantedBy = [ "container@blue.service" ];
- # # ssh needed for rsync
- # path = [ pkgs.openssh ];
- # serviceConfig = {
- # Restart = "always";
- # RestartSec = 10;
- # ExecStart = pkgs.writeDash "sync-blue-${host}" ''
- # set -efu
- # #make sure blue is running
- # /run/wrappers/bin/ping -c1 blue.r > /dev/null
-
- # #make sure the container is unlocked
- # ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
-
- # #make sure our target is reachable
- # ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null
-
- # #start sync
- # ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" ''
- # settings {
- # nodaemon = true,
- # inotifyMode = "CloseWrite or Modify",
- # }
- # sync {
- # default.rsyncssh,
- # source = "/var/lib/containers/.blue",
- # host = "${host}.r",
- # targetdir = "/var/lib/containers/.blue",
- # rsync = {
- # archive = true,
- # owner = true,
- # group = true,
- # };
- # ssh = {
- # binary = "${pkgs.openssh}/bin/ssh";
- # identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa",
- # },
- # }
- # ''}
- # '';
- # };
- # unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
- # }
- #) remote_hosts);
-
- environment.systemPackages = [
- (pkgs.writeDashBin "start-blue" ''
- set -ef
- if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then
- ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue
- fi
- nixos-container start blue
- nixos-container run blue -- nixos-rebuild -I /var/src dry-build
- if ping -c1 blue.r >/dev/null; then
- echo 'blue is already running. bailing out'
- exit 23
- fi
- nixos-container run blue -- nixos-rebuild -I /var/src switch
- '')
- ];
-}
diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
deleted file mode 100644
index 2698f67e0..000000000
--- a/lass/2configs/blue.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-with (import <stockholm/lib>);
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- ./mail.nix
- ./pass.nix
- ];
-
- environment.systemPackages = with pkgs; [
- dic
- nmap
- git-preview
- l-gen-secrets
- ];
-
- services.tor.enable = true;
- services.tor.client.enable = true;
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
- { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";}
- { predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";}
- { predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";}
- { predicate = "-i retiolum -p tcp --dport imap"; target = "ACCEPT";}
- { predicate = "-i wiregrill -p tcp --dport imap"; target = "ACCEPT";}
- ];
-
- services.dovecot2 = {
- enable = true;
- mailLocation = "maildir:~/Maildir";
- };
-}
diff --git a/lass/2configs/boot/coreboot.nix b/lass/2configs/boot/coreboot.nix
deleted file mode 100644
index 1548cbc2d..000000000
--- a/lass/2configs/boot/coreboot.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ ... }:
-
-{
- boot = {
- loader.grub.enable = true;
- loader.grub.version = 2;
- loader.grub.device = "/dev/sda";
- loader.grub.efiSupport = true;
- };
-}
diff --git a/lass/2configs/boot/stock-x220.nix b/lass/2configs/boot/stock-x220.nix
deleted file mode 100644
index 54a382db7..000000000
--- a/lass/2configs/boot/stock-x220.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ ... }:
-
-{
- boot = {
- loader.systemd-boot.enable = true;
- loader.efi.canTouchEfiVariables = true;
- };
-}
diff --git a/lass/2configs/boot/universal.nix b/lass/2configs/boot/universal.nix
deleted file mode 100644
index 33f4323cc..000000000
--- a/lass/2configs/boot/universal.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ ... }:
-
-{
- boot = {
- loader.grub.enable = true;
- loader.grub.version = 2;
- loader.grub.device = "/dev/sda";
- loader.grub.efiSupport = true;
- loader.grub.efiInstallAsRemovable = true;
- };
-}
diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix
deleted file mode 100644
index 273a9c963..000000000
--- a/lass/2configs/br.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }: {
-
- imports = [
- <nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
- ];
-
- krebs.nixpkgs.allowUnfreePredicate = pkg: any (eq (packageName pkg)) [
- "brother-udev-rule-type1"
- "brscan4"
- "brscan4-etc-files"
- "mfcl2700dnlpr"
- ];
-
- hardware.sane = {
- enable = true;
- brscan4 = {
- enable = true;
- netDevices = {
- bra = {
- model = "MFCL2700DN";
- ip = "10.42.0.4";
- };
- };
- };
- };
-
- services.saned.enable = true;
-
- # usage: scanimage -d "$(find-scanner bra)" --batch --format=tiff --resolution 150 -x 211 -y 298
- environment.systemPackages = [
- (pkgs.writeDashBin "find-scanner" ''
- set -efu
- name=$1
- ${pkgs.sane-backends}/bin/scanimage -f '%m %d
- ' \
- | ${pkgs.gawk}/bin/awk -v dev="*$name" '$1 == dev { print $2; exit }' \
- | ${pkgs.gnugrep}/bin/grep .
- '')
- ];
-
- services.printing = {
- enable = true;
- drivers = [
- pkgs.mfcl2700dncupswrapper
- ];
- };
-
- users.users.mainUser.extraGroups = [ "scanner" "lp" ];
-
-}
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
deleted file mode 100644
index 92ee8e30f..000000000
--- a/lass/2configs/browsers.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- programs.firefox.nativeMessagingHosts.tridactyl = true;
- environment.variables.BROWSER = "${pkgs.firefox}/bin/firefox";
- environment.systemPackages = [
- pkgs.firefox-devedition
- ];
-}
diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix
deleted file mode 100644
index c9ad8cf68..000000000
--- a/lass/2configs/c-base.nix
+++ /dev/null
@@ -1,115 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-in {
-
- environment.systemPackages = [
- pkgs.cifs-utils
- ];
-
- systemd.network.networks.c-base = {
- matchConfig.Name = "c-base";
- networkConfig = {
- IgnoreCarrierLoss = "3s";
- KeepConfiguration = "static";
- DNS = "10.0.1.254";
- Domains = "cbrp3.c-base.org";
- };
- routes = [
- { routeConfig = {
- Destination = "10.0.0.0/23";
- Gateway = "172.31.77.1";
- };}
- { routeConfig = {
- Destination = "91.102.9.99/32"; # vorstand.c-base.org
- Gateway = "172.31.77.1";
- };}
- ];
- };
- services.openvpn.servers.c-base = {
- config = ''
- remote vpn.ext.c-base.org 1194
- verify-x509-name vpn.ext.c-base.org name
- client
- proto udp
- dev-type tun
- dev c-base
- resolv-retry infinite
- nobind
- # user openvpn
- # group openvpn
- persist-key
- persist-tun
- comp-lzo
- # register-dns
- # block-outside-dns
- script-security 2
- auth-user-pass ${toString <secrets/cbase.txt>}
- #auth-user-pass
- key-direction 1
- <tls-auth>
- #
- # 2048 bit OpenVPN static key
- #
- -----BEGIN OpenVPN Static key V1-----
- 54a66ed1048bed7508703347e89d68d6
- 5586e6a5d1218cf8675941031d540be6
- 993e07200a16ad3b770b659932ee71e5
- f8080b5c9fa2acb3893abd40fad2552c
- fdaf17565e617ae450efcccf5652dca5
- a16419509024b075941098731eb25ac0
- a64f963ece3dca1d2a64a9c5e17839d7
- 5b5080165a9b2dc90ef111879d7d3173
- 2d1027ae42d869394aca08da4472a9d0
- 6b724b4ed43a957feef7d6dfc86da241
- 74828fa0e1240941586f0d937cac32fc
- 13cc81e7bed58817353d6afaff7e6a26
- 4f9cc086af79c1cdca660d86e18cff96
- 69dd3d392caf09a468894a8504f4cc7c
- 7ae0072e6d9ad90b166ad13a39c57b3c
- 3a869e27a1d89deb161c255227551713
- -----END OpenVPN Static key V1-----
- </tls-auth>
- <ca>
- -----BEGIN CERTIFICATE-----
- MIIGsDCCBJigAwIBAgIJAPkM1l2zA306MA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD
- VQQGEwJERTEPMA0GA1UEBxMGQmVybGluMRswGQYDVQQLExJ2cG4uZXh0LmMtYmFz
- ZS5vcmcxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEbMBkGA1UEKRMSdnBu
- LmV4dC5jLWJhc2Uub3JnMR8wHQYJKoZIhvcNAQkBFhBhZG1heEBjLWJhc2Uub3Jn
- MB4XDTE2MDcwOTE4MjkyMFoXDTI2MDcxMDE4MjkyMFowgZYxCzAJBgNVBAYTAkRF
- MQ8wDQYDVQQHEwZCZXJsaW4xGzAZBgNVBAsTEnZwbi5leHQuYy1iYXNlLm9yZzEb
- MBkGA1UEAxMSdnBuLmV4dC5jLWJhc2Uub3JnMRswGQYDVQQpExJ2cG4uZXh0LmMt
- YmFzZS5vcmcxHzAdBgkqhkiG9w0BCQEWEGFkbWF4QGMtYmFzZS5vcmcwggIiMA0G
- CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXEs+uWCXLNmm+lgP9x7u3FqWa4pPI
- h64c6EWIULMATrhEw+Ej4fpCXwU9otFaO04fAeJmZGkDcnAYdBDiCeI0luOSdj44
- Bg9KecSei/TskqjhDVnEBp65hiz0rZE6c1baPdLYmD5xrXWb3i0zrlBYFawuL6C2
- lwVCEm3cadvkDJ2DleMuu3NblV8ViIDN0HZqzJNP72g1I0MgohkpetACXlf7MzQV
- PFHfzvb04Rj2lJ8BDhceQ0WmjtVV/Ag6nka5oi954OeHMujRuH+rZYiQZDZpJLHK
- Kh1KWTVlWPRy+AvCi9lweDWSmLccq7Ug4xMtDF4I5qW3tjCd0xqpZ21Xmo2JyKtY
- 4h8wEDPqiJvgwvkXsH17GLn5ZxiMcQuRJQYZqJephkzR9uccJeWSS76kwm/vLqG3
- +eORlYnyjiNXtiMIhmAEFjpWUrGH8v4CijpUNP6E63ynGrRVXK684YQXkqL+xPAt
- t6dsMBUwf94a2S1o2kgvuRCim1wlHvf1QsHrO/Hwgpzc8no/daWL+Z9Rq9okTHNK
- nc1G5dv8TkmxIDYnLm07QMzzBoOT36BcGtkEBA+0xhQlX5PyQdM5/jnZVhdSBmoP
- MbZXPoU/gJAIuuBuwdTlgCzYf44/9/YU/AnW8eLrbhm9KtMtoMpatrWorKqk/GPv
- /lGNRQuNffrbiQIDAQABo4H+MIH7MB0GA1UdDgQWBBTf5cYbK+KCF9u9aobFlLbu
- ilwX4jCBywYDVR0jBIHDMIHAgBTf5cYbK+KCF9u9aobFlLbuilwX4qGBnKSBmTCB
- ljELMAkGA1UEBhMCREUxDzANBgNVBAcTBkJlcmxpbjEbMBkGA1UECxMSdnBuLmV4
- dC5jLWJhc2Uub3JnMRswGQYDVQQDExJ2cG4uZXh0LmMtYmFzZS5vcmcxGzAZBgNV
- BCkTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhAYy1i
- YXNlLm9yZ4IJAPkM1l2zA306MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
- ggIBAMs1moiS7UZ4neOivQjqwKrBbm1j3tgmPLhDfNMmXYarGhnBGAlLxLAQWtG+
- Fnbx8KcsJnrsWcGfZcst1z45S4a5oBdVNKOfgkMOG0glZorIDO8Odrb51rpyzU0v
- 0wcNumMNWhkFuo2OTBHPnnJIWEAFwwCCSCL0I0hQxxoaV36kphjuIwzrMJhd+XAT
- 24En58cNp6sPRDd+FzOH08uFINevyzKWYxkMgVj+e3fbuiyOB8RqvndKvtfBBcpB
- cCO86lGnj/ETMDciTczUShxaMn9wV1zr1KH1xvT3ohUeOcQZGbGTcjG4mxlns8ZO
- U5J3Yrcd1eMfJq9Bwd3zPsTLnT8LwIS8vfYRav9b34XdqcBG73dhrjsicMK0Qy0z
- Qz7vKJzcvrEnKuaMyB3mCxz/UvbNc2Bupwm4FmzN5eFjDs+7paYFdfOzqMjoRP+8
- bcXSqDN5P2eUd7cdsZXaFNcsf1FkWlE3GudVBOmNJqz9zBab/T5J+l4Z90Pd6OUX
- GNozEvLhcJkvPKA526TegHTGC8hMquxKc9tpOzNRqZJMFa+UG1mgMrMepRmM/B3s
- QrKI1C11iCVYfb9J0tQUkfENHMx4J7mG2DZAhnKWQDU2awM41qU4A7aBYaJvDPnQ
- RRcbaT0D794lKUQwH/mZuyKzF22oZNk1o1TV2SaFXqgX5tDt
- -----END CERTIFICATE-----
- </ca>
- '';
- };
-}
diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix
deleted file mode 100644
index f32f062ff..000000000
--- a/lass/2configs/ciko.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-{
- users.users.ciko = {
- uid = genid_uint31 "ciko";
- description = "acc for ciko";
- home = "/home/ciko";
- useDefaultShell = true;
- createHome = true;
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr"
- ];
- isNormalUser = true;
- };
-
- system.activationScripts.user-shadow = ''
- ${pkgs.coreutils}/bin/chmod +x /home/ciko
- '';
-}
-
diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix
deleted file mode 100644
index d0ba8912c..000000000
--- a/lass/2configs/codimd.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ config, pkgs, lib, ... }:
-with import <stockholm/lib>;
-let
- domain = "pad.lassul.us";
-in
-{
-
- # redirect legacy domain to new one
- services.nginx.virtualHosts."codi.lassul.us" = {
- enableACME = true;
- addSSL = true;
- locations."/".return = "301 https://${domain}\$request_uri";
- };
-
- services.nginx.virtualHosts.${domain} = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- proxyPass = "https://localhost:3091";
- proxyWebsockets = true;
- };
- };
-
- security.acme.certs.${domain}.group = "hedgecert";
- users.groups.hedgecert.members = [ "hedgedoc" "nginx" ];
-
- security.dhparams = {
- enable = true;
- params.hedgedoc = { };
- };
-
- systemd.services.hedgedoc.environment = {
- CMD_COOKIE_POLICY = "none";
- CMD_CSP_ALLOW_FRAMING = "true";
- };
-
- services.borgbackup.jobs.hetzner.paths = [
- "/var/backup"
- "/var/lib/hedgedoc"
- ];
- systemd.services.hedgedoc-backup = {
- startAt = "daily";
- serviceConfig = {
- ExecStart = ''${pkgs.sqlite}/bin/sqlite3 /var/lib/hedgedoc/db.hedgedoc.sqlite ".backup /var/backup/hedgedoc/backup.sq3"'';
- Type = "oneshot";
- };
- };
-
- services.hedgedoc = {
- enable = true;
- configuration.allowOrigin = [ domain ];
- settings = {
- db = {
- dialect = "sqlite";
- storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
- };
- useCDN = false;
- port = 3091;
- domain = domain;
- allowFreeURL = true;
-
- useSSL = true;
- protocolUseSSL = true;
- sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ];
- sslCertPath = "/var/lib/acme/${domain}/cert.pem";
- sslKeyPath = "/var/lib/acme/${domain}/key.pem";
- dhParamPath = config.security.dhparams.params.hedgedoc.path;
- };
- };
-}
diff --git a/lass/2configs/consul.nix b/lass/2configs/consul.nix
deleted file mode 100644
index 67467364e..000000000
--- a/lass/2configs/consul.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- services.consul = {
- enable = true;
- # dropPrivileges = false;
- webUi = true;
- # interface.bind = "retiolum";
- extraConfig = {
- bind_addr = config.krebs.build.host.nets.retiolum.ip4.addr;
- bootstrap_expect = 3;
- server = true;
- # retry_join = config.services.consul.extraConfig.start_join;
- retry_join = lib.mapAttrsToList (n: h:
- lib.head h.nets.retiolum.aliases
- ) (lib.filterAttrs (n: h: h.consul) config.krebs.hosts);
- rejoin_after_leave = true;
-
- # try to fix random lock loss on leader reelection
- retry_interval = "3s";
- };
- };
-
- environment.etc."consul.d/testservice.json".text = builtins.toJSON {
- service = {
- name = "testing";
- };
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 8300"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 8301"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 8301"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 8302"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 8302"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 8400"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 8500"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 8600"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 8500"; target = "ACCEPT"; }
- ];
-}
diff --git a/lass/2configs/container-networking.nix b/lass/2configs/container-networking.nix
deleted file mode 100644
index 0cfe193d9..000000000
--- a/lass/2configs/container-networking.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ lib, ... }:
-
-{
- krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; predicate = "-d 10.233.2.0/24 -o ve-+ -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-s 10.233.2.0/24 -i ve-+"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i ve-+ -o ve-+"; target = "ACCEPT"; }
- { v6 = false; predicate = "-o ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
- { v6 = false; predicate = "-i ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = lib.mkBefore [
- { v6 = false; predicate = "-s 10.233.2.0/24"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.POSTROUTING.rules = [
- { v6 = false; predicate = "-s 10.233.2.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
- { v6 = false; predicate = "-s 10.233.2.0/24 -d 255.255.255.255"; target = "RETURN"; }
- { v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24"; target = "MASQUERADE"; }
- { v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
- { v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
- ];
- boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault 1;
-}
diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix
deleted file mode 100644
index ed78699b0..000000000
--- a/lass/2configs/copyq.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-let
- copyqConfig = pkgs.writeDash "copyq-config" ''
- ${pkgs.copyq}/bin/copyq config check_clipboard true
- ${pkgs.copyq}/bin/copyq config check_selection true
- ${pkgs.copyq}/bin/copyq config copy_clipboard true
- ${pkgs.copyq}/bin/copyq config copy_selection true
-
- ${pkgs.copyq}/bin/copyq config activate_closes true
- ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
- ${pkgs.copyq}/bin/copyq config clipboard_tab \&clipboard
- ${pkgs.copyq}/bin/copyq config disable_tray true
- ${pkgs.copyq}/bin/copyq config hide_tabs true
- ${pkgs.copyq}/bin/copyq config hide_toolbar true
- ${pkgs.copyq}/bin/copyq config item_popup_interval true
- ${pkgs.copyq}/bin/copyq config maxitems 1000
- ${pkgs.copyq}/bin/copyq config move true
- ${pkgs.copyq}/bin/copyq config text_wrap true
- '';
-in {
- systemd.user.services.copyq = {
- wantedBy = [ "graphical-session.target" ];
- requires = [ "xmonad.service" ];
- environment = {
- DISPLAY = ":${toString config.services.xserver.display}";
- };
- serviceConfig = {
- SyslogIdentifier = "copyq";
- ExecStart = "${pkgs.copyq}/bin/copyq";
- ExecStartPost = copyqConfig;
- Restart = "always";
- RestartSec = "15s";
- StartLimitBurst = 0;
- };
- };
-}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
deleted file mode 100644
index 6d4230c68..000000000
--- a/lass/2configs/default.nix
+++ /dev/null
@@ -1,249 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
-{
- imports = [
- ./binary-cache/client.nix
- ./gc.nix
- ./mc.nix
- ./vim.nix
- ./zsh.nix
- ./htop.nix
- <stockholm/krebs/2configs/security-workarounds.nix>
- ./wiregrill.nix
- ./tmux.nix
- ./tor-ssh.nix
- ./networkd.nix
- {
- users.extraUsers =
- mapAttrs (_: h: { hashedPassword = h; })
- (import <secrets/hashedPasswords.nix>);
- }
- {
- users.extraUsers = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- config.krebs.users.lass-blue.pubkey
- config.krebs.users.lass-green.pubkey
- ];
- };
- mainUser = {
- name = "lass";
- uid = 1337;
- home = "/home/lass";
- group = "users";
- createHome = true;
- useDefaultShell = true;
- isNormalUser = true;
- extraGroups = [
- "audio"
- "video"
- "fuse"
- "wheel"
- "tor"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- config.krebs.users.lass-blue.pubkey
- config.krebs.users.lass-green.pubkey
- ];
- };
- };
- }
- {
- environment.variables = {
- NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
- };
- }
- (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in {
- environment.variables = {
- CURL_CA_BUNDLE = ca-bundle;
- GIT_SSL_CAINFO = ca-bundle;
- SSL_CERT_FILE = ca-bundle;
- };
- })
- {
- #for sshuttle
- environment.systemPackages = [
- pkgs.python3Packages.python
- ];
- }
- ];
-
- networking.hostName = config.krebs.build.host.name;
-
- krebs = {
- enable = true;
- build.user = config.krebs.users.lass;
- ssl.trustIntermediate = true;
- };
-
- nix.useSandbox = true;
-
- users.mutableUsers = false;
-
- services.timesyncd.enable = mkForce true;
-
- # multiple-definition-problem when defining environment.variables.EDITOR
- environment.extraInit = ''
- EDITOR=vim
- '';
-
- nixpkgs.config.allowUnfree = true;
-
- environment.systemPackages = with pkgs; [
- #stockholm
- deploy
- git
- git-absorb
- git-preview
- gnumake
- jq
- nix-output-monitor
-
- #style
- rxvt-unicode-unwrapped.terminfo
- alacritty.terminfo
-
- #monitoring tools
- htop
- iotop
-
- #network
- iptables
- iftop
- tcpdump
- mosh
- eternal-terminal
- sshify
-
- #stuff for dl
- aria2
-
- #neat utils
- file
- hashPassword
- kpaste
- cyberlocker-tools
- pciutils
- pop
- q
- rs
- untilport
- (pkgs.writeDashBin "urgent" ''
- printf '\a'
- '')
- usbutils
- logify
- goify
-
- #unpack stuff
- libarchive
-
- (pkgs.writeDashBin "sshn" ''
- ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
- '')
- ];
-
- environment.shellAliases = {
- ll = "ls -l";
- la = "ls -la";
- ls = "ls --color";
- ip = "ip -color=auto";
- grep = "grep --color=auto";
- };
-
- programs.bash = {
- enableCompletion = true;
- interactiveShellInit = ''
- HISTCONTROL='erasedups:ignorespace'
- HISTSIZE=65536
- HISTFILESIZE=$HISTSIZE
-
- shopt -s checkhash
- shopt -s histappend histreedit histverify
- shopt -s no_empty_cmd_completion
- complete -d cd
- LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS
- '';
- promptInit = ''
- if test $UID = 0; then
- PS1='\[\033[1;31m\]\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
- elif test $UID = 1337; then
- PS1='\[\033[1;32m\]\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
- else
- PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
- fi
- if test -n "$SSH_CLIENT"; then
- PS1='\[\033[35m\]\h'" $PS1"
- PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
- fi
- '';
- };
-
- services.openssh.enable = true;
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- Storage=persistent
- '';
-
- krebs.iptables = {
- enable = true;
- tables = {
- nat.PREROUTING.rules = [
- { predicate = "-i retiolum -p tcp -m tcp --dport 22"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp -m tcp --dport 22"; target = "ACCEPT"; }
- { predicate = "-p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; }
- { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; }
- ];
- nat.OUTPUT.rules = [
- { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; }
- ];
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = mkMerge [
- (mkBefore [
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- { predicate = "-p icmp"; target = "ACCEPT"; }
- { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; }
- { predicate = "-i lo"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; }
- ])
- (mkOrder 1000 [
- { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp -m udp --dport 53"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 19999"; target = "ACCEPT"; }
- ])
- (mkAfter [
- { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; }
- { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; }
- { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; }
- ])
- ];
- };
- };
-
- networking.dhcpcd.extraConfig = ''
- noipv4ll
- '';
-
- networking.extraHosts = ''
- 10.42.0.1 styx.gg23
- '';
-
- nix.extraOptions = ''
- experimental-features = nix-command flakes
- '';
-
- # use 24:00 time format, the default got sneakily changed around 20.03
- i18n.defaultLocale = mkDefault "C.UTF-8";
- time.timeZone = mkDefault"Europe/Berlin";
-
- # disable doc usually
- documentation.nixos.enable = mkDefault false;
-}
diff --git a/lass/2configs/docker.nix b/lass/2configs/docker.nix
deleted file mode 100644
index 2bc3a2361..000000000
--- a/lass/2configs/docker.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ pkgs, lib, config, ... }:
-{
- systemd.services.krebs-iptables.serviceConfig.ExecStartPost = pkgs.writeDash "kick_docker" ''
- ${pkgs.systemd}/bin/systemctl restart docker.service
- '';
-}
diff --git a/lass/2configs/dunst.nix b/lass/2configs/dunst.nix
deleted file mode 100644
index 18a22e1da..000000000
--- a/lass/2configs/dunst.nix
+++ /dev/null
@@ -1,277 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-let
- dunstConfig = pkgs.writeText "dunst-config" ''
- [global]
- font = Iosevka Term 11
-
- # Allow a small subset of html markup:
- # <b>bold</b>
- # <i>italic</i>
- # <s>strikethrough</s>
- # <u>underline</u>
- #
- # For a complete reference see
- # <http://developer.gnome.org/pango/stable/PangoMarkupFormat.html>.
- # If markup is not allowed, those tags will be stripped out of the
- # message.
- markup = yes
- plain_text = no
-
- # The format of the message. Possible variables are:
- # %a appname
- # %s summary
- # %b body
- # %i iconname (including its path)
- # %I iconname (without its path)
- # %p progress value if set ([ 0%] to [100%]) or nothing
- # Markup is allowed
- format = "%a\n<b>%s</b>\n%b"
-
- # Sort messages by urgency.
- sort = yes
-
- # Show how many messages are currently hidden (because of geometry).
- indicate_hidden = yes
-
- # Alignment of message text.
- # Possible values are "left", "center" and "right".
- alignment = center
-
- # The frequency with wich text that is longer than the notification
- # window allows bounces back and forth.
- # This option conflicts with "word_wrap".
- # Set to 0 to disable.
- bounce_freq = 0
-
- # Show age of message if message is older than show_age_threshold
- # seconds.
- # Set to -1 to disable.
- show_age_threshold = 1
-
- # Split notifications into multiple lines if they don't fit into
- # geometry.
- word_wrap = yes
-
- # Ignore newlines '\n' in notifications.
- ignore_newline = no
-
- # Hide duplicate's count and stack them
- stack_duplicates = yes
- hide_duplicates_count = no
-
-
- # The geometry of the window:
- # [{width}]x{height}[+/-{x}+/-{y}]
- # The geometry of the message window.
- # The height is measured in number of notifications everything else
- # in pixels. If the width is omitted but the height is given
- # ("-geometry x2"), the message window expands over the whole screen
- # (dmenu-like). If width is 0, the window expands to the longest
- # message displayed. A positive x is measured from the left, a
- # negative from the right side of the screen. Y is measured from
- # the top and down respectevly.
- # The width can be negative. In this case the actual width is the
- # screen width minus the width defined in within the geometry option.
- geometry = "500x10-0+0"
-
- # Shrink window if it's smaller than the width. Will be ignored if
- # width is 0.
- shrink = no
-
- # The transparency of the window. Range: [0; 100].
- # This option will only work if a compositing windowmanager is
- # present (e.g. xcompmgr, compiz, etc.).
- # transparency = 5
-
- # Don't remove messages, if the user is idle (no mouse or keyboard input)
- # for longer than idle_threshold seconds.
- # Set to 0 to disable.
- idle_threshold = 0
-
- # Which monitor should the notifications be displayed on.
- monitor = keyboard
-
- # Display notification on focused monitor. Possible modes are:
- # mouse: follow mouse pointer
- # keyboard: follow window with keyboard focus
- # none: don't follow anything
- #
- # "keyboard" needs a windowmanager that exports the
- # _NET_ACTIVE_WINDOW property.
- # This should be the case for almost all modern windowmanagers.
- #
- # If this option is set to mouse or keyboard, the monitor option
- # will be ignored.
- follow = none
-
- # Should a notification popped up from history be sticky or timeout
- # as if it would normally do.
- sticky_history = yes
-
- # Maximum amount of notifications kept in history
- history_length = 15
-
- # Display indicators for URLs (U) and actions (A).
- show_indicators = no
-
- # The height of a single line. If the height is smaller than the
- # font height, it will get raised to the font height.
- # This adds empty space above and under the text.
- line_height = 3
-
- # Draw a line of "separatpr_height" pixel height between two
- # notifications.
- # Set to 0 to disable.
- separator_height = 1
-
- # Padding between text and separator.
- padding = 1
-
- # Horizontal padding.
- horizontal_padding = 1
-
- # Define a color for the separator.
- # possible values are:
- # * auto: dunst tries to find a color fitting to the background;
- # * foreground: use the same color as the foreground;
- # * frame: use the same color as the frame;
- # * anything else will be interpreted as a X color.
- separator_color = frame
-
- # Print a notification on startup.
- # This is mainly for error detection, since dbus (re-)starts dunst
- # automatically after a crash.
- startup_notification = true
-
- # dmenu path.
- dmenu = ${pkgs.dmenu}/bin/dmenu -p dunst:
-
- # Browser for opening urls in context menu.
- browser = /usr/bin/firefox -new-tab
-
- # Align icons left/right/off
- icon_position = off
- max_icon_size = 80
-
- # Paths to default icons.
- icon_folders = /usr/share/icons/Paper/16x16/mimetypes/:/usr/share/icons/Paper/48x48/status/:/usr/share/icons/Paper/16x16/devices/:/usr/share/icons/Paper/48x48/notifications/:/usr/share/icons/Paper/48x48/emblems/
-
- frame_width = 2
- frame_color = "#8EC07C"
-
- [shortcuts]
-
- # Shortcuts are specified as [modifier+][modifier+]...key
- # Available modifiers are "ctrl", "mod1" (the alt-key), "mod2",
- # "mod3" and "mod4" (windows-key).
- # Xev might be helpful to find names for keys.
-
- # Close notification.
- close = ctrl+space
-
- # Close all notifications.
- close_all = ctrl+shift+space
-
- # Redisplay last message(s).
- # On the US keyboard layout "grave" is normally above TAB and left
- # of "1".
- history = ctrl+grave
-
- # Context menu.
- context = mod4+u
-
- [urgency_low]
- # IMPORTANT: colors have to be defined in quotation marks.
- # Otherwise the "#" and following would be interpreted as a comment.
- frame_color = "#3B7C87"
- foreground = "#3B7C87"
- background = "#191311"
- #background = "#2B313C"
- timeout = 1
-
- [urgency_normal]
- frame_color = "#5B8234"
- foreground = "#5B8234"
- background = "#191311"
- #background = "#2B313C"
- timeout = 1
-
- [urgency_critical]
- frame_color = "#B7472A"
- foreground = "#B7472A"
- background = "#191311"
- #background = "#2B313C"
- timeout = 1
-
-
- # Every section that isn't one of the above is interpreted as a rules to
- # override settings for certain messages.
- # Messages can be matched by "appname", "summary", "body", "icon", "category",
- # "msg_urgency" and you can override the "timeout", "urgency", "foreground",
- # "background", "new_icon" and "format".
- # Shell-like globbing will get expanded.
- #
- # SCRIPTING
- # You can specify a script that gets run when the rule matches by
- # setting the "script" option.
- # The script will be called as follows:
- # script appname summary body icon urgency
- # where urgency can be "LOW", "NORMAL" or "CRITICAL".
- #
- # NOTE: if you don't want a notification to be displayed, set the format
- # to "".
- # NOTE: It might be helpful to run dunst -print in a terminal in order
- # to find fitting options for rules.
-
- #[espeak]
- # summary = "*"
- # script = dunst_espeak.sh
-
- #[script-test]
- # summary = "*script*"
- # script = dunst_test.sh
-
- #[ignore]
- # # This notification will not be displayed
- # summary = "foobar"
- # format = ""
-
- #[signed_on]
- # appname = Pidgin
- # summary = "*signed on*"
- # urgency = low
- #
- #[signed_off]
- # appname = Pidgin
- # summary = *signed off*
- # urgency = low
- #
- #[says]
- # appname = Pidgin
- # summary = *says*
- # urgency = critical
- #
- #[twitter]
- # appname = Pidgin
- # summary = *twitter.com*
- # urgency = normal
- #
- # vim: ft=cfg
- '';
-in {
- systemd.user.services.dunst = {
- wantedBy = [ "graphical-session.target" ];
- requires = [ "xmonad.service" ];
- environment = {
- DISPLAY = ":${toString config.services.xserver.display}";
- };
- serviceConfig = {
- SyslogIdentifier = "dunst";
- ExecStart = "${pkgs.dunst}/bin/dunst -conf ${dunstConfig}";
- Restart = "always";
- RestartSec = "15s";
- StartLimitBurst = 0;
- };
- };
-}
diff --git a/lass/2configs/elster.nix b/lass/2configs/elster.nix
deleted file mode 100644
index 5d68def35..000000000
--- a/lass/2configs/elster.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.mainUser;
-
-in {
- users.extraUsers = {
- elster = {
- name = "elster";
- description = "user for running elster-online";
- home = "/home/elster";
- useDefaultShell = true;
- extraGroups = [];
- createHome = true;
- isNormalUser = true;
- };
- };
- krebs.per-user.elster.packages = [
- pkgs.chromium
- ];
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(elster) NOPASSWD: ALL
- '';
-}
diff --git a/lass/2configs/et-server.nix b/lass/2configs/et-server.nix
deleted file mode 100644
index 19961fb84..000000000
--- a/lass/2configs/et-server.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- services.eternal-terminal = {
- enable = true;
- };
- networking.firewall.allowedTCPPorts = [ config.services.eternal-terminal.port ];
-}
diff --git a/lass/2configs/exim-retiolum.nix b/lass/2configs/exim-retiolum.nix
deleted file mode 100644
index 589e17551..000000000
--- a/lass/2configs/exim-retiolum.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
- krebs.exim-retiolum = {
- enable = true;
- system-aliases = [
- { from = "root"; to = "lass"; }
- ];
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
- ];
-}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
deleted file mode 100644
index 2a3a6b1e5..000000000
--- a/lass/2configs/exim-smarthost.nix
+++ /dev/null
@@ -1,62 +0,0 @@
-{ config, lib, pkgs, ... }: with import <stockholm/lib>; let
-
- to = concatStringsSep "," [
- "lass@green.r"
- ];
-
- mails = import <secrets/mails.nix>;
-
-in {
- environment.systemPackages = [ pkgs.review-mail-queue ];
-
- krebs.exim-smarthost = {
- enable = true;
- dkim = [
- { domain = "lassul.us"; }
- ];
- ssl_cert = "/var/lib/acme/mail.lassul.us/fullchain.pem";
- ssl_key = "/var/lib/acme/mail.lassul.us/key.pem";
- primary_hostname = "lassul.us";
- sender_domains = [
- "lassul.us"
- ];
- relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
- config.krebs.hosts.aergia
- config.krebs.hosts.blue
- config.krebs.hosts.coaxmetal
- config.krebs.hosts.green
- config.krebs.hosts.mors
- config.krebs.hosts.xerxes
- ];
- internet-aliases = map (from: { inherit from to; }) mails ++ [
- ];
- system-aliases = [
- { from = "mailer-daemon"; to = "postmaster"; }
- { from = "postmaster"; to = "root"; }
- { from = "nobody"; to = "root"; }
- { from = "hostmaster"; to = "root"; }
- { from = "usenet"; to = "root"; }
- { from = "news"; to = "root"; }
- { from = "webmaster"; to = "root"; }
- { from = "www"; to = "root"; }
- { from = "ftp"; to = "root"; }
- { from = "abuse"; to = "root"; }
- { from = "noc"; to = "root"; }
- { from = "security"; to = "root"; }
- { from = "root"; to = "lass"; }
- ];
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
- ];
-
- security.acme.certs."mail.lassul.us" = {
- group = "lasscert";
- webroot = "/var/lib/acme/acme-challenge";
- };
- users.groups.lasscert.members = [
- "dovecot2"
- "exim"
- "nginx"
- ];
-}
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
deleted file mode 100644
index 781dad032..000000000
--- a/lass/2configs/fetchWallpaper.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-
-in {
- krebs.fetchWallpaper = {
- enable = true;
- url = "http://wallpaper.r/realwallpaper-krebs-stars-berlin.png";
- };
-}
-
diff --git a/lass/2configs/firefoxPatched.nix b/lass/2configs/firefoxPatched.nix
deleted file mode 100644
index daf8a28be..000000000
--- a/lass/2configs/firefoxPatched.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- lpkgs = import ../5pkgs { inherit pkgs; };
-
- inherit (lib)
- concatMapStrings
- ;
-
- plugins = with lpkgs.firefoxPlugins; [
- noscript
- ublock
- vimperator
- ];
-
- copyXpi = plugin:
- "cp ${plugin}/*.xpi $out/usr/lib/firefox-*/browser/extensions/";
-
- preferences = pkgs.writeText "autoload.js" ''
- pref('general.config.filename', 'firefox.cfg');
- pref('general.config.obscure_value', 0);
- '';
-
- config = pkgs.writeText "firefox.cfg" ''
- //
- lockPref("app.update.enabled", false);
- lockPref("extensions.update.enabled", false);
- lockPref("autoadmin.global_config_url", "");
- lockPref("extensions.checkUpdateSecurity", false);
- lockPref("services.sync.enabled", false);
- lockPref("browser.shell.checkDefaultBrowser", false);
- lockPref("layout.spellcheckDefault", 0);
- lockPref("app.update.auto", false);
- lockPref("browser.newtabpage.enabled", false);
- lockPref("noscript.firstRunRedirection", false);
- lockPref("noscript.hoverUI", false);
- lockPref("noscript.notify", false);
- defaultPref("extensions.newAddons", false);
- defaultPref("extensions.autoDisableScopes", 0);
- defaultPref("plugin.scan.plid.all", false);
- '';
-
-in {
- environment.systemPackages = [
- (pkgs.lib.overrideDerivation pkgs.firefox-bin (original : {
- installPhase = ''
- ${original.installPhase}
- find $out/usr/lib
- ${concatMapStrings copyXpi plugins}
- cd $out/usr/lib/firefox-*/
- mkdir -p browser/defaults/preferences
- cp ${preferences} browser/defaults/preferences/autoload.js
- cp ${config} ./firefox.cfg
- '';
- }))
- ];
-}
-
diff --git a/lass/2configs/fonts.nix b/lass/2configs/fonts.nix
deleted file mode 100644
index 3d047e513..000000000
--- a/lass/2configs/fonts.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- fonts = {
- fontDir.enable = true;
- enableGhostscriptFonts = true;
-
- fonts = with pkgs; [
- xorg.fontschumachermisc
- inconsolata
- noto-fonts
- (iosevka-bin.override { variant = "ss15"; })
- ];
- };
-}
diff --git a/lass/2configs/fysiirc.nix b/lass/2configs/fysiirc.nix
deleted file mode 100644
index b2912d894..000000000
--- a/lass/2configs/fysiirc.nix
+++ /dev/null
@@ -1,69 +0,0 @@
-{ config, lib, pkgs, ... }: let
-
- format-github-message = pkgs.writeDashBin "format-github-message" ''
- set -efu
- export PATH=${lib.makeBinPath [
- pkgs.jq
- ]}
- INPUT=$(jq -c .)
