From 3f04bdd19a877020aa6713f166c8aeb756739b7f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:53:48 +0200 Subject: ma mqtt: be more insecure --- makefu/2configs/mqtt.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix index c56521812..8b77df962 100644 --- a/makefu/2configs/mqtt.nix +++ b/makefu/2configs/mqtt.nix @@ -5,6 +5,9 @@ host = "0.0.0.0"; users = {}; # TODO: secure that shit + aclExtraConf = '' + pattern readwrite /# + ''; allowAnonymous = true; }; } -- cgit v1.2.3 From 1a42b74ddd167037c337ec91ad05ba9d044124af Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:54:04 +0200 Subject: ma backup/ssh: add wbob --- makefu/2configs/backup/ssh/wbob.pub | 1 + 1 file changed, 1 insertion(+) create mode 100644 makefu/2configs/backup/ssh/wbob.pub (limited to 'makefu/2configs') diff --git a/makefu/2configs/backup/ssh/wbob.pub b/makefu/2configs/backup/ssh/wbob.pub new file mode 100644 index 000000000..52d56d956 --- /dev/null +++ b/makefu/2configs/backup/ssh/wbob.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x -- cgit v1.2.3 From 98d0dc01af77fa29fe6a1e23369d11e5b7ac7d8d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:54:37 +0200 Subject: ma bureautomation: add thierry --- makefu/2configs/bureautomation/hass.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix index 02465520c..ace1d10ce 100644 --- a/makefu/2configs/bureautomation/hass.nix +++ b/makefu/2configs/bureautomation/hass.nix @@ -146,6 +146,7 @@ in { "device_tracker.ecki_tablet" "device_tracker.daniel_phone" "device_tracker.carsten_phone" + "device_tracker.thierry_phone" # "person.thorsten" # "person.felix" # "person.ecki" -- cgit v1.2.3 From afed4c7e2d31fe5e1200033f4903da12798a3466 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:55:00 +0200 Subject: ma taskd: define dataDir as state --- makefu/2configs/taskd.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/taskd.nix b/makefu/2configs/taskd.nix index 5ca3b9904..122ad66a7 100644 --- a/makefu/2configs/taskd.nix +++ b/makefu/2configs/taskd.nix @@ -1,5 +1,6 @@ {config, ... }: { + state = [ config.services.taskserver.dataDir ]; services.taskserver.enable = true; services.taskserver.fqdn = config.krebs.build.host.name; services.taskserver.listenHost = "::"; -- cgit v1.2.3 From 6067519d8d12af2b9dc9f8abfd2a86206effd4e4 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:55:28 +0200 Subject: ma task-client: remove shell-aliases --- makefu/2configs/task-client.nix | 7 ------- 1 file changed, 7 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix index 470193d6c..1fdddb9b1 100644 --- a/makefu/2configs/task-client.nix +++ b/makefu/2configs/task-client.nix @@ -4,11 +4,4 @@ pkgs.taskwarrior ]; - environment.shellAliases = { - tshack = "task project:shack"; - twork = "task project:soc"; - tpki = "task project:pki"; - tkrebs = "task project:krebs"; - t = "task project: "; - }; } -- cgit v1.2.3 From 6f82bc0e459db88bc9a671565e43aee504dd0e8f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:56:04 +0200 Subject: ma zsh.nix: manually load direnv --- makefu/2configs/home-manager/zsh.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index 267a2e878..d24969ef0 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -25,12 +25,12 @@ then [ -d .direnv ] || mkdir .direnv local tmp=$(nix-shell --show-trace "$@" \ - --run "\"$direnv\" dump bash") + --run "\"$direnv\" dump zsh") echo "$tmp" > "$cache" fi local path_backup=$PATH term_backup=$TERM - direnv_load cat "$cache" + . "$cache" export PATH=$PATH:$path_backup TERM=$term_backup -- cgit v1.2.3 From 28f095aa0940166b6628882b539d55cdabff9828 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:57:29 +0200 Subject: ma stats/arafetch: use latest version --- makefu/2configs/stats/arafetch.