From 5198efe77718ffebd86147d6f6a759485463161d Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 9 Oct 2018 19:52:35 +0200
Subject: [PATCH 001/149] jeschli: remove reagenzglas
---
jeschli/1systems/reagenzglas/config.nix | 145 ------------------
.../reagenzglas/hardware-configuration.nix | 33 ----
2 files changed, 178 deletions(-)
delete mode 100644 jeschli/1systems/reagenzglas/config.nix
delete mode 100644 jeschli/1systems/reagenzglas/hardware-configuration.nix
diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix
deleted file mode 100644
index eb2ba179e..000000000
--- a/jeschli/1systems/reagenzglas/config.nix
+++ /dev/null
@@ -1,145 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
- imports =
- [ # Include the results of the hardware scan.
- <stockholm/jeschli>
- ./hardware-configuration.nix
- ];
-
- # Use the GRUB 2 boot loader.
- # boot.loader.grub.enable = true;
- # boot.loader.grub.version = 2;
- # boot.loader.grub.efiSupport = true;
- # boot.loader.grub.efiInstallAsRemovable = true;
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
- # Define on which hard drive you want to install Grub.
-# boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538844584d30"; # or "nodev" for efi only
-
- boot.initrd.luks.devices = [
- {
- name = "root";
- device = "/dev/disk/by-id/wwn-0x5002538844584d30-part2";
- preLVM = true;
- allowDiscards = true;
- }
- ];
-# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
- networking.networkmanager.enable = true;
- # Select internationalisation properties.
- # i18n = {
- # consoleFont = "Lat2-Terminus16";
- # consoleKeyMap = "us";
- # defaultLocale = "en_US.UTF-8";
- # };
-
- # Set your time zone.
- # time.timeZone = "Europe/Amsterdam";
-
- # List packages installed in system profile. To search by name, run:
- # $ nix-env -qaP | grep wget
- nixpkgs.config.allowUnfree = true;
- environment.shellAliases = { n = "nix-shell"; };
- environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
- environment.systemPackages = with pkgs; [
- # system helper
- ag
- curl
- copyq
- dmenu
- git
- i3lock
- keepass
- networkmanagerapplet
- rsync
- terminator
- tmux
- wget
- rxvt_unicode
- # editors
- emacs
- # internet
- thunderbird
- chromium
- google-chrome
- # programming languages
- go
- gcc
- ghc
- python35
- python35Packages.pip
- # go tools
- golint
- gotools
- # dev tools
- gnumake
- # document viewer
- zathura
- ];
-
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.mtr.enable = true;
- # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
-
- # List services that you want to enable:
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01 markus@reaganzglas"
- ];
-
- # Open ports in the firewall.
- # networking.firewall.allowedTCPPorts = [ ... ];
- # networking.firewall.allowedUDPPorts = [ ... ];
- # Or disable the firewall altogether.
- # networking.firewall.enable = false;
-
- # Enable CUPS to print documents.
- # services.printing.enable = true;
-
- # Enable the X11 windowing system.
- services.xserver.enable = true;
- services.xserver.layout = "us";
- services.xserver.xkbOptions = "eurosign:e";
-
- # Enable touchpad support.
- services.xserver.libinput.enable = true;
-
- # Enable the KDE Desktop Environment.
- services.xserver.displayManager.sddm.enable = true;
- services.xserver.windowManager.xmonad.enable = true;
- services.xserver.windowManager.xmonad.enableContribAndExtras = true;
-
- # services.xserver.desktopManager.plasma5.enable = true;
-
- # Define a user account. Don't forget to set a password with ‘passwd’.
- users.extraUsers.jeschli = {
- isNormalUser = true;
- uid = 1000;
- };
-
- # This value determines the NixOS release with which your system is to be
- # compatible, in order to avoid breaking some software such as database
- # servers. You should change this only after NixOS release notes say you
- # should.
- system.stateVersion = "18.03"; # Did you read the comment?
-
- programs.bash = {
- enableCompletion = true;
- interactiveShellInit = ''
- export GOPATH=$HOME/go
- export PATH=$PATH:$GOPATH/bin
- '';
- };
-
- krebs.build.host = config.krebs.hosts.reagenzglas;
-
- hardware.bluetooth.enable = true;
-}
diff --git a/jeschli/1systems/reagenzglas/hardware-configuration.nix b/jeschli/1systems/reagenzglas/hardware-configuration.nix
deleted file mode 100644
index a6ab3f16e..000000000
--- a/jeschli/1systems/reagenzglas/hardware-configuration.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/09130cf7-b71b-42ab-9fa3-cb3c745f1fc9";
- fsType = "ext4";
- };
-
- fileSystems."/home" =
- { device = "/dev/disk/by-uuid/8bee50b3-5733-4373-a966-388def141774";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/DA40-AC19";
- fsType = "vfat";
- };
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 8;
-# powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
From d0063c054b3d55be74ed2f60fcc502af5b7ee89a Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 26 Oct 2018 11:53:19 +0200
Subject: [PATCH 002/149] j emacs: enable ido completion
---
jeschli/2configs/emacs.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
index 5fc887477..896d3838f 100644
--- a/jeschli/2configs/emacs.nix
+++ b/jeschli/2configs/emacs.nix
@@ -25,6 +25,10 @@ let
;; (require 'evil-org-agenda)
;; (evil-org-agenda-set-keys)
'';
+ ido = ''
+ (require 'ido)
+ (ido-mode t)
+ '';
windowCosmetics = ''
(menu-bar-mode -1)
(tool-bar-mode -1) ; Disable the button bar atop screen
@@ -58,6 +62,7 @@ let
'';
dotEmacs = pkgs.writeText "dot-emacs" ''
${evilMode}
+ ${ido}
${packageRepos}
${orgMode}
${recentFiles}
From b22d3461ac908a9125848792f90fa58029fbc980 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 26 Oct 2018 11:55:06 +0200
Subject: [PATCH 003/149] j emacs: shortcuts for global org link creation
---
jeschli/2configs/emacs.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
index 896d3838f..096d23dff 100644
--- a/jeschli/2configs/emacs.nix
+++ b/jeschli/2configs/emacs.nix
@@ -46,6 +46,8 @@ let
(global-set-key "\C-cl" 'org-store-link)
(global-set-key "\C-ca" 'org-agenda)
(global-set-key "\C-cb" 'org-iswitchb)
+ (global-set-key "\C-c L" 'org-insert-link-global)
+ (global-set-key "\C-c o" 'org-open-at-point-global)
(setq org-link-frame-setup '((file . find-file))) ; open link in same frame.
(if (boundp 'org-user-agenda-files)
(setq org-agenda-files org-user-agenda-files)
From 18528650ed3619c505fd4f1ab79feb40d727be20 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 26 Oct 2018 11:56:28 +0200
Subject: [PATCH 004/149] j emacs: load monokai-alt without asking
---
jeschli/2configs/emacs.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
index 096d23dff..6197f9523 100644
--- a/jeschli/2configs/emacs.nix
+++ b/jeschli/2configs/emacs.nix
@@ -55,7 +55,7 @@ let
)
'';
theme = ''
- (load-theme 'monokai-alt)
+ (load-theme 'monokai-alt t)
'';
recentFiles = ''
(recentf-mode 1)
From 60d6a1eae914709331061615db10b4d4b7c25bcd Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 26 Oct 2018 12:03:18 +0200
Subject: [PATCH 005/149] j brauerei: add and cleanup old shellAliases
---
jeschli/1systems/brauerei/config.nix | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index e419e35be..b31426010 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -32,11 +32,16 @@
nixpkgs.config.allowUnfree = true;
environment.shellAliases = {
- n = "nix-shell";
- stocki = pkgs.writeDash "deploy" ''
- cd ~/stockholm
- exec nix-shell -I stockholm="$PWD" --run 'deploy --system="brauerei"'
- '';
+ # git aliases
+ ga = "git add";
+ gch = "git checkout";
+ gco = "git commit";
+ gp = "git push";
+ gr = "git rebase";
+ gs = "git status";
+ # nix aliases
+ ns = "nix-shell";
+ # krops
deploy = pkgs.writeDash "deploy" ''
set -eu
export SYSTEM="$1"
From 8b9808e208d6f9e8a9a0ddf34e633c84f1951481 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 26 Oct 2018 12:04:49 +0200
Subject: [PATCH 006/149] j brauerei: add/cleanup systemPackages
---
jeschli/1systems/brauerei/config.nix | 30 ++++++++++++++++------------
1 file changed, 17 insertions(+), 13 deletions(-)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index b31426010..54ac6461c 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -50,15 +50,17 @@
};
environment.systemPackages = with pkgs; [
- # system helper
+ # system helper
+ acpi
ag
- curl
copyq
+ curl
dmenu
git
i3lock
keepass
networkmanagerapplet
+ pavucontrol
rsync
terminator
tmux
@@ -66,16 +68,17 @@
# editors
emacs
# internet
- thunderbird
chromium
+ firefox
google-chrome
+ thunderbird
# programming languages
elixir
elmPackages.elm
exercism
- go
gcc
ghc
+ go
python35
python35Packages.pip
(vagrant.override {
@@ -89,23 +92,24 @@
});
};
})
+ # dev tools
+ gnumake
+ jetbrains.goland
+ jetbrains.pycharm-professional
+ jetbrains.webstorm
+ # document viewer
+ evince
+ zathura
# go tools
golint
gotools
# rust
cargo
rustc
- # dev tools
- gnumake
- jetbrains.pycharm-professional
- jetbrains.webstorm
- jetbrains.goland
- # document viewer
- evince
- zathura
+ # orga tools
+ taskwarrior
# xorg
xorg.xbacklight
- taskwarrior
];
# Some programs need SUID wrappers, can be configured further or are
From 0d344f3bd964d0af91ec978ea9300c1ce1713744 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 26 Oct 2018 12:05:30 +0200
Subject: [PATCH 007/149] j brauerei: enable docker
---
jeschli/1systems/brauerei/config.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 54ac6461c..6f4dbf665 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -123,6 +123,8 @@
# Enable the OpenSSH daemon.
services.openssh.enable = true;
+ virtualisation.docker.enable = true;
+
services.xserver = {
# Don't install feh into systemPackages
From 16c5e5ce48a113048449bc0aeec0f821c10812bf Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 26 Oct 2018 12:06:31 +0200
Subject: [PATCH 008/149] j brauerei: add christopher to dev user
---
jeschli/1systems/brauerei/config.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 6f4dbf665..4c07da6e8 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -160,6 +160,7 @@
config.krebs.users.lass.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
+ "ssh-rsa AAAAB4NzaC1yc2EAAAADAQABAAACAQC1x9+OtNfwv6LxblnLHeBElxoxLfaYUyvqMrBgnrlkaPjylPv711bvPslnt+YgdPsZQLCoQ2t5f0x0j7ZOMYE9eyRrnr67ITO+Od05u3eCypWOZulekkDL0ZDeYdvoZKOWnbKWnQVRfYuLOEL/g5/9E7MLtIdID8e98b/qHzs/+wmuuDR3zHCNic0BKixgET/EgFvLWezWxJ6D/TTv/5sDAfrC+RUN8ad14sxjKIkS3nkAlm8bhrCxQKaHLUcCJWiweW0gPWYSlp64VHS5lchvqCJlPYQdx0XbwolvlLYru0w74ljLbi3eL35GFFyHSeEjQ73EtVwo53uVKTy7SAORU7JNg6xL9H3ChOLOknN9oHs1K7t/maMsATle0HAFcTuaOhELUmHM8dCJh3nPVWIkzHQ4o3fyaogrpt7/V5j6R1/Ozn7P9n4OdqrjiaWqHlz/XHeYNNWte+a0EW+NubC83yS0Cu3uhZ36C3RET2vNM25CyYOBn4ccClAozayQIb6Cif0tCafMRPgkSlogQd8+SqNZpTnmtllIT3VnT5smgrufy6HETDkrHjApDrsqLtMCFY83RFwt4QLv/L93O7IsGifzmEfD9qD7YBSMNs8ihBIUXPk9doHXvYS506YroxWOxe/C0rzzbaogxQT6JMd1ozfXitRD9v7iBIFAT4Kzjw== christopher.kilian@dcso.de"
];
};
From f6ad60a0c6cbac45e8ba715b24a7a37f8e2560dc Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 26 Oct 2018 12:17:28 +0200
Subject: [PATCH 009/149] j emacs: add haskell-mode
---
jeschli/2configs/emacs.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
index 6197f9523..1c92f601f 100644
--- a/jeschli/2configs/emacs.nix
+++ b/jeschli/2configs/emacs.nix
@@ -76,6 +76,7 @@ let
epkgs.melpaStablePackages.magit
epkgs.melpaPackages.nix-mode
epkgs.melpaPackages.go-mode
+ epkgs.melpaPackages.haskell-mode
epkgs.melpaPackages.google-this
epkgs.melpaPackages.monokai-alt-theme
]);
From 921483a7e64692d95bd9e7656d6439fc39695e21 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 2 Nov 2018 09:36:02 +0100
Subject: [PATCH 010/149] j refactor: remove comments
---
jeschli/1systems/brauerei/config.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 0edf23676..047da8714 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -1,4 +1,3 @@
-# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, lib, ... }:
{
imports = [
From fa84ae1d229da9206feec2ea2ceffa9d3d788a58 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 2 Nov 2018 09:37:31 +0100
Subject: [PATCH 011/149] j brauerei: add new aliases
---
jeschli/1systems/brauerei/config.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 047da8714..8e96cb8ad 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -31,10 +31,15 @@
nixpkgs.config.allowUnfree = true;
environment.shellAliases = {
+ # emacs aliases
+ ed = "emacsclient";
+ edc = "emacsclient --create-frame";
# git aliases
ga = "git add";
gch = "git checkout";
gco = "git commit";
+ gf = "git fetch";
+ gm = "git merge";
gp = "git push";
gr = "git rebase";
gs = "git status";
From 17039f28bc669ccf2a45a9fbdcb76a6b72c0ca97 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 2 Nov 2018 09:38:58 +0100
Subject: [PATCH 012/149] j brauerei: remove comments
---
jeschli/1systems/brauerei/config.nix | 4 ----
1 file changed, 4 deletions(-)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 8e96cb8ad..6ef52e2ff 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -130,9 +130,6 @@
virtualisation.docker.enable = true;
services.xserver = {
-
- # Don't install feh into systemPackages
- # refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
desktopManager.session = lib.mkForce [];
displayManager.lightdm.enable = lib.mkForce false;
displayManager.job.execCmd = lib.mkForce "derp";
@@ -143,7 +140,6 @@
dpi = 144;
-# videoDrivers = [ "nvidia" ];
synaptics = {
enable = true;
twoFingerScroll = true;
From a931b19ababfb446c77c55c075e35f22f176088e Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 2 Nov 2018 09:41:47 +0100
Subject: [PATCH 013/149] j emacs: modify go-mode
---
jeschli/2configs/emacs.nix | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
index 1c92f601f..636c8dafd 100644
--- a/jeschli/2configs/emacs.nix
+++ b/jeschli/2configs/emacs.nix
@@ -25,10 +25,22 @@ let
;; (require 'evil-org-agenda)
;; (evil-org-agenda-set-keys)
'';
+
+ goMode = ''
+ (add-to-list 'exec-path "~/go/bin")
+ (add-hook 'go-mode-hook
+ (lambda ()
+ (setq-default)
+ (setq tab-width 2)
+ (setq standard-indent 2)
+ (setq indent-tabs-mode nil)))
+ '';
+
ido = ''
(require 'ido)
(ido-mode t)
'';
+
windowCosmetics = ''
(menu-bar-mode -1)
(tool-bar-mode -1) ; Disable the button bar atop screen
@@ -54,16 +66,20 @@ let
(setq org-agenda-files (quote ("~/projects/notes")))
)
'';
+
theme = ''
(load-theme 'monokai-alt t)
'';
+
recentFiles = ''
(recentf-mode 1)
(setq recentf-max-menu-items 25)
(global-set-key "\C-x\ \C-r" 'recentf-open-files)
'';
+
dotEmacs = pkgs.writeText "dot-emacs" ''
${evilMode}
+ ${goMode}
${ido}
${packageRepos}
${orgMode}
From ebb2a99f21bab752945ee955fc83643f5a20f668 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 2 Nov 2018 09:43:08 +0100
Subject: [PATCH 014/149] j emacs: add newlines
---
jeschli/2configs/emacs.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
index 636c8dafd..ace6b0f4a 100644
--- a/jeschli/2configs/emacs.nix
+++ b/jeschli/2configs/emacs.nix
@@ -15,6 +15,7 @@ let
(add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/")))
(package-initialize)
'';
+
evilMode = ''
;; Evil Mode
(require 'evil)
@@ -53,6 +54,7 @@ let
(setq visible-bell nil) ; Disable annoying visual bell graphic
(setq ring-bell-function 'ignore) ; Disable super annoying audio bell
'';
+
orgMode = ''
(add-to-list 'auto-mode-alist '("\\.\\(org\\|org_archive\\|txt\\)$" . org-mode))
(global-set-key "\C-cl" 'org-store-link)
From 7a0808135928662693cc8a79db905d4e436183f7 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 2 Nov 2018 09:43:47 +0100
Subject: [PATCH 015/149] j emacs: add ag, rust-mode and emacs-as-daemon
---
jeschli/2configs/emacs.nix | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
index ace6b0f4a..4f5b690f2 100644
--- a/jeschli/2configs/emacs.nix
+++ b/jeschli/2configs/emacs.nix
@@ -89,7 +89,9 @@ let
${theme}
${windowCosmetics}
'';
+
emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [
+ epkgs.melpaPackages.ag
epkgs.melpaPackages.evil
epkgs.melpaStablePackages.magit
epkgs.melpaPackages.nix-mode
@@ -97,12 +99,23 @@ let
epkgs.melpaPackages.haskell-mode
epkgs.melpaPackages.google-this
epkgs.melpaPackages.monokai-alt-theme
+ epkgs.melpaPackages.rust-mode
]);
+
myEmacs = pkgs.writeDashBin "my-emacs" ''
exec ${emacsWithCustomPackages}/bin/emacs -q -l ${dotEmacs} "$@"
'';
+
+ myEmacsWithDaemon = pkgs.writeDashBin "my-emacs-daemon" ''
+ exec ${emacsWithCustomPackages}/bin/emacs -q -l ${dotEmacs} --daemon
+ '';
+
+ myEmacsClient = pkgs.writeDashBin "meclient" ''
+ exec ${emacsWithCustomPackages}/bin/emacsclient --create-frame
+ '';
+
in {
environment.systemPackages = [
- myEmacs
+ myEmacs myEmacsWithDaemon myEmacsClient
];
}
From 8bfa2bbfc52f39ac56730cfa0f846b4242274136 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 2 Nov 2018 10:10:29 +0100
Subject: [PATCH 016/149] j reagenzglas: remove
---
krebs/3modules/jeschli/default.nix | 37 ------------------------------
1 file changed, 37 deletions(-)
diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix
index c0cb601bc..4bae31b31 100644
--- a/krebs/3modules/jeschli/default.nix
+++ b/krebs/3modules/jeschli/default.nix
@@ -44,43 +44,6 @@ with import <stockholm/lib>;
};
};
};
- reagenzglas = {
- nets = {
- retiolum = {
- ip4.addr = "10.243.27.27";
- ip6.addr = "42::27";
- aliases = [
- "reagenzglas.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P
- bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0
- utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO
- 2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5
- hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u
- mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW
- 8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06
- aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw
- pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu
- 3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/
- lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5
- +IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz
- 9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli
- PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0
- ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn
- GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE
- hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2
- ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX
- vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe
- G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44
- 5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x
- Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
enklave = {
nets = rec {
internet = {
From 78b289201987675844aa37abeb4279eb4051ebe0 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 6 Nov 2018 19:35:59 +0100
Subject: [PATCH 017/149] j xmonad-stockholm: commented develop src
---
krebs/5pkgs/haskell/xmonad-stockholm.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix
index 7f6bb299d..4e06a825f 100644
--- a/krebs/5pkgs/haskell/xmonad-stockholm.nix
+++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix
@@ -4,6 +4,7 @@
mkDerivation rec {
pname = "xmonad-stockholm";
version = "1.2.0";
+# src = /home/jeschli/projects/haskell/xmonad-stockholm;
src = fetchgit {
url = http://cgit.ni.krebsco.de/xmonad-stockholm;
rev = "refs/tags/v${version}";
From 423e2fd2d90eb89dd1a26b6a08deb79836c1d34c Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 29 Jan 2019 19:28:21 +0100
Subject: [PATCH 018/149] j brauerei: add jeschli-xmonad and option to choose
gnome3, xfce. +emacs as service
---
jeschli/1systems/brauerei/config.nix | 34 ++++++++++++++++------------
1 file changed, 19 insertions(+), 15 deletions(-)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 6ef52e2ff..6b1e9edaa 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -1,12 +1,12 @@
{ config, pkgs, lib, ... }:
+let
+ xmonad-jeschli = pkgs.callPackage <stockholm/jeschli/5pkgs/simple/xmonad-jeschli> { inherit config; };
+in
{
imports = [
<stockholm/jeschli>
./hardware-configuration.nix
<stockholm/jeschli/2configs/urxvt.nix>
- <stockholm/jeschli/2configs/emacs.nix>
- <stockholm/jeschli/2configs/xdg.nix>
- <stockholm/jeschli/2configs/xserver>
<stockholm/jeschli/2configs/steam.nix>
<stockholm/jeschli/2configs/virtualbox.nix>
];
@@ -126,25 +126,29 @@
# Enable the OpenSSH daemon.
services.openssh.enable = true;
+ services.emacs.enable = true;
virtualisation.docker.enable = true;
services.xserver = {
- desktopManager.session = lib.mkForce [];
- displayManager.lightdm.enable = lib.mkForce false;
- displayManager.job.execCmd = lib.mkForce "derp";
-
enable = true;
- display = lib.mkForce 11;
- tty = lib.mkForce 11;
- dpi = 144;
-
- synaptics = {
- enable = true;
- twoFingerScroll = true;
- accelFactor = "0.035";
+ desktopManager = {
+ xfce.enable = true;
+ gnome3.enable = true;
};
+
+ windowManager = {
+ session = [{
+ name = "xmonad";
+ start = ''
+ ${xmonad-jeschli}/bin/xmonad &
+ waitPID=$!
+ '';
+ }
+ ];
+ };
+
};
users.extraUsers.jeschli = { # TODO: define as krebs.users
From 65dac8da5b213bd659a606043dfe483e74bb8f7d Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 29 Jan 2019 19:30:20 +0100
Subject: [PATCH 019/149] j brauerei: remove git aliases
---
jeschli/1systems/brauerei/config.nix | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 6b1e9edaa..e8702dd8c 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -34,15 +34,6 @@ in
# emacs aliases
ed = "emacsclient";
edc = "emacsclient --create-frame";
- # git aliases
- ga = "git add";
- gch = "git checkout";
- gco = "git commit";
- gf = "git fetch";
- gm = "git merge";
- gp = "git push";
- gr = "git rebase";
- gs = "git status";
# nix aliases
ns = "nix-shell";
# krops
From 0c6bfdde88a5292b1929f20b3c8c3605f91a6b13 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 29 Jan 2019 19:31:09 +0100
Subject: [PATCH 020/149] j brauerei: refactor: rearrange block
---
jeschli/1systems/brauerei/config.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index e8702dd8c..877d4f7e9 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -42,7 +42,7 @@ in
export SYSTEM="$1"
$(nix-build $HOME/stockholm/jeschli/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
- };
+ };
environment.systemPackages = with pkgs; [
# system helper
From b44967f69582f54081c756480e8012dcee361204 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 29 Jan 2019 19:31:42 +0100
Subject: [PATCH 021/149] j brauerei: add tokei
---
jeschli/1systems/brauerei/config.nix | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 877d4f7e9..d342acb64 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -105,6 +105,15 @@ in
taskwarrior
# xorg
xorg.xbacklight
+ # tokei
+ tokei = overrideDerivation super.tokei (old: {
+ patches = old.patches or [] ++ [
+ (self.fetchurl {
+ url = https://github.com/4z3/tokei/commit/c27529c.patch;
+ sha256 = "1rdw8bk379cav603ryrb57yfkvk2z8wavfw9prfh01agk3ml693x";
+ })
+ ];
+ });
];
# Some programs need SUID wrappers, can be configured further or are
From c241de7b70858ed41ce3b941d26a95126a095313 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 29 Jan 2019 19:45:35 +0100
Subject: [PATCH 022/149] xmonad-jeschli: set my initial workspaces
---
jeschli/5pkgs/simple/xmonad-jeschli/default.nix | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
index 827c77b77..a143ca2c5 100644
--- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
+++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
@@ -73,7 +73,6 @@ main = getArgs >>= \case
mainNoArgs :: IO ()
mainNoArgs = do
- workspaces0 <- getWorkspaces0
handleShutdownEvent <- newShutdownEventHandler
xmonad
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
@@ -85,7 +84,7 @@ mainNoArgs = do
{ terminal = urxvtcPath
, modMask = mod4Mask
, keys = myKeys
- , workspaces = workspaces0
+ , workspaces = ["comms", "org", "dev"]
, layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
--, handleEventHook = handleTimerEvent
From 9e6b0983669e0adc69a8391d6ebfe2266c30aedf Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 29 Jan 2019 19:47:11 +0100
Subject: [PATCH 023/149] xmonad-jeschli: remove setWMName LG3D where not
needed
---
jeschli/5pkgs/simple/xmonad-jeschli/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
index a143ca2c5..9fb7faaa6 100644
--- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
+++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
@@ -92,7 +92,7 @@ mainNoArgs = do
, startupHook = do
setWMName "LG3D"
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
- (\path -> forkFile path [] Nothing) <+> setWMName "LG3D"
+ (\path -> forkFile path [] Nothing)
, normalBorderColor = "#1c1c1c"
, focusedBorderColor = "#f000b0"
, handleEventHook = handleShutdownEvent
From cc99cd82a11e129aa202d159b5fa9135684ff0f7 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 29 Jan 2019 19:52:14 +0100
Subject: [PATCH 024/149] xmonad-jeschli: remove obsolete shortkey
---
jeschli/5pkgs/simple/xmonad-jeschli/default.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
index 9fb7faaa6..8066984be 100644
--- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
+++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
@@ -151,7 +151,6 @@ myKeys conf = Map.fromList $
, ((0 , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
, ((_S , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
, ((_C , xK_Print ), toggleWS)
- , ((_4 , xK_Print ), rhombus horseConfig (liftIO . hPutStrLn stderr) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] )
-- %! Rotate through the available layout algorithms
, ((_4 , xK_space ), sendMessage NextLayout)
From db9163a6005ad7e6f78a67c6a306cb4fa183698f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 1 Feb 2019 22:31:43 +0100
Subject: [PATCH 025/149] ma nixpkgs: 1258730 -> 30a126c
---
makefu/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json
index d62fd65ca..1788a17fb 100644
--- a/makefu/nixpkgs.json
+++ b/makefu/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/makefu/nixpkgs",
- "rev": "125873064a6eabd2896833d00aede7778a453fdf",
- "date": "2019-01-11T14:24:21+01:00",
- "sha256": "1ki50426m9simqvxdzckfgycibz5rdhwl6hzi31i72dqiafl8j6s",
+ "rev": "30a126c41eb81e96474d7f8488635fc36d78dd25",
+ "date": "2019-02-01T22:09:16+01:00",
+ "sha256": "1s5y22fs08wyw1izmaqd5dcnflw3rvkm3880vmlwv20g1phwhhi2",
"fetchSubmodules": false
}
From 80c2ab739d2d51bf47b07fd6f39508a85077b0e6 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Feb 2019 23:17:52 +0100
Subject: [PATCH 026/149] ma dict: actually use the dict server
---
makefu/2configs/dict.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/makefu/2configs/dict.nix b/makefu/2configs/dict.nix
index 6db9102ba..08f1f8502 100644
--- a/makefu/2configs/dict.nix
+++ b/makefu/2configs/dict.nix
@@ -1,5 +1,6 @@
{ pkgs, ... }:
{
+ environment.shellAliases.dict = "dict -h 127.0.0.1";
services.dictd.enable = true;
services.dictd.DBs = with pkgs.dictdDBs; [ wiktionary wordnet deu2eng eng2deu ];
}
From 0b668099468313b4547e1044efdc380d58e1d43e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 5 Feb 2019 22:32:28 +0100
Subject: [PATCH 027/149] ma flameshot: init
---
makefu/2configs/home-manager/desktop.nix | 9 +++++++++
makefu/5pkgs/awesomecfg/default.nix | 3 ++-
makefu/5pkgs/awesomecfg/full.cfg | 1 +
3 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix
index 3be020faa..63a5cdbef 100644
--- a/makefu/2configs/home-manager/desktop.nix
+++ b/makefu/2configs/home-manager/desktop.nix
@@ -11,6 +11,15 @@
services.network-manager-applet.enable = true;
services.blueman-applet.enable = true;
services.pasystray.enable = true;
+ services.flameshot.enable = true;
+ home.file.".config/Dharkael/flameshot.ini".text = ''
+ [General]
+ disabledTrayIcon=false
+ drawColor=@Variant(\0\0\0\x43\x1\xff\xff\0\0\0\0\xff\xff\0\0)
+ drawThickness=0
+ filenamePattern=%F_%T_shot
+ '';
+
systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) );
programs.chromium = {
enable = true;
diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix
index 486c0ddf6..1ae2f50d9 100644
--- a/makefu/5pkgs/awesomecfg/default.nix
+++ b/makefu/5pkgs/awesomecfg/default.nix
@@ -5,6 +5,7 @@
, networkmanagerapplet
, blueman
, clipit
+, flameshot
, modkey ? "Mod4"
, locker? "${pkgs.xlock}/bin/xlock -mode blank"
, ... }:
@@ -13,7 +14,7 @@
# replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@
full = lib.makeOverridable pkgs.substituteAll {
name = "awesome_full_config";
- inherit alsaUtils locker xbacklight modkey networkmanagerapplet blueman clipit;
+ inherit alsaUtils locker xbacklight modkey networkmanagerapplet blueman clipit flameshot ;
isExecutable = false;
src = ./full.cfg;
};
diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg
index 11f9f59b8..83dd79b4d 100644
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@@ -410,6 +410,7 @@ clientkeys = awful.util.table.join(
-- minimized, since minimized clients can't have the focus.