- if $(printf '%s' "$INPUT" | jq 'has("issue") or has("pull_request")'); then
- ${write_to_irc} "$(printf '%s' "$INPUT" | jq -r '
- "\(.action): " +
- "[\(.issue.title // .pull_request.title)] " +
- "\(.comment.html_url // .issue.html_url // .pull_request.html_url) "
- ')"
- fi
- '';
-
- write_to_irc = pkgs.writeDash "write_to_irc" ''
- ${pkgs.curl}/bin/curl -fsSv http://localhost:44001 \
- -H content-type:application/json \
- -d "$(${pkgs.jq}/bin/jq -n \
- --arg text "$1" '{
- command:"PRIVMSG",
- params:["#fysi",$text]
- }'
- )"
- '';
-
-in {
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 44002"; target = "ACCEPT"; }
- ];
- krebs.reaktor2.fysiweb-github = {
- hostname = "irc.libera.chat";
- port = "6697";
- useTLS = true;
- nick = "fysiweb-github";
- API.listen = "inet://127.0.0.1:44001";
- plugins = [
- {
- plugin = "register";
- config = {
- channels = [
- "#fysi"
- ];
- };
- }
- ];
- };
- krebs.htgen.fysiweb-github = {
- port = 44002;
- user = {
- name = "reaktor2-fysiweb-github";
- };
- script = ''. ${pkgs.writeDash "github-irc" ''
- set -xefu
- case "$Method $Request_URI" in
- "POST /")
- payload=$(head -c "$req_content_length")
- printf '%s' "$payload" | ${format-github-message}/bin/format-github-message
- printf 'HTTP/1.1 200 OK\r\n'
- printf 'Connection: close\r\n'
- printf '\r\n'
- exit
- ;;
- esac
- ''}'';
- };
-}
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
deleted file mode 100644
index 01941bde8..000000000
--- a/lass/2configs/games.nix
+++ /dev/null
@@ -1,96 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.mainUser;
- vdoom = pkgs.writeDash "vdoom" ''
- ${pkgs.zandronum}/bin/zandronum \
- -fov 120 \
- "$@"
- '';
- doom = pkgs.writeDash "doom" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} \
- -file $DOOM_DIR/lib/brutalv21.pk3 \
- "$@"
- '';
- doom1 = pkgs.writeDashBin "doom1" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
- '';
- doom2 = pkgs.writeDashBin "doom2" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
- '';
- vdoom1 = pkgs.writeDashBin "vdoom1" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
- '';
- vdoom2 = pkgs.writeDashBin "vdoom2" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
- '';
-
- doomservercfg = pkgs.writeText "doomserver.cfg" ''
- skill 7
- #survival true
- #sv_maxlives 4
- #sv_norespawn true
- #sv_weapondrop true
- no_jump true
- #sv_noweaponspawn true
- sv_sharekeys true
- sv_survivalcountdowntime 1
- sv_noteamselect true
- sv_updatemaster false
- #sv_coop_loseinventory true
- #cl_startasspectator false
- #lms_spectatorview false
- '';
-
- vdoomserver = pkgs.writeDashBin "vdoomserver" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
-
- ${pkgs.zandronum}/bin/zandronum-server \
- +exec ${doomservercfg} \
- "$@"
- '';
-
-in {
- users.extraUsers = {
- games = {
- name = "games";
- description = "user playing games";
- home = "/home/games";
- extraGroups = [ "audio" "video" "input" "loot" "pipewire" ];
- createHome = true;
- useDefaultShell = true;
- packages = with pkgs; [
- # minecraft
- # ftb
- # steam-run
- # scummvm
- # dolphinEmu
- doom1
- doom2
- # protontricks
- vdoom1
- # vdoom2
- # vdoomserver
- retroarchBare
- ];
- isNormalUser = true;
- };
- };
-
- hardware.opengl.driSupport32Bit = true;
- hardware.pulseaudio.support32Bit = true;
-
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(games) NOPASSWD: ALL
- '';
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 10666"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 10666"; target = "ACCEPT"; }
- ];
-}
diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix
deleted file mode 100644
index d56e95368..000000000
--- a/lass/2configs/gc.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ config, ... }:
-
-with import <stockholm/lib>;
-{
- nix.gc = {
- automatic = ! (elem config.krebs.build.host.name [ "aergia" "mors" "xerxes" "coaxmetal" ] || config.boot.isContainer);
- options = "--delete-older-than 15d";
- };
-}
diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix
deleted file mode 100644
index bb38f1f90..000000000
--- a/lass/2configs/gg23.nix
+++ /dev/null
@@ -1,93 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-
-{
- # ipv6 from vodafone is really really flaky
- boot.kernel.sysctl."net.ipv6.conf.et0.disable_ipv6" = 1;
- systemd.network.networks."50-et0" = {
- matchConfig.Name = "et0";
- DHCP = "ipv4";
- # dhcpV4Config.UseDNS = false;
- # dhcpV6Config.UseDNS = false;
- linkConfig = {
- RequiredForOnline = "routable";
- };
- networkConfig = {
- LinkLocalAddressing = "no";
- };
- # dhcpV6Config = {
- # PrefixDelegationHint = "::/60";
- # };
- # networkConfig = {
- # IPv6AcceptRA = true;
- # };
- # ipv6PrefixDelegationConfig = {
- # Managed = true;
- # };
- };
- boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
- systemd.network.networks."50-int0" = {
- name = "int0";
- address = [
- "10.42.0.1/24"
- ];
- networkConfig = {
- # IPForward = "yes";
- # IPMasquerade = "both";
- ConfigureWithoutCarrier = true;
- DHCPServer = "yes";
- # IPv6SendRA = "yes";
- # DHCPPrefixDelegation = "yes";
- };
- dhcpServerStaticLeases = [
- {
- dhcpServerStaticLeaseConfig = {
- Address = "10.42.0.4";
- MACAddress = "3c:2a:f4:22:28:37";
- };
- }
- ];
- };
- networking.networkmanager.unmanaged = [ "int0" ];
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i int0"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.filter.FORWARD.rules = [
- { predicate = "-i int0"; target = "ACCEPT"; }
- { predicate = "-o int0"; target = "ACCEPT"; }
- { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
- { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.POSTROUTING.rules = [
- { v6 = false; predicate = "-s 10.42.0.0/24"; target = "MASQUERADE"; }
- ];
-
- networking.domain = "gg23";
-
- networking.useHostResolvConf = false;
- services.resolved.extraConfig = ''
- DNSStubListener=no
- '';
- services.dnsmasq = {
- enable = true;
- resolveLocalQueries = false;
-
- extraConfig = ''
- local=/gg23/
- domain=gg23
- expand-hosts
- listen-address=10.42.0.1
- interface=int0
- '';
- };
-
- environment.systemPackages = [
- (pkgs.writers.writeDashBin "restart_router" ''
- ${pkgs.mosquitto}/bin/mosquitto_pub -h localhost -t 'cmnd/router/POWER' -u gg23 -P gg23-mqtt -m OFF
- sleep 2
- ${pkgs.mosquitto}/bin/mosquitto_pub -h localhost -t 'cmnd/router/POWER' -u gg23 -P gg23-mqtt -m ON
- '')
- ];
-}
diff --git a/lass/2configs/git-brain.nix b/lass/2configs/git-brain.nix
deleted file mode 100644
index d4ce263ef..000000000
--- a/lass/2configs/git-brain.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-let
-
- repos = krebs-repos;
- rules = concatMap krebs-rules (attrValues krebs-repos);
-
- krebs-repos = mapAttrs make-krebs-repo {
- brain = { };
- };
-
-
- make-krebs-repo = with git; name: { cgit ? {}, ... }: {
- inherit cgit name;
- public = false;
- hooks = {
- post-receive = pkgs.git-hooks.irc-announce {
- nick = config.networking.hostName;
- verbose = true;
- channel = "#xxx";
- # TODO remove the hardcoded hostname
- server = "irc.r";
- };
- };
- };
-
-
-
- # TODO: get the list of all krebsministers
- krebsminister = with config.krebs.users; [ makefu tv kmein ];
- krebs-rules = repo:
- set-owners repo [ config.krebs.users.lass ] ++ set-ro-access repo krebsminister;
-
- set-ro-access = with git; repo: user:
- singleton {
- inherit user;
- repo = [ repo ];
- perm = fetch;
- };
-
- set-owners = with git;repo: user:
- singleton {
- inherit user;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- };
-
-in {
- krebs.git = {
- enable = true;
- cgit = {
- enable = false;
- };
- inherit repos rules;
- };
-}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
deleted file mode 100644
index 16260b77b..000000000
--- a/lass/2configs/git.nix
+++ /dev/null
@@ -1,206 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
-
- out = {
- services.nginx.enable = true;
- krebs.git = {
- enable = true;
- cgit = {
- settings = {
- root-title = "public repositories at ${config.krebs.build.host.name}";
- root-desc = "keep calm and engage";
- };
- };
- repos = repos;
- rules = rules;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
-
- system.activationScripts.spool-chmod = ''
- ${pkgs.coreutils}/bin/chmod +x /var/spool
- '';
- };
-
- cgit-clear-cache = pkgs.cgit-clear-cache.override {
- inherit (config.krebs.git.cgit.settings) cache-root;
- };
-
- repos =
- public-repos //
- optionalAttrs config.krebs.build.host.secure restricted-repos;
-
- rules = concatMap make-rules (attrValues repos);
-
- public-repos = mapAttrs make-public-repo {
- Reaktor = {
- cgit.desc = "Reaktor IRC bot";
- cgit.section = "software";
- };
- buildbot-classic = {
- cgit.desc = "fork of buildbot";
- cgit.section = "software";
- };
- cholerab = {
- cgit.desc = "krebs thesauron & enterprise-patterns";
- cgit.section = "documentation";
- };
- disko = {
- cgit.desc = "take a description of your disk layout and produce a format script";
- cgit.section = "software";
- };
- go = {
- cgit.desc = "url shortener";
- cgit.section = "software";
- };
- grib2json-bin = {
- cgit.desc = "build jar of grib2json";
- cgit.section = "deployment";
- };
- krebspage = {
- cgit.desc = "homepage of krebs";
- cgit.section = "configuration";
- };
- krops = {
- cgit.desc = "krebs deployment";
- cgit.section = "software";
- };
- news = {
- cgit.desc = "take a rss feed and a timeout and print it to stdout";
- cgit.section = "software";
- };
- newsbot-js = {
- cgit.desc = "print rss feeds to irc channels";
- cgit.section = "software";
- };
- nix-user-chroot = {
- cgit.desc = "Fork of nix-user-chroot by lethalman";
- cgit.section = "software";
- };
- nix-writers = {
- cgit.desc = "high level writers for nix";
- cgit.section = "software";
- };
- nixos-generators = {
- cgit.desc = "custom image builders";
- cgit.section = "software";
- };
- nixpkgs = {
- cgit.desc = "nixpkgs fork";
- cgit.section = "configuration";
- };
- populate = {
- cgit.section = "software";
- };
- reaktor2 = {
- cgit.desc = "irc bot";
- cgit.section = "software";
- };
- stockholm = {
- cgit.desc = "take all the computers hostage, they'll love you!";
- cgit.section = "configuration";
- };
- stockholm-issues = {
- cgit.desc = "stockholm issues";
- cgit.section = "issues";
- };
- the_playlist = {
- cgit.desc = "Good Music collection + tools";
- cgit.section = "art";
- };
- workadventure-nix = {
- cgit.desc = "Nix packaging for workadventure";
- cgit.section = "deployment";
- };
- xmonad-stockholm = {
- cgit.desc = "krebs xmonad modules";
- cgit.section = "configuration";
- };
- } // mapAttrs make-public-repo-silent {
- };
-
- restricted-repos = mapAttrs make-restricted-repo (
- {
- brain = {
- collaborators = with config.krebs.users; [ tv makefu ];
- announce = true;
- };
- } //
- import <secrets/repos.nix> { inherit config lib pkgs; }
- );
-
- make-public-repo = name: { cgit ? {}, collaborators ? [], ... }: {
- inherit cgit collaborators name;
- public = true;
- hooks = {
- post-receive = ''
- ${pkgs.git-hooks.irc-announce {
- # TODO make nick = config.krebs.build.host.name the default
- nick = config.krebs.build.host.name;
- channel = "#xxx";
- # TODO define refs in some kind of option per repo
- server = "irc.r";
- verbose = config.krebs.build.host.name == "orange";
- }}
- ${cgit-clear-cache}/bin/cgit-clear-cache
- '';
- };
- };
-
- make-public-repo-silent = name: { cgit ? {}, ... }: {
- inherit cgit name;
- public = true;
- };
-
- make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? true, hooks ? {}, ... }: {
- inherit admins collaborators name;
- public = false;
- hooks = {
- post-receive = ''
- ${optionalString announce (pkgs.git-hooks.irc-announce {
- # TODO make nick = config.krebs.build.host.name the default
- nick = config.krebs.build.host.name;
- channel = "#xxx";
- # TODO define refs in some kind of option per repo
- refs = [
- "refs/heads/master"
- "refs/heads/staging*"
- ];
- server = "irc.r";
- verbose = false;
- })}
- ${cgit-clear-cache}/bin/cgit-clear-cache
- '';
- } // hooks;
- };
-
- make-rules =
- with git // config.krebs.users;
- repo:
- singleton {
- user = [ lass lass-green ];
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
- optional (length (repo.admins or []) > 0) {
- user = repo.admins;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
- optional (length (repo.collaborators or []) > 0) {
- user = repo.collaborators;
- repo = [ repo ];
- perm = fetch;
- } ++
- optional repo.public {
- user = attrValues config.krebs.users;
- repo = [ repo ];
- perm = fetch;
- };
-
-in out
diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix
deleted file mode 100644
index ecf89b298..000000000
--- a/lass/2configs/go.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- krebs.go = {
- enable = true;
- };
- services.nginx = {
- enable = true;
- virtualHosts.go = {
- locations."/".extraConfig = ''
- proxy_set_header Host go.lassul.us;
- proxy_pass http://localhost:1337;
- '';
- serverAliases = [
- "go.lassul.us"
- ];
- };
- };
-}
-
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
deleted file mode 100644
index 66088a562..000000000
--- a/lass/2configs/green-host.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ config, pkgs, ... }:
-{
- krebs.sync-containers3.containers.green = {
- sshKey = "${toString <secrets>}/green.sync.key";
- };
-}
diff --git a/lass/2configs/green-hosts/cryfs.nix b/lass/2configs/green-hosts/cryfs.nix
deleted file mode 100644
index d60dc5951..000000000
--- a/lass/2configs/green-hosts/cryfs.nix
+++ /dev/null
@@ -1,95 +0,0 @@
-# seems to work, very slow though
-
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-let
-
- cname = "green-cryfs";
-
-in {
- imports = [
- <stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/syncthing.nix>
- ];
-
- programs.fuse.userAllowOther = true;
-
- services.syncthing.declarative.folders."/var/lib/sync-containers/${cname}/cryfs" = {
- devices = [ "icarus" "skynet" "littleT" "shodan" "mors" "morpheus" ];
- ignorePerms = false;
- };
-
- lass.bindfs."/var/lib/sync-containers/${cname}/cryfs" = {
- source = "/var/lib/sync-containers/${cname}/cryfs";
- options = [
- "-M ${toString config.users.users.syncthing.uid} -u root -g root"
- ];
- };
-
-
- systemd.services."container@${cname}".reloadIfChanged = mkForce false;
- containers.${cname} = {
- config = { ... }: {
- environment.systemPackages = [
- pkgs.git
- pkgs.rxvt-unicode-unwrapped.terminfo
- ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- system.activationScripts.fuse = {
- text = ''
- ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229
- '';
- deps = [];
- };
- };
- allowedDevices = [
- { modifier = "rwm"; node = "/dev/fuse"; }
- ];
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs
- localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs
- };
-
- environment.systemPackages = [
- (pkgs.writeDashBin "init-${cname}" ''
- set -euf
- set -x
-
- mkdir -p /var/lib/sync-containers/${cname}/cryfs
- '')
- (pkgs.writeDashBin "start-${cname}" ''
- set -euf
- set -x
-
- mkdir -p /var/lib/containers/${cname}/var/state
-
- STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${cname})
- if [ "$STATE" = 'down' ]; then
- ${pkgs.nixos-container}/bin/nixos-container start ${cname}
- fi
-
- ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- ${pkgs.writeDash "deploy-${cname}" ''
- set -x
-
- mkdir -p /var/state/var_src
- ln -sfTr /var/state/var_src /var/src
- touch /etc/NIXOS
- ''}
-
- if [ -h /var/lib/containers/${cname}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${cname}.r); then
- ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- nixos-rebuild -I /var/src switch
- fi
- '')
- (pkgs.writeDashBin "stop-${cname}" ''
- set -euf
-
- ${pkgs.nixos-container}/bin/nixos-container stop ${cname}
- '')
- ];
-}
diff --git a/lass/2configs/green-hosts/ecryptfs.nix b/lass/2configs/green-hosts/ecryptfs.nix
deleted file mode 100644
index 2c335f6f2..000000000
--- a/lass/2configs/green-hosts/ecryptfs.nix
+++ /dev/null
@@ -1,99 +0,0 @@
-
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-let
-
- cname = "green";
-
-in {
- imports = [
- <stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/syncthing.nix>
- ];
-
- programs.fuse.userAllowOther = true;
-
- services.syncthing.declarative.folders."/var/lib/sync-containers/${cname}/ecryptfs" = {
- devices = [ "icarus" "skynet" "littleT" "shodan" "mors" "morpheus" ];
- ignorePerms = false;
- };
-
- krebs.permown."/var/lib/sync-containers/${cname}/ecryptfs" = {
- file-mode = "u+rw";
- directory-mode = "u+rwx";
- owner = "syncthing";
- keepGoing = false;
- };
-
- systemd.services."container@${cname}".reloadIfChanged = mkForce false;
- containers.${cname} = {
- config = { ... }: {
- environment.systemPackages = [
- pkgs.git
- pkgs.rxvt-unicode-unwrapped.terminfo
- ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- system.activationScripts.fuse = {
- text = ''
- ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229
- '';
- deps = [];
- };
- };
- allowedDevices = [
- { modifier = "rwm"; node = "/dev/fuse"; }
- ];
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs
- localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs
- };
-
- environment.systemPackages = [
- pkgs.ecryptfs
- pkgs.keyutils
- (pkgs.writeDashBin "start-${cname}" ''
- set -euf
- set -x
-
- mkdir -p /var/lib/containers/${cname}/var/state
-
- if ! mount | grep -q '/var/lib/sync-containers/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then
- if [ -e /var/lib/sync-containers/${cname}/ecryptfs/.cfg.json ]; then
- ${pkgs.ecrypt}/bin/ecrypt mount /var/lib/sync-containers/${cname}/ecryptfs /var/lib/containers/${cname}/var/state
- else
- ${pkgs.ecrypt}/bin/ecrypt init /var/lib/sync-containers/${cname}/ecryptfs /var/lib/containers/${cname}/var/state
- fi
- fi
-
- STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${cname})
- if [ "$STATE" = 'down' ]; then
- ${pkgs.nixos-container}/bin/nixos-container start ${cname}
- fi
-
- ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- ${pkgs.writeDash "deploy-${cname}" ''
- set -x
-
- mkdir -p /var/state/var_src
- ln -sfTr /var/state/var_src /var/src
- touch /etc/NIXOS
- ''}
-
- if [ -h /var/lib/containers/${cname}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${cname}.r); then
- ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- nixos-rebuild -I /var/src switch
- fi
- '')
- (pkgs.writeDashBin "stop-${cname}" ''
- set -euf
-
- ${pkgs.nixos-container}/bin/nixos-container stop ${cname}
- ${pkgs.ecrypt}/bin/ecrypt unmount /var/lib/sync-containers/${cname}/ecryptfs /var/lib/containers/${cname}/var/state
- '')
- ];
-}
-
diff --git a/lass/2configs/green-hosts/plain-bindfs.nix b/lass/2configs/green-hosts/plain-bindfs.nix
deleted file mode 100644
index 81d8f20c2..000000000
--- a/lass/2configs/green-hosts/plain-bindfs.nix
+++ /dev/null
@@ -1,90 +0,0 @@
-# this seems to work, sadly there are no inotify events on the state directory because bindfs hides them,
-
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-let
-
- cname = "green-plain";
-
-in {
- imports = [
- <stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/syncthing.nix>
- ];
-
- programs.fuse.userAllowOther = true;
-
- services.syncthing.declarative.folders."/var/lib/containers/${cname}/var/state" = {
- devices = [ "icarus" "skynet" "littleT" "shodan" "mors" "morpheus" ];
- ignorePerms = false;
- };
-
- lass.bindfs."/var/lib/containers/${cname}/var/state" = {
- source = "/var/lib/containers/${cname}/var/state";
- options = [
- "-M ${toString config.users.users.syncthing.uid} -u root -g root"
- ];
- };
-
-
- systemd.services."container@${cname}".reloadIfChanged = mkForce false;
- containers.${cname} = {
- config = { ... }: {
- environment.systemPackages = [
- pkgs.git
- pkgs.rxvt-unicode-unwrapped.terminfo
- ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- system.activationScripts.fuse = {
- text = ''
- ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229
- '';
- deps = [];
- };
- };
- allowedDevices = [
- { modifier = "rwm"; node = "/dev/fuse"; }
- ];
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs
- localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs
- };
-
- environment.systemPackages = [
- (pkgs.writeDashBin "start-${cname}" ''
- set -euf
- set -x
-
- mkdir -p /var/lib/containers/${cname}/var/state
-
- STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${cname})
- if [ "$STATE" = 'down' ]; then
- ${pkgs.nixos-container}/bin/nixos-container start ${cname}
- fi
-
- ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- ${pkgs.writeDash "deploy-${cname}" ''
- set -x
-
- mkdir -p /var/state/var_src
- ln -sfTr /var/state/var_src /var/src
- touch /etc/NIXOS
- ''}
-
- if [ -h /var/lib/containers/${cname}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${cname}.r); then
- ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- nixos-rebuild -I /var/src switch
- fi
- '')
- (pkgs.writeDashBin "stop-${cname}" ''
- set -euf
-
- ${pkgs.nixos-container}/bin/nixos-container stop ${cname}
- '')
- ];
-}
-
diff --git a/lass/2configs/green-hosts/plain-permown.nix b/lass/2configs/green-hosts/plain-permown.nix
deleted file mode 100644
index 21a7d0085..000000000
--- a/lass/2configs/green-hosts/plain-permown.nix
+++ /dev/null
@@ -1,88 +0,0 @@
-# this seems to work fine, downsides are, all state is owned by syncthing and could be read by the guests syncthing
-
-
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-let
-
- cname = "green-plain";
-
-in {
- imports = [
- <stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/syncthing.nix>
- ];
-
- services.syncthing.declarative.folders."/var/lib/containers/${cname}/var/state" = {
- devices = [ "icarus" "skynet" "littleT" "shodan" "mors" "morpheus" ];
- ignorePerms = false;
- };
-
- krebs.permown."/var/lib/containers/${cname}/var/state" = {
- file-mode = "u+rw";
- directory-mode = "u+rwx";
- owner = "syncthing";
- keepGoing = true;
- };
-
- systemd.services."container@${cname}".reloadIfChanged = mkForce false;
- containers.${cname} = {
- config = { ... }: {
- environment.systemPackages = [
- pkgs.git
- pkgs.rxvt-unicode-unwrapped.terminfo
- ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- system.activationScripts.fuse = {
- text = ''
- ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229
- '';
- deps = [];
- };
- };
- allowedDevices = [
- { modifier = "rwm"; node = "/dev/fuse"; }
- ];
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs
- localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs
- };
-
- environment.systemPackages = [
- (pkgs.writeDashBin "start-${cname}" ''
- set -euf
- set -x
-
- mkdir -p /var/lib/containers/${cname}/var/state
-
- STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${cname})
- if [ "$STATE" = 'down' ]; then
- ${pkgs.nixos-container}/bin/nixos-container start ${cname}
- fi
-
- ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- ${pkgs.writeDash "deploy-${cname}" ''
- set -x
-
- mkdir -p /var/state/var_src
- ln -sfTr /var/state/var_src /var/src
- touch /etc/NIXOS
- ''}
-
- if [ -h /var/lib/containers/${cname}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${cname}.r); then
- ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- nixos-rebuild -I /var/src switch
- fi
- '')
- (pkgs.writeDashBin "stop-${cname}" ''
- set -euf
-
- ${pkgs.nixos-container}/bin/nixos-container stop ${cname}
- '')
- ];
-}
-
diff --git a/lass/2configs/green-hosts/plain.nix b/lass/2configs/green-hosts/plain.nix
deleted file mode 100644
index 58f54b748..000000000
--- a/lass/2configs/green-hosts/plain.nix
+++ /dev/null
@@ -1,87 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-let
-
- cname = "green-plain";
-
-in {
- imports = [
- <stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/syncthing.nix>
- ];
-
- programs.fuse.userAllowOther = true;
-
- services.syncthing.declarative.folders."/var/lib/containers/${cname}/var/state" = {
- devices = [ "icarus" "skynet" "littleT" "shodan" "mors" "morpheus" ];
- ignorePerms = false;
- };
-
- krebs.permown."/var/lib/containers/${cname}/var/state" = {
- file-mode = "u+rw";
- directory-mode = "u+rwx";
- owner = "syncthing";
- keepGoing = true;
- };
-
- systemd.services."container@${cname}".reloadIfChanged = mkForce false;
- containers.${cname} = {
- config = { ... }: {
- environment.systemPackages = [
- pkgs.git
- pkgs.rxvt-unicode-unwrapped.terminfo
- ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- system.activationScripts.fuse = {
- text = ''
- ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229
- '';
- deps = [];
- };
- };
- allowedDevices = [
- { modifier = "rwm"; node = "/dev/fuse"; }
- ];
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs
- localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs
- };
-
- environment.systemPackages = [
- (pkgs.writeDashBin "start-${cname}" ''
- set -euf
- set -x
-
- mkdir -p /var/lib/containers/${cname}/var/state
-
- STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${cname})
- if [ "$STATE" = 'down' ]; then
- ${pkgs.nixos-container}/bin/nixos-container start ${cname}
- fi
-
- ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- ${pkgs.writeDash "deploy-${cname}" ''
- set -x
-
- mkdir -p /var/state/var_src
- ln -sfTr /var/state/var_src /var/src
- touch /etc/NIXOS
- ''}
-
- if [ -h /var/lib/containers/${cname}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${cname}.r); then
- ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- nixos-rebuild -I /var/src switch
- fi
- '')
- (pkgs.writeDashBin "stop-${cname}" ''
- set -euf
-
- ${pkgs.nixos-container}/bin/nixos-container stop ${cname}
- '')
- ];
-}
-
diff --git a/lass/2configs/green-hosts/securefs.nix b/lass/2configs/green-hosts/securefs.nix
deleted file mode 100644
index a69cfe6ca..000000000
--- a/lass/2configs/green-hosts/securefs.nix
+++ /dev/null
@@ -1,101 +0,0 @@
-# broken, muchsync cant sync into the folders which should be handles by bindfs
-# ls -la also does not show the full directory permissions
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-let
-
- cname = "green";
-
-in {
- imports = [
- <stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/syncthing.nix>
- ];
-
- programs.fuse.userAllowOther = true;
-
- services.syncthing.declarative.folders."/var/lib/sync-containers/${cname}/securefs" = {
- devices = [ "icarus" "skynet" "littleT" "shodan" "mors" "morpheus" ];
- ignorePerms = false;
- };
-
- krebs.permown."/var/lib/sync-containers/${cname}/securefs" = {
- file-mode = "u+rw";
- directory-mode = "u+rwx";
- owner = "syncthing";
- keepGoing = false;
- };
-
- systemd.services."container@${cname}".reloadIfChanged = mkForce false;
- containers.${cname} = {
- config = { ... }: {
- environment.systemPackages = [
- pkgs.git
- pkgs.rxvt-unicode-unwrapped.terminfo
- ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- system.activationScripts.fuse = {
- text = ''
- ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229
- '';
- deps = [];
- };
- };
- allowedDevices = [
- { modifier = "rwm"; node = "/dev/fuse"; }
- ];
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs
- localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs
- };
-
- environment.systemPackages = [
- (pkgs.writeDashBin "start-${cname}" ''
- set -euf
- set -x
-
- mkdir -p /var/lib/containers/${cname}/var/state
-
- if ! mount | grep -q 'securefs on /var/lib/containers/${cname}/var/state type fuse.securefs'; then
- if ! ${pkgs.securefs}/bin/securefs info /var/lib/sync-containers/${cname}/securefs; then
- ${pkgs.securefs}/bin/securefs create --format 4 /var/lib/sync-containers/${cname}/securefs
- fi
-
- ${pkgs.securefs}/bin/securefs mount -b \
- -o allow_other -o default_permissions \
- --log /var/lib/sync-containers/${cname}/securefs.log \
- /var/lib/sync-containers/${cname}/securefs /var/lib/containers/${cname}/var/state
- fi
-
- STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${cname})
- if [ "$STATE" = 'down' ]; then
- ${pkgs.nixos-container}/bin/nixos-container start ${cname}
- fi
-
- ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- ${pkgs.writeDash "deploy-${cname}" ''
- set -x
-
- mkdir -p /var/state/var_src
- ln -sfTr /var/state/var_src /var/src
- touch /etc/NIXOS
- ''}
-
- if [ -h /var/lib/containers/${cname}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${cname}.r); then
- ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- nixos-rebuild -I /var/src switch
- fi
- '')
- (pkgs.writeDashBin "stop-${cname}" ''
- set -euf
-
- ${pkgs.nixos-container}/bin/nixos-container stop ${cname}
- umount /var/lib/containers/${cname}/var/state
- '')
- ];
-}
-
diff --git a/lass/2configs/gsm-wiki.nix b/lass/2configs/gsm-wiki.nix
deleted file mode 100644
index 77b944ef8..000000000
--- a/lass/2configs/gsm-wiki.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- services.nginx.virtualHosts."docs.c3gsm.de" = {
- forceSSL = true;
- enableACME = true;
- locations."/".extraConfig = ''
- auth_basic "Restricted Content";
- auth_basic_user_file ${pkgs.writeText "flix-user-pass" ''
- c3gsm:$apr1$q9OrPI4C$7AY4EIp3J2Xc4eLMbPGE21
- ''};
- root /srv/http/docs.c3gsm.de;
- '';
- };
-
- services.nginx.virtualHosts."c3gsm.de" = {
- forceSSL = true;
- enableACME = true;
- locations."/".extraConfig = ''
- root /srv/http/c3gsm.de;
- '';
- };
-
- users.users.c3gsm-docs = {
- isNormalUser = true;
- home = "/srv/http/docs.c3gsm.de";
- createHome = true;
- homeMode = "750";
- useDefaultShell = true;
- group = "nginx";
- openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlW1fvCrVXhVH/z76fXBWYR/qyecYTE9VOOkFLJ6OwG user@osmocom-dev"
- ];
- };
-
- users.users.c3gsm = {
- isNormalUser = true;
- home = "/srv/http/c3gsm.de";
- createHome = true;
- homeMode = "750";
- useDefaultShell = true;
- group = "nginx";
- openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlW1fvCrVXhVH/z76fXBWYR/qyecYTE9VOOkFLJ6OwG user@osmocom-dev"
- ];
- };
-}
diff --git a/lass/2configs/hardening.nix b/lass/2configs/hardening.nix
deleted file mode 100644
index aee4bf06f..000000000
--- a/lass/2configs/hardening.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs, lib, ... }:
-with lib;
-{
- security.chromiumSuidSandbox.enable = true;
- security.lockKernelModules = false;
- boot.kernel.sysctl."user.max_user_namespaces" = 63414;
-
- imports = [
- <nixpkgs/nixos/modules/profiles/hardened.nix>
- ];
-}
diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix
deleted file mode 100644
index 1745bbfe5..000000000
--- a/lass/2configs/hass/default.nix
+++ /dev/null
@@ -1,125 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import ./lib.nix { inherit lib; };
-let
- dwdwfsapi = pkgs.python3Packages.buildPythonPackage rec {
- pname = "dwdwfsapi";
- version = "1.0.3";
-
- src = pkgs.python3Packages.fetchPypi {
- inherit pname version;
- sha256 = "0fcv79xiq0qr4kivhd68iqpgrsjc7djxqs2h543pyr0sdgb5nz9x";
- };
-
- buildInputs = with pkgs.python3Packages; [
- requests ciso8601
- ];
-
- # LC_ALL = "en_US.UTF-8";
- };
-
-in {
- imports = [
- ./pyscript
- ./zigbee.nix
- ./rooms/bett.nix
- ./rooms/essen.nix
- ./rooms/nass.nix
- ];
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i int0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto
- { predicate = "-i docker0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto
- { predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass
- { predicate = "-i int0 -p tcp --dport 1337"; target = "ACCEPT"; } # zigbee2mqtt frontend
- { predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass
- { predicate = "-i retiolum -p tcp --dport 1337"; target = "ACCEPT"; } # zigbee2mqtt frontend
- { predicate = "-i wiregrill -p tcp --dport 8123"; target = "ACCEPT"; } # hass
- ];
-
- services.home-assistant = {
- enable = true;
- configWritable = true;
- lovelaceConfigWritable = true;
- config = let
- tasmota = name: topic: {
- inherit name;
- state_topic = "stat/${topic}/POWER";
- command_topic = "cmnd/${topic}/POWER";
- payload_on = "ON";
- payload_off = "OFF";
- };
- in {
- homeassistant = {
- name = "Home";
- time_zone = "Europe/Berlin";
- latitude = "52.46187";
- longitude = "13.41489";
- elevation = 90;
- unit_system = "metric";
- # customize = friendly_names;
- };
- config = {};
- sun.elevation = 66;
- shopping_list = {};
- discovery = {};
- frontend = {};
- http = {};
- # mqtt = {
- # broker = "localhost";
- # port = 1883;
- # client_id = "home-assistant";
- # username = "gg23";
- # password = "gg23-mqtt";
- # keepalive = 60;
- # protocol = 3.1;
-
- # discovery = true;
- # birth_message = {
- # topic = "/hass/status";
- # payload = "online";
- # };
- # will_message = {
- # topic = "/hass/status";
- # payload = "offline";
- # };
- # };
- sensor = [
- {
- platform = "dwd_weather_warnings";
- region_name = "Berlin";
- }
- ];
- mqtt.switch = [
- (tasmota "TV" "tv")
- (tasmota "Drucker Strom" "drucker")
- (tasmota "Waschmaschine" "wasch")
- (tasmota "Stereo Anlage" "stereo")
- (tasmota "Wohnzimmer Lampe" "wohn_lampe")
- ];
- mobile_app = {};
- weather = [
- {
- platform = "openweathermap";
- api_key = "xxx"; # TODO put into secrets
- }
- ];
- system_health = {};
- history = {};
- shopping_list = {};
- media_player = {
- platform = "snapcast";
- host = "127.0.0.1";
- };
- };
- };
-
- services.mosquitto = {
- enable = true;
- listeners = [{
- acl = [ ];
- users.gg23 = { acl = [ "readwrite #" ]; password = "gg23-mqtt"; };
- }];
- };
-
- environment.systemPackages = [ pkgs.mosquitto ];
-}
diff --git a/lass/2configs/hass/lib.nix b/lass/2configs/hass/lib.nix
deleted file mode 100644
index 72ff2966f..000000000
--- a/lass/2configs/hass/lib.nix
+++ /dev/null
@@ -1,256 +0,0 @@
-{ lib, ... }:
-rec {
- lights = {
- bett = "l_bett";
- essen = "l_essen";
- arbeit = "l_arbeit";
- nass = "l_nass";
- };
-
- switches = {
- dimmer = {
- bett = "i_bett";
- essen = "i_essen";
- nass = "i_nass";
- };
- };
-
- sensors = {
- movement = {
- essen = "s_essen";
- nass = "s_nass";
- };
- };
-
- friendly_names =
- lib.mapAttrs' (n: v: lib.nameValuePair "light.${v}" { friendly_name = "l.${n}"; }) lights //
- lib.mapAttrs' (n: v: lib.nameValuePair "binary_sensor.${v}_update_available" { friendly_name = "s.${n}_up"; }) switches.dimmer //
- lib.mapAttrs' (n: v: lib.nameValuePair "binary_sensor.${v}_update_available" { friendly_name = "i.${n}_up"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "binary_sensor.${v}_update_available" { friendly_name = "l.${n}_up"; }) lights //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_linkquality" { friendly_name = "s.${n}_link"; }) switches.dimmer //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_linkquality" { friendly_name = "i.${n}_link"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_linkquality" { friendly_name = "l.${n}_link"; }) lights //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_battery" { friendly_name = "s.${n}_bat"; }) switches.dimmer //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_battery" { friendly_name = "i.${n}_bat"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_action" { friendly_name = "s.${n}_act"; }) switches.dimmer //
- lib.mapAttrs' (n: v: lib.nameValuePair "binary_sensor.${v}_occupancy" { friendly_name = "i.${n}_move"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "binary_sensor.${v}_occupancy" { friendly_name = "i.${n}_move"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_temperature" { friendly_name = "i.${n}_heat"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_temperature" { friendly_name = "i.${n}_heat"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_illuminance" { friendly_name = "i.${n}_lux"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_illuminance" { friendly_name = "i.${n}_lux"; }) sensors.movement //
- {};
-
- detect_movement = name: sensor: light: delay:
- let
- id = name;
- sensor_ = "binary_sensor.${sensor}_occupancy";
- light_ = "light.${light}";
- in {
- input_boolean."${id}" = {
- };
- timer."${id}" = {
- duration = delay;
- };
- automation = [
- # {
- # alias = "debug detect_movement";
- # trigger = {
- # platform = "state";
- # entity_id = sensor_;
- # };
- # action = [
- # {
- # service = "system_log.write";
- # data_template = {
- # message = "XXXXXXXXXXXXXXXXXXXXXX {{ states('input_boolean.${sensor}_${light}_triggered') == 'on' }}";
- # #message = "XXXXXXXXXXXXXXXXXXXXXX {{ state_attr('trigger.to_state.state', 'illuminance') }}";
- # };
- # }
- # ];
- # }
- {
- alias = "movement reset timer ${id}";
- trigger = {
- platform = "state";
- entity_id = sensor_;
- from = "off";
- to = "on";
- };
- action = [
- {
- service = "timer.cancel";
- data_template.entity_id = "timer.${id}";
- }
- ];
- }
- {
- alias = "movement on ${id}";
- trigger = {
- platform = "state";
- entity_id = "binary_sensor.${sensor}_occupancy";
- from = "off";
- to = "on";
- };
- condition = {
- condition = "and";
- conditions = [
- {
- condition = "template";
- value_template = "{{ trigger.to_state.attributes.illuminance < 7500 }}";
- }
- {
- condition = "template";
- value_template = "{{ states('${light_}') == 'off' }}";
- }
- ];
- };
- action = [
- {
- service = "light.turn_on";
- data_template = {
- entity_id = light_;
- brightness = "100";
- };
- }
- { delay = "0:00:02"; }
- {
- service = "input_boolean.turn_on";
- data_template.entity_id = "input_boolean.${id}";
- }
- ];
- }
- {
- alias = "movement off ${id}";
- trigger = {
- platform = "state";
- entity_id = sensor_;
- from = "on";
- to = "off";
- };
- condition = {
- condition = "template";
- value_template = "{{ states('input_boolean.${id}') == 'on' }}";
- };
- action = [
- {
- service = "timer.start";
- entity_id = "timer.${id}";
- }
- ];
- }
- {
- alias = "movement override ${id}";
- trigger = {
- platform = "state";
- entity_id = light_;
- };
- action = [
- {
- service = "input_boolean.turn_off";
- data_template.entity_id = "input_boolean.${id}";
- }
- {
- service = "system_log.write";
- data_template = {
- message = "XXXXXXXXXXXXXXXXXXXXXX {{ trigger }}";
- };
- }
- ];
- }
- {
- alias = "movement expired ${id}";
- trigger = {
- platform = "event";
- event_type = "timer.finished";
- event_data.entity_id = "timer.${id}";
- };
- action = [
- {
- service = "light.turn_off";
- data_template = {
- entity_id = light_;
- };
- }
- {
- service = "input_boolean.turn_off";
- data_template.entity_id = "input_boolean.${id}";
- }
- ];
- }
- ];
- };
-
- lightswitch = name: switch: light: {
- automation = [
- {
- alias = "lightswitch ${name} turn on";
- trigger = {
- platform = "mqtt";
- topic = "zigbee/${switch}";
- };
- condition = {
- condition = "or";
- conditions = [
- {
- condition = "template";
- value_template = "{{ trigger.payload_json.action == 'on-press' }}";
- }
- {
- condition = "template";
- value_template = "{{ trigger.payload_json.action == 'up-press' }}";
- }
- {
- condition = "and";
- conditions = [
- {
- condition = "template";
- value_template = "{{ trigger.payload_json.action == 'down-press' }}";
- }
- {
- condition = "template";
- value_template = "{{ trigger.payload_json.brightness > 30 }}";
- }
- ];
- }
- ];
- };
- action = [
- {
- service = "light.turn_on";
- data_template = {
- entity_id = "light.${light}";
- brightness = "{{ trigger.payload_json.brightness }}";
- };
- }
- ];
- }
- {
- alias = "lightswitch ${name} turn off";
- trigger = {
- platform = "mqtt";
- topic = "zigbee/${switch}";
- };
- condition = {
- condition = "or";
- conditions = [
- {
- condition = "template";
- value_template = "{{ trigger.payload_json.action == 'off-press' }}";
- }
- {
- condition = "template";
- value_template = "{{ trigger.payload_json.brightness < 30 }}";
- }
- ];
- };
- action = {
- service = "light.turn_off";
- data_template = {
- entity_id = "light.${light}";
- };
- };
- }
- ];
- };
-}
diff --git a/lass/2configs/hass/pyscript/.gitignore b/lass/2configs/hass/pyscript/.gitignore
deleted file mode 100644
index 282debf56..000000000
--- a/lass/2configs/hass/pyscript/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-hass_token
diff --git a/lass/2configs/hass/pyscript/default.nix b/lass/2configs/hass/pyscript/default.nix
deleted file mode 100644
index c56967e4b..000000000
--- a/lass/2configs/hass/pyscript/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- systemd.tmpfiles.rules = [
- "L+ /var/lib/hass/custom_components/pyscript - - - - ${pkgs.fetchzip {
- url = "https://github.com/custom-components/pyscript/releases/download/1.3.2/hass-custom-pyscript.zip";
- sha256 = "0cqdjj46s5xp4mqxb0ic790jm1xp3z0zr2n9f7bsfl5zpvdshl8z";
- stripRoot = false;
- }}"
- ];
-
- services.home-assistant = {
- package = (pkgs.home-assistant.overrideAttrs (old: {
- doInstallCheck = false;
- })).override {
- extraPackages = pp: [ pp.croniter ];
- };
- config.pyscript = {
- allow_all_imports = true;
- hass_is_global = true;
- };
- };
-
- networking.firewall.interfaces.retiolum.allowedTCPPortRanges = [
- { from = 50321; to = 50341; } # for ipython interactive debugging
- ];
-}
diff --git a/lass/2configs/hass/pyscript/shell.nix b/lass/2configs/hass/pyscript/shell.nix
deleted file mode 100644
index 3cfac0275..000000000
--- a/lass/2configs/hass/pyscript/shell.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{ pkgs ? import <nixpkgs> {} }: let
-
- hass_host = "styx.r";
- hass_token = builtins.readFile ./hass_token;
-
- mach-nix = import (builtins.fetchGit {
- url = "https://github.com/DavHau/mach-nix/";
- ref = "refs/tags/3.4.0";
- }) {
- pkgs = pkgs;
- };
- pyenv = mach-nix.mkPython {
- requirements = ''
- hass_pyscript_kernel
- '';
- };
- jupyter = import (builtins.fetchGit {
- url = https://github.com/tweag/jupyterWith;
- ref = "master";
- }) {};
-
- pyscriptKernel = {
- spec = pkgs.runCommand "pyscript" {} ''
- mkdir -p $out/kernels/pyscript
- cp ${kernel_json} $out/kernels/pyscript/kernel.json
- cp ${pyscript_conf} $out/kernels/pyscript/pyscript.conf
- '';
- runtimePackages = [ pyenv ];
- };
-
- kernel_json = pkgs.writeText "kernel.json" (builtins.toJSON {
- argv = [
- "${pyenv}/bin/python3" "-m" "hass_pyscript_kernel"
- "-f" "{connection_file}"
- ];
- display_name = "hass_pyscript";
- language = "python";
- });
-
- pyscript_conf = pkgs.writeText "pyscript.conf" ''
- [homeassistant]
- hass_host = ${hass_host}
- hass_url = http://''${hass_host}:8123
- hass_token = ${hass_token}
- '';
-
- jupyterEnvironment = jupyter.jupyterlabWith {
- kernels = [ pyscriptKernel ];
- };
-
-in jupyterEnvironment.env
diff --git a/lass/2configs/hass/rooms/bett.nix b/lass/2configs/hass/rooms/bett.nix
deleted file mode 100644
index 026c5722c..000000000
--- a/lass/2configs/hass/rooms/bett.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ lib, ... }:
-with import ../lib.nix { inherit lib; };
-
-{
- services.home-assistant.config = lib.mkMerge [
- (lightswitch "bett" switches.dimmer.bett lights.bett)
- ];
-
- # lass.hass.love = {
- # resources = [{
- # url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map";
- # type = "js";
- # }];
- # views = [{
- # title = "bett";
- # cards = [
- # {
- # type = "markdown";
- # title = "hello world";
- # content = "This is just a test";
- # }
- # {
- # type = "light";
- # entity = "light.${lights.bett}";
- # }
- # {
- # type = "custom:light-entity-card";
- # entity = "light.${lights.bett}";
- # }
- # {
- # type = "history-graph";
- # entities = [
- # "light.${lights.bett}"
- # ];
- # }
- # ];
- # }];
- # };
-}
diff --git a/lass/2configs/hass/rooms/essen.nix b/lass/2configs/hass/rooms/essen.nix
deleted file mode 100644
index 293935f65..000000000
--- a/lass/2configs/hass/rooms/essen.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ lib, ... }:
-with import ../lib.nix { inherit lib; };
-
-{
- services.home-assistant.config = lib.mkMerge [
- (detect_movement "essen" sensors.movement.essen lights.essen 70)
- (lightswitch "essen" switches.dimmer.essen lights.essen)
- ];
-}
diff --git a/lass/2configs/hass/rooms/nass.nix b/lass/2configs/hass/rooms/nass.nix
deleted file mode 100644
index b23ba86cd..000000000
--- a/lass/2configs/hass/rooms/nass.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ lib, ... }:
-with import ../lib.nix { inherit lib; };
-
-{
- services.home-assistant.config = lib.mkMerge [
- (detect_movement "nass" sensors.movement.nass lights.nass 100)
- (lightswitch "nass" switches.dimmer.nass lights.nass)
- ];
-}
-
diff --git a/lass/2configs/hass/zigbee.nix b/lass/2configs/hass/zigbee.nix
deleted file mode 100644
index 210c761b5..000000000
--- a/lass/2configs/hass/zigbee.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{config, pkgs, lib, ...}: let
-
- unstable-pkgs = import <nixpkgs-unstable> {};
-
-in {
- # symlink the zigbee controller
- services.udev.extraRules = ''
- SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="cc2531", MODE="0660", GROUP="dialout"
- SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="cc2652", MODE="0660", GROUP="dialout"
- '';
-
- # needed to use unstable package
- systemd.services.zigbee2mqtt.environment.ZIGBEE2MQTT_DATA = "/var/lib/zigbee2mqtt";
-
- services.zigbee2mqtt = {
- enable = true;
- package = unstable-pkgs.zigbee2mqtt;
- settings = {
- homeassistant = true;
- frontend.port = 1337;
- experimental.new_api = true;
- permit_join = false;
- mqtt = {
- discovery = true;
- base_topic = "zigbee";
- server = "mqtt://10.42.0.1";
- user = "gg23";
- password = "gg23-mqtt";
- };
- serial = {
- port = "/dev/cc2652";
- # disable_led = true;
- };
- advanced = {
- pan_id = 4222;
- };
- devices = let
- set_device = id: name:
- lib.nameValuePair id {
- };
- in {
- # lights https://www.zigbee2mqtt.io/devices/9290022166.html#philips-9290022166
- "0x0017880106ed3bd8".friendly_name = "l_bett";
- "0x0017880108327622".friendly_name = "l_essen";
- "0x0017880106ee2865".friendly_name = "l_arbeit";
- "0x00178801082e9f2f".friendly_name = "l_nass";
-
- # switches https://www.zigbee2mqtt.io/devices/324131092621.html#philips-324131092621
- "0x00178801086ac38c".friendly_name = "i_bett";
- "0x00178801086ad1fb".friendly_name = "i_essen";
- "0x00178801086ac373".friendly_name = "i_nass";
-
- # sensors https://www.zigbee2mqtt.io/devices/9290012607.html#philips-9290012607
- "0x0017880106f772f2".friendly_name = "s_essen";
- "0x0017880106f77f30".friendly_name = "s_nass";
-
- # heat https://www.zigbee2mqtt.io/devices/701721.html#popp-701721
- "0x842e14fffe27109a".friendly_name = "t_bett";
- "0x842e14fffe269a73".friendly_name = "t_nass";
- "0x842e14fffe269a56".friendly_name = "t_arbeit";
-
- # rotation https://www.zigbee2mqtt.io/devices/E1744.html
- "0x8cf681fffe065493" = {
- friendly_name = "r_test";
- device_id = "r_test";
- simulated_brightness = {
- delta = 2;
- interval = 100;
- };
- };
-
- };
- };
- };
-}
-
diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix
deleted file mode 100644
index 05bea9a09..000000000
--- a/lass/2configs/hfos.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{ config, lib, pkgs, ... }: let
-
- vmip = "192.168.122.208";
-
-in {
- users.users.riot = {
- uid = genid "riot";
- isNormalUser = true;
- extraGroups = [ "libvirtd" ];
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
- ];
- };
-
- networking.interfaces."eth0:0".ip4 = [
- {
- address = "213.239.205.246";
- prefixLength = 24;
- }
- ];
-
- krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
- { v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 22"; target = "DNAT --to-destination 192.168.122.208:22"; }
- { v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 25"; target = "DNAT --to-destination 192.168.122.208:25"; }
- { v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 80"; target = "DNAT --to-destination 192.168.122.208:1080"; }
- { v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
- ];
-
- krebs.iptables.tables.filter.FORWARD.rules = mkBefore [
- { v6 = false; predicate = "-d 192.168.122.208 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d 192.168.122.208 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
- ];
-
- krebs.iptables.tables.nat.OUTPUT.rules = mkBefore [
- { v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
- ];
-
- # TODO use bridge interfaces instead of this crap
- systemd.services.libvirtd.serviceConfig.ExecStartPost = let
- restart-iptables = pkgs.writeDash "restart-iptables" ''
- #soo hacky
- ${pkgs.coreutils}/bin/sleep 5s
- ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
- '';
- in restart-iptables;
-}
diff --git a/lass/2configs/home-media.nix b/lass/2configs/home-media.nix
deleted file mode 100644
index 1f7c3fcb5..000000000
--- a/lass/2configs/home-media.nix
+++ /dev/null
@@ -1,102 +0,0 @@
-with import <stockholm/lib>;
-{ pkgs, ... }:
-{
- imports = [
- ./mpv.nix
- ];
- users.users.media = {
- isNormalUser = true;
- uid = genid_uint31 "media";
- extraGroups = [ "video" "audio" "pipewire" ];
- packages = [
- (pkgs.writers.writeDashBin "mpv" ''
- if test -e "$1"; then
- mpv-ipc-cli loadfile "$(realpath "$1")"
- else
- mpv-ipc-cli loadfile "$1"
- fi
- '')
- ];
- };
-
- users.users.mainUser.packages = [
- (pkgs.writers.writeDashBin "mpv" ''
- if test -e "$1"; then
- mpv-ipc-cli loadfile "$(realpath "$1")"
- else
- mpv-ipc-cli loadfile "$1"
- fi
- '')
- ];
-
- services.xserver.displayManager.autoLogin = {
- enable = true;
- user = "media";
- };
-
- hardware.pulseaudio.configFile = pkgs.writeText "pulse.pa" ''
- .include ${pkgs.pulseaudioFull}/etc/pulse/default.pa
- load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1;10.42.0.0/24 auth-anonymous=1
- '';
-
- environment.systemPackages = [
- (pkgs.writers.writeDashBin "mpv-ipc-cli" ''
- set -efux
- ${pkgs.jq}/bin/jq -nc '{ "command": $ARGS.positional }' --args "$@" | ${pkgs.socat}/bin/socat - /tmp/mpv.ipc
- '')
- (pkgs.writers.writeDashBin "ipc-mpv" ''
- /run/current-system/sw/bin/mpv \
- --audio-display=no --audio-channels=stereo \
- --audio-samplerate=48000 --audio-format=s16 \
- --ao-pcm-file=/run/snapserver/snapfifo --ao=pcm \
- --audio-delay=-1 \
- "$@"
- '')
- pkgs.mpvc
- (pkgs.writers.writeDashBin "iptv" ''
- curl -Ssf 'https://iptv-org.github.io/iptv/index.nsfw.m3u' |
- sed 's/.*,//' |
- sed -z 's/\nhttp/,http/g' |
- fzf --bind='enter:execute(echo {} | cut -d ',' -f 2 | xargs -0 mpv-ipc-cli loadfile)'
- '')
- ];
-
- environment.variables.SOCKET = "/tmp/mpv.ipc";
- systemd.services.mpvd = {
- wantedBy = [ "multi-user.target" ];
- environment.DISPLAY = ":0";
- serviceConfig = {
- User = "media";
- RemainAfterExit = true;
- Nice = "-10";
- ExecStart = ''${pkgs.tmux}/bin/tmux -2 new-session -d -s mpvd -- /run/current-system/sw/bin/ipc-mpv \
- --audio-display=no --audio-channels=stereo \
- --audio-samplerate=48000 --audio-format=s16 \
- --ao-pcm-file=/run/snapserver/snapfifo --ao=pcm \
- --audio-delay=-1 \
- --network-timeout=3 \
- --untimed --cache-pause=no \
- --idle=yes --force-window=yes \
- --loop-playlist=inf \
- --input-ipc-server=/tmp/mpv.ipc
- '';
- ExecStop = "${pkgs.tmux}/bin/tmux kill-session -t mpvd";
- ExecStartPre = [
- "+${pkgs.writers.writeDash "remove_socket" ''
- set -efux
- rm -f /tmp/mpv.ipc
- ''}"
- ];
- ExecStartPost = [
- "+${pkgs.writers.writeDash "fix_permissions" ''
- set -efux
- until test -e /tmp/mpv.ipc; do
- sleep 1
- done
- # sleep 2
- chmod 666 /tmp/mpv.ipc || :
- ''}"
- ];
- };
- };
-}
diff --git a/lass/2configs/htop.nix b/lass/2configs/htop.nix
deleted file mode 100644
index 629d74235..000000000
--- a/lass/2configs/htop.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
- nixpkgs.config.packageOverrides = super: {
- htop = pkgs.symlinkJoin {
- name = "htop";
- paths = [
- (pkgs.writeDashBin "htop" ''
- export HTOPRC=${pkgs.writeText "htoprc" ''
- fields=0 48 17 18 38 39 40 2 46 47 49 1
- sort_key=46
- sort_direction=1
- hide_threads=0
- hide_kernel_threads=1
- hide_userland_threads=0
- shadow_other_users=1
- show_thread_names=1
- show_program_path=1
- highlight_base_name=1
- highlight_megabytes=1
- highlight_threads=1
- tree_view=1
- header_margin=1
- detailed_cpu_time=0
- cpu_count_from_zero=0
- update_process_names=0
- account_guest_in_cpu_meter=1
- color_scheme=6
- delay=15
- left_meters=LeftCPUs2 RightCPUs2 Memory Swap
- left_meter_modes=1 1 1 1
- right_meters=Uptime Tasks LoadAverage Battery
- right_meter_modes=2 2 2 2
- ''}
- exec ${super.htop}/bin/htop "$@"
- '')
- super.htop
- ];
- };
- };
-}
diff --git a/lass/2configs/hw/brcmfmac4356-pcie.txt b/lass/2configs/hw/brcmfmac4356-pcie.txt
deleted file mode 100644
index 7a7ee45a6..000000000
--- a/lass/2configs/hw/brcmfmac4356-pcie.txt
+++ /dev/null
@@ -1,125 +0,0 @@
-# Sample variables file for BCM94356Z NGFF 22x30mm iPA, iLNA board with PCIe for production package
-NVRAMRev=$Rev: 492104 $
-#4356 chip = 4354 A2 chip
-sromrev=11
-boardrev=0x1102
-boardtype=0x073e
-boardflags=0x02400201
-#0x2000 enable 2G spur WAR
-boardflags2=0x00802000
-boardflags3=0x0000000a
-#boardflags3 0x00000100 /* to read swctrlmap from nvram*/
-#define BFL3_5G_SPUR_WAR 0x00080000 /* enable spur WAR in 5G band */
-#define BFL3_AvVim 0x40000000 /* load AvVim from nvram */
-macaddr=00:90:4c:1a:10:01
-ccode=0x5854
-regrev=205
-antswitch=0
-pdgain5g=4
-pdgain2g=4
-tworangetssi2g=0
-tworangetssi5g=0
-paprdis=0
-femctrl=10
-vendid=0x14e4
-devid=0x43ec
-manfid=0x2d0
-#prodid=0x052e
-nocrc=1
-otpimagesize=502
-xtalfreq=37400
-rxgains2gelnagaina0=0
-rxgains2gtrisoa0=7
-rxgains2gtrelnabypa0=0
-rxgains5gelnagaina0=0
-rxgains5gtrisoa0=11
-rxgains5gtrelnabypa0=0
-rxgains5gmelnagaina0=0
-rxgains5gmtrisoa0=13
-rxgains5gmtrelnabypa0=0
-rxgains5ghelnagaina0=0
-rxgains5ghtrisoa0=12
-rxgains5ghtrelnabypa0=0
-rxgains2gelnagaina1=0
-rxgains2gtrisoa1=7
-rxgains2gtrelnabypa1=0
-rxgains5gelnagaina1=0
-rxgains5gtrisoa1=10
-rxgains5gtrelnabypa1=0
-rxgains5gmelnagaina1=0
-rxgains5gmtrisoa1=11
-rxgains5gmtrelnabypa1=0
-rxgains5ghelnagaina1=0
-rxgains5ghtrisoa1=11
-rxgains5ghtrelnabypa1=0
-rxchain=3
-txchain=3
-aa2g=3
-aa5g=3
-agbg0=2
-agbg1=2
-aga0=2
-aga1=2
-tssipos2g=1
-extpagain2g=2
-tssipos5g=1
-extpagain5g=2
-tempthresh=255
-tempoffset=255
-rawtempsense=0x1ff
-pa2ga0=-147,6192,-705
-pa2ga1=-161,6041,-701
-pa5ga0=-194,6069,-739,-188,6137,-743,-185,5931,-725,-171,5898,-715
-pa5ga1=-190,6248,-757,-190,6275,-759,-190,6225,-757,-184,6131,-746
-subband5gver=0x4
-pdoffsetcckma0=0x4
-pdoffsetcckma1=0x4
-pdoffset40ma0=0x0000
-pdoffset80ma0=0x0000
-pdoffset40ma1=0x0000
-pdoffset80ma1=0x0000
-maxp2ga0=76
-maxp5ga0=74,74,74,74
-maxp2ga1=76
-maxp5ga1=74,74,74,74
-cckbw202gpo=0x0000
-cckbw20ul2gpo=0x0000
-mcsbw202gpo=0x99644422
-mcsbw402gpo=0x99644422
-dot11agofdmhrbw202gpo=0x6666
-ofdmlrbw202gpo=0x0022
-mcsbw205glpo=0x88766663
-mcsbw405glpo=0x88666663
-mcsbw805glpo=0xbb666665
-mcsbw205gmpo=0xd8666663
-mcsbw405gmpo=0x88666663
-mcsbw805gmpo=0xcc666665
-mcsbw205ghpo=0xdc666663
-mcsbw405ghpo=0xaa666663
-mcsbw805ghpo=0xdd666665
-mcslr5glpo=0x0000
-mcslr5gmpo=0x0000
-mcslr5ghpo=0x0000
-sb20in40hrpo=0x0
-sb20in80and160hr5glpo=0x0
-sb40and80hr5glpo=0x0
-sb20in80and160hr5gmpo=0x0
-sb40and80hr5gmpo=0x0
-sb20in80and160hr5ghpo=0x0
-sb40and80hr5ghpo=0x0
-sb20in40lrpo=0x0
-sb20in80and160lr5glpo=0x0
-sb40and80lr5glpo=0x0
-sb20in80and160lr5gmpo=0x0
-sb40and80lr5gmpo=0x0
-sb20in80and160lr5ghpo=0x0
-sb40and80lr5ghpo=0x0
-dot11agduphrpo=0x0
-dot11agduplrpo=0x0
-phycal_tempdelta=255
-temps_period=15
-temps_hysteresis=15
-rssicorrnorm_c0=4,4
-rssicorrnorm_c1=4,4
-rssicorrnorm5g_c0=1,2,3,1,2,3,6,6,8,6,6,8
-rssicorrnorm5g_c1=1,2,3,2,2,2,7,7,8,7,7,8
diff --git a/lass/2configs/hw/gpd-pocket.nix b/lass/2configs/hw/gpd-pocket.nix
deleted file mode 100644
index 87b4c518b..000000000
--- a/lass/2configs/hw/gpd-pocket.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ pkgs, ... }:
-
-let
- dummy_firmware = pkgs.writeTextFile {
- name = "brcmfmac4356-pcie.txt";
- text = builtins.readFile ./brcmfmac4356-pcie.txt;
- destination = "/lib/firmware/brcm/brcmfmac4356-pcie.txt";
- };
-in {
- #imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
- hardware.firmware = [ dummy_firmware ];
- hardware.enableRedistributableFirmware = true;
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" "sdhci_pci" ];
- boot.kernelPackages = pkgs.linuxPackages_4_14;
- boot.kernelParams = [
- "fbcon=rotate:1"
- ];
- services.xserver.displayManager.sessionCommands = ''
- (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right)
- (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1)
- '';
- services.xserver.dpi = 200;
- fonts.fontconfig.dpi = 200;
- lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola";
- lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola";
- lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol";
-}
diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix
deleted file mode 100644
index cbb5b168d..000000000
--- a/lass/2configs/hw/x220.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{ config, pkgs, ... }:
-{
- imports = [
- <stockholm/krebs/2configs/hw/x220.nix>
- ];
-
- boot = {
- initrd.luks.devices.luksroot.device = "/dev/sda3";
- initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- extraModulePackages = [
- config.boot.kernelPackages.tp_smapi
- config.boot.kernelPackages.acpi_call
- ];
- kernelModules = [
- "acpi_call"
- "tp_smapi"
- ];
- };
-
- environment.systemPackages = [
- pkgs.tpacpi-bat
- ];
-
- fileSystems = {
- "/" = {
- device = "/dev/mapper/pool-root";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- "/boot" = {
- device = "/dev/sda2";
- };
- "/home" = {
- device = "/dev/mapper/pool-home";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- };
-
- services.logind.lidSwitch = "ignore";
- services.logind.lidSwitchDocked = "ignore";
-
- services.tlp.enable = true;
- #services.tlp.extraConfig = ''
- # START_CHARGE_THRESH_BAT0=80
- # STOP_CHARGE_THRESH_BAT0=95
- #'';
-
- services.xserver.dpi = 80;
-}
diff --git a/lass/2configs/iodined.nix b/lass/2configs/iodined.nix
deleted file mode 100644
index f67e2ae86..000000000
--- a/lass/2configs/iodined.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ pkgs, config, ... }:
-
-let
- # TODO: make this a parameter
- domain = "io.lassul.us";
- pw = import <secrets/iodinepw.nix>;
-in {
-
- services.iodine.server = {
- enable = true;
- domain = domain;
- ip = "172.16.10.1/24";
- extraConfig = "-c -P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}";
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport 53"; target = "ACCEPT";}
- ];
-
-}
diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix
deleted file mode 100644
index 6d07c7a77..000000000
--- a/lass/2configs/libvirt.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- virtualisation.libvirtd.enable = true;
- security.polkit.enable = true;
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { v6 = false; predicate = "-i virbr0 -p udp -m udp --dport 53"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i virbr0 -p tcp -m tcp --dport 53"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i virbr0 -p udp -m udp --dport 67"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i virbr0 -p tcp -m tcp --dport 67"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; predicate = "-d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-s 192.168.122.0/24 -i virbr0"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i virbr0 -o virbr0"; target = "ACCEPT"; }
- { v6 = false; predicate = "-o virbr0"; target = "REJECT --reject-with icmp-port-unreachable"; }
- { v6 = false; predicate = "-i virbr0"; target = "REJECT --reject-with icmp-port-unreachable"; }
- ];
- krebs.iptables.tables.filter.OUTPUT.rules = [
- { v6 = false; predicate = "-o virbr0 -p udp -m udp --dport 68"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = lib.mkBefore [
- { v6 = false; predicate = "-s 192.168.122.0/24"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.POSTROUTING.rules = [
- { v6 = false; predicate = "-s 192.168.122.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
- { v6 = false; predicate = "-s 192.168.122.0/24 -d 255.255.255.255"; target = "RETURN"; }
- { v6 = false; predicate = "-s 192.168.122.0/24 ! -d 192.168.122.0/24"; target = "MASQUERADE"; }
- { v6 = false; predicate = "-s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
- { v6 = false; predicate = "-s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
- ];
-}
diff --git a/lass/2configs/livestream.nix b/lass/2configs/livestream.nix
deleted file mode 100644
index c877a8c0a..000000000
--- a/lass/2configs/livestream.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-
-let
-
- stream = pkgs.writeDashBin "stream" ''
- ${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@"
- '';
-
-in {
- environment.systemPackages = [ stream ];
-}
diff --git a/lass/2configs/logf.nix b/lass/2configs/logf.nix
deleted file mode 100644
index f141a94f5..000000000
--- a/lass/2configs/logf.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-let
- host-colors = {
- mors = "131";
- prism = "95";
- uriel = "61";
- shodan = "51";
- icarus = "53";
- echelon = "197";
- cloudkrebs = "119";
- };
- urgent = [
- "\\blass@blue\\b"
- ];
-in {
- environment.systemPackages = [
- (pkgs.writeDashBin "logf" ''
- export LOGF_URGENT=${pkgs.writeJSON "urgent" urgent}
- export LOGF_HOST_COLORS=${pkgs.writeJSON "host-colors" host-colors}
- ${pkgs.logf}/bin/logf ${concatMapStringsSep " " (name: "root@${name}") (attrNames config.lass.hosts)}
- '')
- ];
-}
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
deleted file mode 100644
index bf8904b89..000000000
--- a/lass/2configs/mail.nix
+++ /dev/null
@@ -1,272 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-
- msmtprc = pkgs.writeText "msmtprc" ''
- defaults
- logfile ~/.msmtp.log
- account prism
- host prism.r
- account c-base
- from lassulus@c-base.org
- host c-mail.c-base.org
- port 465
- tls on
- tls_starttls off
- auth on
- user lassulus
- passwordeval pass show c-base/pass
- account default: prism
- '';
-
- notmuch-config = pkgs.writeText "notmuch-config" ''
- [database]
- path=/home/lass/Maildir
- mail_root=/home/lass/Maildir
-
- [user]
- name=lassulus
- primary_email=lassulus@lassul.us
- other_email=lass@mors.r;${lib.concatStringsSep ";" (lib.flatten (lib.attrValues mailboxes))}
-
- [new]
- tags=unread;inbox;
- ignore=
-
- [search]
- exclude_tags=deleted;spam;
-
- [maildir]
- synchronize_flags=true
- '';
-
- msmtp = pkgs.writeBashBin "msmtp" ''
- ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \
- ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} "$@"
- '';
-
- mailcap = pkgs.writeText "mailcap" ''
- text/html; ${pkgs.elinks}/bin/elinks -dump ; copiousoutput;
- '';
-
- mailboxes = {
- afra = [ "to:afra@afra-berlin.de" ];
- c-base = [ "to:c-base.org" ];
- coins = [
- "to:btce@lassul.us"
- "to:coinbase@lassul.us"
- "to:polo@lassul.us"
- "to:bitwala@lassul.us"
- "to:payeer@lassul.us"
- "to:gatehub@lassul.us"
- "to:bitfinex@lassul.us"
- "to:binance@lassul.us"
- "to:bitcoin.de@lassul.us"
- "to:robinhood@lassul.us"
- ];
- dezentrale = [ "to:dezentrale.space" ];
- dhl = [ "to:dhl@lassul.us" ];
- dn42 = [ "to:dn42@lists.nox.tf" ];
- eloop = [ "to:eloop.org" ];
- github = [ "to:github@lassul.us" ];
- gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
- india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" "to:hackbeach@mail.hackbeach.in" ];
- kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
- lugs = [ "to:lugs@lug-s.org" ];
- meetup = [ "to:meetup@lassul.us" ];
- nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ];
- patreon = [ "to:patreon@lassul.us" ];
- paypal = [ "to:paypal@lassul.us" ];
- ptl = [ "to:ptl@posttenebraslab.ch" ];
- retiolum = [ "to:lass@mors.r" ];
- security = [
- "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us"
- "to:security-announce@lists.apple.com"
- ];
- shack = [ "to:shackspace.de" ];
- steam = [ "to:steam@lassul.us" ];
- tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ];
- wireguard = [ "to:wireguard@lists.zx2c4" ];
- zzz = [ "to:pizza@lassul.us" "to:spam@krebsco.de" ];
- };
-
- tag-new-mails = pkgs.writeDashBin "nm-tag-init" ''
- ${pkgs.notmuch}/bin/notmuch new
- ${lib.concatMapStringsSep "\n" (i: ''
- mkdir -p "$HOME/Maildir/.${i.name}/cur"
- for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files 'tag:inbox and (${lib.concatMapStringsSep " or " (f: "${f}") i.value})'); do
- if test -e "$mail"; then
- mv "$mail" "$HOME/Maildir/.${i.name}/cur/"
- else
- echo "$mail does not exist"
- fi
- done
- ${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${lib.concatMapStringsSep " or " (f: "${f}") i.value}
- '') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
- ${pkgs.notmuch}/bin/notmuch new
- ${pkgs.notmuch}/bin/notmuch dump > "$HOME/Maildir/notmuch.backup"
- '';
-
- tag-old-mails = pkgs.writeDashBin "nm-tag-old" ''
- set -efux
- ${lib.concatMapStringsSep "\n" (i: ''
- ${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${lib.concatMapStringsSep " or " (f: "${f}") i.value}
- mkdir -p "$HOME/Maildir/.${i.name}/cur"
- for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files ${lib.concatMapStringsSep " or " (f: "${f}") i.value}); do
- if test -e "$mail"; then
- mv "$mail" "$HOME/Maildir/.${i.name}/cur/"
- else
- echo "$mail does not exist"
- fi
- done
- '') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
- ${pkgs.notmuch}/bin/notmuch new --no-hooks
- '';
-
- muttrc = pkgs.writeText "muttrc" ''
-
- # read html mails
- auto_view text/html
- set mailcap_path = ${mailcap}
-
- # notmuch
- set folder="$HOME/Maildir"
- set nm_default_uri = "notmuch://$HOME/Maildir"
- set nm_record = yes
- set nm_record_tags = "-inbox me archive"
- set spoolfile = +Inbox
- set virtual_spoolfile = yes
-
-
- set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail
- set from="lassulus@lassul.us"
- alternates ^.*@lassul\.us$ ^.*@.*\.r$
- unset envelope_from_address
- set use_envelope_from
- set reverse_name
-
- set sort=threads
-
- set index_format="%4C %Z %?GI?%GI& ? %[%y-%m-%d] %-20.20a %?M?(%3M)& ? %s %> %r %g"
-
- virtual-mailboxes "Unread" "notmuch://?query=tag:unread"
- virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox"
- ${lib.concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
- virtual-mailboxes "TODO" "notmuch://?query=tag:TODO"
- virtual-mailboxes "Starred" "notmuch://?query=tag:*"
- virtual-mailboxes "Archive" "notmuch://?query=tag:archive"
- virtual-mailboxes "Sent" "notmuch://?query=tag:sent"
- virtual-mailboxes "Junk" "notmuch://?query=tag:junk"
- virtual-mailboxes "All" "notmuch://?query=*"
-
- tag-transforms "junk" "k" \
- "unread" "u" \
- "replied" "↻" \
- "TODO" "T" \
-
- # notmuch bindings
- macro index \\\\ "<vfolder-from-query>" # looks up a hand made query
- macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred
- macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred
-
- # muchsync
- bind index \Cr noop
- macro index \Cr \
- "<enter-command>unset wait_key<enter> \
- <shell-escape>${pkgs.writeDash "muchsync" ''
- set -efu
- until ${pkgs.muchsync}/bin/muchsync -F lass@green.r; do
- sleep 1
- done
- ''}<enter>
-
- #killed
- bind index d noop
- bind pager d noop
-
- bind index S noop
- bind index s noop
- bind pager S noop
- bind pager s noop
- macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
- macro index s "<modify-labels>-junk\n" # tag as Junk mail
- macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
- macro pager s "<modify-labels>-junk\n" # tag as Junk mail
-
-
- bind index A noop
- bind index a noop
- bind pager A noop
- bind pager a noop
- macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
- macro index a "<modify-labels>-archive\n" # tag as Archived
- macro pager A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
- macro pager a "<modify-labels>-archive\n" # tag as Archived
-
-
- bind index U noop
- bind index u noop
- bind pager U noop
- bind pager u noop
- macro index U "<modify-labels>+unread\n"
- macro index u "<modify-labels>-unread\n"
- macro pager U "<modify-labels>+unread\n"
- macro pager u "<modify-labels>-unread\n"
-
-
- bind index t noop
- bind pager t noop
- macro index t "<modify-labels>" # tag as Archived
-
- # top index bar in email view
- set pager_index_lines=7
- # top_index_bar toggle
- macro pager ,@1 "<enter-command> set pager_index_lines=0; macro pager ] ,@2 'Toggle indexbar<Enter>"
- macro pager ,@2 "<enter-command> set pager_index_lines=3; macro pager ] ,@3 'Toggle indexbar<Enter>"
- macro pager ,@3 "<enter-command> set pager_index_lines=7; macro pager ] ,@1 'Toggle indexbar<Enter>"
- macro pager ] ,@1 'Toggle indexbar
-
- # urlview
- macro pager \cb <pipe-entry>'${pkgs.urlview}/bin/urlview'<enter> 'Follow links with urlview'
-
- # sidebar
- set sidebar_divider_char = '│'
- set sidebar_delim_chars = "/"
- set sidebar_short_path
- set sidebar_folder_indent
- set sidebar_visible = yes
- set sidebar_format = '%D%?F? [%F]?%* %?N?%N/? %?S?%S?'