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index c16629cc5..6ab9d3774 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -2,7 +2,7 @@ with import ; let pkg = with pkgs.python3Packages;buildPythonPackage rec { - rev = "762d747"; + rev = "775d0c2"; name = "arafetch-${rev}"; propagatedBuildInputs = [ requests @@ -13,7 +13,7 @@ let src = pkgs.fetchgit { url = "http://cgit.euer.krebsco.de/arafetch"; inherit rev; - sha256 = "164xiqbrr914lz0nh3i1dxz8iwg6vm2af3i3803cd3242nznw0ws"; + sha256 = "0z35avn7vmbd1661ca1zkc9i4lwcm03kpwgiqxddpkp1yxhl548p"; }; }; home = "/var/lib/arafetch"; @@ -34,7 +34,7 @@ in { path = [ pkg pkgs.git pkgs.wget ]; serviceConfig = { User = "arafetch"; - Restart = "always"; + # Restart = "always"; WorkingDirectory = home; PrivateTmp = true; ExecStart = pkgs.writeDash "start-weekrun" '' -- cgit v1.2.3 From 4ee6d7e34e0d5546ab2d74a26a6e64edc85e43e3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:58:28 +0200 Subject: ma vim: disable languageClient again --- makefu/2configs/editor/vim.nix | 1 - makefu/2configs/editor/vimrc | 11 ----------- 2 files changed, 12 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix index 8a58e44de..d14a611b4 100644 --- a/makefu/2configs/editor/vim.nix +++ b/makefu/2configs/editor/vim.nix @@ -23,7 +23,6 @@ in { vimrcConfig.vam.pluginDictionaries = [ { names = [ "undotree" # "YouCompleteMe" - "LanguageClient-neovim" "vim-better-whitespace" ]; } # vim-nix handles indentation better but does not perform sanity { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc index 96c505ba8..8cdab55db 100644 --- a/makefu/2configs/editor/vimrc +++ b/makefu/2configs/editor/vimrc @@ -96,14 +96,3 @@ augroup Binary au BufWritePost *.bin if &bin | %!xxd au BufWritePost *.bin set nomod | endif augroup END - -let g:LanguageClient_serverCommands = { -\ 'python': ['pyls'] -\ } -nnoremap :call LanguageClient_contextMenu() -nnoremap gh :call LanguageClient_textDocument_hover() -nnoremap gd :call LanguageClient_textDocument_definition() -nnoremap gr :call LanguageClient_textDocument_references() -nnoremap gs :call LanguageClient_textDocument_documentSymbol() -nnoremap :call LanguageClient_textDocument_rename() -nnoremap gf :call LanguageClient_textDocument_formatting() -- cgit v1.2.3 From f6a0f6bfd274927bfaafdc411f93827ebf029358 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:58:51 +0200 Subject: ma fs: more documentation --- makefu/2configs/fs/sda-crypto-root-home.nix | 26 +++++++++++++++++++++++++- makefu/2configs/fs/sda-crypto-root.nix | 3 +-- 2 files changed, 26 insertions(+), 3 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/fs/sda-crypto-root-home.nix b/makefu/2configs/fs/sda-crypto-root-home.nix index e790ed6a8..4f0cf8c6b 100644 --- a/makefu/2configs/fs/sda-crypto-root-home.nix +++ b/makefu/2configs/fs/sda-crypto-root-home.nix @@ -8,7 +8,31 @@ # / (main-root) # /home (main-home) -with import ; +# clean the boot sector: +# dd if=/dev/zero of=/dev/sda count=2048 +# Installation Instruction on ISO: +# fdisk /dev/sda + # boot 500M + # rest rest +# cryptsetup luksFormat /dev/sda2 +# mkfs.ext4 -L nixboot /dev/sda1 +# cryptsetup luksOpen /dev/sda2 cryptoluks +# pvcreate /dev/mapper/cryptoluks +# vgcreate main /dev/mapper/cryptoluks +# lvcreate -L 200Gib main -n root +# lvcreate -L 800Gib main -n home +# mkfs.ext4 /dev/main/root +# mkfs.ext4 /dev/main/home +# mount /dev/mapper/main-root /mnt +# mkdir -p /mnt/{boot,home,var/src} /var/src +# mount /dev/sda1 /mnt/boot +# mount /dev/mapper/main-home /mnt/home +# touch /mnt/var/src/.populate +# mount -o bind /mnt/var/src /var/src +# nix-channel --add https://nixos.org/channels/nixos-19.03 nixpkgs && # nix-channel --update +# nix-env -iA nixpkgs.gitMinimal +# (on deploy-host) $(nix-build ~/stockholm/makefu/krops.nix --no-out-link --argstr name x --argstr target 10.42.22.91 -A deploy --show-trace) +# NIXOS_CONFIG=/var/src/nixos-config nixos-install -I /var/src --no-root-passwd --no-channel-copy { imports = [ diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index 55cfd74f5..e49843cfe 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -9,8 +9,7 @@ # boot 500M # rest rest # cryptsetup luksFormat /dev/sda2 -# -with import ; +# mkfs.ext4 -L nixboot /dev/sda1 { boot = { loader.grub.enable = true; -- cgit v1.2.3 From da44703a861c56e954cb350ec65b87b30b6e4ace Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:59:13 +0200 Subject: ma printer: cups as state dir --- makefu/2configs/printer.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 0889ebbc1..d297483b2 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -32,4 +32,5 @@ in { tcp 192.168.1.5 ''; #home printer SCX-3205W }; + state = [ "/var/lib/cups" ]; } -- cgit v1.2.3 From 8de1b7553ced70a449655024fbcbad431ab0a1ca Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 14:00:01 +0200 Subject: ma mail.euer: use new mailserver release, set state --- makefu/2configs/mail/mail.euer.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix index f8f82e76b..d27b888a7 100644 --- a/makefu/2configs/mail/mail.euer.nix +++ b/makefu/2configs/mail/mail.euer.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { imports = [ - (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz") + (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz") ]; mailserver = { @@ -32,8 +32,12 @@ }; services.dovecot2.extraConfig = '' - ssl_dh = Date: Thu, 9 May 2019 08:42:23 +0200 Subject: prison-break: finish move from makefu to krebs namespace --- makefu/2configs/hw/network-manager.nix | 5 ++++- makefu/2configs/nur.nix | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix index d7b262b91..e781c7ed1 100644 --- a/makefu/2configs/hw/network-manager.nix +++ b/makefu/2configs/hw/network-manager.nix @@ -1,4 +1,7 @@ { pkgs, lib, ... }: +let + prison-break = pkgs.callPackage ../../../krebs/5pkgs/simple/prison-break {}; +in { users.users.makefu = { extraGroups = [ "networkmanager" ]; @@ -31,6 +34,6 @@ "/etc/NetworkManager/system-connections" #NM stateful config files ]; networking.networkmanager.dispatcherScripts = [ - { source = "${pkgs.prison-break}/bin/prison-break"; } + { source = "${prison-break}/bin/prison-break"; } ]; } diff --git a/makefu/2configs/nur.nix b/makefu/2configs/nur.nix index dda00063a..3cb4981e0 100644 --- a/makefu/2configs/nur.nix +++ b/makefu/2configs/nur.nix @@ -1,7 +1,7 @@ { pkgs, ... }:{ nixpkgs.config.packageOverrides = pkgs: { - nur = pkgs.callPackage (import (builtins.fetchGit { - url = "https://github.com/nix-community/NUR"; - })) {}; + nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") { + inherit pkgs; + }; }; } -- cgit v1.2.3 From 1340e3fb77beaf1d35d21bd885ce3673a84307a7 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 May 2019 09:30:48 +0200 Subject: ma network-manager: use prison-break from pkgs --- makefu/2configs/hw/network-manager.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix index e781c7ed1..d7b262b91 100644 --- a/makefu/2configs/hw/network-manager.nix +++ b/makefu/2configs/hw/network-manager.nix @@ -1,7 +1,4 @@ { pkgs, lib, ... }: -let - prison-break = pkgs.callPackage ../../../krebs/5pkgs/simple/prison-break {}; -in { users.users.makefu = { extraGroups = [ "networkmanager" ]; @@ -34,6 +31,6 @@ in "/etc/NetworkManager/system-connections" #NM stateful config files ]; networking.networkmanager.dispatcherScripts = [ - { source = "${prison-break}/bin/prison-break"; } + { source = "${pkgs.prison-break}/bin/prison-break"; } ]; } -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/c0300000.lock: No such file or directory (2)