c.minimized = true
end),
+ awful.key({ }, "Print", function () awful.util.spawn("@flameshot@/bin/flameshot gui") end),
awful.key({ modkey, }, "m",
function (c)
c.maximized = not c.maximized
From d47dcb07825f548c76323143d6f3e04d6a9c773e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 5 Feb 2019 22:32:53 +0100
Subject: [PATCH 028/149] ma gum: use aarch64 builder
---
makefu/1systems/gum/config.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index e274b4bf8..7bc06f833 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -84,6 +84,7 @@ in {
<stockholm/makefu/2configs/shack/events-publisher>
<stockholm/makefu/2configs/shack/gitlab-runner>
<stockholm/makefu/2configs/remote-build/slave.nix>
+ <stockholm/makefu/2configs/remote-build/aarch64-community.nix>
<stockholm/makefu/2configs/taskd.nix>
# services
From 0132d371e6403f19bd8d188e8af836c9303db3fc Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 5 Feb 2019 22:33:09 +0100
Subject: [PATCH 029/149] ma zsh: revert back to TERM=xterm
---
makefu/2configs/home-manager/zsh.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix
index 59658e667..6c7b632e1 100644
--- a/makefu/2configs/home-manager/zsh.nix
+++ b/makefu/2configs/home-manager/zsh.nix
@@ -86,7 +86,8 @@
share = true;
};
sessionVariables = {
- TERM = "rxvt-unicode-256color";
+ # TERM = "rxvt-unicode-256color";
+ TERM = "xterm";
LANG = "en_US.UTF8";
LS_COLORS = ":di=1;31:";
EDITOR = "vim";
From 6dc21884dcc140922c8c2e295a2ed026becdab30 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 5 Feb 2019 22:33:26 +0100
Subject: [PATCH 030/149] ma homeautomation: permit Insecure homeassistant
---
makefu/2configs/homeautomation/default.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/makefu/2configs/homeautomation/default.nix b/makefu/2configs/homeautomation/default.nix
index 596d0002a..2af311c3b 100644
--- a/makefu/2configs/homeautomation/default.nix
+++ b/makefu/2configs/homeautomation/default.nix
@@ -257,4 +257,8 @@ in {
enable = true;
#configDir = "/var/lib/hass";
};
+ nixpkgs.config.permittedInsecurePackages = [
+ "homeassistant-0.77.2"
+ ];
+
}
From c9314cac8226da1d422ca5d3c73dab3fbb42513a Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 5 Feb 2019 22:33:54 +0100
Subject: [PATCH 031/149] ma tools: move at_spi2_core to gui
---
makefu/2configs/tools/core-gui.nix | 1 +
makefu/2configs/tools/core.nix | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix
index 1e85da53c..582d941a6 100644
--- a/makefu/2configs/tools/core-gui.nix
+++ b/makefu/2configs/tools/core-gui.nix
@@ -2,6 +2,7 @@
{
users.users.makefu.packages = with pkgs; [
+ at_spi2_core
chromium
feh
clipit
diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix
index 33e896d4c..b4c3a431e 100644
--- a/makefu/2configs/tools/core.nix
+++ b/makefu/2configs/tools/core.nix
@@ -8,7 +8,6 @@
( pkgs.writeScriptBin "unknow" ''#!/bin/sh
${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts
'')
- at_spi2_core
acpi
bc
rsync
@@ -17,6 +16,7 @@ ${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts
lsof
which
binutils
+ screen
# fs
cifs-utils
From 7f0354f2bae42e9eb6a341c079aeadfa1fc88e5b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 8 Feb 2019 15:14:54 +0100
Subject: [PATCH 032/149] ma tools/games: disable steam (for now)
---
makefu/2configs/tools/games.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix
index 40ea4523d..0f1e61791 100644
--- a/makefu/2configs/tools/games.nix
+++ b/makefu/2configs/tools/games.nix
@@ -2,7 +2,7 @@
{
imports = [
- ./steam.nix
+ # ./steam.nix
];
users.users.makefu.packages = with pkgs; [
games-user-env
From 6788519e4be7390c76bffacadd05d49f8fc3cace Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 8 Feb 2019 15:17:23 +0100
Subject: [PATCH 033/149] ma x: enable remote builder
---
makefu/1systems/x/config.nix | 27 ++++++++++++++++----------
makefu/2configs/remote-build/gum.nix | 15 ++++++++++++++
makefu/2configs/remote-build/slave.nix | 1 +
3 files changed, 33 insertions(+), 10 deletions(-)
create mode 100644 makefu/2configs/remote-build/gum.nix
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 138735d91..7ed63837f 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -15,6 +15,13 @@
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
<stockholm/makefu/2configs/dict.nix>
+ #<stockholm/makefu/3modules/netboot_server.nix>
+ #{
+ # netboot_server = {
+ # network.wan = "wlp3s0";
+ # network.lan = "enp0s25";
+ # };
+ #}
<stockholm/makefu/2configs/backup/state.nix>
# <stockholm/makefu/2configs/dnscrypt/client.nix>
@@ -52,21 +59,22 @@
# Virtualization
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
- <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
- {
- networking.firewall.allowedTCPPorts = [ 8080 ];
- networking.nat = {
- enable = true;
- externalInterface = "wlp3s0";
- internalInterfaces = [ "vboxnet0" ];
- };
- }
+ # <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
+ #{
+ # networking.firewall.allowedTCPPorts = [ 8080 ];
+ # networking.nat = {
+ # enable = true;
+ # externalInterface = "wlp3s0";
+ # internalInterfaces = [ "vboxnet0" ];
+ # };
+ #}
# Services
<stockholm/makefu/2configs/git/brain-retiolum.nix>
<stockholm/makefu/2configs/tor.nix>
<stockholm/makefu/2configs/vpn/vpngate.nix>
# <stockholm/makefu/2configs/buildbot-standalone.nix>
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
+ <stockholm/makefu/2configs/remote-build/gum.nix>
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
@@ -162,7 +170,6 @@
"/home/makefu/docs"
"/home/makefu/.password-store"
"/home/makefu/.secrets-pass"
- "/home/makefu/autosync/Database.kdb"
];
services.syncthing.user = lib.mkForce "makefu";
diff --git a/makefu/2configs/remote-build/gum.nix b/makefu/2configs/remote-build/gum.nix
new file mode 100644
index 000000000..98e2e58b5
--- /dev/null
+++ b/makefu/2configs/remote-build/gum.nix
@@ -0,0 +1,15 @@
+{
+ nix = {
+ distributedBuilds = true;
+ buildMachines = [
+ {
+ hostName = "gum.krebsco.de";
+ maxJobs = 8;
+ sshKey = toString <secrets/id_nixBuild>;
+ sshUser = "nixBuild";
+ system = "x86_64-linux";
+ supportedFeatures = [ ];
+ }
+ ];
+ };
+}
diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix
index 89121ffd6..0227f512a 100644
--- a/makefu/2configs/remote-build/slave.nix
+++ b/makefu/2configs/remote-build/slave.nix
@@ -5,6 +5,7 @@
useDefaultShell = true;
openssh.authorizedKeys.keys = [
config.krebs.users.buildbotSlave.pubkey
+ config.krebs.users.makefu-remote-builder.pubkey
];
};
}
From 4197f4e82be615186737dd3c0ffa41b0d48f0a3d Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 29 Jan 2019 20:00:28 +0100
Subject: [PATCH 034/149] j krops: fix directory
---
jeschli/krops.nix | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/jeschli/krops.nix b/jeschli/krops.nix
index 989abcdd0..dbf94bd0d 100644
--- a/jeschli/krops.nix
+++ b/jeschli/krops.nix
@@ -12,10 +12,7 @@
secrets = if test then {
file = toString ./2configs/tests/dummy-secrets;
} else {
- pass = {
- dir = "${lib.getEnv "HOME"}/.password-store";
- name = "hosts/${name}";
- };
+ file = "${lib.getEnv "HOME"}/secrets/${name}";
};
}
];
From 4a9e9eee620a436820fc9aa0d2b1c8549b440a8f Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 5 Feb 2019 19:19:09 +0100
Subject: [PATCH 035/149] j brauerei: remove commented dead code
---
jeschli/1systems/brauerei/config.nix | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index d342acb64..f7f545294 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -7,6 +7,9 @@ in
<stockholm/jeschli>
./hardware-configuration.nix
<stockholm/jeschli/2configs/urxvt.nix>
+# <stockholm/jeschli/2configs/emacs.nix>
+# <stockholm/jeschli/2configs/xdg.nix>
+# <stockholm/jeschli/2configs/xserver>
<stockholm/jeschli/2configs/steam.nix>
<stockholm/jeschli/2configs/virtualbox.nix>
];
@@ -147,8 +150,17 @@ in
'';
}
];
- };
+# xmonad = {
+# enable = true;
+# enableContribAndExtras = true;
+# extraPackages = haskellPackages: [
+# haskellPackages.xmonad-contrib
+# haskellPackages.xmonad-extras
+# haskellPackages.xmonad
+# ];
+# }
+ };
};
users.extraUsers.jeschli = { # TODO: define as krebs.users
From d9f9d2d0d6c356568b6f92c10bc959206e78fc87 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 5 Feb 2019 19:19:29 +0100
Subject: [PATCH 036/149] j brauerei: remove not working tokei override
---
jeschli/1systems/brauerei/config.nix | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index f7f545294..7ac4cc2c0 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -109,14 +109,7 @@ in
# xorg
xorg.xbacklight
# tokei
- tokei = overrideDerivation super.tokei (old: {
- patches = old.patches or [] ++ [
- (self.fetchurl {
- url = https://github.com/4z3/tokei/commit/c27529c.patch;
- sha256 = "1rdw8bk379cav603ryrb57yfkvk2z8wavfw9prfh01agk3ml693x";
- })
- ];
- });
+ tokei
];
# Some programs need SUID wrappers, can be configured further or are
From 4db5777d9a9d0aefcac61612a950e7c648f2ef84 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 5 Feb 2019 19:20:17 +0100
Subject: [PATCH 037/149] j xserver: add dbus magic for xserver
(xserver/default.nix not working currently)
---
jeschli/2configs/xserver/default.nix | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/jeschli/2configs/xserver/default.nix b/jeschli/2configs/xserver/default.nix
index ec3977c7e..44c35ca37 100644
--- a/jeschli/2configs/xserver/default.nix
+++ b/jeschli/2configs/xserver/default.nix
@@ -51,6 +51,12 @@ in {
${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} &
${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} &
${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
+ ${config.services.xserver.displayManager.sessionCommands}
+ if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
+ exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
+ fi
+ export DBUS_SESSION_BUS_ADDRESS
+ ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
wait
'';
From 6e82401de73d1a95a5e465fe75974d91c6595c15 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 9 Feb 2019 23:19:19 +0100
Subject: [PATCH 038/149] ma cake.r: now perform the important tasks of omo
---
makefu/1systems/cake/config.nix | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
index e40042b2d..8617578f0 100644
--- a/makefu/1systems/cake/config.nix
+++ b/makefu/1systems/cake/config.nix
@@ -1,9 +1,16 @@
{ config, lib, pkgs, ... }:
-{
+let
+ primaryInterface = "eth0";
+in {
imports = [
<stockholm/makefu>
./hardware-config.nix
- <stockholm/makefu/2configs/tools/core.nix>
+ # <stockholm/makefu/2configs/tools/core.nix>
+ { environment.systemPackages = with pkgs;[ rsync screen curl git ];}
+ <stockholm/makefu/2configs/binary-cache/nixos.nix>
+ #<stockholm/makefu/2configs/support-nixos.nix>
+ <stockholm/makefu/2configs/homeautomation/default.nix>
+ <stockholm/makefu/2configs/homeautomation/google-muell.nix>
# configure your hw:
# <stockholm/makefu/2configs/save-diskspace.nix>
];
@@ -12,7 +19,7 @@
tinc.retiolum.enable = true;
build.host = config.krebs.hosts.cake;
};
-
+ networking.firewall.trustedInterfaces = [ primaryInterface ];
documentation.info.enable = false;
documentation.man.enable = false;
services.nixosManual.enable = false;
From 7661181528df06f3b7e15128c1efcb6ac1854f31 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 9 Feb 2019 23:19:53 +0100
Subject: [PATCH 039/149] ma google-muell: bump to latest version, use new
config
---
makefu/2configs/homeautomation/google-muell.nix | 15 +++++++++++----
makefu/5pkgs/ampel/default.nix | 6 +++---
2 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/makefu/2configs/homeautomation/google-muell.nix b/makefu/2configs/homeautomation/google-muell.nix
index 235cc1546..5870f298d 100644
--- a/makefu/2configs/homeautomation/google-muell.nix
+++ b/makefu/2configs/homeautomation/google-muell.nix
@@ -3,13 +3,20 @@ with import <stockholm/lib>;
let
pkg = pkgs.ampel;
home = "/var/lib/ampel";
- sec = "${toString <secrets>}/google-muell.json";
+ sec = "${toString <secrets>}/ampel/google-muell.json";
ampelsec = "${home}/google-muell.json";
- cred = "${toString <secrets>}/google-muell-creds.json";
+ cred = "${toString <secrets>}/ampel/google-muell-creds.json";
# TODO: generate this credential file locally
ampelcred = "${home}/google-muell-creds.json";
- esp = "192.168.8.204";
sleepval = "1800";
+ default-color = "244,220,66";
+ config_json = toFile "config.json" (toJSON {
+ mq_hostname = "localhost";
+ mq_port = 1883;
+ mq_username = "sensor";
+ mq_topic = "/ham/flurlicht/cmnd/MEM1";
+ mq_password = replaceChars ["\n"] [""] (readFile "${toString <secrets>}/mqtt/sensor");
+ });
in {
users.users.ampel = {
uid = genid "ampel";
@@ -27,7 +34,7 @@ in {
install -m600 -o ampel ${sec} ${ampelsec}
install -m600 -o ampel ${cred} ${ampelcred}
'';
- ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}";
+ ExecStart = "${pkg}/bin/google-muell --config ${config_json} --default-color=${default-color} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}";
PermissionsStartOnly = true;
Restart = "always";
RestartSec = 10;
diff --git a/makefu/5pkgs/ampel/default.nix b/makefu/5pkgs/ampel/default.nix
index 9792c2c59..70fdfda78 100644
--- a/makefu/5pkgs/ampel/default.nix
+++ b/makefu/5pkgs/ampel/default.nix
@@ -2,7 +2,7 @@
with pkgs.python3Packages;buildPythonPackage rec {
name = "ampel-${version}";
- version = "0.2.1";
+ version = "0.2.4";
propagatedBuildInputs = [
docopt
@@ -16,8 +16,8 @@ with pkgs.python3Packages;buildPythonPackage rec {
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
- rev = "92321d7";
- sha256 = "0mvpbpf1rx8sc589qjb73gl8z6fir2zs3gl3br1pbhg5jgn0ij4n";
+ rev = "04e1c8c38ffe53175ae719121ad88534a8a662db";
+ sha256 = "00jgr3jg2yi91hd7388v8rncfbq8fx8dvr03sg749dzpsg58hfxn";
};
meta = {
homepage = http://cgit.euer.krebsco.de/ampel;
From 78803cf974c0828170ff360b353bd1b67f2d7da9 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 10 Feb 2019 08:01:01 +0100
Subject: [PATCH 040/149] ma tests/secrets: add id_nixBuild
---
makefu/0tests/data/secrets/id_nixBuild | 0
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 makefu/0tests/data/secrets/id_nixBuild
diff --git a/makefu/0tests/data/secrets/id_nixBuild b/makefu/0tests/data/secrets/id_nixBuild
new file mode 100644
index 000000000..e69de29bb
From d64c6bb976f61b2173a2c170ea1ba6f26c57147e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 10 Feb 2019 09:53:45 +0100
Subject: [PATCH 041/149] Revert "ma cgit: disable irc hook"
This reverts commit 1f8ad80695e93687999b8151ddd2e7f2c40b085b.
---
makefu/2configs/git/cgit-retiolum.nix | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 4890e4afe..0ff855980 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -62,6 +62,15 @@ let
make-krebs-repo = with git; name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
+ hooks = {
+ post-receive = pkgs.git-hooks.irc-announce {
+ nick = config.networking.hostName;
+ verbose = config.krebs.build.host.name == "gum";
+ channel = "#xxx";
+ # TODO remove the hardcoded hostname
+ server = "irc.r";
+ };
+ };
};
From a68144db9fef2a46a5817da7449fe2ba89e600ee Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 11 Feb 2019 17:52:22 +0100
Subject: [PATCH 042/149] ma gum.r: also load dm-raid at startup of kernel to
mount binaergewitter
---
makefu/1systems/gum/hardware-config.nix | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix
index 542b79fe7..857fad7aa 100644
--- a/makefu/1systems/gum/hardware-config.nix
+++ b/makefu/1systems/gum/hardware-config.nix
@@ -41,36 +41,36 @@ in {
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ main-disk ];
- boot.initrd.kernelModules = [ "dm-raid" ];
+ boot.initrd.kernelModules = [ "dm-raid" "dm_cache" ];
boot.initrd.availableKernelModules = [
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
- boot.kernelModules = [ "dm-thin-pool" "kvm-intel" ];
+ boot.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" "kvm-intel" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
- device = "/dev/mapper/nixos-root";
+ device = "/dev/nixos/root";
fsType = "ext4";
};
fileSystems."/var/lib" = {
- device = "/dev/mapper/nixos-lib";
+ device = "/dev/nixos/lib";
fsType = "ext4";
};
fileSystems."/var/log" = {
- device = "/dev/mapper/nixos-log";
+ device = "/dev/nixos/log";
fsType = "ext4";
};
fileSystems."/var/download" = {
- device = "/dev/mapper/nixos-download";
+ device = "/dev/nixos/download";
fsType = "ext4";
};
fileSystems."/var/www/binaergewitter" = {
- device = "/dev/mapper/nixos-binaergewitter";
+ device = "/dev/nixos/binaergewitter";
fsType = "ext4";
- options = [ "nofail" ];
+ options = [ "nofail" "x-systemd.automount" "x-systemd.device-timeout=5s" "x-systemd.mount-timeout=5s" ];
};
fileSystems."/var/lib/borgbackup" = {
- device = "/dev/mapper/nixos-backup";
+ device = "/dev/nixos/backup";
fsType = "ext4";
};
fileSystems."/boot" = {
From 5605d675daf909f586957e1c735a9ff82e6ac68b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 12 Feb 2019 14:55:19 +0100
Subject: [PATCH 043/149] nixpkgs: b01a89d -> 168cbb3
---
krebs/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 2fd2839b9..ecc45a15b 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "b01a89d58f117c485f16c97a388da6227d8f0103",
- "date": "2019-02-08T10:50:49+01:00",
- "sha256": "1s2jdfvqjviiiq897sd6fkmc8ffyca7agmxynp4w873rfjdz10yi",
+ "rev": "168cbb39691cca2822ce1fdb3e8c0183af5c6d0d",
+ "date": "2019-02-12T00:54:14+01:00",
+ "sha256": "0fqasswfqrz2rbag9bz17j8y7615s0p9l23cw4sk2f384gk0zf6c",
"fetchSubmodules": false
}
From 5845742ae0770bae3c341d2d7eacb4ccc05245c9 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 16 Feb 2019 15:28:30 +0100
Subject: [PATCH 044/149] nixpkgs: 168cbb3 -> 9bd45dd
---
krebs/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index ecc45a15b..b6124ad41 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "168cbb39691cca2822ce1fdb3e8c0183af5c6d0d",
- "date": "2019-02-12T00:54:14+01:00",
- "sha256": "0fqasswfqrz2rbag9bz17j8y7615s0p9l23cw4sk2f384gk0zf6c",
+ "rev": "9bd45dddf8171e2fd4288d684f4f70a2025ded19",
+ "date": "2019-02-15T12:11:24-05:00",
+ "sha256": "1idrxrymwqfsfysav3yl8lya1jhgg8xzgq9hy7dpdd63770vn8c1",
"fetchSubmodules": false
}
From f26eda6481e470f19b41d64539f282b15e23b389 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 16 Feb 2019 22:31:35 +0100
Subject: [PATCH 045/149] ma nixpkgs: 30a126c -> 16fc627
---
makefu/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json
index 1788a17fb..7c14f78a8 100644
--- a/makefu/nixpkgs.json
+++ b/makefu/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/makefu/nixpkgs",
- "rev": "30a126c41eb81e96474d7f8488635fc36d78dd25",
- "date": "2019-02-01T22:09:16+01:00",
- "sha256": "1s5y22fs08wyw1izmaqd5dcnflw3rvkm3880vmlwv20g1phwhhi2",
+ "rev": "16fc6279dddabc42f8556d6368ed4215d916794f",
+ "date": "2019-02-16T22:29:33+01:00",
+ "sha256": "0bgm0gybqysy1si2zd8b2h6200hgmi8qsyi6qhcnvd4n555f3iic",
"fetchSubmodules": false
}
From 93a2ebaa6de0a3e450a28d109ee5d4a92d20f2d8 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 16 Feb 2019 22:37:29 +0100
Subject: [PATCH 046/149] ma x.r: prefer remote fetch of sources
---
makefu/1systems/x/config.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 7ed63837f..ceeccc0b2 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -75,6 +75,7 @@
# <stockholm/makefu/2configs/buildbot-standalone.nix>
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
<stockholm/makefu/2configs/remote-build/gum.nix>
+ { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
From 6da32a5952faf38c92c7b289cc6ae0881ec4aa36 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 26 Feb 2019 08:58:40 +0100
Subject: [PATCH 047/149] ma: cleanup hosts
move pubkeys to separate files in folder
RIP drop latte pigstarter wry shoney heidi lariat soundflower falk bridge horisa tahoe tcac-0-1
---
krebs/3modules/makefu/default.nix | 718 ++------------------
krebs/3modules/makefu/sshd/cake.pub | 1 +
krebs/3modules/makefu/sshd/crapi.pub | 1 +
krebs/3modules/makefu/sshd/fileleech.pub | 1 +
krebs/3modules/makefu/sshd/firecracker.pub | 1 +
krebs/3modules/makefu/sshd/gum.pub | 1 +
krebs/3modules/makefu/sshd/omo.pub | 1 +
krebs/3modules/makefu/sshd/sdev.pub | 1 +
krebs/3modules/makefu/sshd/studio.pub | 1 +
krebs/3modules/makefu/sshd/wbob.pub | 1 +
krebs/3modules/makefu/sshd/x.pub | 1 +
krebs/3modules/makefu/tinc/cake.pub | 8 +
krebs/3modules/makefu/tinc/crapi.pub | 9 +
krebs/3modules/makefu/tinc/filebitch.pub | 8 +
krebs/3modules/makefu/tinc/fileleech.pub | 8 +
krebs/3modules/makefu/tinc/filepimp.pub | 8 +
krebs/3modules/makefu/tinc/firecracker.pub | 14 +
krebs/3modules/makefu/tinc/flap.pub | 8 +
krebs/3modules/makefu/tinc/gum.pub | 8 +
krebs/3modules/makefu/tinc/nukular.pub | 8 +
krebs/3modules/makefu/tinc/omo.pub | 8 +
krebs/3modules/makefu/tinc/sdev.pub | 8 +
krebs/3modules/makefu/tinc/senderechner.pub | 8 +
krebs/3modules/makefu/tinc/studio.pub | 8 +
krebs/3modules/makefu/tinc/tsp.pub | 13 +
krebs/3modules/makefu/tinc/wbob.pub | 8 +
krebs/3modules/makefu/tinc/x.pub | 8 +
27 files changed, 188 insertions(+), 680 deletions(-)
create mode 100644 krebs/3modules/makefu/sshd/cake.pub
create mode 100644 krebs/3modules/makefu/sshd/crapi.pub
create mode 100644 krebs/3modules/makefu/sshd/fileleech.pub
create mode 100644 krebs/3modules/makefu/sshd/firecracker.pub
create mode 100644 krebs/3modules/makefu/sshd/gum.pub
create mode 100644 krebs/3modules/makefu/sshd/omo.pub
create mode 100644 krebs/3modules/makefu/sshd/sdev.pub
create mode 100644 krebs/3modules/makefu/sshd/studio.pub
create mode 100644 krebs/3modules/makefu/sshd/wbob.pub
create mode 100644 krebs/3modules/makefu/sshd/x.pub
create mode 100644 krebs/3modules/makefu/tinc/cake.pub
create mode 100644 krebs/3modules/makefu/tinc/crapi.pub
create mode 100644 krebs/3modules/makefu/tinc/filebitch.pub
create mode 100644 krebs/3modules/makefu/tinc/fileleech.pub
create mode 100644 krebs/3modules/makefu/tinc/filepimp.pub
create mode 100644 krebs/3modules/makefu/tinc/firecracker.pub
create mode 100644 krebs/3modules/makefu/tinc/flap.pub
create mode 100644 krebs/3modules/makefu/tinc/gum.pub
create mode 100644 krebs/3modules/makefu/tinc/nukular.pub
create mode 100644 krebs/3modules/makefu/tinc/omo.pub
create mode 100644 krebs/3modules/makefu/tinc/sdev.pub
create mode 100644 krebs/3modules/makefu/tinc/senderechner.pub
create mode 100644 krebs/3modules/makefu/tinc/studio.pub
create mode 100644 krebs/3modules/makefu/tinc/tsp.pub
create mode 100644 krebs/3modules/makefu/tinc/wbob.pub
create mode 100644 krebs/3modules/makefu/tinc/x.pub
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index e60bbee70..8c7e415cb 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -13,6 +13,8 @@ with import <stockholm/lib>;
});
pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
+ sshd-for = name: builtins.readFile (./sshd + "/${name}.pub");
+ tinc-for= name: builtins.readFile (./tinc + "/${name}.pub");
in {
hosts = mapAttrs hostDefaults {
@@ -25,20 +27,11 @@ in {
aliases = [
"cake.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu
- jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+
- MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq
- 6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7
- 36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP
- MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "cake";
};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake";
+ ssh.pubkey = sshd-for "cake";
};
crapi = rec { # raspi1
cores = 1;
@@ -49,215 +42,55 @@ in {
aliases = [
"crapi.r"
];
- tinc.pubkey = ''
- Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66
- OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L
- R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk
- OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME
- di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl
- bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "crapi";
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi";
+ ssh.pubkey = sshd-for "crapi";
};
- drop = rec {
- ci = false;
- cores = 1;
+ firecracker = {
+ cores = 4;
nets = {
retiolum = {
- ip4.addr = "10.243.177.9";
+ ip4.addr = "10.243.12.12";
+ ip6.addr = "42:0:0:0:0:0:0:12";
aliases = [
- "drop.r"
+ "firecracker.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl
- 6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI
- GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW
- 0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C
- Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT
- F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "firecracker";
};
};
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = sshd-for "firecracker";
};
+
studio = rec {
ci = false;
cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
+ ssh.pubkey = sshd-for "studio";
nets = {
retiolum = {
ip4.addr = "10.243.227.163";
aliases = [
"studio.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti
- cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk
- GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI
- jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1
- 78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu
- 8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "studio";
};
};
};
-
fileleech = rec {
ci = false;
cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
+ ssh.pubkey = "";
nets = {
retiolum = {
ip4.addr = "10.243.113.98";
aliases = [
"fileleech.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
- 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
- YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
- nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
- e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
- UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- latte = rec {
- ci = false;
- cores = 1;
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- # ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
- nets = {
- internet = {
- ip4.addr = "185.215.224.160";
- aliases = [
- "latte.i"
- ];
- };
- retiolum = {
- ip4.addr = "10.243.80.249";
- aliases = [
- "latte.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU
- 5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo
- r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf
- 43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4
- GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6
- vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
-
- pnp = {
- ci = false;
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.210";
- aliases = [
- "pnp.r"
- "cgit.pnp.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAugkgEK4iy2C5+VZHwhjj/q3IOhhazE3TYHuipz37KxHWX8ZbjH+g
- Ewtm79dVysujAOX8ZqV8nD8JgDAvkIZDp8FCIK0/rgckhpTsy1HVlHxa7ECrOS8V
- pGz4xOxgcPFRbv5H2coHtbnfQc4GdA5fcNedQ3BP3T2Tn7n/dbbVs30bOP5V0EMR
- SqZwNmtqaDQxOvjpPg9EoHvAYTevrpbbIst9UzCyvmNli9R+SsiDrzEPgB7zOc4T
- TG12MT+XQr6JUu4jPpzdhb6H/36V6ADCIkBjzWh0iSfWGiFDQFinD+YSWbA1NOTr
- Qtd1I3Ov+He7uc2Z719mb0Og2kCGnCnPIwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- darth = {
- ci = false;
- cores = 4;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.84";
- aliases = [
- "darth.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA1pWNU+FY9XpQxw6srUb5mvGFgqSyJQAelFoufZng6EFeTnAzQOdq
- qT7IWN+o3kSbQQsC2tQUnRYFoPagsgFP610D+LGwmeJlNgAf23gBI9ar1agUAvYX
- yzYBj7R9OgGXHm6ECKwsxUJoGxM4L0l6mk/rTMVFnzgYPbpVJk1o6NPmiZhW8xIi
- 3BfxJUSt8rEQ1OudCirvdSr9uYv/WMR5B538wg4JeQK715yKEYbYi8bqOPnTvGD8
- q5HRwXszWzCYYnqrdlmXzoCA1fT4vQdtov+63CvHT2RV7o42ruGZbHy7JIX9X3IE
- u0nA8nZhZ5byhWGCpDyr6bTkvwJpltJypQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- siem = {
- ip4.addr = "10.8.10.2";
- ip4.prefix = "10.8.10.0/24";
- aliases = [
- "darth.siem"
- ];
- tinc.pubkey = ''
- Ed25519PublicKey = 24t9ye4gRLg6UbVxBvuuDlvU/cnByxMjYjym4LO6GkK
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCQKCAQEApcUeTecVahqNIfLEkfgNiaW+eHQ9Y90DxHhy9vdPZh8dmLqoFBoW
- TCPcZIRpyj7hxRkNIhh34Ewpul0oQ1tzrUGcT2xvMNwaCupRDmhZn9jR9aFFEYKb
- fUOplCxb4y2UKbWAA6hie3PKH9wnPfbwSsexb2BSQAqSt4iNIVCV6j7LXpiopbGS
- Exs3/Pz+IeMtGyuMYA3rUmJsVRKR1o7axLtlhYK7JSMbqdYhaQJ4NZrvIXw//w21
- kM/TJTPZ4j47ME18jQInO62X5h+xVch6DtvwvjBMMMKbS0am9qw1P3qo7MP3PmQh
- rvVQRth8L63q4NLOnT29XmnxPSVGL1PBQQICEAE=
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- ossim = { # vm on darth
- nets = {
- siem = {
- ip4.addr = "10.8.10.6";
- ip4.prefix = "10.8.10.0/24";
- aliases = [
- "ossim.siem"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl
- RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL
- cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand
- mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd
- dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL
- WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- honeydrive = { # vm on darth
- nets = {
- internet = { # via shoney
- ip4.addr = "64.137.234.232";
- aliases = [
- "honeydrive.i"
- ];
+ tinc.pubkey = tinc-for "fileleech";
};
};
};
@@ -270,21 +103,7 @@ in {
aliases = [
"tsp.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
- HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
- mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
- n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
- R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
- Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
- aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
- ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
- KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
- XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
- teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "tsp";
};
};
};
@@ -297,34 +116,7 @@ in {
aliases = [
"x.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG
- RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA
- kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD
- JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2
- 2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf
- +h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- siem = {
- ip4.addr = "10.8.10.4";
- ip4.prefix = "10.8.10.0/24";
- aliases = [
- "makefu.siem"
- ];
- tinc.pubkey = ''
- Ed25519PublicKey = rFTglGxm563e/w82Q9Qqy/E+V/ipT4DOTyTuYrWrtmI
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCQKCAQEAx+OQXQj6rlXIByo48JZXSexRz5G5oJVZTHAJ0GF5f70U65C0x83p
- XtNp4LGYti+cyyzmQjf/N7jr2CxUlOATN2nRO4CT+JaMM2MoqnPWqTZBPMDiHq2y
- ce0zjLPPl0hVc5mg+6F0tgolbUvTIo2CgAIl5lNvJiVfmXRSehmMprf1NPkxJd/O
- vAOD7mgnCjkEAWElf1cfxSGZqSLbNltRK340nE5x6A5tY7iEueP/r9chEmOnVjKm
- t+GJAJIe1PClWJHJYAXF8I7R3g+XQIqgw+VTN3Ng5cS5W/mbTFIzLWMZpdZaAhWR
- 56pthtZAE5FZ+4vxMpDQ4yeDu0b6gajWNQICEAE=
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "x";
};
#wiregrill = {
# aliases = [
@@ -334,114 +126,9 @@ in {
#};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x";
+ ssh.pubkey = sshd-for "x";
};
-
- vbob = {
- ci = true;
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.1.91";
- aliases = [
- "vbob.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
- 4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
- AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
- hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
- Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
- AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPLTMl+thSq77cjYa2XF7lz5fA7JMftrLo8Dy/OBXSg root@nixos";
- };
- pigstarter = rec {
- cores = 1;
-
- extraZones = {
- "krebsco.de" = ''
- euer IN MX 1 aspmx.l.google.com.