- set sidebar_width = 20
- color sidebar_new yellow red
-
- # sidebar bindings
- bind index <left> sidebar-prev # got to previous folder in sidebar
- bind index <right> sidebar-next # got to next folder in sidebar
- bind index <space> sidebar-open # open selected folder from sidebar
- # sidebar toggle
- macro index,pager ,@) "<enter-command> set sidebar_visible=no; macro index,pager [ ,@( 'Toggle sidebar'<Enter>"
- macro index,pager ,@( "<enter-command> set sidebar_visible=yes; macro index,pager [ ,@) 'Toggle sidebar'<Enter>"
- macro index,pager [ ,@( 'Toggle sidebar' # toggle the sidebar
- '';
-
- mutt = pkgs.symlinkJoin {
- name = "mutt";
- paths = [
- (pkgs.writeDashBin "mutt" ''
- exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} "$@"
- '')
- pkgs.neomutt
- ];
- };
-
-in {
- environment.variables.NOTMUCH_CONFIG = toString notmuch-config;
- environment.systemPackages = [
- msmtp
- mutt
- pkgs.notmuch
- pkgs.muchsync
- tag-new-mails
- tag-old-mails
- ];
-}
diff --git a/lass/2configs/mail/internet-gateway.nix b/lass/2configs/mail/internet-gateway.nix
deleted file mode 100644
index 134e408a4..000000000
--- a/lass/2configs/mail/internet-gateway.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- security.acme.certs."mail.lassul.us" = {
- group = "lasscert";
- webroot = "/var/lib/acme/acme-challenge";
- };
- users.groups.lasscert.members = [
- "exim"
- "nginx"
- ];
-
- krebs.exim-smarthost = {
- enable = true;
- primary_hostname = "lassul.us";
- dkim = [
- { domain = "lassul.us"; }
- ];
- ssl_cert = "/var/lib/acme/mail.lassul.us/fullchain.pem";
- ssl_key = "/var/lib/acme/mail.lassul.us/key.pem";
- local_domains = [
- "localhost"
- "lassul.us"
- "ubikmedia.eu"
- "ubikmedia.de"
- "apanowicz.de"
- "alewis.de"
- "jarugadesign.de"
- "beesmooth.ch"
- "event-extra.de"
- "jla-trading.com"
- ];
- extraRouters = ''
- forward_lassul_us:
- driver = manualroute
- domains = lassul.us
- transport = remote_smtp
- route_list = * orange.r
- no_more
-
- forward_ubik:
- driver = manualroute
- domains = ubikmedia.eu:ubikmedia.de:apanowicz.de:alewis.de:jarugadesign.de:beesmooth.ch:event-extra.de:jla-trading.com
- transport = remote_smtp
- route_list = * ubik.r
- no_more
- '';
- };
-}
diff --git a/lass/2configs/matrix.nix b/lass/2configs/matrix.nix
deleted file mode 100644
index 7c4b645f2..000000000
--- a/lass/2configs/matrix.nix
+++ /dev/null
@@ -1,62 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-{
- services.matrix-synapse = {
- enable = true;
- settings = {
- server_name = "lassul.us";
- # registration_shared_secret = "yolo";
- database.name = "sqlite3";
- turn_uris = [
- "turn:turn.matrix.org?transport=udp"
- "turn:turn.matrix.org?transport=tcp"
- ];
- listeners = [
- {
- port = 8008;
- bind_addresses = [ "::1" ];
- type = "http";
- tls = false;
- x_forwarded = true;
- resources = [
- {
- names = [ "client" ];
- compress = true;
- }
- {
- names = [ "federation" ];
- compress = true;
- }
- ];
- }
- ];
- };
- };
- services.nginx = {
- virtualHosts = {
- "lassul.us" = {
- locations."= /.well-known/matrix/server".extraConfig = ''
- add_header Content-Type application/json;
- return 200 '${builtins.toJSON {
- "m.server" = "matrix.lassul.us:443";
- }}';
- '';
- locations."= /.well-known/matrix/client".extraConfig = ''
- add_header Content-Type application/json;
- add_header Access-Control-Allow-Origin *;
- return 200 '${builtins.toJSON {
- "m.homeserver" = { "base_url" = "https://matrix.lassul.us"; };
- "m.identity_server" = { "base_url" = "https://vector.im"; };
- }}';
- '';
- };
- "matrix.lassul.us" = {
- forceSSL = true;
- enableACME = true;
- locations."/_matrix" = {
- proxyPass = "http://[::1]:8008";
- };
- };
- };
- };
-}
diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix
deleted file mode 100644
index f5de04616..000000000
--- a/lass/2configs/mc.nix
+++ /dev/null
@@ -1,344 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mcExt = pkgs.writeText "mc.ext" ''
- # gitfs changeset
- regex/^\[git\]
- Open=%cd %p/changesetfs://
- View=%cd %p/patchsetfs://
-
- ### Archives ###
-
- # .tgz, .tpz, .tar.gz, .tar.z, .tar.Z, .ipk, .gem
- regex/\.t([gp]?z|ar\.g?[zZ])$|\.ipk$|\.gem$
- Open=%cd %p/utar://
-
- shell/.tar.bz
- # Open=%cd %p/utar://
-
- regex/\.t(ar\.bz2|bz2?|b2)$
- Open=%cd %p/utar://
-
- # .tar.lzma, .tlz
- regex/\.t(ar\.lzma|lz)$
- Open=%cd %p/utar://
-
- # .tar.xz, .txz
- regex/\.t(ar\.xz|xz)$
- Open=%cd %p/utar://
-
- # .tar.F - used in QNX
- shell/.tar.F
- # Open=%cd %p/utar://
-
- # .qpr/.qpk - QNX Neutrino package installer files
- regex/\.qp[rk]$
- Open=%cd %p/utar://
-
- # tar
- shell/i/.tar
- Open=%cd %p/utar://
-
- # lha
- type/^LHa\ .*archive
- Open=%cd %p/ulha://
-
- # arj
- regex/i/\.a(rj|[0-9][0-9])$
- Open=%cd %p/uarj://
-
- # cab
- shell/i/.cab
- Open=%cd %p/ucab://
-
- # ha
- shell/i/.ha
- Open=%cd %p/uha://
-
- # rar
- regex/i/\.r(ar|[0-9][0-9])$
- Open=%cd %p/urar://
-
- # ALZip
- shell/i/.alz
- Open=%cd %p/ualz://
-
- # cpio
- shell/.cpio.Z
- Open=%cd %p/ucpio://
-
- shell/.cpio.xz
- Open=%cd %p/ucpio://
-
- shell/.cpio.gz
- Open=%cd %p/ucpio://
-
- shell/i/.cpio
- Open=%cd %p/ucpio://
-
- # 7zip archives (they are not man pages)
- shell/i/.7z
- Open=%cd %p/u7z://
-
- # patch
- regex/\.(diff|patch)(\.bz2)$
- Open=%cd %p/patchfs://
-
- regex/\.(diff|patch)(\.(gz|Z))$
- Open=%cd %p/patchfs://
-
- # ls-lR
- regex/(^|\.)ls-?lR(\.gz|Z|bz2)$
- Open=%cd %p/lslR://
-
- # trpm
- shell/.trpm
- Open=%cd %p/trpm://
-
- # RPM packages (SuSE uses *.spm for source packages)
- regex/\.(src\.rpm|spm)$
- Open=%cd %p/rpm://
-
- shell/.rpm
- Open=%cd %p/rpm://
-
- # deb
- regex/\.u?deb$
- Open=%cd %p/deb://
-
- # dpkg
- shell/.debd
- Open=%cd %p/debd://
-
- # apt
- shell/.deba
- Open=%cd %p/deba://
-
- # ISO9660
- shell/i/.iso
- Open=%cd %p/iso9660://
-
-
- regex/\.(diff|patch)$
- Open=%cd %p/patchfs://
-
- # ar library
- regex/\.s?a$
- Open=%cd %p/uar://
-
- # gplib
- shell/i/.lib
- Open=%cd %p/ulib://
-
-
- # Mailboxes
- type/^ASCII\ mail\ text
- Open=%cd %p/mailfs://
-
-
- ### Sources ###
-
- # C/C++
- regex/i/\.(c|cc|cpp)$
- Include=editor
-
- # C/C++ header
- regex/i/\.(h|hh|hpp)$
- Include=editor
-
- # Fortran
- shell/i/.f
- Include=editor
-
- # Assembler
- regex/i/\.(s|asm)$
- Include=editor
-
- include/editor
- Open=%var{EDITOR:vim} %f
-
- ### Images ###
-
- shell/i/.gif
- Include=image
-
- regex/i/\.jpe?g$
- Include=image
-
- shell/i/.bmp
- Include=image
-
- shell/i/.png
- Include=image
-
- shell/i/.jng
- Include=image
-
- shell/i/.mng
- Include=image
-
- shell/i/.tiff
- Include=image
-
- shell/.ico
- Include=image
-
- include/image
- Open=sxiv %f
- View=sxiv %f
-
- ### Sound files ###
-
- regex/i/\.(wav|snd|voc|au|smp|aiff|snd|m4a|ape|aac|wv)$
- Include=audio
-
- regex/i/\.(mod|s3m|xm|it|mtm|669|stm|ult|far)$
- Include=audio
-
- shell/i/.waw22
- Include=audio
-
- shell/i/.mp3
- Include=audio
-
- regex/i/\.og[gax]$
- Include=audio
-
- regex/i/\.(spx|flac)$
- Include=audio
-
- regex/i/\.(midi?|rmid?)$
- Include=audio
-
- shell/i/.wma
- Include=audio
-
- include/audio
- Open=mpv %f
- View=mpv %f
-
- ### Video ###
-
- shell/i/.avi
- Include=video
-
- regex/i/\.as[fx]$
- Include=video
-
- shell/i/.divx
- Include=video
-
- shell/i/.rmvb
- Include=video
-
- shell/i/.mkv
- Include=video
-
- regex/i/\.(mov|qt)$
- Include=video
-
- regex/i/\.(mp4|m4v|mpe?g)$
- Include=video
-
- # MPEG-2 TS container + H.264 codec
- shell/i/.mts
- Include=video
-
- shell/i/.ts
- Include=video
-
- shell/i/.vob
- Include=video
-
- shell/i/.wmv
- Include=video
-
- regex/i/\.fl[icv]$
- Include=video
-
- shell/i/.ogv
- Include=video
-
- # WebM
- shell/i/.webm
- Include=video
-
- type/WebM
- Include=video
-
- include/video
- Open=mpv %f
- View=mpv %f
-
-
- ### Documents ###
-
- # PDF
- shell/i/.pdf
- Open=zathura %f
- View=zathura %f
-
- ### Miscellaneous ###
-
- # Makefile
- regex/[Mm]akefile$
- Open=make -f %f %{Enter parameters}
-
-
- ### Plain compressed files ###
-
- # ace
- shell/i/.ace
- Open=%cd %p/uace://
- Extract=unace x %f
-
- # arc
- shell/i/.arc
- Open=%cd %p/uarc://
- Extract=arc x %f '*'
- Extract (with flags)=I=%{Enter any Arc flags:}; if test -n "$I"; then arc x $I %f; fi
-
- # zip
- shell/i/.zip
- Open=%cd %p/uzip://
-
- # zip
- type/i/^zip\ archive
- Open=%cd %p/uzip://
-
- # jar(zip)
- type/i/^Java\ Jar\ file\ data\ \(zip\)
- Open=%cd %p/uzip://
-
- # zoo
- shell/i/.zoo
- Open=%cd %p/uzoo://
-
- ### Default ###
-
- # Default target for anything not described above
- default/*
- Open=vim %f
- View=vim %f
-
- '';
-
-in {
- environment.systemPackages = [
- (pkgs.symlinkJoin {
- name = "mc";
- paths = [
- (pkgs.writeDashBin "mc" ''
- export MC_DATADIR=${pkgs.write "mc-ext" {
- "/mc.ext".link = mcExt;
- "/sfs.ini".text = "";
- }};
- export TERM=xterm-256color
- exec ${pkgs.mc}/bin/mc -S xoria256 "$@"
- '')
- pkgs.mc
- ];
- })
- ];
-}
-
diff --git a/lass/2configs/minecraft.nix b/lass/2configs/minecraft.nix
deleted file mode 100644
index 285a4552c..000000000
--- a/lass/2configs/minecraft.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ pkgs, ... }: let
-
- unstable = import <nixpkgs-unstable> { config.allowUnfree = true; };
-
-in {
- services.minecraft-server = {
- enable = true;
- eula = true;
- package = unstable.minecraft-server;
- };
- networking.firewall.allowedTCPPorts = [ 25565 ];
- networking.firewall.allowedUDPPorts = [ 25565 ];
-}
diff --git a/lass/2configs/monitoring/alert-rules.nix b/lass/2configs/monitoring/alert-rules.nix
deleted file mode 100644
index eae2569fb..000000000
--- a/lass/2configs/monitoring/alert-rules.nix
+++ /dev/null
@@ -1,208 +0,0 @@
-# inspiration from https://github.com/Mic92/dotfiles/blob/master/nixos/eva/modules/prometheus/alert-rules.nix
-{ lib }:
-
-lib.mapAttrsToList
- (name: opts: {
- alert = name;
- expr = opts.condition;
- for = opts.time or "2m";
- labels = { };
- annotations.description = opts.description;
- })
- ({
- prometheus_too_many_restarts = {
- condition = ''changes(process_start_time_seconds{job=~"prometheus|pushgateway|alertmanager|telegraf"}[15m]) > 2'';
- description = "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping.";
- };
-
- alert_manager_config_not_synced = {
- condition = ''count(count_values("config_hash", alertmanager_config_hash)) > 1'';
- description = "Configurations of AlertManager cluster instances are out of sync.";
- };
-
- prometheus_not_connected_to_alertmanager = {
- condition = "prometheus_notifications_alertmanagers_discovered < 1";
- description = "Prometheus cannot connect the alertmanager\n VALUE = {{ $value }}\n LABELS = {{ $labels }}";
- };
-
- prometheus_rule_evaluation_failures = {
- condition = "increase(prometheus_rule_evaluation_failures_total[3m]) > 0";
- description = "Prometheus encountered {{ $value }} rule evaluation failures, leading to potentially ignored alerts.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}";
- };
-
- prometheus_template_expansion_failures = {
- condition = "increase(prometheus_template_text_expansion_failures_total[3m]) > 0";
- time = "0m";
- description = "Prometheus encountered {{ $value }} template text expansion failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}";
- };
-
- promtail_request_errors = {
- condition = ''100 * sum(rate(promtail_request_duration_seconds_count{status_code=~"5..|failed"}[1m])) by (namespace, job, route, instance) / sum(rate(promtail_request_duration_seconds_count[1m])) by (namespace, job, route, instance) > 10'';
- time = "15m";
- description = ''{{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}% errors.'';
- };
-
- promtail_file_lagging = {
- condition = ''abs(promtail_file_bytes_total - promtail_read_bytes_total) > 1e6'';
- time = "15m";
- description = ''{{ $labels.instance }} {{ $labels.job }} {{ $labels.path }} has been lagging by more than 1MB for more than 15m.'';
- };
-
- filesystem_full_80percent = {
- condition = ''disk_used_percent{mode!="ro"} >= 95'';
- time = "10m";
- description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 20% space left on its filesystem.";
- };
-
- filesystem_full_krebs = {
- condition = ''disk_used_percent{mode!="ro", org="krebs"} >= 95'';
- time = "10m";
- description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 5% space left on its filesystem.";
- };
-
- filesystem_inodes_full = {
- condition = ''disk_inodes_free / disk_inodes_total < 0.10'';
- time = "10m";
- description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 10% inodes left on its filesystem.";
- };
-
- daily_task_not_run = {
- # give 6 hours grace period
- condition = ''time() - task_last_run{state="ok",frequency="daily"} > (24 + 6) * 60 * 60'';
- description = "{{$labels.host}}: {{$labels.name}} was not run in the last 24h";
- };
-
- daily_task_failed = {
- condition = ''task_last_run{state="fail"}'';
- description = "{{$labels.host}}: {{$labels.name}} failed to run";
- };
-
- swap_using_30percent = {
- condition = "mem_swap_total - (mem_swap_cached + mem_swap_free) > mem_swap_total * 0.3";
- time = "30m";
- description = "{{$labels.host}} is using 30% of its swap space for at least 30 minutes.";
- };
-
- systemd_service_failed = {
- condition = ''systemd_units_active_code{name!~"nixpkgs-update-.*.service"} == 3'';
- description = "{{$labels.host}} failed to (re)start service {{$labels.name}}.";
- };
-
- service_not_running = {
- condition = ''systemd_units_active_code{name=~"teamspeak3-server.service|tt-rss.service", sub!="running"}'';
- description = "{{$labels.host}} should have a running {{$labels.name}}.";
- };
-
- nfs_export_not_present = {
- condition = "nfs_export_present == 0";
- time = "1h";
- description = "{{$labels.host}} cannot reach nfs export [{{$labels.server}}]:{{$labels.path}}";
- };
-
- ram_using_90percent = {
- condition = "mem_buffered + mem_free + mem_cached < mem_total * 0.1";
- time = "1h";
- description = "{{$labels.host}} is using at least 90% of its RAM for at least 1 hour.";
- };
- load15 = {
- condition = ''system_load15 / system_n_cpus{org!="nix-community"} >= 2.0'';
- time = "10m";
- description = "{{$labels.host}} is running with load15 > 1 for at least 5 minutes: {{$value}}";
- };
- reboot = {
- condition = "system_uptime < 300";
- description = "{{$labels.host}} just rebooted.";
- };
- uptime = {
- # too scared to upgrade matchbox
- condition = ''system_uptime {host!~"^(matchbox|grandalf)$"} > 2592000'';
- description = "Uptime monster: {{$labels.host}} has been up for more than 30 days.";
- };
- telegraf_down = {
- condition = ''min(up{job=~"telegraf",type!='mobile'}) by (source, job, instance, org) == 0'';
- time = "3m";
- description = "{{$labels.instance}}: {{$labels.job}} telegraf exporter from {{$labels.source}} is down.";
- };
- ping = {
- condition = "ping_result_code{type!='mobile'} != 0";
- description = "{{$labels.url}}: ping from {{$labels.instance}} has failed!";
- };
- ping_high_latency = {
- condition = "ping_average_response_ms{type!='mobile'} > 5000";
- description = "{{$labels.instance}}: ping probe from {{$labels.source}} is encountering high latency!";
- };
- http = {
- condition = "http_response_result_code != 0";
- description = "{{$labels.server}} : http request failed from {{$labels.instance}}: {{$labels.result}}!";
- };
- http_match_failed = {
- condition = "http_response_response_string_match == 0";
- description = "{{$labels.server}} : http body not as expected; status code: {{$labels.status_code}}!";
- };
- dns_query = {
- condition = "dns_query_result_code != 0";
- description = "{{$labels.domain}} : could retrieve A record {{$labels.instance}} from server {{$labels.server}}: {{$labels.result}}!";
- };
- secure_dns_query = {
- condition = "secure_dns_state != 0";
- description = "{{$labels.domain}} : could retrieve A record {{$labels.instance}} from server {{$labels.server}}: {{$labels.result}} for protocol {{$labels.protocol}}!";
- };
- connection_failed = {
- condition = "net_response_result_code != 0";
- description = "{{$labels.server}}: connection to {{$labels.port}}({{$labels.protocol}}) failed from {{$labels.instance}}";
- };
- healthchecks = {
- condition = "hc_check_up == 0";
- description = "{{$labels.instance}}: healtcheck {{$labels.job}} fails!";
- };
- cert_expiry = {
- condition = "x509_cert_expiry < 7*24*3600";
- description = "{{$labels.instance}}: The TLS certificate from {{$labels.source}} will expire in less than 7 days: {{$value}}s";
- };
-
- postfix_queue_length = {
- condition = "avg_over_time(postfix_queue_length[1h]) > 10";
- description = "{{$labels.instance}}: postfix mail queue has undelivered {{$value}} items";
- };
-
- zfs_errors = {
- condition = "zfs_arcstats_l2_io_error + zfs_dmu_tx_error + zfs_arcstats_l2_writes_error > 0";
- description = "{{$labels.instance}} reports: {{$value}} ZFS IO errors.";
- };
-
- # ignore devices that disabled S.M.A.R.T (example if attached via USB)
- smart_errors = {
- condition = ''smart_device_health_ok{enabled!="Disabled"} != 1'';
- description = "{{$labels.instance}}: S.M.A.R.T reports: {{$labels.device}} ({{$labels.model}}) has errors.";
- };
-
- oom_kills = {
- condition = "increase(kernel_vmstat_oom_kill[5m]) > 0";
- description = "{{$labels.instance}}: OOM kill detected";
- };
-
- unusual_disk_read_latency = {
- condition = "rate(diskio_read_time[1m]) / rate(diskio_reads[1m]) > 0.1 and rate(diskio_reads[1m]) > 0";
- description = "{{$labels.instance}}: Disk latency is growing (read operations > 100ms)\n";
- };
-
- unusual_disk_write_latency = {
- condition = "rate(diskio_write_time[1m]) / rate(diskio_write[1m]) > 0.1 and rate(diskio_write[1m]) > 0";
- description = "{{$labels.instance}}: Disk latency is growing (write operations > 100ms)\n";
- };
-
- host_memory_under_memory_pressure = {
- condition = "rate(node_vmstat_pgmajfault[1m]) > 1000";
- description = "{{$labels.instance}}: The node is under heavy memory pressure. High rate of major page faults: {{$value}}";
- };
-
- ext4_errors = {
- condition = "ext4_errors_value > 0";
- description = "{{$labels.instance}}: ext4 has reported {{$value}} I/O errors: check /sys/fs/ext4/*/errors_count";
- };
-
- alerts_silences_changed = {
- condition = ''abs(delta(alertmanager_silences{state="active"}[1h])) >= 1'';
- description = "alertmanager: number of active silences has changed: {{$value}}";
- };
- })
diff --git a/lass/2configs/monitoring/prometheus.nix b/lass/2configs/monitoring/prometheus.nix
deleted file mode 100644
index ba32c62a7..000000000
--- a/lass/2configs/monitoring/prometheus.nix
+++ /dev/null
@@ -1,110 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- #prometheus
- krebs.iptables = {
- enable = true;
- tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } # nginx
- # { predicate = "-i retiolum -p tcp --dport 3012"; target = "ACCEPT"; } # grafana
- # { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; } # alertmanager
- # { predicate = "-i retiolum -p tcp --dport 9223"; target = "ACCEPT"; } # alertmanager
- ];
- };
-
- services.nginx = {
- enable = true;
- virtualHosts = {
- "prometheus.lass.r" = {
- locations."/".proxyPass = "http://localhost:9090";
- };
- "alert.lass.r" = {
- locations."/".proxyPass = "http://localhost:9093";
- };
- "grafana.lass.r" = {
- locations."/".proxyPass = "http://localhost:3012";
- };
- };
- };
-
- services.grafana = {
- enable = true;
- addr = "0.0.0.0";
- port = 3012;
- auth.anonymous = {
- enable = true;
- org_role = "Admin";
- };
- };
- services.prometheus = {
- enable = true;
- ruleFiles = [
- (pkgs.writeText "prometheus-rules.yml" (builtins.toJSON {
- groups = [{
- name = "alerting-rules";
- rules = import ./alert-rules.nix { inherit lib; };
- }];
- }))
- ];
- scrapeConfigs = [
- {
- job_name = "telegraf";
- scrape_interval = "60s";
- metrics_path = "/metrics";
- static_configs = [
- {
- targets = [
- "prism.r:9273"
- "dishfire.r:9273"
- "yellow.r:9273"
- ];
- }
- ];
- }
- ];
- alertmanagers = [
- { scheme = "http";
- path_prefix = "/";
- static_configs = [ { targets = [ "localhost:9093" ]; } ];
- }
- ];
- alertmanager = {
- enable = true;
- webExternalUrl = "https://alert.lass.r";
- listenAddress = "[::1]";
- configuration = {
- global = {
- # The smarthost and SMTP sender used for mail notifications.
- smtp_smarthost = "localhost:587";
- smtp_from = "alertmanager@alert.lass.r";
- # smtp_auth_username = "alertmanager@thalheim.io";
- # smtp_auth_password = "$SMTP_PASSWORD";
- };
- route = {
- receiver = "default";
- routes = [
- {
- group_by = [ "host" ];
- group_wait = "30s";
- group_interval = "2m";
- repeat_interval = "2h";
- receiver = "all";
- }
- ];
- };
- receivers = [
- {
- name = "all";
- webhook_configs = [{
- url = "http://127.0.0.1:9223/";
- max_alerts = 5;
- }];
- }
- {
- name = "default";
- }
- ];
- };
- };
- };
-
-}
diff --git a/lass/2configs/monitoring/telegraf.nix b/lass/2configs/monitoring/telegraf.nix
deleted file mode 100644
index b172b9c62..000000000
--- a/lass/2configs/monitoring/telegraf.nix
+++ /dev/null
@@ -1,163 +0,0 @@
-{ pkgs, lib, config, ... }:
-# To use this module you also need to allow port 9273 either on the internet or on a vpn interface
-# i.e. networking.firewall.interfaces."vpn0".allowedTCPPorts = [ 9273 ];
-# Example prometheus alert rules:
-# - https://github.com/Mic92/dotfiles/blob/master/nixos/eva/modules/prometheus/alert-rules.nix
-let
- isVM = lib.any (mod: mod == "xen-blkfront" || mod == "virtio_console") config.boot.initrd.kernelModules;
- # potentially wrong if the nvme is not used at boot...
- hasNvme = lib.any (m: m == "nvme") config.boot.initrd.availableKernelModules;
-
- ipv6DadCheck = pkgs.writeShellScript "ipv6-dad-check" ''
- ${pkgs.iproute2}/bin/ip --json addr | \
- ${pkgs.jq}/bin/jq -r 'map(.addr_info) | flatten(1) | map(select(.dadfailed == true)) | map(.local) | @text "ipv6_dad_failures count=\(length)i"'
- '';
-
- zfsChecks = lib.optional
- (lib.any (fs: fs == "zfs") config.boot.supportedFilesystems)
- (pkgs.writeScript "zpool-health" ''
- #!${pkgs.gawk}/bin/awk -f
- BEGIN {
- while ("${pkgs.zfs}/bin/zpool status" | getline) {
- if ($1 ~ /pool:/) { printf "zpool_status,name=%s ", $2 }
- if ($1 ~ /state:/) { printf " state=\"%s\",", $2 }
- if ($1 ~ /errors:/) {
- if (index($2, "No")) printf "errors=0i\n"; else printf "errors=%di\n", $2
- }
- }
- }
- '');
-
- nfsChecks =
- let
- collectHosts = shares: fs:
- if builtins.elem fs.fsType [ "nfs" "nfs3" "nfs4" ]
- then
- shares
- // (
- let
- # also match ipv6 addresses
- group = builtins.match "\\[?([^\]]+)]?:([^:]+)$" fs.device;
- host = builtins.head group;
- path = builtins.elemAt group 1;
- in
- {
- ${host} = (shares.${host} or [ ]) ++ [ path ];
- }
- )
- else shares;
- nfsHosts = lib.foldl collectHosts { } (builtins.attrValues config.fileSystems);
- in
- lib.mapAttrsToList
- (
- host: args:
- (pkgs.writeScript "nfs-health" ''
- #!${pkgs.gawk}/bin/awk -f
- BEGIN {
- for (i = 2; i < ARGC; i++) {
- mounts[ARGV[i]] = 1
- }
- while ("${pkgs.nfs-utils}/bin/showmount -e " ARGV[1] | getline) {
- if (NR == 1) { continue }
- if (mounts[$1] == 1) {
- printf "nfs_export,host=%s,path=%s present=1\n", ARGV[1], $1
- }
- delete mounts[$1]
- }
- for (mount in mounts) {
- printf "nfs_export,host=%s,path=%s present=0\n", ARGV[1], $1
- }
- }
- '')
- + " ${host} ${builtins.concatStringsSep " " args}"
- )
- nfsHosts;
-
-in
-{
-
- systemd.services.telegraf.path = lib.optional (!isVM && hasNvme) pkgs.nvme-cli;
-
- services.telegraf = {
- enable = true;
- extraConfig = {
- agent.interval = "60s";
- inputs = {
- prometheus.urls = lib.mkIf config.services.promtail.enable [
- # default promtail port
- "http://localhost:9080/metrics"
- ];
- prometheus.metric_version = 2;
- kernel_vmstat = { };
- nginx.urls = lib.mkIf config.services.nginx.statusPage [
- "http://localhost/nginx_status"
- ];
- smart = lib.mkIf (!isVM) {
- path_smartctl = pkgs.writeShellScript "smartctl" ''
- exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@"
- '';
- };
- system = { };
- mem = { };
- file =
- [
- {
- data_format = "influx";
- file_tag = "name";
- files = [ "/var/log/telegraf/*" ];
- }
- ]
- ++ lib.optional (lib.any (fs: fs == "ext4") config.boot.supportedFilesystems) {
- name_override = "ext4_errors";
- files = [ "/sys/fs/ext4/*/errors_count" ];
- data_format = "value";
- };
- exec = [
- {
- ## Commands array
- commands =
- [ ipv6DadCheck ]
- ++ zfsChecks
- ++ nfsChecks;
- data_format = "influx";
- }
- ];
- systemd_units = { };
- swap = { };
- disk.tagdrop = {
- fstype = [ "tmpfs" "ramfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" ];
- device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ];
- };
- diskio = { };
- zfs = {
- poolMetrics = true;
- };
- } // lib.optionalAttrs (if lib.versionAtLeast (lib.versions.majorMinor lib.version) "23.11" then config.boot.swraid.enable else config.boot.initrd.services.swraid.enable) {
- mdstat = { };
- };
- outputs.prometheus_client = {
- listen = ":9273";
- metric_version = 2;
- };
- };
- };
- security.sudo.extraRules = lib.mkIf (!isVM) [
- {
- users = [ "telegraf" ];
- commands = [
- {
- command = "${pkgs.smartmontools}/bin/smartctl";
- options = [ "NOPASSWD" ];
- }
- ];
- }
- ];
- # avoid logging sudo use
- security.sudo.configFile = ''
- Defaults:telegraf !syslog,!pam_session
- '';
- # create dummy file to avoid telegraf errors
- systemd.tmpfiles.rules = [
- "f /var/log/telegraf/dummy 0444 root root - -"
- ];
-}
diff --git a/lass/2configs/mouse.nix b/lass/2configs/mouse.nix
deleted file mode 100644
index f5f9319ed..000000000
--- a/lass/2configs/mouse.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ lib, ... }:
-{
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
- services.xserver.libinput.enable = lib.mkForce false;
- services.xserver.synaptics = {
- enable = true;
- horizEdgeScroll = false;
- horizontalScroll = false;
- vertEdgeScroll = false;
- maxSpeed = "0.1";
- minSpeed = "0.01";
- tapButtons = false;
- };
-}
diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix
deleted file mode 100644
index d65b4a87a..000000000
--- a/lass/2configs/mpv.nix
+++ /dev/null
@@ -1,103 +0,0 @@
-{ pkgs, lib, ... }:
-
-let
- dl_subs = pkgs.writers.writeDashBin "dl_subs" ''
- filename=$1
- ${pkgs.subdl}/bin/subdl --output='/tmp/{m}.{M}.sub' "$filename" 1>&2
- echo "/tmp/$(basename "$filename").sub"
- '';
-
- autosub = pkgs.writeText "autosub.lua" ''
- -- Requires Subliminal version 1.0 or newer
- -- Make sure to specify your system's Subliminal location below:
- local utils = require 'mp.utils'
-
- -- Log function: log to both terminal and mpv OSD (On-Screen Display)
- function log(string, secs)
- secs = secs or 2 -- secs defaults to 2 when the secs parameter is absent
- mp.msg.warn(string) -- This logs to the terminal
- mp.osd_message(string, secs) -- This logs to mpv screen
- end
-
- function download()
- log('Searching subtitles ...', 10)
- path = mp.get_property('path')
- result = utils.subprocess({ args = {"${dl_subs}/bin/dl_subs", path} })
- if result.error == nil then
- filename = string.gsub(result.stdout, "\n", "")
- log(filename)
- mp.commandv('sub_add', filename)
- log('Subtitles ready!')
- else
- log('Subtitles failed downloading')
- end
- end
-
- -- Control function: only download if necessary
- function control_download()
- duration = tonumber(mp.get_property('duration'))
- if duration < 900 then
- mp.msg.warn('Video is less than 15 minutes\n', '=> NOT downloading any subtitles')
- return
- end
- -- There does not seem to be any documentation for the 'sub' property,
- -- but it works on both internally encoded as well as external subtitle files!
- -- -> sub = '1' when subtitles are present
- -- -> sub = 'no' when subtitles are not present
- -- -> sub = 'auto' when called before the 'file-loaded' event is triggered
- sub = mp.get_property('sub')
- if sub == '1' then
- mp.msg.warn('Sub track is already present\n', '=> NOT downloading other subtitles')
- return
- end
- mp.msg.warn('No sub track was detected\n', '=> Proceeding to download subtitles:')
- download()
- end
-
- mp.add_key_binding('S', "download_subs", download)
- '';
-
- mpvInput = pkgs.writeText "mpv.input" ''
- : script-binding console/enable
- x add audio-delay -0.050
- X add audio-delay 0.050
- '';
-
- mpvConfig = pkgs.writeText "mpv.conf" ''
- osd-font-size=20
- '';
-
- mpv = pkgs.symlinkJoin {
- name = "mpv";
- paths = [
- (pkgs.writeDashBin "mpv" ''
- set -efu
- Y_RES=1081
- # we need to disable sponsorblock local database because of
- # https://github.com/po5/mpv_sponsorblock/issues/31
- exec ${pkgs.mpv.override {
- scripts = with pkgs.mpvScripts; [
- sponsorblock
- quality-menu
- ];
- }}/bin/mpv \
- --no-config \
- --input-conf=${mpvInput} \
- --include=${mpvConfig} \
- --script=${autosub} \
- --ytdl-format="best[height<$Y_RES]" \
- --script-opts=ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp \
- --script-opts-append=sponsorblock-local_database=no \
- --audio-channels=2 \
- "$@"
- '')
- pkgs.mpv
- ];
- };
-
-in {
- environment.systemPackages = [
- mpv
- dl_subs
- ];
-}
diff --git a/lass/2configs/muchsync.nix b/lass/2configs/muchsync.nix
deleted file mode 100644
index b6d8c5dbc..000000000
--- a/lass/2configs/muchsync.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-with (import <stockholm/lib>);
-{ config, pkgs, ... }:
-
-{
- systemd.services.muchsync = let
- hosts = [
- "coaxmetal.r"
- "mors.r"
- "green.r"
- ];
- in {
- description = "sync mails";
- environment = {
- NOTMUCH_CONFIG = config.environment.variables.NOTMUCH_CONFIG;
- };
- after = [ "network.target" ];
-
- restartIfChanged = false;
-
- path = [
- pkgs.notmuch
- pkgs.openssh
- ];
-
- startAt = "*:*"; # run every minute
- serviceConfig = {
- User = "lass";
- Type = "oneshot";
- ExecStart = pkgs.writeDash "sync-mails" ''
- set -euf
-
- /run/current-system/sw/bin/nm-tag-init 2>/dev/null
- ${concatMapStringsSep "\n" (host: ''
- echo syncing ${host}:
- ${pkgs.muchsync}/bin/muchsync -s 'ssh -CTaxq -o ConnectTimeout=4' --nonew lass@${host} || :
- '') hosts}
- '';
- };
- };
-}
diff --git a/lass/2configs/mumble-reminder.nix b/lass/2configs/mumble-reminder.nix
deleted file mode 100644
index 0067d64eb..000000000
--- a/lass/2configs/mumble-reminder.nix
+++ /dev/null
@@ -1,107 +0,0 @@
-{ config, lib, pkgs, ... }: let
- write_to_irc = chan: pkgs.writeDash "write_to_irc" ''
- ${pkgs.curl}/bin/curl -fsSv --unix-socket '${lib.removePrefix "unix:" config.krebs.reaktor2.mumble-reminder.API.listen}' http://z/ \
- -H content-type:application/json \
- -d "$(${pkgs.jq}/bin/jq -n \
- --arg text "$1" '{
- command:"PRIVMSG",
- params:["${chan}",$text]
- }'
- )"
- '';
- animals = ''
- Erdferkel
- Paviane
- Raupen
- Australischen Wildhunde
- Emus
- Flundern
- Gorillas
- Kolibris
- Schwarzfersenantilopen
- Quallen
- Kois
- Faulaffen
- Schraubenziegen
- Nachtigallen
- Okapis
- Stachelschweine
- Kurzschwanzkängurus
- Waschbären
- '';
- systemPlugin = {
- plugin = "system";
- config = {
- hooks.PRIVMSG = [
- {
- pattern = "^erriner mich$";
- activate = "match";
- command = {
- filename = pkgs.writeDash "add_remind" ''
- echo "$_from" >> /var/lib/reaktor2-mumble-reminder/users
- sort /var/lib/reaktor2-mumble-reminder/users | uniq > /var/lib/reaktor2-mumble-reminder/users.tmp
- mv /var/lib/reaktor2-mumble-reminder/users.tmp /var/lib/reaktor2-mumble-reminder/users
- echo "Ich werde $_from in zukunft an das meetup errinern"
- '';
- };
- }
- {
- pattern = "^nerv nicht$";
- activate = "match";
- command = {
- filename = pkgs.writeDash "del_remind" ''
- ${pkgs.gnused}/bin/sed -i "/$_from/d" /var/lib/reaktor2-mumble-reminder/users
- echo "okok, Ich werde $_from nich mehr errinern"
- '';
- };
- }
- ];
- };
- };
-
-in {
- krebs.reaktor2.mumble-reminder = {
- hostname = "irc.hackint.org";
- nick = "lassulus__";
- API.listen = "unix:/var/lib/reaktor2-mumble-reminder/reaktor_hackint.sock";
- plugins = [
- {
- plugin = "register";
- config = {
- channels = [
- "#krebs"
- "#nixos"
- ];
- };
- }
- systemPlugin
- ];
- port = "6697";
- };
- systemd.services.mumble-reminder-nixos = {
- description = "weekly reminder for nixos mumble";
- startAt = "Wed *-*-* 19:00:00 Europe/Berlin";
- serviceConfig = {
- ExecStart = pkgs.writers.writeDash "mumble_reminder" ''
- animals='
- ${animals}
- '
- ${write_to_irc "#nixos"} "Es ist Mittwoch meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
- ${write_to_irc "#nixos"} "kommt auf mumble://lassul.us"
- '';
- };
- };
- systemd.services.mumble-reminder-krebs = {
- description = "weekly reminder for nixos mumble";
- startAt = "Wed *-*-* 19:00:00 Europe/Berlin";
- serviceConfig = {
- ExecStart = pkgs.writers.writeDash "mumble_reminder" ''
- animals='
- ${animals}
- '
- ${write_to_irc "#krebs"} "Es ist Mittwoch meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
- ${write_to_irc "#krebs"} "$(cat /var/lib/reaktor2-mumble-reminder/users | ${pkgs.findutils}/bin/xargs echo) : mumble?"
