diff options
Diffstat (limited to 'lass')
57 files changed, 1448 insertions, 442 deletions
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index a3cc9d7b3..5aa35f5a7 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -13,7 +13,6 @@ in { ../2configs/retiolum.nix ../2configs/git.nix ../2configs/realwallpaper.nix - ../2configs/realwallpaper-server.nix ../2configs/privoxy-retiolum.nix { networking.interfaces.enp2s1.ip4 = [ diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index b5e551952..ec9f53694 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -5,7 +5,7 @@ ../. <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/default.nix - ../2configs/exim-retiolum.nix + #../2configs/exim-retiolum.nix ../2configs/git.nix { boot.loader.grub = { @@ -63,6 +63,35 @@ { predicate = "-p tcp --dport https"; target = "ACCEPT"; } ]; } + { + #TODO: abstract & move to own file + krebs.exim-smarthost = { + enable = true; + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + config.krebs.hosts.mors + config.krebs.hosts.uriel + config.krebs.hosts.helios + ]; + system-aliases = [ + { from = "mailer-daemon"; to = "postmaster"; } + { from = "postmaster"; to = "root"; } + { from = "nobody"; to = "root"; } + { from = "hostmaster"; to = "root"; } + { from = "usenet"; to = "root"; } + { from = "news"; to = "root"; } + { from = "webmaster"; to = "root"; } + { from = "www"; to = "root"; } + { from = "ftp"; to = "root"; } + { from = "abuse"; to = "root"; } + { from = "noc"; to = "root"; } + { from = "security"; to = "root"; } + { from = "root"; to = "lass"; } + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.dishfire; diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 97734a7bd..8d944ed40 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -11,7 +11,7 @@ in { ../2configs/default.nix ../2configs/exim-retiolum.nix ../2configs/retiolum.nix - ../2configs/realwallpaper-server.nix + ../2configs/realwallpaper.nix ../2configs/privoxy-retiolum.nix ../2configs/git.nix #../2configs/redis.nix diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index a7a1fd253..f26f0ed5f 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -3,6 +3,7 @@ { imports = [ ../. + ../2configs/hw/tp-x220.nix ../2configs/baseX.nix ../2configs/exim-retiolum.nix ../2configs/programs.nix @@ -14,22 +15,18 @@ ../2configs/elster.nix ../2configs/steam.nix ../2configs/wine.nix - #../2configs/texlive.nix - ../2configs/binary-caches.nix - #../2configs/ircd.nix ../2configs/chromium-patched.nix ../2configs/git.nix - #../2configs/wordpress.nix ../2configs/bitlbee.nix - #../2configs/firefoxPatched.nix ../2configs/skype.nix ../2configs/teamviewer.nix ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix - ../2configs/cbase.nix + ../2configs/c-base.nix ../2configs/mail.nix ../2configs/krebs-pass.nix - #../2configs/buildbot-standalone.nix + ../2configs/umts.nix + ../2configs/repo-sync.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ @@ -57,17 +54,10 @@ # package = pkgs.postgresql; # }; #} - { - } ]; krebs.build.host = config.krebs.hosts.mors; - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - boot = { loader.grub.enable = true; loader.grub.version = 2; @@ -77,7 +67,6 @@ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; }; fileSystems = { "/" = { @@ -131,8 +120,8 @@ }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0" ''; #TODO activationScripts seem broken, fix them! @@ -146,7 +135,7 @@ #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp] #echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control' #Autosuspend for USB device Biometric Coprocessor - echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' + #echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' #Runtime PMs echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' @@ -168,22 +157,6 @@ echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' ''; - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - environment.systemPackages = with pkgs; [ acronym cac-api @@ -214,15 +187,11 @@ }; }; - services.mongodb = { - enable = true; + krebs.repo-sync.timerConfig = { + OnCalendar = "00:37"; }; - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } - ]; - }; + services.mongodb = { + enable = true; }; } diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 6ed80ac39..5477a8b86 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -19,6 +19,8 @@ in { ../2configs/privoxy-retiolum.nix ../2configs/radio.nix ../2configs/buildbot-standalone.nix + ../2configs/repo-sync.nix + ../2configs/binary-cache/server.nix { imports = [ ../2configs/git.nix @@ -66,8 +68,6 @@ in { } { - #boot.loader.gummiboot.enable = true; - #boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { devices = [ "/dev/sda" @@ -110,10 +110,6 @@ in { { sound.enable = false; } - #{ - # #workaround for server dying after 6-7h - # boot.kernelPackages = pkgs.linuxPackages_4_2; - #} { nixpkgs.config.allowUnfree = true; } @@ -202,7 +198,7 @@ in { } { imports = [ - ../2configs/realwallpaper-server.nix + ../2configs/realwallpaper.nix ]; krebs.nginx.servers."lassul.us".locations = [ (lib.nameValuePair "/wallpaper.png" '' diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 6829428ff..96d64bda3 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -4,7 +4,9 @@ with builtins; { imports = [ ../. + ../2configs/hw/tp-x220.nix ../2configs/baseX.nix + ../2configs/git.nix ../2configs/exim-retiolum.nix ../2configs/browsers.nix ../2configs/programs.nix @@ -19,34 +21,10 @@ with builtins; # }; # }; #} - { - #x220 config from mors - #TODO: make x220 config file (or look in other user dir) - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - } ]; krebs.build.host = config.krebs.hosts.shodan; - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - boot = { loader.grub.enable = true; loader.grub.version = 2; @@ -56,7 +34,6 @@ with builtins; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; }; fileSystems = { "/" = { @@ -67,10 +44,15 @@ with builtins; "/boot" = { device = "/dev/sda1"; }; + + "/home/lass" = { + device = "/dev/pool/home-lass"; + fsType = "ext4"; + }; }; - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" - # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" - #''; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + ''; } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 16f7502ac..6d26ff89a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -8,7 +8,13 @@ in { #./urxvt.nix ./xserver ./mpv.nix + #./pulse.nix + ./power-action.nix ]; + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; users.extraUsers.mainUser.extraGroups = [ "audio" ]; @@ -16,11 +22,6 @@ in { virtualisation.libvirtd.enable = true; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - programs.ssh.startAgent = false; security.setuidPrograms = [ "slock" ]; @@ -32,6 +33,7 @@ in { environment.systemPackages = with pkgs; [ + acpi dmenu gitAndTools.qgit lm_sensors @@ -44,6 +46,7 @@ in { sxiv xclip xorg.xbacklight + xorg.xhost xsel zathura diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix new file mode 100644 index 000000000..108ff7a1e --- /dev/null +++ b/lass/2configs/binary-cache/client.nix @@ -0,0 +1,9 @@ +{ config, ... }: + +{ + nix = { + binaryCaches = ["http://cache.prism.r"]; + binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; + }; +} + diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix new file mode 100644 index 000000000..22ec04307 --- /dev/null +++ b/lass/2configs/binary-cache/server.