- nixos.unstable IN CNAME krebscode.github.io.
- boot IN A ${nets.internet.ip4.addr}
- '';
- };
- nets = {
- internet = {
- ip4.addr = "192.40.56.122";
- ip6.addr = "2604:2880::841f:72c";
- aliases = [
- "pigstarter.i"
- ];
- };
- retiolum = {
- ip4.addr = "10.243.0.153";
- aliases = [
- "pigstarter.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA/efJuJRLUIZROe3QE8WYTD/zyNGRh9I2/yw+5It9HSNVDMIOV1FZ
- 9PaspsC+YQSBUQRN8SJ95G4RM6TIn/+ei7LiUYsf1Ik+uEOpP5EPthXqvdJEeswv
- 3QFwbpBeOMNdvmGvQLeR1uJKVyf39iep1wWGOSO1sLtUA+skUuN38QKc1BPASzFG
- 4ATM6rd2Tkt8+9hCeoePJdLr3pXat9BBuQIxImgx7m5EP02SH1ndb2wttQeAi9cE
- DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv
- sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- wry = rec {
- ci = false;
- cores = 1;
- extraZones = {
- "krebsco.de" = ''
- wry IN A ${nets.internet.ip4.addr}
- tinc IN A ${nets.internet.ip4.addr}
- '';
- };
- nets = rec {
- internet = {
- ip4.addr = "104.233.87.86";
- aliases = [
- "wry.i"
- ];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.29.169";
- aliases = [
- "wry.r"
- "graph.wry.r"
- "paste.wry.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAs9bq++H4HF8EpZMfWGfoIsh/C+YNO2pg74UPBsP/tFFe71yzWwUn
- U9LW0n3bBqCMQ/oDthbSMwCkS9JzcUi22QJEdjbQs/aay9gZR115b+UxWPocw0Ms
- ZoREKo3Oe0hETk7Ing8NdBDI0kCBh9QnvqQ3iKd0rBae3DYvcWlDsY93GLGMddgA
- 7E9oa3EHVYH/MPZaeJtTknaJduanBSbiEb/xQOqxTadHoQASKU6DQD1czMH3hLG2
- 8Wn4MBj9fgKBAoIy092tIzPtE2QwAHO73yz4mSW/3r190hREgVbjuEPiw4w5mEyQ
- j+NeN3f3heFKx+GCgdWH9xPw6m6qPdqUiGUPq91KXMOhNa8lLcTp95mHdCMesZCF
- TFj7hf6y+SVt17Vo+YUL7UqnMtAm3eZZmwyDu0DfKFrdgz6MtDD+5dQp9g8VHpqw
- RfbaB1Srlr24EUYYoOBEF9CcIacFbsr+MKh+hQk5R0uEMSeAWARzxvvr69iMgdEC
- zDiu0rrRLN+CrfgkDir7pkRKxeA1lz8KpySyIZRziNg6mSHjKjih4++Bbu4N2ack
- 86h84qBrA8lq2xsub4+HgKZGH2l5Y8tvlr+rx0mQKEJkT6XDKCXZFPfl2N0QrWGT
- Dv7l2vn0QMj9E6+BdRhYaO/m3+cIZ9faM851nRj/gq2OOtzW3ekrne0CAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry";
- };
filepimp = rec {
ci = false;
cores = 1;
@@ -457,16 +144,7 @@ in {
aliases = [
"filepimp.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
- 3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
- wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
- oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
- UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
- 8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "filepimp";
};
};
};
@@ -489,68 +167,33 @@ in {
"dcpp.omo.r"
"torrent.omo.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
- ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
- sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
- s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
- GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
- 5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "omo";
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH";
+ ssh.pubkey = sshd-for "omo";
};
wbob = rec {
ci = true;
cores = 4;
nets = {
- siem = {
- ip4.addr = "10.8.10.7";
- ip4.prefix = "10.8.10.0/24";
- aliases = [ "display.siem" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+/TpxsVIBL9J9QAe/+jB6sgu/O6J+KY4YrAzZ6dM4kbFv5JA64f5
- 6znv8EFqn6loS9Aez3e08P5scyGjiwWytdKN5Yztlffc0xDD7MUU2RiCsQF1X74J
- +1i8NhSq3PJ6UeUURxYYnAYzBlFvsxev4vpniFTsIR9tmcAYX9NT9420D6nV7xq7
- FdkoBlYj4eUQqQzHH1T/Lmt+BGmf+BufIJas+Oo/Sg59vIk9OM08WyAjHVT2iNbg
- LXDhzVaeGOOM3GOa0YGG0giM3Rd245YPaPiVbwrMy8HQRBpMzXOPjcC1nYZSjxrW
- LQxtRS+dmfEMG7MJ8T2T2bseX6z6mONc1QIDAQAB
- -----END RSA PUBLIC KEY-----
- -----BEGIN ED25519 PUBLIC KEY-----
- 3JGeGnADWR+hfb4TEoHDyopEYgkfGNJKwy71bqcsNrO
- -----END ED25519 PUBLIC KEY-----
- '';
- };
retiolum = {
ip4.addr = "10.243.214.15";
aliases = [
"wbob.r"
"hydra.wbob.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
- QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
- cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
- khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
- rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
- TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "wbob";
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
+ ssh.pubkey = sshd-for "wbob";
};
gum = rec {
ci = true;
extraZones = {
"krebsco.de" = ''
+ boot IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr}
cache.euer IN A ${nets.internet.ip4.addr}
cache.gum IN A ${nets.internet.ip4.addr}
@@ -558,6 +201,7 @@ in {
dl.euer IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
euer IN A ${nets.internet.ip4.addr}
+ euer IN MX 1 aspmx.l.google.com.
ghook IN A ${nets.internet.ip4.addr}
git.euer IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
@@ -566,6 +210,7 @@ in {
iso.euer IN A ${nets.internet.ip4.addr}
mon.euer IN A ${nets.internet.ip4.addr}
netdata.euer IN A ${nets.internet.ip4.addr}
+ nixos.unstable IN CNAME krebscode.github.io.
o.euer IN A ${nets.internet.ip4.addr}
photostore IN A ${nets.internet.ip4.addr}
pigstarter IN A ${nets.internet.ip4.addr}
@@ -617,90 +262,24 @@ in {
"wiki.gum.r"
"wiki.makefu.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
- BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
- i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
- 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
- u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
- OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "gum";
};
};
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
+ ssh.pubkey = sshd-for "gum";
};
- shoney = rec {
- ci = false;
- cores = 1;
- nets = rec {
- siem = {
- via = internet;
- ip4.addr = "10.8.10.1";
- ip4.prefix = "10.8.10.0/24";
- aliases = [
- "shoney.siem"
- "graph.siem"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA0OK28PHsMGMxAqVRiRGv93zzEWJgV3hMFquWrpbYC3OZwHDYcNHu
- 74skwRRwwnbcq0ZtWroEvUTmZczuPt2FewdtuEutT7uZJnAYnzSOrB9lmmdoXKQU
- l4ho1LEf/J0sMBi7RU/OJosuruQTAl53ca5KQbRCXkcPlmq4KzUpvgPINpEpYQjB
- CGC3ErOvw2jXESbDnWomYZgJl3uilJUEYlyQEwyWVG+fO8uxlz9qKLXMlkoJTbs4
- fTIcxh7y6ZA7QfMN3Ruq1R66smfXQ4xu1hybvqL66RLiDQgH3BRyKIgobS1UxI4z
- L+xhIsiMXQIo2hv8aOUnf/7Ac9DXNR83GwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- tinc.port = 1655;
- };
- internet = {
- ip4.addr = "64.137.234.215";
- aliases = [
- "shoney.i"
- ];
- };
- retiolum = {
- ip4.addr = "10.243.205.131";
- aliases = [
- "shoney.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL
- ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4
- okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht
- M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO
- +DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5
- uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
sdev = rec {
ci = true;
cores = 1;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev";
+ ssh.pubkey = sshd-for "sdev";
nets = {
retiolum = {
ip4.addr = "10.243.83.237";
aliases = [
"sdev.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA8BwHwQ4pLZpskVnQONJsmzRPll4ZKMjAC56sY5p+GfT9ZBMkVDn+
- LeH9wuTRiX/ehgtBiyu8w37cz62hz/71H+3mnWJlTm9bbBTc5N0y8l9b+YYeExW4
- XPm4bUbJWKNRG9tHQAns/OREYDsHLsY6UoyNFmB0wTDpgs7egDCoe7E2eT+pG428
- ysCDYlaZaigOyW+bj/HFLj8FSfpF5C/ug7NE/D7QocadsRUiLtVYrJsfmT+KHWf+
- f5rLWLvuFiz1SWf7wZ9sICF3RCaC9Qhz7zplgHbvwbOHtF+Z/6DxduRMkggZUsUD
- nm+40Ex1XJTe+s4V4GKLgh/fDKBTS6JwewIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "sdev";
};
};
};
@@ -728,16 +307,7 @@ in {
aliases = [
"flap.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy
- 2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM
- 8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn
- 3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL
- hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
- Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "flap";
};
};
};
@@ -750,105 +320,7 @@ in {
aliases = [
"nukular.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/
- gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97
- gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP
- H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4
- tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P
- meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
-
- heidi = rec {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.124.21";
- aliases = [
- "heidi.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAqRLnAJNZ1OoO1bTS58DQgxi1VKgITHIuTW0fVGDvbXnsjPUB3cgx
- 1GEVtLc0LN6R9wrPKDaqHS6mkiRSDVScaW/FqkdFhTDaBJy8LfomL9ZmkU9DzkvQ
- jncDjr0WoR+49rJHYsUULp1fe98Ev+y3VwVdJOOH92pAj1CAAUdtfG7XcGyHznYY
- ZNLriGZe3l1AwsWMEflzHLeXcKQ/ZPOrjZ4EFVvfGfdQdJ24UUF3r4sBypYnasmA
- q8lCw9rCrFh1OS6mHLC9qsvGfal6X4x2/xKc5VxZD4MQ/Bp7pBi1kwfHpKoREFKo
- w/Jr3oG/uDxMGIzphGX185ObIkZ1wl/9DwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
-
-
- lariat = rec {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.64.7";
- aliases = [
- "lariat.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAqiDzxADQYY8cWBH+R5aKSoxaFHLvPvVMgB7R1Y6QVTqD5YUCuINX
- eBLFV9idHnHzdZU+xo/c8EFQf0hvyP0z3bcXaiw+RlpEYdK6tuaypJ3870toqWmA
- 269H8ufA3DA0hxlY7dwnhg8Rb7KGIlNN8fy4RMGe73PupF5aAmiDiEhPalv4E0qJ
- unmk5y1OHQFPxYm++yLo5SVFlcO89jDtGpvg5papp8JvtxTkrshby1lXf/sph3Cv
- d1z6h7S+HgT+BMwTZY5dIrwYAcob/t1sRmWsY62P1n02RbiJFm27wg0t/ZcfsI2o
- yBjRTiK5ACJaIdpM99/902gJsuJASPGB2QIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
-
- soundflower = rec {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.69.184";
- aliases = [
- "soundflower.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA0a0oenAy9MDa2M6NoLtB8elduGgc3oLtUwsm3iUu6w8L+Je5TndN
- H8dPn3sByUk1Jkd8tGGRk/vSFj/mtUn7xXKCnFXfKDqVowu/0KS3Q+6o4mcoATeb
- Ax7e6Cz1YH5+qhQjR7apuase9X9Dzp56//5VW2gaScvWevvzrij2x7eNvJRF+W/l
- FDXc8zBPkFW5TLFHOizRoLl4mK1hz2NrUiqcq5Ghs2yPsFxl/o5+e2MOwtdI49T6
- lMkeshAeNOSMKYfP9nmHZoKI/MIpGak0EF3ZQtLvyv+tM2Q0nuwH3RvxlK/Xf6U+
- 8SoQu4yRIeK+pMiLEHhFPzBpk+sblUlG7QIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
-
- falk = rec {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.120.19";
- aliases = [
- "falk.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+
- 4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA
- 9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI
- 2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9
- 0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb
- FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "nukular";
};
};
};
@@ -861,88 +333,7 @@ in {
aliases = [
"filebitch.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d
- fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs
- e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1
- KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99
- oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf
- wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
-
- bridge = rec {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.26.29";
- aliases = [
- "excobridge.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEApeeMSYMuXg4o/fNHnG2ftp2WskZLrt63zhRag7U1HqYUnuPqY60d
- VVy9MBTawm6N02nC2Svm3V07ZXaRp/XsXQLx+evZcDjPjnDYgl2ZGX0ir5Cn50bm
- UzhJiMW6/J7AYvucgeAaVJ0YmIwRw6ndYGcxmXWi4TK0jSzhuSLgookWM6iJfbdB
- oaYsjiXisEvNxt7rBlCfacaHMlPhz3gr1gc4IDCwF+RAMM29NUN3OinI+/f56d7b
- /hLZWbimiwtvGVsGLiA2EIcfxQ7aD/LINu+XXMaq7f8QByXj/Lzi7456tDi3pdJg
- lyg9yqRJYt4Zle5PVejn08qiofTUmlEhnwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
-
- horisa = rec {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.226.213";
- aliases = [
- "horisa.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA1hhBqCku98gimv0yXr6DFwE2HUemigyqX8o7IsPOW5XT/K8o+V40
- Oxk3r0+c7IYREvug/raxoullf5TMJFzTzqzX4njgsiTs25V8D7hVT4jcRKTcXmBn
- XpjtD+tIeDW1E6dIMMDbxKCyfd/qaeg83G7gPobeFYr4JNqQLXrnotlWMO9S13UT
- +EgSP2pixv/dGIqX8WRg23YumO8jZKbso/sKKFMIEOJvnh/5EcWb24+q2sDRCitP
- sWJ5j/9M1Naec/Zl27Ac2HyMWRk39F9Oo+iSbc47QvjKTEmn37P4bBg3hY9FSSFo
- M90wG/NRbw1Voz6BgGlwOAoA+Ln0rVKqDQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
-
- tahoe = rec {
- cores = 1;
- nets = {
- internet = {
- ip4.addr = "148.251.47.69";
- aliases = [
- "wooki.i"
- ];
- };
- retiolum = {
- ip4.addr = "10.243.57.85";
- aliases = [
- "wooki.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAx6R+CuJu4Bql+DgGPpE7wI+iasRY6ltxW0/L04uW9XiOKiEjx66y
- QMMaW18bcb0SOfTE8qYo8pOsZ5E9FFPY6cKH4DGi8g1FpaODle9V8RrVg3F7RuZ8
- dXDXeZxvYvJ2LwPBvlr1aisqJqgxAwF2ipPPX97rAYbp46a/vkgU5bPF1OFlTDaH
- 9jjThuidiEwY4EMtJGKisnTGx8yS5iQibDMqzrcRpCxCLcl68FgFNKCTtSIj1mo6
- hgO1ZKmHw73ysmrL2tImmalHYcqDJnq/KInG2ZkCZI/2ZqfJyrRSTk86t5ubfD6p
- egC5N0Y5dQHJd66AytNwXxymiAcWuYth9QIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "filebitch";
};
};
};
@@ -955,40 +346,7 @@ in {
aliases = [
"senderechner.r"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
- lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
- rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
- inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
- BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
- OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- tcac-0-1 = rec {
- cores = 1;
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1
- ";
- nets = {
- retiolum = {
- ip4.addr = "10.243.144.142";
- aliases = [
- "tcac-0-1.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j
- 7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs
- zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO
- Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs
- QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl
- HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = tinc-for "senderechner";
};
};
};
diff --git a/krebs/3modules/makefu/sshd/cake.pub b/krebs/3modules/makefu/sshd/cake.pub
new file mode 100644
index 000000000..8eab57ab7
--- /dev/null
+++ b/krebs/3modules/makefu/sshd/cake.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake
diff --git a/krebs/3modules/makefu/sshd/crapi.pub b/krebs/3modules/makefu/sshd/crapi.pub
new file mode 100644
index 000000000..5361111a5
--- /dev/null
+++ b/krebs/3modules/makefu/sshd/crapi.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi
diff --git a/krebs/3modules/makefu/sshd/fileleech.pub b/krebs/3modules/makefu/sshd/fileleech.pub
new file mode 100644
index 000000000..22a3c7534
--- /dev/null
+++ b/krebs/3modules/makefu/sshd/fileleech.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech
diff --git a/krebs/3modules/makefu/sshd/firecracker.pub b/krebs/3modules/makefu/sshd/firecracker.pub
new file mode 100644
index 000000000..8e9ef5a37
--- /dev/null
+++ b/krebs/3modules/makefu/sshd/firecracker.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGk+QqJEPoBNP9KbPiivCI5YJ9psAKnujRrUL4bNqxwe firecracker
diff --git a/krebs/3modules/makefu/sshd/gum.pub b/krebs/3modules/makefu/sshd/gum.pub
new file mode 100644
index 000000000..c79e3cbee
--- /dev/null
+++ b/krebs/3modules/makefu/sshd/gum.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum
diff --git a/krebs/3modules/makefu/sshd/omo.pub b/krebs/3modules/makefu/sshd/omo.pub
new file mode 100644
index 000000000..63bbbc709
--- /dev/null
+++ b/krebs/3modules/makefu/sshd/omo.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH
diff --git a/krebs/3modules/makefu/sshd/sdev.pub b/krebs/3modules/makefu/sshd/sdev.pub
new file mode 100644
index 000000000..972e9b6d4
--- /dev/null
+++ b/krebs/3modules/makefu/sshd/sdev.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev
diff --git a/krebs/3modules/makefu/sshd/studio.pub b/krebs/3modules/makefu/sshd/studio.pub
new file mode 100644
index 000000000..be5a4e6d3
--- /dev/null
+++ b/krebs/3modules/makefu/sshd/studio.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio
diff --git a/krebs/3modules/makefu/sshd/wbob.pub b/krebs/3modules/makefu/sshd/wbob.pub
new file mode 100644
index 000000000..8b1789f21
--- /dev/null
+++ b/krebs/3modules/makefu/sshd/wbob.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr
diff --git a/krebs/3modules/makefu/sshd/x.pub b/krebs/3modules/makefu/sshd/x.pub
new file mode 100644
index 000000000..085f7f490
--- /dev/null
+++ b/krebs/3modules/makefu/sshd/x.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x
diff --git a/krebs/3modules/makefu/tinc/cake.pub b/krebs/3modules/makefu/tinc/cake.pub
new file mode 100644
index 000000000..8a1e4b933
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/cake.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu
+jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+
+MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq
+6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7
+36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP
+MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/crapi.pub b/krebs/3modules/makefu/tinc/crapi.pub
new file mode 100644
index 000000000..2b6104468
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/crapi.pub
@@ -0,0 +1,9 @@
+Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66
+OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L
+R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk
+OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME
+di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl
+bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/filebitch.pub b/krebs/3modules/makefu/tinc/filebitch.pub
new file mode 100644
index 000000000..fe31accda
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/filebitch.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d
+fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs
+e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1
+KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99
+oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf
+wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/fileleech.pub b/krebs/3modules/makefu/tinc/fileleech.pub
new file mode 100644
index 000000000..1dc6a5b1f
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/fileleech.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
+8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
+YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
+nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
+e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
+UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/filepimp.pub b/krebs/3modules/makefu/tinc/filepimp.pub
new file mode 100644
index 000000000..007806230
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/filepimp.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
+3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
+wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
+oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
+UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
+8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/firecracker.pub b/krebs/3modules/makefu/tinc/firecracker.pub
new file mode 100644
index 000000000..6f7907829
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/firecracker.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuZaPnN4pQVpKWKG1Yylx
+JghzOphuQMuzstedqKFo3MTUtgra27ul8IyqljJxVH+hnpObhDwzYS3Zz1BAp/WF
+SFAslLbpPEG7UrwmvZHa3jqE4m/uIMtgYK65iIfB8bs17lkvRchfTfzTvwdtPSkM
+zbgjq4HttI2aMoNggadfMSGdzv7hEhxFpRBAiXxJHOFTNa//ov/DehrW88blYQ3l
+lSS2ZR+WHNVYfRPvfejDnstGenNCJXkpMYPe5YD9CZa0sy639ejTGs+nluU5+uId
+lp+0QW5i8E3JvZDiIu9NF9cT+GZhKcgWyvwoA/yRFqRVWHUcK7w8MN1hmbExXFub
+pS3GW2/f50USjT2jvK6zg2/KzTio2yEfd/FpQwTmyzAUJbwBkJNyD1YmFGv54tWS
+/xDyn3+OsKT4VztfTPrH59MVZZd12WMavB3Y0VIEkVHhrK2BNIoMuJ9e96VDFZ14
+9N6ouRAchIydQweESiBzHr0DUXeZO1jNLlNM0q8+aaS/bONkiFzRrKkYnbqB6ION
+Ln6pg+5NtrZ/Cb7/UWwSNeooiiOnjzVLsZv3mEzt3IjcJO5iW3IOZhT29S9E3CwG
+0rqK7CiByJJXPB/LqwKZdN3WtZgCfPJ48abmzobHhEKTsVG230G4jMF/dLpV3sZT
+tIsbd9vYVSSP0Rg/K4hmsOMCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/flap.pub b/krebs/3modules/makefu/tinc/flap.pub
new file mode 100644
index 000000000..8906e659b
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/flap.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy
+2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM
+8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn
+3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL
+hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
+Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/gum.pub b/krebs/3modules/makefu/tinc/gum.pub
new file mode 100644
index 000000000..73f8563d0
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/gum.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
+BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
+i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
+09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
+u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
+OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/nukular.pub b/krebs/3modules/makefu/tinc/nukular.pub
new file mode 100644
index 000000000..eb5891b1b
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/nukular.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/
+gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97
+gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP
+H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4
+tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P
+meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/omo.pub b/krebs/3modules/makefu/tinc/omo.pub
new file mode 100644
index 000000000..ce558d10a
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/omo.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
+ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
+sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
+s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
+GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
+5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/sdev.pub b/krebs/3modules/makefu/tinc/sdev.pub
new file mode 100644
index 000000000..be500bbab
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/sdev.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA8BwHwQ4pLZpskVnQONJsmzRPll4ZKMjAC56sY5p+GfT9ZBMkVDn+
+LeH9wuTRiX/ehgtBiyu8w37cz62hz/71H+3mnWJlTm9bbBTc5N0y8l9b+YYeExW4
+XPm4bUbJWKNRG9tHQAns/OREYDsHLsY6UoyNFmB0wTDpgs7egDCoe7E2eT+pG428
+ysCDYlaZaigOyW+bj/HFLj8FSfpF5C/ug7NE/D7QocadsRUiLtVYrJsfmT+KHWf+
+f5rLWLvuFiz1SWf7wZ9sICF3RCaC9Qhz7zplgHbvwbOHtF+Z/6DxduRMkggZUsUD
+nm+40Ex1XJTe+s4V4GKLgh/fDKBTS6JwewIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/senderechner.pub b/krebs/3modules/makefu/tinc/senderechner.pub
new file mode 100644
index 000000000..a6cbabc28
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/senderechner.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
+lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
+rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
+inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
+BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
+OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/studio.pub b/krebs/3modules/makefu/tinc/studio.pub
new file mode 100644
index 000000000..b8fe8ee23
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/studio.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti
+cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk
+GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI
+jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1
+78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu
+8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/tsp.pub b/krebs/3modules/makefu/tinc/tsp.pub
new file mode 100644
index 000000000..48533da58
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/tsp.pub
@@ -0,0 +1,13 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
+HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
+mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
+n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
+R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
+Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
+aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
+ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
+KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
+XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
+teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/wbob.pub b/krebs/3modules/makefu/tinc/wbob.pub
new file mode 100644
index 000000000..8abfa34d4
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/wbob.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
+QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
+cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
+khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
+rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
+TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/tinc/x.pub b/krebs/3modules/makefu/tinc/x.pub
new file mode 100644
index 000000000..da6482eed
--- /dev/null
+++ b/krebs/3modules/makefu/tinc/x.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG
+RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA
+kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD
+JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2
+2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf
++h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB
+-----END RSA PUBLIC KEY-----
From 86fe3366393f6dc14a40f76a40abcd56736a5a92 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 26 Feb 2019 21:48:20 +0100
Subject: [PATCH 048/149] j brauerei: -rustc (provoided by rustup)
---
jeschli/1systems/brauerei/config.nix | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 7ac4cc2c0..f0f8b9ef2 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -103,7 +103,9 @@ in
gotools
# rust
cargo
- rustc
+ rustracer
+ rustup
+ vscode
# orga tools
taskwarrior
# xorg
From 33e85b86d86e535200651b61406535feec4bad5f Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 26 Feb 2019 21:50:30 +0100
Subject: [PATCH 049/149] j brauerei: -xmomad (is part of windowManager
sessionnow )
---
jeschli/1systems/brauerei/config.nix | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index f0f8b9ef2..ecf40a615 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -145,15 +145,6 @@ in
'';
}
];
-# xmonad = {
-# enable = true;
-# enableContribAndExtras = true;
-# extraPackages = haskellPackages: [
-# haskellPackages.xmonad-contrib
-# haskellPackages.xmonad-extras
-# haskellPackages.xmonad
-# ];
-# }
};
};
From 6c8d0737107fa00fcd8b1c09bff0feedcaaaad7c Mon Sep 17 00:00:00 2001
From: Jan Heidbrink <jan.heidbrink@posteo.de>
Date: Tue, 26 Feb 2019 22:50:30 +0100
Subject: [PATCH 050/149] external: add toastbrot.r
---
krebs/3modules/external/default.nix | 30 +++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 1f80906f8..c9715cb85 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -299,6 +299,33 @@ in {
};
};
};
+ toastbrot = {
+ owner = config.krebs.users.jan;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.117.12";
+ aliases = [
+ "toastbrot.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP
+ 2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc
+ yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj
+ DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3
+ r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT
+ PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY
+ Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO
+ IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g
+ fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH
+ Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3
+ uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B
+ 4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ };
tpsw = {
cores = 2;
owner = config.krebs.users.ciko; # main laptop
@@ -411,6 +438,9 @@ in {
mail = "dickbutt@excogitation.de";
pubkey = ssh-for "exco";
};
+ jan = {
+ mail = "jan.heidbrink@posteo.de";
+ };
kmein = {
mail = "kieran.meinhardt@gmail.com";
pubkey = ssh-for "kmein";
From f786e5a22f4dcf6a852d8cf87695e6fd90faf888 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 27 Feb 2019 23:27:39 +0100
Subject: [PATCH 051/149] ma: make extensive use of defaults for inventory
---
krebs/3modules/makefu/default.nix | 189 ++++++------------
.../makefu/{tinc => retiolum}/cake.pub | 0
.../makefu/{tinc => retiolum}/crapi.pub | 0
.../makefu/{tinc => retiolum}/filebitch.pub | 0
.../makefu/{tinc => retiolum}/fileleech.pub | 0
.../makefu/{tinc => retiolum}/filepimp.pub | 0
.../makefu/{tinc => retiolum}/firecracker.pub | 0
.../makefu/{tinc => retiolum}/flap.pub | 0
.../makefu/{tinc => retiolum}/gum.pub | 0
.../makefu/{tinc => retiolum}/nukular.pub | 0
.../makefu/{tinc => retiolum}/omo.pub | 0
.../makefu/{tinc => retiolum}/sdev.pub | 0
.../{tinc => retiolum}/senderechner.pub | 0
.../makefu/{tinc => retiolum}/studio.pub | 0
.../makefu/{tinc => retiolum}/tsp.pub | 0
.../makefu/{tinc => retiolum}/wbob.pub | 0
.../3modules/makefu/{tinc => retiolum}/x.pub | 0
krebs/3modules/makefu/wiregrill/gum.pub | 1 +
krebs/3modules/makefu/wiregrill/x.pub | 1 +