- '';
- };
- };
-}
diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix
deleted file mode 100644
index 3129fef50..000000000
--- a/lass/2configs/murmur.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- services.murmur = {
- enable = true;
- allowHtml = false;
- bandwidth = 10000000;
- registerName = "lassul.us";
- autobanTime = 30;
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
- { predicate = "-p udp --dport 64738"; target = "ACCEPT";}
- ];
-
- systemd.services.docker-mumble-web.serviceConfig = {
- StandardOutput = lib.mkForce "journal";
- StandardError = lib.mkForce "journal";
- };
- virtualisation.oci-containers.containers.mumble-web = {
- image = "rankenstein/mumble-web:0.5";
- environment = {
- MUMBLE_SERVER = "lassul.us:64738";
- };
- ports = [
- "64739:8080"
- ];
- };
-
- services.nginx.virtualHosts."mumble.lassul.us" = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- proxyPass = "http://localhost:64739";
- proxyWebsockets = true;
- };
- };
-}
diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix
deleted file mode 100644
index ee69c6b1a..000000000
--- a/lass/2configs/network-manager.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ pkgs, lib, ... }:
-{
- networking.wireless.enable = lib.mkForce false;
-
- networking.networkmanager = {
- ethernet.macAddress = "random";
- wifi.macAddress = "random";
- enable = true;
- unmanaged = [
- "docker*"
- "vboxnet*"
- ];
- };
- systemd.services.NetworkManager-wait-online.enable = false;
- users.users.mainUser = {
- extraGroups = [ "networkmanager" ];
- packages = with pkgs; [
- gnome.gnome-keyring
- dconf
- ];
- };
- environment.systemPackages = [
- pkgs.nm-dmenu
- ];
-}
diff --git a/lass/2configs/networkd.nix b/lass/2configs/networkd.nix
deleted file mode 100644
index 12ffe0bd7..000000000
--- a/lass/2configs/networkd.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false;
- systemd.services.systemd-networkd.stopIfChanged = false;
- # Services that are only restarted might be not able to resolve when resolved is stopped before
- systemd.services.systemd-resolved.stopIfChanged = false;
-
- networking.useNetworkd = true;
- systemd.network = {
- enable = true;
- networks.wl0 = {
- matchConfig.Name = "wl0";
- DHCP = "yes";
- networkConfig = {
- IgnoreCarrierLoss = "3s";
- };
- dhcpV4Config.UseDNS = true;
- };
- };
-}
diff --git a/lass/2configs/nfs-dl.nix b/lass/2configs/nfs-dl.nix
deleted file mode 100644
index eeab732ba..000000000
--- a/lass/2configs/nfs-dl.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- fileSystems."/mnt/prism" = {
- device = "prism.w:/export/download";
- fsType = "nfs";
- options = [
- #"timeo=14"
- "noauto"
- "noatime"
- "nodiratime"
- #"noac"
- #"nocto"
- "x-systemd.automount"
- "x-systemd.device-timeout=1"
- "x-systemd.idle-timeout=1min"
- "x-systemd.requires=retiolum.service"
- "user"
- "_netdev"
- "soft"
- ];
- };
-}
-
diff --git a/lass/2configs/orange-host.nix b/lass/2configs/orange-host.nix
deleted file mode 100644
index 6d82d8cc9..000000000
--- a/lass/2configs/orange-host.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, pkgs, ... }:
-{
- krebs.sync-containers3.containers.orange = {
- sshKey = "${toString <secrets>}/orange.sync.key";
- };
- containers.orange.bindMounts."/var/lib" = {
- hostPath = "/var/lib/sync-containers3/orange/state";
- isReadOnly = false;
- };
- services.nginx.virtualHosts."lassul.us" = {
- # enableACME = config.security;
- # forceSSL = true;
- locations."/" = {
- recommendedProxySettings = true;
- proxyWebsockets = true;
- proxyPass = "http://orange.r";
- };
- };
-}
diff --git a/lass/2configs/os-templates/CAC-CentOS-6.5-64bit.nix b/lass/2configs/os-templates/CAC-CentOS-6.5-64bit.nix
deleted file mode 100644
index b5ec722a0..000000000
--- a/lass/2configs/os-templates/CAC-CentOS-6.5-64bit.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-_:
-
-{
- boot.loader.grub = {
- device = "/dev/sda";
- splashImage = null;
- };
-
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "vmw_pvscsi"
- ];
-
- fileSystems."/" = {
- device = "/dev/VolGroup/lv_root";
- fsType = "ext4";
- };
-
- fileSystems."/boot" = {
- device = "/dev/sda1";
- fsType = "ext4";
- };
-
- swapDevices = [
- { device = "/dev/VolGroup/lv_swap"; }
- ];
-
- users.extraGroups = {
- # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
- # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
- # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
- # Docs: man:tmpfiles.d(5)
- # man:systemd-tmpfiles(8)
- # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
- # Main PID: 19272 (code=exited, status=1/FAILURE)
- #
- # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
- # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
- # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
- # warning: error(s) occured while switching to the new configuration
- lock.gid = 10001;
- };
-}
diff --git a/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix b/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix
deleted file mode 100644
index 168d1d97b..000000000
--- a/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-_:
-
-{
- boot.loader.grub = {
- device = "/dev/sda";
- splashImage = null;
- };
-
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "vmw_pvscsi"
- ];
-
- fileSystems."/" = {
- device = "/dev/centos/root";
- fsType = "xfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/sda1";
- fsType = "xfs";
- };
-
- swapDevices = [
- { device = "/dev/centos/swap"; }
- ];
-
- users.extraGroups = {
- # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
- # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
- # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
- # Docs: man:tmpfiles.d(5)
- # man:systemd-tmpfiles(8)
- # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
- # Main PID: 19272 (code=exited, status=1/FAILURE)
- #
- # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
- # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
- # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
- # warning: error(s) occured while switching to the new configuration
- lock.gid = 10001;
- };
-}
diff --git a/lass/2configs/otp-ssh.nix b/lass/2configs/otp-ssh.nix
deleted file mode 100644
index f9984e245..000000000
--- a/lass/2configs/otp-ssh.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ pkgs, ... }:
-# Enables second factor for ssh password login
-
-## Usage:
-# gen-oath-safe <username> totp
-## scan the qrcode with google authenticator (or FreeOTP)
-## copy last line into secrets/<host>/users.oath (chmod 700)
-{
- security.pam.oath = {
- # enabling it will make it a requisite of `all` services
- # enable = true;
- digits = 6;
- # TODO assert existing
- usersFile = (toString <secrets>) + "/users.oath";
- };
- # I want TFA only active for sshd with password-auth
- security.pam.services.sshd.oathAuth = true;
-}
diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix
deleted file mode 100644
index a52fe4afc..000000000
--- a/lass/2configs/pass.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- users.users.mainUser.packages = with pkgs; [
- (pass.withExtensions (ext: [ ext.pass-otp ]))
- gnupg
- (pkgs.writers.writeDashBin "unlock" ''
- set -efu
- HOST=$1
-
- pw=$(pass show "admin/$HOST/luks")
- torify sshn root@$(pass "hosts/$HOST/initrd/hostname") "echo $pw > /crypt-ramfs/passphrase"
- '')
- ];
-
- programs.gnupg.agent.enable = true;
- systemd.tmpfiles.rules = [
- "L+ /home/lass/.password-store - - - - sync/pwstore"
- ];
-
-}
diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix
deleted file mode 100644
index 86f0dba15..000000000
--- a/lass/2configs/paste.nix
+++ /dev/null
@@ -1,146 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-
-{
- services.nginx.virtualHosts.cyberlocker = {
- serverAliases = [ "c.r" ];
- locations."/".extraConfig = ''
- client_max_body_size 4G;
- proxy_set_header Host $host;
- proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port};
- '';
- extraConfig = ''
- add_header Access-Control-Allow-Origin * always;
- add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
- '';
- };
- services.nginx.virtualHosts.paste = {
- serverAliases = [ "p.r" ];
- locations."/".extraConfig = ''
- client_max_body_size 4G;
- proxy_set_header Host $host;
- proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port};
- '';
- locations."/image".extraConfig = /* nginx */ ''
- client_max_body_size 40M;
-
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
-
- proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
- proxy_pass_header Server;
- '';
- extraConfig = ''
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- '';
- };
- services.nginx.virtualHosts."c.krebsco.de" = {
- enableACME = true;
- addSSL = true;
- serverAliases = [ "c.krebsco.de" ];
- locations."/".extraConfig = ''
- if ($request_method != GET) {
- return 403;
- }
- proxy_set_header Host $host;
- proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port};
- '';
- extraConfig = ''
- add_header Access-Control-Allow-Origin * always;
- add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
- '';
- };
- services.nginx.virtualHosts."p.krebsco.de" = {
- enableACME = true;
- addSSL = true;
- serverAliases = [ "p.krebsco.de" ];
- locations."/".extraConfig = ''
- if ($request_method = 'OPTIONS') {
- return 204;
- }
- client_max_body_size 4G;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port};
- '';
- locations."/form".extraConfig = ''
- client_max_body_size 4G;
- proxy_set_header Host $host;
- proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste-form.port};
- '';
- locations."/image".extraConfig = ''
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
-
- proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
- proxy_pass_header Server;
- '';
- extraConfig = ''
- add_header Access-Control-Allow-Headers Authorization always;
- add_header Access-Control-Allow-Origin * always;
- add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
- '';
- };
-
- krebs.htgen.paste = {
- port = 9081;
- script = /* sh */ ''
- (. ${pkgs.htgen-paste}/bin/htgen-paste)
- '';
- };
-
- systemd.services.paste-gc = {
- startAt = "daily";
- serviceConfig = {
- ExecStart = ''
- ${pkgs.findutils}/bin/find /var/lib/htgen-paste/items -type f -mtime '+30' -exec rm {} \;
- '';
- User = "htgen-paste";
- };
- };
-
- krebs.htgen.paste-form = {
- port = 7770;
- script = /* sh */ ''
- export PATH=${makeBinPath [
- pkgs.curl
- pkgs.gnused
- ]}:$PATH
- (. ${pkgs.writeScript "paste-form" ''
- case "$Method" in
- 'POST')
- ref=$(head -c $req_content_length | sed '0,/^\r$/d;$d' | curl -fSs --data-binary @- https://p.krebsco.de | sed '1d;s/^http:/https:/')
-
- printf 'HTTP/1.1 200 OK\r\n'
- printf 'Content-Type: text/plain; charset=UTF-8\r\n'
- printf 'Server: %s\r\n' "$Server"
- printf 'Connection: close\r\n'
- printf 'Content-Length: %d\r\n' $(expr ''${#ref} + 1)
- printf '\r\n'
- printf '%s\n' "$ref"
-
- exit
- ;;
- esac
- ''})
- '';
- };
- krebs.htgen.imgur = {
- port = 7771;
- script = /* sh */ ''
- (. ${pkgs.htgen-imgur}/bin/htgen-imgur)
- '';
- };
- krebs.htgen.cyberlocker = {
- port = 7772;
- script = /* sh */ ''
- (. ${pkgs.htgen-cyberlocker}/bin/htgen-cyberlocker)
- '';
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";}
- ];
-}
diff --git a/lass/2configs/pipewire.nix b/lass/2configs/pipewire.nix
deleted file mode 100644
index da9408669..000000000
--- a/lass/2configs/pipewire.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ config, lib, pkgs, ... }:
-# TODO test `alsactl init` after suspend to reinit mic
-{
- security.rtkit.enable = true;
-
- hardware.bluetooth = {
- enable = true;
- powerOnBoot = true;
- };
-
- environment.systemPackages = with pkgs; [
- alsa-utils
- pulseaudio
- ponymix
- ];
-
- services.pipewire = {
- enable = true;
- systemWide = true;
- alsa.enable = true;
- alsa.support32Bit = true;
- pulse.enable = true;
- jack.enable = true;
- };
- environment.etc = {
- "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
- bluez_monitor.properties = {
- ["bluez5.enable-sbc-xq"] = true,
- ["bluez5.enable-msbc"] = true,
- ["bluez5.enable-hw-volume"] = true,
- ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
- }
- '';
- };
-}
diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix
deleted file mode 100644
index 648ffc784..000000000
--- a/lass/2configs/power-action.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- suspend = pkgs.writeDash "suspend" ''
- ${pkgs.systemd}/bin/systemctl suspend
- '';
-
- speak = text:
- pkgs.writeDash "speak" ''
- ${pkgs.espeak}/bin/espeak -v +whisper -s 110 "${text}"
- '';
-
-in {
- krebs.power-action = {
- enable = true;
- plans.low-battery = {
- upperLimit = 10;
- lowerLimit = 15;
- charging = false;
- action = pkgs.writeDash "warn-low-battery" ''
- ${speak "power level low"}
- '';
- };
- plans.suspend = {
- upperLimit = 10;
- lowerLimit = 0;
- charging = false;
- action = pkgs.writeDash "suspend-wrapper" ''
- /run/wrappers/bin/sudo ${suspend}
- '';
- };
- user = "lass";
- };
-
- users.users.power-action = {
- isNormalUser = true;
- extraGroups = [
- "audio"
- ];
- };
-
- security.sudo.extraConfig = ''
- ${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend}
- '';
-}
diff --git a/lass/2configs/ppp/umts-stick.nix b/lass/2configs/ppp/umts-stick.nix
deleted file mode 100644
index 64551a2b3..000000000
--- a/lass/2configs/ppp/umts-stick.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ pkgs, ... }: {
-
- # usage: pppd call stick
-
- environment.etc."ppp/peers/stick".text = ''
- /dev/ttyUSB0
- 460800
- crtscts
- defaultroute
- holdoff 10
- lock
- maxfail 0
- noauth
- nodetach
- noipdefault
- passive
- persist
- usepeerdns
- connect "${pkgs.ppp}/bin/chat -f ${pkgs.writeText "default.chat" ''
- ABORT "BUSY"
- ABORT "NO CARRIER"
- REPORT CONNECT
- "" "ATDT*99#"
- CONNECT
- ''}"
- '';
-
- environment.systemPackages = [
- pkgs.ppp
- ];
-
-}
-
diff --git a/lass/2configs/ppp/x220-modem.nix b/lass/2configs/ppp/x220-modem.nix
deleted file mode 100644
index d6facb724..000000000
--- a/lass/2configs/ppp/x220-modem.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ pkgs, ... }: {
-
- # usage: pppd call x220
-
- environment.etc."ppp/peers/x220".text = ''
- /dev/ttyACM2
- 921600
- crtscts
- defaultroute
- holdoff 10
- lock
- maxfail 0
- noauth
- nodetach
- noipdefault
- passive
- persist
- usepeerdns
- connect "${pkgs.ppp}/bin/chat -f ${pkgs.writeText "default.chat" ''
- ABORT "BUSY"
- ABORT "NO CARRIER"
- REPORT CONNECT
- "" "ATDT*99#"
- CONNECT
- ''}"
- '';
-
- environment.systemPackages = [
- pkgs.ppp
- ];
-
-}
diff --git a/lass/2configs/print.nix b/lass/2configs/print.nix
deleted file mode 100644
index f493b19cc..000000000
--- a/lass/2configs/print.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ pkgs, ... }:
-{
- services.printing = {
- enable = true;
- drivers = [
- pkgs.foomatic-filters
- pkgs.gutenprint
- ];
- browsing = true;
- browsedConf = ''
- BrowseDNSSDSubTypes _cups,_print
- BrowseLocalProtocols all
- BrowseRemoteProtocols all
- CreateIPPPrinterQueues All
-
- BrowseProtocols all
- '';
- };
-}
diff --git a/lass/2configs/prism-share.nix b/lass/2configs/prism-share.nix
deleted file mode 100644
index fb803dd77..000000000
--- a/lass/2configs/prism-share.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
-
-{
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 139"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 445"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 137"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 138"; target = "ACCEPT"; }
- ];
- users.users.smbguest = {
- name = "smbguest";
- uid = config.ids.uids.smbguest;
- description = "smb guest user";
- home = "/home/share";
- createHome = true;
- group = "share";
- };
- users.groups.share = {};
-
- services.samba = {
- enable = true;
- enableNmbd = true;
- shares = {
- incoming = {
- path = "/mnt/prism";
- "read only" = "yes";
- browseable = "yes";
- "guest ok" = "yes";
- };
- };
- extraConfig = ''
- guest account = smbguest
- map to guest = bad user
- # disable printing
- load printers = no
- printing = bsd
- printcap name = /dev/null
- disable spoolss = yes
- '';
- };
-}
diff --git a/lass/2configs/privoxy-retiolum.nix b/lass/2configs/privoxy-retiolum.nix
deleted file mode 100644
index 352a6d3d8..000000000
--- a/lass/2configs/privoxy-retiolum.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, ... }:
-
-let
- r_ip = config.krebs.build.host.nets.retiolum.ip4.addr;
-
-in {
- imports = [
- ./privoxy.nix
- ];
-
- services.privoxy.listenAddress = "${r_ip}:8118";
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 8118"; target = "ACCEPT"; }
- { predicate = "-i dns0 -p tcp --dport 8118"; target = "ACCEPT"; }
- ];
- };
- };
-}
diff --git a/lass/2configs/privoxy.nix b/lass/2configs/privoxy.nix
deleted file mode 100644
index e0a086421..000000000
--- a/lass/2configs/privoxy.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ config, ... }:
-
-{
- services.privoxy = {
- enable = true;
- };
-}
diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix
deleted file mode 100644
index 4361ec747..000000000
--- a/lass/2configs/programs.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ config, pkgs, ... }:
-
-## TODO sort and split up
-{
- environment.systemPackages = with pkgs; [
- aria2
- generate-secrets
- gnupg1compat
- htop
- i3lock
- l-gen-secrets
- mosh
- pass
- pavucontrol
- pv
- pwgen
- remmina
- ripgrep
- silver-searcher
- transmission
- wget
- xsel
- yt-dlp
- (pkgs.writeDashBin "youtube-dl" ''
- exec ${pkgs.yt-dlp}/bin/yt-dlp "$@"
- '')
- (pkgs.writeDashBin "tether-on" ''
- adb shell svc usb setFunctions rndis
- '')
- (pkgs.writeDashBin "tether-off" ''
- adb shell svc usb setFunctions
- '')
- (pkgs.writeDashBin "deploy" ''
- set -eu
- export SYSTEM="$1"
- $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
- '')
- (pkgs.writeDashBin "lassul.us" ''
- TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
- ${pkgs.pass}/bin/pass show admin/ovh/api.config > "$TMPDIR"/ovh-secrets.json
- OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.ovh-zone}/bin/ovh-zone import /etc/zones/lassul.us lassul.us
- ${pkgs.coreutils}/bin/rm -rf "$TMPDIR"
- '')
- (pkgs.writeDashBin "btc-coinbase" ''
- ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount'
- '')
- (pkgs.writeDashBin "btc-wex" ''
- ${pkgs.curl}/bin/curl -Ss 'https://wex.nz/api/3/ticker/btc_eur' | ${pkgs.jq}/bin/jq '.btc_eur.avg'
- '')
- (pkgs.writeDashBin "btc-kraken" ''
- ${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]'
- '')
- ];
-}
diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
deleted file mode 100644
index 457d5b6c7..000000000
--- a/lass/2configs/reaktor-coders.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-let
- hooks = pkgs.reaktor2-plugins.hooks;
-in {
- krebs.reaktor2.coders = {
- hostname = "irc.hackint.org";
- port = "9999";
- useTLS = true;
- nick = "reaktor2|lass";
- plugins = [
- {
- plugin = "register";
- config = {
- channels = [
- "#coders"
- "#germany"
- "#panthermoderns"
- ];
- };
- }
- {
- plugin = "system";
- config = {
- workdir = config.krebs.reaktor2.coders.stateDir;
- hooks.PRIVMSG = [
- hooks.sed
- hooks.url-title
- {
- activate = "match";
- pattern = ''^!([^ ]+)(?:\s*(.*))?'';
- command = 1;
- arguments = [2];
- commands = {
- ping.filename = pkgs.writeDash "ping" ''
- exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1
- '';
- google.filename = pkgs.writeDash "google" ''
- exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \
- ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"'
- '';
- shrug.filename = pkgs.writeDash "shrug" ''
- exec echo '¯\_(ツ)_/¯'
- '';
- table.filename = pkgs.writeDash "table" ''
- exec echo '(╯°□°)╯ ┻━┻'
- '';
- };
- }
- ];
- };
- }
- ];
- };
-}
diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix
deleted file mode 100644
index 0260b91c0..000000000
--- a/lass/2configs/realwallpaper.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- hostname = config.krebs.build.host.name;
- inherit (lib)
- nameValuePair
- ;
-
-in {
- krebs.realwallpaper.enable = true;
-
- system.activationScripts.wallpaper-chmod = ''
- ${pkgs.coreutils}/bin/chmod +rx /var/realwallpaper
- '';
- services.nginx.virtualHosts.wallpaper = {
- extraConfig = ''
- if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
- return 403;
- }
- '';
- serverAliases = [
- "wallpaper.r"
- ];
- locations."/".extraConfig = ''
- autoindex on;
- root /var/realwallpaper/;
- '';
- locations."/realwallpaper.png".extraConfig = ''
- root /var/realwallpaper/;
- '';
- locations."/realwallpaper-krebs.png".extraConfig = ''
- root /var/realwallpaper/;
- '';
- locations."/realwallpaper-krebs-stars.png".extraConfig = ''
- root /var/realwallpaper/;
- '';
- locations."/realwallpaper-krebs-stars-berlin.png".extraConfig = ''
- root /var/realwallpaper/;
- '';
- locations."/realwallpaper-video.mp4".extraConfig = ''
- root /var/realwallpaper/archive;
- '';
- };
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
- };
-}
diff --git a/lass/2configs/rebuild-on-boot.nix b/lass/2configs/rebuild-on-boot.nix
deleted file mode 100644
index 60198be7b..000000000
--- a/lass/2configs/rebuild-on-boot.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-{
- systemd.services.rebuild-on-boot = {
- wantedBy = [ "multi-user.target" ];
- environment = {
- NIX_REMOTE = "daemon";
- HOME = "/var/empty";
- };
- serviceConfig = {
- ExecStart = pkgs.writeScript "rebuild" ''
- #!${pkgs.bash}/bin/bash
- (/run/current-system/sw/bin/nixos-rebuild -I /var/src switch) &
- '';
- ExecStop = "${pkgs.coreutils}/bin/sleep 10";
- };
- };
-}
diff --git a/lass/2configs/red-host.nix b/lass/2configs/red-host.nix
deleted file mode 100644
index ac7e529a3..000000000
--- a/lass/2configs/red-host.nix
+++ /dev/null
@@ -1,163 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- ctr.name = "red";
-in
-{
-
- krebs.sync-containers3.containers.red = {
- sshKey = "${toString <secrets>}/containers/red/sync.key";
- ephemeral = true;
- };
-
- # containers.${ctr.name} = {
- # config = {
- # environment.systemPackages = [
- # pkgs.dhcpcd
- # pkgs.git
- # pkgs.jq
- # ];
- # networking.useDHCP = lib.mkForce true;
- # systemd.services.autoswitch = {
- # environment = {
- # NIX_REMOTE = "daemon";
- # };
- # wantedBy = [ "multi-user.target" ];
- # serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ''
- # if test -e /var/src/nixos-config; then
- # /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || :
- # fi
- # '';
- # unitConfig.X-StopOnRemoval = false;
- # };
- # };
- # autoStart = false;
- # enableTun = true;
- # privateNetwork = true;
- # hostBridge = "ctr0";
- # bindMounts = {
- # "/etc/resolv.conf".hostPath = "/etc/resolv.conf";
- # "/var/lib/self-state/disk-image" = {
- # hostPath = "/var/lib/sync-containers3/${ctr.name}";
- # isReadOnly = true;
- # };
- # };
- # };
-
- # systemd.services."${ctr.name}_scheduler" = {
- # wantedBy = [ "multi-user.target" ];
- # path = with pkgs; [
- # coreutils
- # consul
- # cryptsetup
- # mount
- # util-linux
- # systemd
- # untilport
- # ];
- # serviceConfig = {
- # Restart = "always";
- # RestartSec = "15s";
- # ExecStart = "${pkgs.consul}/bin/consul lock container_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-start" ''
- # set -efux
- # trap ${pkgs.writers.writeDash "stop-${ctr.name}" ''
- # set -efux
- # /run/current-system/sw/bin/nixos-container stop ${ctr.name} || :
- # umount /var/lib/nixos-containers/${ctr.name}/var/state || :
- # cryptsetup luksClose ${ctr.name} || :
- # ''} INT TERM EXIT
- # consul kv put containers/${ctr.name}/host ${config.networking.hostName}
- # cryptsetup luksOpen --key-file /var/src/secrets/containers/${ctr.name}/luks /var/lib/sync-containers3/${ctr.name}/disk ${ctr.name}
- # mkdir -p /var/lib/nixos-containers/${ctr.name}/var/state
- # mount /dev/mapper/${ctr.name} /var/lib/nixos-containers/${ctr.name}/var/state
- # ln -frs /var/lib/nixos-containers/${ctr.name}/var/state/var_src /var/lib/nixos-containers/${ctr.name}/var/src
- # /run/current-system/sw/bin/nixos-container start ${ctr.name}
- # set +x
- # until /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null; do sleep 5; done
- # while /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null; do sleep 5; done
- # ''}";
- # };
- # };
-
- # users.groups."container_${ctr.name}" = {};
- # users.users."container_${ctr.name}" = {
- # group = "container_${ctr.name}";
- # isSystemUser = true;
- # home = "/var/lib/sync-containers3/${ctr.name}";
- # createHome = true;
- # homeMode = "705";
- # openssh.authorizedKeys.keys = [
- # config.krebs.users.lass.pubkey
- # ];
- # };
-
- # systemd.timers."${ctr.name}_syncer" = {
- # timerConfig = {
- # RandomizedDelaySec = 300;
- # };
- # };
- # systemd.services."${ctr.name}_syncer" = {
- # path = with pkgs; [
- # coreutils
- # rsync
- # openssh
- # systemd
- # ];
- # startAt = "*:0/1";
- # serviceConfig = {
- # User = "container_${ctr.name}";
- # LoadCredential = [
- # "ssh_key:${toString <secrets>}/containers/${ctr.name}/sync.key"
- # ];
- # ExecCondition = pkgs.writers.writeDash "${ctr.name}_checker" ''
- # set -efu
- # ! systemctl is-active --quiet container@${ctr.name}.service
- # '';
- # ExecStart = pkgs.writers.writeDash "${ctr.name}_syncer" ''
- # set -efu
- # rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --inplace container_sync@${ctr.name}.r:disk-image/disk $HOME/disk
- # '';
- # };
- # };
-
- # # networking
- # networking.networkmanager.unmanaged = [ "ctr0" ];
- # networking.interfaces.dummy0.virtual = true;
- # networking.bridges.ctr0.interfaces = [ "dummy0" ];
- # networking.interfaces.ctr0.ipv4.addresses = [{
- # address = "10.233.0.1";
- # prefixLength = 24;
- # }];
- # systemd.services."dhcpd-ctr0" = {
- # wantedBy = [ "multi-user.target" ];
- # after = [ "network.target" ];
- # serviceConfig = {
- # Type = "forking";
- # Restart = "always";
- # DynamicUser = true;
- # StateDirectory = "dhcpd-ctr0";
- # User = "dhcpd-ctr0";
- # Group = "dhcpd-ctr0";
- # AmbientCapabilities = [
- # "CAP_NET_RAW" # to send ICMP messages
- # "CAP_NET_BIND_SERVICE" # to bind on DHCP port (67)
- # ];
- # ExecStartPre = "${pkgs.coreutils}/bin/touch /var/lib/dhcpd-ctr0/dhcpd.leases";
- # ExecStart = "${pkgs.dhcp}/bin/dhcpd -4 -lf /var/lib/dhcpd-ctr0/dhcpd.leases -cf ${pkgs.writeText "dhpd.conf" ''
- # default-lease-time 600;
- # max-lease-time 7200;
- # authoritative;
- # ddns-update-style interim;
- # log-facility local1; # see dhcpd.nix
-
- # option subnet-mask 255.255.255.0;
- # option routers 10.233.0.1;
- # # option domain-name-servers 8.8.8.8; # TODO configure dns server
- # subnet 10.233.0.0 netmask 255.255.255.0 {
- # range 10.233.0.10 10.233.0.250;
- # }
- # ''} ctr0";
- # };
- # };
-
-}
-
diff --git a/lass/2configs/redis.nix b/lass/2configs/redis.nix
deleted file mode 100644
index 8dd8df5c3..000000000
--- a/lass/2configs/redis.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ config, ... }:
-
-{
- config.services.redis = {
- enable = true;
- bind = "127.0.0.1";
- };
-}
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
deleted file mode 100644
index c2828f6db..000000000
--- a/lass/2configs/retiolum.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = let
- tincport = toString config.krebs.build.host.nets.retiolum.tinc.port;
- in [
- { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; }
- { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; }
- ];
- };
- };
-
- krebs.tinc.retiolum = {
- enable = true;
- connectTo = [
- "prism"
- "ni"
- "eve"
- ];
- extraConfig = ''
- AutoConnect = no
- ${lib.optionalString (config.krebs.build.host.nets.retiolum.via != null) ''
- LocalDiscovery = no
- ''}
- '';
- tincUp = lib.mkIf config.systemd.network.enable "";
- };
-
- systemd.network.networks.retiolum = {
- matchConfig.Name = "retiolum";
- address = [
- "${config.krebs.build.host.nets.retiolum.ip4.addr}/16"
- "${config.krebs.build.host.nets.retiolum.ip6.addr}/16"
- ];
- linkConfig = {
- MTUBytes = "1377";
- RequiredForOnline = "no";
- };
- networkConfig = {
- IgnoreCarrierLoss = "10s";
- LinkLocalAddressing = "no";
- };
- };
-
- nixpkgs.config.packageOverrides = pkgs: {
- tinc = pkgs.tinc_pre;
- };
-
- environment.systemPackages = [
- pkgs.tinc
- ];
-}
diff --git a/lass/2configs/review.nix b/lass/2configs/review.nix
deleted file mode 100644
index 658f32084..000000000
--- a/lass/2configs/review.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.mainUser;
-in {
-
- users.users.review = {
- isNormalUser = true;
- packages = [ pkgs.nixpkgs-review ];
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(review) NOPASSWD: ALL
- '';
-}
diff --git a/lass/2configs/riot.nix b/lass/2configs/riot.nix
deleted file mode 100644
index 6348cb882..000000000
--- a/lass/2configs/riot.nix
+++ /dev/null
@@ -1,87 +0,0 @@
-{ config, lib, pkgs, ... }: let
- domains = [
- "hackerfleet.eu"
- "hackerfleet.de"
- ];
-in {
- containers.riot = {
- config = {
- environment.systemPackages = [
- pkgs.git
- pkgs.jq
- ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
- ];
- networking.defaultGateway = "10.233.1.1";
- systemd.services.autoswitch = {
- environment = {
- NIX_REMOTE = "daemon";
- };
- wantedBy = [ "multi-user.target" ];
- serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ''
- set -efu
- if test -e /etc/nixos/configuration.nix; then
- /run/current-system/sw/bin/nixos-rebuild switch \
- -I nixpkgs=channel:$(cat /etc/nixos/channel) \
- -I nixos-config=/etc/nixos/configuration.nix \
- || :
- fi
- '';
- unitConfig.X-StopOnRemoval = false;
- };
- };
- autoStart = true;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.1.1";
- localAddress = "10.233.1.2";
- };
- systemd.services."container@riot".restartIfChanged = lib.mkForce false;
-
- systemd.network.networks."50-ve-riot" = {
- matchConfig.Name = "ve-riot";
-
- networkConfig = {
- # weirdly we have to use POSTROUTING MASQUERADE here
- # and set ip_forward manually
- # IPForward = "yes";
- # IPMasquerade = "both";
- LinkLocalAddressing = "no";
- KeepConfiguration = "static";
- };
- };
-
- boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault 1;
-
- krebs.iptables.tables.nat.POSTROUTING.rules = [
- { v6 = false; predicate = "-s ${config.containers.riot.localAddress}"; target = "MASQUERADE"; }
- ];
-
- # networking.nat can be used instead of this
- krebs.iptables.tables.nat.PREROUTING.rules = [
- { predicate = "-p tcp --dport 45622"; target = "DNAT --to-destination ${config.containers.riot.localAddress}:22"; v6 = false; }
- ];
- krebs.iptables.tables.filter.FORWARD.rules = [
- { predicate = "-i ve-riot"; target = "ACCEPT"; }
- { predicate = "-o ve-riot"; target = "ACCEPT"; }
- ];
-
-
- # non container stuff
-
- services.nginx.virtualHosts.riot = {
- serverName = null;
- serverAliases = domains;
- };
-
- krebs.exim-smarthost.extraRouters = ''
- forward_riot:
- driver = manualroute
- domains = ${lib.concatStringsSep ":" domains}
- transport = remote_smtp
- route_list = * riot
- no_more
- '';
-}
diff --git a/lass/2configs/rtl-sdr.nix b/lass/2configs/rtl-sdr.nix
deleted file mode 100644
index 7d640ea6c..000000000
--- a/lass/2configs/rtl-sdr.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- boot.blacklistedKernelModules = [ "dvb_usb_rtl28xxu" ];
- services.udev.extraRules = ''
- SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="adm", MODE="0666", SYMLINK+="rtl_sdr"
- '';
-}
diff --git a/lass/2configs/searx.nix b/lass/2configs/searx.nix
deleted file mode 100644
index ed6586a26..000000000
--- a/lass/2configs/searx.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ pkgs, ... }:
-let
- port = 8889;
-in {
- services.nginx.virtualHosts.search = {
- serverAliases = [ "search.r" ];
- locations."/".extraConfig = ''
- proxy_set_header Host $host;
- proxy_pass http://127.0.0.1:${builtins.toString port};
- '';
- };
-
- services.searx = {
- enable = true;
- configFile = pkgs.writeText "searx.cfg" (builtins.toJSON {
- use_default_settings = true;
- server = {
- port = port;
- secret_key = builtins.readFile <secrets/searx.key>;
- };
- });
- };
-}
diff --git a/lass/2configs/services/coms/default.nix b/lass/2configs/services/coms/default.nix
deleted file mode 100644
index 4bc5f744b..000000000
--- a/lass/2configs/services/coms/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- imports = [
- ./jitsi.nix
- ./murmur.nix
- ];
-}
diff --git a/lass/2configs/services/coms/jitsi.nix b/lass/2configs/services/coms/jitsi.nix
deleted file mode 100644
index bbcb36166..000000000
--- a/lass/2configs/services/coms/jitsi.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
-
- services.jitsi-meet = {
- enable = true;
- hostName = "jitsi.lassul.us";
- config = {
- enableWelcomePage = true;
- requireDisplayName = true;
- analytics.disabled = true;
- startAudioOnly = true;
- channelLastN = 4;
- stunServers = [
- # - https://www.kuketz-blog.de/jitsi-meet-server-einstellungen-fuer-einen-datenschutzfreundlichen-betrieb/
- { urls = "turn:turn.matrix.org:3478?transport=udp"; }
- { urls = "turn:turn.matrix.org:3478?transport=tcp"; }
- # - services.coturn:
- #{ urls = "turn:turn.${domainName}:3479?transport=udp"; }
- #{ urls = "turn:turn.${domainName}:3479?transport=tcp"; }
- ];
- constraints.video.height = {
- ideal = 720;
- max = 1080;
- min = 240;
- };
- };
- interfaceConfig = {
- SHOW_JITSI_WATERMARK = false;
- SHOW_WATERMARK_FOR_GUESTS = false;
- DISABLE_PRESENCE_STATUS = true;
- GENERATE_ROOMNAMES_ON_WELCOME_PAGE = false;
- };
- };
-
- services.jitsi-videobridge.config = {
- org.jitsi.videobridge.TRUST_BWE = false;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 10000"; target = "ACCEPT"; }
- ];
-}
diff --git a/lass/2configs/services/coms/murmur.nix b/lass/2configs/services/coms/murmur.nix
deleted file mode 100644
index 40c53da36..000000000
--- a/lass/2configs/services/coms/murmur.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- services.murmur = {
- enable = true;
- # allowHtml = false;
- bandwidth = 10000000;
- registerName = "lassul.us";
- autobanTime = 30;
- sslCert = "/var/lib/acme/lassul.us/cert.pem";
- sslKey = "/var/lib/acme/lassul.us/key.pem";
- extraConfig = ''
- opusthreshold=0
- # rememberchannelduration=10000
- '';
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
- { predicate = "-p udp --dport 64738"; target = "ACCEPT";}
- ];
-
- # services.botamusique = {
- # enable = true;
- # settings = {
- # server.host = "lassul.us";
- # bot.auto_check_updates = false;
- # bot.max_track_duration = 360;
- # webinterface.enabled = true;
- # };
- # };
-
- services.nginx.virtualHosts."lassul.us" = {
- enableACME = true;
- };
- security.acme.certs."lassul.us" = {
- group = "lasscert";
- };
- users.groups.lasscert.members = [
- "nginx"
- "murmur"
- ];
-
- # services.nginx.virtualHosts."bota.r" = {
- # locations."/" = {
- # proxyPass = "http://localhost:8181";
- # };
- # };
-}
diff --git a/lass/2configs/services/coms/proxy.nix b/lass/2configs/services/coms/proxy.nix
deleted file mode 100644
index fd7b36ca8..000000000
--- a/lass/2configs/services/coms/proxy.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- tcpports = [
- 4443 # jitsi
- 64738 # murmur
- ];
- udpports = [
- 10000 # jitsi
- 64738 # murmur
- ];
- target = "orange.r";
-in
-{
- networking.firewall.allowedTCPPorts = tcpports;
- networking.firewall.allowedUDPPorts = udpports;
- services.nginx.streamConfig = ''
- ${lib.concatMapStringsSep "\n" (port: ''
- server {
- listen [::]:${toString port};
- listen ${toString port};
- proxy_pass ${target}:${toString port};
- }
- '') tcpports}
- '';
-
- krebs.iptables.tables.nat.PREROUTING.rules = lib.flatten (map (port: [
- { predicate = "-p udp --dport ${toString port}"; target = "DNAT --to-destination ${config.krebs.hosts.orange.nets.retiolum.ip4.addr}:${toString port}"; v6 = false; }
- { predicate = "-p udp --dport ${toString port}"; target = "DNAT --to-destination [${config.krebs.hosts.orange.nets.retiolum.ip6.addr}]:${toString port}"; v4 = false; }
- ]) udpports);
-
- services.nginx.virtualHosts."jitsi.lassul.us" = {
- enableACME = true;
- acmeFallbackHost = "${target}";
- addSSL = true;
- locations."/" = {
- recommendedProxySettings = true;
- proxyWebsockets = true;
- proxyPass = "https://${target}";
- };
- };
-}
diff --git a/lass/2configs/services/flix/container-host.nix b/lass/2configs/services/flix/container-host.nix
deleted file mode 100644
index 1c5b81128..000000000
--- a/lass/2configs/services/flix/container-host.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, pkgs, ... }:
-{
- krebs.sync-containers3.containers.yellow = {
- sshKey = "${toString <secrets>}/yellow.sync.key";
- };
- containers.yellow.bindMounts."/var/lib" = {
- hostPath = "/var/lib/sync-containers3/yellow/state";
- isReadOnly = false;
- };
- containers.yellow.bindMounts."/var/download" = {
- hostPath = "/var/download";
- isReadOnly = false;
- };
- # krebs.iptables.tables.filter.FORWARD.rules = [
- # { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip4.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v6 = false; }
- # { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip6.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v4 = false; }
- # ];
- # krebs.iptables.tables.nat.PREROUTING.rules = [
- # { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${config.krebs.hosts.radio.nets.retiolum.ip4.addr}:8000"; v6 = false; }
- # { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${config.krebs.hosts.radio.nets.retiolum.ip6.addr}:8000"; v4 = false; }
- # ];
- networking.firewall.allowedTCPPorts = [ 8096 8920 ];
- networking.firewall.allowedUDPPorts = [ 1900 7359 ];
- containers.yellow.forwardPorts = [
- { hostPort = 8096; containerPort = 8096; protocol = "tcp"; }
- { hostPort = 8920; containerPort = 8920; protocol = "tcp"; }
- { hostPort = 1900; containerPort = 1900; protocol = "udp"; }
- { hostPort = 7359; containerPort = 7359; protocol = "udp"; }
- ];
-
- services.nginx.virtualHosts."flix.lassul.us" = {
- # forceSSL = true;
- # enableACME = true;
- locations."/" = {
- proxyPass = "http://yellow.r:8096";
- proxyWebsockets = true;
- recommendedProxySettings = true;
- };
- };
-}
diff --git a/lass/2configs/services/flix/default.nix b/lass/2configs/services/flix/default.nix
deleted file mode 100644
index e6be394ce..000000000
--- a/lass/2configs/services/flix/default.nix
+++ /dev/null
@@ -1,316 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- users.groups.download.members = [ "transmission" ];
- services.transmission = {
- enable = true;
- home = "/var/state/transmission";
- group = "download";
- downloadDirPermissions = "775";
- settings = {
- download-dir = "/var/download/transmission";
- incomplete-dir-enabled = false;
- rpc-bind-address = "::";
- message-level = 1;
- umask = 18;
- rpc-whitelist-enabled = false;
- rpc-host-whitelist-enabled = false;
- };
- };
-
- security.acme.defaults.email = "spam@krebsco.de";
- security.acme.acceptTerms = true;
- security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL;
- security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL;
- security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL;
- security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL;
- security.acme.certs."transmission.r".server = config.krebs.ssl.acmeURL;
- services.nginx = {
- enable = true;
- package = pkgs.nginx.override {
- modules = with pkgs.nginxModules; [
- fancyindex
- ];
- };
- virtualHosts."yellow.r" = {
- default = true;
- enableACME = true;
- addSSL = true;
- locations."/" = {
- root = "/var/download";
- extraConfig = ''
- fancyindex on;
- fancyindex_footer "/fancy.html";
- include ${pkgs.nginx}/conf/mime.types;
- include ${pkgs.writeText "extrMime" ''
- types {
- video/webm mkv;
- }
- ''};
- create_full_put_path on;
- '';
- };
- locations."/chatty" = {
- proxyPass = "http://localhost:3000";
- extraConfig = ''
- rewrite /chatty/(.*) /$1 break;
- proxy_set_header Host $host;
- '';
- };
- locations."= /fancy.html".extraConfig = ''
- alias ${pkgs.writeText "nginx_footer" ''
- <div id="mydiv">
- <!-- Include a header DIV with the same name as the draggable DIV, followed by "header" -->
- <div id="mydivheader">Click here to move</div>
- <iframe src="/chatty/index.html"></iframe>
- </div>
- <style>
- #mydiv {
- position: absolute;
- z-index: 9;
- background-color: #f1f1f1;
- border: 1px solid #d3d3d3;
- text-align: center;
- }
-
- #mydivheader {
- padding: 10px;
- cursor: move;
- z-index: 10;
- background-color: #2196F3;
- color: #fff;
- }
- </style>
- <script>
- // Make the DIV element draggable:
- dragElement(document.getElementById("mydiv"));
-
- function dragElement(elmnt) {
- var pos1 = 0, pos2 = 0, pos3 = 0, pos4 = 0;
- if (document.getElementById(elmnt.id + "header")) {
- // if present, the header is where you move the DIV from:
- document.getElementById(elmnt.id + "header").onmousedown = dragMouseDown;
- } else {
- // otherwise, move the DIV from anywhere inside the DIV:
- elmnt.onmousedown = dragMouseDown;
- }
-
- function dragMouseDown(e) {
- e = e || window.event;
- e.preventDefault();
- // get the mouse cursor position at startup:
- pos3 = e.clientX;
- pos4 = e.clientY;
- document.onmouseup = closeDragElement;
- // call a function whenever the cursor moves:
- document.onmousemove = elementDrag;
- }
-
- function elementDrag(e) {
- e = e || window.event;
- e.preventDefault();
- // calculate the new cursor position:
- pos1 = pos3 - e.clientX;
- pos2 = pos4 - e.clientY;
- pos3 = e.clientX;
- pos4 = e.clientY;
- // set the element's new position:
- elmnt.style.top = (elmnt.offsetTop - pos2) + "px";
- elmnt.style.left = (elmnt.offsetLeft - pos1) + "px";
- }
-
- function closeDragElement() {
- // stop moving when mouse button is released:
- document.onmouseup = null;
- document.onmousemove = null;
- }
- }
- </script>
- ''};
- '';
- };
- virtualHosts."jelly.r" = {
- enableACME = true;
- addSSL = true;
- locations."/".extraConfig = ''
- proxy_pass http://localhost:8096/;
- proxy_set_header Accept-Encoding "";
- '';
- };
- virtualHosts."transmission.r" = {
- enableACME = true;
- addSSL = true;
- locations."/" = {
- proxyWebsockets = true;
- proxyPass = "http://localhost:9091";
- };
- };
- virtualHosts."radar.r" = {
- enableACME = true;
- addSSL = true;
- locations."/" = {
- proxyWebsockets = true;
- proxyPass = "http://localhost:7878";
- };
- };
- virtualHosts."sonar.r" = {
- enableACME = true;
- addSSL = true;
- locations."/" = {
- proxyWebsockets = true;
- proxyPass = "http://localhost:8989";
- };
- };
- };
-
- services.samba = {
- enable = true;
- enableNmbd = false;
- extraConfig = ''
- workgroup = WORKGROUP
- server string = ${config.networking.hostName}
- # only allow retiolum addresses
- hosts allow = 42::/16 10.243.0.0/16 10.244.0.0/16
-
- # Use sendfile() for performance gain
- use sendfile = true
-
- # No NetBIOS is needed
- disable netbios = true
-
- # Only mangle non-valid NTFS names, don't care about DOS support
- mangled names = illegal
-
- # Performance optimizations
- socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
-
- # Disable all printing
- load printers = false
- disable spoolss = true
- printcap name = /dev/null
-
- map to guest = Bad User
- max log size = 50
- dns proxy = no
- security = user
-
- [global]
- syslog only = yes
- '';
- shares.public = {
- comment = "Warez";
- path = "/var/download";
- public = "yes";
- "only guest" = "yes";
- "create mask" = "0644";
- "directory mask" = "2777";
- writable = "no";
- printable = "no";
- };
- };
-
- systemd.services.bruellwuerfel =
- let
- bruellwuerfelSrc = pkgs.fetchFromGitHub {
- owner = "krebs";
- repo = "bruellwuerfel";
- rev = "dc73adf69249fb63a4b024f1f3fbc9e541b27015";
- sha256 = "078jp1gbavdp8lnwa09xa5m6bbbd05fi4x5ldkkgin5z04hwlhmd";
- };
- in {
- wantedBy = [ "multi-user.target" ];
- environment = {
- IRC_CHANNEL = "#flix";
- IRC_NICK = "bruelli";
- IRC_SERVER = "irc.r";
- IRC_HISTORY_FILE = "/tmp/bruelli.history";
- };
- serviceConfig = {
- ExecStart = "${pkgs.deno}/bin/deno run -A ${bruellwuerfelSrc}/src/index.ts";
- };
- };
-
- krebs.iptables = {
- enable = true;
- tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir
- { predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir
- { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web
- { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
- { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
- { predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin
- { predicate = "-p tcp --dport 8920"; target = "ACCEPT"; } # jellyfin
- { predicate = "-p udp --dport 1900"; target = "ACCEPT"; } # jellyfin
- { predicate = "-p udp --dport 7359"; target = "ACCEPT"; } # jellyfin
- { predicate = "-p tcp --dport 9696"; target = "ACCEPT"; } # prowlarr
- { predicate = "-p tcp --dport 8989"; target = "ACCEPT"; } # sonarr
- { predicate = "-p tcp --dport 7878"; target = "ACCEPT"; } # radarr
- { predicate = "-p tcp --dport 6767"; target = "ACCEPT"; } # bazarr
-
- # smbd
- { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
- ];
- };
-
- systemd.services.flix-index = {
- wantedBy = [ "multi-user.target" ];
- path = [
- pkgs.coreutils
- pkgs.findutils
- pkgs.inotify-tools
- ];
- serviceConfig = {
- Restart = "always";
- ExecStart = pkgs.writers.writeDash "flix-index" ''
- set -efu
-
- DIR=/var/download
- cd "$DIR"
- while inotifywait -rq -e create -e move -e delete "$DIR"; do
- find . -type f > "$DIR"/index.tmp
- mv "$DIR"/index.tmp "$DIR"/index
- done
- '';
- };
- };
-
- services.jellyfin = {
- enable = true;
- group = "download";
- };
-
- # movies
- services.radarr = {
- enable = true;
- group = "download";
- };
-
- # shows
- services.sonarr = {
- enable = true;
- group = "download";
- };
-
- # indexers
- services.prowlarr = {
- enable = true;
- };
-
- # subtitles
- services.bazarr = {
- enable = true;
- group = "download";
- };
-}
diff --git a/lass/2configs/services/flix/proxy.nix b/lass/2configs/services/flix/proxy.nix
deleted file mode 100644
index c16c6def3..000000000
--- a/lass/2configs/services/flix/proxy.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, pkgs, ... }:
-{
- services.nginx.virtualHosts."flix.lassul.us" = {
- forceSSL = true;
- enableACME = true;
- locations."/" = {
- proxyPass = "http://yellow.r:8096";
- proxyWebsockets = true;
- recommendedProxySettings = true;
- };
- };
-}
diff --git a/lass/2configs/services/git/default.nix b/lass/2configs/services/git/default.nix
deleted file mode 100644
index 2b68905ed..000000000
--- a/lass/2configs/services/git/default.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- imports = [
- ../../git.nix
- ];
- services.nginx.virtualHosts."cgit.lassul.us" = {
- enableACME = true;
- addSSL = true;
- locations = config.services.nginx.virtualHosts.cgit.locations;
- extraConfig = ''
- client_max_body_size 300M;
- client_body_timeout 2024;
- client_header_timeout 2024;
-
- fastcgi_buffers 16 512k;
- fastcgi_buffer_size 512k;
- fastcgi_read_timeout 500;
- fastcgi_send_timeout 500;
- '';
- };
-}
diff --git a/lass/2configs/services/git/proxy.nix b/lass/2configs/services/git/proxy.nix
deleted file mode 100644
index 9875898ea..000000000
--- a/lass/2configs/services/git/proxy.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, pkgs, ... }:
-{
- services.nginx.virtualHosts."cgit.lassul.us" = {
- forceSSL = true;
- enableACME = true;
- acmeFallbackHost = "orange.r";
- locations."/" = {
- proxyPass = "http://orange.r";
- proxyWebsockets = true;
- recommendedProxySettings = true;
- };
- extraConfig = ''
- client_max_body_size 300M;
- client_body_timeout 2024;
- client_header_timeout 2024;
-
- fastcgi_buffers 16 512k;
- fastcgi_buffer_size 512k;
- fastcgi_read_timeout 500;
- fastcgi_send_timeout 500;
- '';
- };
-}
diff --git a/lass/2configs/services/radio/container-host.nix b/lass/2configs/services/radio/container-host.nix
deleted file mode 100644
index de0ea9afe..000000000
--- a/lass/2configs/services/radio/container-host.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, pkgs, ... }:
-{
- krebs.sync-containers3.containers.radio = {
- sshKey = "${toString <secrets>}/radio.sync.key";
- };
- containers.radio = {
- bindMounts."/var/music" = {
- hostPath = "/var/music";
- isReadOnly = false;
- };
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
- ];
- krebs.htgen.radio-redirect = {
- port = 8000;
- scriptFile = pkgs.writers.writeDash "redir" ''
- printf 'HTTP/1.1 301 Moved Permanently\r\n'
- printf "Location: http://radio.lassul.us''${Request_URI}\r\n"
- printf '\r\n'
- '';
- };
-}
diff --git a/lass/2configs/services/radio/controls.html b/lass/2configs/services/radio/controls.html
deleted file mode 100644
index 858dc3656..000000000
--- a/lass/2configs/services/radio/controls.html
+++ /dev/null
@@ -1,83 +0,0 @@
-<!doctype html>
-
-<html lang="en">
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <title>The_Playlist Voting!</title>
-<style>
-#good {
- display: block;
- width: 100%;
- border: none;
- background-color: #04AA6D;
- padding: 14px;
- margin: 14px 0 0 0;
- height: 100px;
- font-size: 16px;
- cursor: pointer;
- text-align: center;
-}
-#bad {
- display: block;
- width: 100%;
- border: none;
- background-color: red;
- padding: 14px;
- height: 100px;
-
- margin: 14px 0 0 0;
- font-size: 16px;
- cursor: pointer;
- text-align: center;
-}
-</style>
-
-</head>
-
-<body>
- <div id=votenote></div>
- <button id=good type="button"> GUT </button>
-
- <button id=bad type="button"> SCHLECHT </button>
- <center>
- Currently Running: <br/><div>
- <b id=current></b>
- </div>
- <div id=vote>
- </div>
- <audio controls autoplay="autoplay">
- <source src="https://radio.lassul.us/radio.ogg" type="audio/ogg">
- Your browser does not support the audio element.