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ...}: + +{ + # generate private key with: + # nix-store --generate-binary-cache-key my-secret-key my-public-key + services.nix-serve = { + enable = true; + secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + }; + + systemd.services.nix-serve = { + requires = ["secret.service"]; + after = ["secret.service"]; + }; + krebs.secret.files.nix-serve-key = { + path = "/run/secret/nix-serve.key"; + owner.name = "nix-serve"; + source-path = toString <secrets> + "/nix-serve.key"; + }; + krebs.nginx = { + enable = true; + servers.nix-serve = { + server-names = [ "cache.prism.r" ]; + locations = lib.singleton (lib.nameValuePair "/" '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''); + }; + }; +} + diff --git a/lass/2configs/binary-caches.nix b/lass/2configs/binary-caches.nix deleted file mode 100644 index c2727520d..000000000 --- a/lass/2configs/binary-caches.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, ... }: - -{ - nix.sshServe.enable = true; - nix.sshServe.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel" - ]; - nix.binaryCaches = [ - #"scp://nix-ssh@mors" - #"scp://nix-ssh@uriel" - ]; -} diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 604d0728d..04bdcf9d8 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -1,6 +1,14 @@ { lib, config, pkgs, ... }: -{ - krebs.buildbot.master = let + +with config.krebs.lib; + +let + sshWrapper = pkgs.writeDash "ssh-wrapper" '' + ${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@" + ''; + +in { + config.krebs.buildbot.master = let stockholm-mirror-url = http://cgit.prism/stockholm ; in { slaves = { @@ -25,20 +33,38 @@ sched.append(schedulers.SingleBranchScheduler( ## all branches change_filter=util.ChangeFilter(branch_re=".*"), - # treeStableTimer=10, + treeStableTimer=10, name="fast-all-branches", builderNames=["fast-tests"])) ''; + build-scheduler = '' + # build all hosts + sched.append(schedulers.SingleBranchScheduler( + change_filter=util.ChangeFilter(branch_re=".*"), + treeStableTimer=10, + name="prism-all-branches", + builderNames=["build-all"])) + ''; }; builder_pre = '' # prepare grab_repo step for stockholm grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') - env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"} + # TODO: get nixpkgs/stockholm paths from krebs + env_lass = { + "LOGNAME": "lass", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + } + env_makefu = { + "LOGNAME": "makefu", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + } # prepare nix-shell # the dependencies which are used by the test script - deps = [ "gnumake", "jq","nix","rsync" ] + deps = [ "gnumake", "jq", "nix", "rsync", "proot" ] # TODO: --pure , prepare ENV in nix-shell command: # SSL_CERT_FILE,LOGNAME,NIX_REMOTE nixshell = ["nix-shell", @@ -51,16 +77,45 @@ factory.addStep(steps.ShellCommand(**kwargs)) ''; builder = { + build-all = '' + f = util.BuildFactory() + f.addStep(grab_repo) + for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: + addShell(f,name="build-{}".format(i),env=env_lass, + command=nixshell + \ + ["make \ + test \ + ssh=${sshWrapper} \ + target=build@localhost:${config.users.users.build.home}/testbuild \ + method=build \ + system={}".format(i)]) + + for i in [ "pornocauster", "wry" ]: + addShell(f,name="build-{}".format(i),env=env_makefu, + command=nixshell + \ + ["make \ + test \ + ssh=${sshWrapper} \ + target=build@localhost:${config.users.users.build.home}/testbuild \ + method=build \ + system={}".format(i)]) + + bu.append(util.BuilderConfig(name="build-all", + slavenames=slavenames, + factory=f)) + + ''; + fast-tests = '' f = util.BuildFactory() f.addStep(grab_repo) for i in [ "prism", "mors", "echelon" ]: - addShell(f,name="populate-{}".format(i),env=env, + addShell(f,name="populate-{}".format(i),env=env_lass, command=nixshell + \ ["{}( make system={} eval.config.krebs.build.populate \ | jq -er .)".format("!" if "failing" in i else "",i)]) - addShell(f,name="build-test-minimal",env=env, + addShell(f,name="build-test-minimal",env=env_lass, command=nixshell + \ ["nix-instantiate \ --show-trace --eval --strict --json \ @@ -86,17 +141,17 @@ }; }; - krebs.buildbot.slave = { + config.krebs.buildbot.slave = { enable = true; masterhost = "localhost"; username = "testslave"; password = "lasspass"; packages = with pkgs;[ git nix gnumake jq rsync ]; extraEnviron = { - NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; + NIX_PATH="nixpkgs=/var/src/nixpkgs"; }; }; - krebs.iptables = { + config.krebs.iptables = { tables = { filter.INPUT.rules = [ { predicate = "-p tcp --dport 8010"; target = "ACCEPT"; } @@ -104,4 +159,29 @@ ]; }; }; + + #ssh workaround for make test + options.lass.build-ssh-privkey = mkOption { + type = types.secret-file; + default = { + path = "${config.users.users.buildbotSlave.home}/ssh.privkey"; + owner = { inherit (config.users.users.buildbotSlave ) name uid;}; + source-path = toString <secrets> + "/build.ssh.key"; + }; + }; + config.krebs.secret.files = { + build-ssh-privkey = config.lass.build-ssh-privkey; + }; + config.users.users = { + build = { + name = "build"; + uid = genid "build"; + home = "/home/build"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP lass@mors" + ]; + }; + }; } diff --git a/lass/2configs/cbase.nix b/lass/2configs/c-base.nix index 9d13bc30d..9d13bc30d 100644 --- a/lass/2configs/cbase.nix +++ b/lass/2configs/c-base.nix diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 1c06acf38..377554514 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -7,6 +7,9 @@ with config.krebs.lib; ../2configs/zsh.nix ../2configs/mc.nix ../2configs/retiolum.nix + ../2configs/nixpkgs.nix + ../2configs/binary-cache/client.nix + ../2configs/gc.nix ./backups.nix { users.extraUsers = @@ -52,21 +55,18 @@ with config.krebs.lib; user = config.krebs.users.lass; source = mapAttrs (_: mkDefault) ({ nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix"; - secrets = "/home/lass/secrets/${config.krebs.build.host.name}"; + secrets = if getEnv "dummy_secrets" == "true" + then toString <stockholm/lass/2configs/tests/dummy-secrets> + else "/home/lass/secrets/${config.krebs.build.host.name}"; #secrets-common = "/home/lass/secrets/common"; - stockholm = "/home/lass/stockholm"; - nixpkgs = { - url = https://github.com/lassulus/nixpkgs; - rev = "f632f8edaf80ffa8bf0b8c9b9064cae3ccbe3894"; - dev = "/home/lass/src/nixpkgs"; - }; + stockholm = getEnv "PWD"; } // optionalAttrs config.krebs.build.host.secure { #secrets-master = "/home/lass/secrets/master"; }); }; }; - nix.useChroot = true; + nix.useSandbox = true; users.mutableUsers = false; @@ -114,8 +114,13 @@ with config.krebs.lib; #neat utils krebspaste + pciutils psmisc + q + rs + tmux untilport + usbutils #unpack stuff p7zip diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 3639a743a..cf9b631c8 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -21,6 +21,7 @@ in { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey config.krebs.users.lass-uriel.pubkey + config.krebs.users.lass-shodan.pubkey ]; }; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 8199f2bd7..1ba99c8cb 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -28,6 +28,8 @@ with config.krebs.lib; { from = "wordpress@ubikmedia.de"; to = lass.mail; } { from = "finanzamt@lassul.us"; to = lass.mail; } { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } + { from = "netzclub@lassul.us"; to = lass.mail; } + { from = "nebenan@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index f3b65e816..a724e2e45 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -5,7 +5,8 @@ let in { krebs.fetchWallpaper = { enable = true; - url = "cloudkrebs/wallpaper.png"; + unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; + url = "prism/wallpaper.png"; }; } diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix new file mode 100644 index 000000000..8762ad95e --- /dev/null +++ b/lass/2configs/gc.nix @@ -0,0 +1,8 @@ +{ config, ... }: + +with config.krebs.lib; +{ + nix.gc = { + automatic = ! elem config.krebs.build.host.name [ "prism" "mors" ]; + }; +} diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index c0affe981..381a37e1b 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -29,18 +29,10 @@ let rules = concatMap make-rules (attrValues repos); public-repos = mapAttrs make-public-repo { - painload = {}; stockholm = { cgit.desc = "take all the computers hostage, they'll love you!"; }; - wai-middleware-time = {}; - web-routes-wai-custom = {}; - go = {}; - newsbot-js = {}; kimsufi-check = {}; - realwallpaper = {}; - xmonad-stockholm = {}; - the_playlist = {}; } // mapAttrs make-public-repo-silent { the_playlist = {}; }; @@ -50,8 +42,6 @@ let brain = { collaborators = with config.krebs.users; [ tv makefu ]; }; - extraction_webinterface = {}; - politics-fetching = {}; } // import <secrets/repos.nix> { inherit config lib pkgs; } ); @@ -66,6 +56,7 @@ let channel = "#retiolum"; server = "cd.retiolum"; verbose = config.krebs.build.host.name == "prism"; + branches = [ "master" ]; }; }; }; @@ -84,7 +75,7 @@ let with git // config.krebs.users; repo: singleton { - user = [ lass lass-helios lass-uriel ]; + user = [ lass lass-uriel ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix new file mode 100644 index 000000000..be1faccea --- /dev/null +++ b/lass/2configs/hw/tp-x220.nix @@ -0,0 +1,54 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +{ + networking.wireless.enable = lib.mkDefault true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.cpu.intel.updateMicrocode = true; + + zramSwap.enable = true; + zramSwap.numDevices = 2; + + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 0; + emulateWheel = true; + }; + + services.tlp.enable = true; + services.tlp.extraConfig = '' + # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery + #START_CHARGE_THRESH_BAT0=80 + STOP_CHARGE_THRESH_BAT0=95 + + CPU_SCALING_GOVERNOR_ON_AC=performance + CPU_SCALING_GOVERNOR_ON_BAT=ondemand + CPU_MIN_PERF_ON_AC=0 + CPU_MAX_PERF_ON_AC=100 + CPU_MIN_PERF_ON_BAT=0 + CPU_MAX_PERF_ON_BAT=30 + ''; + + boot = { + kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; + extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + }; + + hardware.opengl.extraPackages = [ + pkgs.vaapiIntel + pkgs.vaapiVdpau + ]; + + services.xserver = { + videoDriver = "intel"; + deviceSection = '' + Option "AccelMethod" "sna" + ''; + }; + + security.rngd.enable = true; +} diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 72d6f987f..7c050005b 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -10,8 +10,9 @@ let account default: prism ''; - msmtp = pkgs.writeDashBin "msmtp" '' - exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ + msmtp = pkgs.writeBashBin "msmtp" '' + ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \ + ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ ''; muttrc = pkgs.writeText "muttrc" '' @@ -42,7 +43,7 @@ let set nm_record = yes set nm_record_tags = "-inbox me archive" set virtual_spoolfile=yes # enable virtual folders - set sendmail="msmtp" # enables parsing of outgoing mail + set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail set use_from=yes set envelope_from=yes diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index 636b44395..f2b70d831 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -41,7 +41,6 @@ let cryptogon|http://www.cryptogon.com/?feed=rss2|#news csm|http://rss.csmonitor.com/feeds/csm|#news csm_world|http://rss.csmonitor.com/feeds/world|#news - cyberguerrilla|https://www.cyberguerrilla.org/a/2012/?feed=rss2|#news danisch|http://www.danisch.de/blog/feed/|#news dod|http://www.defense.gov/news/afps2.xml|#news dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news @@ -102,7 +101,7 @@ let npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news npr_world|http://www.npr.org/rss/rss.php?id=1004|#news - nsa|http://www.nsa.gov/rss.shtml|#news #bullerei + nsa|https://www.nsa.gov/rss.xml|#news #bullerei nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news painload|https://github.com/krebscode/painload/commits/master.atom|#news phys|http://phys.org/rss-feed/|#news diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix new file mode 100644 index 000000000..0021a8615 --- /dev/null +++ b/lass/2configs/nixpkgs.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + krebs.build.source.nixpkgs = { + url = https://github.com/lassulus/nixpkgs; + rev = "c78f9ad2f91019648bdcf5a911f86ea3a397d290"; + }; +} diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix new file mode 100644 index 000000000..0ff8547c7 --- /dev/null +++ b/lass/2configs/power-action.nix @@ -0,0 +1,41 @@ +{ config, pkgs, ... }: + +let + suspend = pkgs.writeDash "suspend" '' + ${pkgs.systemd}/bin/systemctl suspend + ''; + + speak = text: + pkgs.writeDash "speak" '' + ${pkgs.espeak}/bin/espeak -v +whisper -s 110 "${text}" + ''; + +in { + lass.power-action = { + enable = true; + plans.low-battery = { + upperLimit = 30; + lowerLimit = 25; + charging = false; + action = pkgs.writeDash "warn-low-battery" '' + ${speak "power level low"} + ''; + }; + plans.suspend = { + upperLimit = 10; + lowerLimit = 0; + charging = false; + action = pkgs.writeDash "suspend-wrapper" '' + /var/setuid-wrappers/sudo ${suspend} + ''; + }; + }; + + users.users.power-action.extraGroups = [ + "audio" + ]; + + security.sudo.extraConfig = '' + ${config.lass.power-action.user.name} ALL= (root) NOPASSWD: ${suspend} + ''; +} diff --git a/lass/2configs/pulse.nix b/lass/2configs/pulse.nix new file mode 100644 index 000000000..3be482191 --- /dev/null +++ b/lass/2configs/pulse.nix @@ -0,0 +1,96 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +let + pkg = pkgs.pulseaudioLight; + runDir = "/run/pulse"; + + alsaConf = pkgs.writeText "asound.conf" '' + ctl_type.pulse { + libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_ctl_pulse.so; + } + pcm_type.pulse { + libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_pcm_pulse.so; + } + ctl.!default { + type pulse + } + pcm.!default { + type pulse + } + ''; + + clientConf = pkgs.writeText "client.conf" '' + autospawn=no + default-server = unix:${runDir}/socket + ''; + + daemonConf = pkgs.writeText "daemon.conf" '' + exit-idle-time=0 + flat-volumes = no + default-fragments = 4 + default-fragment-size-msec = 25 + ''; + + configFile = pkgs.writeText "default.pa" '' + .include ${pkg}/etc/pulse/default.pa + load-module ${toString [ + "module-native-protocol-unix" + "auth-anonymous=1" + "socket=${runDir}/socket" + ]} + ''; +in + +{ + environment = { + etc = { + "asound.conf".source = alsaConf; + # XXX mkForce is not strong enough (and neither is mkOverride) to create + # /etc/pulse/client.conf, see pulseaudio-hack below for a solution. + #"pulse/client.conf" = mkForce { source = clientConf; }; + #"pulse/client.conf".source = mkForce clientConf; + "pulse/default.pa".source = configFile; + "pulse/daemon.pa".source = daemonConf; + }; + systemPackages = [ + pkg + ] ++ optionals config.services.xserver.enable [ + pkgs.pavucontrol + ]; + }; + + # Allow PulseAudio to get realtime priority using rtkit. + security.rtkit.enable = true; + + system.activationScripts.pulseaudio-hack = '' + ln -fns ${clientConf} /etc/pulse/client.conf + ''; + + systemd.services.pulse = { + wantedBy = [ "sound.target" ]; + before = [ "sound.target" ]; + environment = { + PULSE_RUNTIME_PATH = "${runDir}/home"; + }; + serviceConfig = { + ExecStart = "${pkg}/bin/pulseaudio"; + ExecStartPre = pkgs.writeDash "pulse-start" '' + install -o pulse -g audio -m 0750 -d ${runDir} + install -o pulse -g audio -m 0700 -d ${runDir}/home + ''; + PermissionsStartOnly = "true"; + User = "pulse"; + }; + }; + + users = { + groups.pulse.gid = config.users.users.pulse.uid; + users.pulse = { + uid = genid "pulse"; + group = "pulse"; + extraGroups = [ "audio" ]; + home = "${runDir}/home"; + }; + }; +} diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 17be327b9..59678dbff 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -11,7 +11,7 @@ let source-password = import <secrets/icecast-source-pw>; add_random = pkgs.writeDashBin "add_random" '' - mpc add "$(mpc ls | shuf -n1)" + ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)" ''; skip_track = pkgs.writeDashBin "skip_track" '' @@ -52,13 +52,8 @@ in { print_current ncmpcpp mpc_cli - tmux ]; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - services.mpd = { enable = true; group = "radio"; @@ -67,7 +62,7 @@ in { audio_output { type "shout" encoding "ogg" - name "my cool stream" + name "the_playlist" host "localhost" port "8000" mount "/radio.ogg" @@ -84,7 +79,7 @@ in { # Optional Parameters user "source" # description "here is my long description" - # genre "jazz" + genre "good music" } # end of audio_output ''; @@ -114,7 +109,7 @@ in { wantedBy = [ "timers.target" ]; timerConfig = { - OnCalendar = "*:*"; + OnCalendar = "*:0/1"; }; }; @@ -123,8 +118,8 @@ in { LIMIT=$1 #in secconds timeLeft () { - playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') - currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }') + playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') + currentTime=$(${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }') expr ''${playlistDuration:-0} - ''${currentTime:-0} } @@ -136,16 +131,10 @@ in { description = "radio playlist autoadder"; after = [ "network.target" ]; - path = with pkgs; [ - gawk - mpc_cli - ]; - restartIfChanged = true; serviceConfig = { - Restart = "always"; - ExecStart = "${autoAdd} 100"; + ExecStart = "${autoAdd} 150"; }; }; diff --git a/lass/2configs/realwallpaper-server.nix b/lass/2configs/realwallpaper-server.nix deleted file mode 100644 index 7340fc7ca..000000000 --- a/lass/2configs/realwallpaper-server.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, lib, ... }: - -let - hostname = config.krebs.build.host.name; - inherit (lib) - nameValuePair - ; - -in { - imports = [ - ./realwallpaper.nix - ]; - - krebs.nginx.servers.wallpaper = { - server-names = [ - hostname - ]; - locations = [ - (nameValuePair "/wallpaper.png" '' - root /tmp/; - '') - ]; - }; - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - }; -} diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index c69cb1660..2ab52ed92 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -1,5 +1,30 @@ -{ config, ... }: +{ config, lib, ... }: -{ +let + hostname = config.krebs.build.host.name; + inherit (lib) + nameValuePair + ; + +in { krebs.realwallpaper.enable = true; + + krebs.nginx.servers.wallpaper = { + server-names = [ + hostname + ]; + locations = [ + (nameValuePair "/wallpaper.png" '' + root /tmp/; + '') + ]; + }; + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + }; } diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix new file mode 100644 index 000000000..45a4e2afd --- /dev/null +++ b/lass/2configs/repo-sync.nix @@ -0,0 +1,106 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + mirror = "git@${config.networking.hostName}:"; + + defineRepo = name: announce: let + repo = { + public = true; + name = mkDefault "${name}"; + cgit.desc = mkDefault "mirror for ${name}"; + hooks = mkIf announce (mkDefault { + post-receive = pkgs.git-hooks.irc-announce { + nick = config.networking.hostName; + verbose = false; + channel = "#retiolum"; + server = "cd.retiolum"; + branches = [ "newest" ]; + }; + }); + }; + in { + rules = with git; singleton { + user = with config.krebs.users; [ + config.krebs.users."${config.networking.hostName}-repo-sync" + lass + lass-shodan + ]; + repo = [ repo ]; + perm = push ''refs/*'' [ non-fast-forward create delete merge ]; + }; + repos."${name}" = repo; + }; + + sync-retiolum = name: + { + krebs.repo-sync.repos.${name} = { + makefu = { + origin.url = "http://cgit.gum/${name}"; + mirror.url = "${mirror}${name}"; + }; + tv = { + origin.url = "http://cgit.cd/${name}"; + mirror.url = "${mirror}${name}"; + }; + lassulus = { + origin.url = "http://cgit.prism/${name}"; + mirror.url = "${mirror}${name}"; + }; + "@latest" = { + mirror.url = "${mirror}${name}"; + mirror.ref = "heads/newest"; + }; + }; + krebs.git = defineRepo name (config.networking.hostName == "prism"); + }; + + sync-remote = name: url: + { + krebs.repo-sync.repos.${name} = { + remote = { + origin.url = url; + mirror.url = "${mirror}${name}"; + }; + }; + krebs.git = defineRepo name (config.networking.hostName == "prism"); + }; + + sync-remote-silent = name: url: + { + krebs.repo-sync.repos.${name} = { + remote = { + origin.url = url; + mirror.url = "${mirror}${name}"; + }; + }; + krebs.git = defineRepo name false; + }; + +in { + krebs.repo-sync = { + enable = true; + unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; + }; + imports = [ + (sync-remote "array" "https://github.com/makefu/array") + (sync-remote "email-header" "https://github.com/4z3/email-header") + (sync-remote "mycube-flask" "https://github.com/makefu/mycube-flask") + (sync-remote "reaktor-titlebot" "https://github.com/makefu/reaktor-titlebot") + (sync-remote "repo-sync" "https://github.com/makefu/repo-sync") + (sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger") + (sync-remote "xintmap" "https://github.com/4z3/xintmap") + (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs") + (sync-retiolum "go") + (sync-retiolum "much") + (sync-retiolum "newsbot-js") + (sync-retiolum "painload") + (sync-retiolum "realwallpaper") + (sync-retiolum "stockholm") + (sync-retiolum "wai-middleware-time") + (sync-retiolum "web-routes-wai-custom") + (sync-retiolum "xmonad-stockholm") + ]; +} + diff --git a/lass/2configs/tests/dummy-secrets/cbase.txt b/lass/2configs/tests/dummy-secrets/cbase.txt new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/cbase.txt diff --git a/lass/2configs/tests/dummy-secrets/hashedPasswords.nix b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/lass/2configs/tests/dummy-secrets/icecast-admin-pw b/lass/2configs/tests/dummy-secrets/icecast-admin-pw new file mode 100644 index 000000000..16b542cee --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/icecast-admin-pw @@ -0,0 +1 @@ +"blabla" diff --git a/lass/2configs/tests/dummy-secrets/icecast-source-pw b/lass/2configs/tests/dummy-secrets/icecast-source-pw new file mode 100644 index 000000000..16b542cee --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/icecast-source-pw @@ -0,0 +1 @@ +"blabla" diff --git