19 files changed, 65 insertions(+), 126 deletions(-)
rename krebs/3modules/makefu/{tinc => retiolum}/cake.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/crapi.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/filebitch.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/fileleech.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/filepimp.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/firecracker.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/flap.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/gum.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/nukular.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/omo.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/sdev.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/senderechner.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/studio.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/tsp.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/wbob.pub (100%)
rename krebs/3modules/makefu/{tinc => retiolum}/x.pub (100%)
create mode 100644 krebs/3modules/makefu/wiregrill/gum.pub
create mode 100644 krebs/3modules/makefu/wiregrill/x.pub
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 8c7e415cb..c65b27973 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -5,128 +5,103 @@
with import <stockholm/lib>;
{ config, ... }: let
- hostDefaults = hostName: host: flip recursiveUpdate host ({
- owner = config.krebs.users.makefu;
- } // optionalAttrs (host.nets?retiolum) {
- nets.retiolum.ip6.addr =
- (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
- });
+ hostDefaults = hostName: host: foldl' recursiveUpdate {} [
+ {
+ owner = config.krebs.users.makefu;
+ }
+ # Retiolum defaults
+ (let
+ pubkey-path = ./retiolum + "/${hostName}.pub";
+ in optionalAttrs (pathExists pubkey-path) {
+ nets.retiolum = {
+ tinc.pubkey = readFile pubkey-path;
+ aliases = [
+ "${hostName}.r"
+ ];
+ ip6.addr =
+ (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
+ };
+ })
+ # Wiregrill defaults
+ (let
+ pubkey-path = ./wiregrill + "/${hostName}.pub";
+ in optionalAttrs (pathExists pubkey-path) {
+ nets.wiregrill = {
+ aliases = [
+ "${hostName}.w"
+ ];
+ ip6.addr =
+ (krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
+ wireguard.pubkey = readFile pubkey-path;
+ };
+ })
+ # SSHD defaults
+ (let
+ pubkey-path = ./sshd + "/${hostName}.pub";
+ in optionalAttrs (pathExists pubkey-path) {
+ ssh.pubkey = readFile pubkey-path;
+ # We assume that if the sshd pubkey exits then there must be a privkey in
+ # the screts store as well
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ })
+ host
+ ];
pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
- sshd-for = name: builtins.readFile (./sshd + "/${name}.pub");
- tinc-for= name: builtins.readFile (./tinc + "/${name}.pub");
-
+ w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address;
in {
hosts = mapAttrs hostDefaults {
cake = rec {
cores = 4;
ci = false;
nets = {
- retiolum = {
- ip4.addr = "10.243.136.236";
- aliases = [
- "cake.r"
- ];
- tinc.pubkey = tinc-for "cake";
- };
+ retiolum.ip4.addr = "10.243.136.236";
};
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = sshd-for "cake";
};
crapi = rec { # raspi1
cores = 1;
ci = false;
nets = {
- retiolum = {
- ip4.addr = "10.243.136.237";
- aliases = [
- "crapi.r"
- ];
- tinc.pubkey = tinc-for "crapi";
- };
+ retiolum.ip4.addr = "10.243.136.237";
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = sshd-for "crapi";
};
firecracker = {
cores = 4;
nets = {
- retiolum = {
- ip4.addr = "10.243.12.12";
- ip6.addr = "42:0:0:0:0:0:0:12";
- aliases = [
- "firecracker.r"
- ];
- tinc.pubkey = tinc-for "firecracker";
- };
+ retiolum.ip4.addr = "10.243.12.12";
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = sshd-for "firecracker";
};
studio = rec {
ci = false;
cores = 4;
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = sshd-for "studio";
nets = {
- retiolum = {
- ip4.addr = "10.243.227.163";
- aliases = [
- "studio.r"
- ];
- tinc.pubkey = tinc-for "studio";
- };
+ retiolum.ip4.addr = "10.243.227.163";
};
};
fileleech = rec {
ci = false;
cores = 4;
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "";
nets = {
- retiolum = {
- ip4.addr = "10.243.113.98";
- aliases = [
- "fileleech.r"
- ];
- tinc.pubkey = tinc-for "fileleech";
- };
+ retiolum.ip4.addr = "10.243.113.98";
};
};
tsp = {
ci = true;
cores = 1;
nets = {
- retiolum = {
- ip4.addr = "10.243.0.212";
- aliases = [
- "tsp.r"
- ];
- tinc.pubkey = tinc-for "tsp";
- };
+ retiolum.ip4.addr = "10.243.0.212";
};
};
x = {
ci = true;
cores = 4;
nets = {
- retiolum = {
- ip4.addr = "10.243.0.91";
- aliases = [
- "x.r"
- ];
- tinc.pubkey = tinc-for "x";
+ retiolum.ip4.addr = "10.243.0.91";
+ wiregrill = {
+ # defaults
};
- #wiregrill = {
- # aliases = [
- # "x.w"
- # ];
- # wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
- #};
};
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = sshd-for "x";
};
filepimp = rec {
@@ -139,13 +114,7 @@ in {
"filepimp.lan"
];
};
- retiolum = {
- ip4.addr = "10.243.153.102";
- aliases = [
- "filepimp.r"
- ];
- tinc.pubkey = tinc-for "filepimp";
- };
+ retiolum.ip4.addr = "10.243.153.102";
};
};
@@ -163,15 +132,11 @@ in {
retiolum = {
ip4.addr = "10.243.0.89";
aliases = [
- "omo.r"
"dcpp.omo.r"
"torrent.omo.r"
];
- tinc.pubkey = tinc-for "omo";
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = sshd-for "omo";
};
wbob = rec {
ci = true;
@@ -180,14 +145,10 @@ in {
retiolum = {
ip4.addr = "10.243.214.15";
aliases = [
- "wbob.r"
"hydra.wbob.r"
];
- tinc.pubkey = tinc-for "wbob";
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = sshd-for "wbob";
};
gum = rec {
ci = true;
@@ -231,13 +192,16 @@ in {
"nextgum.i"
];
};
- #wiregrill = {
- # via = internet;
- # aliases = [
- # "gum.w"
- # ];
- # wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
- #};
+ wiregrill = {
+ via = internet;
+ ip6.addr = w6 "1";
+ wireguard = {
+ subnets = [
+ (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
+ (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
+ ];
+ };
+ };
retiolum = {
via = internet;
ip4.addr = "10.243.0.213";
@@ -250,7 +214,6 @@ in {
"dcpp.gum.r"
"dcpp.nextgum.r"
"graph.r"
- "gum.r"
"logs.makefu.r"
"netdata.makefu.r"
"nextgum.r"
@@ -262,25 +225,15 @@ in {
"wiki.gum.r"
"wiki.makefu.r"
];
- tinc.pubkey = tinc-for "gum";
};
};
- ssh.pubkey = sshd-for "gum";
};
sdev = rec {
ci = true;
cores = 1;
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = sshd-for "sdev";
nets = {
- retiolum = {
- ip4.addr = "10.243.83.237";
- aliases = [
- "sdev.r"
- ];
- tinc.pubkey = tinc-for "sdev";
- };
+ retiolum.ip4.addr = "10.243.83.237";
};
};
@@ -304,10 +257,6 @@ in {
};
retiolum = {
ip4.addr = "10.243.211.172";
- aliases = [
- "flap.r"
- ];
- tinc.pubkey = tinc-for "flap";
};
};
};
@@ -317,10 +266,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.231.219";
- aliases = [
- "nukular.r"
- ];
- tinc.pubkey = tinc-for "nukular";
};
};
};
@@ -330,10 +275,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.189.130";
- aliases = [
- "filebitch.r"
- ];
- tinc.pubkey = tinc-for "filebitch";
};
};
};
@@ -343,10 +284,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.0.163";
- aliases = [
- "senderechner.r"
- ];
- tinc.pubkey = tinc-for "senderechner";
};
};
};
diff --git a/krebs/3modules/makefu/tinc/cake.pub b/krebs/3modules/makefu/retiolum/cake.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/cake.pub
rename to krebs/3modules/makefu/retiolum/cake.pub
diff --git a/krebs/3modules/makefu/tinc/crapi.pub b/krebs/3modules/makefu/retiolum/crapi.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/crapi.pub
rename to krebs/3modules/makefu/retiolum/crapi.pub
diff --git a/krebs/3modules/makefu/tinc/filebitch.pub b/krebs/3modules/makefu/retiolum/filebitch.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/filebitch.pub
rename to krebs/3modules/makefu/retiolum/filebitch.pub
diff --git a/krebs/3modules/makefu/tinc/fileleech.pub b/krebs/3modules/makefu/retiolum/fileleech.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/fileleech.pub
rename to krebs/3modules/makefu/retiolum/fileleech.pub
diff --git a/krebs/3modules/makefu/tinc/filepimp.pub b/krebs/3modules/makefu/retiolum/filepimp.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/filepimp.pub
rename to krebs/3modules/makefu/retiolum/filepimp.pub
diff --git a/krebs/3modules/makefu/tinc/firecracker.pub b/krebs/3modules/makefu/retiolum/firecracker.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/firecracker.pub
rename to krebs/3modules/makefu/retiolum/firecracker.pub
diff --git a/krebs/3modules/makefu/tinc/flap.pub b/krebs/3modules/makefu/retiolum/flap.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/flap.pub
rename to krebs/3modules/makefu/retiolum/flap.pub
diff --git a/krebs/3modules/makefu/tinc/gum.pub b/krebs/3modules/makefu/retiolum/gum.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/gum.pub
rename to krebs/3modules/makefu/retiolum/gum.pub
diff --git a/krebs/3modules/makefu/tinc/nukular.pub b/krebs/3modules/makefu/retiolum/nukular.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/nukular.pub
rename to krebs/3modules/makefu/retiolum/nukular.pub
diff --git a/krebs/3modules/makefu/tinc/omo.pub b/krebs/3modules/makefu/retiolum/omo.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/omo.pub
rename to krebs/3modules/makefu/retiolum/omo.pub
diff --git a/krebs/3modules/makefu/tinc/sdev.pub b/krebs/3modules/makefu/retiolum/sdev.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/sdev.pub
rename to krebs/3modules/makefu/retiolum/sdev.pub
diff --git a/krebs/3modules/makefu/tinc/senderechner.pub b/krebs/3modules/makefu/retiolum/senderechner.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/senderechner.pub
rename to krebs/3modules/makefu/retiolum/senderechner.pub
diff --git a/krebs/3modules/makefu/tinc/studio.pub b/krebs/3modules/makefu/retiolum/studio.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/studio.pub
rename to krebs/3modules/makefu/retiolum/studio.pub
diff --git a/krebs/3modules/makefu/tinc/tsp.pub b/krebs/3modules/makefu/retiolum/tsp.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/tsp.pub
rename to krebs/3modules/makefu/retiolum/tsp.pub
diff --git a/krebs/3modules/makefu/tinc/wbob.pub b/krebs/3modules/makefu/retiolum/wbob.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/wbob.pub
rename to krebs/3modules/makefu/retiolum/wbob.pub
diff --git a/krebs/3modules/makefu/tinc/x.pub b/krebs/3modules/makefu/retiolum/x.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/x.pub
rename to krebs/3modules/makefu/retiolum/x.pub
diff --git a/krebs/3modules/makefu/wiregrill/gum.pub b/krebs/3modules/makefu/wiregrill/gum.pub
new file mode 100644
index 000000000..4a5f666cc
--- /dev/null
+++ b/krebs/3modules/makefu/wiregrill/gum.pub
@@ -0,0 +1 @@
+yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=
diff --git a/krebs/3modules/makefu/wiregrill/x.pub b/krebs/3modules/makefu/wiregrill/x.pub
new file mode 100644
index 000000000..cfa9eb254
--- /dev/null
+++ b/krebs/3modules/makefu/wiregrill/x.pub
@@ -0,0 +1 @@
+fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=
From ec2dffd71e30f831c4ff631713dd14bea9e48df3 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 27 Feb 2019 23:58:28 +0100
Subject: [PATCH 052/149] ma: add base name to aliases when overriding
---
krebs/3modules/makefu/default.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index c65b27973..b38c9104f 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -132,6 +132,7 @@ in {
retiolum = {
ip4.addr = "10.243.0.89";
aliases = [
+ "omo.r"
"dcpp.omo.r"
"torrent.omo.r"
];
@@ -145,6 +146,7 @@ in {
retiolum = {
ip4.addr = "10.243.214.15";
aliases = [
+ "wbob.r"
"hydra.wbob.r"
];
};
@@ -206,6 +208,7 @@ in {
via = internet;
ip4.addr = "10.243.0.213";
aliases = [
+ "gum.r"
"backup.makefu.r"
"blog.gum.r"
"blog.makefu.r"
From 244c773212b9bd37b5f9d03434708640b7d72ad0 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 4 Mar 2019 00:49:16 +0100
Subject: [PATCH 053/149] nixpkgs: 9bd45dd -> 4c0be40
---
krebs/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index b6124ad41..b93f612dd 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "9bd45dddf8171e2fd4288d684f4f70a2025ded19",
- "date": "2019-02-15T12:11:24-05:00",
- "sha256": "1idrxrymwqfsfysav3yl8lya1jhgg8xzgq9hy7dpdd63770vn8c1",
+ "rev": "4c0be40815511c7e5f592e95587ef075487639b5",
+ "date": "2019-03-02T20:00:09+00:00",
+ "sha256": "1vk04dsbvhj99s2pdwq0m5glckxqa8c1wz3p14d4zabkggnqhini",
"fetchSubmodules": false
}
From fb1d5f4addd1b3b564248b1359253bf788b1c08a Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 4 Mar 2019 08:47:18 +0100
Subject: [PATCH 054/149] ma pkgs.Fluffy: init at 2.7
---
makefu/5pkgs/Fluffy/default.nix | 42 +++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
create mode 100644 makefu/5pkgs/Fluffy/default.nix
diff --git a/makefu/5pkgs/Fluffy/default.nix b/makefu/5pkgs/Fluffy/default.nix
new file mode 100644
index 000000000..59a04a52d
--- /dev/null
+++ b/makefu/5pkgs/Fluffy/default.nix
@@ -0,0 +1,42 @@
+{ lib, pkgs, python3Packages, ... }:
+
+with python3Packages; buildPythonApplication rec {
+ name = "Fluffy-${version}";
+ format = "other";
+ version = "2.7";
+
+ src = pkgs.fetchFromGitHub {
+ owner = "fourminute";
+ repo = "Fluffy";
+ rev = "v${version}";
+ sha256 = "1l346bklidcl40q91cfdszrfskdwlmfjbmsc3mgs0i8wi1yhvq99";
+ };
+
+ prePatch = ''
+ sed -e "s|/tmp|$HOME/.config/fluffy|" -i linux/fluffy.desktop
+ '';
+
+ installPhase = ''
+ env
+ install -Dm 644 linux/80-fluffy-switch.rules "$out/etc/udev/rules.d/80-fluffy-switch.rules"
+ install -Dm 644 linux/fluffy.desktop "$out/usr/share/applications/fluffy.desktop"
+ install -Dm 644 icons/16x16/fluffy.png "$out/share/icons/hicolor/16x16/apps/fluffy.png"
+ install -Dm 644 icons/24x24/fluffy.png "$out/share/icons/hicolor/24x24/apps/fluffy.png"
+ install -Dm 644 icons/32x32/fluffy.png "$out/share/icons/hicolor/32x32/apps/fluffy.png"
+ install -Dm 644 icons/48x48/fluffy.png "$out/share/icons/hicolor/48x48/apps/fluffy.png"
+ install -Dm 644 icons/64x64/fluffy.png "$out/share/icons/hicolor/64x64/apps/fluffy.png"
+ install -Dm 644 icons/128x128/fluffy.png "$out/share/icons/hicolor/128x128/apps/fluffy.png"
+ install -Dm 755 fluffy.pyw "$out/bin/fluffy"
+ wrapProgram "$out/bin/fluffy" --set PYTHONPATH "$PYTHONPATH"
+ '';
+
+ propagatedBuildInputs = [
+ pyqt5 pyusb libusb1 configparser tkinter
+ ];
+
+ meta = {
+ homepage = https://github.com/fourminute/Fluffy;
+ description = "A feature-rich tool for installing NSPs";
+ license = lib.licenses.gpl3;
+ };
+}
From 9c702551abbf5c486d9dac3becc4d5e998511a52 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 6 Mar 2019 16:42:27 +0100
Subject: [PATCH 055/149] ma bureautomation: split into files
---
makefu/1systems/wbob/config.nix | 3 +-
.../bureautomation/automation/10h_timer.nix | 147 ++++++++
.../automation/bureau-shutdown.nix | 55 +++
.../bureautomation/automation/nachtlicht.nix | 43 +++
.../bureautomation/binary_sensor/buttons.nix | 17 +
.../bureautomation/binary_sensor/motion.nix | 12 +
.../bureautomation/camera/verkehrskamera.nix | 14 +
makefu/2configs/bureautomation/hass.nix | 317 ++++--------------
.../led-fader.nix | 2 +-
.../2configs/bureautomation/light/buzzer.nix | 28 ++
.../bureautomation/light/statuslight.nix | 56 ++++
.../bureautomation/script/multi_blink.nix | 37 ++
.../bureautomation/sensor/espeasy.nix | 31 ++
.../bureautomation/sensor/influxdb.nix | 18 +
.../bureautomation/sensor/outside.nix | 25 ++
.../bureautomation/switch/tasmota_switch.nix | 19 ++
16 files changed, 561 insertions(+), 263 deletions(-)
create mode 100644 makefu/2configs/bureautomation/automation/10h_timer.nix
create mode 100644 makefu/2configs/bureautomation/automation/bureau-shutdown.nix
create mode 100644 makefu/2configs/bureautomation/automation/nachtlicht.nix
create mode 100644 makefu/2configs/bureautomation/binary_sensor/buttons.nix
create mode 100644 makefu/2configs/bureautomation/binary_sensor/motion.nix
create mode 100644 makefu/2configs/bureautomation/camera/verkehrskamera.nix
rename makefu/2configs/{deployment => bureautomation}/led-fader.nix (94%)
create mode 100644 makefu/2configs/bureautomation/light/buzzer.nix
create mode 100644 makefu/2configs/bureautomation/light/statuslight.nix
create mode 100644 makefu/2configs/bureautomation/script/multi_blink.nix
create mode 100644 makefu/2configs/bureautomation/sensor/espeasy.nix
create mode 100644 makefu/2configs/bureautomation/sensor/influxdb.nix
create mode 100644 makefu/2configs/bureautomation/sensor/outside.nix
create mode 100644 makefu/2configs/bureautomation/switch/tasmota_switch.nix
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index 3930406b1..ab77f16dd 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -9,6 +9,7 @@ in {
imports =
[ # Include the results of the hardware scan.
<stockholm/makefu>
+ <stockholm/makefu/2configs/support-nixos.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/tools/core.nix>
# <stockholm/makefu/2configs/disable_v6.nix>
@@ -39,7 +40,6 @@ in {
<stockholm/makefu/2configs/stats/telegraf/europastats.nix>
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/arafetch.nix>
- <stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
{ environment.systemPackages = [ pkgs.vlc ]; }
@@ -51,6 +51,7 @@ in {
];
}
<stockholm/makefu/2configs/bureautomation>
+ <stockholm/makefu/2configs/bureautomation/led-fader.nix>
<stockholm/makefu/2configs/bureautomation/mpd.nix>
<stockholm/makefu/2configs/bureautomation/hass.nix>
(let
diff --git a/makefu/2configs/bureautomation/automation/10h_timer.nix b/makefu/2configs/bureautomation/automation/10h_timer.nix
new file mode 100644
index 000000000..a311d468c
--- /dev/null
+++ b/makefu/2configs/bureautomation/automation/10h_timer.nix
@@ -0,0 +1,147 @@
+[
+ { alias = "start Felix 10h";
+ trigger = {
+ platform = "state";
+ entity_id = "binary_sensor.redbutton";
+ to = "on";
+ };
+ condition = {
+ condition = "and";
+ conditions = [
+ {
+ condition = "state";
+ entity_id = "timer.felix_10h";
+ state = "idle";
+ }
+ {
+ condition = "time";
+ after = "06:00:00";
+ before = "12:00:00";
+ }
+ ];
+ };
+ action = [
+ { service = "timer.start";
+ entity_id = [ "timer.felix_10h" "timer.felix_8_30h" "timer.felix_7h" ] ;
+ }
+ { service = "homeassistant.turn_on";
+ entity_id = [
+ "script.buzz_red_led_fast"
+ "script.blitz_10s"
+ ];
+ }
+ { service = "light.turn_on";
+ data = {
+ effect = "2";
+ entity_id = [ "light.status_felix" ];
+ };
+ }
+ ];
+ }
+
+ { alias = "Disable Felix timer at button press";
+ trigger = {
+ platform = "state";
+ entity_id = "binary_sensor.redbutton";
+ to = "on";
+ };
+ condition = {
+ condition = "and";
+ conditions = [
+ {
+ condition = "state";
+ entity_id = "timer.felix_10h";
+ state = "active";
+ }
+ {
+ condition = "time";
+ after = "12:00:00";
+ before = "22:00:00";
+ }
+ ];
+ };
+ action =
+ [
+ {
+ service = "timer.cancel";
+ entity_id = [ "timer.felix_10h" "timer.felix_8_30h" "timer.felix_7h" ];
+ }
+ {
+ service = "homeassistant.turn_on";
+ entity_id = [ "script.buzz_red_led_fast" ];
+ }
+ {
+ service = "homeassistant.turn_off";
+ entity_id = [ "light.status_felix" ];
+ }
+ ];
+ }
+
+ {
+ alias = "Genug gearbeitet Felix";
+ trigger =
+ {
+ platform = "event";
+ event_type = "timer.finished";
+ event_data.entity_id = "timer.felix_7h";
+ };
+ action =
+ [
+ { service = "light.turn_on";
+ data = {
+ rgb_color= [0 255 0];
+ # effect = "0";
+ entity_id = [ "light.status_felix" ];
+ };
+ }
+ ];
+ }
+
+ {
+ alias = "nun aber nach hause";
+ trigger =
+ {
+ platform = "event";
+ event_type = "timer.finished";
+ event_data.entity_id = "timer.felix_8_30h";
+ };
+ action =
+ [
+ { service = "light.turn_on";
+ data = {
+ rgb_color= [255 255 0];
+ # effect = "0";
+ entity_id = [ "light.status_felix" ];
+ };
+ }
+ ];
+ }
+
+ {
+ alias = "Zu lange Felix!";
+ trigger =
+ {
+ platform = "event";
+ event_type = "timer.finished";
+ event_data.entity_id = "timer.felix_10h";
+ };
+ action =
+ [
+ # TODO: Pushbullet
+ {
+ service = "homeassistant.turn_on";
+ entity_id = [
+ "script.buzz_red_led"
+ "script.blitz_10s"
+ ];
+ }
+ { service = "light.turn_on";
+ data = {
+ rgb_color= [255 0 0];
+ effect = "0";
+ entity_id = [ "light.status_felix" ];
+ };
+ }
+ ];
+ }
+]
diff --git a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix
new file mode 100644
index 000000000..9e6574300
--- /dev/null
+++ b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix
@@ -0,0 +1,55 @@
+[
+ { alias = "Turn on Fernseher on movement";
+ trigger = {
+ platform = "state";
+ entity_id = "binary_sensor.motion";
+ to = "on";
+ };
+ action = {
+ service = "homeassistant.turn_on";
+ entity_id = [
+ "switch.fernseher"
+ "switch.feuer"
+ ];
+ };
+ }
+ { alias = "Turn off Fernseher 10 minutes after last movement";
+ trigger = [
+ { # trigger when movement was detected at the time
+ platform = "state";
+ entity_id = "binary_sensor.motion";
+ to = "off";
+ for.minutes = 10;
+ }
+ { # trigger at 20:00 no matter what
+ # to avoid 'everybody left before 18:00:00'
+ platform = "time";
+ at = "18:00:00";
+ }
+ ];
+ action = {
+ service = "homeassistant.turn_off";
+ entity_id = [
+ "switch.fernseher"
+ "switch.feuer"
+ "light.status_felix"
+ ];
+ };
+ condition =
+ { condition = "and";
+ conditions = [
+ {
+ condition = "time";
+ before = "06:30:00"; #only turn off between 6:30 and 18:00
+ after = "18:00:00";
+ # weekday = [ "mon" "tue" "wed" "thu" "fri" ];
+ }
+ {
+ condition = "state";
+ entity_id = "binary_sensor.motion";
+ state = "off";
+ }
+ ];
+ };
+ }
+]
diff --git a/makefu/2configs/bureautomation/automation/nachtlicht.nix b/makefu/2configs/bureautomation/automation/nachtlicht.nix
new file mode 100644
index 000000000..066e9b06c
--- /dev/null
+++ b/makefu/2configs/bureautomation/automation/nachtlicht.nix
@@ -0,0 +1,43 @@
+[
+ {
+ alias = "Turn off Nachtlicht on sunrise";
+ trigger =
+ {
+ platform = "sun";
+ event = "sunrise";
+ };
+ action =
+ {
+ service = "homeassistant.turn_off";
+ entity_id = [ "switch.nachtlicht" ];
+ };
+ }
+
+ {
+ alias = "Turn on Nachtlicht on motion and dusk";
+ trigger =
+ {
+ platform = "state";
+ entity_id = "binary_sensor.motion";
+ to = "on";
+ };
+ condition = # 'when dark'
+ {
+ condition = "or";
+ conditions = [
+ { condition = "sun";
+ after = "sunset";
+ after_offset = "-00:45:00"; # on dusk
+ }
+ { condition = "sun";
+ before = "sunrise";
+ }
+ ];
+ };
+ action =
+ {
+ service = "homeassistant.turn_on";
+ entity_id = [ "switch.nachtlicht" ];
+ };
+ }
+]
diff --git a/makefu/2configs/bureautomation/binary_sensor/buttons.nix b/makefu/2configs/bureautomation/binary_sensor/buttons.nix
new file mode 100644
index 000000000..e23c4a362
--- /dev/null
+++ b/makefu/2configs/bureautomation/binary_sensor/buttons.nix
@@ -0,0 +1,17 @@
+let
+ tasmota_button = name: topic:
+ # detects a pushbutton press from tasmota
+ { platform = "mqtt";
+ inherit name;
+ state_topic = "/bam/${topic}/cmnd/POWER";
+ availability_topic = "/bam/${topic}/tele/LWT";
+ payload_on = "ON";
+ payload_off = "OFF";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ # expire_after = "5"; #expire after 5 seconds
+ qos = 1;
+ };
+in [
+ (tasmota_button "RedButton" "redbutton")
+]
diff --git a/makefu/2configs/bureautomation/binary_sensor/motion.nix b/makefu/2configs/bureautomation/binary_sensor/motion.nix
new file mode 100644
index 000000000..ad8fab038
--- /dev/null
+++ b/makefu/2configs/bureautomation/binary_sensor/motion.nix
@@ -0,0 +1,12 @@
+[
+ { platform = "mqtt";
+ device_class = "motion";
+ name = "Motion";
+ state_topic = "/bam/easy2/movement/Switch";
+ payload_on = "1";
+ payload_off = "0";
+ availability_topic = "/bam/easy2/tele/LWT";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ }
+]
diff --git a/makefu/2configs/bureautomation/camera/verkehrskamera.nix b/makefu/2configs/bureautomation/camera/verkehrskamera.nix
new file mode 100644
index 000000000..f2dfdcd91
--- /dev/null
+++ b/makefu/2configs/bureautomation/camera/verkehrskamera.nix
@@ -0,0 +1,14 @@
+[
+ { name = "Baumarkt";
+ platform = "generic";
+ still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt
+ }
+ { name = "Autobahn Heilbronn";
+ platform = "generic";
+ still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ;
+ }
+ { name = "Autobahn Singen";
+ platform = "generic";
+ still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ;
+ }
+]
diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix
index b70c9b030..007d00b09 100644
--- a/makefu/2configs/bureautomation/hass.nix
+++ b/makefu/2configs/bureautomation/hass.nix
@@ -1,76 +1,5 @@
{ pkgs, lib, ... }:
let
- tasmota_rgb = name: topic:
-# LED WS2812b
-# effect_state_topic: "stat/led/Scheme"
-# effect_command_topic: "cmnd/led/Scheme"
-# effect_value_template: "{{ value_json.Scheme }}"
- { platform = "mqtt";
- inherit name;
- retain = false;
- qos = 1;
- optimistic = false;
- # state
- # TODO: currently broken, will not use the custom state topic
- state_topic = "/bam/${topic}/stat/POWER";
- command_topic = "/bam/${topic}/cmnd/POWER";
- availability_topic = "/bam/${topic}/tele/LWT";
- payload_on= "ON";
- payload_off= "OFF";
- payload_available= "Online";
- payload_not_available= "Offline";
- # brightness
- brightness_state_topic = "/bam/${topic}/stat/Dimmer";
- brightness_command_topic = "/bam/${topic}/cmnd/Dimmer";
- brightness_value_template = "{{ value_json.Dimmer }}";
- brightness_scale = 100;
- # color
- rgb_state_topic = "/bam/${topic}/stat/Color";
- rgb_command_topic = "/bam/${topic}/cmnd/Color2";
- rgb_command_mode = "hex";
- rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
- # effects
- effect_state_topic = "/bam/${topic}/stat/Scheme";
- effect_command_topic = "/bam/${topic}/cmnd/Scheme";
- effect_value_template = "{{ value_json.Scheme }}";
- effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ];
-};
- tasmota_plug = name: topic:
- { platform = "mqtt";
- inherit name;
- state_topic = "/bam/${topic}/stat/POWER";
- command_topic = "/bam/${topic}/cmnd/POWER";
- availability_topic = "/bam/${topic}/tele/LWT";
- payload_on= "ON";
- payload_off= "OFF";
- payload_available= "Online";
- payload_not_available= "Offline";
- };
- espeasy_dht22 = name: [
- { platform = "mqtt";
- name = "${name} DHT22 Temperature";
- device_class = "temperature";
- state_topic = "/bam/${name}/dht22/Temperature";
- availability_topic = "/bam/${name}/tele/LWT";
- payload_available = "Online";
- payload_not_available = "Offline";
- }
- { platform = "mqtt";
- device_class = "humidity";
- name = "${name} DHT22 Humidity";
- state_topic = "/bam/${name}/dht22/Humidity";
- availability_topic = "/bam/${name}/tele/LWT";
- payload_available = "Online";
- payload_not_available = "Offline";
- }];
- espeasy_ds18 = name:
- { platform = "mqtt";
- name = "${name} DS18 Temperature";
- state_topic = "/bam/${name}/ds18/Temperature";
- availability_topic = "/bam/${name}/tele/LWT";
- payload_available = "Online";
- payload_not_available = "Offline";
- };
in {
networking.firewall.allowedTCPPorts = [ 8123 ];
@@ -104,90 +33,43 @@ in {
retain = true;
};
};
- switch = [
- (tasmota_plug "Bauarbeiterlampe" "plug")
- (tasmota_plug "Blitzdings" "plug2")
- (tasmota_plug "Fernseher" "plug3")
- (tasmota_plug "Feuer" "plug4")
- (tasmota_plug "Nachtlicht" "plug5")
- ];
- light = [
- (tasmota_rgb "Status Felix" "status1")
- ];
- binary_sensor = [
- { platform = "mqtt";
- device_class = "motion";
- name = "Motion";
- state_topic = "/bam/easy2/movement/Switch";
- payload_on = "1";
- payload_off = "0";
- availability_topic = "/bam/easy2/tele/LWT";
- payload_available = "Online";
- payload_not_available = "Offline";
+ switch = (import ./switch/tasmota_switch.nix);
+ light = (import ./light/statuslight.nix) ++
+ (import ./light/buzzer.nix);
+ timer = {
+ felix_10h = {
+ name = "Felix 10h Timer";
+ duration = "10:00:00";
+ };
+ felix_8_30h = {
+ name = "Felix 8_30h Timer";
+ duration = "08:30:00";
+ };
+ felix_7h = {
+ name = "Felix 7h Timer";
+ duration = "07:00:00";
+ };
+ };
+ notify = [
+ {
+ platform = "kodi";
+ name = "wbob";
+ host = "192.168.8.11";
}
];
- sensor =
- (espeasy_dht22 "easy1") ++
- (espeasy_dht22 "easy2") ++
- [ (espeasy_ds18 "easy3" )
- { platform = "luftdaten";
- name = "Ditzingen";
- sensorid = "5341";
- monitored_conditions = [ "P1" "P2" ];
- }
+ script = (import ./script/multi_blink.nix) {inherit lib;};
+ binary_sensor =
+ (import ./binary_sensor/buttons.nix) ++
+ (import ./binary_sensor/motion.nix);
+
+ sensor =
+ (import ./sensor/espeasy.nix) ++
+ ((import ./sensor/outside.nix) {inherit lib;}) ++