- </audio>
- </center>
-
- <script>
- document.getElementById("good").onclick=async ()=>{
- let result = await fetch("https://radio.lassul.us/good", {"method": "POST"})
- document.getElementById("vote").textContent = "Dieses Lied findest du gut"
- };
- document.getElementById("bad").onclick=async ()=>{
- let result = await fetch("https://radio.lassul.us/skip", {"method": "POST"})
- document.getElementById("vote").textContent = "Dieses Lied findest du schlecht"
- document.getElementById("bad").disabled = true
- window.setTimeout(function(){
- document.getElementById("bad").disabled = false
- }, 100000)
-
- };
-
- async function current() {
- let result = await fetch("https://radio.lassul.us/current", {"method": "GET"})
- let data = await result.json()
- document.getElementById("current").textContent = data.name
- }
- window.onload = function() {
- window.setInterval('current()', 10000)
- current()
- }
-
- </script>
-</body>
-</html>
diff --git a/lass/2configs/services/radio/default.nix b/lass/2configs/services/radio/default.nix
deleted file mode 100644
index 8dfca6fc1..000000000
--- a/lass/2configs/services/radio/default.nix
+++ /dev/null
@@ -1,348 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
- name = "radio";
-
- music_dir = "/var/music";
-
- skip_track = pkgs.writers.writeBashBin "skip_track" ''
- set -eu
-
- # TODO come up with new rating, without moving files
- # current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename)
- # track_infos=$(${print_current}/bin/print_current)
- # skip_count=$(${pkgs.attr}/bin/getfattr -n user.skip_count --only-values "$current_track" || echo 0)
- # if [[ "$current_track" =~ .*/the_playlist/music/.* ]] && [ "$skip_count" -le 2 ]; then
- # skip_count=$((skip_count+1))
- # ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$current_track"
- # echo skipping: "$track_infos" skip_count: "$skip_count"
- # else
- # mkdir -p "$music_dir"/the_playlist/.graveyard/
- # mv "$current_track" "$music_dir"/the_playlist/.graveyard/
- # echo killing: "$track_infos"
- # fi
- ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/skip |
- ${pkgs.jq}/bin/jq -r '.filename'
- '';
-
- good_track = pkgs.writeBashBin "good_track" ''
- set -eu
-
- current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename)
- track_infos=$(${print_current}/bin/print_current)
- # TODO come up with new rating, without moving files
- # if [[ "$current_track" =~ .*/the_playlist/music/.* ]]; then
- # ${pkgs.attr}/bin/setfattr -n user.skip_count -v 0 "$current_track"
- # else
- # mv "$current_track" "$music_dir"/the_playlist/music/ || :
- # fi
- echo good: "$track_infos"
- '';
-
- print_current = pkgs.writeDashBin "print_current" ''
- file=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current |
- ${pkgs.jq}/bin/jq -r '.filename' |
- ${pkgs.gnused}/bin/sed 's,^${music_dir},,'
- )
- link=$(${pkgs.curl}/bin/curl http://localhost:8002/current |
- ${pkgs.jq}/bin/jq -r '.filename' |
- ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@https://youtu.be/\1@'
- )
- echo "$file": "$link"
- '';
-
- set_irc_topic = pkgs.writeDash "set_irc_topic" ''
- ${pkgs.curl}/bin/curl -fsS --unix-socket /home/radio/reaktor.sock http://z/ \
- -H content-type:application/json \
- -d "$(${pkgs.jq}/bin/jq -n \
- --arg text "$1" '{
- command:"TOPIC",
- params:["#the_playlist",$text]
- }'
- )"
- '';
-
- write_to_irc = pkgs.writeDash "write_to_irc" ''
- ${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \
- -H content-type:application/json \
- -d "$(${pkgs.jq}/bin/jq -n \
- --arg text "$1" '{
- command:"PRIVMSG",
- params:["#the_playlist",$text]
- }'
- )"
- '';
-
-in {
- imports = [
- ./news.nix
- ./weather.nix
- ];
-
- users.users = {
- "${name}" = rec {
- inherit name;
- createHome = true;
- group = name;
- uid = pkgs.stockholm.lib.genid_uint31 name;
- description = "radio manager";
- home = "/home/${name}";
- useDefaultShell = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- lass.pubkey
- ];
- };
- };
-
- users.groups = {
- "radio" = {};
- };
-
- krebs.per-user.${name}.packages = with pkgs; [
- good_track
- skip_track
- print_current
- ];
-
-
- systemd.services.radio_watcher = {
- wantedBy = [ "multi-user.target" ];
- after = [ "radio.service" ];
- serviceConfig = {
- ExecStart = pkgs.writers.writeDash "radio_watcher" ''
- set -efux
- while :; do
- ${pkgs.curl}/bin/curl -Ss http://localhost:8000/radio.ogg -o /dev/null
- ${pkgs.systemd}/bin/systemctl restart radio
- sleep 60
- done
- '';
- Restart = "on-failure";
- };
- };
-
- services.liquidsoap.streams.radio = ./radio.liq;
- systemd.services.radio = {
- environment = {
- RADIO_PORT = "8002";
- HOOK_TRACK_CHANGE = pkgs.writers.writeDash "on_change" ''
- set -xefu
- LIMIT=1000 #how many tracks to keep in the history
- HISTORY_FILE=/var/lib/radio/recent
-
- listeners=$(${pkgs.curl}/bin/curl -fSs http://localhost:8000/status-json.xsl |
- ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add' || echo 0)
- echo "$(${pkgs.coreutils}/bin/date -Is)" "$filename" | ${pkgs.coreutils}/bin/tee -a "$HISTORY_FILE"
- echo "$(${pkgs.coreutils}/bin/tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
- ${set_irc_topic} "playing: $filename listeners: $listeners"
- '';
- MUSIC = "${music_dir}/the_playlist";
- ICECAST_HOST = "localhost";
- };
- path = [
- pkgs.yt-dlp
- pkgs.bubblewrap
- ];
- serviceConfig.User = lib.mkForce "radio";
- };
-
- nixpkgs.config.packageOverrides = opkgs: {
- icecast = opkgs.icecast.overrideAttrs (old: rec {
- version = "2.5-beta3";
-
- src = pkgs.fetchurl {
- url = "http://downloads.xiph.org/releases/icecast/icecast-${version}.tar.gz";
- sha256 = "sha256-4FDokoA9zBDYj8RAO/kuTHaZ6jZYBLSJZiX/IYFaCW8=";
- };
-
- buildInputs = old.buildInputs ++ [ pkgs.pkg-config ];
- });
- };
- services.icecast = {
- enable = true;
- hostname = "radio.lassul.us";
- admin.password = "hackme";
- extraConf = ''
- <authentication>
- <source-password>hackme</source-password>
- <admin-user>admin</admin-user>
- <admin-password>hackme</admin-password>
- </authentication>
- <logging>
- <accesslog>-</accesslog>
- <errorlog>-</errorlog>
- <loglevel>3</loglevel>
- </logging>
- '';
- };
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 8001"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 8002"; target = "ACCEPT"; }
- ];
- };
- };
-
- # allow reaktor2 to modify files
- systemd.services."reaktor2-the_playlist".serviceConfig.DynamicUser = lib.mkForce false;
- systemd.services."reaktor2-the_playlist".serviceConfig.Group = lib.mkForce "radio";
-
- krebs.reaktor2.the_playlist = {
- hostname = "irc.hackint.org";
- port = "6697";
- useTLS = true;
- nick = "the_playlist";
- username = "radio";
- API.listen = "unix:/home/radio/reaktor.sock";
- plugins = [
- {
- plugin = "register";
- config = {
- channels = [
- "#the_playlist"
- "#krebs"
- ];
- };
- }
- {
- plugin = "system";
- config = {
- workdir = config.krebs.reaktor2.the_playlist.stateDir;
- hooks.PRIVMSG = [
- {
- activate = "match";
- pattern = "^(?:.*\\s)?\\s*the_playlist:\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$";
- command = 1;
- arguments = [2];
- commands = {
- skip.filename = "${skip_track}/bin/skip_track";
- next.filename = "${skip_track}/bin/skip_track";
- bad.filename = "${skip_track}/bin/skip_track";
-
- good.filename = "${good_track}/bin/good_track";
- nice.filename = "${good_track}/bin/good_track";
- like.filename = "${good_track}/bin/good_track";
-
- current.filename = "${print_current}/bin/print_current";
- wish.filename = pkgs.writeDash "wish" ''
- echo "youtube-dl:$1" | ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish -d @- > /dev/null
- '';
- wishlist.filename = pkgs.writeDash "wishlist" ''
- ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish | ${pkgs.jq}/bin/jq -r '.[]'
- '';
- suggest.filename = pkgs.writeDash "suggest" ''
- echo "$@" >> playlist_suggest
- '';
- };
- }
- ];
- };
- }
- ];
- };
-
- krebs.htgen.radio = {
- port = 8001;
- user = {
- name = "radio";
- };
- scriptFile = pkgs.writeDash "radio" ''
- case "$Method $Request_URI" in
- "POST /skip")
- printf 'HTTP/1.1 200 OK\r\n'
- printf 'Connection: close\r\n'
- printf '\r\n'
- msg=$(${skip_track}/bin/skip_track)
- ${write_to_irc} "$msg"
- echo "$msg"
- exit
- ;;
- "POST /good")
- printf 'HTTP/1.1 200 OK\r\n'
- printf 'Connection: close\r\n'
- printf '\r\n'
- msg=$(${good_track}/bin/good_track)
- ${write_to_irc} "$msg"
- echo "$msg"
- exit
- ;;
- esac
- '';
- };
-
- networking.firewall.allowedTCPPorts = [ 80 ];
- services.nginx = {
- enable = true;
- virtualHosts."radio.r" = {
- locations."/".extraConfig = ''
- # https://github.com/aswild/icecast-notes#core-nginx-config
- proxy_pass http://localhost:8000;
- # Disable request size limit, very important for uploading large files
- client_max_body_size 0;
-
- # Enable support `Transfer-Encoding: chunked`
- chunked_transfer_encoding on;
-
- # Disable request and response buffering, minimize latency to/from Icecast
- proxy_buffering off;
- proxy_request_buffering off;
-
- # Icecast needs HTTP/1.1, not 1.0 or 2
- proxy_http_version 1.1;
-
- # Forward all original request headers
- proxy_pass_request_headers on;
-
- # Set some standard reverse proxy headers. Icecast server currently ignores these,
- # but may support them in a future version so that access logs are more useful.
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
-
- # get source ip for weather reports
- proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr";
- '';
- locations."= /recent".extraConfig = ''
- default_type "text/plain";
- alias /var/lib/radio/recent;
- '';
- locations."= /current".extraConfig = ''
- proxy_pass http://localhost:8002;
- '';
- locations."= /skip".extraConfig = ''
- proxy_pass http://localhost:8001;
- '';
- locations."= /good".extraConfig = ''
- proxy_pass http://localhost:8001;
- '';
- locations."= /radio.sh".alias = pkgs.writeScript "radio.sh" ''
- #!/bin/sh
- trap 'exit 0' EXIT
- while sleep 1; do
- mpv \
- --cache-secs=0 --demuxer-readahead-secs=0 --untimed --cache-pause=no \
- 'http://radio.lassul.us/radio.ogg'
- done
- '';
- locations."= /controls".extraConfig = ''
- default_type "text/html";
- alias ${./controls.html};
- '';
- extraConfig = ''
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- '';
- };
- };
- services.syncthing.declarative.folders."the_playlist" = {
- path = "/var/music/the_playlist";
- devices = [ "mors" "phone" "prism" "omo" "radio" ];
- };
- krebs.acl."/var/music/the_playlist"."u:syncthing:X".parents = true;
- krebs.acl."/var/music/the_playlist"."u:syncthing:rwX" = {};
- krebs.acl."/var/music/the_playlist"."u:radio:rwX" = {};
-}
diff --git a/lass/2configs/services/radio/news.nix b/lass/2configs/services/radio/news.nix
deleted file mode 100644
index cfd17e637..000000000
--- a/lass/2configs/services/radio/news.nix
+++ /dev/null
@@ -1,131 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-
- tts = pkgs.writers.writeBashBin "tts" ''
- set -efu
-
- offset=0
- OUTPUT=$(mktemp -d)
- trap 'rm -rf "$OUTPUT"' EXIT
- SPEAKER=$[ $RANDOM % 900 ]
- while read line; do
- echo "$line" |
- ${pkgs.piper-tts}/bin/piper \
- --model ${pkgs.fetchzip {
- url = "https://github.com/rhasspy/piper/releases/download/v0.0.2/voice-en-us-libritts-high.tar.gz";
- hash = "sha256-jCoK4p0O7BuF0nr6Sfj40tpivCvU5M3GHKQRg1tfIO8=";
- stripRoot = false;
- }}/en-us-libritts-high.onnx \
- -s "$SPEAKER" \
- -f "$OUTPUT"/"$offset".wav >/dev/null
-
- ((offset+=1))
- done
-
- ${pkgs.sox}/bin/sox "$OUTPUT"/*.wav "$OUTPUT"/all.wav
- cat "$OUTPUT"/all.wav
- '';
-
- send_to_radio = pkgs.writers.writeDashBin "send_to_radio" ''
- ${pkgs.vorbis-tools}/bin/oggenc - |
- ${pkgs.cyberlocker-tools}/bin/cput news.ogg
- ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/newsshow
- '';
-
- gc_news = pkgs.writers.writeDashBin "gc_news" ''
- set -xefu
- export TZ=UTC #workaround for jq parsing wrong timestamp
- ${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -cs 'map(select((.to|fromdateiso8601) > now)) | .[]' > $HOME/bla-news.tmp
- ${pkgs.coreutils}/bin/mv $HOME/bla-news.tmp $HOME/news
- '';
-
- get_current_news = pkgs.writers.writeDashBin "get_current_news" ''
- set -xefu
- export TZ=UTC #workaround for jq parsing wrong timestamp
- ${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -rs '
- sort_by(.priority) |
- map(select(
- ((.to | fromdateiso8601) > now) and
- (.from|fromdateiso8601) < now) |
- .text
- ) | .[]'
- '';
-
- newsshow = pkgs.writers.writeDashBin "newsshow" /* sh */ ''
- cat << EOF
- hello crabpeople!
- $(${pkgs.ddate}/bin/ddate +'Today is %{%A, the %e of %B%}, %Y. %N%nCelebrate %H')
- It is $(date --utc +%H) o clock UTC.
- todays news:
- $(get_current_news)
- $(gc_news)
- EOF
- '';
-in
-{
- systemd.services.newsshow = {
- path = [
- newsshow
- tts
- send_to_radio
- gc_news
- get_current_news
- pkgs.retry
- ];
- script = ''
- set -efu
- retry -t 5 -d 10 -- newsshow |
- retry -t 5 -d 10 -- tts |
- retry -t 5 -d 10 -- send_to_radio
- '';
- startAt = "*:00:00";
- serviceConfig = {
- User = "radio-news";
- };
- };
-
- services.nginx.virtualHosts."radio-news.r" = {
- locations."/" = {
- proxyPass = "http://localhost:7999";
- proxyWebsockets = true;
- extraConfig = ''
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- '';
- };
- };
- krebs.htgen.news = {
- port = 7999;
- user = {
- name = "radio-news";
- };
- script = ''. ${pkgs.writers.writeDash "htgen-news" ''
- set -xefu
- case "''${Method:-GET} $Request_URI" in
- "GET /")
- printf 'HTTP/1.1 200 OK\r\n'
- printf 'Connection: close\r\n'
- printf '\r\n'
- cat "$HOME"/news | jq -sc .
- exit
- ;;
- "POST /")
- payload=$(head -c "$req_content_length")
- printf '%s' "$payload" | jq 'has("from") and has("to") and has("text")' >&2
- printf '%s' "$payload" | jq -c '{ from: .from, to: .to, text: .text, priority: (.priority // 0)}' >> "$HOME"/news
- printf 'HTTP/1.1 200 OK\r\n'
- printf 'Connection: close\r\n'
- printf '\r\n'
- exit
- ;;
- esac
- ''}'';
- };
-
- # debug
- environment.systemPackages = [
- send_to_radio
- newsshow
- tts
- ];
-}
diff --git a/lass/2configs/services/radio/proxy.nix b/lass/2configs/services/radio/proxy.nix
deleted file mode 100644
index 49f8ade79..000000000
--- a/lass/2configs/services/radio/proxy.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, pkgs, ... }:
-{
- services.nginx.virtualHosts."radio.lassul.us" = {
- enableACME = true;
- addSSL = true;
- locations."/" = {
- # recommendedProxySettings = true;
- proxyWebsockets = true;
- proxyPass = "http://radio.r";
- extraConfig = ''
- proxy_set_header Host radio.r;
- # get source ip for weather reports
- proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr";
- '';
- };
- };
-}
diff --git a/lass/2configs/services/radio/radio.liq b/lass/2configs/services/radio/radio.liq
deleted file mode 100644
index 1366287a7..000000000
--- a/lass/2configs/services/radio/radio.liq
+++ /dev/null
@@ -1,112 +0,0 @@
-log.stdout.set(true)
-
-# use yt-dlp
-settings.protocol.youtube_dl.path.set("yt-dlp")
-
-## functions
-
-def stringify_attrs(attrs) =
- let json.stringify out = (attrs : [(string * string)] as json.object)
- out
-end
-
-def filter_music(req) =
- filename = request.filename(req)
- if string.match(pattern = '.*/\\.graveyard/.*', filename) then
- false
- else
- true
- end
-end
-
-def queue_contents(q) =
- list.map(fun (req) -> request.uri(req), q)
-end
-## main
-
-env = environment()
-port = string.to_int(env["RADIO_PORT"], default = 8000)
-
-all_music = playlist(env["MUSIC"], check_next = filter_music)
-wishlist = request.queue()
-tracks = fallback(track_sensitive = true, [wishlist, all_music])
-tracks = blank.eat(tracks)
-
-last_metadata = ref([])
-def on_metadata(m) =
- last_metadata := m
- print("changing tracks")
- out = process.read(env["HOOK_TRACK_CHANGE"], env = m, timeout = 5.0)
- print(out)
-end
-tracks.on_metadata(on_metadata)
-
-# some nice effects
-music = crossfade(tracks)
-music = mksafe(music)
-music = normalize(music)
-
-news = request.queue()
-radio = smooth_add(normal = music, special = amplify(1.5, news))
-
-if string.length(env["ICECAST_HOST"]) > 0 then
- output.icecast(host = env["ICECAST_HOST"], mount = '/music.ogg', password = 'hackme', %vorbis(quality = 1), music)
- output.icecast(host = env["ICECAST_HOST"], mount = '/music.mp3', password = 'hackme', %mp3.vbr(), music)
- output.icecast(host = env["ICECAST_HOST"], mount = '/music.opus', password = 'hackme', %opus(bitrate = 128), music)
-
- output.icecast(host = env["ICECAST_HOST"], mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), radio)
- output.icecast(host = env["ICECAST_HOST"], mount = '/radio.mp3', password = 'hackme', %mp3.vbr(), radio)
- output.icecast(host = env["ICECAST_HOST"], mount = '/radio.opus', password = 'hackme', %opus(bitrate = 128), radio)
-else
- output(fallible = true, buffer(radio))
-end
-
-interactive.harbor(port = port)
-
-def current(~protocol, ~headers, ~data, uri) =
- http.response(content_type = "application/json", data = stringify_attrs(
- !last_metadata
- ))
-end
-harbor.http.register("/current", port = port, current)
-
-def skip(~protocol, ~headers, ~data, uri) =
- tracks.skip()
- http.response(content_type = "application/json", data = stringify_attrs(
- !last_metadata
- ))
-end
-harbor.http.register("/skip", method = "POST", port = port, skip)
-
-def all_tracks(~protocol, ~headers, ~data, uri) =
- http.response(content_type = "application/json", data = json.stringify(
- all_music.remaining_files()
- ))
-end
-harbor.http.register("/all_tracks", port = port, all_tracks)
-
-def wish_track(~protocol, ~headers, ~data, uri) =
- # disallow process:
- if string.match(pattern = '^process:', data) then
- http.response(code = 400)
- else
- # TODO report errors back
- wish = request.create(data)
- wishlist.push(wish)
- http.response(content_type = "application/json", data = "ok")
- end
-end
-harbor.http.register("/wish", method = "POST", port = port, wish_track)
-
-def wish_tracklist(~protocol, ~headers, ~data, uri) =
- http.response(content_type = "application/json", data = json.stringify(
- queue_contents(wishlist.queue())
- ))
-end
-harbor.http.register("/wish", port = port, wish_tracklist)
-
-def newsshow(~protocol, ~headers, ~data, uri) =
- news.push(request.create("http://c.r/news.ogg"))
- http.response(content_type = "application/json", data = "ok")
-end
-harbor.http.register("/newsshow", method = "POST", port = port, newsshow)
diff --git a/lass/2configs/services/radio/shell.nix b/lass/2configs/services/radio/shell.nix
deleted file mode 100644
index 9d00e3b06..000000000
--- a/lass/2configs/services/radio/shell.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ pkgs ? import <nixpkgs> {} }:
-pkgs.mkShell {
- buildInputs = [
- pkgs.liquidsoap
- pkgs.yt-dlp
- ];
-}
diff --git a/lass/2configs/services/radio/weather.nix b/lass/2configs/services/radio/weather.nix
deleted file mode 100644
index dca8a7843..000000000
--- a/lass/2configs/services/radio/weather.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- weather_for_ips = pkgs.writers.writePython3Bin "weather_for_ips" {
- libraries = [ pkgs.python3Packages.geoip2 ];
- flakeIgnore = [ "E501" ];
- } ./weather_for_ips.py;
-
- weather_report = pkgs.writers.writeDashBin "weather_report" ''
- set -efux
- export PATH="${lib.makeBinPath [
- pkgs.coreutils
- pkgs.curl
- pkgs.jq
- ]}"
- curl -fSsz /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb
- MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB
- OPENWEATHER_API_KEY=$(cat "$CREDENTIALS_DIRECTORY/openweather_api"); export OPENWEATHER_API_KEY
- (
- curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.ogg'
- curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.mp3'
- curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.opus'
- ) | jq -rs '
- [
- .[][].source|values|to_entries[].value |
- (.listener//[]) [] |
- (.useragent | capture("client-ip=(?<ip>[a-f0-9.:]+)")).ip // .ip
- ] |
- unique[] |
- select(. != "127.0.0.1") |
- select(. != "::1")
- ' |
- ${weather_for_ips}/bin/weather_for_ips
- '';
-in {
- systemd.services.weather = {
- path = [
- weather_report
- pkgs.retry
- pkgs.jq
- pkgs.curl
- ];
- script = ''
- set -xefu
- retry -t 5 -d 10 -- weather_report |
- jq \
- --arg from "$(date -u +'%FT%TZ')" \
- --arg to "$(date -u +'%FT%TZ' -d '+1 hours')" \
- --slurp --raw-input --compact-output --ascii-output \
- '{text: ., from: $from, to: $to, priority: 100}' |
- retry -t 5 -d 10 -- curl -fSs -d@- http://radio-news.r
- '';
- startAt = "*:58:00";
- serviceConfig = {
- User = "radio-news";
- LoadCredential = [
- "openweather_api:${toString <secrets>}/openweather_api_key"
- ];
- };
- };
-}
diff --git a/lass/2configs/services/radio/weather_for_ips.py b/lass/2configs/services/radio/weather_for_ips.py
deleted file mode 100644
index c44c5e46a..000000000
--- a/lass/2configs/services/radio/weather_for_ips.py
+++ /dev/null
@@ -1,48 +0,0 @@
-import geoip2.database
-import fileinput
-import json
-import requests
-import os
-import random
-
-
-geoip = geoip2.database.Reader(os.environ['MAXMIND_GEOIP_DB'])
-seen = {}
-output = []
-for ip in fileinput.input():
- if "80.147.140.51" in ip:
- output.append(
- 'Weather report for c-base, space. '
- 'It is empty space outside '
- 'with a temperature of -270 degrees, '
- 'a lightspeed of 299792 kilometers per second '
- 'and a humidity of Not a Number percent. '
- f'The probability of reincarnation is {random.randrange(0, 100)} percent. '
- )
- else:
- try:
- location = geoip.city(ip.strip())
- if location.city.geoname_id not in seen:
- seen[location.city.geoname_id] = True
- weather_api_key = os.environ['OPENWEATHER_API_KEY']
- url = (
- f'https://api.openweathermap.org/data/2.5/onecall'
- f'?lat={location.location.latitude}'
- f'&lon={location.location.longitude}'
- f'&appid={weather_api_key}'
- f'&units=metric'
- )
- resp = requests.get(url)
- weather = json.loads(resp.text)
- output.append(
- f'Weather report for {location.city.name}, {location.country.name}. '
- f'It is {weather["current"]["weather"][0]["description"]} outside '
- f'with a temperature of {weather["current"]["temp"]:.1f} degrees, '
- f'a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second '
- f'and a humidity of {weather["current"]["humidity"]} percent. '
- f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. '
- )
- except: # noqa E722
- pass
-
-print('\n'.join(output))
diff --git a/lass/2configs/skype.nix b/lass/2configs/skype.nix
deleted file mode 100644
index a803df15b..000000000
--- a/lass/2configs/skype.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.mainUser;
- inherit (import <stockholm/lib>) genid;
-
-in {
- users.extraUsers = {
- skype = {
- name = "skype";
- uid = genid "skype";
- description = "user for running skype";
- home = "/home/skype";
- useDefaultShell = true;
- extraGroups = [ "audio" "video" ];
- createHome = true;
- };
- };
-
- krebs.per-user.skype.packages = [
- pkgs.skype
- ];
-
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(skype) NOPASSWD: ALL
- '';
-}
diff --git a/lass/2configs/smartd.nix b/lass/2configs/smartd.nix
deleted file mode 100644
index 859812bed..000000000
--- a/lass/2configs/smartd.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- services.smartd = {
- enable = true;
- devices = [
- {
- device = "DEVICESCAN";
- options = toString [
- "-a"
- "-m ${config.krebs.users.lass.mail}"
- "-s (O/../.././09|S/../.././04|L/../../6/05)"
- ];
- }
- ];
- };
-}
diff --git a/lass/2configs/snapclient.nix b/lass/2configs/snapclient.nix
deleted file mode 100644
index c20abdc3a..000000000
--- a/lass/2configs/snapclient.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- systemd.services.snapclient = {
- wantedBy = [ "multi-user.target" ];
- path = [ pkgs.snapcast ];
- script = "snapclient -h 10.42.0.1 --hostID ${config.networking.hostName}";
- serviceConfig = {
- DynamicUser = true;
- Group = "pipewire";
- };
- };
-}
diff --git a/lass/2configs/snapserver.nix b/lass/2configs/snapserver.nix
deleted file mode 100644
index 60aa97077..000000000
--- a/lass/2configs/snapserver.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- services.snapserver = {
- enable = true;
- # openFirewall = true;
- streams = {
- radio = {
- type = "process";
- location = pkgs.writers.writeDash "radio" ''
- exec ${pkgs.mpv}/bin/mpv http://radio.lassul.us/radio.ogg \
- --no-terminal \
- --audio-display=no \
- --audio-channels=stereo \
- --audio-samplerate=48000 \
- --audio-format=s16 \
- --ao=pcm \
- --ao-pcm-file=/dev/stdout
- '';
- };
- styx = {
- type = "pipe";
- location = "/run/snapserver/snapfifo";
- };
- };
- http.enable = true;
- };
-
- networking.firewall.interfaces.int0.allowedTCPPorts = [ 1704 1705 1780 ];
- networking.firewall.interfaces.retiolum.allowedTCPPorts = [ 1780 ];
-}
diff --git a/lass/2configs/ssh-cryptsetup.nix b/lass/2configs/ssh-cryptsetup.nix
deleted file mode 100644
index 0126c33b2..000000000
--- a/lass/2configs/ssh-cryptsetup.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, ... }:
-{
- boot.initrd = {
- network = {
- enable = true;
- ssh = {
- enable = true;
- authorizedKeys = with config.krebs.users; [
- config.krebs.users.lass.pubkey
- config.krebs.users.lass-blue.pubkey
- ];
- };
- };
- };
-}
diff --git a/lass/2configs/starcraft.nix b/lass/2configs/starcraft.nix
deleted file mode 100644
index c95a610e7..000000000
--- a/lass/2configs/starcraft.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, pkgs, ... }: let
- mainUser = config.users.extraUsers.mainUser;
-in {
- users.users= {
- starcraft = {
- isNormalUser = true;
- extraGroups = [
- "audio"
- "video"
- ];
- packages = [
- pkgs.wineWowPackages.minimal
- pkgs.winetricks
- pkgs.mpg123
- ];
- };
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(starcraft) NOPASSWD: ALL
- '';
-}
-
diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix
deleted file mode 100644
index 4f0df8ee3..000000000
--- a/lass/2configs/steam.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- #
- # Steam stuff
- # source: https://nixos.org/wiki/Talk:Steam
- #
- ##TODO: make steam module
- nixpkgs.config.steam.java = true;
- hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
-
- users.users.mainUser.packages = [ (pkgs.steam.override {
- extraPkgs = p: with p; [
- gnutls # needed for Halo MCC
- ];
- }) ];
-
- #ports for inhome streaming
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport 27031"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 27036"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 27031"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 27036"; target = "ACCEPT"; }
- ];
- };
- };
-}
diff --git a/lass/2configs/sync/decsync.nix b/lass/2configs/sync/decsync.nix
deleted file mode 100644
index 98479c7f5..000000000
--- a/lass/2configs/sync/decsync.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{
- services.syncthing.folders.decsync = {
- path = "/home/lass/decsync";
- devices = [ "mors" "blue" "green" "phone" "massulus" ];
- };
-
- krebs.acl."/home/lass/decsync"."u:syncthing:X".parents = true;
- krebs.acl."/home/lass/decsync"."u:syncthing:rwX" = {};
- krebs.acl."/home/lass/decsync"."u:lass:rwX" = {};
-}
diff --git a/lass/2configs/sync/sync.nix b/lass/2configs/sync/sync.nix
deleted file mode 100644
index 09f94378b..000000000
--- a/lass/2configs/sync/sync.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{
- services.syncthing.folders."/home/lass/sync" = {
- devices = [
- "mors"
- "xerxes"
- "green"
- "blue"
- "coaxmetal"
- "aergia"
- ];
- };
- krebs.acl."/home/lass/sync"."u:syncthing:X".parents = true;
- krebs.acl."/home/lass/sync"."u:syncthing:rwX" = {};
- krebs.acl."/home/lass/sync"."u:lass:rwX" = {};
-}
diff --git a/lass/2configs/sync/the_playlist.nix b/lass/2configs/sync/the_playlist.nix
deleted file mode 100644
index 233ca8fb7..000000000
--- a/lass/2configs/sync/the_playlist.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- services.syncthing.folders.the_playlist = {
- path = "/home/lass/tmp/the_playlist";
- devices = [ "mors" "phone" "prism" "omo" "radio" ];
- };
- krebs.acl."/home/lass/tmp/the_playlist"."u:syncthing:X".parents = true;
- krebs.acl."/home/lass/tmp/the_playlist"."u:syncthing:rwX" = {};
- krebs.acl."/home/lass/tmp/the_playlist"."u:lass:rwX" = {};
-}
diff --git a/lass/2configs/sync/weechat.nix b/lass/2configs/sync/weechat.nix
deleted file mode 100644
index b32015b84..000000000
--- a/lass/2configs/sync/weechat.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- services.syncthing.folders."/home/lass/.weechat".devices = [ "green" "mors" ];
- krebs.acl."/home/lass/.weechat"."u:syncthing:X".parents = true;
- krebs.acl."/home/lass/.weechat"."u:syncthing:rwX" = {};
- krebs.acl."/home/lass/.weechat"."u:lass:rwX" = {};
-}
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
deleted file mode 100644
index 7b8850681..000000000
--- a/lass/2configs/syncthing.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, pkgs, ... }: with import <stockholm/lib>;
-{
- imports = [ <stockholm/krebs/2configs/syncthing.nix> ];
- services.syncthing = {
- group = "syncthing";
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
- { predicate = "-p udp --dport 21027"; target = "ACCEPT";}
- ];
-
- system.activationScripts.syncthing-home = mkDefault ''
- ${pkgs.coreutils}/bin/chmod a+x /home/lass
- '';
-}
diff --git a/lass/2configs/termite.nix b/lass/2configs/termite.nix
deleted file mode 100644
index 245b89e9c..000000000
--- a/lass/2configs/termite.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-
-{
- environment.systemPackages = [
- pkgs.termite
- ];
-
- krebs.per-user.lass.packages = let
- termitecfg = pkgs.writeTextFile {
- name = "termite-config";
- destination = "/etc/xdg/termite/config";
- text = ''
- [colors]
- foreground = #d0d7d0
- background = #000000
- '';
- };
- in [
- termitecfg
- ];
-}
diff --git a/lass/2configs/tests/dummy-secrets/bepasty-secret.nix b/lass/2configs/tests/dummy-secrets/bepasty-secret.nix
deleted file mode 100644
index 6e08144d0..000000000
--- a/lass/2configs/tests/dummy-secrets/bepasty-secret.nix
+++ /dev/null
@@ -1 +0,0 @@
-"bla"
diff --git a/lass/2configs/tests/dummy-secrets/cbase.txt b/lass/2configs/tests/dummy-secrets/cbase.txt
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/cbase.txt
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/grafana_security.nix b/lass/2configs/tests/dummy-secrets/grafana_security.nix
deleted file mode 100644
index ef75d4e0f..000000000
--- a/lass/2configs/tests/dummy-secrets/grafana_security.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- adminUser = "bla";
- adminPassword = "blub";
-}
diff --git a/lass/2configs/tests/dummy-secrets/hashedPasswords.nix b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix
deleted file mode 100644
index 0967ef424..000000000
--- a/lass/2configs/tests/dummy-secrets/hashedPasswords.nix
+++ /dev/null
@@ -1 +0,0 @@
-{}
diff --git a/lass/2configs/tests/dummy-secrets/icecast-admin-pw b/lass/2configs/tests/dummy-secrets/icecast-admin-pw
deleted file mode 100644
index 16b542cee..000000000
--- a/lass/2configs/tests/dummy-secrets/icecast-admin-pw
+++ /dev/null
@@ -1 +0,0 @@
-"blabla"
diff --git a/lass/2configs/tests/dummy-secrets/icecast-source-pw b/lass/2configs/tests/dummy-secrets/icecast-source-pw
deleted file mode 100644
index 16b542cee..000000000
--- a/lass/2configs/tests/dummy-secrets/icecast-source-pw
+++ /dev/null
@@ -1 +0,0 @@
-"blabla"
diff --git a/lass/2configs/tests/dummy-secrets/initrd/ssh.ed25519_key b/lass/2configs/tests/dummy-secrets/initrd/ssh.ed25519_key
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/initrd/ssh.ed25519_key
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/iodinepw.nix b/lass/2configs/tests/dummy-secrets/iodinepw.nix
deleted file mode 100644
index f5e704702..000000000
--- a/lass/2configs/tests/dummy-secrets/iodinepw.nix
+++ /dev/null
@@ -1 +0,0 @@
-"derp"
diff --git a/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv
deleted file mode 100644
index 215a7fa0c..000000000
--- a/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-this is a private key
------END RSA PRIVATE KEY-----
diff --git a/lass/2configs/tests/dummy-secrets/mails.nix b/lass/2configs/tests/dummy-secrets/mails.nix
deleted file mode 100644
index fe51488c7..000000000
--- a/lass/2configs/tests/dummy-secrets/mails.nix
+++ /dev/null
@@ -1 +0,0 @@
-[]
diff --git a/lass/2configs/tests/dummy-secrets/mysql_rootPassword b/lass/2configs/tests/dummy-secrets/mysql_rootPassword
deleted file mode 100644
index 922a74472..000000000
--- a/lass/2configs/tests/dummy-secrets/mysql_rootPassword
+++ /dev/null
@@ -1 +0,0 @@
-blabla123
diff --git a/lass/2configs/tests/dummy-secrets/nix-serve.key b/lass/2configs/tests/dummy-secrets/nix-serve.key
deleted file mode 100644
index 91448ad2f..000000000
--- a/lass/2configs/tests/dummy-secrets/nix-serve.key
+++ /dev/null
@@ -1 +0,0 @@
-key-name:blabla123
diff --git a/lass/2configs/tests/dummy-secrets/nordvpn.txt b/lass/2configs/tests/dummy-secrets/nordvpn.txt
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/nordvpn.txt
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/repos.nix b/lass/2configs/tests/dummy-secrets/repos.nix
deleted file mode 100644
index eed712458..000000000
--- a/lass/2configs/tests/dummy-secrets/repos.nix
+++ /dev/null
@@ -1 +0,0 @@
-_: {}
diff --git a/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv
deleted file mode 100644
index 99a4033f6..000000000
--- a/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv
+++ /dev/null
@@ -1,4 +0,0 @@
-
------BEGIN RSA PRIVATE KEY-----
-this is a private key
------END RSA PRIVATE KEY-----
diff --git a/lass/2configs/tests/dummy-secrets/searx.key b/lass/2configs/tests/dummy-secrets/searx.key
deleted file mode 100644
index bd88e01cd..000000000
--- a/lass/2configs/tests/dummy-secrets/searx.key
+++ /dev/null
@@ -1 +0,0 @@
-yolo
diff --git a/lass/2configs/tests/dummy-secrets/ssh-tor.priv b/lass/2configs/tests/dummy-secrets/ssh-tor.priv
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/ssh-tor.priv
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519
deleted file mode 100644
index 5c12da0b3..000000000
--- a/lass/2configs/tests/dummy-secrets/ssh.id_ed25519
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-private key bla
------END OPENSSH PRIVATE KEY-----
diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_rsa b/lass/2configs/tests/dummy-secrets/ssh.id_rsa
deleted file mode 100644
index 885cf61f0..000000000
--- a/lass/2configs/tests/dummy-secrets/ssh.id_rsa
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-private key bla
------END RSA PRIVATE KEY-----
diff --git a/lass/2configs/tests/dummy-secrets/syncthing.cert b/lass/2configs/tests/dummy-secrets/syncthing.cert
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/syncthing.cert
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/syncthing.key b/lass/2configs/tests/dummy-secrets/syncthing.key
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/syncthing.key
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/torrent-auth b/lass/2configs/tests/dummy-secrets/torrent-auth
deleted file mode 100644
index f167e71f9..000000000
--- a/lass/2configs/tests/dummy-secrets/torrent-auth
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- x = "xxx";
-}
diff --git a/lass/2configs/tests/dummy-secrets/transmission-pw b/lass/2configs/tests/dummy-secrets/transmission-pw
deleted file mode 100644
index b71df1a2d..000000000
--- a/lass/2configs/tests/dummy-secrets/transmission-pw
+++ /dev/null
@@ -1 +0,0 @@
-"krebskrebs123"
diff --git a/lass/2configs/texlive.nix b/lass/2configs/texlive.nix
deleted file mode 100644
index fa20ef81f..000000000
--- a/lass/2configs/texlive.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ pkgs, ... }:
-
-{
- environment.systemPackages = with pkgs; [
- (texLiveAggregationFun { paths = [
- texLive
- texLiveExtra
- texLiveCMSuper
- texLiveModerncv
- ];})
- ];
-}
diff --git a/lass/2configs/themes.nix b/lass/2configs/themes.nix
deleted file mode 100644
index 60e2f7aec..000000000
--- a/lass/2configs/themes.nix
+++ /dev/null
@@ -1,75 +0,0 @@
-{ config, lib, pkgs, ... }: let
-
- switch-theme = pkgs.writers.writeDashBin "switch-theme" ''
- set -efux
- if [ "$1" = toggle ]; then
- if [ "$(${pkgs.coreutils}/bin/cat /var/theme/current_theme)" = dark ]; then
- ${placeholder "out"}/bin/switch-theme light
- else
- ${placeholder "out"}/bin/switch-theme dark
- fi
- elif test -e "/etc/themes/$1"; then
- ${pkgs.coreutils}/bin/mkdir -p /var/theme/config
- ${pkgs.rsync}/bin/rsync --chown=lass:users -a --delete "/etc/themes/$1/" /var/theme/config/
- echo "$1" > /var/theme/current_theme
- ${pkgs.coreutils}/bin/chown lass:users /var/theme/current_theme
- ${pkgs.xorg.xrdb}/bin/xrdb -merge /var/theme/config/xresources
- ${pkgs.procps}/bin/pkill -HUP xsettingsd
- ${pkgs.glib}/bin/gsettings set org.gnome.desktop.interface gtk-theme "$(cat /var/theme/config/gtk-theme)" || :
- else
- echo "theme $1 not found"
- fi
- '';
-
-in {
- systemd.services.xsettingsd = {
- wantedBy = [ "multi-user.target" ];
- after = [ "display-manager.service" ];
- environment.DISPLAY = ":0";
- serviceConfig = {
- ExecStart = "${pkgs.xsettingsd}/bin/xsettingsd -c /var/theme/config/xsettings.conf";
- User = "lass";
- Restart = "always";
- RestartSec = "15s";
- };
- };
- systemd.tmpfiles.rules = [
- "d /var/theme/ 755 lass users"
- ];
- environment.systemPackages = [
- switch-theme
- pkgs.dracula-theme
- pkgs.gnome3.adwaita-icon-theme
- ];
- environment.etc = {
- "themes/light/gtk-theme".text = ''
- Adwaita
- '';
- "themes/light/xsettings.conf".text = ''
- Net/ThemeName "Adwaita"
- '';
- "themes/light/xresources".text = ''
- *background: #ffffff
- *foreground: #000000
- '';
- "themes/dark/gtk-theme".text = ''
- Dracula
- '';
- "themes/dark/xsettings.conf".text = ''
- Net/ThemeName "Dracula"
- '';
- "themes/dark/xresources".text = ''
- *background: #000000
- *foreground: #ffffff
- '';
- };
- system.activationScripts.theme.text = ''
- export DISPLAY=:0
- if test -e /var/theme/current_theme; then
- ${switch-theme}/bin/switch-theme "$(cat /var/theme/current_theme)" ||
- ${switch-theme}/bin/switch-theme dark
- else
- ${switch-theme}/bin/switch-theme dark
- fi
- '';
-}
diff --git a/lass/2configs/tmux.nix b/lass/2configs/tmux.nix
deleted file mode 100644
index 10931365d..000000000
--- a/lass/2configs/tmux.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
-
-{
- environment.etc."tmux.conf".text = ''
- #prefix key to `
- set-option -g prefix2 `
-
- bind-key r source-file /etc/tmux.conf \; display-message "/etc/tmux.conf reloaded"
-
- set-option -g default-terminal screen-256color
-
- #use session instead of windows
- bind-key c new-session
- bind-key p switch-client -p
- bind-key n switch-client -n
- bind-key C-s switch-client -l
- '';
- nixpkgs.config.packageOverrides = super: {
- tmux = pkgs.symlinkJoin {
- name = "tmux";
- paths = [
- (pkgs.writeDashBin "tmux" ''
- exec ${super.tmux}/bin/tmux -f /etc/tmux.conf "$@"
- '')
- super.tmux
- ];
- };
- };
- environment.systemPackages = with pkgs; [
- tmux
- ];
-
- # programs.bash.interactiveShellInit = ''
- # if [[ "$TERM" != "linux" && -z "$TMUX" ]]; then
- # if [[ -n "$SSH_AUTH_SOCK" ]]; then
- # tmux set-environment -g SSH_AUTH_SOCK "$SSH_AUTH_SOCK" 2>/dev/null
- # fi
-
- # exec tmux -u
- # fi
- # if [[ "$__host__" != "$HOST" ]]; then
- # tmux set -g status-bg colour$(string_hash $HOST 255)
- # export __host__=$HOST
- # fi
- # '';
-}
diff --git a/lass/2configs/tor-initrd.nix b/lass/2configs/tor-initrd.nix
deleted file mode 100644
index 64e64b5b3..000000000
--- a/lass/2configs/tor-initrd.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{config, pkgs, ... }:
-## unlock command:
-# (pass admin/$host/root;echo) | torify ssh root@$(pass hosts/$host/initrd/hostname) 'cat > /crypt-ramfs/passphrase'
-{
- boot.initrd.network.enable = true;
- boot.initrd.network.ssh = {
- enable = true;
- port = 22;
- authorizedKeys = [
- config.krebs.users.lass.pubkey
- config.krebs.users.lass-mors.pubkey
- config.krebs.users.lass-green.pubkey
- ];
- hostKeys = [ <secrets/initrd/ssh.ed25519_key> ];
- };
- boot.initrd.availableKernelModules = [ "e1000e" ];
-
- boot.initrd.secrets = {
- "/etc/tor/onion/bootup" = <secrets/initrd>;
- };
-
- boot.initrd.extraUtilsCommands = ''
- copy_bin_and_libs ${pkgs.tor}/bin/tor
- '';
-
- # start tor during boot process
- boot.initrd.network.postCommands = let
- torRc = (pkgs.writeText "tor.rc" ''
- DataDirectory /etc/tor
- SOCKSPort 127.0.0.1:9050 IsolateDestAddr
- SOCKSPort 127.0.0.1:9063
- HiddenServiceDir /etc/tor/onion/bootup
- HiddenServicePort 22 127.0.0.1:22
- '');
- in ''
- echo "tor: preparing onion folder"
- # have to do this otherwise tor does not want to start
- chmod -R 700 /etc/tor
-
- echo "make sure localhost is up"
- ip a a 127.0.0.1/8 dev lo
- ip link set lo up
-
- echo "tor: starting tor"
- tor -f ${torRc} --verify-config
- tor -f ${torRc} &
- '';
-}
-
diff --git a/lass/2configs/tor-ssh.nix b/lass/2configs/tor-ssh.nix
deleted file mode 100644
index c727aa015..000000000
--- a/lass/2configs/tor-ssh.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{
- services.tor = {
- enable = true;
- relay.onionServices.ssh = {
- version = 3;
- map = [{
- port = 22;
- target.port = 22;
- }];
- secretKey = <secrets/ssh-tor.priv>;
- };
- controlSocket.enable = true;
- client.enable = true;
- };
-}
-
diff --git a/lass/2configs/tv.nix b/lass/2configs/tv.nix
deleted file mode 100644
index d49ed6125..000000000
--- a/lass/2configs/tv.nix
+++ /dev/null
@@ -1,194 +0,0 @@
-{ config, pkgs, ... }: with import <stockholm/lib>; let
-
-nginxCfg = pkgs.writeText "nginx.conf" ''
- daemon off;
- pid /var/lib/rtmp/nginx.pid;
- events {
- use epoll;
- worker_connections 128;
- }
- error_log stderr info;
-
- http {
- client_body_temp_path /var/lib/rtmp/nginx_cache_client_body;
- proxy_temp_path /var/lib/rtmp/nginx_cache_proxy;
- fastcgi_temp_path /var/lib/rtmp/nginx_cache_fastcgi;
- uwsgi_temp_path /var/lib/rtmp/nginx_cache_uwsgi;
- scgi_temp_path /var/lib/rtmp/nginx_cache_scgi;
-
- server {
- listen 8080;
- root /var/lib/rtmp;
- access_log stderr;
- error_log stderr;
-
- # This URL provides RTMP statistics in XML
- location /stat {
- rtmp_stat all;
- }
- }
- }
-
- rtmp {
- server {
- access_log stderr;
- listen 1935;
- ping 30s;
- notify_method get;
-
- application stream {
- live on;
-
- hls on;
- hls_path /var/lib/rtmp/tmp/hls;
- hls_fragment 1;
- hls_playlist_length 10;
-
- dash on;
- dash_path /var/lib/rtmp/tmp/dash;
- }
- }
- }
-'';
-
-in {
-
- services.nginx = {
- enable = true;
- virtualHosts."streaming.lassul.us" = {
- enableACME = true;
- addSSL = true;
- locations."/hls".extraConfig = ''
- # Serve HLS fragments
- types {
- application/vnd.apple.mpegurl m3u8;
- video/mp2t ts;
- }
- root /var/lib/rtmp/tmp;
-
- # Allow CORS preflight requests
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Max-Age' 1728000;
- add_header 'Content-Type' 'text/plain charset=UTF-8';
- add_header 'Content-Length' 0;
- return 204;
- }
-
- if ($request_method != 'OPTIONS') {
- add_header Cache-Control no-cache;
-
- # CORS setup
- add_header 'Access-Control-Allow-Origin' '*' always;
- add_header 'Access-Control-Expose-Headers' 'Content-Length';
- }
- '';
- locations."/dash".extraConfig = ''
- # Serve DASH fragments
- types {
- application/dash+xml mpd;
- video/mp4 mp4;
- }
- root /var/lib/rtmp/tmp;
-
- # Allow CORS preflight requests
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Max-Age' 1728000;
- add_header 'Content-Type' 'text/plain charset=UTF-8';
- add_header 'Content-Length' 0;
- return 204;
- }
- if ($request_method != 'OPTIONS') {
- add_header Cache-Control no-cache;
-
- # CORS setup
- add_header 'Access-Control-Allow-Origin' '*' always;
- add_header 'Access-Control-Expose-Headers' 'Content-Length';
- }
- '';
- locations."= /dash.all.min.js".extraConfig = ''
- default_type "text/javascript";
- alias ${pkgs.fetchurl {
- url = "http://cdn.dashjs.org/v3.2.0/dash.all.min.js";
- sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c";
- }};
- '';
- locations."= /player".extraConfig = ''
- default_type "text/html";
- alias ${pkgs.writeText "player.html" ''
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="utf-8">
- <title>lassulus livestream</title>
- </head>
- <body>
- <div>
- <video id="player" controls></video>
- </video>
- </div>
- <script src="/dash.all.min.js"></script>
- <script>
- (function(){
- var url = "/dash/nixos.mpd";
- var player = dashjs.MediaPlayer().create();
- player.initialize(document.querySelector("#player"), url, true);
- })();
- </script>
- </body>
- </html>
- ''};
- '';
- locations."/records".extraConfig = ''
- autoindex on;
- root /var/lib/rtmp;
- '';
- };
- };
-
- fileSystems."/var/lib/rtmp/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = [ "nosuid" "nodev" "noatime" ];
- };
-
- users.users.rtmp = {
- home = "/var/lib/rtmp";
- uid = genid_uint31 "rtmp";
- isNormalUser = true;
- createHome = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- mic92.pubkey
- palo.pubkey
- ];
- };
-
- systemd.services.nginx-rtmp = {
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
- restartIfChanged = true;
- script = ''
- ${pkgs.nginx.override {
- modules = [
- pkgs.nginxModules.rtmp
- ];
- }}/bin/nginx -c ${nginxCfg} -p /var/lib/rtmp
- '';
- serviceConfig = {
- ExecStartPre = pkgs.writers.writeDash "setup-rtmp" ''
- mkdir -p /var/lib/rtmp/tmp/hls
- mkdir -p /var/lib/rtmp/tmp/dash
- chown rtmp:users /var/lib/rtmp/tmp/hls
- chown rtmp:users /var/lib/rtmp/tmp/dash
- chmod 755 /var/lib/rtmp/tmp/hls
- chmod 755 /var/lib/rtmp/tmp/dash
- '';
- User = "rtmp";
- };
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 1935"; target = "ACCEPT"; }
- ];
-}
diff --git a/lass/2configs/ubik-host.nix b/lass/2configs/ubik-host.nix
deleted file mode 100644
index a4ad5e55e..000000000
--- a/lass/2configs/ubik-host.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, pkgs, ... }:
-{
- krebs.sync-containers3.containers.ubik = {
- sshKey = "${toString <secrets>}/ubik.sync.key";
- };
- containers.ubik.bindMounts."/var/lib" = {
- hostPath = "/var/lib/sync-containers3/ubik/state";
- isReadOnly = false;
- };
- containers.ubik.bindMounts."/var/lib/nextcloud/data" = {
- hostPath = "/var/ubik";
- isReadOnly = false;
- };
- services.nginx.virtualHosts."c.apanowicz.de" = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- recommendedProxySettings = true;
- proxyWebsockets = true;
- proxyPass = "http://ubik.r";
- extraConfig = ''
- client_max_body_size 9001M;
- '';
- };
- };
-}
diff --git a/lass/2configs/urxvt.nix b/lass/2configs/urxvt.nix
deleted file mode 100644
index 7dd59e0c3..000000000
--- a/lass/2configs/urxvt.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-
-{
- services.urxvtd.enable = true;
-
- krebs.xresources.resources.urxvt = ''
- URxvt.saveLines: 10000
- URxvt.scrollBar: false
- URxvt.urgentOnBell: true
- URxvt.perl-ext: default,matcher
-
- URxvt.url-launcher: /run/current-system/sw/bin/browser-select
- URxvt.matcher.pattern.1: \\bwww\\.[\\w-]+\\.[\\w./?&@#-]*[\\w/-]
-
- URxvt.keysym.M-Escape: perl:keyboard-select:activate
- URxvt.keysym.M-s: perl:keyboard-select:search
- URxvt.keysym.M-u: matcher:select
- URxvt.keysym.M-i: matcher:list
-
- URxvt.keysym.M-F1: command:\033]710;${config.lass.fonts.regular}\007\033]711;${config.lass.fonts.bold}\007
- URxvt.keysym.M-F2: command:\033]710;xft:Monospace:size=12\007\033]711;xft:Monospace:size=15:bold\007
- URxvt.keysym.M-F3: command:\033]710;xft:Monospace:size=18\007\033]711;xft:Monospace:size=20:bold\007
- URxvt.keysym.M-F4: command:\033]710;xft:Monospace:size=25\007\033]711;xft:Monospace:size=25:bold\007
- URxvt.keysym.M-F5: command:\033]710;xft:Monospace:size=30\007\033]711;xft:Monospace:size=30:bold\007
-
- URxvt.intensityStyles: false
-
- URxvt*background: #000000
- URxvt*foreground: #ffffff
-
- !change unreadable blue
- URxvt*color4: #268bd2
-
- URxvt*color0: #232342
- '';
-}
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
deleted file mode 100644
index efe6a739c..000000000
--- a/lass/2configs/vim.nix
+++ /dev/null
@@ -1,349 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- out = {
- environment.systemPackages = [
- (lib.hiPrio vim)
- ];
-
- environment.etc.vimrc.source = vimrc;
- environment.etc.vim.source = vim;
-
- environment.variables.EDITOR = lib.mkForce "vim";
- environment.variables.VIMINIT = ":so /etc/vimrc";
- };
-
- vimrc = pkgs.writeText "vimrc" ''
- set nocompatible
-
- set autoindent
- set backspace=indent,eol,start
- set backup
- set backupdir=${dirs.backupdir}/
- set directory=${dirs.swapdir}//
- set list listchars=tab:⇥\ ,extends:❯,precedes:❮,nbsp:␣,trail:· showbreak=¬
- set hlsearch
- set incsearch
- set ttymouse=sgr
- set mouse=a
- set ruler
- set pastetoggle=<INS>
- set runtimepath=${extra-runtimepath},$VIMRUNTIME
- set shortmess+=I
- set showcmd
- set showmatch
- set ttimeoutlen=0
- set undodir=${dirs.undodir}
- set undofile
- set undolevels=1000000
- set undoreload=1000000
- set viminfo='20,<1000,s100,h,n${files.viminfo}
- set visualbell
- set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
- set wildmenu
- set wildmode=longest,full
-
- " enable better-whitespace
- let g:better_whitespace_enabled=1
-
- set title
- set titleold=
- set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
-
- set et ts=2 sts=2 sw=2
-
- filetype plugin indent on
-
- set t_Co=256
- colorscheme dim
- syntax on
-
- au Syntax * syn match Garbage containedin=ALL /\s\+$/
- \ | syn match TabStop containedin=ALL /\t\+/
- \ | syn keyword Todo containedin=ALL TODO
- \ | syn match NBSP '\%xa0'
- \ | syn match NarrowNBSP '\%u202F'
-
- au BufRead,BufNewFile *.hs so ${hs.vim}
-
- au BufRead,BufNewFile *.nix so ${nix.vim}
-
- au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
-
- nnoremap <F5> :call LanguageClient_contextMenu()<CR>
- set hidden
- let g:LanguageClient_serverCommands = {
- \ 'python': ['pyls'],
- \ 'go': ['~/go/bin/go-langserver']
- \ }
-
- let g:LanguageClient_diagnosticsDisplay = {
- \ 1: { "signText": "E" },
- \ 2: { "signText": "W" }
- \ }
-
- nmap <esc>q :buffer
- nmap <M-q> :buffer
-
- cnoremap <C-A> <Home>
-
- noremap <C-c> :q<cr>
- vnoremap < <gv
- vnoremap > >gv
-
- nnoremap <esc>[5^ :tabp<cr>
- nnoremap <esc>[6^ :tabn<cr>
- nnoremap <esc>[5@ :tabm -1<cr>
- nnoremap <esc>[6@ :tabm +1<cr>
-
- nnoremap <f1> :tabp<cr>
- nnoremap <f2> :tabn<cr>
- inoremap <f1> <esc>:tabp<cr>
- inoremap <f2> <esc>:tabn<cr>
-
- " <C-{Up,Down,Right,Left>
- noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
- noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
- noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
- noremap <esc>Od <nop> | noremap! <esc>Od <nop>
- " <[C]S-{Up,Down,Right,Left>
- noremap <esc>[a <nop> | noremap! <esc>[a <nop>
- noremap <esc>[b <nop> | noremap! <esc>[b <nop>
- noremap <esc>[c <nop> | noremap! <esc>[c <nop>
- noremap <esc>[d <nop> | noremap! <esc>[d <nop>
-
- " search with ack
- let g:ackprg = 'ag --vimgrep'
- cnoreabbrev Ack Ack!