a/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv new file mode 100644 index 000000000..215a7fa0c --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv @@ -0,0 +1,3 @@ +-----BEGIN RSA PRIVATE KEY----- +this is a private key +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/mysql_rootPassword b/lass/2configs/tests/dummy-secrets/mysql_rootPassword new file mode 100644 index 000000000..922a74472 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/mysql_rootPassword @@ -0,0 +1 @@ +blabla123 diff --git a/lass/2configs/tests/dummy-secrets/nix-serve.key b/lass/2configs/tests/dummy-secrets/nix-serve.key new file mode 100644 index 000000000..91448ad2f --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/nix-serve.key @@ -0,0 +1 @@ +key-name:blabla123 diff --git a/lass/2configs/tests/dummy-secrets/repos.nix b/lass/2configs/tests/dummy-secrets/repos.nix new file mode 100644 index 000000000..eed712458 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/repos.nix @@ -0,0 +1 @@ +_: {} diff --git a/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv new file mode 100644 index 000000000..99a4033f6 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv @@ -0,0 +1,4 @@ + +-----BEGIN RSA PRIVATE KEY----- +this is a private key +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 new file mode 100644 index 000000000..5c12da0b3 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 @@ -0,0 +1,3 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +private key bla +-----END OPENSSH PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_rsa b/lass/2configs/tests/dummy-secrets/ssh.id_rsa new file mode 100644 index 000000000..885cf61f0 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/ssh.id_rsa @@ -0,0 +1,3 @@ +-----BEGIN RSA PRIVATE KEY----- +private key bla +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/transmission-pw b/lass/2configs/tests/dummy-secrets/transmission-pw new file mode 100644 index 000000000..b71df1a2d --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/transmission-pw @@ -0,0 +1 @@ +"krebskrebs123" diff --git a/lass/2configs/umts.nix b/lass/2configs/umts.nix new file mode 100644 index 000000000..c1fce9ea2 --- /dev/null +++ b/lass/2configs/umts.nix @@ -0,0 +1,62 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + nixpkgs-1509 = import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs-channels"; + rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; + sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; + }) {}; + + wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113 + + modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; + + # TODO: currently it is only netzclub + umts-bin = pkgs.writeScriptBin "umts" '' + #!/bin/sh + set -euf + systemctl stop wpa_supplicant + systemctl start umts + trap "systemctl stop umts && systemctl start wpa_supplicant;trap - INT TERM EXIT;exit" INT TERM EXIT + echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf + journalctl -xfu umts + ''; + + wvdial-defaults = '' + Modem = ${modem-device} + Init1 = AT+CFUN=1 + Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + Baud = 460800 + phone= *99# + Username = netzclub + Password = netzclub + Stupid Mode = 1 + Idle Seconds = 0 + ''; + + + out = { + environment.shellAliases = { + umts = "sudo ${umts-bin}/bin/umts"; + }; + + security.sudo.extraConfig = '' + lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts + ''; + + environment.wvdial.dialerDefaults = wvdial-defaults; + + systemd.services.umts = { + description = "UMTS wvdial Service"; + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = "10s"; + ExecStart = "${wvdial}/bin/wvdial -n"; + }; + }; + }; +in out + diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 8295d9d49..9eed08635 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -1,158 +1,351 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: +with config.krebs.lib; let - customPlugins = { - mustang2 = pkgs.vimUtils.buildVimPlugin { - name = "Mustang2"; - src = pkgs.fetchFromGitHub { - owner = "croaker"; - repo = "mustang-vim"; - rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5"; - sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67"; - }; - }; - unimpaired = pkgs.vimUtils.buildVimPlugin { - name = "unimpaired-vim"; - src = pkgs.fetchFromGitHub { - owner = "tpope"; - repo = "vim-unimpaired"; - rev = "11dc568dbfd7a56866a4354c737515769f08e9fe"; - sha256 = "1an941j5ckas8l3vkfhchdzjwcray16229rhv3a1d4pbxifwshi8"; - }; - }; - brogrammer = pkgs.vimUtils.buildVimPlugin { - name = "brogrammer"; - src = pkgs.fetchFromGitHub { - owner = "marciomazza"; - repo = "vim-brogrammer-theme"; - rev = "3e412d8e8909d8d89eb5a4cbe955b5bc0833a3c3"; - sha256 = "0am1qk8ls74z5ipgf9viacayq08y9i9vd7sxxiivwgsjh2ancbv6"; - }; - }; - file-line = pkgs.vimUtils.buildVimPlugin { - name = "file-line"; - src = pkgs.fetchFromGitHub { - owner = "bogado"; - repo = "file-line"; - rev = "f9ffa1879ad84ce4a386110446f395bc1795b72a"; - sha256 = "173n47w9zd01rcyrrmm194v79xq7d1ggzr19n1lsxrqfgr2c1rvk"; - }; - }; + out = { + environment.systemPackages = [ + vim + ]; + + environment.etc.vimrc.source = vimrc; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; }; -in { + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.Gundo + pkgs.vimPlugins.Syntastic + pkgs.vimPlugins.undotree + (pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchgit { + url = git://github.com/bogado/file-line; + rev = "refs/tags/1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; + }) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${toJSON name} + + hi Normal ctermbg=235 + hi Comment ctermfg=242 + hi Constant ctermfg=062 + hi Identifier ctermfg=068 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=041 + hi Delimiter ctermfg=251 + hi Special ctermfg=062 - environment.systemPackages = [ - (pkgs.vim_configurable.customize { + hi Garbage ctermbg=088 + hi TabStop ctermbg=016 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=148 + hi NixData ctermfg=149 + hi NixQuote ctermfg=150 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let name = "vim"; + in { + name = "vim-syntax-${name}-1.0.0"; + destination = "/syntax/${name}.vim"; + text = /* vim */ '' + ${concatMapStringsSep "\n" (s: /* vim */ '' + syn keyword vimColor${s} ${s} + \ containedin=ALLBUT,vimComment,vimLineComment + hi vimColor${s} ctermfg=${s} + '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "showsyntax"; + in { + name = "vim-plugin-${name}-1.0.0"; + destination = "/plugin/${name}.vim"; + text = /* vim */ '' + if exists('g:loaded_showsyntax') + finish + endif + let g:loaded_showsyntax = 0 - vimrcConfig.customRC = '' - set nocompatible - set t_Co=16 - syntax on - " TODO autoload colorscheme file - set background=dark - colorscheme brogrammer - filetype off - filetype plugin indent on + fu! ShowSyntax() + let id = synID(line("."), col("."), 1) + let name = synIDattr(id, "name") + let transName = synIDattr(synIDtrans(id),"name") + if name != transName + let name .