+ (import ./sensor/influxdb.nix);
+
+ camera =
+ (import ./camera/verkehrskamera.nix);
- { platform = "darksky";
- api_key = lib.removeSuffix "\n"
- (builtins.readFile <secrets/hass/darksky.apikey>);
- language = "de";
- monitored_conditions = [ "summary" "icon"
- "nearest_storm_distance" "precip_probability"
- "precip_intensity"
- "temperature" # "temperature_high" "temperature_low"
- "apparent_temperature"
- "hourly_summary" # next 24 hours text
- "humidity"
- "pressure"
- "uv_index" ];
- units = "si" ;
- update_interval = {
- days = 0;
- hours = 0;
- minutes = 30;
- seconds = 0;
- };
- }
- #{ platform = "influxdb";
- # queries = [
- # { name = "mean value of feinstaub P1";
- # where = '' "node" = 'esp8266-1355142' '';
- # measurement = "feinstaub";
- # database = "telegraf";
- # field = "P1";
- # }
- # { name = "mean value of feinstaub P2";
- # where = '' "node" = 'esp8266-1355142' '';
- # measurement = "feinstaub";
- # database = "telegraf";
- # field = "P2";
- # }
- # ];
- #}
- ];
- camera = [
- { name = "Baumarkt";
- platform = "generic";
- still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt
- }
- { name = "Autobahn Heilbronn";
- platform = "generic";
- still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ;
- }
- { name = "Autobahn Singen";
- platform = "generic";
- still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ;
- }
- ];
frontend = { };
http = { };
conversation = {};
@@ -203,13 +85,14 @@ in {
"group.outside"
"group.switches"
"group.automation"
- "group.camera"
+ # "group.camera"
];
};
automation = [
- "automation.turn_off_fernseher_10_minutes_after_last_movement"
- "automation.turn_off_nachtlicht_on_sunrise"
- "automation.turn_on_nachtlicht_on_motion_and_dusk"
+ "timer.felix_10h"
+ "script.blitz_10s"
+ "script.buzz_red_led_fast"
+ "camera.Baumarkt"
];
switches = [
"switch.bauarbeiterlampe"
@@ -218,125 +101,37 @@ in {
"switch.feuer"
"switch.nachtlicht"
"light.status_felix"
+ "light.status_daniel"
+ "light.buslicht"
+ "light.redbutton_buzzer"
];
- camera = [
- "camera.Baumarkt"
- "camera.Autobahn_Heilbronn"
- "camera.Autobahn_Singen"
- ];
+
+ camera = [ ];
sensors = [
"binary_sensor.motion"
+ "binary_sensor.redbutton"
"sensor.easy2_dht22_humidity"
"sensor.easy2_dht22_temperature"
];
outside = [
- "sensor.ditzingen_pm10"
- "sensor.ditzingen_pm25"
+ # "sensor.ditzingen_pm10"
+ # "sensor.ditzingen_pm25"
"sensor.dark_sky_temperature"
"sensor.dark_sky_humidity"
- "sensor.dark_sky_pressure"
+ # "sensor.dark_sky_pressure"
"sensor.dark_sky_hourly_summary"
- "sensor.dark_sky_minutely_summary"
+ "camera.Autobahn_Heilbronn"
+ "camera.Autobahn_Singen"
];
};
# only for automation
# feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
- automation = [
- { alias = "Turn on Fernseher on movement";
- trigger = {
- platform = "state";
- entity_id = "binary_sensor.motion";
- to = "on";
- };
- action = {
- service = "homeassistant.turn_on";
- entity_id = [
- "switch.fernseher"
- "switch.feuer"
- "light.status_felix"
- ];
- };
- }
- {
- alias = "Turn off Nachtlicht on sunrise";
- trigger =
- {
- platform = "sun";
- event = "sunrise";
- };
- action =
- {
- service = "homeassistant.turn_off";
- entity_id = [ "switch.nachtlicht" ];
- };
- }
- {
- alias = "Turn on Nachtlicht on motion and dusk";
- trigger =
- {
- platform = "state";
- entity_id = "binary_sensor.motion";
- to = "on";
- };
- condition = # 'when dark'
- {
- condition = "or";
- conditions = [
- { condition = "sun";
- after = "sunset";
- after_offset = "-00:45:00"; # on dusk
- }
- { condition = "sun";
- before = "sunrise";
- }
- ];
- };
- action =
- {
- service = "homeassistant.turn_on";
- entity_id = [ "switch.nachtlicht" ];
- };
- }
- { alias = "Turn off Fernseher 10 minutes after last movement";
- trigger = [
- { # trigger when movement was detected at the time
- platform = "state";
- entity_id = "binary_sensor.motion";
- to = "off";
- for.minutes = 10;
- }
- { # trigger at 20:00 no matter what
- # to avoid 'everybody left before 18:00:00'
- platform = "time";
- at = "18:00:00";
- }
- ];
- action = {
- service = "homeassistant.turn_off";
- entity_id = [
- "switch.fernseher"
- "switch.feuer"
- "light.status_felix"
- ];
- };
- condition =
- { condition = "and";
- conditions = [
- {
- condition = "time";
- before = "06:30:00"; #only turn off between 6:30 and 18:00
- after = "18:00:00";
- # weekday = [ "mon" "tue" "wed" "thu" "fri" ];
- }
- {
- condition = "state";
- entity_id = "binary_sensor.motion";
- state = "off";
- }
- ];
- };
- }
- ];
+ # we don't use imports because the expressions do not merge in
+ # home-assistant
+ automation = (import ./automation/bureau-shutdown.nix) ++
+ (import ./automation/nachtlicht.nix) ++
+ (import ./automation/10h_timer.nix);
+
};
};
}
diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/bureautomation/led-fader.nix
similarity index 94%
rename from makefu/2configs/deployment/led-fader.nix
rename to makefu/2configs/bureautomation/led-fader.nix
index d34b66125..d7f728534 100644
--- a/makefu/2configs/deployment/led-fader.nix
+++ b/makefu/2configs/bureautomation/led-fader.nix
@@ -14,7 +14,7 @@ in {
serviceConfig = {
# User = "nobody"; # need a user with permissions to run nix-shell
ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2";
- ExecStart = "${pkg}/bin/ampel 4";
+ ExecStart = "${pkg}/bin/ampel";
Restart = "always";
RestartSec = 10;
PrivateTmp = true;
diff --git a/makefu/2configs/bureautomation/light/buzzer.nix b/makefu/2configs/bureautomation/light/buzzer.nix
new file mode 100644
index 000000000..2067e47bf
--- /dev/null
+++ b/makefu/2configs/bureautomation/light/buzzer.nix
@@ -0,0 +1,28 @@
+let
+ tasmota_pwm = name: topic: pwmid: max:
+ let
+ id = "PWM${toString pwmid}";
+ in { platform = "mqtt";
+ inherit name;
+ state_topic = "/bam/${topic}/stat/RESULT";
+ state_value_template = ''{%- if value_json["PWM"]["${id}"]| int > 0 -%} ${toString max} {%- else -%} 0 {%- endif -%}'';
+
+ command_topic = "/bam/${topic}/cmnd/${id}";
+ on_command_type = "brightness";
+ brightness_command_topic = "/bam/${topic}/cmnd/${id}";
+ brightness_value_template = ''{{value_json["PWM"]["${id}"]}}'';
+ brightness_scale = max;
+ payload_on = "${toString max}";
+ payload_off = "0";
+ availability_topic = "/bam/${topic}/tele/LWT";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ retain = true;
+ optimistic = false;
+ qos = 0;
+ };
+in
+[
+# (tasmota_pwm "RedButton LED" "redbutton" 1 1023) #LED PWM1
+ (tasmota_pwm "RedButton Buzzer" "redbutton" 2 512) #buzzer PWM2
+]
diff --git a/makefu/2configs/bureautomation/light/statuslight.nix b/makefu/2configs/bureautomation/light/statuslight.nix
new file mode 100644
index 000000000..3a9582f2f
--- /dev/null
+++ b/makefu/2configs/bureautomation/light/statuslight.nix
@@ -0,0 +1,56 @@
+let
+ tasmota_rgb = name: topic:
+# LED WS2812b
+# effect_state_topic: "stat/led/Scheme"
+# effect_command_topic: "cmnd/led/Scheme"
+# effect_value_template: "{{ value_json.Scheme }}"
+ { platform = "mqtt";
+ inherit name;
+ retain = false;
+ qos = 1;
+ optimistic = false;
+ # state
+ # TODO: currently broken, will not use the custom state topic
+ state_topic = "/bam/${topic}/stat/POWER";
+ command_topic = "/bam/${topic}/cmnd/POWER";
+ availability_topic = "/bam/${topic}/tele/LWT";
+ payload_on= "ON";
+ payload_off= "OFF";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ # brightness
+ brightness_state_topic = "/bam/${topic}/stat/Dimmer";
+ brightness_command_topic = "/bam/${topic}/cmnd/Dimmer";
+ brightness_value_template = "{{ value_json.Dimmer }}";
+ brightness_scale = 100;
+ # color
+ rgb_state_topic = "/bam/${topic}/stat/Color";
+ rgb_command_topic = "/bam/${topic}/cmnd/Color2";
+ rgb_command_mode = "hex";
+ rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
+ # effects
+ effect_state_topic = "/bam/${topic}/stat/Scheme";
+ effect_command_topic = "/bam/${topic}/cmnd/Scheme";
+ effect_value_template = "{{ value_json.Scheme }}";
+ effect_list = [
+ 0 # single color for LED light
+ 1 # start wake up sequence (same as Wakeup)
+ 2 # cycle up through colors using Speed option
+ 3 # cycle down through colors using Speed option
+ 4 # random cycle through colors using Speed and Fade
+ 5 # clock mode (example)
+ 6 # candlelight pattern
+ 7 # RGB pattern
+ 8 # Christmas pattern
+ 9 # Hannukah pattern
+ 10 # Kwanzaa pattern
+ 11 # rainbow pattern
+ 12 # fire pattern
+ ];
+ };
+in
+[
+ (tasmota_rgb "Status Felix" "status1")
+ (tasmota_rgb "Status Daniel" "status2")
+ (tasmota_rgb "Buslicht" "buslicht")
+]
diff --git a/makefu/2configs/bureautomation/script/multi_blink.nix b/makefu/2configs/bureautomation/script/multi_blink.nix
new file mode 100644
index 000000000..bb28dd46f
--- /dev/null
+++ b/makefu/2configs/bureautomation/script/multi_blink.nix
@@ -0,0 +1,37 @@
+{lib, ... }:
+let
+ # let an entity blink for X times with a delay of Y milliseconds
+ flash_entity = { entity, delay ? 500, count ? 4, alias ? "${entity}_blink_${toString count}_${toString delay}" }:
+ {
+ inherit alias;
+ sequence = lib.flatten (builtins.genList (i: [
+ { service = "homeassistant.turn_on";
+ data.entity_id = entity;
+ }
+ { delay.milliseconds = delay; }
+ { service = "homeassistant.turn_off";
+ data.entity_id = entity;
+ }
+ { delay.milliseconds = delay; }
+ ]
+ ) count);
+ };
+in {
+ buzz_red_led = (flash_entity {
+ entity = "light.redbutton_buzzer";
+ alias = "Red Button Buzz";
+ count = 4;
+ });
+ buzz_red_led_fast = (flash_entity {
+ entity = "light.redbutton_buzzer";
+ delay = 250;
+ count = 2;
+ alias = "Red Button Buzz fast";
+ });
+ blitz_10s = (flash_entity {
+ entity = "switch.blitzdings";
+ delay = 10000;
+ count = 1;
+ alias = "blitz for 10 seconds";
+ });
+}
diff --git a/makefu/2configs/bureautomation/sensor/espeasy.nix b/makefu/2configs/bureautomation/sensor/espeasy.nix
new file mode 100644
index 000000000..4b78ee84e
--- /dev/null
+++ b/makefu/2configs/bureautomation/sensor/espeasy.nix
@@ -0,0 +1,31 @@
+let
+ espeasy_dht22 = name: [
+ { platform = "mqtt";
+ name = "${name} DHT22 Temperature";
+ device_class = "temperature";
+ state_topic = "/bam/${name}/dht22/Temperature";
+ availability_topic = "/bam/${name}/tele/LWT";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ }
+ { platform = "mqtt";
+ device_class = "humidity";
+ name = "${name} DHT22 Humidity";
+ state_topic = "/bam/${name}/dht22/Humidity";
+ availability_topic = "/bam/${name}/tele/LWT";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ }];
+ espeasy_ds18 = name:
+ { platform = "mqtt";
+ name = "${name} DS18 Temperature";
+ state_topic = "/bam/${name}/ds18/Temperature";
+ availability_topic = "/bam/${name}/tele/LWT";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ };
+in
+(espeasy_dht22 "easy1") ++
+(espeasy_dht22 "easy2") ++ [
+ (espeasy_ds18 "easy3" )
+]
diff --git a/makefu/2configs/bureautomation/sensor/influxdb.nix b/makefu/2configs/bureautomation/sensor/influxdb.nix
new file mode 100644
index 000000000..820a56c4d
--- /dev/null
+++ b/makefu/2configs/bureautomation/sensor/influxdb.nix
@@ -0,0 +1,18 @@
+[
+ #{ platform = "influxdb";
+ # queries = [
+ # { name = "mean value of feinstaub P1";
+ # where = '' "node" = 'esp8266-1355142' '';
+ # measurement = "feinstaub";
+ # database = "telegraf";
+ # field = "P1";
+ # }
+ # { name = "mean value of feinstaub P2";
+ # where = '' "node" = 'esp8266-1355142' '';
+ # measurement = "feinstaub";
+ # database = "telegraf";
+ # field = "P2";
+ # }
+ # ];
+ #}
+]
diff --git a/makefu/2configs/bureautomation/sensor/outside.nix b/makefu/2configs/bureautomation/sensor/outside.nix
new file mode 100644
index 000000000..7dbc192a4
--- /dev/null
+++ b/makefu/2configs/bureautomation/sensor/outside.nix
@@ -0,0 +1,25 @@
+{lib,...}: [
+ { platform = "darksky";
+ api_key = lib.removeSuffix "\n"
+ (builtins.readFile <secrets/hass/darksky.apikey>);
+ language = "de";
+ monitored_conditions = [
+ "summary" "icon"
+ "nearest_storm_distance" "precip_probability"
+ "precip_intensity"
+ "temperature" # "temperature_high" "temperature_low"
+ "apparent_temperature"
+ "hourly_summary" # next 24 hours text
+ "humidity"
+ "pressure"
+ "uv_index"
+ ];
+ units = "si" ;
+ update_interval = { days = 0; hours = 0; minutes = 30; seconds = 0; };
+ }
+ { platform = "luftdaten";
+ name = "Ditzingen";
+ sensorid = "5341";
+ monitored_conditions = [ "P1" "P2" ];
+ }
+ ]
diff --git a/makefu/2configs/bureautomation/switch/tasmota_switch.nix b/makefu/2configs/bureautomation/switch/tasmota_switch.nix
new file mode 100644
index 000000000..b00a8e454
--- /dev/null
+++ b/makefu/2configs/bureautomation/switch/tasmota_switch.nix
@@ -0,0 +1,19 @@
+let
+ tasmota_plug = name: topic:
+ { platform = "mqtt";
+ inherit name;
+ state_topic = "/bam/${topic}/stat/POWER";
+ command_topic = "/bam/${topic}/cmnd/POWER";
+ availability_topic = "/bam/${topic}/tele/LWT";
+ payload_on= "ON";
+ payload_off= "OFF";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ };
+in [
+ (tasmota_plug "Bauarbeiterlampe" "plug")
+ (tasmota_plug "Blitzdings" "plug2")
+ (tasmota_plug "Fernseher" "plug3")
+ (tasmota_plug "Feuer" "plug4")
+ (tasmota_plug "Nachtlicht" "plug5")
+]
From 7e9a2417ba27a19d6db0a87b075b9d55a237931a Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 6 Mar 2019 16:42:52 +0100
Subject: [PATCH 056/149] ma homeautomation: update google-muell
---
makefu/2configs/homeautomation/default.nix | 65 +++++++++++++++----
.../2configs/homeautomation/google-muell.nix | 3 +-
2 files changed, 55 insertions(+), 13 deletions(-)
diff --git a/makefu/2configs/homeautomation/default.nix b/makefu/2configs/homeautomation/default.nix
index 2af311c3b..4e9ac0ee3 100644
--- a/makefu/2configs/homeautomation/default.nix
+++ b/makefu/2configs/homeautomation/default.nix
@@ -55,7 +55,8 @@ let
payload_not_available = "Offline";
};
- firetv = "192.168.1.238";
+ firetv = "192.168.1.183";
+ hassdir = "/var/lib/hass";
tasmota_plug = name: topic:
{ platform = "mqtt";
inherit name;
@@ -105,13 +106,7 @@ in {
imports = [
./mqtt.nix
];
- #systemd.services.firetv = {
- # wantedBy = [ "multi-user.target" ];
- # serviceConfig = {
- # User = "nobody";
- # ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
- # };
- #};
+
services.home-assistant = {
config = {
homeassistant = {
@@ -133,9 +128,11 @@ in {
{ platform = "kodi";
host = firetv;
}
- #{ platform = "firetv";
- # # assumes python-firetv running
- #}
+ { platform = "firetv";
+ name = "FireTV Stick";
+ host = firetv;
+ adbkey = <secrets/hass/adbkey>;
+ }
];
mqtt = {
broker = "localhost";
@@ -211,9 +208,12 @@ in {
flur = [
"light.flurlicht"
"binary_sensor.flur_bewegung"
+ "automation.dunkel_bei_sonnenuntergang"
+ "automation.hell_bei_sonnenaufgang"
];
wohnzimmer = [
"media_player.kodi"
+ "media_player.firetv_stick"
];
draussen = [
"sensor.dark_sky_temperature"
@@ -240,6 +240,47 @@ in {
];
light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ];
automation = [
+ { alias = "Dunkel bei Sonnenuntergang";
+ trigger = {
+ platform = "sun";
+ event = "sunset";
+ # offset: "-00:45:00"
+ };
+ action = [
+ {
+ service= "light.turn_on";
+ data = {
+ entity_id= "light.flurlicht";
+ # rgb_color = [ 0,0,0 ]; <-- TODO default color
+ brightness_pct = 15;
+ };
+ }
+ {
+ service= "light.turn_off";
+ entity_id= "light.flurlicht";
+ }
+ ];
+ }
+ { alias = "Hell bei Sonnenaufgang";
+ trigger = {
+ platform = "sun";
+ event = "sunrise";
+ # offset: "-00:00:00"
+ };
+ action = [
+ {
+ service= "light.turn_on";
+ data = {
+ entity_id= "light.flurlicht";
+ brightness_pct = 85;
+ };
+ }
+ {
+ service= "light.turn_off";
+ entity_id= "light.flurlicht";
+ }
+ ];
+ }
{ alias = "Staubsauger Strom aus nach 6h";
trigger = {
platform = "state";
@@ -255,7 +296,7 @@ in {
];
};
enable = true;
- #configDir = "/var/lib/hass";
+ configDir = hassdir;
};
nixpkgs.config.permittedInsecurePackages = [
"homeassistant-0.77.2"
diff --git a/makefu/2configs/homeautomation/google-muell.nix b/makefu/2configs/homeautomation/google-muell.nix
index 5870f298d..c81eae201 100644
--- a/makefu/2configs/homeautomation/google-muell.nix
+++ b/makefu/2configs/homeautomation/google-muell.nix
@@ -9,7 +9,8 @@ let
# TODO: generate this credential file locally
ampelcred = "${home}/google-muell-creds.json";
sleepval = "1800";
- default-color = "244,220,66";
+ # default-color = "18,63,40";
+ default-color = "255,127,0";
config_json = toFile "config.json" (toJSON {
mq_hostname = "localhost";
mq_port = 1883;
From 5a26810af163a89bcda3747611bf059c307ce1f3 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 6 Mar 2019 16:43:06 +0100
Subject: [PATCH 057/149] ma pkgs.ampel: bump rev
---
makefu/5pkgs/ampel/default.nix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/makefu/5pkgs/ampel/default.nix b/makefu/5pkgs/ampel/default.nix
index 70fdfda78..fb722a52f 100644
--- a/makefu/5pkgs/ampel/default.nix
+++ b/makefu/5pkgs/ampel/default.nix
@@ -2,7 +2,7 @@
with pkgs.python3Packages;buildPythonPackage rec {
name = "ampel-${version}";
- version = "0.2.4";
+ version = "0.2.5";
propagatedBuildInputs = [
docopt
@@ -16,8 +16,8 @@ with pkgs.python3Packages;buildPythonPackage rec {
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
- rev = "04e1c8c38ffe53175ae719121ad88534a8a662db";
- sha256 = "00jgr3jg2yi91hd7388v8rncfbq8fx8dvr03sg749dzpsg58hfxn";
+ rev = "ce239876820699f02054e71b4fd0950509833379";
+ sha256 = "1ja32lr04lwq4shi49kppa1zzjw0zlqaqy71pr5sbajgp4zj7kh8";
};
meta = {
homepage = http://cgit.euer.krebsco.de/ampel;
From 593a519f6eb210913be25c441cd54c25c12744c6 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 6 Mar 2019 16:43:52 +0100
Subject: [PATCH 058/149] ma crapi.r: split into software and hardware config
---
makefu/1systems/crapi/config.nix | 33 +------------------
makefu/1systems/crapi/hardware-config.nix | 39 +++++++++++++++++++++++
2 files changed, 40 insertions(+), 32 deletions(-)
create mode 100644 makefu/1systems/crapi/hardware-config.nix
diff --git a/makefu/1systems/crapi/config.nix b/makefu/1systems/crapi/config.nix
index d96b872d5..e7c6c3666 100644
--- a/makefu/1systems/crapi/config.nix
+++ b/makefu/1systems/crapi/config.nix
@@ -1,46 +1,15 @@
{ config, pkgs, lib, ... }:
{
- # :l <nixpkgs>
- # builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
imports = [
<stockholm/makefu>
+ ./hardware-config.nix
<stockholm/makefu/2configs>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/save-diskspace.nix>
];
krebs.build.host = config.krebs.hosts.crapi;
- # NixOS wants to enable GRUB by default
- boot.loader.grub.enable = false;
- # Enables the generation of /boot/extlinux/extlinux.conf
- boot.loader.generic-extlinux-compatible.enable = true;
-
- boot.kernelPackages = pkgs.linuxPackages_rpi;
-
- nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
- nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
-
- fileSystems = {
- "/boot" = {
- device = "/dev/disk/by-label/NIXOS_BOOT";
- fsType = "vfat";
- };
- "/" = {
- device = "/dev/disk/by-label/NIXOS_SD";
- fsType = "ext4";
- };
- };
-
- system.activationScripts.create-swap = ''
- if [ ! -e /swapfile ]; then
- fallocate -l 2G /swapfile
- mkswap /swapfile
- fi
- '';
- swapDevices = [ { device = "/swapfile"; size = 2048; } ];
-
- nix.package = lib.mkForce pkgs.nixStable;
services.openssh.enable = true;
}
diff --git a/makefu/1systems/crapi/hardware-config.nix b/makefu/1systems/crapi/hardware-config.nix
new file mode 100644
index 000000000..bba31dabd
--- /dev/null
+++ b/makefu/1systems/crapi/hardware-config.nix
@@ -0,0 +1,39 @@
+{ pkgs, lib, ... }:
+{
+ #raspi1
+ boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ];
+
+ boot.loader.grub.enable = false;
+ boot.loader.raspberryPi.enable = true;
+ boot.loader.raspberryPi.version = 1;
+ boot.loader.raspberryPi.uboot.enable = true;
+ boot.loader.raspberryPi.uboot.configurationLimit = 1;
+ boot.loader.generationsDir.enable = lib.mkDefault false;
+ hardware.enableRedistributableFirmware = true;
+ boot.cleanTmpDir = true;
+ environment.systemPackages = [ pkgs.raspberrypi-tools ];
+ boot.kernelPackages = pkgs.linuxPackages_rpi;
+
+ nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
+ nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
+
+ fileSystems = {
+ "/boot" = {
+ device = "/dev/disk/by-label/NIXOS_BOOT";
+ fsType = "vfat";
+ };
+ "/" = {
+ device = "/dev/disk/by-label/NIXOS_SD";
+ fsType = "ext4";
+ };
+ };
+
+ system.activationScripts.create-swap = ''
+ if [ ! -e /swapfile ]; then
+ fallocate -l 2G /swapfile
+ mkswap /swapfile
+ chmod 600 /swapfile
+ fi
+ '';
+ swapDevices = [ { device = "/swapfile"; size = 4096; } ];
+}
From 33e5e058c29c27c69db0ae100046dcf000895294 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 6 Mar 2019 16:44:14 +0100
Subject: [PATCH 059/149] ma x.r: re-enable virtualbox
---
makefu/1systems/x/config.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index ceeccc0b2..de55e9e89 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -59,7 +59,7 @@
# Virtualization
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
- # <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
+ <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
#{
# networking.firewall.allowedTCPPorts = [ 8080 ];
# networking.nat = {
From f0b56730f21e14680261b2e3ddcdd438bbd15903 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 6 Mar 2019 16:44:36 +0100
Subject: [PATCH 060/149] ma save-diskspace: programs.info ->
documentation.info
---
makefu/2configs/save-diskspace.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/makefu/2configs/save-diskspace.nix b/makefu/2configs/save-diskspace.nix
index 4fd569768..b6725e730 100644
--- a/makefu/2configs/save-diskspace.nix
+++ b/makefu/2configs/save-diskspace.nix
@@ -4,8 +4,8 @@ _:
environment.noXlibs = true;
nix.gc.automatic = true;
nix.gc.dates = "03:10";
- programs.info.enable = false;
- programs.man.enable = false;
+ documentation.info.enable = false;
+ documentation.man.enable = false;
services.journald.extraConfig = "SystemMaxUse=50M";
services.nixosManual.enable = false;
}
From 6615696461195bbfbfd0fe7ae0d8ff8a4f0b8db1 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 6 Mar 2019 16:45:01 +0100
Subject: [PATCH 061/149] ma pkgs.init-host: init
---
makefu/2configs/tools/dev.nix | 1 +
makefu/5pkgs/init-host/default.nix | 47 ++++++++++++++++++++++++++++++
2 files changed, 48 insertions(+)
create mode 100644 makefu/5pkgs/init-host/default.nix
diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index 0c877fc7b..fe25bd49a 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -26,5 +26,6 @@
nix-review
# git-related
tig
+ init-host
];
}
diff --git a/makefu/5pkgs/init-host/default.nix b/makefu/5pkgs/init-host/default.nix
new file mode 100644
index 000000000..d1d3f7195
--- /dev/null
+++ b/makefu/5pkgs/init-host/default.nix
@@ -0,0 +1,47 @@
+{ pkgs }:
+pkgs.writeDashBin "generate-secrets" ''
+ set -euf
+ HOSTNAME="''${1?must provide hostname}"
+ TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
+ PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
+ HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null
+
+ ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
+ ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
+ ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
+ cat <<EOF > $TMPDIR/hashedPasswords.nix
+ {
+ root = "$HASHED_PASSWORD";
+ }
+ EOF
+
+ cd $TMPDIR
+ for x in *; do
+ ${pkgs.coreutils}/bin/cat $x | secrets insert -m $HOSTNAME/$x > /dev/null
+ done
+ echo $PASSWORD | secrets insert -m $HOSTNAME/root > /dev/null
+
+ cat <<EOF
+ $HOSTNAME = {
+ cores = 1;
+ owner = config.krebs.users.makefu;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.changeme";
+ ip6.addr = "42:0:0:0:0:0:0:changeme";
+ aliases = [
+ "$HOSTNAME.r"
+ ];
+ tinc.pubkey = ${"''"}
+ $(cat $TMPDIR/retiolum.rsa_key.pub)
+ ${"''"};
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
+ };
+ EOF
+
+ rm -rf $TMPDIR
+''
+
From da5fb52eb08097565c0e78035beb14a8a0ab2366 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 6 Mar 2019 16:45:38 +0100
Subject: [PATCH 062/149] ma nixpkgs.json: bump revision
---
makefu/krops.nix | 1 +
makefu/nixpkgs.json | 6 +++---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/makefu/krops.nix b/makefu/krops.nix
index 57a3b3bbf..7c3fbcf4a 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -23,6 +23,7 @@
# nixos-18.09 @ 2018-09-18
# + uhub/sqlite: 5dd7610401747
# + hovercraft: 7134801b17d72
+ # + PR#53934: eac6797380af1
nixpkgs = if host-src.arm6 then {
# TODO: we want to track the unstable channel
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json
index 7c14f78a8..08dd7156e 100644
--- a/makefu/nixpkgs.json
+++ b/makefu/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/makefu/nixpkgs",
- "rev": "16fc6279dddabc42f8556d6368ed4215d916794f",
- "date": "2019-02-16T22:29:33+01:00",
- "sha256": "0bgm0gybqysy1si2zd8b2h6200hgmi8qsyi6qhcnvd4n555f3iic",
+ "rev": "cba65c1ab2aec20f0eaa77d6747f16798688e1bb",
+ "date": "2019-02-25T00:04:17+01:00",
+ "sha256": "1h6d9kghs7n7nql7fw5v9fpmpgdq6xq62npc7cfvyam8g4ma9iwn",
"fetchSubmodules": false
}
From 44540e08146438e99840c6aff1af1b9a312d54ed Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 7 Mar 2019 21:50:19 +0100
Subject: [PATCH 063/149] nixpkgs: 4c0be40 -> 8abca4b
---
krebs/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index b93f612dd..28c98ceb2 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "4c0be40815511c7e5f592e95587ef075487639b5",
- "date": "2019-03-02T20:00:09+00:00",
- "sha256": "1vk04dsbvhj99s2pdwq0m5glckxqa8c1wz3p14d4zabkggnqhini",
+ "rev": "8abca4bc7b8b313c6e3073d074d623d1095c0dba",
+ "date": "2019-03-07T09:54:51+01:00",
+ "sha256": "1qhhlqkwzxwhq8ga4n7p4zg4nrhl79m6x4qd0pgaic6n4z5m82gr",
"fetchSubmodules": false
}
From 7c91bed008282d311d38589d33d5689e9b1f2f1a Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 13 Mar 2019 08:14:24 +0100
Subject: [PATCH 064/149] ma 0tests/secrets: add adbkey dummy
---
makefu/0tests/data/secrets/hass/adbkey | 0
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 makefu/0tests/data/secrets/hass/adbkey
diff --git a/makefu/0tests/data/secrets/hass/adbkey b/makefu/0tests/data/secrets/hass/adbkey
new file mode 100644
index 000000000..e69de29bb
From 426bbeaf50fbe67d34ee43f4160058c74a3f11fe Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 13 Mar 2019 10:52:08 +0100
Subject: [PATCH 065/149] ma home-manager: add taskwarrior
---
makefu/2configs/home-manager/taskwarrior.nix | 25 ++++++++++++++++++++
1 file changed, 25 insertions(+)
create mode 100644 makefu/2configs/home-manager/taskwarrior.nix
diff --git a/makefu/2configs/home-manager/taskwarrior.nix b/makefu/2configs/home-manager/taskwarrior.nix
new file mode 100644
index 000000000..8ad16dcf2
--- /dev/null
+++ b/makefu/2configs/home-manager/taskwarrior.nix
@@ -0,0 +1,25 @@
+{pkgs, ... }:
+let
+ loc = "/home/makefu/.task";
+in {
+ state = [ "${loc}/keys" ];
+ home-manager.users.makefu.programs.taskwarrior = {
+ enable = true;
+ dataLocation = loc;
+ config = {
+ default.command = "list";
+ taskd = {
+ server = "gum:53589";
+ certificate = "${loc}/keys/public.crt";
+ key = "${loc}/keys/private.key";
+ ca = "${loc}/keys/ca.crt";
+ credentials = "home/makefu/0e6c8146-1ddb-4906-9369-8f77e34cdf84";
+ };
+ context = {
+ work = "tags:work";
+ shack = "tags:shack";
+ home = "tags:home";
+ };
+ };
+ };
+}
From 57850480ee30c57425581f0a6ad141e3a02dca48 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 19 Mar 2019 19:49:24 +0100
Subject: [PATCH 066/149] power-action module: no need for stockholm/lib
this makes the module available to be reused by others without the need
for having stockholm in the search path
---
krebs/3modules/power-action.nix | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix
index f405482de..78f2b8ebd 100644
--- a/krebs/3modules/power-action.nix
+++ b/krebs/3modules/power-action.nix
@@ -1,7 +1,6 @@
{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
+with lib;
let
cfg = config.krebs.power-action;
From ed499a84a9fe067c80e5a4768482333863c1e9ad Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Thu, 21 Mar 2019 20:08:41 +0100
Subject: [PATCH 067/149] j brauerei: now on i3
---
jeschli/1systems/brauerei/config.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index ecf40a615..b9bb021b8 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -145,10 +145,11 @@ in
'';
}
];
-
};
};
+ services.xserver.windowManager.i3.enable = true;
+
users.extraUsers.jeschli = { # TODO: define as krebs.users
isNormalUser = true;
extraGroups = ["docker" "vboxusers" "audio"];
From 9a58e882acf7268ba28eeb6e6d5a174342f018f5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 22 Mar 2019 07:56:13 +0100