-
- " copy/paste from/to xclipboard
- set clipboard=unnamedplus
-
- " use fzf to switch files
- nnoremap <C-p> :FZF<CR>
- nnoremap <C-l> :Rg<CR>
- let g:fzf_layout = { 'down': '~15%' }
- '';
-
- extra-runtimepath = lib.concatMapStringsSep "," (pkg: "${pkg.rtp}") [
- pkgs.vimPlugins.copilot-vim
- pkgs.vimPlugins.undotree
- pkgs.vimPlugins.fzf-vim
- pkgs.vimPlugins.fzfWrapper
- pkgs.vimPlugins.vim-better-whitespace
- (pkgs.vimUtils.buildVimPlugin {
- name = "file-line-1.0";
- src = pkgs.fetchFromGitHub {
- owner = "bogado";
- repo = "file-line";
- rev = "1.0";
- sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
- };
- })
- (pkgs.vimUtils.buildVimPlugin {
- name = "vim-dim-1.1.0";
- src = pkgs.fetchFromGitHub {
- owner = "jeffkreeftmeijer";
- repo = "vim-dim";
- rev = "1.1.0";
- sha256 = "sha256-lyTZUgqUEEJRrzGo1FD8/t8KBioPrtB3MmGvPeEVI/g=";
- };
- })
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "showsyntax";
- in {
- name = "vim-plugin-${name}-1.0.0";
- destination = "/plugin/${name}.vim";
- text = /* vim */ ''
- if exists('g:loaded_showsyntax')
- finish
- endif
- let g:loaded_showsyntax = 0
-
- fu! ShowSyntax()
- let id = synID(line("."), col("."), 1)
- let name = synIDattr(id, "name")
- let transName = synIDattr(synIDtrans(id),"name")
- if name != transName
- let name .= " (" . transName . ")"
- endif
- echo "Syntax: " . name
- endfu
-
- command! -n=0 -bar ShowSyntax :call ShowSyntax()
- '';
- })))
- ];
-
- dirs = {
- backupdir = "$HOME/.cache/vim/backup";
- swapdir = "$HOME/.cache/vim/swap";
- undodir = "$HOME/.cache/vim/undo";
- };
- files = {
- viminfo = "$HOME/.cache/vim/info";
- };
-
- mkdirs = let
- dirOf = s: let out = lib.concatStringsSep "/" (lib.init (lib.splitString "/" s));
- in assert out != ""; out;
- alldirs = lib.attrValues dirs ++ map dirOf (lib.attrValues files);
- in lib.unique (lib.sort lib.lessThan alldirs);
-
- vim = pkgs.symlinkJoin {
- name = "vim";
- paths = [
- (pkgs.writers.writeDashBin "vim" ''
- set -efu
- export PATH=$PATH:${lib.makeBinPath [
- pkgs.nodejs
- ]}
- (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
- exec ${pkgs.vim}/bin/vim "$@"
- '')
- pkgs.vim
- ];
- };
-
- hs.vim = pkgs.writeText "hs.vim" ''
- syn region String start=+\[[[:alnum:]]*|+ end=+|]+
-
- hi link ConId Identifier
- hi link VarId Identifier
- hi link hsDelimiter Delimiter
- '';
-
- nix.vim = pkgs.writeText "nix.vim" ''
- setf nix
-
- " Ref <nix/src/libexpr/lexer.l>
- syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
- syn match NixINT /\<[0-9]\+\>/
- syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
- syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
- syn region NixSTRING
- \ matchgroup=NixSTRING
- \ start='"'
- \ skip='\\"'
- \ end='"'
- syn region NixIND_STRING
- \ matchgroup=NixIND_STRING
- \ start="'''"
- \ skip="'''\('\|[$]\|\\[nrt]\)"
- \ end="'''"
-
- syn match NixOther /[():/;=.,?\[\]]/
-
- syn match NixCommentMatch /\(^\|\s\)#.*/
- syn region NixCommentRegion start="/\*" end="\*/"
-
- hi link NixCode Statement
- hi link NixData Constant
- hi link NixComment Comment
-
- hi link NixCommentMatch NixComment
- hi link NixCommentRegion NixComment
- hi link NixID NixCode
- hi link NixINT NixData
- hi link NixPATH NixData
- hi link NixHPATH NixData
- hi link NixSPATH NixData
- hi link NixURI NixData
- hi link NixSTRING NixData
- hi link NixIND_STRING NixData
-
- hi link NixEnter NixCode
- hi link NixOther NixCode
- hi link NixQuote NixData
-
- syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
- syn cluster nix_ind_strings contains=NixIND_STRING
- syn cluster nix_strings contains=NixSTRING
-
- ${lib.concatStringsSep "\n" (lib.mapAttrsToList (lang: { extraStart ? null }: let
- startAlts = lib.filter lib.isString [
- ''/\* ${lang} \*/''
- extraStart
- ];
- sigil = ''\(${lib.concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
- in /* vim */ ''
- syn include @nix_${lang}_syntax syntax/${lang}.vim
- unlet b:current_syntax
-
- syn match nix_${lang}_sigil
- \ X${lib.replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
- \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
- \ transparent
-
- syn region nix_${lang}_region_STRING
- \ matchgroup=NixSTRING
- \ start='"'
- \ skip='\\"'
- \ end='"'
- \ contained
- \ contains=@nix_${lang}_syntax
- \ transparent
-
- syn region nix_${lang}_region_IND_STRING
- \ matchgroup=NixIND_STRING
- \ start="'''"
- \ skip="'''\('\|[$]\|\\[nrt]\)"
- \ end="'''"
- \ contained
- \ contains=@nix_${lang}_syntax
- \ transparent
-
- syn cluster nix_ind_strings
- \ add=nix_${lang}_region_IND_STRING
-
- syn cluster nix_strings
- \ add=nix_${lang}_region_STRING
-
- syn cluster nix_has_dollar_curly
- \ add=@nix_${lang}_syntax
- '') {
- c = {};
- cabal = {};
- haskell = {};
- sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
- vim.extraStart =
- ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
- })}
-
- " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
- syn clear shVarAssign
-
- syn region nixINSIDE_DOLLAR_CURLY
- \ matchgroup=NixEnter
- \ start="[$]{"
- \ end="}"
- \ contains=TOP
- \ containedin=@nix_has_dollar_curly
- \ transparent
-
- syn region nix_inside_curly
- \ matchgroup=NixEnter
- \ start="{"
- \ end="}"
- \ contains=TOP
- \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
- \ transparent
-
- syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
- \ containedin=@nix_ind_strings
- \ contained
-
- syn match NixQuote /\\./he=s+1
- \ containedin=@nix_strings
- \ contained
-
- syn sync fromstart
-
- let b:current_syntax = "nix"
-
- set isk=@,48-57,_,192-255,-,'
- '';
-in
-out
diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix
deleted file mode 100644
index cd270bdf8..000000000
--- a/lass/2configs/virtualbox.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.mainUser;
-
-in {
- #services.virtualboxHost.enable = true;
- virtualisation.virtualbox.host.enable = true;
- virtualisation.virtualbox.host.enableHardening = false;
-
- users.extraUsers = {
- virtual = {
- name = "virtual";
- description = "user for running VirtualBox";
- home = "/home/virtual";
- useDefaultShell = true;
- extraGroups = [ "vboxusers" "audio" "video" ];
- createHome = true;
- };
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(virtual) NOPASSWD: ALL
- '';
-}
diff --git a/lass/2configs/websites/default.nix b/lass/2configs/websites/default.nix
deleted file mode 100644
index f74845a56..000000000
--- a/lass/2configs/websites/default.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, lib, ... }:
-
-{
- services.nginx = {
- enable = true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedTlsSettings = true;
-
- enableReload = true;
-
- virtualHosts.default = {
- locations."= /etc/os-release".extraConfig = ''
- default_type text/plain;
- alias /etc/os-release;
- '';
- };
- };
-}
-
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
deleted file mode 100644
index 71f7f8111..000000000
--- a/lass/2configs/websites/domsen.nix
+++ /dev/null
@@ -1,454 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
-
- inherit (import <stockholm/lib>)
- genid
- genid_uint31
- ;
- inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
- servePage
- serveOwncloud
- serveWordpress;
-
- msmtprc = pkgs.writeText "msmtprc" ''
- account localhost
- host localhost
- account default: localhost
- '';
-
- sendmail = pkgs.writeDash "msmtp" ''
- exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
- '';
-
-in {
- imports = [
- ./default.nix
- ./sqlBackup.nix
- (servePage [ "aldonasiech.com" "www.aldonasiech.com" ])
- (servePage [ "apanowicz.de" "www.apanowicz.de" ])
- (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
- (servePage [ "illustra.de" "www.illustra.de" ])
- (servePage [ "event-extra.de" "www.event-extra.de" ])
- # (servePage [ "nirwanabluete.de" "www.nirwanabluete.de" ])
- (servePage [ "familienrat-hamburg.de" "www.familienrat-hamburg.de" ])
- (servePage [ "karlaskop.de" ])
- (servePage [
- "freemonkey.art"
- "www.freemonkey.art"
- ])
- (serveOwncloud [ "o.ubikmedia.de" ])
- (serveWordpress [
- "ubikmedia.de"
- "ubikmedia.eu"
- "youthtube.xyz"
- "joemisch.com"
- "weirdwednesday.de"
- "jarugadesign.de"
- "beesmooth.ch"
-
- "www.ubikmedia.eu"
- "www.youthtube.xyz"
- "www.ubikmedia.de"
- "www.joemisch.com"
- "www.weirdwednesday.de"
- "www.jarugadesign.de"
- "www.beesmooth.ch"
-
- "aldona2.ubikmedia.de"
- "cinevita.ubikmedia.de"
- "factscloud.ubikmedia.de"
- "illucloud.ubikmedia.de"
- "joemisch.ubikmedia.de"
- "nb.ubikmedia.de"
- "youthtube.ubikmedia.de"
- "weirdwednesday.ubikmedia.de"
- "freemonkey.ubikmedia.de"
- "jarugadesign.ubikmedia.de"
- "crypto4art.ubikmedia.de"
- "jarugadesign.ubikmedia.de"
- "beesmooth.ubikmedia.de"
- ])
- ];
-
- # https://github.com/nextcloud/server/issues/25436
- services.mysql.settings.mysqld.innodb_read_only_compressed = 0;
-
- services.mysql.ensureDatabases = [ "ubikmedia_de" "o_ubikmedia_de" ];
- services.mysql.ensureUsers = [
- { ensurePermissions = { "ubikmedia_de.*" = "ALL"; }; name = "nginx"; }
- { ensurePermissions = { "o_ubikmedia_de.*" = "ALL"; }; name = "nginx"; }
- ];
-
- services.nginx.virtualHosts."ubikmedia.de".locations."/piwika".extraConfig = ''
- try_files $uri $uri/ /index.php?$args;
- '';
-
- lass.mysqlBackup.config.all.databases = [
- "ubikmedia_de"
- "o_ubikmedia_de"
- ];
-
- services.phpfpm.phpOptions = ''
- sendmail_path = ${sendmail} -t
- upload_max_filesize = 100M
- post_max_size = 100M
- file_uploads = on
- '';
-
- systemd.services.nextcloud-setup.after = [ "secret-nextcloud_pw.service" ];
- krebs.secret.files.nextcloud_pw = {
- path = "/run/nextcloud.pw";
- owner.name = "nextcloud";
- group-name = "nextcloud";
- source-path = toString <secrets> + "/nextcloud_pw";
- };
- services.nextcloud = {
- enable = true;
- enableBrokenCiphersForSSE = false;
- hostName = "o.xanf.org";
- package = pkgs.nextcloud25;
- config = {
- adminpassFile = "/run/nextcloud.pw";
- overwriteProtocol = "https";
- };
- https = true;
- };
- services.nginx.virtualHosts."o.xanf.org" = {
- enableACME = true;
- forceSSL = true;
- };
-
- # MAIL STUFF
- # TODO: make into its own module
-
- services.roundcube = {
- enable = true;
- hostName = "mail.lassul.us";
- extraConfig = ''
- $config['smtp_debug'] = true;
- $config['smtp_host'] = "localhost:25";
- '';
- };
- services.dovecot2 = {
- enable = true;
- showPAMFailure = true;
- mailLocation = "maildir:~/Mail";
- sslServerCert = "/var/lib/acme/lassul.us/fullchain.pem";
- sslServerKey = "/var/lib/acme/lassul.us/key.pem";
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport pop3s"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport imaps"; target = "ACCEPT"; }
- ];
-
- environment.systemPackages = [
- (pkgs.writers.writeDashBin "debug_exim" ''
- set -ef
- export PATH="${lib.makeBinPath [ pkgs.coreutils ]}"
- echo "$@" >> /tmp/xxx
- /run/wrappers/bin/shadow_verify_arg "${config.lass.usershadow.pattern}" "$2" "$3" 2>>/tmp/xxx1
- echo "ok" >> /tmp/yyy
- exit 23
- '')
- ];
-
- krebs.exim-smarthost = {
- authenticators.PLAIN = ''
- driver = plaintext
- public_name = PLAIN
- server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
- '';
- authenticators.LOGIN = ''
- driver = plaintext
- public_name = LOGIN
- server_prompts = "Username:: : Password::"
- server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
- # server_condition = ''${run{/run/current-system/sw/bin/debug_exim ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
- '';
- internet-aliases = [
- { from = "dma@ubikmedia.de"; to = "domsen"; }
- { from = "dma@ubikmedia.eu"; to = "domsen"; }
- { from = "mail@habsys.de"; to = "domsen"; }
- { from = "mail@habsys.eu"; to = "domsen"; }
- { from = "hallo@apanowicz.de"; to = "domsen"; }
- { from = "bruno@apanowicz.de"; to = "bruno"; }
- { from = "mail@jla-trading.com"; to = "jla-trading"; }
- { from = "jms@ubikmedia.eu"; to = "jms"; }
- { from = "ms@ubikmedia.eu"; to = "ms"; }
- { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
- { from = "kontakt@alewis.de"; to ="klabusterbeere"; }
- { from = "hallo@jarugadesign.de"; to ="kasia"; }
- { from = "noreply@beeshmooth.ch"; to ="besmooth@gmx.ch"; }
-
- { from = "testuser@lassul.us"; to = "testuser"; }
- { from = "testuser@ubikmedia.eu"; to = "testuser"; }
- ];
- sender_domains = [
- "jla-trading.com"
- "ubikmedia.eu"
- "ubikmedia.de"
- "apanowicz.de"
- "alewis.de"
- "jarugadesign.de"
- "beesmooth.ch"
- "event-extra.de"
- ];
- dkim = [
- { domain = "ubikmedia.eu"; }
- { domain = "apanowicz.de"; }
- { domain = "beesmooth.ch"; }
- ];
- };
- services.borgbackup.jobs.hetzner.paths = [
- "/home/xanf"
- "/home/domsen"
- "/home/bruno"
- "/home/jla-trading"
- "/home/jms"
- "/home/ms"
- "/home/bui"
- "/home/klabusterbeere"
- "/home/akayguen"
- "/home/kasia"
- "/home/dif"
- "/home/lavafilms"
- "/home/movematchers"
- "/home/blackphoton"
- "/home/avada"
- "/home/sts"
- "/home/familienrat"
- ];
- users.users.UBIK-SFTP = {
- uid = genid_uint31 "UBIK-SFTP";
- home = "/home/UBIK-SFTP";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.xanf = {
- uid = genid_uint31 "xanf";
- group = "xanf";
- home = "/home/xanf";
- useDefaultShell = true;
- createHome = false; # creathome forces permissions
- isNormalUser = true;
- };
-
- users.users.domsen = {
- uid = genid_uint31 "domsen";
- description = "maintenance acc for domsen";
- home = "/home/domsen";
- useDefaultShell = true;
- extraGroups = [ "syncthing" "download" "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.bruno = {
- uid = genid_uint31 "bruno";
- home = "/home/bruno";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.jla-trading = {
- uid = genid_uint31 "jla-trading";
- home = "/home/jla-trading";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.jms = {
- uid = genid_uint31 "jms";
- home = "/home/jms";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.ms = {
- uid = genid_uint31 "ms";
- home = "/home/ms";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.testuser = {
- uid = genid_uint31 "testuser";
- home = "/home/testuser";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- #users.users.akayguen = {
- # uid = genid_uint31 "akayguen";
- # home = "/home/akayguen";
- # useDefaultShell = true;
- # createHome = true;
- # isNormalUser = true;
- #};
-
- users.users.bui = {
- uid = genid_uint31 "bui";
- home = "/home/bui";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.klabusterbeere = {
- uid = genid_uint31 "klabusterbeere";
- home = "/home/klabusterbeere";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.kasia = {
- uid = genid_uint31 "kasia";
- home = "/home/kasia";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.XANF_TEAM = {
- uid = genid_uint31 "XANF_TEAM";
- group = "xanf";
- home = "/home/XANF_TEAM";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.dif = {
- uid = genid_uint31 "dif";
- home = "/home/dif";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.lavafilms = {
- uid = genid_uint31 "lavafilms";
- home = "/home/lavafilms";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.movematchers = {
- uid = genid_uint31 "movematchers";
- home = "/home/movematchers";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.blackphoton = {
- uid = genid_uint31 "blackphoton";
- home = "/home/blackphoton";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.line = {
- uid = genid_uint31 "line";
- home = "/home/line";
- useDefaultShell = true;
- # extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.avada = {
- uid = genid_uint31 "avada";
- home = "/home/avada";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.sts = {
- uid = genid_uint31 "sts";
- home = "/home/sts";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.familienrat = {
- uid = genid_uint31 "familienrat";
- home = "/home/familienrat";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- krebs.acl."/srv/http/familienrat-hamburg.de"."u:familienrat:rwX" = {};
- krebs.acl."/srv/http"."u:familienrat:X" = {
- default = false;
- recursive = false;
- };
-
- users.groups.xanf = {};
-
- krebs.on-failure.plans.restic-backups-domsen = {
- journalctl = {
- lines = 1000;
- };
- };
-
- services.restic.backups.domsen = {
- initialize = true;
- repository = "/backups/domsen";
- passwordFile = toString <secrets> + "/domsen_backup_pw";
- timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
- paths = [
- "/home/domsen/Mail"
- "/home/ms/Mail"
- "/home/klabusterbeere/Mail"
- "/home/jms/Mail"
- "/home/kasia/Mail"
- "/home/bruno/Mail"
- "/home/akayguen/Mail"
- "/backups/sql_dumps"
- ];
- };
-
- services.syncthing.declarative.folders = {
- domsen-backups = {
- path = "/backups/domsen";
- devices = [ "domsen-backup" ];
- };
- domsen-backup-srv-http = {
- path = "/srv/http";
- devices = [ "domsen-backup" ];
- };
- };
-
- system.activationScripts.domsen-backups = ''
- ${pkgs.coreutils}/bin/chmod 750 /backups
- '';
-
- # takes too long!!
- # krebs.acl."/srv/http"."u:syncthing:rwX" = {};
- # krebs.acl."/srv/http"."u:nginx:rwX" = {};
- # krebs.acl."/srv/http/ubikmedia.de"."u:avada:rwX" = {};
- krebs.acl."/home/xanf/XANF_TEAM"."g:xanf:rwX" = {};
- krebs.acl."/home/xanf"."g:xanf:X" = {
- default = false;
- recursive = false;
- };
-}
-
diff --git a/lass/2configs/websites/flix.lassul.us.nix b/lass/2configs/websites/flix.lassul.us.nix
deleted file mode 100644
index 27a7f75e8..000000000
--- a/lass/2configs/websites/flix.lassul.us.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, pkgs, ... }:
-{
- services.nginx.virtualHosts."flix.lassul.us" = {
- forceSSL = true;
- enableACME = true;
- locations."/" = {
- proxyPass = "http://yellow.r:8096";
- proxyWebsockets = true;
- recommendedProxySettings = true;
- };
- };
-}
-
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
deleted file mode 100644
index 9440413aa..000000000
--- a/lass/2configs/websites/lassulus.nix
+++ /dev/null
@@ -1,74 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with lib;
-let
- inherit (import <stockholm/lib>)
- genid_uint31
- ;
-
-in {
- imports = [
- ./default.nix
- ];
-
- security.acme = {
- email = "acme@lassul.us";
- acceptTerms = true;
- certs."lassul.us" = {
- group = "lasscert";
- };
- };
-
- users.groups.lasscert.members = [
- "dovecot2"
- "exim"
- "nginx"
- ];
-
- services.nginx.virtualHosts."lassul.us" = {
- addSSL = true;
- enableACME = true;
- default = true;
- locations."/".extraConfig = ''
- root /srv/http/lassul.us;
- '';
- locations."= /retiolum-hosts.tar.bz2".extraConfig = ''
- alias ${config.krebs.tinc.retiolum.hostsArchive};
- '';
- locations."= /hosts".extraConfig = ''
- alias ${pkgs.krebs-hosts_combined};
- '';
- locations."= /retiolum.hosts".extraConfig = ''
- alias ${pkgs.krebs-hosts-retiolum};
- '';
- locations."= /wireguard-key".extraConfig = ''
- alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};
- '';
- locations."= /krebspage".extraConfig = ''
- default_type "text/html";
- alias ${pkgs.krebspage}/index.html;
- '';
- locations."= /init".extraConfig = let
- initscript = pkgs.init.override {
- pubkey = config.krebs.users.lass.pubkey;
- };
- in ''
- alias ${initscript}/bin/init;
- '';
- locations."= /blue.pub".extraConfig = ''
- alias ${pkgs.writeText "pub" config.krebs.users.lass-blue.pubkey};
- '';
- locations."= /ssh.pub".extraConfig = ''
- alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pubkey};
- '';
- locations."= /gpg.pub".extraConfig = ''
- alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pgp.pubkeys.default};
- '';
- locations."= /ip".extraConfig = ''
- return 200 '$remote_addr';
- '';
- };
-
-
-
-}
diff --git a/lass/2configs/websites/ref.ptkk.de/default.nix b/lass/2configs/websites/ref.ptkk.de/default.nix
deleted file mode 100644
index 14ce58b8e..000000000
--- a/lass/2configs/websites/ref.ptkk.de/default.nix
+++ /dev/null
@@ -1,89 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- services.nginx.virtualHosts."ref.ptkk.de" = {
- enableACME = true;
- locations."/" = {
- proxyPass = "http://localhost:4626";
- extraConfig = ''
- proxy_http_version 1.1;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header Connection $connection_upgrade;
- proxy_set_header Upgrade $http_upgrade;
- proxy_cache_bypass $http_upgrade;
- '';
- };
- locations."/static/" = {
- alias = "/var/lib/ref.ptkk.de/static/";
- };
- forceSSL = true;
- };
- systemd.services."ref.ptkk.de" = {
- wantedBy = [ "multi-user.target" ];
- environment = {
- PRODUCTION = "yip";
- DATA_DIR = "/var/lib/ref.ptkk.de/data";
- PORT = "4626";
- STATIC_ROOT = "/var/lib/ref.ptkk.de/static";
- };
- path = with pkgs; [
- git
- gnutar
- gzip
- nix
- ];
- serviceConfig = {
- ExecStartPre = [
- "${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/data"
- "${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/code"
- "${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/static"
- ];
- ExecStart = pkgs.writers.writeDash "nixify" ''
- cd code
- if test -e shell.nix; then
- ${pkgs.nix}/bin/nix-shell -I /var/src --run serve
- else
- echo 'no shell.nix, bailing out'
- exit 0
- fi
- '';
- LoadCredential = [
- "django-secret.key:${toString <secrets>}/ref.ptkk.de-django.key"
- ];
- User = "ref.ptkk.de";
- WorkingDirectory = "/var/lib/ref.ptkk.de";
- StateDirectory = "ref.ptkk.de";
- Restart = "always";
- RestartSec = "100s";
- };
- };
- systemd.services."ref.ptkk.de-restarter" = {
- serviceConfig = {
- Type = "oneshot";
- ExecStart = "${pkgs.systemd}/bin/systemctl restart ref.ptkk.de.service";
- };
- };
- systemd.paths."ref.ptkk.de-restarter" = {
- wantedBy = [ "multi-user.target" ];
- pathConfig.PathChanged = [
- "/var/lib/ref.ptkk.de/code"
- "/var/src/nixpkgs"
- ];
- };
-
- users.users."ref.ptkk.de" = {
- isSystemUser = true;
- uid = pkgs.stockholm.lib.genid_uint31 "ref.ptkk.de";
- openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6fu6LtyRdk++qIBpP0BdZQHSTqzNNlvp7ML2Dv0IxD CI@github.com"
- config.krebs.users.lass.pubkey
- ];
- group = "nginx";
- home = "/var/lib/ref.ptkk.de";
- useDefaultShell = true;
- };
-}
diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix
deleted file mode 100644
index c9783bece..000000000
--- a/lass/2configs/websites/sqlBackup.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- krebs.secret.files.mysql_rootPassword = {
- path = "${config.services.mysql.dataDir}/mysql_rootPassword";
- owner.name = "mysql";
- source-path = toString <secrets> + "/mysql_rootPassword";
- };
-
- services.mysql = {
- enable = true;
- dataDir = "/var/mysql";
- package = pkgs.mariadb;
- };
-
- systemd.services.mysql = {
- after = [
- config.krebs.secret.files.mysql_rootPassword.service
- ];
- partOf = [
- config.krebs.secret.files.mysql_rootPassword.service
- ];
- };
-
- lass.mysqlBackup = {
- enable = true;
- config.all = {};
- };
-}
-
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
deleted file mode 100644
index bffa1036b..000000000
--- a/lass/2configs/websites/util.nix
+++ /dev/null
@@ -1,246 +0,0 @@
-{ lib, pkgs, ... }:
-
-with lib;
-
-rec {
-
- ssl = domains :
- let
- domain = head domains;
- in {
- };
-
- servePage = domains:
- let
- domain = head domains;
- in {
- services.nginx.virtualHosts.${domain} = {
- enableACME = true;
- addSSL = true;
- serverAliases = domains;
- locations."/".extraConfig = ''
- root /srv/http/${domain};
- '';
- };
- };
-
- servephpBB = domains:
- let
- domain = head domains;
-
- in {
- services.nginx.virtualHosts."${domain}" = {
- serverAliases = domains;
- extraConfig = ''
- index index.php;
- root /srv/http/${domain}/;
- access_log /tmp/nginx_acc.log;
- error_log /tmp/nginx_err.log;
- error_page 404 /404.html;
- error_page 500 502 503 504 /50x.html;
- client_max_body_size 100m;
- '';
- locations."/".extraConfig = ''
- try_files $uri $uri/ /index.php?$args;
- '';
- locations."~ \.php(?:$|/)".extraConfig = ''
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- include ${pkgs.nginx}/conf/fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param HTTPS on;
- fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
- fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
- fastcgi_intercept_errors on;
- '';
- #Directives to send expires headers and turn off 404 error logging.
- locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
- access_log off;
- log_not_found off;
- expires max;
- '';
- };
- services.phpfpm.pools."${domain}" = {
- user = "nginx";
- group = "nginx";
- extraConfig = ''
- listen = /srv/http/${domain}/phpfpm.pool
- pm = dynamic
- pm.max_children = 25
- pm.start_servers = 5
- pm.min_spare_servers = 3
- pm.max_spare_servers = 20
- listen.owner = nginx
- listen.group = nginx
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- catch_workers_output = yes
- '';
- };
- };
-
- serveOwncloud = domains:
- let
- domain = head domains;
- in {
- services.nginx.virtualHosts."${domain}" = {
- enableACME = true;
- addSSL = true;
- serverAliases = domains;
- extraConfig = ''
- # Add headers to serve security related headers
- add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options "SAMEORIGIN";
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- add_header X-Download-Options noopen;
- add_header X-Permitted-Cross-Domain-Policies none;
-
- # Path to the root of your installation
- root /srv/http/${domain}/;
- # set max upload size
- client_max_body_size 10G;
- fastcgi_buffers 64 4K;
- fastcgi_read_timeout 120;
-
- # Disable gzip to avoid the removal of the ETag header
- gzip off;
-
- # Uncomment if your server is build with the ngx_pagespeed module
- # This module is currently not supported.
- #pagespeed off;
-
- index index.php;
- error_page 403 /core/templates/403.php;
- error_page 404 /core/templates/404.php;
-
- rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
- rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;
-
- # The following 2 rules are only needed for the user_webfinger app.
- # Uncomment it if you're planning to use this app.
- rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
- rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
- '';
- locations."/robots.txt".extraConfig = ''
- allow all;
- log_not_found off;
- access_log off;
- '';
- locations."~ ^/(build|tests|config|lib|3rdparty|templates|data)/".extraConfig = ''
- deny all;
- '';
-
- locations."~ ^/(?:autotest|occ|issue|indie|db_|console)".extraConfig = ''
- deny all;
- '';
-
- locations."/".extraConfig = ''
- rewrite ^/remote/(.*) /remote.php last;
- rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
- try_files $uri $uri/ =404;
- '';
-
- locations."~ \.php(?:$|/)".extraConfig = ''
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- include ${pkgs.nginx}/conf/fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param HTTPS on;
- fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
- fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
- fastcgi_intercept_errors on;
- '';
-
- # Adding the cache control header for js and css files
- # Make sure it is BELOW the location ~ \.php(?:$|/) { block
- locations."~* \.(?:css|js)$".extraConfig = ''
- add_header Cache-Control "public, max-age=7200";
- # Add headers to serve security related headers
- add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options "SAMEORIGIN";
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- # Optional: Don't log access to assets
- access_log off;
- '';
- # Optional: Don't log access to other assets
- locations."~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$".extraConfig = ''
- access_log off;
- '';
- };
- services.phpfpm.pools."${domain}" = {
- user = "nginx";
- group = "nginx";
- extraConfig = ''
- listen = /srv/http/${domain}/phpfpm.pool
- pm = dynamic
- pm.max_children = 32
- pm.max_requests = 500
- pm.start_servers = 2
- pm.min_spare_servers = 2
- pm.max_spare_servers = 5
- listen.owner = nginx
- listen.group = nginx
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- catch_workers_output = yes
- '';
- };
- };
-
- serveWordpress = domains:
- let
- domain = head domains;
-
- in {
- services.nginx.virtualHosts."${domain}" = {
- enableACME = true;
- forceSSL = true;
- serverAliases = domains;
- extraConfig = ''
- root /srv/http/${domain}/;
- index index.php;
- access_log /tmp/nginx_acc.log;
- error_log /tmp/nginx_err.log;
- error_page 404 /404.html;
- error_page 500 502 503 504 /50x.html;
- client_max_body_size 100m;
- '';
- locations."/".extraConfig = ''
- try_files $uri $uri/ /index.php?$args;
- '';
- locations."~ \.php$".extraConfig = ''
- fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
- fastcgi_read_timeout 120;
- include ${pkgs.nginx}/conf/fastcgi.conf;
- '';
- #Directives to send expires headers and turn off 404 error logging.
- locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
- access_log off;
- log_not_found off;
- expires max;
- '';
- };
- services.phpfpm.pools."${domain}" = {
- user = "nginx";
- group = "nginx";
- extraConfig = ''
- listen = /srv/http/${domain}/phpfpm.pool
- pm = dynamic
- pm.max_children = 25
- pm.start_servers = 5
- pm.min_spare_servers = 3
- pm.max_spare_servers = 20
- listen.owner = nginx
- listen.group = nginx
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- catch_workers_output = yes
- '';
- };
- };
-
-}
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
deleted file mode 100644
index 3dfaebc04..000000000
--- a/lass/2configs/weechat.nix
+++ /dev/null
@@ -1,214 +0,0 @@
-{ config, lib, pkgs, ... }: let
-
- weechat-configured = pkgs.weechat-declarative.override {
- config = {
- scripts = [
- pkgs.weechatScripts.weechat-matrix
- pkgs.weechatScripts.wee-slack
- ];
- settings = {
- irc.server_default.nicks = [ "lassulus" "hackulus" ];
- irc.server.bitlbee = {
- addresses = "localhost/6666";
- command = "msg &bitlbee identify \${sec.data.bitlbee}";
- };
- irc.server.hackint = {
- addresses = "irc.hackint.org/6697";
- autojoin = [
- "#c3-gsm"
- "#panthermoderns"
- "#feldoffice"
- "#36c3"
- "#cccac"
- "#nixos"
- "#krebs"
- "#krebstel"
- "#c-base"
- "#afra"
- "#tvl"
- "#eloop"
- "#systemdultras"
- "#rc3"
- "#krebs-announce"
- "#the_playlist"
- "#germany"
- "#hackint"
- "#dezentrale"
- "#hackerfleet \${sec.data.c3-gsm}" # TODO support channel passwords in a cooler way
- ];
- ssl = true;
- sasl_fail = "reconnect";
- sasl_username = "lassulus";
- sasl_password = "\${sec.data.hackint_sasl}";
- };
- irc.server.r = {
- addresses = "irc.r";
- autojoin = [
- "#xxx"
- "#autowifi"
- "#brockman"
- "#flix"
- "#kollkoll"
- "#noise"
- "#mukke"
- ];
- sasl_fail = "reconnect";
- sasl_username = "lassulus";
- sasl_password = "\${sec.data.r_sasl}";
- anti_flood_prio_high = 0;
- anti_flood_prio_low = 0;
- };
- irc.server.libera = {
- addresses = "irc.libera.chat/6697";
- autojoin = [
- "#shackspace"
- "#nixos"
- "#krebs"
- "#dezentrale"
- "#tinc"
- "#nixos-de"
- "#fysi"
- "#hillhacks"
- "#nixos-rc3"
- "#binaergewitter"
- "#hackerfleet"
- "#weechat"
- ];
- ssl = true;
- sasl_username = "lassulus";
- sasl_fail = "reconnect";
- sasl_password = "\${sec.data.libera_sasl}";
- };
- irc.server.news = {
- addresses = "news.r";
- autojoin = [
- "#all"
- "#aluhut"
- "#querdenkos"
- "#news"
- "#drachengame"
- ];
- anti_flood_prio_high = 0;
- anti_flood_prio_low = 0;
- };
- matrix.server.lassulus = {
- address = "matrix.lassul.us";
- username = "lassulus";
- password = "\${sec.data.matrix_lassulus}";
- device_name = config.networking.hostName;
- };
- plugins.var.python.go.short_name = true;
- plugins.var.python.go.short_name_server = true;
- plugins.var.python.go.fuzzy_search = true;
- relay.network.password = "xxx"; # secret?
- relay.port.weechat = 9998;
- relay.weechat.commands = "*,!exec,!quit";
- weechat.look.buffer_time_format = "%m-%d_%H:%M:%S";
- weechat.look.item_time_format = "%m-%d_%H:%M:%S";
- irc.look.color_nicks_in_names = true;
- irc.look.color_nicks_in_nicklist = true;
- logger.file.mask = "$plugin.$name/%Y-%m-%d.weechatlog";
- logger.file.path = "/var/state/weechat_logs";
- logger.look.backlog = 1000;
- weechat.notify.irc.news."#all" = "highlight";
-
- # setting logger levels for channels is currently not possible declarativly
- # because of already defined
- logger.level.core.weechat = 0;
- logger.level.irc = 3;
- logger.level.python = 3;
- weechat.bar.title.color_bg = 0;
- weechat.bar.status.color_bg = 0;
- alias.cmd.reload = "exec -oc cat /etc/weechat.set";
- script.scripts.download_enabled = true;
- weechat.look.prefix_align = "left";
- weechat.look.prefix_align_max = 20;
- irc.look.server_buffer = "independent";
- matrix.look.server_buffer = "independent";
- weechat.bar.buflist.size_max = 20;
- weechat.color.chat_nick_colors = [
- 1 2 3 4 5 6 9
- 10 11 12 13 14
- 28 29
- 30 31 32 33 34 35 36 37 38 39
- 70
- 94
- 101 102 103 104 105 106 107
- 130 131 133 134 135 136 137
- 140 141 142 143
- 160 161 162 163 165 166 167 168 169
- 170 171 172 173 174 175
- 196 197 198 199
- 200 201 202 203 204 205 206 208 209 209
- 210 211 212
- ];
- };
- extraCommands = ''
- /script upgrade
- /script install go.py
- /script install nickregain.pl
- /script install autosort.py
- /key bind meta-q /go
- /key bind meta-t /bar toggle nicklist
- /key bind meta-y /bar toggle buflist
- /filter addreplace irc_smart * irc_smart_filter *
- /filter addreplace playlist_topic irc.*.#the_playlist irc_topic *
- /filter addreplace xxx_joinpart irc.r.#xxx irc_join,irc_part,irc_quit *
- /set logger.level.irc.news 0
- /set logger.level.python.server.nixos_dev = 0;
- /set logger.level.irc.hackint.#the_playlist = 0;
- /connect bitlbee
- /connect r
- /connect news
- /connect libera
- /connect hackint
- /matrix connect nixos_dev
- /matrix connect lassulus
- '';
- files."sec.conf" = toString (pkgs.writeText "sec.conf" ''
- [crypt]
- cipher = aes256
- hash_algo = sha256
- passphrase_command = "cat $CREDENTIALS_DIRECTORY/WEECHAT_PASSPHRASE"
- salt = on
-
- [data]
- __passphrase__ = on
- hackint_sasl = "5CA242E92E7A09B180711B50C4AE2E65C42934EB4E584EC82BC1281D8C72CD411D590C16CC435687C0DA13759873CC"
- libera_sasl = "9500B5AC3B29F9CAA273F1B89DC99550E038AF95C4B47442B1FB4CB9F0D6B86B26015988AD39E642CA9C4A78DED7F42D1F409B268C93E778"
- r_sasl = "CB6FB1421ED5A9094CD2C05462DB1FA87C4A675628ABD9AEC9928A1A6F3F96C07D9F26472331BAF80B7B73270680EB1BBEFD"
- c3-gsm = "C49DD845900CFDFA93EEBCE4F1ABF4A963EF6082B7DA6410FA701CC77A04BB6C201FCB864988C4F2B97ED7D44D5A28F162"
- bitlbee = "814ECAC59D9CF6E8340B566563E5D7E92AB92209B49C1EDE4CAAC32DD0DF1EC511D97C75E840C45D69BB9E3D03E79C"
- matrix_lassulus = "0CA5C0F70A9F893881370F4A665B4CC40FBB1A41E53BC94916CD92B029103528611EC0B390116BE60FA79AE10F486E96E17B0824BE2DE1C97D87B88F5407330DAD70C044147533C36B09B7030CAD97"
- '');
- };
- };
-
-in {
- users.users.mainUser.packages = [
- weechat-configured
- ];
- environment.etc."weechat.set".source = "${weechat-configured}/weechat.set";
- systemd.tmpfiles.rules = [
- "d /var/state/weechat_logs 0700 lass users -"
- "d /var/state/weechat 0700 lass users -"
- "d /var/state/weechat_cfg 0700 lass users -"
- "L+ /home/lass/.local/share/weechat - - - - ../../../../var/state/weechat"
- "L+ /home/lass/.config/weechat - - - - ../../../../var/state/weechat_cfg"
- ];
-
- systemd.services.weechat = {
- wantedBy = [ "multi-user.target" ];
- restartIfChanged = false;
- serviceConfig = {
- User = "lass";
- RemainAfterExit = true;
- Type = "oneshot";
- LoadCredential = [
- "WEECHAT_PASSPHRASE:${toString <secrets>}/weechat_passphrase"
- ];
- ExecStart = "${pkgs.tmux}/bin/tmux -2 new-session -d -s IM ${weechat-configured}/bin/weechat";
- ExecStop = "${pkgs.tmux}/bin/tmux kill-session -t IM"; # TODO run save in weechat
- };
- };
-}
diff --git a/lass/2configs/weron/client.nix b/lass/2configs/weron/client.nix
deleted file mode 100644
index 55bc8a0da..000000000
--- a/lass/2configs/weron/client.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- systemd.services.weron = {
- wantedBy = [ "multi-user.target" ];
- environment = {
- WERON_RADDR = "ws://lassul.us:23420/";
- };
- serviceConfig = {
- ExecStart = pkgs.writers.writeDash "weron" ''
- ${pkgs.weron}/bin/weron vpn ip \
- --community krebs \
- --password aidsballs \
- --key aidsballs \
- --ips 10.249.1.0/24 \
- --verbose 7 \
- --dev weron
- '';
- };
- };
-}
diff --git a/lass/2configs/weron/signaler.nix b/lass/2configs/weron/signaler.nix
deleted file mode 100644
index 9e817583b..000000000
--- a/lass/2configs/weron/signaler.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- systemd.services.weron-signaler = {
- wantedBy = [ "multi-user.target" ];
- environment = {
- };
- serviceConfig = {
- ExecStart = ''${pkgs.weron}/bin/weron signaler --verbose=7 --laddr ":23420"'';
- };
- };
-
- networking.firewall.allowedTCPPorts = [ 23420 ];
-}
diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix
deleted file mode 100644
index 5f906cd2b..000000000
--- a/lass/2configs/wine.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.mainUser;
-
-in {
- users.users= {
- wine = {
- home = "/home/wine";
- useDefaultShell = true;
- extraGroups = [
- "audio"
- "video"
- ];
- createHome = true;
- packages = [
- pkgs.winePackages.minimal
- ];
- isNormalUser = true;
- };
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(wine) NOPASSWD: ALL
- '';
-}
diff --git a/lass/2configs/wiregrill.nix b/lass/2configs/wiregrill.nix
deleted file mode 100644
index 81175c59e..000000000
--- a/lass/2configs/wiregrill.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }: let
-
- self = config.krebs.build.host.nets.wiregrill;
- isRouter = !isNull self.via;
-
-in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
- #hack for modprobe inside containers
- systemd.services."wireguard-wiregrill".path = mkIf config.boot.isContainer (mkBefore [
- (pkgs.writeDashBin "modprobe" ":")
- ]);
-
- boot.kernel.sysctl = mkIf isRouter {
- "net.ipv6.conf.all.forwarding" = 1;
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter (mkBefore [
- { predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; }
- { predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -o eth0"; target = "ACCEPT"; }
- { predicate = "-o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- ]);
- systemd.network.networks.wiregrill = {
- matchConfig.Name = "wiregrill";
- address =
- (optional (!isNull self.ip4) "${self.ip4.addr}/16") ++
- (optional (!isNull self.ip6) "${self.ip6.addr}/48")
- ;
- networkConfig = {
- IgnoreCarrierLoss = "10s";
- };
- };
-
- networking.wireguard.interfaces.wiregrill = {
- ips =
- (optional (!isNull self.ip4 && !config.systemd.network.enable) self.ip4.addr) ++
- (optional (!isNull self.ip6 && !config.systemd.network.enable) self.ip6.addr);
- listenPort = 51820;
- privateKeyFile = (toString <secrets>) + "/wiregrill.key";
- allowedIPsAsRoutes = true;
- peers = mapAttrsToList
- (name: host: {
- # inherit name;
- allowedIPs = if isRouter then
- (optional (!isNull host.nets.wiregrill.ip4) host.nets.wiregrill.ip4.addr) ++
- (optional (!isNull host.nets.wiregrill.ip6) host.nets.wiregrill.ip6.addr)
- else
- host.nets.wiregrill.wireguard.subnets
- ;
- endpoint = mkIf (!isNull host.nets.wiregrill.via) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}");
- persistentKeepalive = mkIf (!isNull host.nets.wiregrill.via) 61;
- publicKey = (replaceStrings ["\n"] [""] host.nets.wiregrill.wireguard.pubkey);
- })
- (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts);
- };
-}
diff --git a/lass/2configs/xdg-open.nix b/lass/2configs/xdg-open.nix
deleted file mode 100644
index 02c551a2b..000000000
--- a/lass/2configs/xdg-open.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ config, pkgs, lib, ... }: with import <stockholm/lib>; let
-
- xdg-open-wrapper = pkgs.writeDashBin "xdg-open" ''
- exec ${xdg-open}/bin/xdg-open "$@" >> /tmp/xdg-debug.log 2>&1
- '';
-
- xdg-open = pkgs.writeBashBin "xdg-open" ''
- set -xe
- FILE="$1"
- PATH=/run/current-system/sw/bin
- mime=
-
- case "$FILE" in
- http://*|https://*)
- mime=text/html
- ;;
- mailto:*)
- mime=special/mailaddress
- ;;
- magnet:*)
- mime=application/x-bittorrent
- ;;
- irc:*)
- mime=x-scheme-handler/irc
- ;;
- *)
- # it’s a file
-
- # strip possible protocol
- FILE=''${FILE#file://}
- mime=''$(file -E --brief --mime-type "$FILE") \
- || (echo "$mime" 1>&2; exit 1)
- # ^ echo the error message of file
- ;;
- esac
-
- case "$mime" in
- special/mailaddress)
- alacritty --execute vim "$FILE" ;;
- text/html)
- firefox "$FILE" ;;
- text/xml)
- firefox "$FILE" ;;
- text/*)
- alacritty --execute vim "$FILE" ;;
- image/*)
- sxiv "$FILE" ;;
- application/x-bittorrent)
- env DISPLAY=:0 transgui "$FILE" ;;
- application/pdf)
- zathura "$FILE" ;;
- inode/directory)
- alacritty --execute mc "$FILE" ;;
- *)
- # open dmenu and ask for program to open with
- runner=$(print -rC1 -- ''${(ko)commands} | dmenu)
- exec $runner "$FILE";;
- esac
- '';
-in {
- environment.systemPackages = [ xdg-open-wrapper ];
-
- security.sudo.extraConfig = ''
- cr ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open *
- ff ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open *
- '';
-}
diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix
deleted file mode 100644
index 749e7cd18..000000000
--- a/lass/2configs/xmonad.nix
+++ /dev/null
@@ -1,236 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- services.xserver.windowManager.xmonad = {
- enable = true;
- extraPackages = hs: [
- hs.extra
- hs.xmonad-contrib
- ];
- config = /* haskell */ ''
-{-# LANGUAGE LambdaCase #-}
-
-
-module Main where
-import XMonad
-
-import qualified XMonad.StackSet as W
-import Control.Monad.Extra (whenJustM)
-import Data.List (isInfixOf)
-import Data.Monoid (Endo)
-import System.Environment (getArgs, lookupEnv)
-import System.Exit (exitFailure)
-import System.IO (hPutStrLn, stderr)
-import System.Posix.Process (executeFile)
-import Data.Ratio
-
-import XMonad.Actions.Commands (defaultCommands, runCommand)
-import XMonad.Actions.CopyWindow (copy, copyToAll, kill1)
-import XMonad.Actions.CycleWS (toggleWS)
-import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
-import XMonad.Actions.DynamicWorkspaces (withWorkspace)
-import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
-import XMonad.Actions.Minimize (minimizeWindow, maximizeWindow, withLastMinimized)
-import XMonad.Hooks.EwmhDesktops (ewmh)
-import XMonad.Hooks.FloatNext (floatNext)
-import XMonad.Hooks.FloatNext (floatNextHook)
-import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
-import XMonad.Hooks.ManageHelpers (doCenterFloat, doRectFloat, (-?>))
-import XMonad.Hooks.Place (placeHook, smart)
-import XMonad.Hooks.UrgencyHook (focusUrgent)
-import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
-import XMonad.Layout.BoringWindows (boringWindows, focusDown, focusUp)
-import XMonad.Layout.FixedColumn (FixedColumn(..))
-import XMonad.Layout.Grid (Grid(..))
-import XMonad.Layout.Minimize (minimize)
-import XMonad.Layout.NoBorders (smartBorders, noBorders)
-import XMonad.Layout.MouseResizableTile (mouseResizableTile)
-import XMonad.Layout.SimplestFloat (simplestFloat)
-import XMonad.Layout.StateFull
-import XMonad.ManageHook (composeAll)
-import XMonad.Prompt (autoComplete, font, height, searchPredicate, XPConfig)
-import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
-import XMonad.Util.EZConfig (additionalKeysP)
-import XMonad.Util.NamedWindows (getName)
-import XMonad.Util.Run (safeSpawn)
-import XMonad.Util.Ungrab (unGrab)
-import XMonad.Util.Paste (sendKey)
-
-data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
-
-instance UrgencyHook LibNotifyUrgencyHook where
- urgencyHook LibNotifyUrgencyHook w = do
- name <- getName w
- Just idx <- fmap (W.findTag w) $ gets windowset
-
- safeSpawn "${pkgs.libnotify}/bin/notify-send" [show name, "workspace " ++ idx]
-
-myTerm :: FilePath
-myTerm = "/run/current-system/sw/bin/alacritty"
-
-myFont :: String
-myFont = "${config.lass.fonts.regular}"
-
-main :: IO ()
-main = do
- xmonad $ ewmh
- $ withUrgencyHook LibNotifyUrgencyHook
- $ def
- { terminal = myTerm
- , modMask = mod4Mask
- , layoutHook = myLayoutHook
- , manageHook = floatHooks
- , startupHook =
- whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
- (\path -> forkFile path [] Nothing)
- , normalBorderColor = "#1c1c1c"
- , focusedBorderColor = "#ff0000"
- , workspaces = [ "dashboard", "sys", "wp" ]
- } `additionalKeysP` myKeyMap
-
-myLayoutHook = defLayout
- where
- defLayout = smartBorders $
- minimize .