= " (" . transName . ")" + endif + echo "Syntax: " . name + endfu - imap <F1> <nop> + command! -n=0 -bar ShowSyntax :call ShowSyntax() + ''; + }))) + ]; - set mouse=a - set ruler - set showmatch - set backspace=2 - set visualbell - set encoding=utf8 - set showcmd - set wildmenu + dirs = { + backupdir = "$HOME/.cache/vim/backup"; + swapdir = "$HOME/.cache/vim/swap"; + undodir = "$HOME/.cache/vim/undo"; + }; + files = { + viminfo = "$HOME/.cache/vim/info"; + }; - set title - set titleold= - set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} + mkdirs = let + dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); + in assert out != ""; out; + alldirs = attrValues dirs ++ map dirOf (attrValues files); + in unique (sort lessThan alldirs); - set autoindent + vim = pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + exec ${pkgs.neovim}/bin/nvim "$@" + ''; - set ttyfast + vimrc = pkgs.writeText "vimrc" '' + set nocompatible - set pastetoggle=<INS> + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set mouse=a + set noruler + set pastetoggle=<INS> + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + set et ts=2 sts=2 sw=2 - " Force Saving Files that Require Root Permission - command! W silent w !sudo tee "%" >/dev/null + filetype plugin indent on - nnoremap <C-c> :q<Return> - vnoremap < <gv - vnoremap > >gv + set t_Co=256 + colorscheme hack + syntax on - nmap <esc>q :buffer + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + au BufRead,BufNewFile *.hs so ${hs.vim} - "Tabwidth - set ts=2 sts=2 sw=2 et + au BufRead,BufNewFile *.nix so ${nix.vim} - " create Backup/tmp/undo dirs - function! InitBackupDir() - let l:parent = $HOME . '/.vim/' - let l:backup = l:parent . 'backups/' - let l:tmpdir = l:parent . 'tmp/' - let l:undodi = l:parent . 'undo/' + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile - if !isdirectory(l:parent) - call mkdir(l:parent) - endif - if !isdirectory(l:backup) - call mkdir(l:backup) - endif - if !isdirectory(l:tmpdir) - call mkdir(l:tmpdir) - endif - if !isdirectory(l:undodi) - call mkdir(l:undodi) - endif - endfunction - call InitBackupDir() - - " Backups & Files - set backup - set backupdir=~/.vim/backups - set directory=~/.vim/tmp// - set viminfo='20,<1000,s100,h,n~/.vim/tmp/info - set undodir=$HOME/.vim/undo - set undofile - - " highlight whitespaces - highlight ExtraWhitespace ctermbg=red guibg=red - match ExtraWhitespace /\s\+$/ - autocmd BufWinEnter * match ExtraWhitespace /\s\+$/ - autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@<!$/ - autocmd InsertLeave * match ExtraWhitespace /\s\+$/ - autocmd BufWinLeave * call clearmatches() - - "ft specific stuff - autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et - autocmd BufRead *.hs set ts=4 sts=4 sw=4 et - - "esc timeout - set timeoutlen=1000 ttimeoutlen=0 - - "foldfunctions - inoremap <F9> <C-O>za - nnoremap <F9> za - onoremap <F9> <C-C>za - vnoremap <F9> zf - ''; - - vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; - vimrcConfig.vam.pluginDictionaries = [ - { names = [ - "brogrammer" - "file-line" - "Gundo" - ]; } - { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + + nmap <esc>q :buffer + nmap <M-q> :buffer + + cnoremap <C-A> <Home> + + noremap <C-c> :q<cr> + vnoremap < <gv + vnoremap > >gv + + nnoremap <esc>[5^ :tabp<cr> + nnoremap <esc>[6^ :tabn<cr> + nnoremap <esc>[5@ :tabm -1<cr> + nnoremap <esc>[6@ :tabm +1<cr> + + nnoremap <f1> :tabp<cr> + nnoremap <f2> :tabn<cr> + inoremap <f1> <esc>:tabp<cr> + inoremap <f2> <esc>:tabn<cr> + + " <C-{Up,Down,Right,Left> + noremap <esc>Oa <nop> | noremap! <esc>Oa <nop> + noremap <esc>Ob <nop> | noremap! <esc>Ob <nop> + noremap <esc>Oc <nop> | noremap! <esc>Oc <nop> + noremap <esc>Od <nop> | noremap! <esc>Od <nop> + " <[C]S-{Up,Down,Right,Left> + noremap <esc>[a <nop> | noremap! <esc>[a <nop> + noremap <esc>[b <nop> | noremap! <esc>[b <nop> + noremap <esc>[c <nop> | noremap! <esc>[c <nop> + noremap <esc>[d <nop> | noremap! <esc>[d <nop> + vnoremap u <nop> + ''; + + hs.vim = pkgs.writeText "hs.vim" '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + + nix.vim = pkgs.writeText "nix.vim" '' + setf nix + + " Ref <nix/src/libexpr/lexer.l> + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[():/;=.,?\[\]]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + startAlts = filter isString [ + ''/\* ${lang} \*/'' + extraStart ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + unlet b:current_syntax - }) - ]; -} + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') { + c = {}; + cabal = {}; + haskell = {}; + sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; + vim.extraStart = + ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; + })} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + ''; +in +out diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 45d09c3b9..f88dc927e 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -11,9 +11,9 @@ let serveWordpress; msmtprc = pkgs.writeText "msmtprc" '' - account prism + account localhost host localhost - account default: prism + account default: localhost ''; sendmail = pkgs.writeDash "msmtp" '' @@ -23,23 +23,55 @@ let in { imports = [ ./sqlBackup.nix - (ssl [ "reich-gebaeudereinigung.de" ]) - (servePage [ "reich-gebaeudereinigung.de" ]) + (ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) + (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (ssl [ "karlaskop.de" ]) - (servePage [ "karlaskop.de" ]) + (ssl [ "karlaskop.de" "www.karlaskop.de" ]) + (servePage [ "karlaskop.de" "www.karlaskop.de" ]) - (ssl [ "makeup.apanowicz.de" ]) - (servePage [ "makeup.apanowicz.de" ]) + (ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) + (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) - (ssl [ "pixelpocket.de" ]) - (servePage [ "pixelpocket.de" ]) + (ssl [ "pixelpocket.de" "www.pixelpocket.de" ]) + (servePage [ "pixelpocket.de" "www.pixelpocket.de" ]) - (ssl [ "o.ubikmedia.de" ]) - (serveOwncloud [ "o.ubikmedia.de" ]) + (ssl [ "o.ubikmedia.de" "www.o.ubikmedia.de" ]) + (serveOwncloud [ "o.ubikmedia.de" "www.o.ubikmedia.de" ]) - (ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ]) - (serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ]) + (ssl [ + "ubikmedia.de" + "aldona.ubikmedia.de" + "apanowicz.de" + "nirwanabluete.de" + "aldonasiech.com" + "360gradvideo.tv" + "ubikmedia.eu" + "facts.cloud" + "www.ubikmedia.de" + "www.aldona.ubikmedia.de" + "www.apanowicz.de" + "www.nirwanabluete.de" + "www.aldonasiech.com" + "www.360gradvideo.tv" + "www.ubikmedia.eu" + "www.facts.cloud" + ]) + (serveWordpress [ + "ubikmedia.de" + "apanowicz.de" + "nirwanabluete.de" + "aldonasiech.com" + "360gradvideo.tv" + "ubikmedia.eu" + "facts.cloud" + "*.ubikmedia.de" + "www.apanowicz.de" + "www.nirwanabluete.de" + "www.aldonasiech.com" + "www.360gradvideo.tv" + "www.ubikmedia.eu" + "www.facts.cloud" + ]) ]; lass.mysqlBackup.config.all.databases = [ @@ -47,6 +79,27 @@ in { "o_ubikmedia_de" ]; + krebs.backup.plans = { + prism-sql-domsen = { + method = "push"; + src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-sql"; }; + startAt = "00:01"; + }; + prism-http-domsen = { + method = "push"; + src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-http"; }; + startAt = "00:10"; + }; + prism-o-ubikmedia-domsen = { + method = "push"; + src = { host = config.krebs.hosts.prism; path = "/srv/o.ubikmedia.de-data"; }; + dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-owncloud"; }; + startAt = "00:30"; + }; + }; + users.users.domsen = { uid = genid "domsen"; description = "maintenance acc for domsen"; @@ -56,18 +109,18 @@ in { createHome = true; }; - #services.phpfpm.phpOptions = '' - # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - # sendmail_path = ${sendmail} -t - #''; - services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - options = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = ${sendmail} -t -i" - ''; - } '' - cat ${pkgs.php}/etc/php-recommended.ini > $out - echo "$options" >> $out + services.phpfpm.phpOptions = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = ${sendmail} -t ''; + #services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + # options = '' + # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + # sendmail_path = "${sendmail} -t -i" + # ''; + #} '' + # cat ${pkgs.php}/etc/php-recommended.ini > $out + # echo "$options" >> $out + #''; } diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 63efbecb6..0107da739 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -1,10 +1,10 @@ { config, pkgs, lib, ... }: +with lib; let inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; }) genid head - nameValuePair ; inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;}) ssl @@ -12,6 +12,16 @@ let serveWordpress ; + msmtprc = pkgs.writeText "msmtprc" '' + account localhost + host localhost + account default: localhost + ''; + + sendmail = pkgs.writeDash "msmtp" '' + exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" + ''; + in { imports = [ ./sqlBackup.nix @@ -48,7 +58,34 @@ in { "ttf_kleinaspach_de" ]; + #password protect some dirs + krebs.nginx.servers."biostase.de".locations = [ + (nameValuePair "/old_biostase.de" '' + auth_basic "Administrator Login"; + auth_basic_user_file /srv/http/biostase.de/old_biostase.de/.htpasswd; + '') + (nameValuePair "/mysqldumper" '' + auth_basic "Administrator Login"; + auth_basic_user_file /srv/http/biostase.de/mysqldumper/.htpasswd; + '') + ]; + users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.fritz.pubkey ]; + + services.phpfpm.phpOptions = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = ${sendmail} -t + ''; + + #services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + # options = '' + # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + # sendmail_path = "${sendmail} -t -i" + # ''; + #} '' + # cat ${pkgs.php}/etc/php-recommended.ini > $out + # echo "$options" >> $out + #''; } diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index 5e14871ac..0bfd9fe6b 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -5,7 +5,6 @@ let in { krebs.per-user.chat.packages = with pkgs; [ mosh - tmux weechat ]; diff --git a/lass/2configs/wordpress.nix b/lass/2configs/wordpress.nix deleted file mode 100644 index bd59080d9..000000000 --- a/lass/2configs/wordpress.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ config, pkgs, ... }: - -{ - containers.wordpress = { - privateNetwork = true; - hostAddress = "192.168.101.1"; - localAddress = "192.168.101.2"; - - config = { - imports = [ - ../../krebs/3modules/iptables.nix - ]; - - krebs.iptables = { - enable = true; - tables = { - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } - ]; - }; - }; - - environment.systemPackages = with pkgs; [ - iptables - ]; - - services.postgresql = { - enable = true; - package = pkgs.postgresql; - }; - - services.httpd = { - enable = true; - adminAddr = "root@apanowicz.de"; - extraModules = [ - { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } - ]; - virtualHosts = [ - { - hostName = "wordpress"; - serverAliases = [ "wordpress" "www.wordpress" ]; - - extraSubservices = [ - { - serviceName = "wordpress"; - } - ]; - } - ]; - }; - }; - }; -} diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix index e3b0f45dc..5d3661706 100644 --- a/lass/2configs/xserver/Xresources.nix +++ b/lass/2configs/xserver/Xresources.nix @@ -19,9 +19,48 @@ pkgs.writeText "Xresources" '' URxvt.intensityStyles: false - URxvt*background: #000000 - URxvt*foreground: #ffffff + URxvt*background: #050505 + ! URxvt*background: #041204 + + !URxvt.depth: 32 + !URxvt*background: rgba:0500/0500/0500/cccc + + ! URxvt*background: #080810 + URxvt*foreground: #d0d7d0 + ! URxvt*background: black + ! URxvt*foreground: white + ! URxvt*background: rgb:00/00/40 + ! URxvt*foreground: rgb:a0/a0/d0 + ! XTerm*cursorColor: rgb:00/00/60 + URxvt*cursorColor: #f042b0 + URxvt*cursorColor2: #f0b000 + URxvt*cursorBlink: off + ! URxvt*cursorUnderline: true + ! URxvt*highlightColor: #232323 + ! URxvt*highlightTextColor: #b0ffb0 + + URxvt*.pointerBlank: true + URxvt*.pointerBlankDelay: 987654321 + URxvt*.pointerColor: #f042b0 + URxvt*.pointerColor2: #050505 + + ! URxvt*color0: #000000 + ! URxvt*color1: #c00000 + ! URxvt*color2: #80c070 + URxvt*color3: #c07000 + ! URxvt*color4: #0000c0 + URxvt*color4: #4040c0 + ! URxvt*color5: #c000c0 + ! URxvt*color6: #008080 + URxvt*color7: #c0c0c0 + + URxvt*color8: #707070 + URxvt*color9: #ff6060 + URxvt*color10: #70ff70 + URxvt*color11: #ffff70 + URxvt*color12: #7070ff + URxvt*color13: #ff50ff + URxvt*color14: #70ffff + URxvt*color15: #ffffff - !change unreadable blue - URxvt*color4: #268bd2 '' diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 7299e9ac0..b221d7677 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -7,9 +7,6 @@ zsh-newuser-install() { :; } ''; interactiveShellInit = '' - HISTFILE=~/.histfile - HISTSIZE=1000000 - SAVEHIST=100000 #unsetopt nomatch setopt autocd extendedglob bindkey -e @@ -92,6 +89,11 @@ esac ''; promptInit = '' + # TODO: figure out why we need to set this here + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE + SAVEHIST=$HISTSIZE + autoload -U promptinit promptinit diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 380d83a91..b3037205e 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -4,6 +4,7 @@ _: ./ejabberd ./folderPerms.nix ./mysql-backup.nix + ./power-action.nix ./urxvtd.nix ./wordpress_nginx.nix ./xresources.nix diff --git a/lass/3modules/power-action.nix b/lass/3modules/power-action.nix new file mode 100644 index 000000000..3116514a8 --- /dev/null +++ b/lass/3modules/power-action.nix @@ -0,0 +1,93 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + cfg = config.lass.power-action; + + out = { + options.lass.power-action = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "power-action"; + user = mkOption { + type = types.user; + default = { + name = "power-action"; + }; + }; + startAt = mkOption { + type = types.str; + default = "*:0/1"; + }; + plans = mkOption { + type = with types; attrsOf (submodule { + options = { + charging = mkOption { + type = nullOr bool; + default = null; + description = '' + check for charging status. + null = don't care + true = only if system is charging + false = only if system is discharging + ''; + }; + upperLimit = mkOption { + type = int; + }; + lowerLimit = mkOption { + type = int; + }; + action = mkOption { + type = path; + }; + }; + }); + }; + }; + + imp = { + systemd.services.power-action = { + serviceConfig = rec { + ExecStart = startScript; + User = cfg.user.name; + }; + startAt = cfg.startAt; + }; + users.users.