Subject: [PATCH 068/149] types host: add syncthing.id
---
lib/types.nix | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/types.nix b/lib/types.nix
index 45c009893..9001bc7c3 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -86,6 +86,12 @@ rec {
type = nullOr ssh-privkey;
default = null;
};
+
+ syncthing.id = mkOption {
+ # TODO syncthing id type
+ type = nullOr string;
+ default = null;
+ };
};
});
From 67d3a55df5dd7a96d21781a581c249a9e50caaec Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 22 Mar 2019 07:57:34 +0100
Subject: [PATCH 069/149] k: add syncthing module
---
krebs/3modules/default.nix | 1 +
krebs/3modules/syncthing.nix | 129 +++++++++++++++++++++++++++++++++++
2 files changed, 130 insertions(+)
create mode 100644 krebs/3modules/syncthing.nix
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 9c2f53cbe..567c077eb 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -48,6 +48,7 @@ let
./rtorrent.nix
./secret.nix
./setuid.nix
+ ./syncthing.nix
./tinc.nix
./tinc_graphs.nix
./urlwatch.nix
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
new file mode 100644
index 000000000..389da81d4
--- /dev/null
+++ b/krebs/3modules/syncthing.nix
@@ -0,0 +1,129 @@
+{ config, pkgs, ... }: with import <stockholm/lib>;
+
+let
+
+ cfg = config.krebs.syncthing;
+
+ devices = mapAttrsToList (name: peer: {
+ name = name;
+ deviceID = peer.id;
+ addresses = peer.addresses;
+ }) cfg.peers;
+
+ folders = map (folder: {
+ inherit (folder) path type;
+ id = folder.path;
+ devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
+ rescanIntervalS = folder.rescanInterval;
+ }) cfg.folders;
+
+ getApiKey = pkgs.writeDash "getAPIKey" ''
+ ${pkgs.libxml2}/bin/xmllint \
+ --xpath 'string(configuration/gui/apikey)'\
+ ${config.services.syncthing.dataDir}/config.xml
+ '';
+
+ updateConfig = pkgs.writeDash "merge-syncthing-config" ''
+ set -efu
+ API_KEY=$(${getApiKey})
+ CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config)
+ echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * {
+ "devices": ${builtins.toJSON devices},
+ "folders": ${builtins.toJSON folders}
+ }' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @-
+ ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST
+ '';
+
+in
+
+{
+ options.krebs.syncthing = {
+
+ enable = mkEnableOption "syncthing-init";
+
+ id = mkOption {
+ type = types.str;
+ default = config.krebs.build.host.name;
+ };
+
+ cert = mkOption {
+ type = types.nullOr types.absolute-pathname;
+ default = null;
+ };
+
+ key = mkOption {
+ type = types.nullOr types.absolute-pathname;
+ default = null;
+ };
+
+ peers = mkOption {
+ default = {};
+ type = types.attrsOf (types.submodule ({
+ options = {
+
+ # TODO make into addr + port submodule
+ addresses = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ };
+
+ #TODO check
+ id = mkOption {
+ type = types.str;
+ };
+
+ };
+ }));
+ };
+
+ folders = mkOption {
+ default = [];
+ type = types.listOf (types.submodule ({
+ options = {
+
+ path = mkOption {
+ type = types.absolute-pathname;
+ };
+
+ peers = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ };
+
+ rescanInterval = mkOption {
+ type = types.int;
+ default = 60;
+ };
+
+ type = mkOption {
+ type = types.enum [ "sendreceive" "sendonly" "receiveonly" ];
+ default = "sendreceive";
+ };
+
+ };
+ }));
+ };
+ };
+
+ config = (mkIf cfg.enable) {
+
+ systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
+ preStart = ''
+ ${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"}
+ ${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"}
+ '';
+ };
+
+ systemd.services.syncthing-init = {
+ after = [ "syncthing.service" ];
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig = {
+ User = config.services.syncthing.user;
+ RemainAfterExit = true;
+ Type = "oneshot";
+ ExecStart = updateConfig;
+ };
+ };
+ };
+}
From 90ab9c288e0baa6f2e7f7b2e7cdffd10bda89938 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 22 Mar 2019 08:01:03 +0100
Subject: [PATCH 070/149] l: add syncthing ids for mors, icarus & skynet
---
krebs/3modules/lass/default.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 630c14f18..6849f0813 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -204,6 +204,7 @@ in {
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
+ syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH";
};
shodan = {
cores = 2;
@@ -270,6 +271,7 @@ in {
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
+ syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4";
};
daedalus = {
cores = 2;
@@ -328,6 +330,7 @@ in {
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
+ syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3";
};
littleT = {
cores = 2;
From 96fc1908a2488fd4ccedfea7b6bdf64425de2e83 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 22 Mar 2019 08:07:04 +0100
Subject: [PATCH 071/149] l syncthing: use module
---
lass/1systems/icarus/config.nix | 1 +
lass/1systems/skynet/config.nix | 1 +
lass/2configs/syncthing.nix | 9 +++++++++
lass/2configs/tests/dummy-secrets/syncthing.cert | 0
lass/2configs/tests/dummy-secrets/syncthing.key | 0
5 files changed, 11 insertions(+)
create mode 100644 lass/2configs/tests/dummy-secrets/syncthing.cert
create mode 100644 lass/2configs/tests/dummy-secrets/syncthing.key
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index d2d4bd3eb..868d75083 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -17,6 +17,7 @@
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/blue-host.nix>
+ <stockholm/lass/2configs/syncthing.nix>
];
krebs.build.host = config.krebs.hosts.icarus;
diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
index 4b806af7b..0bf3e6b4d 100644
--- a/lass/1systems/skynet/config.nix
+++ b/lass/1systems/skynet/config.nix
@@ -7,6 +7,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/power-action.nix>
+ <stockholm/lass/2configs/syncthing.nix>
{
services.xserver.enable = true;
services.xserver.desktopManager.xfce.enable = true;
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index 17debf822..164e89679 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -8,4 +8,13 @@ with import <stockholm/lib>;
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
{ predicate = "-p udp --dport 21027"; target = "ACCEPT";}
];
+ krebs.syncthing = {
+ enable = true;
+ cert = toString <secrets/syncthing.cert>;
+ key = toString <secrets/syncthing.key>;
+ peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
+ folders = [
+ { path = "/tmp/testsync"; peers = [ "icarus" "mors" "skynet" ]; }
+ ];
+ };
}
diff --git a/lass/2configs/tests/dummy-secrets/syncthing.cert b/lass/2configs/tests/dummy-secrets/syncthing.cert
new file mode 100644
index 000000000..e69de29bb
diff --git a/lass/2configs/tests/dummy-secrets/syncthing.key b/lass/2configs/tests/dummy-secrets/syncthing.key
new file mode 100644
index 000000000..e69de29bb
From e1f33f0b588cbdc28a91790ee372359678ae8dbe Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Mar 2019 14:18:03 +0100
Subject: [PATCH 072/149] l littleT: add wiregrill & syncthing
---
krebs/3modules/lass/default.nix | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 6849f0813..eaba2d734 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -368,10 +368,18 @@ in {
-----END RSA PUBLIC KEY-----
'';
};
+ wiregrill = {
+ ip6.addr = w6 "771e";
+ aliases = [
+ "littleT.w"
+ ];
+ wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg=";
+ };
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
+ syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD";
};
red = {
monitoring = false;
From c3a1847b9826b9bd08bbf21d006ce7e5e3fe57e1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Mar 2019 16:02:07 +0100
Subject: [PATCH 073/149] l blue: add syncthing.id
---
krebs/3modules/lass/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index eaba2d734..575ff3d62 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -485,6 +485,7 @@ in {
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
+ syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD";
};
phone = {
nets = {
From 84d0489583e2ee8a299d066e57e28f899c23c3d5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Mar 2019 16:03:20 +0100
Subject: [PATCH 074/149] l phone: add syncthing.id
---
krebs/3modules/lass/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 575ff3d62..7352d36e9 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -499,6 +499,7 @@ in {
};
external = true;
ci = false;
+ syncthing.id = "V6D4CKT-7POOIKX-KB6UM7R-3R774RB-DSZ26FE-MSW3VTO-6AIJCIA-ZHJXKA7";
};
morpheus = {
cores = 1;
From 0bb9321d1b979f64703c22fa6c25a46776da50af Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Mar 2019 16:04:01 +0100
Subject: [PATCH 075/149] syncthing folders: add watch & ignorePerms options
---
krebs/3modules/syncthing.nix | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index 389da81d4..485dd3991 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -15,6 +15,9 @@ let
id = folder.path;
devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
rescanIntervalS = folder.rescanInterval;
+ fsWatcherEnabled = folder.watch;
+ fsWatcherDelayS = folder.watchDelay;
+ ignorePerms = folder.ignorePerms;
}) cfg.folders;
getApiKey = pkgs.writeDash "getAPIKey" ''
@@ -100,6 +103,21 @@ in
default = "sendreceive";
};
+ watch = mkOption {
+ type = types.bool;
+ default = true;
+ };
+
+ watchDelay = mkOption {
+ type = types.int;
+ default = 10;
+ };
+
+ ignorePerms = mkOption {
+ type = types.bool;
+ default = true;
+ };
+
};
}));
};
From 86150b31f20772c761dac2ce76862928bcc07537 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Mar 2019 16:04:22 +0100
Subject: [PATCH 076/149] syncthing: wait for service startup
---
krebs/3modules/syncthing.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index 485dd3991..e7f95f7fc 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -28,6 +28,8 @@ let
updateConfig = pkgs.writeDash "merge-syncthing-config" ''
set -efu
+ # wait for service to restart
+ ${pkgs.untilport}/bin/untilport localhost 8384
API_KEY=$(${getApiKey})
CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config)
echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * {
From 67ca249e33e977a83b54b21ad7c717e3eaa38d84 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Mar 2019 16:04:50 +0100
Subject: [PATCH 077/149] syncthing: increase rescanInterval to track upstream
---
krebs/3modules/syncthing.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index e7f95f7fc..3c60eec4b 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -97,7 +97,7 @@ in
rescanInterval = mkOption {
type = types.int;
- default = 60;
+ default = 3600;
};
type = mkOption {
From 5b15417be2e76e3df03f8b67baaf29230cfa88c6 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Mar 2019 16:05:21 +0100
Subject: [PATCH 078/149] l icarus.r: enable thinkfan
---
lass/1systems/icarus/physical.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix
index 6cc77a47d..d764dabc1 100644
--- a/lass/1systems/icarus/physical.nix
+++ b/lass/1systems/icarus/physical.nix
@@ -17,4 +17,6 @@
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
+
+ services.thinkfan.enable = true;
}
From db9a1e4bb93f8023daf7b360b2719dc92f744217 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Mar 2019 16:06:39 +0100
Subject: [PATCH 079/149] l blue.r & littleT.r: import syncthing
---
lass/1systems/blue/config.nix | 1 +
lass/1systems/littleT/config.nix | 1 +
2 files changed, 2 insertions(+)
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index a84bb37f6..d740403da 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -8,6 +8,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/blue.nix>
+ <stockholm/lass/2configs/syncthing.nix>
];
krebs.build.host = config.krebs.hosts.blue;
diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix
index 7fe143c3c..eee23ee60 100644
--- a/lass/1systems/littleT/config.nix
+++ b/lass/1systems/littleT/config.nix
@@ -7,6 +7,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/blue-host.nix>
+ <stockholm/lass/2configs/syncthing.nix>
];
networking.networkmanager.enable = true;
From 6654f03b09b7b80e3ee6339c92e6172579349744 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Mar 2019 16:08:20 +0100
Subject: [PATCH 080/149] l: enable netdata on all hosts
---
lass/2configs/default.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 2547e8bac..085cc04b7 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -218,4 +218,7 @@ with import <stockholm/lib>;
networking.dhcpcd.extraConfig = ''
noipv4ll
'';
+ services.netdata = {
+ enable = true;
+ };
}
From 966620d6c64bbb2a375e2dc30d8a70c636cd8864 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Apr 2019 09:11:33 +0200
Subject: [PATCH 081/149] ma pkgs.prison-break: init at 0.1.0
---
makefu/5pkgs/prison-break/default.nix | 20 +++++++++++++++++
makefu/5pkgs/prison-break/straight-plugin.nix | 22 +++++++++++++++++++
2 files changed, 42 insertions(+)
create mode 100644 makefu/5pkgs/prison-break/default.nix
create mode 100644 makefu/5pkgs/prison-break/straight-plugin.nix
diff --git a/makefu/5pkgs/prison-break/default.nix b/makefu/5pkgs/prison-break/default.nix
new file mode 100644
index 000000000..f86ac3762
--- /dev/null
+++ b/makefu/5pkgs/prison-break/default.nix
@@ -0,0 +1,20 @@
+{pkgs, fetchFromGitHub}:
+with pkgs.python3.pkgs;
+
+buildPythonPackage rec {
+ pname = "prison-break";
+ version = "0.1.0";
+ src = fetchFromGitHub {
+ owner = "makefu";
+ repo = pname;
+ rev = "5eed6371e151e716faafa054e005bd98d77b4b5d";
+ sha256 = "170zs9grbgkx83ghg6pm13v7vhi604y44j550ypp2x26nidaw63j";
+ };
+ propagatedBuildInputs = [
+ docopt
+ requests
+ beautifulsoup4
+ (callPackage ./straight-plugin.nix {})
+ ];
+ checkInputs = [ black ];
+}
diff --git a/makefu/5pkgs/prison-break/straight-plugin.nix b/makefu/5pkgs/prison-break/straight-plugin.nix
new file mode 100644
index 000000000..606c60b5d
--- /dev/null
+++ b/makefu/5pkgs/prison-break/straight-plugin.nix
@@ -0,0 +1,22 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+}:
+
+buildPythonPackage rec {
+ pname = "straight-plugin";
+ version = "1.5.0";
+
+ src = fetchPypi {
+ pname = "straight.plugin";
+ inherit version;
+ sha256 = "818a7641068932ed6436d0af0a3bb77bbbde29df0a7142c8bd1a249e7c2f0d38";
+ };
+
+ meta = with lib; {
+ description = "A simple namespaced plugin facility";
+ homepage = https://github.com/ironfroggy/straight.plugin;
+ license = licenses.mit;
+ maintainers = [ maintainers.makefu ];
+ };
+}
From f7a22959ca67c1426149b61b518fec663d81d0c1 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Apr 2019 09:14:03 +0200
Subject: [PATCH 082/149] gitlab-ci: trigger NUR update
---
.gitlab-ci.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1946f269e..6d2f15063 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,5 +15,6 @@ nur-packages makefu:
- git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD
- git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git
- git push --force deploy HEAD:master
+ - curl -XPOST http://nur-update.herokuapp.com/update?repo=makefu
after_script:
- rm -f deploy.key
From bce8dd2348af3f15a6fe3c9cb91b5b7576c2bf99 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Apr 2019 09:18:10 +0200
Subject: [PATCH 083/149] ma editors/vim: try out languageClient
---
makefu/2configs/editor/vim.nix | 1 +
makefu/2configs/editor/vimrc | 11 +++++++++++
2 files changed, 12 insertions(+)
diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix
index d14a611b4..8a58e44de 100644
--- a/makefu/2configs/editor/vim.nix
+++ b/makefu/2configs/editor/vim.nix
@@ -23,6 +23,7 @@ in {
vimrcConfig.vam.pluginDictionaries = [
{ names = [ "undotree"
# "YouCompleteMe"
+ "LanguageClient-neovim"
"vim-better-whitespace" ]; }
# vim-nix handles indentation better but does not perform sanity
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc
index 8cdab55db..96c505ba8 100644
--- a/makefu/2configs/editor/vimrc
+++ b/makefu/2configs/editor/vimrc
@@ -96,3 +96,14 @@ augroup Binary
au BufWritePost *.bin if &bin | %!xxd
au BufWritePost *.bin set nomod | endif
augroup END
+
+let g:LanguageClient_serverCommands = {
+\ 'python': ['pyls']
+\ }
+nnoremap <F6> :call LanguageClient_contextMenu()<CR>
+nnoremap <silent> gh :call LanguageClient_textDocument_hover()<CR>
+nnoremap <silent> gd :call LanguageClient_textDocument_definition()<CR>
+nnoremap <silent> gr :call LanguageClient_textDocument_references()<CR>
+nnoremap <silent> gs :call LanguageClient_textDocument_documentSymbol()<CR>
+nnoremap <silent> <F2> :call LanguageClient_textDocument_rename()<CR>
+nnoremap <silent> gf :call LanguageClient_textDocument_formatting()<CR>
From df60cdea0a5beb2df8046bc85b8789862ee8c040 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Apr 2019 09:50:16 +0200
Subject: [PATCH 084/149] ma bureautomation: remove faulty motion detector
---
.../bureautomation/automation/10h_timer.nix | 5 +-
.../automation/bureau-shutdown.nix | 27 ++++----
.../bureautomation/automation/nachtlicht.nix | 4 +-
.../bureautomation/device_tracker/openwrt.nix | 14 ++++
.../2configs/bureautomation/devices/users.nix | 17 +++++
makefu/2configs/bureautomation/hass.nix | 65 ++++++++++++++-----
.../2configs/bureautomation/person/team.nix | 29 +++++++++
.../bureautomation/switch/rfbridge.nix | 17 +++++
.../bureautomation/switch/tasmota_switch.nix | 2 +-
9 files changed, 144 insertions(+), 36 deletions(-)
create mode 100644 makefu/2configs/bureautomation/device_tracker/openwrt.nix
create mode 100644 makefu/2configs/bureautomation/devices/users.nix
create mode 100644 makefu/2configs/bureautomation/person/team.nix
create mode 100644 makefu/2configs/bureautomation/switch/rfbridge.nix
diff --git a/makefu/2configs/bureautomation/automation/10h_timer.nix b/makefu/2configs/bureautomation/automation/10h_timer.nix
index a311d468c..d86b46179 100644
--- a/makefu/2configs/bureautomation/automation/10h_timer.nix
+++ b/makefu/2configs/bureautomation/automation/10h_timer.nix
@@ -2,8 +2,9 @@
{ alias = "start Felix 10h";
trigger = {
platform = "state";
- entity_id = "binary_sensor.redbutton";
- to = "on";
+ entity_id = [ "device_tracker.felix_phone" "device_tracker.felix_laptop" ];
+ from = "not_home";
+ to = "home";
};
condition = {
condition = "and";
diff --git a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix
index 9e6574300..1def5f3ad 100644
--- a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix
+++ b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix
@@ -1,9 +1,10 @@
[
- { alias = "Turn on Fernseher on movement";
+ { alias = "Turn on Fernseher on group home";
trigger = {
- platform = "state";
- entity_id = "binary_sensor.motion";
- to = "on";
+ condition = "state";
+ entity_id = "group.team";
+ from = "not_home";
+ to = "home";
};
action = {
service = "homeassistant.turn_on";
@@ -13,15 +14,15 @@
];
};
}
- { alias = "Turn off Fernseher 10 minutes after last movement";
+ { alias = "Turn off Fernseher after last in group left";
trigger = [
{ # trigger when movement was detected at the time
- platform = "state";
- entity_id = "binary_sensor.motion";
- to = "off";
- for.minutes = 10;
+ condition = "state";
+ entity_id = "group.team";
+ from = "home";
+ to = "not_home";
}
- { # trigger at 20:00 no matter what
+ { # trigger at 18:00 no matter what
# to avoid 'everybody left before 18:00:00'
platform = "time";
at = "18:00:00";
@@ -44,10 +45,10 @@
after = "18:00:00";
# weekday = [ "mon" "tue" "wed" "thu" "fri" ];
}
- {
+ { # if anybody is still there
condition = "state";
- entity_id = "binary_sensor.motion";
- state = "off";
+ entity_id = "group.team";
+ state = "not_home";
}
];
};
diff --git a/makefu/2configs/bureautomation/automation/nachtlicht.nix b/makefu/2configs/bureautomation/automation/nachtlicht.nix
index 066e9b06c..2becd4a39 100644
--- a/makefu/2configs/bureautomation/automation/nachtlicht.nix
+++ b/makefu/2configs/bureautomation/automation/nachtlicht.nix
@@ -9,7 +9,7 @@
action =
{
service = "homeassistant.turn_off";
- entity_id = [ "switch.nachtlicht" ];
+ entity_id = [ "group.nachtlicht" ];
};
}
@@ -37,7 +37,7 @@
action =
{
service = "homeassistant.turn_on";
- entity_id = [ "switch.nachtlicht" ];
+ entity_id = [ "group.nachtlicht" ];
};
}
]
diff --git a/makefu/2configs/bureautomation/device_tracker/openwrt.nix b/makefu/2configs/bureautomation/device_tracker/openwrt.nix
new file mode 100644
index 000000000..0db9821a1
--- /dev/null
+++ b/makefu/2configs/bureautomation/device_tracker/openwrt.nix
@@ -0,0 +1,14 @@
+[
+ { platform = "luci";
+ name = "router";
+ host = "192.168.8.1";
+ username = "root";
+ password = import <secrets/hass/router.nix>;
+ interval_seconds = 30; # instead of 12seconds
+ consider_home = 300; # 5 minutes timeout
+ new_device_defaults = {
+ track_new_devices = true;
+ hide_if_away = false;
+ };
+ }
+]
diff --git a/makefu/2configs/bureautomation/devices/users.nix b/makefu/2configs/bureautomation/devices/users.nix
new file mode 100644
index 000000000..305c0ca86
--- /dev/null
+++ b/makefu/2configs/bureautomation/devices/users.nix
@@ -0,0 +1,17 @@
+{
+ thorsten-phone = {
+ name = "Thorsten";
+ mac = "8c:f5:a3:bc:83:a0";
+ track = true;
+ hide_if_away = true;
+ };
+ felix-laptop = {
+ name = "Felix";
+ mac = "6c:88:14:b4:43:9c";
+ track = true;
+ hide_if_away = true;
+ };
+ # b0:e5:ed:52:ee:43 - honor8
+ # 38:94:96:b0:13:c7 - android-4ef03e4f4a14b6b9
+ # ac:5f:3e:cc:b8:5e - Galaxy S7
+}
diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix
index 007d00b09..a104f0c44 100644
--- a/makefu/2configs/bureautomation/hass.nix
+++ b/makefu/2configs/bureautomation/hass.nix
@@ -1,8 +1,9 @@
{ pkgs, lib, ... }:
let
+ kodi-host = "192.168.8.11";
in {
networking.firewall.allowedTCPPorts = [ 8123 ];
-
+ state = [ "/var/lib/hass/known_devices.yaml" ];
services.home-assistant = {
enable = true;
config = {
@@ -33,7 +34,8 @@ in {
retain = true;
};
};
- switch = (import ./switch/tasmota_switch.nix);
+ switch = (import ./switch/tasmota_switch.nix) ++
+ (import ./switch/rfbridge.nix);
light = (import ./light/statuslight.nix) ++
(import ./light/buzzer.nix);
timer = {
@@ -54,7 +56,12 @@ in {
{
platform = "kodi";
name = "wbob";
- host = "192.168.8.11";
+ host = kodi-host;
+ }
+ ];
+ media_player = [
+ { platform = "kodi";
+ host = kodi-host;
}
];
script = (import ./script/multi_blink.nix) {inherit lib;};
@@ -70,6 +77,10 @@ in {
camera =
(import ./camera/verkehrskamera.nix);
+ # not yet released
+ #person =
+ # (import ./person/team.nix );
+
frontend = { };
http = { };
conversation = {};
@@ -82,36 +93,55 @@ in {
{ view = "yes";
entities = [
"group.sensors"
+ "group.camera"
"group.outside"
- "group.switches"
- "group.automation"
- # "group.camera"
+ "group.team"
+ "group.nachtlicht"
+ # "group.switches"
];
};
automation = [
- "timer.felix_10h"
- "script.blitz_10s"
- "script.buzz_red_led_fast"
- "camera.Baumarkt"
];
switches = [
"switch.bauarbeiterlampe"
"switch.blitzdings"
"switch.fernseher"
"switch.feuer"
- "switch.nachtlicht"
"light.status_felix"
"light.status_daniel"
"light.buslicht"
"light.redbutton_buzzer"
];
-
- camera = [ ];
+ team = [
+ "device_tracker.thorsten_phone"
+ "device_tracker.felix_phone"
+ "device_tracker.ecki_tablet"
+ "device_tracker.daniel_phone"
+ "device_tracker.carsten_phone"
+ # "person.thorsten"
+ # "person.felix"
+ # "person.ecki"
+ # "person.daniel"
+ ];
+ camera = [
+ "camera.Baumarkt"
+ "camera.Autobahn_Heilbronn"
+ "camera.Autobahn_Singen"
+ ];
+ nachtlicht = [
+ "switch.nachtlicht_a"
+ "switch.nachtlicht_b"
+ "switch.nachtlicht_c"
+ "switch.nachtlicht_d"
+ ];
sensors = [
- "binary_sensor.motion"
- "binary_sensor.redbutton"
+ "media_player.kodi"
+ "script.blitz_10s"
+ "script.buzz_red_led_fast"
+ "timer.felix_10h"
"sensor.easy2_dht22_humidity"
"sensor.easy2_dht22_temperature"
+ # "binary_sensor.redbutton"
];
outside = [
# "sensor.ditzingen_pm10"
@@ -120,8 +150,7 @@ in {
"sensor.dark_sky_humidity"
# "sensor.dark_sky_pressure"
"sensor.dark_sky_hourly_summary"
- "camera.Autobahn_Heilbronn"
- "camera.Autobahn_Singen"
+ "device_tracker.router"
];
};
# only for automation
@@ -131,7 +160,7 @@ in {
automation = (import ./automation/bureau-shutdown.nix) ++
(import ./automation/nachtlicht.nix) ++
(import ./automation/10h_timer.nix);
-
+ device_tracker = (import ./device_tracker/openwrt.nix );
};
};
}
diff --git a/makefu/2configs/bureautomation/person/team.nix b/makefu/2configs/bureautomation/person/team.nix
new file mode 100644
index 000000000..e18c42194
--- /dev/null
+++ b/makefu/2configs/bureautomation/person/team.nix
@@ -0,0 +1,29 @@
+[
+ { name = "Thorsten";
+ id = 1;
+ device_trackers = [
+ "device_tracker.thorsten_phone"
+ "device_tracker.thorsten_arbeitphone"
+ ];
+ }
+ { name = "Felix";
+ id = 2;
+ device_trackers = [
+ "device_tracker.felix_phone"
+ "device_tracker.felix_laptop"
+ ];
+ }
+ { name = "Ecki";
+ id = 3;
+ device_trackers = [
+ "device_tracker.ecki_phone"
+ "device_tracker.ecki_tablet"
+ ];
+ }
+ { name = "Daniel";
+ id = 4;
+ device_trackers = [
+ "device_tracker.daniel_phone"
+ ];
+ }
+]
diff --git a/makefu/2configs/bureautomation/switch/rfbridge.nix b/makefu/2configs/bureautomation/switch/rfbridge.nix
new file mode 100644
index 000000000..1336549a3
--- /dev/null
+++ b/makefu/2configs/bureautomation/switch/rfbridge.nix
@@ -0,0 +1,17 @@
+let
+ topic = "rfbridge";
+ bridge = name: payload_on: payload_off:
+ { platform = "mqtt";
+ inherit name payload_on payload_off;
+ command_topic = "/bam/${topic}/cmnd/rfcode";
+ availability_topic = "/bam/${topic}/tele/LWT";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ };
+in
+[
+ (bridge "Nachtlicht A" "#414551" "#414554")
+ (bridge "Nachtlicht B" "#415151" "#415154")
+ (bridge "Nachtlicht C" "#415451" "#415454")
+ (bridge "Nachtlicht D" "#41551F" "#415514")
+]
diff --git a/makefu/2configs/bureautomation/switch/tasmota_switch.nix b/makefu/2configs/bureautomation/switch/tasmota_switch.nix
index b00a8e454..eb7b5fb80 100644
--- a/makefu/2configs/bureautomation/switch/tasmota_switch.nix
+++ b/makefu/2configs/bureautomation/switch/tasmota_switch.nix
@@ -15,5 +15,5 @@ in [
(tasmota_plug "Blitzdings" "plug2")
(tasmota_plug "Fernseher" "plug3")
(tasmota_plug "Feuer" "plug4")
- (tasmota_plug "Nachtlicht" "plug5")
+ (tasmota_plug "Blaulicht" "plug5")
]
From b162f79087cf0d02948a1cd76697e4958fd37e59 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Apr 2019 11:11:30 +0200
Subject: [PATCH 085/149] ma 0tests: add router secret
---
makefu/0tests/data/secrets/hass/router.nix | 1 +
1 file changed, 1 insertion(+)
create mode 100644 makefu/0tests/data/secrets/hass/router.nix
diff --git a/makefu/0tests/data/secrets/hass/router.nix b/makefu/0tests/data/secrets/hass/router.nix
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/makefu/0tests/data/secrets/hass/router.nix
@@ -0,0 +1 @@
+
From 854bd37b06a4bddcf5d71e7c6a2264eaac66c928 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Apr 2019 15:37:35 +0200
Subject: [PATCH 086/149] ma pkgs.bento4: rip (upstreamed)
init-host: put into configs to still be able to push to NUR
---
.../tools}/init-host/default.nix | 0
makefu/5pkgs/bento4/default.nix | 29 -------------------
makefu/5pkgs/default.nix | 2 +-
3 files changed, 1 insertion(+), 30 deletions(-)
rename makefu/{5pkgs => 2configs/tools}/init-host/default.nix (100%)
delete mode 100644 makefu/5pkgs/bento4/default.nix
diff --git a/makefu/5pkgs/init-host/default.nix b/makefu/2configs/tools/init-host/default.nix
similarity index 100%
rename from makefu/5pkgs/init-host/default.nix
rename to makefu/2configs/tools/init-host/default.nix
diff --git a/makefu/5pkgs/bento4/default.nix b/makefu/5pkgs/bento4/default.nix
deleted file mode 100644
index 6f5f1deba..000000000
--- a/makefu/5pkgs/bento4/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ stdenv, fetchFromGitHub
-, cmake
-}:
-stdenv.mkDerivation rec {
- name = "bento4-${version}";
- version = "1.5.1-624";
-
- src = fetchFromGitHub {
- owner = "axiomatic-systems";
- repo = "Bento4";
- rev = "v${version}";
- sha256 = "1cq6vhrq3n3lc1n454slbc66qdyqam2srxgdhfpyfxbq5c4y06nf";
- };
-
- nativeBuildInputs = [ cmake ];
- installPhase = ''
- mkdir -p $out/{lib,bin}
- find -iname '*.so' -exec mv --target-directory="$out/lib" {} \;
- find -maxdepth 1 -executable -type f -exec mv --target-directory="$out/bin" {} \;
- '';
-
- meta = with stdenv.lib; {
- description = "Full-featured MP4 format and MPEG DASH library and tools";
- homepage = http://bento4.com;
- license = licenses.gpl3;
- maintainers = with maintainers; [ makefu ];
- platforms = with platforms; linux;
- };
-}
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 8ae41427c..1ae10459f 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -1,4 +1,4 @@
-self: super:
+self: super:
with super.lib; with builtins; let
# This callPackage will try to detect obsolete overrides.
callPackage = path: args: let
From f22610b839fb2c6535567d921a538f645439c65d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Apr 2019 15:48:19 +0200
Subject: [PATCH 087/149] ma pkgs.targetcli: rip
---
makefu/5pkgs/targetcli/default.nix | 64 ------------------------------
1 file changed, 64 deletions(-)
delete mode 100644 makefu/5pkgs/targetcli/default.nix
diff --git a/makefu/5pkgs/targetcli/default.nix b/makefu/5pkgs/targetcli/default.nix
deleted file mode 100644
index 927c34c5a..000000000
--- a/makefu/5pkgs/targetcli/default.nix
+++ /dev/null
@@ -1,64 +0,0 @@
-{ pkgs, fetchFromGitHub, ... }:
-with pkgs.python2Packages;
-let
- version = "2.1";
- rtslib = buildPythonPackage rec {
- pname = "rtslib";
- inherit version;
- src = fetchFromGitHub {
- owner = "datera";
- repo = "rtslib";
- rev = version;
- sha256 = "1d58k9i4xigfqgycyismsqzkz65ssjdri2v9fg0wpica1klyyv22";
- };
- propagatedBuildInputs = [ ipaddr netifaces configobj ];
- };
- configshell = buildPythonPackage rec {
- pname = "configshell";
- version = "1.6";
- src = fetchFromGitHub {
- owner = "datera";
- repo = "configshell";
- rev = version;
- sha256 = "14n7xbcaicsvwajv1aihz727dlkn6zfaqjbnn7mcpns83c2hms7y";
- };
- propagatedBuildInputs = [ pyparsing ];
- };
-
- tcm-py = buildPythonPackage rec {
- pname = "tcm-py";
- version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
- src = fetchFromGitHub {
- owner = "datera";
- repo = "lio-utils";
- rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
- sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0";
- } + "/tcm-py";
- propagatedBuildInputs = [ ];
- };
-
- lio-py = buildPythonPackage rec {
- pname = "lio-py";
- version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
- src = fetchFromGitHub {
- owner = "datera";
- repo = "lio-utils";
- rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
- sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0";
- } + "/lio-py";
- propagatedBuildInputs = [ ];
- };
-
-in buildPythonApplication rec {
- pname = "targetcli";
- inherit version;
-
- propagatedBuildInputs = [ rtslib configshell lio-py tcm-py ];
-
- src = fetchFromGitHub {
- owner = "datera";
- repo = "targetcli";
- rev = version;
- sha256 = "10nax7761g93qzky01y3hra8i4s11cgyy9w5w6l8781lj21lgi3d";
- };
-}
From 521ddfb835fe430c70312a16466086dcaaef6dc1 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Apr 2019 22:53:57 +0200
Subject: [PATCH 088/149] ma bureautomation: fix automation config
---
makefu/2configs/bureautomation/automation/bureau-shutdown.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix
index 1def5f3ad..28c65721e 100644
--- a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix
+++ b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix
@@ -1,7 +1,7 @@
[
{ alias = "Turn on Fernseher on group home";
trigger = {
- condition = "state";
+ platform = "state";
entity_id = "group.team";
from = "not_home";
to = "home";
@@ -17,7 +17,7 @@
{ alias = "Turn off Fernseher after last in group left";
trigger = [
{ # trigger when movement was detected at the time
- condition = "state";
+ platform = "state";
entity_id = "group.team";
from = "home";
to = "not_home";
From 197064cdba91649fd2e94e57d4ba54a0a3ea4b85 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Apr 2019 22:54:18 +0200
Subject: [PATCH 089/149] ma bureautomation: show switches again
---
makefu/2configs/bureautomation/hass.nix | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix
index a104f0c44..f3a400acb 100644
--- a/makefu/2configs/bureautomation/hass.nix
+++ b/makefu/2configs/bureautomation/hass.nix
@@ -97,7 +97,7 @@ in {
"group.outside"
"group.team"
"group.nachtlicht"
- # "group.switches"
+ "group.switches"
];
};
automation = [
@@ -110,7 +110,6 @@ in {
"light.status_felix"
"light.status_daniel"
"light.buslicht"
- "light.redbutton_buzzer"
];
team = [
"device_tracker.thorsten_phone"
From 5761d563f5db527fb0e82e226efa42d029d31d21 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Apr 2019 22:55:24 +0200
Subject: [PATCH 090/149] ma bureautomation: use tele/STATE instead of
stat/POWER
---
.../bureautomation/light/statuslight.nix | 19 ++++++++++---------
.../bureautomation/switch/tasmota_switch.nix | 5 ++++-
2 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/makefu/2configs/bureautomation/light/statuslight.nix b/makefu/2configs/bureautomation/light/statuslight.nix
index 3a9582f2f..0acab7281 100644
--- a/makefu/2configs/bureautomation/light/statuslight.nix
+++ b/makefu/2configs/bureautomation/light/statuslight.nix
@@ -8,20 +8,20 @@ let
inherit name;
retain = false;
qos = 1;
- optimistic = false;
+ #optimistic = true;
# state
- # TODO: currently broken, will not use the custom state topic
- state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
+ state_topic = "/bam/${topic}/tele/STATE";
+ value_template = "{{ value_json.POWER }}";
availability_topic = "/bam/${topic}/tele/LWT";
- payload_on= "ON";
- payload_off= "OFF";
+ payload_on = "ON";
+ payload_off = "OFF";
payload_available= "Online";
payload_not_available= "Offline";
# brightness
- brightness_state_topic = "/bam/${topic}/stat/Dimmer";
+ brightness_state_topic = "/bam/${topic}/tele/STATE";
+ brightness_value_template = "{{value_json.Dimmer}}";
brightness_command_topic = "/bam/${topic}/cmnd/Dimmer";
- brightness_value_template = "{{ value_json.Dimmer }}";
brightness_scale = 100;
# color
rgb_state_topic = "/bam/${topic}/stat/Color";
@@ -29,10 +29,11 @@ let
rgb_command_mode = "hex";
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
# effects
- effect_state_topic = "/bam/${topic}/stat/Scheme";
+ effect_state_topic = "/bam/${topic}/tele/STATE";
+ effects_value_template = "{{value_json.Scheme}}";
effect_command_topic = "/bam/${topic}/cmnd/Scheme";
effect_value_template = "{{ value_json.Scheme }}";
- effect_list = [
+ effect_list = [
0 # single color for LED light
1 # start wake up sequence (same as Wakeup)
2 # cycle up through colors using Speed option
diff --git a/makefu/2configs/bureautomation/switch/tasmota_switch.nix b/makefu/2configs/bureautomation/switch/tasmota_switch.nix
index eb7b5fb80..115bae0cc 100644
--- a/makefu/2configs/bureautomation/switch/tasmota_switch.nix
+++ b/makefu/2configs/bureautomation/switch/tasmota_switch.nix
@@ -2,13 +2,16 @@ let
tasmota_plug = name: topic:
{ platform = "mqtt";
inherit name;
- state_topic = "/bam/${topic}/stat/POWER";
+ state_topic = "/bam/${topic}/tele/STATE";
+ value_template = "{{ value_json.POWER }}";
command_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
+ retain = false;
+ qos = 1;
};
in [
(tasmota_plug "Bauarbeiterlampe" "plug")
From 8172c6074419d9148fcab7b798e87f3168930bd7 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 5 Apr 2019 01:44:29 +0200
Subject: [PATCH 091/149] bureautomation: enable telegram bot
---
.../bureautomation/automation/10h_timer.nix | 8 +++++-
.../automation/bureau-shutdown.nix | 26 +++++++++++++------
makefu/2configs/bureautomation/hass.nix | 13 +++++++++-
3 files changed, 37 insertions(+), 10 deletions(-)
diff --git a/makefu/2configs/bureautomation/automation/10h_timer.nix b/makefu/2configs/bureautomation/automation/10h_timer.nix
index d86b46179..dd747114e 100644
--- a/makefu/2configs/bureautomation/automation/10h_timer.nix
+++ b/makefu/2configs/bureautomation/automation/10h_timer.nix
@@ -128,7 +128,13 @@
};
action =
[
- # TODO: Pushbullet
+ {
+ service = "notify.telegrambot";
+ data = {
+ title = "Zu lange Felix!";
+ message = "Du bist schon 10 Stunden auf Arbeit, geh jetzt gefälligst nach Hause!";
+ };
+ }
{
service = "homeassistant.turn_on";
entity_id = [
diff --git a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix
index 28c65721e..c632a9e69 100644
--- a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix
+++ b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix
@@ -28,14 +28,24 @@
at = "18:00:00";
}
];
- action = {
- service = "homeassistant.turn_off";
- entity_id = [
- "switch.fernseher"
- "switch.feuer"
- "light.status_felix"
- ];
- };
+ action = [
+ {
+ service = "homeassistant.turn_off";
+ entity_id = [
+ "switch.fernseher"
+ "switch.feuer"
+ "light.status_felix"
+ "light.status_daniel"
+ ];
+ }
+ {
+ service = "notify.telegrambot";
+ data = {
+ title = "Bureau Shutdown";
+ message = "All devices are turned off due to {{ trigger.platform }} - {{ trigger }}";
+ };
+ }
+ ];
condition =
{ condition = "and";
conditions = [
diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix
index f3a400acb..4e5fe7b63 100644
--- a/makefu/2configs/bureautomation/hass.nix
+++ b/makefu/2configs/bureautomation/hass.nix
@@ -55,9 +55,16 @@ in {
notify = [
{
platform = "kodi";
- name = "wbob";
+ name = "wbob-kodi";
host = kodi-host;
}
+ {
+ platform = "telegram";
+ name = "telegrambot";
+ chat_id = builtins.elemAt
+ (builtins.fromJSON (builtins.readFile
+ <secrets/hass/telegram-bot.json>)).allowed_chat_ids 0;
+ }
];
media_player = [
{ platform = "kodi";
@@ -88,6 +95,10 @@ in {
logbook = {};
tts = [ { platform = "google";} ];
recorder = {};
+ telegram_bot = [
+ (builtins.fromJSON
+ (builtins.readFile <secrets/hass/telegram-bot.json>))
+ ];
group =
{ default_view =
{ view = "yes";
From cec7e3124d2ef99f7acf42337ac3c53469c620cf Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 5 Apr 2019 01:47:01 +0200
Subject: [PATCH 092/149] ma 0secrets: add telegram-bot.json
---
makefu/0tests/data/secrets/hass/telegram-bot.json | 5 +++++
1 file changed, 5 insertions(+)
create mode 100644 makefu/0tests/data/secrets/hass/telegram-bot.json
diff --git a/makefu/0tests/data/secrets/hass/telegram-bot.json b/makefu/0tests/data/secrets/hass/telegram-bot.json
new file mode 100644
index 000000000..442177930
--- /dev/null
+++ b/makefu/0tests/data/secrets/hass/telegram-bot.json
@@ -0,0 +1,5 @@
+{
+ "platform": "polling",
+ "api_key": "1:A",
+ "allowed_chat_ids": [ 0 1 ]
+}
From 8d3c776baf3b2e35a4cd76c9d33cdecda7122b7f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 5 Apr 2019 02:02:08 +0200
Subject: [PATCH 093/149] ma tools: enable init-host, rambox
---
makefu/2configs/tools/all.nix | 1 +
makefu/2configs/tools/core-gui.nix | 2 +-
makefu/2configs/tools/dev.nix | 13 +++++++++----
makefu/2configs/tools/extra-gui.nix | 1 +
makefu/2configs/tools/pcmanfm-extra.nix | 11 +++++++++++
5 files changed, 23 insertions(+), 5 deletions(-)
create mode 100644 makefu/2configs/tools/pcmanfm-extra.nix
diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix
index b6554e040..6844fdfe4 100644
--- a/makefu/2configs/tools/all.nix
+++ b/makefu/2configs/tools/all.nix
@@ -10,6 +10,7 @@
./games.nix
./media.nix
./mobility.nix
+ ./pcmanfm-extra.nix
./scanner-tools.nix
./sec.nix
./sec-gui.nix
diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix
index 582d941a6..41bfef270 100644
--- a/makefu/2configs/tools/core-gui.nix
+++ b/makefu/2configs/tools/core-gui.nix
@@ -6,7 +6,7 @@
chromium
feh
clipit
- firefox
+ # firefox
keepassx
pcmanfm
evince
diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index fe25bd49a..23da9d577 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -2,10 +2,15 @@
{
users.users.makefu.packages = with pkgs;[
- python3
- python3Packages.pyserial
+ (python3.withPackages(ps: [
+ ps.python-language-server
+ # the following plugins are optional, they provide type checking, import sorting and code formatting
+ ps.pyls-mypy ps.pyls-isort ps.pyls-black
+ ps.virtualenv
+ ]))
picocom
- python3Packages.virtualenv
+ python3.pkgs.pyserial
+ python3.pkgs.virtualenv
# embedded
gi
flashrom
@@ -26,6 +31,6 @@
nix-review
# git-related
tig
- init-host
+ (pkgs.callPackage ./init-host {})
];
}
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index 3d26cc574..dfb4183df 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -14,5 +14,6 @@
saleae-logic
gitAndTools.gitFull
signal-desktop
+ rambox
];
}
diff --git a/makefu/2configs/tools/pcmanfm-extra.nix b/makefu/2configs/tools/pcmanfm-extra.nix
new file mode 100644
index 000000000..2d5d20f80
--- /dev/null
+++ b/makefu/2configs/tools/pcmanfm-extra.nix
@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+ users.users.makefu.packages = with pkgs; [
+ pcmanfm
+ lxqt.lxqt-policykit
+ shared_mime_info
+ lxmenu-data
+ ];
+ environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
+ services.gnome3.gvfs.enable = true;
+}
From 8f285e407d560dd243b082d756f682fd15379cf4 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 5 Apr 2019 02:03:39 +0200
Subject: [PATCH 094/149] ma 0tests: fix router.nix
---
makefu/0tests/data/secrets/hass/router.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/0tests/data/secrets/hass/router.nix b/makefu/0tests/data/secrets/hass/router.nix
index 8b1378917..e16c76dff 100644
--- a/makefu/0tests/data/secrets/hass/router.nix
+++ b/makefu/0tests/data/secrets/hass/router.nix
@@ -1 +1 @@
-
+""
From 2f53271af0fda00bdc452c2bc5e569f064f562f6 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 5 Apr 2019 07:50:57 +0200
Subject: [PATCH 095/149] ma 0tests: fix telegram-bot json file
---
makefu/0tests/data/secrets/hass/telegram-bot.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/0tests/data/secrets/hass/telegram-bot.json b/makefu/0tests/data/secrets/hass/telegram-bot.json
index 442177930..1e1857df9 100644
--- a/makefu/0tests/data/secrets/hass/telegram-bot.json
+++ b/makefu/0tests/data/secrets/hass/telegram-bot.json
@@ -1,5 +1,5 @@
{
"platform": "polling",
"api_key": "1:A",
- "allowed_chat_ids": [ 0 1 ]
+ "allowed_chat_ids": [ 0, 1 ]
}
From bd539533789a85a1786ae6f997a76d16d453b7f4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 26 Mar 2019 14:39:52 +0100
Subject: [PATCH 096/149] l blue: use file nixpkgs deployment when not testing
---
lass/1systems/blue/source.nix | 17 ++++-------------
lass/krops.nix | 5 ++---
2 files changed, 6 insertions(+), 16 deletions(-)
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index a52771a4d..8f748ab8f 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -1,20 +1,11 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
- derivation = let
+ file = toString (pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
- in ''
- with import (builtins.fetchTarball {
- url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
- sha256 = "${sha256}";
- }) {};
- pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = "${rev}";
- sha256 = "${sha256}";
- }
- '';
+ });
};
}
diff --git a/lass/krops.nix b/lass/krops.nix
index d64454ea5..12652216a 100644
--- a/lass/krops.nix
+++ b/lass/krops.nix
@@ -11,7 +11,7 @@
{}
;
- source = { test }: lib.evalSource [
+ source = { test }: lib.evalSource ([
(krebs-source { test = test; })
{
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
@@ -24,8 +24,7 @@
};
};
}
- host-source
- ];
+ ] ++ (lib.optional (! test) host-source));
in {
From 2b748822b18a41b6ff9beb6bafeb9753eebb2e56 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 17:47:31 +0200
Subject: [PATCH 097/149] nixpkgs: 8abca4b -> 2229509
---
krebs/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 28c98ceb2..1ee21020b 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "8abca4bc7b8b313c6e3073d074d623d1095c0dba",
- "date": "2019-03-07T09:54:51+01:00",
- "sha256": "1qhhlqkwzxwhq8ga4n7p4zg4nrhl79m6x4qd0pgaic6n4z5m82gr",
+ "rev": "222950952f15f6b1e9f036b80440b597f23e652d",
+ "date": "2019-04-05T10:07:50+02:00",
+ "sha256": "1hfchhy8vlc333sglabk1glkcnv4mrnarm9j4havqn7g5ri68vrd",
"fetchSubmodules": false
}
From 1c014eb05c0022906629ee7fb9189cf6764ddc2f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 18:08:54 +0200
Subject: [PATCH 098/149] l prism.r: add syncthing.id
---
krebs/3modules/lass/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 7352d36e9..0b5eb93ce 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -106,6 +106,7 @@ in {
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
+ syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
};
archprism = {
cores = 1;
From a8c958821dcc9912dddb6727a4ad74a4dbcbe02f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 18:10:02 +0200
Subject: [PATCH 099/149] l skynet.r: add wiregrill
---
krebs/3modules/lass/default.nix | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 0b5eb93ce..9c18f8a73 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -327,6 +327,13 @@ in {
-----END RSA PUBLIC KEY-----
'';
};
+ wiregrill = {
+ ip6.addr = w6 "5ce7";
+ aliases = [
+ "skynet.w"
+ ];
+ wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU=";
+ };
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
From e56e7fbe7103f4c570bf8e4cdee764b9ad0b5062 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 18:19:05 +0200
Subject: [PATCH 100/149] l phone.w: rotate all keys
---
krebs/3modules/lass/default.nix | 4 ++--
krebs/3modules/lass/ssh/android.rsa | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 9c18f8a73..146d7a441 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -502,12 +502,12 @@ in {
aliases = [
"phone.w"
];
- wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
+ wireguard.pubkey = "MRicxap2VxPnzmXoOqqjQNGWJ54cQC8Tfy28+IXXsxM=";
};
};
external = true;
ci = false;
- syncthing.id = "V6D4CKT-7POOIKX-KB6UM7R-3R774RB-DSZ26FE-MSW3VTO-6AIJCIA-ZHJXKA7";
+ syncthing.id = "DUFMX7V-HNR6WXM-LZB5LJE-TM6QIOH-MTGHEUJ-QSD3XIY-YRFJLOR-G6Y3XQB";
};
morpheus = {
cores = 1;
diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa
index 3d35b76e4..675ba8df2 100644
--- a/krebs/3modules/lass/ssh/android.rsa
+++ b/krebs/3modules/lass/ssh/android.rsa
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPH4c2zQCaCmus4T9GvaY1lrgVR9CKV3Fx1vRn1K1XB u0_a194@android
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPF7RHU4q6w1f3xWcfeAD6u23jDs2fd/H3IuxdT5G1ZL
From 212e7f4b9843790e29fd990a17279dc96e181baf Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 18:21:18 +0200
Subject: [PATCH 101/149] syncthing: add id option
---
krebs/3modules/syncthing.nix | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index 3c60eec4b..34879fd3f 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -11,8 +11,7 @@ let
}) cfg.peers;
folders = map (folder: {
- inherit (folder) path type;
- id = folder.path;
+ inherit (folder) path id type;
devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
rescanIntervalS = folder.rescanInterval;
fsWatcherEnabled = folder.watch;
@@ -83,13 +82,18 @@ in
folders = mkOption {
default = [];
- type = types.listOf (types.submodule ({
+ type = types.listOf (types.submodule ({ config, ... }: {
options = {
path = mkOption {
type = types.absolute-pathname;
};
+ id = mkOption {
+ type = types.str;
+ default = config.path;
+ };
+
peers = mkOption {
type = types.listOf types.str;
default = [];
From 853e6b6d2610a9c49bf24c1c29ab59fddad64382 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:26:45 +0200
Subject: [PATCH 102/149] l: add ensure-permissions module
---
lass/3modules/default.nix | 1 +
lass/3modules/ensure-permissions.nix | 66 ++++++++++++++++++++++++++++
2 files changed, 67 insertions(+)
create mode 100644 lass/3modules/ensure-permissions.nix
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 613c7c8ac..59043aeb1 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -3,6 +3,7 @@ _:
imports = [
./dnsmasq.nix
./ejabberd
+ ./ensure-permissions.nix
./folderPerms.nix
./hosts.nix
./mysql-backup.nix
diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix
new file mode 100644
index 000000000..36edc1127
--- /dev/null
+++ b/lass/3modules/ensure-permissions.nix
@@ -0,0 +1,66 @@
+{ config, pkgs, ... }: with import <stockholm/lib>;
+
+let
+
+ cfg = config.lass.ensure-permissions;
+
+in
+
+{
+ options.lass.ensure-permissions = mkOption {
+ default = [];
+ type = types.listOf (types.submodule ({
+ options = {
+
+ folder = mkOption {
+ type = types.absolute-pathname;
+ };
+
+ owner = mkOption {
+ # TODO user type
+ type = types.str;
+ default = "root";
+ };
+
+ group = mkOption {
+ # TODO group type
+ type = types.str;
+ default = "root";
+ };
+
+ permission = mkOption {
+ # TODO permission type
+ type = types.str;
+ default = "u+rw,g+rw";
+ };
+
+ };
+ }));
+ };
+
+ config = mkIf (cfg != []) {
+
+ system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''
+ ${pkgs.coreutils}/bin/mkdir -p ${plan.folder}
+ ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}
+ ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}
+ '') cfg;
+ systemd.services =
+ listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ Restart = "always";
+ RestartSec = 10;
+ ExecStart = pkgs.writeDash "ensure-perms" ''
+ ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \
+ | while IFS= read -r FILE; do
+ ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null
+ ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null
+ done
+ '';
+ };
+ }) cfg)
+ ;
+
+ };
+}
From 797dd8cc2ac3b67ec385e0350db1c3c77012486f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 18:44:57 +0200
Subject: [PATCH 103/149] l: sync more with syncthing
---
lass/1systems/blue/config.nix | 7 +++++++
lass/1systems/mors/config.nix | 10 ++++++++++
lass/2configs/syncthing.nix | 11 ++++++++++-
3 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index d740403da..da555a860 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -13,6 +13,13 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.blue;
+ krebs.syncthing.folders = [
+ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
+ ];
+ lass.ensure-permissions = [
+ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
+ ];
+
environment.shellAliases = {
deploy = pkgs.writeDash "deploy" ''
set -eu
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index f35ebff56..250d96e53 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -48,6 +48,16 @@ with import <stockholm/lib>;
{ predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; }
];
}
+ {
+ krebs.syncthing.folders = [
+ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
+ { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; }
+ ];
+ lass.ensure-permissions = [
+ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
+ { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
+ ];
+ }
{
lass.umts = {
enable = true;
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index 164e89679..842abc195 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -3,6 +3,7 @@ with import <stockholm/lib>;
{
services.syncthing = {
enable = true;
+ group = "syncthing";
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
@@ -14,7 +15,15 @@ with import <stockholm/lib>;
key = toString <secrets/syncthing.key>;
peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
folders = [
- { path = "/tmp/testsync"; peers = [ "icarus" "mors" "skynet" ]; }
+ { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism"]; }
];
};
+
+ system.activationScripts.syncthing-home = ''
+ ${pkgs.coreutils}/bin/chmod a+x /home/lass
+ '';
+
+ lass.ensure-permissions = [
+ { folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; }
+ ];
}
From 44a48a8d3a4ce4732545a96828bf41ab6cf283da Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:35:34 +0200
Subject: [PATCH 104/149] l: add green.r
---
krebs/3modules/lass/default.nix | 40 ++++++++++++++++++++++++++++++++
lass/1systems/green/config.nix | 28 ++++++++++++++++++++++
lass/1systems/green/physical.nix | 8 +++++++
lass/1systems/green/source.nix | 14 +++++++++++
4 files changed, 90 insertions(+)
create mode 100644 lass/1systems/green/config.nix
create mode 100644 lass/1systems/green/physical.nix
create mode 100644 lass/1systems/green/source.nix
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 146d7a441..a3b8cab39 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -495,6 +495,46 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD";
};
+
+ green = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.66";
+ ip6.addr = r6 "12ee";
+ aliases = [
+ "green.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk
+ uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx
+ ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477
+ n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI
+ hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6
+ m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6
+ BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1
+ pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy
+ 2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk
+ UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA
+ udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT
+ 3MVh92sFyMVYkJcL7SISk80CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ wiregrill = {
+ ip6.addr = w6 "12ee";
+ aliases = [
+ "green.w"
+ ];
+ wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk=";
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 ";
+ syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM";
+ };
+
phone = {
nets = {
wiregrill = {
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
new file mode 100644
index 000000000..6ae157e38
--- /dev/null
+++ b/lass/1systems/green/config.nix
@@ -0,0 +1,28 @@
+with import <stockholm/lib>;
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs>
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+ <stockholm/lass/2configs/mail.nix>
+
+ #<stockholm/lass/2configs/blue.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.green;
+
+ krebs.syncthing.folders = [
+ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
+ ];
+ lass.ensure-permissions = [
+ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
+ ];
+
+
+ #networking.nameservers = [ "1.1.1.1" ];
+
+ #time.timeZone = "Europe/Berlin";
+}
diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix
new file mode 100644
index 000000000..7499ff723
--- /dev/null
+++ b/lass/1systems/green/physical.nix
@@ -0,0 +1,8 @@
+{
+ imports = [
+ ./config.nix
+ ];
+ boot.isContainer = true;
+ networking.useDHCP = false;
+ environment.variables.NIX_REMOTE = "daemon";
+}
diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix
new file mode 100644
index 000000000..21f3a8bd5
--- /dev/null
+++ b/lass/1systems/green/source.nix
@@ -0,0 +1,14 @@
+{ lib, pkgs, ... }:
+{
+ nixpkgs = lib.mkForce {
+ file = {
+ path = toString (pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
+ sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
+ });
+ useChecksum = true;
+ };
+ };
+}
From 4769b3186597117daec579ac71df79e2fafabcf5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 18:55:47 +0200
Subject: [PATCH 105/149] l blue.r: backup with services.restic
---
lass/1systems/blue/config.nix | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index da555a860..84c8a5b3e 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -30,7 +30,7 @@ with import <stockholm/lib>;
networking.nameservers = [ "1.1.1.1" ];
- lass.restic = genAttrs [
+ services.restic.backups = genAttrs [
"daedalus"
"icarus"
"littleT"
@@ -38,20 +38,19 @@ with import <stockholm/lib>;
"shodan"
"skynet"
] (dest: {
- dirs = [
+ initialize = true;
+ extraOptions = [
+ "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
+ ];
+ repository = "sftp:backup@${dest}.r:/backups/blue";
+ passwordFile = (toString <secrets>) + "/restic/${dest}";
+ timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
+ paths = [
"/home/"
"/var/lib"
];
- passwordFile = (toString <secrets>) + "/restic/${dest}";
- repo = "sftp:backup@${dest}.r:/backups/blue";
- extraArguments = [
- "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
- ];
- timerConfig = {
- OnCalendar = "00:05";
- RandomizedDelaySec = "5h";
- };
});
+
time.timeZone = "Europe/Berlin";
users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
}
From d72523a157380b602f9033404c63f512693cbb09 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 18:56:27 +0200
Subject: [PATCH 106/149] l blue.r deploy: point to stockholms new dir
---
lass/1systems/blue/config.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index 84c8a5b3e..a287f548b 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -24,7 +24,7 @@ with import <stockholm/lib>;
deploy = pkgs.writeDash "deploy" ''
set -eu
export SYSTEM="$1"
- $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
+ $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
};
From fc85c6d16800f73eb088c42cf67f9f6918ce3001 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 18:56:50 +0200
Subject: [PATCH 107/149] l blue.r: add checksum check to nixpkgs populate
---
lass/1systems/blue/source.nix | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index 8f748ab8f..21f3a8bd5 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -1,11 +1,14 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
- file = toString (pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
- sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
- });
+ file = {
+ path = toString (pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
+ sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
+ });
+ useChecksum = true;
+ };
};
}
From 15fe4f74471fd4da438a7939fbad50ca41ae36b5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 18:58:28 +0200
Subject: [PATCH 108/149] l backups: don't mount /backups
---
lass/2configs/backup.nix | 8 --------
1 file changed, 8 deletions(-)
diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix
index d23cf9a43..94272fdb0 100644
--- a/lass/2configs/backup.nix
+++ b/lass/2configs/backup.nix
@@ -2,19 +2,11 @@
with import <stockholm/lib>;
{
- fileSystems = {
- "/backups" = {
- device = "/dev/pool/backup";
- fsType = "ext4";
- };
- };
users.users.backup = {
useDefaultShell = true;
home = "/backups";
createHome = true;
openssh.authorizedKeys.keys = with config.krebs.hosts; [
- mors.ssh.pubkey
- prism.ssh.pubkey
blue.ssh.pubkey
];
};
From 02515a27de2141558f390939dc2e0824c0665e2f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 18:57:26 +0200
Subject: [PATCH 109/149] l mors.r: add /backups fs
---
lass/1systems/mors/physical.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix
index 680dc9bde..25425f146 100644
--- a/lass/1systems/mors/physical.nix
+++ b/lass/1systems/mors/physical.nix
@@ -15,6 +15,10 @@
device = "/dev/mapper/pool-virtual";
fsType = "ext4";
};
+ "/backups" = {
+ device = "/dev/pool/backup";
+ fsType = "ext4";
+ };
};
services.udev.extraRules = ''
From 2b1140bc4c98b40bd7100ead1b20a7569873157f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 18:57:58 +0200
Subject: [PATCH 110/149] l daedalus.r: add /backups fs
---
lass/1systems/daedalus/physical.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix
index 33a0cb473..d10ced7da 100644
--- a/lass/1systems/daedalus/physical.nix
+++ b/lass/1systems/daedalus/physical.nix
@@ -11,6 +11,10 @@
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
+ "/backups" = {
+ device = "/dev/pool/backup";
+ fsType = "ext4";
+ };
};
services.udev.extraRules = ''
From 79fcc0eb126b45f07982f9f12de39346151df4cb Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 18:59:31 +0200
Subject: [PATCH 111/149] l shodan.r: add /backups fs
---
lass/1systems/shodan/physical.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix
index 4a550d0a4..41508127c 100644
--- a/lass/1systems/shodan/physical.nix
+++ b/lass/1systems/shodan/physical.nix
@@ -38,6 +38,10 @@
device = "/dev/pool/bku";
fsType = "btrfs";
};
+ "/backups" = {
+ device = "/dev/pool/backup";
+ fsType = "ext4";
+ };
};
services.udev.extraRules = ''
From 1c999ffaaea7a1856a8fcd53f178f8b79e5f9c17 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:00:05 +0200
Subject: [PATCH 112/149] l yellow.r: fix startup permissions
---
lass/1systems/yellow/config.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 9d8bcd7be..5737faea3 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -11,7 +11,8 @@ with import <stockholm/lib>;
system.activationScripts.downloadFolder = ''
mkdir -p /var/download
- chown download:download /var/download
+ chown transmission:download /var/download
+ chown transmission:download /var/download/finished
chmod 775 /var/download
'';
From 3f23200f7bc5b26ad1f7a05800812dd8548a09ca Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:01:31 +0200
Subject: [PATCH 113/149] l yellow.r: show nginx for all hosts
---
lass/1systems/yellow/config.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 5737faea3..8b3b2814f 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -44,7 +44,7 @@ with import <stockholm/lib>;
fancyindex
];
};
- virtualHosts."dl" = {
+ virtualHosts.default = {
default = true;
locations."/Nginx-Fancyindex-Theme-dark" = {
extraConfig = ''
From cbc493e82b1550b5fb1715fd78a05d0ba3a4745b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:05:03 +0200
Subject: [PATCH 114/149] l blue: open port 9998
---
lass/2configs/blue.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
index cdd77e847..aad8411b1 100644
--- a/lass/2configs/blue.nix
+++ b/lass/2configs/blue.nix
@@ -23,8 +23,8 @@ with (import <stockholm/lib>);
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
{ predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";}
- { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";}
- { predicate = "-i wiregrill -p tcp --dport 9999"; target = "ACCEPT";}
+ { predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";}
+ { predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";}
];
systemd.services.chat = let
From d820e42a584160f3ff7d00a8ccf19ae82717ba90 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:08:11 +0200
Subject: [PATCH 115/149] l: import backup.nix
---
lass/2configs/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 085cc04b7..646d3e0c1 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -4,6 +4,7 @@ with import <stockholm/lib>;
imports = [
<stockholm/krebs/2configs/nscd-fix.nix>
./binary-cache/client.nix
+ ./backup.nix
./gc.nix
./mc.nix
./vim.nix
From d817fe8a18625eb684f06de97e058f66ebbea50d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:08:32 +0200
Subject: [PATCH 116/149] l: don't authorize shodan/icarus
---
lass/2configs/default.nix | 2 --
1 file changed, 2 deletions(-)
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 646d3e0c1..9dc2eed21 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -43,8 +43,6 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [
config.krebs.users.lass-mors.pubkey
config.krebs.users.lass-blue.pubkey
- config.krebs.users.lass-shodan.pubkey
- config.krebs.users.lass-icarus.pubkey
];
};
};
From c3e644d0f597218a6e419a8c779789e302f40e0e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:09:12 +0200
Subject: [PATCH 117/149] l yellow.r: add lass-android to download keys
---
lass/1systems/prism/config.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 23746d210..8e710322f 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -386,6 +386,7 @@ with import <stockholm/lib>;
lass-icarus.pubkey
lass-daedalus.pubkey
lass-helios.pubkey
+ lass-android.pubkey
makefu.pubkey
wine-mors.pubkey
];
From 7d971fc78e35bbc0a84d51b45a5aaa18dfa65a59 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:09:37 +0200
Subject: [PATCH 118/149] l icarus.r: share prism in local network
---
lass/1systems/icarus/config.nix | 2 ++
lass/2configs/prism-share.nix | 39 +++++++++++++++++++++++++++++++++
2 files changed, 41 insertions(+)
create mode 100644 lass/2configs/prism-share.nix
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 868d75083..06b1e7366 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -18,6 +18,8 @@
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/prism-share.nix>
];
krebs.build.host = config.krebs.hosts.icarus;
diff --git a/lass/2configs/prism-share.nix b/lass/2configs/prism-share.nix
new file mode 100644
index 000000000..70e616ec6
--- /dev/null
+++ b/lass/2configs/prism-share.nix
@@ -0,0 +1,39 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }:
+
+{
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 139"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 445"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 137"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 138"; target = "ACCEPT"; }
+ ];
+ users.users.smbguest = {
+ name = "smbguest";
+ uid = config.ids.uids.smbguest;
+ description = "smb guest user";
+ home = "/home/share";
+ createHome = true;
+ };
+ services.samba = {
+ enable = true;
+ enableNmbd = true;
+ shares = {
+ incoming = {
+ path = "/mnt/prism";
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ };
+ extraConfig = ''
+ guest account = smbguest
+ map to guest = bad user
+ # disable printing
+ load printers = no
+ printing = bsd
+ printcap name = /dev/null
+ disable spoolss = yes
+ '';
+ };
+}
From 7bcf1f327a16b2cd4d54742f1689cc46ec99cb44 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:11:38 +0200
Subject: [PATCH 119/149] l virtualbox: disable ExtensionPack
---
lass/2configs/virtualbox.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix
index cfb835d78..cd270bdf8 100644
--- a/lass/2configs/virtualbox.nix
+++ b/lass/2configs/virtualbox.nix
@@ -6,7 +6,6 @@ let
in {
#services.virtualboxHost.enable = true;
virtualisation.virtualbox.host.enable = true;
- nixpkgs.config.virtualbox.enableExtensionPack = true;
virtualisation.virtualbox.host.enableHardening = false;
users.extraUsers = {
From 33283cb99c9a9494f8530542f1ab72a432b1709c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:14:54 +0200
Subject: [PATCH 120/149] l: remove prometheus monitoring
---
lass/1systems/prism/config.nix | 1 -
lass/2configs/default.nix | 1 -
lass/2configs/monitoring/node-exporter.nix | 15 --
.../2configs/monitoring/prometheus-server.nix | 217 ------------------
4 files changed, 234 deletions(-)
delete mode 100644 lass/2configs/monitoring/node-exporter.nix
delete mode 100644 lass/2configs/monitoring/prometheus-server.nix
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 8e710322f..6ff900719 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -139,7 +139,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/reaktor-coders.nix>
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/monitoring/prometheus-server.nix>
{ # quasi bepasty.nix
imports = [
<stockholm/lass/2configs/bepasty.nix>
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 9dc2eed21..7ee83c174 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -8,7 +8,6 @@ with import <stockholm/lib>;
./gc.nix
./mc.nix
./vim.nix
- ./monitoring/node-exporter.nix
./zsh.nix
./htop.nix
./security-workarounds.nix
diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix
deleted file mode 100644
index 561e3a25c..000000000
--- a/lass/2configs/monitoring/node-exporter.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; }
- { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; }
- ];
- services.prometheus.exporters = {
- node = {
- enable = true;
- enabledCollectors = [
- "systemd"
- ];
- };
- };
-}
diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix
deleted file mode 100644
index b7083c776..000000000
--- a/lass/2configs/monitoring/prometheus-server.nix
+++ /dev/null
@@ -1,217 +0,0 @@
-{ pkgs, lib, config, ... }:
-{
- #networking = {
- # firewall.allowedTCPPorts = [
- # 3000 # grafana
- # 9090 # prometheus
- # 9093 # alertmanager
- # ];
- # useDHCP = true;
- #};
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; }
- ];
-
- services = {
- prometheus = {
- enable = true;
- extraFlags = [
- "-storage.local.retention 8760h"
- "-storage.local.series-file-shrink-ratio 0.3"
- "-storage.local.memory-chunks 2097152"
- "-storage.local.max-chunks-to-persist 1048576"
- "-storage.local.index-cache-size.fingerprint-to-metric 2097152"
- "-storage.local.index-cache-size.fingerprint-to-timerange 1048576"
- "-storage.local.index-cache-size.label-name-to-label-values 2097152"
- "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040"
- ];
- alertmanagerURL = [ "http://localhost:9093" ];
- rules = [
- ''
- ALERT node_down
- IF up == 0
- FOR 5m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Node is down.",
- description = "{{$labels.alias}} has been down for more than 5 minutes."