- boringWindows $
- (
- noBorders StateFull |||
- (avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) |||
- FixedColumn 2 80 80 1 |||
- Tall 1 (3/100) (1/2) |||
- simplestFloat |||
- mouseResizableTile |||
- Grid
- )
-
-floatHooks = composeAll
- [ className =? "Pinentry" --> doCenterFloat
- , className =? "Pager" --> doCenterFloat
- , title =? "pager" --> doCenterFloat
- , title =? "fzfmenu" --> doCenterFloat
- , title =? "glxgears" --> doCenterFloat
- , resource =? "Dialog" --> doFloat
- , title =? "Upload to Imgur" -->
- doRectFloat (W.RationalRect 0 0 (1 % 8) (1 % 8))
- , placeHook (smart (1,0))
- , floatNextHook
- ]
-
-myKeyMap :: [([Char], X ())]
-myKeyMap =
- [ ("M4-p", forkFile "${pkgs.pass}/bin/passmenu" [ "--type" ] Nothing)
- , ("M4-S-p", forkFile "${pkgs.otpmenu}/bin/otpmenu" [] Nothing)
- , ("M4-z", forkFile "${pkgs.unimenu}/bin/unimenu" [] Nothing)
-
- , ("M4-S-q", restart "xmonad" True)
-
- , ("<XF86AudioMute>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
- , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
- , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%")
- , ("<XF86MonBrightnessDown>", spawn "${pkgs.acpilight}/bin/xbacklight -time 0 -dec 1")
- , ("<XF86MonBrightnessUp>", spawn "${pkgs.acpilight}/bin/xbacklight -time 0 -inc 1")
- , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill")
-
- , ("M4-<Tab>", focusDown)
- , ("M4-S-<Tab>", focusUp)
- , ("M4-j", focusDown)
- , ("M4-k", focusUp)
-
- , ("M4-a", focusUrgent)
- , ("M4-S-r", renameWorkspace myXPConfig)
- , ("M4-S-a", addWorkspacePrompt myXPConfig)
- , ("M4-S-<Backspace>", removeEmptyWorkspace)
- , ("M4-S-c", kill1)
- , ("M4-<Esc>", toggleWS)
- , ("M4-S-<Enter>", spawn myTerm)
- , ("M4-x", floatNext True >> spawn myTerm)
- , ("M4-c", spawn "/run/current-system/sw/bin/emacsclient -c")
- -- , ("M4-c", unGrab)
- , ("M4-f", floatNext True)
- , ("M4-b", spawn "/run/current-system/sw/bin/klem")
-
- , ("M4-c", defaultCommands >>= runCommand)
- -- , ("M4-v", spawn "${pkgs.pager}/bin/pager view")
- -- , ("M4-S-v", spawn "${pkgs.pager}/bin/pager shift")
- , ("M4-v", withWorkspace autoXPConfig (windows . W.greedyView))
- , ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift))
- , ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
-
- , ("M4-m", withFocused minimizeWindow)
- , ("M4-S-m", withLastMinimized maximizeWindow)
-
- , ("M4-q", windowPromptGoto infixAutoXPConfig)
- , ("M4-C-q", windowPromptBringCopy infixAutoXPConfig)
-
- , ("M4-S-q", return ())
-
- , ("M4-d", floatNext True >> spawn "${pkgs.writers.writeDash "clipmenu" ''
- PATH=${lib.makeBinPath [
- pkgs.coreutils
- pkgs.gawk
- pkgs.dmenu
- ]}
- ${pkgs.clipmenu}/bin/clipmenu
- ''}")
-
- , ("M4-<Insert>", spawn "${pkgs.writers.writeDash "paste" ''
- ${pkgs.coreutils}/bin/sleep 0.4
- ${pkgs.xclip}/bin/xclip -o | ${pkgs.xdotool}/bin/xdotool type -f -
- ''}")
-
- , ("M4-<F1>", spawn "/run/current-system/sw/bin/gamepad_mouse_toggle")
- , ("M4-<F2>", windows copyToAll)
- , ("M4-<F4>", spawn "${pkgs.nm-dmenu}/bin/nm-dmenu")
- , ("M4-<F5>", spawn "${pkgs.acpilight}/bin/xbacklight -set 1")
- , ("M4-<F6>", spawn "${pkgs.acpilight}/bin/xbacklight -set 10")
- , ("M4-<F7>", spawn "${pkgs.acpilight}/bin/xbacklight -set 33")
- , ("M4-<F8>", spawn "${pkgs.acpilight}/bin/xbacklight -set 100")
-
- , ("M4-<F9>", spawn "${pkgs.redshift}/bin/redshift -O 4000 -g 0.9:0.8:0.8")
- , ("M4-<F10>", spawn "${pkgs.redshift}/bin/redshift -x")
-
- , ("M4-<F11>", spawn "${config.lass.screenlock.command}")
-
- , ("M4-u", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
- , ("M4-y", spawn "/run/current-system/sw/bin/switch-theme toggle")
-
- ${lib.optionalString (builtins.hasAttr "warpd" pkgs) '', ("M4-s", spawn "${pkgs.warpd}/bin/warpd --hint")''}
- , ("M4-i", spawn "/run/current-system/sw/bin/screenshot")
-
- --, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView))
- --, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView))
- --, ("M4-r", screenWorkspace 2 >>= (windows . W.greedyView))
- ]
-
-forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
-forkFile path args env =
- xfork (executeFile path True args env) >> return ()
-
-myXPConfig :: XPConfig
-myXPConfig = def
- { font = myFont
- , height = 40
- }
-
-autoXPConfig :: XPConfig
-autoXPConfig = myXPConfig
- { autoComplete = Just 5000
- }
-
-infixAutoXPConfig :: XPConfig
-infixAutoXPConfig = autoXPConfig
- { searchPredicate = isInfixOf
- }
-
-gridConfig :: GSConfig WorkspaceId
-gridConfig = def
- { gs_cellwidth = 100
- , gs_cellheight = 30
- , gs_cellpadding = 2
- , gs_navigate = navNSearch
- , gs_font = myFont
- }
-
- '';
- };
-}
diff --git a/lass/2configs/xonsh.nix b/lass/2configs/xonsh.nix
deleted file mode 100644
index 23ed28847..000000000
--- a/lass/2configs/xonsh.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- environment.systemPackages = [
- pkgs.xonsh
- pkgs.xonsh2
- ];
-}
diff --git a/lass/2configs/yellow-mounts/samba.nix b/lass/2configs/yellow-mounts/samba.nix
deleted file mode 100644
index e16f1cc47..000000000
--- a/lass/2configs/yellow-mounts/samba.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{
- fileSystems."/mnt/yellow" = {
- device = "//yellow.r/public";
- fsType = "cifs";
- options = [
- "guest"
- "nofail"
- "noauto"
- "ro"
- "x-systemd.automount"
- "x-systemd.device-timeout=1"
- "x-systemd.idle-timeout=1min"
- ];
- };
- }
diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix
deleted file mode 100644
index 5ac310199..000000000
--- a/lass/2configs/yubikey.nix
+++ /dev/null
@@ -1,62 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- environment.systemPackages = with pkgs; [
- yubikey-personalization
- yubikey-manager
- pinentry-curses pinentry-qt
- ];
-
- services.udev.packages = with pkgs; [ yubikey-personalization ];
- systemd.user.sockets.gpg-agent-ssh.wantedBy = [ "sockets.target" ];
-
- services.pcscd.enable = true;
- systemd.user.services.gpg-agent.serviceConfig.ExecStartPre = pkgs.writers.writeDash "init_gpg" ''
- set -x
- mkdir -p $HOME/.gnupg
- ${pkgs.coreutils}/bin/ln -sf ${pkgs.writeText "scdaemon.conf" ''
- disable-ccid
- pcsc-driver ${pkgs.pcsclite.out}/lib/libpcsclite.so.1
- card-timeout 1
-
- # Always try to use yubikey as the first reader
- # even when other smart card readers are connected
- # Name of the reader can be found using the pcsc_scan command
- # If you have problems with gpg not recognizing the Yubikey
- # then make sure that the string here matches exacly pcsc_scan
- # command output. Also check journalctl -f for errors.
- reader-port Yubico YubiKey
- ''} $HOME/.gnupg/scdaemon.conf
- '';
- systemd.user.services.gpg-agent.serviceConfig.ExecStartPost = pkgs.writers.writeDash "init_gpg" ''
- ${pkgs.gnupg}/bin/gpg --import ${../../kartei/lass/pgp/yubikey.pgp} >/dev/null
- echo -e '5\ny\n' | gpg --command-fd 0 --expert --edit-key DBCD757846069B392EA9401D6657BE8A8D1EE807 trust >/dev/null || :
- '';
-
- security.polkit.extraConfig = ''
- polkit.addRule(function(action, subject) {
- if (
- (
- action.id == "org.debian.pcsc-lite.access_pcsc" ||
- action.id == "org.debian.pcsc-lite.access_card"
- ) && subject.user == "lass"
- ) {
- return polkit.Result.YES;
- }
- });
- polkit.addRule(function(action, subject) {
- polkit.log("subject: " + subject + " action: " + action);
- });
- '';
-
- # allow nix to acces remote builders via yubikey
- systemd.services.nix-daemon.environment.SSH_AUTH_SOCK = "/run/user/1337/gnupg/S.gpg-agent.ssh";
-
- programs = {
- ssh.startAgent = false;
- gnupg.agent = {
- enable = true;
- pinentryFlavor = "qt";
- enableSSHSupport = true;
- };
- };
-}
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
deleted file mode 100644
index f77aa258b..000000000
--- a/lass/2configs/zsh.nix
+++ /dev/null
@@ -1,144 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- environment.systemPackages = with pkgs; [
- atuin
- direnv
- fzf
- ];
- environment.variables.ATUIN_CONFIG_DIR = toString (pkgs.writeTextDir "/config.toml" ''
- auto_sync = true
- update_check = false
- sync_address = "http://green.r:8888"
- sync_frequency = 0
- style = "compact"
- '');
- programs.zsh = {
- enable = true;
- shellInit = ''
- #disable config wizard
- zsh-newuser-install() { :; }
- '';
- interactiveShellInit = ''
- unsetopt nomatch # no matches found urls
- setopt autocd extendedglob
- bindkey -e
-
-
- # # setopt inc_append_history
- # bindkey '^R' history-incremental-search-backward
-
- #C-x C-e open line in editor
- autoload -z edit-command-line
- zle -N edit-command-line
- bindkey "^X^E" edit-command-line
-
- #fzf inclusion
- source ${pkgs.fzf}/share/fzf/completion.zsh
- source ${pkgs.fzf}/share/fzf/key-bindings.zsh
-
- # atuin distributed shell history
- export ATUIN_NOBIND="true" # disable all keybdinings of atuin
- eval "$(atuin init zsh)"
- bindkey '^r' _atuin_search_widget # bind ctrl+r to atuin
- # use zsh only session history
- fc -p
-
- #completion magic
- autoload -Uz compinit
- compinit
- zstyle ':completion:*' menu select
-
- #enable automatic rehashing of $PATH
- zstyle ':completion:*' rehash true
-
- # fancy mv which interactively gets the second argument if not given
- function mv() {
- if [[ "$#" -ne 1 ]] || [[ ! -e "$1" ]]; then
- command mv -v "$@"
- return
- fi
-
- newfilename="$1"
- vared newfilename
- command mv -v -- "$1" "$newfilename"
- }
-
- #beautiful colors
- eval $(dircolors -b ${pkgs.fetchFromGitHub {
- owner = "trapd00r";
- repo = "LS_COLORS";
- rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
- sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
- }}/LS_COLORS)
- zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
-
- #emacs bindings
- bindkey "[7~" beginning-of-line
- bindkey "[8~" end-of-line
- bindkey "Oc" emacs-forward-word
- bindkey "Od" emacs-backward-word
-
- # direnv integration
- eval "$(${pkgs.direnv}/bin/direnv hook zsh)"
- '';
- promptInit = ''
- autoload -U promptinit
- promptinit
-
- p_error='%(?..%F{red}%?%f )'
- t_error='%(?..%? )'
-
- case $UID in
- 0)
- p_username='%F{red}root%f'
- t_username='root'
- ;;
- 1337)
- p_username=""
- t_username=""
- ;;
- *)
- p_username='%F{blue}%n%f'
- t_username='%n'
- ;;
- esac
-
- if test -n "$SSH_CLIENT"; then
- p_hostname='@%F{magenta}%M%f '
- t_hostname='@%M '
- else
- p_hostname=""
- t_hostname=""
- fi
-
- #check if in nix shell
- if test -n "$IN_NIX_SHELL"; then
- p_nixshell='%F{green}[s]%f '
- t_nixshell='[s] '
- else
- p_nixshell=""
- t_nixshell=""
- fi
-
- PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ "
- TITLE="$t_error$t_username$t_hostname$t_nixshell%~"
- case $TERM in
- (*xterm* | *rxvt*)
- function precmd {
- PROMPT_EVALED=$(print -P "$TITLE")
- echo -ne "\033]0;$$ $PROMPT_EVALED\007"
- }
- # This seems broken for some reason
- # # This is seen while the shell waits for a command to complete.
- # function preexec {
- # PROMPT_EVALED=$(print -P "$TITLE")
- # echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
- # }
- ;;
- esac
- '';
- };
- environment.shellAliases.ns = "nix-shell --command zsh";
-
- users.defaultUserShell = "/run/current-system/sw/bin/zsh";
-}
diff --git a/lass/3modules/autowifi.nix b/lass/3modules/autowifi.nix
deleted file mode 100644
index 9aa1a2d28..000000000
--- a/lass/3modules/autowifi.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-let
-
- cfg = config.lass.autowifi;
-
-in {
- options.lass.autowifi = {
- enable = mkEnableOption "automatic wifi connector";
- knownWifisFile = mkOption {
- type = types.str;
- default = "/etc/wifis";
- };
- enablePrisonBreak = mkOption {
- type = types.bool;
- default = false;
- };
- };
-
- config = lib.mkIf cfg.enable {
- systemd.services.autowifi = {
- description = "Automatic wifi connector";
- wantedBy = [ "multi-user.target" ];
- path = [ pkgs.networkmanager ];
- serviceConfig = {
- Type = "simple";
- Restart = "always";
- RestartSec = "10s";
- ExecStart = "${autowifi}/bin/autowifi";
- };
- };
-
- networking.networkmanager.dispatcherScripts = mkIf cfg.enablePrisonBreak [
- { source = "${pkgs.callPackage <stockholm/makefu/5pkgs/prison-break}/bin/prison-break"; }
- ];
- };
-}
-
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
deleted file mode 100644
index 4082c8bd2..000000000
--- a/lass/3modules/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-_:
-{
- imports = [
- ../../submodules/disko/module.nix
- ./dnsmasq.nix
- ./drbd.nix
- ./folderPerms.nix
- ./hosts.nix
- ./klem.nix
- ./mysql-backup.nix
- ./news.nix
- ./nichtparasoup.nix
- ./pyload.nix
- ./screenlock.nix
- ./usershadow.nix
- ./autowifi.nix
- ];
-}
diff --git a/lass/3modules/dnsmasq.nix b/lass/3modules/dnsmasq.nix
deleted file mode 100644
index 83a9cb180..000000000
--- a/lass/3modules/dnsmasq.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with builtins;
-with lib;
-
-let
- cfg = config.lass.dnsmasq;
-
- out = {
- options.lass.dnsmasq = api;
- config = mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "dnsmasq";
- config = mkOption {
- type = types.str;
- #TODO: find a good default
- default = ''
- '';
- description = "configuration dnsmasq is started with";
- };
- };
-
- configFile = pkgs.writeText "dnsmasq.conf" cfg.config;
-
- imp = {
-
- systemd.services.dnsmasq = {
- description = "dnsmasq";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- path = with pkgs; [
- dnsmasq
- ];
-
-
- restartIfChanged = true;
-
- serviceConfig = {
- Restart = "always";
- ExecStart = "${pkgs.dnsmasq}/bin/dnsmasq -k -C ${configFile}";
- };
- };
- };
-
-in out
diff --git a/lass/3modules/drbd.nix b/lass/3modules/drbd.nix
deleted file mode 100644
index b933158a5..000000000
--- a/lass/3modules/drbd.nix
+++ /dev/null
@@ -1,159 +0,0 @@
-{ config, lib, pkgs, ... }: let
- cfg = config.lass.drbd;
- slib = import <stockholm/lib>;
-in {
- options = {
- lass.drbd = lib.mkOption {
- default = {};
- type = lib.types.attrsOf (lib.types.submodule ({ config, ... }: {
- options = {
- name = lib.mkOption {
- type = lib.types.str;
- default = config._module.args.name;
- };
- blockMinor = lib.mkOption {
- type = lib.types.int;
- default = lib.mod (slib.genid config.name) 16000; # TODO get max_id fron drbd
- };
- port = lib.mkOption {
- type = lib.types.int;
- default = 20000 + config.blockMinor;
- };
- peers = lib.mkOption {
- type = lib.types.listOf slib.types.host;
- };
- disk = lib.mkOption {
- type = lib.types.str;
- default = "/dev/loop${toString config.blockMinor}";
- };
- drbdConfig = lib.mkOption {
- type = lib.types.path;
- internal = true;
- default = pkgs.writeText "drbd-${config.name}.conf" ''
- resource ${config.name} {
- net {
- protocol a;
- ping-int 10;
- csums-alg crc32c;
- connect-int 3;
- after-sb-0pri discard-older-primary;
- after-sb-1pri discard-secondary;
-
- # seems to be drbd-proxy premium feature
- on-congestion pull-ahead;
- congestion-fill 1G;
- congestion-extents 500;
-
- sndbuf-size 10M;
- max-epoch-size 20000;
- }
- device minor ${toString config.blockMinor};
- disk ${config.disk};
- meta-disk internal;
- ${slib.indent (lib.concatStrings (lib.imap1 (i: peer: /* shell */ ''
- on ${peer.name} {
- address ${peer.nets.retiolum.ip4.addr}:${toString config.port};
- node-id ${toString i};
- }
- '') config.peers))}
- connection-mesh {
- hosts ${lib.concatMapStringsSep " " (peer: peer.name) config.peers};
- }
- }
- '';
- };
- };
- }));
- };
- };
- config = lib.mkIf (cfg != {}) {
- boot.extraModulePackages = [
- (pkgs.linuxPackages.callPackage ../5pkgs/drbd9/default.nix {})
- ];
- boot.extraModprobeConfig = ''
- options drbd usermode_helper=/run/current-system/sw/bin/drbdadm
- '';
- services.udev.packages = [ pkgs.drbd ];
- boot.kernelModules = [ "drbd" ];
-
- environment.systemPackages = [
- pkgs.drbd
- (pkgs.writers.writeDashBin "drbd-change-nodeid" ''
- # https://linbit.com/drbd-user-guide/drbd-guide-9_0-en/#s-using-truck-based-replication
- set -efux
-
- if [ "$#" -ne 2 ]; then
- echo '$1 needs to be drbd volume name'
- echo '$2 needs to be new node id'
- exit 1
- fi
-
-
- TMPDIR=$(mktemp -d)
- trap 'rm -rf $TMPDIR' EXIT
-
- V=$1
- NODE_TO=$2
- META_DATA_LOCATION=internal
-
- ${pkgs.drbd}/bin/drbdadm -- --force dump-md $V > "$TMPDIR"/md_orig.txt
- NODE_FROM=$(cat "$TMPDIR"/md_orig.txt | ${pkgs.gnused}/bin/sed -n 's/^node-id \(.*\);$/\1/p')
- ${pkgs.gnused}/bin/sed -e "s/node-id $NODE_FROM/node-id $NODE_TO/" \
- -e "s/^peer.$NODE_FROM. /peer-NEW /" \
- -e "s/^peer.$NODE_TO. /peer[$NODE_FROM] /" \
- -e "s/^peer-NEW /peer[$NODE_TO] /" \
- < "$TMPDIR"/md_orig.txt > "$TMPDIR"/md.txt
-
- drbdmeta --force $(drbdadm sh-minor $V) v09 $(drbdadm sh-md-dev $V) $META_DATA_LOCATION restore-md "$TMPDIR"/md.txt
- '')
- ];
-
- networking.firewall.allowedTCPPorts = map (device: device.port) (lib.attrValues cfg);
- systemd.services = lib.mapAttrs' (_: device:
- lib.nameValuePair "drbd-${device.name}" {
- after = [ "systemd-udev.settle.service" "network.target" "retiolum.service" ];
- wants = [ "systemd-udev.settle.service" ];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- RemainAfterExit = true;
- ExecStart = pkgs.writers.writeDash "start-drbd-${device.name}" ''
- set -efux
- mkdir -p /var/lib/sync-containers2
- ${lib.optionalString (device.disk == "/dev/loop${toString device.blockMinor}") ''
- if ! test -e /var/lib/sync-containers2/${device.name}.disk; then
- truncate -s 10G /var/lib/sync-containers2/${device.name}.disk
- fi
- if ! ${pkgs.util-linux}/bin/losetup /dev/loop${toString device.blockMinor}; then
- ${pkgs.util-linux}/bin/losetup /dev/loop${toString device.blockMinor} /var/lib/sync-containers2/${device.name}.disk
- fi
- ''}
- if ! ${pkgs.drbd}/bin/drbdadm adjust ${device.name}; then
- ${pkgs.drbd}/bin/drbdadm down ${device.name}
- ${pkgs.drbd}/bin/drbdadm create-md ${device.name}/0 --max-peers 31
- ${pkgs.drbd}/bin/drbdadm up ${device.name}
- fi
- '';
- ExecStop = pkgs.writers.writeDash "stop-drbd-${device.name}" ''
- set -efux
- ${pkgs.drbd}/bin/drbdadm -c ${device.drbdConfig} down ${device.name}
- ${lib.optionalString (device.disk == "/dev/loop${toString device.blockMinor}") ''
- ${pkgs.util-linux}/bin/losetup -d /dev/loop${toString device.blockMinor}
- ''}
- '';
- };
- }
- ) cfg;
-
-
- environment.etc."drbd.conf".text = ''
- global {
- usage-count yes;
- }
-
- ${lib.concatMapStrings (device: /* shell */ ''
- include ${device.drbdConfig};
- '') (lib.attrValues cfg)}
- '';
- };
-}
-
diff --git a/lass/3modules/folderPerms.nix b/lass/3modules/folderPerms.nix
deleted file mode 100644
index bb0320327..000000000
--- a/lass/3modules/folderPerms.nix
+++ /dev/null
@@ -1,104 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-#TODO: implement recursive mode maybe?
-# enable different mods for files and folders
-
-let
- inherit (pkgs)
- writeScript
- ;
-
- inherit (lib)
- concatMapStringsSep
- concatStringsSep
- mkEnableOption
- mkIf
- mkOption
- types
- ;
-
- cfg = config.lass.folderPerms;
-
- out = {
- options.lass.folderPerms = api;
- config = mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "folder permissions";
- permissions = mkOption {
- type = with types; listOf (submodule ({
- options = {
- path = mkOption {
- type = str;
- };
- permission = mkOption {
- type = nullOr str;
- example = "755";
- description = ''
- basically anything that chmod takes as permission
- '';
- default = null;
- };
- owner = mkOption {
- type = nullOr str;
- example = "root:root";
- description = ''
- basically anything that chown takes as owner
- '';
- default = null;
- };
- };
- }));
- };
- };
-
- imp = {
- systemd.services.lass-folderPerms = {
- description = "lass-folderPerms";
- wantedBy = [ "multi-user.target" ];
-
- path = with pkgs; [
- coreutils
- ];
-
- restartIfChanged = true;
-
- serviceConfig = {
- type = "simple";
- RemainAfterExit = true;
- Restart = "always";
- ExecStart = "@${startScript}";
- };
- };
- };
-
- startScript = writeScript "lass-folderPerms" ''
- ${concatMapStringsSep "\n" writeCommand cfg.permissions}
- '';
-
- writeCommand = fperm:
- concatStringsSep "\n" [
- (buildPermission fperm)
- (buildOwner fperm)
- ];
-
- buildPermission = perm:
- #TODO: create folder maybe
- #TODO: check if permission is valid
- if (perm.permission == null) then
- ""
- else
- "chmod ${perm.permission} ${perm.path}"
- ;
-
- buildOwner = perm:
- #TODO: create folder maybe
- #TODO: check if owner/group valid
- if (perm.owner == null) then
- ""
- else
- "chown ${perm.owner} ${perm.path}"
- ;
-
-in out
diff --git a/lass/3modules/hosts.nix b/lass/3modules/hosts.nix
deleted file mode 100644
index 37cbf3ed3..000000000
--- a/lass/3modules/hosts.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, ... }:
-
-with import <stockholm/lib>;
-
-{
- options.lass.hosts = mkOption {
- type = types.attrsOf types.host;
- default =
- filterAttrs (_: host: host.owner.name == "lass" && host.ci)
- config.krebs.hosts;
- };
-}
diff --git a/lass/3modules/klem.nix b/lass/3modules/klem.nix
deleted file mode 100644
index 8536d967d..000000000
--- a/lass/3modules/klem.nix
+++ /dev/null
@@ -1,75 +0,0 @@
-{ config, pkgs, ... }: with import <stockholm/lib>; let
- cfg = config.lass.klem;
-in {
- options.lass.klem = mkOption {
- default = {};
- type = types.attrsOf (types.submodule ({ config, ...}: {
- options = {
- target = mkOption {
- default = ".*";
- description = ''
- regex of valid targets
- can be shown with xclip -selection clipboard -t TARGETS
- the first hit is taken as target argument
- '';
- type = types.str;
- };
- script = mkOption {
- description = ''
- file to run if entry is selected
- '';
- type = types.path;
- };
- label = mkOption {
- default = config._module.args.name;
- description = ''
- label to show in dmenu for this script
- '';
- type = types.str;
- };
- };
- }));
- };
- config = let
- klem = pkgs.writers.writeDashBin "klem" ''
- set -x
-
- labels=""
- # match filetype against patterns
- ${concatMapStringsSep "\n" (script: ''
- ${pkgs.xclip}/bin/xclip -selection clipboard -target TARGETS -out \
- | ${pkgs.gnugrep}/bin/grep -q '${script.target}'
- if [ $? -eq 0 ]; then
- labels="$labels:${script.label}"
- fi
- '') (attrValues cfg)}
-
- #remove empty line, feed into dmenu
- script=$(echo "$labels" \
- | ${pkgs.gnused}/bin/sed 's/^://;s/:/\n/g' \
- | ${pkgs.dmenu}/bin/dmenu)
-
- #run the chosen script
- case $script in
- ${concatMapStringsSep "\n" (script: indent ''
- ${script.label})
- target=$(${pkgs.xclip}/bin/xclip -selection clipboard -target TARGETS -out \
- | ${pkgs.gnugrep}/bin/grep '${script.target}' \
- | ${pkgs.gnugrep}/bin/grep -v TARGETS \
- | ${pkgs.coreutils}/bin/head -1)
- ${pkgs.xclip}/bin/xclip -selection clipboard -target "$target" -out \
- | ${script.script} \
- | ${pkgs.xclip}/bin/xclip -selection clipboard -in
- ;;
- '') (attrValues cfg)}
- esac
- '';
- in mkIf (cfg != {}) {
- environment.systemPackages = [ klem ];
- nixpkgs.overlays = [
- (self: super: {
- klem = klem;
- })
- ];
- };
-}
diff --git a/lass/3modules/mysql-backup.nix b/lass/3modules/mysql-backup.nix
deleted file mode 100644
index 516f96c34..000000000
--- a/lass/3modules/mysql-backup.nix
+++ /dev/null
@@ -1,86 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
- cfg = config.lass.mysqlBackup;
-
- out = {
- options.lass.mysqlBackup = api;
- config = mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "mysqlBackup";
- config = mkOption {
- type = with types; attrsOf (submodule ({ config, ... }: {
- options = {
- name = mkOption {
- type = types.str;
- default = config._module.args.name;
- };
- startAt = mkOption {
- type = with types; nullOr str; # TODO systemd.time(7)'s calendar event
- default = "*-*-* 01:15:00";
- };
- user = mkOption {
- type = str;
- default = "root";
- };
- password = mkOption {
- type = nullOr str;
- default = null;
- description = ''
- path to a file containing the mysqlPassword for the specified user.
- '';
- };
- databases = mkOption {
- type = listOf str;
- default = [];
- };
- location = mkOption {
- type = str;
- default = "/backups/sql_dumps";
- };
- };
- }));
- description = "configuration for mysqlBackup";
- };
- };
-
- imp = {
-
- services.mysql.ensureUsers = [
- { ensurePermissions = { "*.*" = "ALL"; }; name = "root"; }
- ];
-
- systemd.services =
- mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" {
- path = with pkgs; [
- mysql
- gzip
- ];
- serviceConfig = rec {
- ExecStart = start plan;
- SyslogIdentifier = ExecStart.name;
- Type = "oneshot";
- User = plan.user;
- };
- startAt = plan.startAt;
- }) cfg.config;
- };
-
-
- start = plan: let
- backupScript = plan: db: ''
- mkdir -p ${plan.location}
- mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz
- '';
-
- in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" ''
- ${concatMapStringsSep "\n" (backupScript plan) plan.databases}
- '';
-
-
-in out
diff --git a/lass/3modules/news.nix b/lass/3modules/news.nix
deleted file mode 100644
index b6061736c..000000000
--- a/lass/3modules/news.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
- cfg = config.lass.news;
-
- out = {
- options.lass.news = api;
- config = lib.mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "news";
- feeds = mkOption {
- type = types.listOf (types.submodule { options = {
- nick = mkOption {
- type = types.str;
- };
- feedurl = mkOption {
- type = types.str;
- };
- interval = mkOption {
- type = types.int;
- default = 1000;
- };
- channels = mkOption {
- type = types.listOf types.str;
- };
- };});
- };
- user = mkOption {
- type = types.user;
- default = {
- name = "news";
- home = "/var/lib/news";
- };
- };
- ircServer = mkOption {
- type = types.str;
- default = "localhost";
- description = "to which server the bot should connect";
- };
- };
-
- imp = {
-
- users.users.${cfg.user.name} = {
- inherit (cfg.user) home name uid;
- createHome = true;
- };
-
- systemd.services = listToAttrs (map (feed:
- nameValuePair "news-${feed.nick}" {
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
- serviceConfig = {
- SyslogIdentifier = "news-${feed.nick}";
- User = cfg.user.name;
- PrivateTmp = true;
- Restart = "always";
- ExecStart = pkgs.writeDash "news-${feed.nick}" ''
- ${pkgs.haskellPackages.news}/bin/news '${feed.feedurl}' '${toString feed.interval}' \
- | ${pkgs.goify}/bin/goify \
- | while :; do
- ${pkgs.haskellPackages.kirk}/bin/ircout --nick '${feed.nick}' --host '${cfg.ircServer}' \
- \${concatStringsSep " \\" feed.channels}
- done
- '';
- };
- }
- ) cfg.feeds);
-
- };
-
-in out
diff --git a/lass/3modules/nichtparasoup.nix b/lass/3modules/nichtparasoup.nix
deleted file mode 100644
index a28c2a159..000000000
--- a/lass/3modules/nichtparasoup.nix
+++ /dev/null
@@ -1,161 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
- options.lass.nichtparasoup = {
- enable = mkEnableOption "nichtparasoup funny image page";
- config = mkOption {
- type = types.str;
- default = ''
- [General]
- Port: 5001
- IP: 0.0.0.0
- Useragent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25
-
- [Cache]
- Images_min_limit: 15
-
- [Logging]
- ;; possible destinations: file syslog
- Destination: syslog
- Verbosity: ERROR
-
- [Sites]
- SoupIO: everyone
- Pr0gramm: new,top
- Reddit: ${lib.concatStringsSep "," [
- "2healthbars"
- "abandonedporn"
- "animalsbeingderps"
- "ANormalDayInRussia"
- "assholedesign"
- "AwesomeOffBrands"
- "bizarrebuildings"
- "bonehurtingjuice"
- "boottoobig"
- "bossfight"
- "bravofotogeschichten"
- "breathinginformation"
- "buddhistmemes"
- "cablefail"
- "cableporn"
- "catastrophicfailure"
- "chairsunderwater"
- "clevercomebacks"
- "confusingperspective"
- "conni"
- "crappydesign"
- "cursedcomments"
- "desirepath"
- "doenerverbrechen"
- "dontdeadopeninside"
- "educationalgifs"
- "EngineeringPorn"
- "eyebleach"
- "forbiddensnacks"
- "funnyanimals"
- "gifs"
- "Gittertiere"
- "goodboomerhumor"
- "grssk"
- "halthoch"
- "hmm"
- "hmmm"
- "holdmybeer"
- "holup"
- "iamatotalpieceofshit"
- "ichbin40undlustig"
- "idiotsincars"
- "illegallysmolcats"
- "infokriegerkutschen"
- "instagramreality"
- "instant_regret"
- "itrunsdoom"
- "itsaunixsystem"
- "kamikazebywords"
- "keming"
- "kidsarefuckingstupid"
- "kitchenconfidential"
- "laughingbuddha"
- "LiminalSpace"
- "loadingicon"
- "MachinePorn"
- "mallninjashit"
- "michaelbaygifs"
- "mildlyinfuriating"
- "miscatculations"
- "natureisfuckinglit"
- "nononoyesno"
- "notinteresting"
- "notliketheothergirls"
- "oddlysatisfying"
- "ofcoursethatsathing"
- "okbuddylinux"
- "OSHA"
- "PeopleFuckingDying"
- "Perfectfit"
- "perfectloops"
- "PerfectTiming"
- "picsofunusualbirds"
- "PixelArt"
- "pizzacrimes"
- "prequelmemes"
- "Prisonwallet"
- "reactiongifs"
- "RealFakeDoors"
- "reallifedoodles"
- "RetroFuturism"
- "robotsbeingjerks"
- "SchizophreniaRides"
- "scriptedasiangifs"
- "shitposting"
- "shittyfoodporn"
- "shittyrobots"
- "softwaregore"
- "specializedtools"
- "spicypillows"
- "StallmanWasRight"
- "startledcats"
- "startrekstabilized"
- "stupidfood"
- "techsupportgore"
- "thathappened"
- "ThingsCutInHalfPorn"
- "totallynotrobots"
- "trippinthroughtime"
- "Unexpected"
- "urbanexploration"
- "wasletztepreis"
- "wellthatsucks"
- "wertekinder"
- "wewantplates"
- "whatcouldgowrong"
- "whatsthisbug"
- "whatsthisplant"
- "whatswrongwithyourdog"
- "whenthe"
- "yesyesyesyesno"
- "youseeingthisshit"
- ]}
- NineGag: geeky,wtf,hot,trending
- Instagram: nature,wtf
- Fourchan: sci
- '';
- };
- };
-
- config = mkIf config.lass.nichtparasoup.enable {
- systemd.services.nichtparasoup = {
- description = "nichtparasoup";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- restartIfChanged = true;
- serviceConfig = {
- Restart = "always";
- ExecStart = "${pkgs.nichtparasoup}/bin/nichtparasoup -c ${pkgs.writeText "config.ini" config.lass.nichtparasoup.config}";
- };
- };
- };
-}
diff --git a/lass/3modules/pyload.nix b/lass/3modules/pyload.nix
deleted file mode 100644
index 6f29ffb17..000000000
--- a/lass/3modules/pyload.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
- cfg = config.lass.pyload;
-
- out = {
- options.lass.pyload = api;
- config = lib.mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "pyload";
- user = mkOption {
- type = types.str;
- default = "download";
- };
- };
-
- imp = {
-
- krebs.per-user.${cfg.user}.packages = [
- pkgs.pyload
- pkgs.spidermonkey
- pkgs.tesseract
- ];
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 9099"; target = "ACCEPT"; }
- ];
- systemd.services.pyload = {
- description = "pyload";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- path = with pkgs; [
- pyload
- spidermonkey
- tesseract
- dnsmasq
- ];
-
- restartIfChanged = true;
-
- serviceConfig = {
- Restart = "always";
- ExecStart = "${pkgs.pyload}/bin/pyLoadCore";
- User = cfg.user;
- };
- };
-
- };
-
-in out
diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix
deleted file mode 100644
index b5c69b65a..000000000
--- a/lass/3modules/screenlock.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ pkgs, config, ... }:
-
-with import <stockholm/lib>;
-
-let
- cfg = config.lass.screenlock;
-
- out = {
- options.lass.screenlock = api;
- config = mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "screenlock";
- command = mkOption {
- type = types.path;
- default = pkgs.writeDash "screenlock" ''
- ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1
- sleep 3
- '';
- };
- };
-
- imp = {
- systemd.services.screenlock = {
- before = [ "sleep.target" ];
- requiredBy = [ "sleep.target" ];
- environment = {
- DISPLAY = ":${toString config.services.xserver.display}";
- };
- serviceConfig = {
- SyslogIdentifier = "screenlock";
- ExecStart = cfg.command;
- Type = "simple";
- User = "lass";
- };
- };
- };
-
-in out
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
deleted file mode 100644
index 094d37a36..000000000
--- a/lass/3modules/usershadow.nix
+++ /dev/null
@@ -1,139 +0,0 @@
-{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
-
- cfg = config.lass.usershadow;
-
- out = {
- options.lass.usershadow = api;
- config = lib.mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "usershadow";
- pattern = mkOption {
- type = types.str;
- default = "/home/%/.shadow";
- };
- path = mkOption {
- type = types.str;
- };
- };
-
- imp = {
- environment.systemPackages = [ usershadow ];
- lass.usershadow.path = "${usershadow}";
- security.pam.services.sshd.text = ''
- auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
- auth required pam_permit.so
- account required pam_permit.so
- session required pam_permit.so
- '';
-
- security.pam.services.dovecot2.text = ''
- auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
- auth required pam_permit.so
- account required pam_permit.so
- session required pam_permit.so
- '';
-
- security.wrappers.shadow_verify_pam = {
- setuid = true;
- source = "${usershadow}/bin/verify_pam";
- owner = "root";
- group = "root";
- };
- security.wrappers.shadow_verify_arg = {
- setuid = true;
- source = "${usershadow}/bin/verify_arg";
- owner = "root";
- group = "root";
- };
- };
-
- usershadow = let {
- deps = [
- "pwstore-fast"
- "bytestring"
- ];
- body = pkgs.writeHaskellPackage "passwords" {
- ghc-options = [
- "-rtsopts"
- "-Wall"
- ];
- executables.verify_pam = {
- extra-depends = deps;
- text = ''
- import System.IO
- import Data.Char (chr)
- import System.Environment (getEnv, getArgs)
- import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
- import qualified Data.ByteString.Char8 as BS8
- import System.Exit (exitFailure, exitSuccess)
-
- main :: IO ()
- main = do
- user <- getEnv "PAM_USER"
- shadowFilePattern <- head <$> getArgs
- let shadowFile = lhs <> user <> tail rhs
- (lhs, rhs) = span (/= '%') shadowFilePattern
- hash <- readFile shadowFile
- password <- takeWhile (/= (chr 0)) <$> hGetLine stdin
- let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash)
- if res then exitSuccess else exitFailure
- '';
- };
- executables.verify_arg = {
- extra-depends = deps;
- text = ''
- import System.Environment (getArgs)
- import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
- import qualified Data.ByteString.Char8 as BS8
- import System.Exit (exitFailure, exitSuccess)
-
- main :: IO ()
- main = do
- argsList <- getArgs
- let shadowFilePattern = argsList !! 0
- let user = argsList !! 1
- let password = argsList !! 2
- let shadowFile = lhs <> user <> tail rhs
- (lhs, rhs) = span (/= '%') shadowFilePattern
- hash <- readFile shadowFile
- let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash)
- if res then do (putStr "yes") else exitFailure
- '';
- };
- executables.passwd = {
- extra-depends = deps;
- text = ''
- import System.Environment (getEnv)
- import Crypto.PasswordStore (makePasswordWith, pbkdf2)
- import qualified Data.ByteString.Char8 as BS8
- import System.IO (stdin, stdout, hSetEcho, hFlush, putStr, putStrLn)
- import Control.Exception (bracket_)
-
- main :: IO ()
- main = do
- home <- getEnv "HOME"
- mb_password <- bracket_ (hSetEcho stdin False) (hSetEcho stdin True) $ do
- putStr "Enter new UNIX password: "
- hFlush stdout
- password <- BS8.hGetLine stdin
- putStrLn ""
- putStr "Retype new UNIX password: "
- hFlush stdout
- password2 <- BS8.hGetLine stdin
- return $ if password == password2
- then Just password
- else Nothing
- case mb_password of
- Just password -> do
- hash <- makePasswordWith pbkdf2 password 10
- BS8.writeFile (home ++ "/.shadow") hash
- putStrLn "passwd: all authentication tokens updated successfully."
- Nothing -> putStrLn "Sorry, passwords do not match"
- '';
- };
- };
- };
-
-in out
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix
deleted file mode 100644
index 56943b7ac..000000000
--- a/lass/4lib/default.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ lib, ... }:
-
-with lib;
-
-rec {
-
- getDefaultGateway = ip:
- concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
-
-}
diff --git a/lass/5pkgs/acronym/default.nix b/lass/5pkgs/acronym/default.nix
deleted file mode 100644
index 8380b220a..000000000
--- a/lass/5pkgs/acronym/default.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ pkgs, ... }:
-
-pkgs.writeScriptBin "acronym" ''
-
- #! ${pkgs.bash}/bin/bash
-
- acro=$1
-
- curl -L -s http://www.acronymfinder.com/$acro.html \
- | grep 'class="result-list__body__rank"' \
- | sed '
- s/.*title="\([^"]*\)".*/\1/
- s/^.* - //
- s/&#39;/'\'''/g
- '
-''
diff --git a/lass/5pkgs/autowifi b/lass/5pkgs/autowifi
deleted file mode 160000
-Subproject cf3ae8f6fe285eab67db4f36f9a3da3762c3531
diff --git a/lass/5pkgs/bank/default.nix b/lass/5pkgs/bank/default.nix
deleted file mode 100644
index 9f3a44d79..000000000
--- a/lass/5pkgs/bank/default.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ writeDashBin, coreutils, pass, hledger, diffutils }:
-
-writeDashBin "bank" ''
- tmp=$(mktemp)
- ${pass}/bin/pass show hledger > $tmp
- ${hledger}/bin/hledger --file=$tmp "$@"
- ${pass}/bin/pass show hledger | if ${diffutils}/bin/diff $tmp -; then
- exit 0
- else
- ${coreutils}/bin/cat $tmp | ${pass}/bin/pass insert -m hledger
- fi
- ${coreutils}/bin/rm $tmp
-''
-
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
deleted file mode 100644
index 6fa93e146..000000000
--- a/lass/5pkgs/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-self: super: let
- lib = super.lib;
-
- # This callPackage will try to detect obsolete overrides.
- callPackage = path: args: let
- override = super.callPackage path args;
- upstream = lib.optionalAttrs (override ? "name")
- (super.${(builtins.parseDrvName override.name).name} or {});
- in if upstream ? "name" &&
- override ? "name" &&
- builtins.compareVersions upstream.name override.name != -1
- then
- builtins.trace
- "Upstream `${upstream.name}' gets overridden by `${override.name}'."
- override
- else override;
-
- subdirsOf = path:
- lib.mapAttrs (name: _: path + "/${name}")
- (lib.filterAttrs (_: x: x == "directory") (builtins.readDir path));
-
-in lib.mapAttrs (_: lib.flip callPackage {})
- (lib.filterAttrs (_: dir: lib.pathExists (dir + "/default.nix"))
- (subdirsOf ./.))
diff --git a/lass/5pkgs/deploy/default.nix b/lass/5pkgs/deploy/default.nix
deleted file mode 100644
index a3fe4dca3..000000000
--- a/lass/5pkgs/deploy/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ writers }:
-writers.writeDashBin "deploy" ''
- set -xeu
- export SYSTEM="$1"
- $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
-''
diff --git a/lass/5pkgs/dl/default.nix b/lass/5pkgs/dl/default.nix
deleted file mode 100644
index 69f2b8c45..000000000
--- a/lass/5pkgs/dl/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ pkgs }:
-pkgs.writers.writeBashBin "dl" ''
- set -efux
- LINK_OR_SEARCH=$@
- if [[ $LINK_OR_SEARCH == magnet:?* ]] || [[ $LINK_OR_SEARCH =~ ^https?: ]]; then
- LINK=$LINK_OR_SEARCH
- else
- SEARCH=$LINK_OR_SEARCH
- fi
-
- if ! [ -z ''${SEARCH+x} ]; then
- LINK=$(${pkgs.we-get}/bin/we-get -n 50 -t the_pirate_bay,1337x --json -s "$SEARCH" |
- ${pkgs.jq}/bin/jq -r 'to_entries |
- .[] |
- "\(.key) [\(.value.seeds)]\t\(.value.link)"
- ' |
- ${pkgs.fzf}/bin/fzf -d '\t' --with-nth=1 |
- ${pkgs.coreutils}/bin/cut -f 2
- )
- fi
-
- if [ -z ''${CATEGORY+x} ]; then
- CATEGORY=$(echo -e 'movies\nseries' | ${pkgs.fzf}/bin/fzf)
- fi
-
- ${pkgs.transmission}/bin/transmission-remote yellow.r \
- -w /var/download/finished/sorted/"$CATEGORY" \
- -a "$LINK"
-''
diff --git a/lass/5pkgs/dls/default.nix b/lass/5pkgs/dls/default.nix
deleted file mode 100644
index 36cdb620b..000000000
--- a/lass/5pkgs/dls/default.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ pkgs }:
-pkgs.writers.writeDashBin "dls" ''
- set -efux
- SESSION_ID=$(
- curl -Ss -d '{}' http://yellow.r:9091/transmission/rpc -v -o /dev/null 2>&1 |
- grep -oP '(?<=X-Transmission-Session-Id: )\w+'
- )
- ${pkgs.curl}/bin/curl -Ss \
- http://yellow.r:9091/transmission/rpc \
- -H "X-Transmission-Session-Id: $SESSION_ID" \
- -d '{"arguments":{"fields":["errorString","eta","isFinished","name","sizeWhenDone","status"]},"method":"torrent-get","tag":4}' |
- jq .
-''
diff --git a/lass/5pkgs/drbd9/default.nix b/lass/5pkgs/drbd9/default.nix
deleted file mode 100644
index 34ef0f564..000000000
--- a/lass/5pkgs/drbd9/default.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ lib, stdenv, git, fetchzip, fetchFromGitHub, kernel }: let
-
- version = "9.1.7";
-
-in stdenv.mkDerivation {
- pname = "drbd";
- version = "${kernel.version}-${version}";
-
- src = fetchzip {
- url = "https://pkg.linbit.com//downloads/drbd/9/drbd-9.1.7.tar.gz";
- sha256 = "sha256-JsbtOrqhZkG7tFEc6tDmj3RlxZggl0HOKfCI8lYtQok=";
- };
- # src = fetchFromGitHub {
- # owner = "LINBIT";
- # repo = "drbd";
- # rev = "drbd-${version}";
- # sha256 = "sha256-8HAt+k0yi6XsZZ9mkVCQkv2pn65o3Zsa0KwTSBJh0yY=";
- # leaveDotGit = true;
- # };
-
- nativeBuildInputs = [ git ] ++ kernel.moduleBuildDependencies;
-
- # hardeningDisable = [ "pic" ];
-
- makeFlags = kernel.makeFlags ++ [
- "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
- ];
-
- installPhase = ''
- install -D drbd/drbd.ko -t "$out/lib/modules/${kernel.modDirVersion}/updates/"
- install -D drbd/drbd_transport_tcp.ko -t "$out/lib/modules/${kernel.modDirVersion}/updates/"
- '';
-
- enableParallelBuilding = true;
-}
diff --git a/lass/5pkgs/emot-menu/default.nix b/lass/5pkgs/emot-menu/default.nix
deleted file mode 100644
index 3ce635dac..000000000
--- a/lass/5pkgs/emot-menu/default.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ coreutils, dmenu, gnused, writeDashBin, writeText, xdotool }: let
-
- emoticons = writeText "emoticons" ''
-¯\(°_o)/¯ | dunno lol shrug dlol
-¯\_(ツ)_/¯ | dunno lol shrug dlol
-( ͡° ͜ʖ ͡°) | lenny
-¯\_( ͡° ͜ʖ ͡°)_/¯ | lenny shrug dlol
-( ゚д゚) | aaah sad noo
-ヽ(^o^)丿 | hi yay hello
-(^o^; | ups hehe
-(^∇^) | yay
-┗(`皿´)┛ | angry argh
-ヾ(^_^) byebye!! | bye
-<(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) | dance
-(-.-)Zzz... | sleep
-(∩╹□╹∩) | oh noes woot
-™ | tm
-ζ | zeta
-(╯°□°)╯ ┻━┻ | table flip
-(」゜ロ゜)」 | why woot
-(_゜_゜_) | gloom I see you
-༼ ༎ຶ ෴ ༎ຶ༽ | sad
-(\/) (°,,,,°) (\/) | krebs
- '';
-
-in
-writeDashBin "emoticons" ''
- set -efu
-
- data=$(${coreutils}/bin/cat ${emoticons})
- emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//')
- ${xdotool}/bin/xdotool type --clearmodifiers -- "$emoticon"
- exit 0
-''
diff --git a/lass/5pkgs/firefoxPlugins/noscript.nix b/lass/5pkgs/firefoxPlugins/noscript.nix
deleted file mode 100644
index 67a00a1b2..000000000
--- a/lass/5pkgs/firefoxPlugins/noscript.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ fetchgit, stdenv, bash, zip }:
-
-stdenv.mkDerivation rec {
- name = "noscript";
- id = "{73a6fe31-595d-460b-a920-fcc0f8843232}";
-
- src = fetchgit {
- url = "https://github.com/avian2/noscript";
- rev = "c900a079793868bb080ab1e23522d29dc121b4c6";
- sha256 = "1y06gh5a622yrsx0h7v92qnvdi97i54ln09zc1lvk8x430z5bdly";
- };
-
- buildInputs = [ zip ];
-
- patchPhase = ''
- substituteInPlace "version.sh" \
- --replace "/bin/bash" "${bash}/bin/bash"
- '';
-
- buildPhase = ''
- ./makexpi.sh
- '';
-
- installPhase = ''
- mkdir -p $out/
- cp *.xpi $out/${id}.xpi
- '';
-}
diff --git a/lass/5pkgs/firefoxPlugins/ublock.nix b/lass/5pkgs/firefoxPlugins/ublock.nix
deleted file mode 100644
index 29ef250e8..000000000
--- a/lass/5pkgs/firefoxPlugins/ublock.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ fetchgit, stdenv, bash, python, zip }:
-
-stdenv.mkDerivation rec {
- name = "ublock";
- id = "{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}";
-
- src = fetchgit {
- url = "https://github.com/chrisaljoudi/uBlock";
- rev = "a70a50052a7914cbf86d46a725812b98434d8c70";
- sha256 = "1qfzy79f8x01i33x0m95k833z1jgxjwb8wvlr6fj6id1kxfvzh77";
- };
-
- buildInputs = [
- zip
- python
- ];
-
- patchPhase = ''
- substituteInPlace "tools/make-firefox.sh" \
- --replace "/bin/bash" "${bash}/bin/bash"
- '';
-
- buildPhase = ''
- tools/make-firefox.sh all
- '';
-
- installPhase = ''
- mkdir -p $out/
- cp dist/build/uBlock.firefox.xpi $out/${id}.xpi
- '';
-}
diff --git a/lass/5pkgs/firefoxPlugins/vimperator.nix b/lass/5pkgs/firefoxPlugins/vimperator.nix
deleted file mode 100644
index dabef3d20..000000000
--- a/lass/5pkgs/firefoxPlugins/vimperator.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ fetchgit, stdenv, zip }:
-
-stdenv.mkDerivation rec {
- name = "vimperator";
- id = "vimperator@mozdev.org";
-
- src = fetchgit {
- url = "https://github.com/vimperator/vimperator-labs.git";
- rev = "ba7d8e72516fdc22246748c8183d7bc90f6fb073";
- sha256 = "0drz67qm5hxxzw699rswlpjkg4p2lfipx119pk1nyixrqblcsvq2";
- };
-
- buildInputs = [ zip ];
-
- installPhase = ''
- mkdir -p $out/
- cp downloads/vimperator*.xpi $out/${id}.xpi
- '';
-}
diff --git a/lass/5pkgs/graphml2json/default.nix b/lass/5pkgs/graphml2json/default.nix
deleted file mode 100644
index 6f06ded3d..000000000
--- a/lass/5pkgs/graphml2json/default.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ pkgs, ... }:
-pkgs.writers.writePython3Bin "graphml2json" { libraries = [ pkgs.python3Packages.networkx ]; } ''
- import networkx as nx
- import json
- import sys
-
-
- G = nx.read_graphml(sys.argv[1])
- data = nx.readwrite.json_graph.node_link_data(G)
-
- print(json.dumps(data, indent=2))
-''
diff --git a/lass/5pkgs/htmlparser/default.nix b/lass/5pkgs/htmlparser/default.nix
deleted file mode 100644
index 72bd3f437..000000000
--- a/lass/5pkgs/htmlparser/default.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ lib, buildGoModule, fetchFromGitHub }:
-
-buildGoModule rec {
- pname = "htmlparser";
- version = "v1.0.0";
-
- src = fetchFromGitHub {
- owner = "htmlparser";
- repo = "htmlparser";
- rev = "02f964ebd24c296dcfa56c357bb8dedde0f39757";
- sha256 = "1k19rdpjf5sdyjfl233y6bsfgkcnv799ivrh2vkw22almg4243ar";
- };
-
- vendorSha256 = "0qkd587z4n372y4lqyzjqc1qlsi3525ah99vdm5dqq4jidcd5h7w";
-}
diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix
deleted file mode 100644
index ee49951b1..000000000
--- a/lass/5pkgs/init/default.nix
+++ /dev/null
@@ -1,107 +0,0 @@
-{ pkgs, lib, vgname ? "vgname", luksmap ? "luksmap", ... }:
-
-with lib;
-
-pkgs.writeScriptBin "init" ''
- #!/usr/bin/env nix-shell
- #! nix-shell -i bash -p cryptsetup gptfdisk jq libxfs
- set -xefuo pipefail
-
- disk=$1
-
- if mount | grep -q "$disk"; then
- echo "target device is already mounted, bailout"
- exit 2
- fi
-
- bootdev="$disk"2
- luksdev="$disk"3
- luksmap=/dev/mapper/${luksmap}
-
- vgname=${vgname}
-
-
- rootdev=/dev/mapper/${vgname}-root
- homedev=/dev/mapper/${vgname}-home
-
- read -p "LUKS Password: " lukspw
-
- #
- # partitioning
- #
-
- # http://en.wikipedia.org/wiki/GUID_Partition_Table
- # undo:
- # dd if=/dev/zero bs=512 count=34 of=/dev/sda
- # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
- if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
- sgdisk -og "$disk"
- sgdisk -n 1:2048:4095 -c 1:"BIOS Boot Partition" -t 1:ef02 "$disk"
- sgdisk -n 2:4096:+1G -c 2:"EFI System Partition" -t 2:ef00 "$disk"
- sgdisk -n 3:0:0 -c 3:"LUKS container" -t 3:8300 "$disk"
- fi
-
- if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = "LUKS container"; then
- echo zonk2
- exit 23
- fi
-
- if ! cryptsetup isLuks "$luksdev"; then
- # aes xts-plain64
- echo -n "$lukspw" | cryptsetup luksFormat "$luksdev" - \
- -h sha512 \
- --iter-time 5000
- fi
-
- if ! test -e "$luksmap"; then
- echo "$lukspw" | cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" -
- fi
-
- if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
- pvcreate "$luksmap"
- fi
-
- if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi
-
- lvchange -a y /dev/mapper/"$vgname"
-
- if ! test -e "$rootdev"; then lvcreate -L 3G -n root "$vgname"; fi
-
- #
- # formatting
- #
-
- if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then
- mkfs.vfat "$bootdev"
- fi
-
- if ! test "$(blkid -o value -s TYPE "$rootdev")" = xfs; then
- mkfs.xfs "$rootdev"
- fi
-
- if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
- mkdir -p /mnt
- mount "$rootdev" /mnt
- fi
- if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
- mkdir -m 0000 -p /mnt/boot
- mount "$bootdev" /mnt/boot
- fi
-
- #
- # dependencies for stockholm
- #
-
- # TODO: get sentinal file from target_path
- mkdir -p /mnt/var/src
- touch /mnt/var/src/.populate
-
- #
- # print all the infos
- #
-
- gdisk -l "$disk"
- lsblk "$disk"
-
- echo READY.