${cfg.user.name} = { + inherit (cfg.user) name uid; + }; + }; + + startScript = pkgs.writeDash "power-action" '' + set -euf + + power="$(${powerlvl})" + state="$(${state})" + ${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)} + ''; + charging_check = plan: + if (plan.charging == null) then "" else + if plan.charging + then ''&& [ "$state" = "true" ]'' + else ''&& ! [ "$state" = "true" ]'' + ; + + writeRule = _: plan: + "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi"; + + powerlvl = pkgs.writeDash "powerlvl" '' + cat /sys/class/power_supply/BAT0/capacity + ''; + + state = pkgs.writeDash "state" '' + if [ "$(cat /sys/class/power_supply/BAT0/status)" = "Discharging" ] + then echo "false" + else echo "true" + fi + ''; + +in out diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 467867f63..c48188f9d 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -3,6 +3,9 @@ { nixpkgs.config.packageOverrides = rec { acronym = pkgs.callPackage ./acronym/default.nix {}; + ejabberd = pkgs.callPackage ./ejabberd { + erlang = pkgs.erlangR16; + }; firefoxPlugins = { noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {}; ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; @@ -10,11 +13,11 @@ }; mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {}; mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; + q = pkgs.callPackage ./q {}; + rs = pkgs.callPackage ./rs/default.nix {}; untilport = pkgs.callPackage ./untilport/default.nix {}; urban = pkgs.callPackage ./urban/default.nix {}; - xmonad-lass = - let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in - pkgs.haskellPackages.callPackage src {}; + xmonad-lass = import ./xmonad-lass.nix { inherit pkgs; }; yt-next = pkgs.callPackage ./yt-next/default.nix {}; }; } diff --git a/lass/5pkgs/q/default.nix b/lass/5pkgs/q/default.nix new file mode 100644 index 000000000..644be0d17 --- /dev/null +++ b/lass/5pkgs/q/default.nix @@ -0,0 +1,185 @@ +{ pkgs, ... }: +let + q-cal = let + # XXX 23 is the longest line of cal's output + pad = ''{ + ${pkgs.gnused}/bin/sed ' + # rtrim + s/ *$// + + # delete last empty line + ''${/^$/d} + ' \ + | ${pkgs.gawk}/bin/awk '{printf "%-23s\n", $0}' \ + | ${pkgs.gnused}/bin/sed ' + # colorize header + 1,2s/.*/[38;5;238;1m&[39;22m/ + + # colorize week number + s/^[ 1-9][0-9]/[38;5;238;1m&[39;22m/ + ' + }''; + in '' + ${pkgs.coreutils}/bin/paste \ + <(${pkgs.utillinux}/bin/cal -mw \ + $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'last month') \ + | ${pad} + ) \ + <(${pkgs.utillinux}/bin/cal -mw \ + | ${pkgs.gnused}/bin/sed ' + # colorize day of month + s/\(^\| \)'"$(${pkgs.coreutils}/bin/date +%e)"'\>/[31;1m&[39;22m/ + ' \ + | ${pad} + ) \ + <(${pkgs.utillinux}/bin/cal -mw \ + $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'next month') \ + | ${pad} + ) \ + | ${pkgs.gnused}/bin/sed 's/\t/ /g' + ''; + + q-isodate = '' + ${pkgs.coreutils}/bin/date \ + '+[1m%Y-%m-%d[;30mT[;38;5;085m%H:%M[m:%S%:z' + ''; + + q-gitdir = '' + if test -d .git; then + #git status --porcelain + branch=$( + ${pkgs.git}/bin/git branch \ + | ${pkgs.gnused}/bin/sed -rn 's/^\* (.*)/\1/p' + ) + echo "± $LOGNAME@''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)}:$PWD .git $branch" + fi + ''; + + q-power_supply = '' + for uevent in /sys/class/power_supply/*/uevent; do + if test -f $uevent; then + eval "$(${pkgs.gnused}/bin/sed -n ' + s/^\([A-Z_]\+=\)\(.*\)/\1'\'''\2'\'''/p + ' $uevent)" + + if test "x''${POWER_SUPPLY_CHARGE_NOW-}" = x; then + continue + fi + + charge_percentage=$(echo " + scale=2 + $POWER_SUPPLY_CHARGE_NOW / $POWER_SUPPLY_CHARGE_FULL + " | ${pkgs.bc}/bin/bc) + + lfc=$POWER_SUPPLY_CHARGE_FULL + rc=$POWER_SUPPLY_CHARGE_NOW + #rc=2800 + N=78; N=76 + N=10 + n=$(echo $N-1 | ${pkgs.bc}/bin/bc) + centi=$(echo "$rc*100/$lfc" | ${pkgs.bc}/bin/bc) + deci=$(echo "$rc*$N/$lfc" | ${pkgs.bc}/bin/bc) + energy_evel=$( + echo -n '☳ ' # TRIGRAM FOR THUNDER + if test $centi -ge 42; then echo -n '[1;32m' + elif test $centi -ge 23; then echo -n '[1;33m' + elif test $centi -ge 11; then echo -n '[1;31m' + else echo -n '[5;1;31m'; fi + for i in $(${pkgs.coreutils}/bin/seq 1 $deci); do + echo -n ■ + done + echo -n '[;30m' + for i in $(${pkgs.coreutils}/bin/seq $deci $n); do + echo -n ■ + done + echo '[m' $rc #/ $lfc + ) + echo "$energy_evel $charge_percentage" + fi + done + ''; + + q-virtualization = '' + echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)" + ''; + + q-wireless = '' + for dev in $( + ${pkgs.iw}/bin/iw dev \ + | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p' + ); do + inet=$(${pkgs.iproute}/bin/ip addr show $dev \ + | ${pkgs.gnused}/bin/sed -n ' + s/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p + ') \ + || unset inet + ssid=$(${pkgs.iw}/bin/iw dev $dev link \ + | ${pkgs.gnused}/bin/sed -n ' + s/.*\tSSID: \(.*\)/\1/p + ') \ + || unset ssid + echo "$dev''${inet+ $inet}''${ssid+ $ssid}" + done + ''; + + q-online = '' + if ${pkgs.curl.bin}/bin/curl -s google.com >/dev/null; then + echo '[32;1monline[m' + else + echo offline + fi + ''; + + q-thermal_zone = '' + for i in /sys/class/thermal/thermal_zone*; do + type=$(${pkgs.coreutils}/bin/cat $i/type) + temp=$(${pkgs.coreutils}/bin/cat $i/temp) + printf '%s %s°C\n' $type $(echo $temp / 1000 | ${pkgs.bc}/bin/bc) + done + ''; + + q-todo = '' + TODO_file=$HOME/TODO + if test -e "$TODO_file"; then + ${pkgs.coreutils}/bin/cat "$TODO_file" \ + | ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) ' + BEGIN { print "remind=0" } + /^[0-9]/{ + x = $1 + gsub(".", "\\\\&", x) + rest = substr($0, index($0, " ")) + rest = $0 + sub(" *", "", rest) + gsub(".", "\\\\&", rest) + print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \ + echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \ + (( remind++ ))" + } + END { print "test $remind = 0 && echo \"nothing to remind\"" } + ' \ + | { + # bash needed for (( ... )) + ${pkgs.bash}/bin/bash + } + else + echo "$TODO_file: no such file or directory" + fi + ''; + +in +# bash needed for <(...) +pkgs.writeBashBin "q" '' + set -eu + export PATH=/var/empty + ${q-cal} + echo + ${q-isodate} + (${q-gitdir}) & + (${q-power_supply}) & + (${q-virtualization}) & + (${q-wireless}) & + (${q-online}) & + (${q-thermal_zone}) & + wait + ${q-todo} +'' diff --git a/lass/5pkgs/rs/default.nix b/lass/5pkgs/rs/default.nix new file mode 100644 index 000000000..6b27908fb --- /dev/null +++ b/lass/5pkgs/rs/default.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: + +#TODO: get tab-completion working again +pkgs.writeBashBin "rs" '' + rsync -vaP --append-verify "$@" +'' diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass.nix index d7c66bf4d..841821a7a 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass.nix @@ -1,3 +1,15 @@ +{ pkgs, ... }: +pkgs.writeHaskell "xmonad-lass" { + executables.xmonad = { + extra-depends = [ + "containers" + "unix" + "X11" + "xmonad" + "xmonad-contrib" + "xmonad-stockholm" + ]; + text = '' {-# LANGUAGE DeriveDataTypeable #-} -- for XS {-# LANGUAGE FlexibleContexts #-} -- for xmonad' {-# LANGUAGE LambdaCase #-} @@ -147,3 +159,8 @@ gridConfig = def , gs_navigate = navNSearch , gs_font = myFont } + + ''; + }; +} + diff --git a/lass/5pkgs/xmonad-lass/.gitignore b/lass/5pkgs/xmonad-lass/.gitignore deleted file mode 100644 index 616204547..000000000 --- a/lass/5pkgs/xmonad-lass/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/shell.nix diff --git a/lass/5pkgs/xmonad-lass/Makefile b/lass/5pkgs/xmonad-lass/Makefile deleted file mode 100644 index cbb0776e6..000000000 --- a/lass/5pkgs/xmonad-lass/Makefile +++ /dev/null @@ -1,6 +0,0 @@ -.PHONY: ghci -ghci: shell.nix - nix-shell --command 'exec ghci -Wall' - -shell.nix: xmonad.cabal - cabal2nix --shell . > $@ diff --git a/lass/5pkgs/xmonad-lass/xmonad.cabal b/lass/5pkgs/xmonad-lass/xmonad.cabal deleted file mode 100644 index 37809b599..000000000 --- a/lass/5pkgs/xmonad-lass/xmonad.cabal +++ /dev/null @@ -1,17 +0,0 @@ -Author: lass -Build-Type: Simple -Cabal-Version: >= 1.2 -License: MIT -Name: xmonad-lass -Version: 0 - -Executable xmonad - Build-Depends: - base, - containers, - unix, - xmonad, - xmonad-contrib, - xmonad-stockholm - GHC-Options: -Wall -O3 -threaded -rtsopts - Main-Is: Main.hs |