- }
- ALERT node_systemd_service_failed
- IF node_systemd_unit_state{state="failed"} == 1
- FOR 4m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.",
- description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."
- }
- ALERT node_filesystem_full_90percent
- IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3
- FOR 5m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Filesystem is running out of space soon.",
- description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."
- }
- ALERT node_filesystem_full_in_4h
- IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0
- FOR 5m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.",
- description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"
- }
- ALERT node_filedescriptors_full_in_3h
- IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum
- FOR 20m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.",
- description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"
- }
- ALERT node_load1_90percent
- IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9
- FOR 1h
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Running on high load.",
- description = "{{$labels.alias}} is running with > 90% total load for at least 1h."
- }
- ALERT node_cpu_util_90percent
- IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90
- FOR 1h
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: High CPU utilization.",
- description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."
- }
- ALERT node_ram_using_90percent
- IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1
- FOR 30m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary="{{$labels.alias}}: Using lots of RAM.",
- description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.",
- }
- ALERT node_swap_using_80percent
- IF node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached) > node_memory_SwapTotal * 0.8
- FOR 10m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary="{{$labels.alias}}: Running out of swap soon.",
- description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."
- }
- ''
- ];
- scrapeConfigs = [
- {
- job_name = "node";
- scrape_interval = "10s";
- static_configs = [
- {
- targets = [
- ] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts));
- #labels = {
- # alias = "prometheus.example.com";
- #};
- }
- ];
- }
- ];
- alertmanager = {
- enable = true;
- listenAddress = "0.0.0.0";
- configuration = {
- "global" = {
- "smtp_smarthost" = "smtp.example.com:587";
- "smtp_from" = "alertmanager@example.com";
- };
- "route" = {
- "group_by" = [ "alertname" "alias" ];
- "group_wait" = "30s";
- "group_interval" = "2m";
- "repeat_interval" = "4h";
- "receiver" = "team-admins";
- };
- "receivers" = [
- {
- "name" = "team-admins";
- "email_configs" = [
- {
- "to" = "devnull@example.com";
- }
- ];
- "webhook_configs" = [
- {
- "url" = "http://127.0.0.1:14813/prometheus-alerts";
- "send_resolved" = true;
- }
- ];
- }
- ];
- };
- };
- };
- grafana = {
- enable = true;
- addr = "0.0.0.0";
- domain = "grafana.example.com";
- rootUrl = "https://grafana.example.com/";
- auth.anonymous.enable = true;
- auth.anonymous.org_role = "Admin";
- };
- };
- services.logstash = {
- enable = true;
- inputConfig = ''
- http {
- port => 14813
- host => "127.0.0.1"
- }
- '';
- filterConfig = ''
- if ([alerts]) {
- ruby {
- code => '
- lines = []
- event["alerts"].each {|p|
- lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}"
- }
- event["output"] = lines.join("\n")
- '
- }
- }
- '';
- outputConfig = ''
- file { path => "/tmp/logs.json" codec => "json_lines" }
- irc {
- channels => [ "#noise" ]
- host => "irc.r"
- nick => "alarm"
- codec => "json_lines"
- format => "%{output}"
- }
- '';
- #plugins = [ ];
- };
-}
From 4c602540d076f6b305e449ecf9690e6e423159a5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:15:09 +0200
Subject: [PATCH 121/149] l prism.r: RIP onondaga
---
lass/1systems/prism/config.nix | 19 -------------------
1 file changed, 19 deletions(-)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 6ff900719..b307627d6 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -109,25 +109,6 @@ with import <stockholm/lib>;
localAddress = "10.233.2.2";
};
}
- {
- #onondaga
- systemd.services."container@onondaga".reloadIfChanged = mkForce false;
- containers.onondaga = {
- config = { ... }: {
- imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
- environment.systemPackages = [ pkgs.git ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- autoStart = true;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.5";
- localAddress = "10.233.2.6";
- };
- }
<stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/ts3.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
From 4de0d6a5be8d007b8bc41141cd363a09aad22ca9 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:17:35 +0200
Subject: [PATCH 122/149] l prism.r: add palo to download keys
---
lass/1systems/prism/config.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index b307627d6..b3b7ac0df 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -266,6 +266,7 @@ with import <stockholm/lib>;
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbsRjUwOMnxAt/K6A2M/33PbwQCEYVfqfmkXBwkw/L+ZLCnVxfdxJ79ds1k6kyUVcxfHcvxGvUCcM0wr4T7aaP79fsfSf3lcOgySeAtkQjfQL+IdMk0FQVz612cTPg2uWhMFvHGkGSBvSbKNw72RnUaw9qlF8fBx22FozrlmnbY4APTXeqwiF0VeBMq8qr4H9NdIoIFIcq398jn/Na8gYLUfmuDw18AWCt+u7Eg0B/qIU0hi/gK40Lk9+g8Nn19SCad1YOgNDG7aNpEwgT7I7BNXC5oLD31QKKuXmBa/mCLqRLAGW2sJ2ZhBR4tPLMgNrxtn2jxzVVjY+v3bWQnPocB9H9PsdtdNrULLfeJ4y9a3p3kfOzOgYMrnPAjasrkiIyOBBNEFAn/bbvpH01glbF8tVMcPOSD+W89oxTBEgqk6w34QAfySDMW34dIUHeq82v+X0wN9SK6xbBRBsjSpAC4ZcNyzl1JLIMcdZ5mbQXakD3kzDFs5kfjxlkrp3S5gqiSmCp5w/osykjxSH6wnPPCcgzpCBNGRULKw5vbzDSnLAQ3nSYB9tIj4Hp62XymsxVnY+6MsVVy206BYAXrKJomK7sIeLL2wIMYNnAUdSBjqQ5IEE2m+5+YaK0NMNsk2munNrN96ZE3r5xe/BDqfaLMpPfosOTXBtT7tLMlV6zkQ== palo@workout"
];
}
{
From 2fcb0f760b59a1d01c5b003b45751e80b93bf443 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:18:07 +0200
Subject: [PATCH 123/149] l baseX: add xephyrify to pkgs
---
lass/2configs/baseX.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 1d2d1173d..26d6622ae 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -79,6 +79,7 @@ in {
taskwarrior
termite
xclip
+ xephyrify
xorg.xbacklight
xorg.xhost
xsel
From a93670a60ee8fd21794846c4526d68aa2f244556 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:18:46 +0200
Subject: [PATCH 124/149] l: open port 19999 (netdata)
---
lass/2configs/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 7ee83c174..972b4760a 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -209,6 +209,7 @@ with import <stockholm/lib>;
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
{ predicate = "-i retiolum -p udp -m udp --dport 53"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 19999"; target = "ACCEPT"; }
];
};
};
From 77c702b2043e19a98490af80776d9d4cad289a6b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:19:13 +0200
Subject: [PATCH 125/149] l mail: add more addresses
---
lass/2configs/exim-smarthost.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 555295422..aec59261c 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -97,6 +97,9 @@ with import <stockholm/lib>;
{ from = "csv-direct@lassul.us"; to = lass.mail; }
{ from = "nintendo@lassul.us"; to = lass.mail; }
{ from = "overleaf@lassul.us"; to = lass.mail; }
+ { from = "box@lassul.us"; to = lass.mail; }
+ { from = "paloalto@lassul.us"; to = lass.mail; }
+ { from = "subtitles@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
From db87be09f833f148725251dc1f36ac0ed9945e4a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:22:39 +0200
Subject: [PATCH 126/149] l mail: filter more mails to security tag
---
lass/2configs/mail.nix | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 52d380b7c..cc8a60834 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -60,7 +60,10 @@ let
paypal = [ "to:paypal@lassul.us" ];
ptl = [ "to:ptl@posttenebraslab.ch" ];
retiolum = [ "to:lass@mors.r" ];
- security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ];
+ security = [
+ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us"
+ "to:security-announce@lists.apple.com"
+ ];
shack = [ "to:shackspace.de" ];
steam = [ "to:steam@lassul.us" ];
tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ];
From 036f0e90525f81c02119680cdcf9b114b1b8bde8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:22:51 +0200
Subject: [PATCH 127/149] l mail: add muchsync to pkgs
---
lass/2configs/mail.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index cc8a60834..0803846aa 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -228,6 +228,7 @@ in {
msmtp
mutt
pkgs.notmuch
+ pkgs.muchsync
pkgs.haskellPackages.much
tag-new-mails
tag-old-mails
From 2c0e039dbdb39fffb63f6e6ccbff247902fa7e8d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:23:29 +0200
Subject: [PATCH 128/149] l reaktor-coders: match scripts at the beginning of
line
---
lass/2configs/reaktor-coders.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 4baec1976..7fd6a2a29 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -29,7 +29,7 @@ in {
hooks.url-title
{
activate = "match";
- pattern = ''@([^ ]+) (.*)$'';
+ pattern = ''^@([^ ]+) (.*)$'';
command = 1;
arguments = [2];
env.HOME = config.krebs.reaktor2.coders.stateDir;
@@ -66,7 +66,7 @@ in {
}
{
activate = "match";
- pattern = ''!([^ ]+)(?:\s*(.*))?'';
+ pattern = ''^!([^ ]+)(?:\s*(.*))?'';
command = 1;
arguments = [2];
commands = {
From f17a481e92fd54ef95f57b2e9ba635a0ede72d8c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:24:16 +0200
Subject: [PATCH 129/149] l domsen: fix backups
---
lass/2configs/websites/domsen.nix | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 7fb248139..ff3506f89 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -234,11 +234,13 @@ in {
createHome = true;
};
+ krebs.on-failure.plans.restic-backups-domsen = {};
services.restic.backups.domsen = {
initialize = true;
- extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
+ extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
passwordFile = toString <secrets> + "/domsen_backup_pw";
+ timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
paths = [
"/srv/http"
"/home/domsen/Mail"
From 54f1febc184297a8bfa4df8ca6c954b4cb0083bd Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:24:41 +0200
Subject: [PATCH 130/149] l domsen: add https mode for nextcloud
---
lass/2configs/websites/domsen.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index ff3506f89..b58484773 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -94,7 +94,7 @@ in {
config = {
adminpassFile = toString <secrets> + "/nextcloud_pw";
};
- #https = true;
+ https = true;
nginx.enable = true;
};
services.nginx.virtualHosts."o.xanf.org" = {
From 81879b0df8e9f1e8910013e251af81db4dd1c37b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:25:07 +0200
Subject: [PATCH 131/149] l wine: remove unneeded infos
---
lass/2configs/wine.nix | 2 --
1 file changed, 2 deletions(-)
diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix
index 71a5cdda9..02d7ffc8c 100644
--- a/lass/2configs/wine.nix
+++ b/lass/2configs/wine.nix
@@ -6,8 +6,6 @@ let
in {
users.users= {
wine = {
- name = "wine";
- description = "user for running wine";
home = "/home/wine";
useDefaultShell = true;
extraGroups = [
From 162b965b6bc98381a0e87f72eca491ff2dd2b53d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:25:33 +0200
Subject: [PATCH 132/149] l zsh: fix SHARE_HISTORY
---
lass/2configs/zsh.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index 76cac9f56..53106b03b 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -28,8 +28,8 @@
}
zle -N down-line-or-local-history
- setopt share_history
- setopt hist_ignore_dups
+ setopt SHARE_HISTORY
+ setopt HIST_IGNORE_ALL_DUPS
# setopt inc_append_history
bindkey '^R' history-incremental-search-backward
From 6d5e7d85dc780408e97f04a770b94c491dbcd422 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:30:03 +0200
Subject: [PATCH 133/149] l xmonad: fix multi-monitor issue
---
lass/5pkgs/custom/xmonad-lass/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index 1f2e7110e..1cd91526d 100644
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -133,7 +133,7 @@ myKeyMap =
, ("M4-f", floatNext True)
, ("M4-b", sendMessage ToggleStruts)
- , ("M4-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
+ , ("M4-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.greedyView) )
, ("M4-S-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
, ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
@@ -220,7 +220,7 @@ gridConfig = def
allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
allWorkspaceNames ws =
- return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]
+ return $ map W.tag (W.hidden ws ++ (map W.workspace $ W.visible ws)) ++ [W.tag $ W.workspace $ W.current ws]
'';
};
}
From 23f5563134439fdb59593f2eda46add002284ca0 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:30:31 +0200
Subject: [PATCH 134/149] l xmonad: add flameshot-once keybinding
---
lass/5pkgs/custom/xmonad-lass/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index 1cd91526d..9d6f8e00c 100644
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -169,6 +169,7 @@ myKeyMap =
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
, ("M4-s", spawn "${pkgs.knav}/bin/knav")
+ , ("<Print>", spawn "${pkgs.flameshot-once}/bin/flameshot-once")
--, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView))
--, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView))
From 9e7729def580d83bc439985616f8c5d7162bcd48 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:31:44 +0200
Subject: [PATCH 135/149] l screenlock: fix screen sometimes not locking
---
lass/3modules/screenlock.nix | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix
index 29c3861f2..b5c69b65a 100644
--- a/lass/3modules/screenlock.nix
+++ b/lass/3modules/screenlock.nix
@@ -13,15 +13,18 @@ let
api = {
enable = mkEnableOption "screenlock";
command = mkOption {
- type = types.str;
- default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1";
+ type = types.path;
+ default = pkgs.writeDash "screenlock" ''
+ ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1
+ sleep 3
+ '';
};
};
imp = {
systemd.services.screenlock = {
before = [ "sleep.target" ];
- wantedBy = [ "sleep.target" ];
+ requiredBy = [ "sleep.target" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};
From 64c8c06f02d6ea59484d94354a574b3a9f5810cd Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 6 Mar 2019 16:38:28 +0100
Subject: [PATCH 136/149] 18.09 -> 19.03
---
krebs/update-channel.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/update-channel.sh b/krebs/update-channel.sh
index 7f24cd31a..08354357a 100755
--- a/krebs/update-channel.sh
+++ b/krebs/update-channel.sh
@@ -3,7 +3,7 @@ dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs-channels \
- --rev refs/heads/nixos-18.09' \
+ --rev refs/heads/nixos-19.03' \
> $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
From 04d10421ed339a2342e92f5cabda83afbd7fd450 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 6 Mar 2019 16:54:31 +0100
Subject: [PATCH 137/149] l: NIX_REMOTE is now set by nixos correctly
---
lass/1systems/blue/physical.nix | 1 -
lass/1systems/red/physical.nix | 1 -
lass/1systems/yellow/physical.nix | 1 -
3 files changed, 3 deletions(-)
diff --git a/lass/1systems/blue/physical.nix b/lass/1systems/blue/physical.nix
index 7499ff723..b6aa3a894 100644
--- a/lass/1systems/blue/physical.nix
+++ b/lass/1systems/blue/physical.nix
@@ -4,5 +4,4 @@
];
boot.isContainer = true;
networking.useDHCP = false;
- environment.variables.NIX_REMOTE = "daemon";
}
diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix
index 7499ff723..b6aa3a894 100644
--- a/lass/1systems/red/physical.nix
+++ b/lass/1systems/red/physical.nix
@@ -4,5 +4,4 @@
];
boot.isContainer = true;
networking.useDHCP = false;
- environment.variables.NIX_REMOTE = "daemon";
}
diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix
index 7499ff723..b6aa3a894 100644
--- a/lass/1systems/yellow/physical.nix
+++ b/lass/1systems/yellow/physical.nix
@@ -4,5 +4,4 @@
];
boot.isContainer = true;
networking.useDHCP = false;
- environment.variables.NIX_REMOTE = "daemon";
}
From a1cf824e2f5d8bd751f6e625718eb59e345cb666 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 7 Mar 2019 13:14:41 +0100
Subject: [PATCH 138/149] blessings: add 19.03 compatibility
---
krebs/5pkgs/haskell/blessings.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix
index f730cc72b..c35706ebf 100644
--- a/krebs/5pkgs/haskell/blessings.nix
+++ b/krebs/5pkgs/haskell/blessings.nix
@@ -10,6 +10,10 @@ with import <stockholm/lib>;
version = "2.2.0";
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
};
+ "19.03" = {
+ version = "2.2.0";
+ sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
+ };
}.${versions.majorMinor nixpkgsVersion};
in mkDerivation {
From 9eb7244146b29d772a0fc173d02394d05a22dae6 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 7 Mar 2019 13:23:23 +0100
Subject: [PATCH 139/149] email-header: add 19.03 compatibility
---
krebs/5pkgs/haskell/email-header.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix
index 4049168c1..6689f1d2c 100644
--- a/krebs/5pkgs/haskell/email-header.nix
+++ b/krebs/5pkgs/haskell/email-header.nix
@@ -15,6 +15,11 @@ with import <stockholm/lib>;
rev = "refs/tags/v${cfg.version}";
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
};
+ "19.03" = {
+ version = "0.4.1-tv1";
+ rev = "refs/tags/v${cfg.version}";
+ sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
+ };
}.${versions.majorMinor nixpkgsVersion};
in mkDerivation {
From 7d7be871d84241aec9b820ed8e379bd3ca610d8e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 8 Apr 2019 17:34:12 +0200
Subject: [PATCH 140/149] nixpkgs: 2229509 -> 67bc63f
---
krebs/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 1ee21020b..b58208685 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "222950952f15f6b1e9f036b80440b597f23e652d",
- "date": "2019-04-05T10:07:50+02:00",
- "sha256": "1hfchhy8vlc333sglabk1glkcnv4mrnarm9j4havqn7g5ri68vrd",
+ "rev": "67bc63f9a7ac1b4d1a7114c88ca1a4df03bfdb0e",
+ "date": "2019-04-06T21:36:45+02:00",
+ "sha256": "0jzy9kd81dz1v0by3h0znz3z6bmpll3ssza5i5f14j2q54ib145g",
"fetchSubmodules": false
}
From ade34e2ccd55585c50d6cafd533c512755a048bc Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 8 Apr 2019 18:53:54 +0200
Subject: [PATCH 141/149] hotdog.r: don't set NIX_REMOTE
---
krebs/1systems/hotdog/config.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 916073375..f68c8ce50 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -21,5 +21,4 @@
boot.isContainer = true;
networking.useDHCP = false;
- environment.variables.NIX_REMOTE = "daemon";
}
From 8f0b3d939eb933bfb1d9a3b2ac2147960abbbfd8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 8 Apr 2019 18:56:09 +0200
Subject: [PATCH 142/149] l green.r: don't set NIX_REMOTE
---
lass/1systems/green/physical.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix
index 7499ff723..b6aa3a894 100644
--- a/lass/1systems/green/physical.nix
+++ b/lass/1systems/green/physical.nix
@@ -4,5 +4,4 @@
];
boot.isContainer = true;
networking.useDHCP = false;
- environment.variables.NIX_REMOTE = "daemon";
}
From 07a56f4d03da08739cafe7c0006a01a9ff8e345a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 8 Apr 2019 19:02:42 +0200
Subject: [PATCH 143/149] l mors.r: disable hardening
---
lass/1systems/mors/config.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 250d96e53..fa5fb5518 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -36,7 +36,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/nfs-dl.nix>
- <stockholm/lass/2configs/hardening.nix>
+ #<stockholm/lass/2configs/hardening.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
From 2dbdf0185a42fd654706766b12bb1efe40ce712f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 8 Apr 2019 19:05:25 +0200
Subject: [PATCH 144/149] tv pulse: use pkgs.pkgsi686Linux
---
tv/2configs/pulse.nix | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix
index 2e679bd14..ea3970152 100644
--- a/tv/2configs/pulse.nix
+++ b/tv/2configs/pulse.nix
@@ -1,10 +1,12 @@
-{ config, lib, pkgs, pkgs_i686, ... }:
+{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
pkg = pkgs.pulseaudioLight;
runDir = "/run/pulse";
+ pkgs_i686 = pkgs.pkgsi686Linux;
+
support32Bit =
pkgs.stdenv.isx86_64 &&
pkgs_i686.alsaLib != null &&
From 3fee51f7378a523a95e494d160b7562206cf714b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 9 Apr 2019 16:52:17 +0200
Subject: [PATCH 145/149] syncthing: fix permissions of keys
---
krebs/3modules/syncthing.nix | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index 34879fd3f..bfbac1db9 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -133,8 +133,16 @@ in
systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
preStart = ''
- ${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"}
- ${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"}
+ ${optionalString (cfg.cert != null) ''
+ cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem
+ chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem
+ chmod 400 ${config.services.syncthing.dataDir}/cert.pem
+ ''}
+ ${optionalString (cfg.key != null) ''
+ cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem
+ chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem
+ chmod 400 ${config.services.syncthing.dataDir}/key.pem
+ ''}
'';
};
From 46c06dd997ba8857bef217845cb5c450410383fa Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 11 Apr 2019 15:17:54 +0200
Subject: [PATCH 146/149] nixpkgs: 67bc63f -> 5c52b25
---
krebs/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index b58208685..de6403bd0 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "67bc63f9a7ac1b4d1a7114c88ca1a4df03bfdb0e",
- "date": "2019-04-06T21:36:45+02:00",
- "sha256": "0jzy9kd81dz1v0by3h0znz3z6bmpll3ssza5i5f14j2q54ib145g",
+ "rev": "5c52b25283a6cccca443ffb7a358de6fe14b4a81",
+ "date": "2019-04-09T21:48:56+02:00",
+ "sha256": "0fhbl6bgabhi1sw1lrs64i0hibmmppy1bh256lq8hxy3a2p1haip",
"fetchSubmodules": false
}
From 72cd01d104bb61b5a5e28c2c10e0bd2bd55ce681 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 11 Apr 2019 15:43:25 +0200
Subject: [PATCH 147/149] l domsen: increment duckdns domain
---
lass/2configs/websites/domsen.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index b58484773..5bd5a7cac 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -237,8 +237,8 @@ in {
krebs.on-failure.plans.restic-backups-domsen = {};
services.restic.backups.domsen = {
initialize = true;
- extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
- repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
+ extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
+ repository = "sftp:efOVcMWSZ@wilhelmstr2.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
passwordFile = toString <secrets> + "/domsen_backup_pw";
timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
paths = [
From 6c28491768cc6b86c69dd732544a3dbb0801faf4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 13 Apr 2019 11:30:43 +0200
Subject: [PATCH 148/149] bepasty: use python3
---
krebs/3modules/bepasty-server.nix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index e12367b7c..0f00cd381 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -2,10 +2,10 @@
with import <stockholm/lib>;
let
- gunicorn = pkgs.pythonPackages.gunicorn;
+ gunicorn = pkgs.python3Packages.gunicorn;
bepasty = pkgs.bepasty;
- gevent = pkgs.pythonPackages.gevent;
- python = pkgs.pythonPackages.python;
+ gevent = pkgs.python3Packages.gevent;
+ python = pkgs.python3Packages.python;
cfg = config.krebs.bepasty;
out = {
From bb2f8b9b920287df33e194a3b62d86669d8e6ddd Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 13 Apr 2019 14:06:36 +0200
Subject: [PATCH 149/149] types.syncthing.id: string -> str
---
lib/types.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/types.nix b/lib/types.nix
index 9001bc7c3..23919af38 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -89,7 +89,7 @@ rec {
syncthing.id = mkOption {
# TODO syncthing id type
- type = nullOr string;
+ type = nullOr str;
default = null;
};
};