-''
diff --git a/lass/5pkgs/init/run-vm.sh b/lass/5pkgs/init/run-vm.sh
deleted file mode 100755
index 13914ad5f..000000000
--- a/lass/5pkgs/init/run-vm.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env nix-shell
-#! nix-shell -i bash -p nixos-generators
-
-set -efu
-
-WD=$(dirname "$0")
-nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f vm-nogui --run
diff --git a/lass/5pkgs/init/test.nix b/lass/5pkgs/init/test.nix
deleted file mode 100644
index e76e7e009..000000000
--- a/lass/5pkgs/init/test.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- virtualisation.emptyDiskImages = [
- 8000
- ];
- virtualisation.memorySize = 1500;
- boot.tmpOnTmpfs = true;
-
- environment.systemPackages = [
- (pkgs.callPackage ./default.nix {})
- ];
- services.mingetty.autologinUser = lib.mkForce "root";
-}
diff --git a/lass/5pkgs/init/test.sh b/lass/5pkgs/init/test.sh
deleted file mode 100755
index 0ceaa73ca..000000000
--- a/lass/5pkgs/init/test.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/env nix-shell
-#! nix-shell -i bash -p nixos-generators
-
-set -xefu
-
-WD=$(realpath $(dirname "$0"))
-TMPDIR=$(mktemp -d)
-cd "$TMPDIR"
-nixos-generate -c "$WD"/test.nix -f vm-nogui --run "$@"
-cd -
-rm -r "$TMPDIR"
diff --git a/lass/5pkgs/install-system/default.nix b/lass/5pkgs/install-system/default.nix
deleted file mode 100644
index 0e13265f6..000000000
--- a/lass/5pkgs/install-system/default.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ pkgs }:
-pkgs.writers.writeDashBin "install-system" ''
- set -efux
- SYSTEM=$1
- TARGET=$2
- # format
- if ! (sshn "$TARGET" -- mountpoint /mnt); then
- if ! (sshn "$TARGET" -- type -p nix); then
- nix run github:numtide/nixos-remote -- --stop-after-disko --store-paths "$(nix-build --no-out-link -I stockholm="$HOME"/sync/stockholm -I nixos-config="$HOME"/sync/stockholm/lass/1systems/"$SYSTEM"/physical.nix '<nixpkgs/nixos>' -A config.system.build.diskoNoDeps)" /dev/null "$TARGET"
- else
- disko=$(nix-build -I stockholm=$HOME/sync/stockholm -I secrets=$HOME/sync/stockholm/lass/2configs/tests/dummy-secrets -I nixos-config=$HOME/sync/stockholm/lass/1systems/$SYSTEM/physical.nix '<nixpkgs/nixos>' -A config.system.build.disko)
- NIX_SSHOPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' nix-copy-closure --to "$TARGET" "$disko"
- sshn -t "$TARGET" -- "$disko"
- fi
- fi
-
- # install dependencies
- sshn "$TARGET" << SSH
- if ! type -p git; then
- nix-channel --update
- nix-env -iA nixos.git
- fi
- SSH
-
- # populate
- $(nix-build --no-out-link "$HOME"/sync/stockholm/lass/krops.nix -A populate --argstr name "$SYSTEM" --argstr target "$TARGET"/mnt/var/src --arg force true)
-
- # install
- sshn "$TARGET" << SSH
- NIXOS_CONFIG=/var/src/nixos-config nixos-install --no-root-password -I /mnt/var/src
- nixos-enter -- nixos-rebuild -I /var/src switch --install-bootloader
- umount -R /mnt
- zpool export -fa
- SSH
-''
diff --git a/lass/5pkgs/knav/default.nix b/lass/5pkgs/knav/default.nix
deleted file mode 100644
index 30d49a1b3..000000000
--- a/lass/5pkgs/knav/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ pkgs, ... }: let
-
- keynavrc = pkgs.writeText "keynavrc" ''
- clear
- Escape quit
- q record ~/.keynav_macros
- shift+at playback
- u history-back
- a cut-left
- s cut-down
- w cut-up
- d cut-right
- shift+a move-left
- shift+s move-down
- shift+w move-up
- shift+d move-right
- t windowzoom
- c cursorzoom 300 300
- e warp
- 1 click 1
- 2 click 2
- 3 click 3
- '';
-in pkgs.writeScriptBin "knav" ''
- ${pkgs.keynav}/bin/keynav "loadconfig ${keynavrc}, start"
-''
diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix
deleted file mode 100644
index 27e59bb96..000000000
--- a/lass/5pkgs/l-gen-secrets/default.nix
+++ /dev/null
@@ -1,82 +0,0 @@
-{ pkgs }:
-pkgs.writers.writeDashBin "l-gen-secrets" ''
- set -efu
- HOSTNAME=$1
- TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
- if [ "''${DRYRUN-n}" = "n" ]; then
- trap 'rm -rf $TMPDIR' EXIT
- else
- echo "$TMPDIR"
- set -x
- fi
- mkdir -p $TMPDIR/out
-
- PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
- HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null
-
- # ssh
- ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
- ${pkgs.coreutils}/bin/mv $TMPDIR/ssh.id_ed25519 $TMPDIR/out/
-
- # tor
- ${pkgs.coreutils}/bin/timeout 1 ${pkgs.tor}/bin/tor --HiddenServiceDir $TMPDIR/tor --HiddenServicePort 1 --SocksPort 0 >/dev/null || :
- ${pkgs.coreutils}/bin/mv $TMPDIR/tor/hs_ed25519_secret_key $TMPDIR/out/ssh-tor.priv
-
- # tinc
- ${pkgs.coreutils}/bin/mkdir -p $TMPDIR/tinc
- ${pkgs.tinc_pre}/bin/tinc --config $TMPDIR/tinc generate-keys 4096 </dev/null
- ${pkgs.coreutils}/bin/mv $TMPDIR/tinc/ed25519_key.priv $TMPDIR/out/retiolum.ed25519_key.priv
- ${pkgs.coreutils}/bin/mv $TMPDIR/tinc/rsa_key.priv $TMPDIR/out/retiolum.rsa_key.priv
-
- # wireguard
- ${pkgs.wireguard-tools}/bin/wg genkey > $TMPDIR/out/wiregrill.key
- ${pkgs.coreutils}/bin/cat $TMPDIR/out/wiregrill.key | ${pkgs.wireguard-tools}/bin/wg pubkey > $TMPDIR/wiregrill.pub
-
- # system passwords
- cat <<EOF > $TMPDIR/out/hashedPasswords.nix
- {
- root = "$HASHED_PASSWORD";
- mainUser = "$HASHED_PASSWORD";
- }
- EOF
-
- set +f
- if [ "''${DRYRUN-n}" = "n" ]; then
- cd $TMPDIR/out
- for x in *; do
- ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null
- done
- echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/pass > /dev/null
- ${pkgs.coreutils}/bin/cat $TMPDIR/tor/hostname | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/torname > /dev/null
- fi
- set -f
-
- cat <<EOF
- { r6, w6, ... }:
- {
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.changeme";
- ip6.addr = r6 "changeme";
- aliases = [
- "$HOSTNAME.r"
- ];
- tinc.pubkey = ${"''"}
- $(cat $TMPDIR/tinc/rsa_key.pub | sed 's/^/ /')
- ${"''"};
- tinc.pubkey_ed25519 = "$(cat $TMPDIR/tinc/ed25519_key.pub | ${pkgs.gnused}/bin/sed 's/.* = //')";
- };
- wiregrill = {
- ip6.addr = w6 "changeme";
- aliases = [
- "$HOSTNAME.w"
- ];
- wireguard.pubkey = ${"''"}
- $(cat $TMPDIR/wiregrill.pub)
- ${"''"};
- };
- };
- ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
- }
- EOF
-''
diff --git a/lass/5pkgs/logify/default.nix b/lass/5pkgs/logify/default.nix
deleted file mode 100644
index bca7e7971..000000000
--- a/lass/5pkgs/logify/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ curl, writeDashBin }:
-
-#usage: ping 8.8.8.8 |& logify -I
-writeDashBin "logify" ''
- date_args=''${@:--Is}
- while read line; do echo $(date "$date_args") $line; done
-''
diff --git a/lass/5pkgs/mk_sql_pair/default.nix b/lass/5pkgs/mk_sql_pair/default.nix
deleted file mode 100644
index 738a8daf6..000000000
--- a/lass/5pkgs/mk_sql_pair/default.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ pkgs, ... }:
-
-pkgs.writeScriptBin "mk_sql_pair" ''
- #!/bin/sh
-
- name=$1
- password=$2
-
- if [ $# -ne 2 ]; then
- echo '$1=name, $2=password'
- exit 23;
- fi
-
- cat <<EOF
- create database $name;
- create user $name;
- grant all on $name.* to $name@'localhost' identified by '$password';
- EOF
-''
diff --git a/lass/5pkgs/mpv-poll/default.nix b/lass/5pkgs/mpv-poll/default.nix
deleted file mode 100644
index ee191843e..000000000
--- a/lass/5pkgs/mpv-poll/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ pkgs, ... }:
-
-pkgs.writeScriptBin "mpv-poll" ''
- #! ${pkgs.bash}/bin/bash
-
- pl=$1
- hist=''${HISTORY:-"./mpv_history"}
- mpv_options=''${MPV_OPTIONS:-""}
-
- lastYT=""
-
- play_video () {
- toPlay=$1
- echo $toPlay >> $hist
- mpv $mpv_options $toPlay
- }
-
- if ! [ -e $hist ]; then
- touch $hist
- fi
-
- while :
- do
- if [ -s $pl ]; then
- toPlay=$(head -1 $pl)
- sed -i '1d' $pl
- if $(echo $toPlay | grep -Eq 'https?://(www.)?youtube.com/watch'); then
- lastYT=$toPlay
- fi
- play_video $toPlay
- else
- if [ -n "$lastYT" ]; then
- next=$(yt-next $lastYT)
- lastYT=$next
- play_video $next
- fi
- sleep 1
- fi
- done
-''
diff --git a/lass/5pkgs/nichtparasoup/default.nix b/lass/5pkgs/nichtparasoup/default.nix
deleted file mode 100644
index fcff7ad54..000000000
--- a/lass/5pkgs/nichtparasoup/default.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ stdenv, pkgs, ... }:
-let
- py = pkgs.python3Packages.python.withPackages (p: [
- p.werkzeug
- p.beautifulsoup4
- ]);
- src = pkgs.fetchFromGitHub {
- owner = "k4cg";
- repo = "nichtparasoup";
- rev = "c6dcd0d";
- sha256 = "10xy20bjdnd5bjv2hf6v5y5wi0mc9555awxkjqf57rk6ngc5w6ss";
- };
-in pkgs.writeDashBin "nichtparasoup" ''
- ${py}/bin/python ${src}/nichtparasoup.py "$@"
-''
diff --git a/lass/5pkgs/nichtparasoup/exception.patch b/lass/5pkgs/nichtparasoup/exception.patch
deleted file mode 100644
index 34c177de0..000000000
--- a/lass/5pkgs/nichtparasoup/exception.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/nichtparasoup.py b/nichtparasoup.py
-index 9da9a2b..833ca71 100755
---- a/nichtparasoup.py
-+++ b/nichtparasoup.py
-@@ -211,7 +211,7 @@ def cache_fill_loop():
- try:
- sources[crawler][site].crawl()
- info = Crawler.info()
-- except Exception, e:
-+ except Exception as e:
- logger.error("Error in crawler %s - %s: %s" % (crawler, site, e))
- break
-
diff --git a/lass/5pkgs/nix-index-update/default.nix b/lass/5pkgs/nix-index-update/default.nix
deleted file mode 100644
index 40be8d1a3..000000000
--- a/lass/5pkgs/nix-index-update/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs }:
-pkgs.writers.writeDashBin "nix-index-update" ''
- set -efux
- filename="index-$(uname -m)-$(uname | tr A-Z a-z)"
- mkdir -p ~/.cache/nix-index && cd ~/.cache/nix-index
- # -N will only download a new version if there is an update.
- ${pkgs.wget}/bin/wget -q -N https://github.com/Mic92/nix-index-database/releases/latest/download/$filename
- ln -f $filename files
-''
diff --git a/lass/5pkgs/nm-dmenu/default.nix b/lass/5pkgs/nm-dmenu/default.nix
deleted file mode 100644
index ff4ba1633..000000000
--- a/lass/5pkgs/nm-dmenu/default.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ pkgs, lib, ... }:
-
-pkgs.writeDashBin "nm-dmenu" ''
- export PATH=$PATH:${lib.makeBinPath [
- pkgs.dmenu
- pkgs.networkmanagerapplet
- pkgs.procps
- ]}
- exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"
-''
diff --git a/lass/5pkgs/otpmenu/default.nix b/lass/5pkgs/otpmenu/default.nix
deleted file mode 100644
index fffe47005..000000000
--- a/lass/5pkgs/otpmenu/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs }:
-pkgs.writers.writeDashBin "otpmenu" ''
-set -efux
-x=$(${pkgs.pass}/bin/pass git ls-files '*/otp.gpg' \
- | ${pkgs.gnused}/bin/sed 's:/otp\.gpg$::' \
- | ${pkgs.dmenu}/bin/dmenu
-)
-
-otp=$(${(pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))}/bin/pass otp code "$x/otp")
-printf %s "$otp" | ${pkgs.wtype}/bin/wtype -s 1 - || printf %s "$otp" | ${pkgs.xdotool}/bin/xdotool type -f -
-''
diff --git a/lass/5pkgs/pop/default.nix b/lass/5pkgs/pop/default.nix
deleted file mode 100644
index cec22e3b1..000000000
--- a/lass/5pkgs/pop/default.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ pkgs, ... }:
-
-pkgs.writeScriptBin "pop" ''
- #! ${pkgs.bash}/bin/bash
-
- file=$1
-
- head -1 $file
- sed -i 1d $file
-''
diff --git a/lass/5pkgs/q/default.nix b/lass/5pkgs/q/default.nix
deleted file mode 100644
index 9b834f0c4..000000000
--- a/lass/5pkgs/q/default.nix
+++ /dev/null
@@ -1,286 +0,0 @@
-{ pkgs, ... }:
-let
- q-cal = let
- # XXX 23 is the longest line of cal's output
- pad = ''{
- ${pkgs.gnused}/bin/sed '
- # rtrim
- s/ *$//
-
- # delete last empty line
- ''${/^$/d}
- ' \
- | ${pkgs.gawk}/bin/awk '{printf "%-23s\n", $0}' \
- | ${pkgs.gnused}/bin/sed '
- # colorize header
- 1,2s/.*/&/
-
- # colorize week number
- s/^[ 1-9][0-9]/&/
- '
- }'';
- in ''
- ${pkgs.coreutils}/bin/paste \
- <(${pkgs.util-linux}/bin/cal -mw \
- $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'last month') \
- | ${pad}
- ) \
- <(${pkgs.util-linux}/bin/cal -mw \
- | ${pkgs.gnused}/bin/sed '
- # colorize day of month
- s/\(^\| \)'"$(${pkgs.coreutils}/bin/date +%e)"'\>/&/
- ' \
- | ${pad}
- ) \
- <(${pkgs.util-linux}/bin/cal -mw \
- $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'next month') \
- | ${pad}
- ) \
- | ${pkgs.gnused}/bin/sed 's/\t/ /g'
- '';
-
- q-isodate = ''
- ${pkgs.coreutils}/bin/date \
- '+%Y-%m-%dT%H:%M:%S%:z'
- '';
-
- q-gitdir = ''
- if test -d .git; then
- #git status --porcelain
- branch=$(
- ${pkgs.git}/bin/git branch \
- | ${pkgs.gnused}/bin/sed -rn 's/^\* (.*)/\1/p'
- )
- echo "± $LOGNAME@''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)}:$PWD .git $branch"
- fi
- '';
-
- q-intel_backlight = ''
- cd /sys/class/backlight/intel_backlight
- </dev/null exec ${pkgs.gawk}/bin/awk '
- END {
- getline actual_brightness < "actual_brightness"
- getline max_brightness < "max_brightness"
- getline brightness < "brightness"
- printf "intel_backlight %d%% %d/%d\n" \
- , actual_brightness / max_brightness * 100 \
- , actual_brightness \
- , max_brightness
- }
- '
- '';
-
- q-power_supply = let
- power_supply = pkgs.writeBash "power_supply" ''
- set -efu
- uevent=$1
- eval "$(${pkgs.gnused}/bin/sed -n '
- s/^\([A-Z_]\+=[0-9A-Za-z_-]*\)$/export \1/p
- ' $uevent)"
- case $POWER_SUPPLY_NAME in
- AC)
- exit # not battery
- ;;
- esac
- exec </dev/null
- exec ${pkgs.gawk}/bin/awk '
- function die(s) {
- printf "%s: %s\n", name, s
- exit 1
- }
-
- function print_hm(h, m) {
- m = (h - int(h)) * 60
- return sprintf("%dh%dm", h, m)
- }
-
- function print_bar(n, r, t1, t2, t_col) {
- t1 = int(r * n)
- t2 = n - t1
- if (r >= .42) t_col = "1;32"
- else if (r >= 23) t_col = "1;33"
- else if (r >= 11) t_col = "1;31"
- else t_col = "5;1;31"
- return sgr(t_col) strdup("■", t1) sgr(";30") strdup("■", t2) sgr()
- }
-
- function sgr(p) {
- return "\x1b[" p "m"
- }
-
- function strdup(s,n,t) {
- t = sprintf("%"n"s","")
- gsub(/ /,s,t)
- return t
- }
-
- END {
- name = ENVIRON["POWER_SUPPLY_NAME"]
-
- charge_unit = "Ah"
- charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6
- charge_full = ENVIRON["POWER_SUPPLY_CHARGE_FULL"] / 10^6
-
- current_unit = "A"
- current_now = ENVIRON["POWER_SUPPLY_CURRENT_NOW"] / 10^6
-
- energy_unit = "Wh"
- energy_now = ENVIRON["POWER_SUPPLY_ENERGY_NOW"] / 10^6
- energy_full = ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6
-
- power_unit = "W"
- power_now = ENVIRON["POWER_SUPPLY_POWER_NOW"] / 10^6
-
- voltage_unit = "V"
- voltage_now = ENVIRON["POWER_SUPPLY_VOLTAGE_NOW"] / 10^6
- voltage_min_design = ENVIRON["POWER_SUPPLY_VOLTAGE_MIN_DESIGN"] / 10^6
-
- #printf "charge_now: %s\n", charge_now
- #printf "charge_full: %s\n", charge_full
- #printf "current_now: %s\n", current_now
- #printf "energy_now: %s\n", energy_now
- #printf "energy_full: %s\n", energy_full
- #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"]
- #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6
- #printf "power_now: %s\n", power_now
- #printf "voltage_now: %s\n", voltage_now
-
- if (current_now == 0 && voltage_now != 0) {
- current_now = power_now / voltage_now
- }
- if (power_now == 0) {
- power_now = current_now * voltage_now
- }
- if (charge_now == 0 && voltage_min_design != 0) {
- charge_now = energy_now / voltage_min_design
- }
- if (energy_now == 0) {
- energy_now = charge_now * voltage_min_design
- }
- if (charge_full == 0 && voltage_min_design != 0) {
- charge_full = energy_full / voltage_min_design
- }
- if (energy_full == 0) {
- energy_full = charge_full * voltage_min_design
- }
-
- if (charge_now == 0 || charge_full == 0) {
- die("unknown charge")
- }
-
- charge_ratio = charge_now / charge_full
-
- out = out name
- out = out sprintf(" %s", print_bar(10, charge_ratio))
- out = out sprintf(" %d%", charge_ratio * 100)
- out = out sprintf(" %.2f%s", charge_now, charge_unit)
- if (current_now != 0) {
- out = out sprintf("/%.1f%s", current_now, current_unit)
- }
- out = out sprintf(" %d%s", energy_full, energy_unit)
- if (power_now != 0) {
- out = out sprintf("/%.1f%s", power_now, power_unit)
- }
- if (current_now != 0) {
- out = out sprintf(" %s", print_hm(charge_now / current_now))
- }
-
- print out
- }
- '
- '';
- in ''
- for uevent in /sys/class/power_supply/*/uevent; do
- ${power_supply} "$uevent" || :
- done
- '';
-
- q-virtualization = ''
- echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)"
- '';
-
- q-wireless = ''
- for dev in $(
- ${pkgs.iw}/bin/iw dev \
- | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
- ); do
- inet=$(${pkgs.iproute2}/bin/ip addr show $dev \
- | ${pkgs.gnused}/bin/sed -n '
- s/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p
- ') \
- || unset inet
- ssid=$(${pkgs.iw}/bin/iw dev $dev link \
- | ${pkgs.gnused}/bin/sed -n '
- s/.*\tSSID: \(.*\)/\1/p
- ') \
- || unset ssid
- echo "$dev''${inet+ $inet}''${ssid+ $ssid}"
- done
- '';
-
- q-online = ''
- if ${pkgs.curl}/bin/curl -s google.com >/dev/null; then
- echo 'online'
- else
- echo offline
- fi
- '';
-
- q-thermal_zone = ''
- for i in /sys/class/thermal/thermal_zone*; do
- type=$(${pkgs.coreutils}/bin/cat $i/type)
- temp=$(${pkgs.coreutils}/bin/cat $i/temp)
- printf '%s %s°C\n' $type $(echo $temp / 1000 | ${pkgs.bc}/bin/bc)
- done
- '';
-
- q-todo = ''
- TODO_file=$HOME/TODO
- if test -e "$TODO_file"; then
- ${pkgs.coreutils}/bin/cat "$TODO_file" \
- | ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) '
- BEGIN { print "remind=0" }
- /^[0-9]/{
- x = $1
- gsub(".", "\\\\&", x)
- rest = substr($0, index($0, " "))
- rest = $0
- sub(" *", "", rest)
- gsub(".", "\\\\&", rest)
- print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \
- echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \
- (( remind++ ))"
- }
- END { print "test $remind = 0 && echo \"nothing to remind\"" }
- ' \
- | {
- # bash needed for (( ... ))
- ${pkgs.bash}/bin/bash
- }
- else
- echo "$TODO_file: no such file or directory"
- fi
- '';
-
-in
-# bash needed for <(...)
-pkgs.writeBashBin "q" ''
- set -eu
- export PATH=/var/empty
- (${q-todo}) || :
- if [ "$PWD" != "$HOME" ]; then
- (HOME=$PWD; ${q-todo}) || :
- fi
- echo
- ${q-cal}
- echo
- ${q-isodate}
- (${q-gitdir}) &
- (${q-intel_backlight}) &
- (${q-power_supply}) &
- (${q-virtualization}) &
- (${q-wireless}) &
- (${q-online}) &
- (${q-thermal_zone}) &
- wait
-''
diff --git a/lass/5pkgs/review-mail-queue/default.nix b/lass/5pkgs/review-mail-queue/default.nix
deleted file mode 100644
index c8c66706c..000000000
--- a/lass/5pkgs/review-mail-queue/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ pkgs }: let
-
- review = pkgs.writers.writeBash "review-mail" ''
- mail="$1"
- ${pkgs.exim}/bin/exim -Mvc "$mail" | grep -E 'Subject:|To:'
- ${pkgs.exim}/bin/exim -Mvl "$mail"
- while :; do
- read -p 'delete?' key
- case "$key" in
- v*)
- ${pkgs.exim}/bin/exim -Mvc "$mail"
- ;;
- d*)
- ${pkgs.exim}/bin/exim -Mrm "$mail"
- break
- ;;
- r*)
- ${pkgs.exim}/bin/exim -Mt "$mail"
- break
- ;;
- n*)
- break
- ;;
- esac
- done
- echo '-------------------'
- echo '-------------------'
- echo '-------------------'
- echo '-------------------'
- echo '-------------------'
- '';
-
-in pkgs.writers.writeBashBin "review-mail" ''
- for mail in $(${pkgs.exim}/bin/exim -bp \
- | ${pkgs.gnugrep}/bin/grep frozen \
- | ${pkgs.gawk}/bin/awk '{print $3}'); do
- ${review} "$mail"
- done
-''
diff --git a/lass/5pkgs/rs/default.nix b/lass/5pkgs/rs/default.nix
deleted file mode 100644
index 6b27908fb..000000000
--- a/lass/5pkgs/rs/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ pkgs, ... }:
-
-#TODO: get tab-completion working again
-pkgs.writeBashBin "rs" ''
- rsync -vaP --append-verify "$@"
-''
diff --git a/lass/5pkgs/searx/default.nix b/lass/5pkgs/searx/default.nix
deleted file mode 100644
index e5ce5788a..000000000
--- a/lass/5pkgs/searx/default.nix
+++ /dev/null
@@ -1,69 +0,0 @@
-{ lib, nixosTests, python3, python3Packages, fetchFromGitHub, fetchpatch }:
-
-with python3Packages;
-
-toPythonModule (buildPythonApplication rec {
- pname = "searx";
- version = "1.0.0";
-
- # Can not use PyPI because certain test files are missing.
- src = fetchFromGitHub {
- owner = "searx";
- repo = "searx";
- rev = "v${version}";
- sha256 = "0ghkx8g8jnh8yd46p4mlbjn2zm12nx27v7qflr4c8xhlgi0px0mh";
- };
-
- postPatch = ''
- sed -i 's/==.*$//' requirements.txt
- '';
-
- preBuild = ''
- export SEARX_DEBUG="true";
- '';
-
- propagatedBuildInputs = [
- Babel
- certifi
- dateutil
- flask
- flaskbabel
- gevent
- grequests
- jinja2
- langdetect
- lxml
- ndg-httpsclient
- pyasn1
- pyasn1-modules
- pygments
- pysocks
- pytz
- pyyaml
- requests
- speaklater
- werkzeug
- ];
-
- # tests try to connect to network
- doCheck = false;
- # checkInputs = [
- # Babel mock nose2 covCore pep8 plone-testing splinter
- # unittest2 zope_testrunner selenium
- # ];
-
- postInstall = ''
- # Create a symlink for easier access to static data
- mkdir -p $out/share
- ln -s ../${python3.sitePackages}/searx/static $out/share/
- '';
-
- passthru.tests = { inherit (nixosTests) searx; };
-
- meta = with lib; {
- homepage = "https://github.com/searx/searx";
- description = "A privacy-respecting, hackable metasearch engine";
- license = licenses.agpl3Plus;
- maintainers = with maintainers; [ matejc fpletz globin danielfullmer ];
- };
-})
diff --git a/lass/5pkgs/sshify/default.nix b/lass/5pkgs/sshify/default.nix
deleted file mode 100644
index 445b9b4aa..000000000
--- a/lass/5pkgs/sshify/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ pkgs }:
-# usage: sshify prism.r -- curl ifconfig.me
-pkgs.writers.writeBashBin "sshify" ''
- set -efu
-
- TMPDIR=$(mktemp -d)
-
- SSH_ARGS=()
-
- while [[ "$#" -gt 0 ]]; do
- case $1 in
- --)
- shift
- break
- ;;
- *)
- SSH_ARGS+=($1)
- ;;
- esac
- shift
- done
-
- if [[ "$#" -le 0 ]]; then
- echo no command specified
- exit 1
- fi
-
- RANDOM_HIGH_PORT=$(shuf -i 20000-65000 -n 1)
-
- cat << EOF >$TMPDIR/proxychains.conf
- [ProxyList]
- socks4 127.0.0.1 $RANDOM_HIGH_PORT
- EOF
-
- ssh -fNM -S "$TMPDIR/socket" -D "$RANDOM_HIGH_PORT" "''${SSH_ARGS[@]}"
- trap "ssh -S $TMPDIR/socket -O exit bla 2>/dev/null; rm -rf $TMPDIR >&2" EXIT
-
- ${pkgs.proxychains-ng}/bin/proxychains4 -q -f "$TMPDIR/proxychains.conf" "$@"
-''
diff --git a/lass/5pkgs/sshvnc/default.nix b/lass/5pkgs/sshvnc/default.nix
deleted file mode 100644
index f66ed1b0d..000000000
--- a/lass/5pkgs/sshvnc/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs }:
-pkgs.writers.writeBashBin "sshvnc" ''
- set -xm
-
- RANDOM_HIGH_PORT=$(shuf -i 20000-65000 -n 1)
- ssh "$@" -f -L $RANDOM_HIGH_PORT:localhost:$RANDOM_HIGH_PORT -- x11vnc -noxdamage -noxfixes -noxrecord -display :0 -localhost -rfbport $RANDOM_HIGH_PORT
-
- sleep 3
-
- _JAVA_AWT_WM_NONREPARENTING=1 ${pkgs.turbovnc}/bin/vncviewer localhost:$RANDOM_HIGH_PORT
-''
diff --git a/lass/5pkgs/super-vnc/default.nix b/lass/5pkgs/super-vnc/default.nix
deleted file mode 100644
index ce0e3aaa7..000000000
--- a/lass/5pkgs/super-vnc/default.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ pkgs, lib }: let
-
- quoteChar = c:
- if c == "\n" then "'\n'"
- else c;
- quote = x: if x == "" then "''" else lib.stringAsChars quoteChar x;
-
-in pkgs.writers.writeDashBin "super-vnc" ''
- PATH=${lib.makeBinPath (with pkgs; [
- xorg.xrandr gnugrep coreutils xorg.xorgserver gnused openssh gawk tightvnc
- ])}
- remote=$1
- res_x=$(xrandr --current | grep '*' | uniq | awk '{print $1}' | cut -d 'x' -f1)
- res_y=$(xrandr --current | grep '*' | uniq | awk '{print $1}' | cut -d 'x' -f2)
- export modeline="$(gtf "$res_x" "$res_y" 60 | sed -n 's/.*Modeline "\([^" ]\+\)" \(.*\)/\1 \2/p')"
- export name="$(echo "$modeline" | sed 's/\([^ ]\+\) .*/\1/')"
- export vncline="''${res_x}x''${res_y}+0+0"
-
- if [ -z "$modeline" -o -z "$name" ]; then
- echo "Error! modeline=$modeline name=$name"
- exit 1
- fi
-
- echo $modeline
-
- # TODO user random highport
- ssh "$remote" -L 5900:localhost:55900 bash <<EOF
-set -x
-export DISPLAY=:0
-export output=\$(xrandr | grep disconnected | tail -1 | cut -d' ' -f1)
-xrandr --newmode $modeline
-xrandr --verbose --addmode "\$output" "$name"
-xrandr --output "\$output" --off
-xrandr --verbose --output "\$output" --mode "$name" --right-of "\$(xrandr | grep primary | cut -d ' ' -f1)"
-EOF
- sleep 2
- vncviewer localhost:55900
-''
diff --git a/lass/5pkgs/sxiv/default.nix b/lass/5pkgs/sxiv/default.nix
deleted file mode 100644
index 04fc1c3f6..000000000
--- a/lass/5pkgs/sxiv/default.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ nsxiv, writers }:
-
-writers.writeDashBin "sxiv" ''
- set -efu
- tmpfile="''${TMPDIR:-/tmp}/nsxiv_pipe_$$"
- trap 'rm -f -- $tmpfile' EXIT
-
- if [ "$#" -eq 0 ]; then
- if [ -t 0 ]; then
- echo "sxiv: No arguments provided" >&2; exit 1
- else
- # Consume stdin and put it in the temporal file
- cat > "$tmpfile"
- fi
- fi
-
- for arg in "$@"; do
- # if it's a pipe then drain it to $tmpfile
- [ -p "$arg" ] && cat "$arg" > "$tmpfile"
- done
-
- if [ -s "$tmpfile" ]; then
- ${nsxiv}/bin/nsxiv -q "$@" "$tmpfile" # -q to silence warnings
- else
- ${nsxiv}/bin/nsxiv "$@" # fallback
- fi
-''
diff --git a/lass/5pkgs/tdlib-purple/default.nix b/lass/5pkgs/tdlib-purple/default.nix
deleted file mode 100644
index d7937da58..000000000
--- a/lass/5pkgs/tdlib-purple/default.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{ stdenv, pkgs, fetchFromGitHub, cmake, pidgin, libwebp, libtgvoip } :
-
-let
-
- tdlib = stdenv.mkDerivation rec {
- version = "1.6.0";
- pname = "tdlib";
-
- src = fetchFromGitHub {
- owner = "tdlib";
- repo = "td";
- rev = "v${version}";
- sha256 = "0zlzpl6fgszg18kwycyyyrnkm255dvc6fkq0b0y32m5wvwwl36cv";
- };
-
- buildInputs = with pkgs; [ gperf openssl readline zlib ];
- nativeBuildInputs = [ pkgs.cmake ];
-
- };
-
-in stdenv.mkDerivation rec {
- pname = "tdlib-purple";
- version = "0.7.8";
-
- src = fetchFromGitHub {
- owner = "ars3niy";
- repo = pname;
- rev = "v${version}";
- sha256 = "17g54mcxsidcx37l6m4p8i06ln1hvq3347dhdl9xkkn7pqpwvv1c";
- };
-
- cmakeFlags = [
- "-Dtgvoip_INCLUDE_DIRS=${libtgvoip.dev}/include/tgvoip"
- ];
-
- nativeBuildInputs = [ cmake ];
- buildInputs = [ pidgin tdlib libwebp libtgvoip ];
-
- installPhase = ''
- mkdir -p $out/lib/purple-2/
- cp *.so $out/lib/purple-2/
- '';
-
- meta = with stdenv.lib; {
- homepage = "https://github.com/ars3niy/tdlib-purple";
- description = "New libpurple plugin for Telegram";
- license = licenses.gpl2;
- maintainers = [ maintainers.lassulus ];
- platforms = platforms.linux;
- };
-}
diff --git a/lass/5pkgs/unimenu/default.nix b/lass/5pkgs/unimenu/default.nix
deleted file mode 100644
index cf2a15277..000000000
--- a/lass/5pkgs/unimenu/default.nix
+++ /dev/null
@@ -1,101 +0,0 @@
-{
- lib,
- runCommand,
- fetchurl,
- writeText,
- writers,
- coreutils,
- dmenu,
- gnused,
- libnotify,
- xclip,
- xdotool,
- gawk,
-}: let
- unicode-file = runCommand "unicode.txt" {} ''
- ${
- writers.writePython3 "generate.py" {flakeIgnore = ["E501" "E722"];} ''
- import csv
-
- with open("${
- fetchurl {
- url = "https://unicode.org/Public/UCD/latest/ucd/UnicodeData.txt";
- sha256 = "sha256-NgGOaGV/3LNIX2NmMP/oyFMuAcl3cD0oA/W4nWxf6vs=";
- }
- }", "r") as unicode_data:
- reader = csv.reader(unicode_data, delimiter=";")
- next(reader) # skip first row containing \0
- for row in reader:
- codepoint = row[0]
- name = row[1]
- alternate_name = row[10]
- try:
- print(chr(int(codepoint, 16)), codepoint, name, alternate_name, sep=" ")
- except:
- continue
- ''
- } > $out
- '';
- kaomoji-file = writeText "kaomoji.txt" ''
- ¯\(°_o)/¯ dunno lol shrug dlol
- ¯\_(ツ)_/¯ dunno lol shrug dlol
- ( ͡° ͜ʖ ͡°) lenny
- ¯\_( ͡° ͜ʖ ͡°)_/¯ lenny shrug dlol
- ( ゚д゚) aaah sad noo
- ヽ(^o^)丿 hi yay hello
- (^o^: ups hehe
- (^∇^) yay
- ┗(`皿´)┛ angry argh
- ヾ(^_^) byebye!! bye
- <(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) dance
- (-.-)Zzz... sleep
- (∩╹□╹∩) oh noes woot
- (╯°□°)╯ ┻━┻ table flip
- (」゜ロ゜)」 why woot
- (_゜_゜_) gloom I see you
- ༼ ༎ຶ ෴ ༎ຶ༽ sad
- (\/) (°,,,,°) (\/) krebs
- ┳━┳ ヽ(ಠل͜ಠ)ノ putting table back
- ┻━┻︵ \(°□°)/ ︵ ┻━┻ flip all dem tablez
- (`・ω・´) bear look
- ᕦ(ຈل͜ຈ)ᕤ strong flex muscle bicep
- ᕦ(ò_óˇ)ᕤ strong flex muscle bicep
- (๑>ᴗ<๑) excite
- (∩ ` -´)⊃━━☆゚.*・。゚ wizard spell magic
- ╰( ͡° ͜ʖ ͡° )つ──☆*:・゚ wizard spell magic
- ◕ ◡ ◕ puss in boots big eye
- ≋≋≋≋≋̯̫⌧̯̫(ˆ•̮ ̮•ˆ) nyan cat
- ʕ•ᴥ•ʔ bear
- (ԾɷԾ) adventure time
- (⁀ᗢ⁀) happy yay
- (≧◡≦) happy yay
- \(º □ º )/ panic
- 𓂺 penis
- 𓂸 penis
- __〆( ̄ー ̄ ) write down
- __〆(º □ º) write down
- __〆(^_^) write down
- C= C= C= C= C=┌(;・ω・)┘ running fast here
- ▓▒░(°◡°)░▒▓ dont care
- (๑ᵔ⤙ᵔ๑) nom food eating
- (·•᷄ࡇ •᷅ ) ohoh sad
- ᕕ( ᐛ )ᕗ hehe lol letsgo
- (^_~) wink
- '';
-in
- # ref https://github.com/LukeSmithxyz/voidrice/blob/9fe6802122f6e0392c7fe20eefd30437771d7f8e/.local/bin/dmenuunicode
- writers.writeDashBin "unimenu" ''
- history_file=$HOME/.cache/unimenu
- PATH=${lib.makeBinPath [coreutils dmenu gnused libnotify xclip xdotool]}
- chosen=$(cat "$history_file" ${kaomoji-file} ${unicode-file} | dmenu -p unicode -i -l 10 | tee --append "$history_file" | sed "s/ .*//")
-
- [ "$chosen" != "" ] || exit
-
- echo "$chosen" | tr -d '\n' | xclip -selection clipboard
-
- if [ -n "$1" ]; then
- xdotool key Shift+Insert
- else
- notify-send --app-name="$(basename "$0")" "'$chosen' copied to clipboard." &
- fi
- ''
diff --git a/lass/5pkgs/urban/default.nix b/lass/5pkgs/urban/default.nix
deleted file mode 100644
index fb8adaed9..000000000
--- a/lass/5pkgs/urban/default.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ pkgs, ... }:
-
-pkgs.writeScriptBin "urban" ''
- #!/bin/sh
- set -euf
- term=$1
- curl -LsS 'http://www.urbandictionary.com/define.php?term='"$term" \
- | sed 's/<\/\?a\>[^>]*>//g' \
- | sed 's/<\([^>]*\)>/\n<\1\n/g' \
- | grep . \
- | sed -n '/<div class=.meaning./,/<\/div/p' \
- | sed 's/<div class=.meaning./-----/' \
- | grep -v '^</div\>' \
- | grep -v '^<br\>' \
- | sed '
- s/&quot;/"/g
- s/&#39;/'\'''/g
- s/&gt;/>/g
- s/&lt;/>/g
- '
-''
diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix
deleted file mode 100644
index 20c546dbb..000000000
--- a/lass/5pkgs/xephyrify/default.nix
+++ /dev/null
@@ -1,62 +0,0 @@
-{ writeDashBin, writeHaskellPackage, coreutils, xorg, virtualgl, ... }:
-
-let
-
- xephyrify-xmonad = writeHaskellPackage "xephyrify-xmonad" {
- executables.xmonad = {
- extra-depends = [
- "containers"
- "unix"
- "xmonad"
- ];
- text = /* haskell */ ''
- module Main where
- import XMonad
- import Data.Monoid
- import System.Posix.Process (executeFile)
- import qualified Data.Map as Map
-
- main :: IO ()
- main = do
- xmonad def
- { workspaces = [ "1" ]
- , layoutHook = myLayoutHook
- , keys = myKeys
- , normalBorderColor = "#000000"
- , focusedBorderColor = "#000000"
- , handleEventHook = myEventHook
- }
-
- myEventHook :: Event -> X All
-
- myEventHook (ConfigureEvent { ev_event_type = 22 }) = do
- spawn "${xorg.xrandr}/bin/xrandr >/dev/null 2>&1"
- return (All True)
-
- myEventHook _ = do
- return (All True)
-
- myLayoutHook = Full
- myKeys _ = Map.fromList []
- '';
- };
- };
-
-in writeDashBin "xephyrify" ''
- NDISPLAY=''${NDISPLAY:-$(${coreutils}/bin/shuf -i 100-65536 -n 1)}
- echo "using DISPLAY $NDISPLAY"
- ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -dpi 60 -nolisten local :$NDISPLAY &
- if test -n $DROP_TO_USER; then
- sleep 1
- ls /tmp/.X11-unix/
- id
- ${coreutils}/bin/chgrp "$DROP_TO_USER" "/tmp/.X11-unix/X$NDISPLAY"
- ${coreutils}/bin/chmod 770 "/tmp/.X11-unix/X$NDISPLAY"
- fi
- XEPHYR_PID=$!
- DISPLAY=:$NDISPLAY ${xephyrify-xmonad}/bin/xmonad &
- XMONAD_PID=$!
- DISPLAY=:$NDISPLAY ${virtualgl}/bin/vglrun "$@"
- kill $XMONAD_PID
- kill $XEPHYR_PID
-''
diff --git a/lass/5pkgs/xml2json/default.nix b/lass/5pkgs/xml2json/default.nix
deleted file mode 100644
index 78690d4b7..000000000
--- a/lass/5pkgs/xml2json/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ pkgs, ... }:
-let
- pp = pkgs.python35Packages;
-in pp.buildPythonPackage rec {
- name = "xml2json-${version}";
- version = "22ffcd";
- propagatedBuildInputs = [
- pp.simplejson
- ];
- src = pkgs.fetchFromGitHub {
- owner = "hay";
- repo = "xml2json";
- rev = "${version}";
- sha256 = "1snjd6q6bk517350gdrl8kkphkra0iaz56i583h2q57ab09r29vc";
- };
- doCheck = false;
-}
diff --git a/lass/5pkgs/xonsh2/default.nix b/lass/5pkgs/xonsh2/default.nix
deleted file mode 100644
index d55d22445..000000000
--- a/lass/5pkgs/xonsh2/default.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-{ lib, stdenv
-, fetchFromGitHub
-, python39Packages
-, glibcLocales
-, coreutils
-, git
-, extraInputs ? []
-}: let
-
- python3Packages = python39Packages;
-
-in python3Packages.buildPythonApplication rec {
- pname = "xonsh2";
- version = "master";
-
- # fetch from github because the pypi package ships incomplete tests
- src = fetchFromGitHub {
- owner = "anki-code";
- repo = "xonsh2";
- rev = "bd96fcdce9319ab6b90c7d9ac47d2249b61144d0";
- sha256 = "0b632rac8macfp2mmvhh1f34cf1m5qfpjajwnf676qk7jzn79vx6";
- };
-
- LC_ALL = "en_US.UTF-8";
-
- postPatch = ''
- sed -ie 's|/usr/bin/env|${coreutils}/bin/env|' scripts/xon.sh
- find scripts -name 'xonsh*' -exec sed -i -e "s|env -S|env|" {} \;
- find -name "*.xsh" | xargs sed -ie 's|/usr/bin/env|${coreutils}/bin/env|'
- patchShebangs .
- '';
-
- doCheck = false;
-
- checkPhase = ''
- HOME=$TMPDIR pytest -k 'not test_repath_backslash and not test_os and not test_man_completion and not test_builtins and not test_main and not test_ptk_highlight and not test_pyghooks'
- HOME=$TMPDIR pytest -k 'test_builtins or test_main' --reruns 5
- HOME=$TMPDIR pytest -k 'test_ptk_highlight'
- '';
-
- checkInputs = [ python3Packages.pytest python3Packages.pytest-rerunfailures glibcLocales git ];
-
- propagatedBuildInputs = with python3Packages; [ ply prompt_toolkit pygments ] ++ extraInputs;
-
- meta = with lib; {
- description = "A Python-ish, BASHwards-compatible shell";
- homepage = "https://xon.sh/";
- # changelog = "https://github.com/xonsh/xonsh/releases/tag/${version}";
- license = licenses.bsd3;
- platforms = platforms.all;
- };
-
- passthru = {
- shellPath = "/bin/xonsh2";
- };
-}
diff --git a/lass/5pkgs/yt-next/default.nix b/lass/5pkgs/yt-next/default.nix
deleted file mode 100644
index 8132b4f05..000000000
--- a/lass/5pkgs/yt-next/default.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ pkgs, ... }:
-
-pkgs.writeScriptBin "yt-next" ''
- #! ${pkgs.bash}/bin/bash
-
- vid=$1
- num=''${NUM:-1}
-
- curl -Ls $1 \
- | grep 'href="/watch?v=' \
- | head -n$num \
- | sed 's,.*href="\([^"]*\)".*,https://youtube.com\1,'
-''
diff --git a/lass/default.nix b/lass/default.nix
deleted file mode 100644
index d077cc09f..000000000
--- a/lass/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, ... }:
-{
- imports = [
- ../krebs
- ./2configs
- ./3modules
- ];
- nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
-}
diff --git a/lass/krops.nix b/lass/krops.nix
deleted file mode 100644
index 407df3bc6..000000000
--- a/lass/krops.nix
+++ /dev/null
@@ -1,145 +0,0 @@
-{ name }: let
- inherit (import ../krebs/krops.nix { inherit name; })
- krebs-source
- lib
- pkgs
- ;
-
- source = { test }: lib.evalSource ([
- (krebs-source { test = test; })
- {
- nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
- nixpkgs = lib.mkForce (if test then {
- derivation = let
- rev = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
- sha256 = (lib.importJSON ../krebs/nixpkgs-unstable.json).sha256;
- in ''
- with import (builtins.fetchTarball {
- url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
- sha256 = "${sha256}";
- }) {};
- pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = "${rev}";
- sha256 = "${sha256}";
- }
- '';
- } else {
- git = {
- ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
- url = https://github.com/NixOS/nixpkgs;
- shallow = true;
- };
- });
- secrets = if test then {
- file = toString ./2configs/tests/dummy-secrets;
- } else {
- pass = {
- dir = "${lib.getEnv "HOME"}/sync/pwstore";
- name = "hosts/${name}";
- };
- };
- stockholm.file = lib.mkForce {
- path = toString ../.;
- useChecksum = true;
- };
- }
- (if lib.pathExists (./. + "/1systems/${name}/source.nix") then
- import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs test; }
- else
- {}
- )
- ]);
-
-in {
-
- deploy = { target ? "root@${name}/var/src", offline ? false, command ? "switch" }: pkgs.krops.writeCommand "deploy" {
- command = targetPath: ''
-
- set -xfu
-
- outDir=$(mktemp -d)
- trap "rm -rf $outDir;" INT TERM EXIT
-
- build=$(command -v nom-build || echo "nix-build")
-
- $build \
- -I "${targetPath}" \
- '<nixpkgs/nixos>' -A config.system.build.toplevel \
- -o "$outDir/out" \
- ${lib.optionalString offline "--option substitute false"} \
- # -vvvvv --show-trace
-
- nix-env -p /nix/var/nix/profiles/system --set "$outDir/out"
-
- "$outDir/out/bin/switch-to-configuration" ${command}
- '';
- source = source { test = false; };
- allocateTTY = true;
- backup = false;
- inherit target;
- };
-
- deployWithFlake = { target ? "root@${name}/var/src", offline ? false }: pkgs.krops.writeCommand "deploy" {
- source = {
- inherit (source { test = false; }) stockholm secrets;
- };
- command = targetPath: ''
- '';
- allocateTTY = true;
- inherit target;
- };
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate)
- populate = { target, force ? false }: pkgs.populate {
- inherit force;
- source = source { test = false; };
- target = lib.mkTarget target;
- };
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
- test = { target }: pkgs.krops.writeTest "${name}-test" {
- force = true;
- inherit target;
- source = source { test = true; };
- };
-
- deploy-with-diff = { target ? "root@${name}/var/src" }: pkgs.krops.writeCommand "${name}-deploy" {
- command = targetPath: ''
- set -xu
- deployScript=$(mktemp)
- cat << EOF > "$deployScript"
- #! /usr/bin/env nix-shell
- #! nix-shell -p nix-diff proot rsync -i bash
- set -xfu
-
- oldPath=\$(echo "${targetPath}" | sed 's/-new$//')
- oldSystemDrv=\$(nix show-derivation /run/current-system | jq -r 'keys[0]')
- newSystemDrv=\$(proot -b /var/src-new:/var/src nix-instantiate -I /var/src '<nixpkgs/nixos>' -A config.system.build.toplevel)
-
- (
- diff -rq -x '.git' "\$oldPath" "${targetPath}"
- nix-diff --color always --line-oriented "\$oldSystemDrv" "\$newSystemDrv"
- ) | less -R
- echo 'continue? [(Y)es]/(n)o'
- read yn
- case \$yn in
- [Nn]* ) exit;;
- esac
- rsync -ra --delete /var/src-new/ /var/src/
- nixos-rebuild -I /var/src switch
- EOF
-
- chmod +x "$deployScript"
- echo "$deployScript"
- cat "$deployScript"
- exec "$deployScript"
- rm "$deployScript"
- '';
- target = "${target}-new";
- source = source { test = false; };
- force = true;
- allocateTTY = true;
- };
-}
diff --git a/lass/tombstone b/lass/tombstone
new file mode 100644
index 000000000..e3b051963
--- /dev/null
+++ b/lass/tombstone
@@ -0,0 +1 @@
+this config has been moved to https://github.com/lassulus/superconfig for now
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-16 18:20:57 +0000
[cgit] Unable to lock slot /tmp/cgit/b3000000.lock: No such file or directory (2)