Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
1d3a3c8104
|
@ -4,161 +4,161 @@
|
|||
krebs.newsbot-js.news-spam = {
|
||||
urlShortenerHost = "go.lassul.us";
|
||||
feeds = pkgs.writeText "feeds" ''
|
||||
[SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
|
||||
[SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
|
||||
[SPAM]antirez|http://antirez.com/rss|#snews
|
||||
[SPAM]archlinux|http://www.archlinux.org/feeds/news/|#snews
|
||||
[SPAM]ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews
|
||||
[SPAM]augustl|http://augustl.com/atom.xml|#snews
|
||||
[SPAM]bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews
|
||||
[SPAM]bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews
|
||||
[SPAM]bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews
|
||||
[SPAM]bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews
|
||||
[SPAM]bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews
|
||||
[SPAM]bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews
|
||||
[SPAM]cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews
|
||||
[SPAM]carta|http://feeds2.feedburner.com/carta-standard-rss|#snews
|
||||
[SPAM]catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews
|
||||
[SPAM]cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews
|
||||
[SPAM]cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews
|
||||
[SPAM]cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews
|
||||
[SPAM]cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews
|
||||
[SPAM]cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews
|
||||
[SPAM]ccc|http://www.ccc.de/rss/updates.rdf|#snews
|
||||
[SPAM]chan_biz|http://boards.4chan.org/biz/index.rss|#snews
|
||||
[SPAM]chan_g|http://boards.4chan.org/g/index.rss|#snews
|
||||
[SPAM]chan_int|http://boards.4chan.org/int/index.rss|#snews
|
||||
[SPAM]chan_sci|http://boards.4chan.org/sci/index.rss|#snews
|
||||
[SPAM]chan_x|http://boards.4chan.org/x/index.rss|#snews
|
||||
[SPAM]c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews
|
||||
[SPAM]cryptogon|http://www.cryptogon.com/?feed=rss2|#snews
|
||||
[SPAM]csm|http://rss.csmonitor.com/feeds/csm|#snews
|
||||
[SPAM]csm_world|http://rss.csmonitor.com/feeds/world|#snews
|
||||
[SPAM]danisch|http://www.danisch.de/blog/feed/|#snews
|
||||
[SPAM]dod|http://www.defense.gov/news/afps2.xml|#snews
|
||||
[SPAM]dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews
|
||||
[SPAM]ecat|http://ecat.com/feed|#snews
|
||||
[SPAM]eia_press|http://www.eia.gov/rss/press_rss.xml|#snews
|
||||
[SPAM]eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews
|
||||
[SPAM]embargowatch|https://embargowatch.wordpress.com/feed/|#snews
|
||||
[SPAM]ethereum-comments|http://blog.ethereum.org/comments/feed|#snews
|
||||
[SPAM]ethereum|http://blog.ethereum.org/feed|#snews
|
||||
[SPAM]europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews
|
||||
[SPAM]eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews
|
||||
[SPAM]exploitdb|http://www.exploit-db.com/rss.xml|#snews
|
||||
[SPAM]fars|http://www.farsnews.com/rss.php|#snews #test
|
||||
[SPAM]faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews
|
||||
[SPAM]faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews
|
||||
[SPAM]faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews
|
||||
[SPAM]fbi|https://www.fbi.gov/news/rss.xml|#snews
|
||||
[SPAM]fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews
|
||||
[SPAM]fefe|http://blog.fefe.de/rss.xml|#snews
|
||||
[SPAM]forbes|http://www.forbes.com/forbes/feed2/|#snews
|
||||
[SPAM]forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews
|
||||
[SPAM]fox|http://feeds.foxnews.com/foxnews/latest|#snews
|
||||
[SPAM]geheimorganisation|http://geheimorganisation.org/feed/|#snews
|
||||
[SPAM]GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews
|
||||
[SPAM]gmanet|http://www.gmanetwork.com/news/rss/news|#snews
|
||||
[SPAM]golem|http://rss.golem.de/rss.php|#snews
|
||||
[SPAM]google|http://news.google.com/?output=rss|#snews
|
||||
[SPAM]greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews
|
||||
[SPAM]guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews
|
||||
[SPAM]gulli|http://ticker.gulli.com/rss/|#snews
|
||||
[SPAM]hackernews|https://news.ycombinator.com/rss|#snews
|
||||
[SPAM]handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews
|
||||
[SPAM]heise|https://www.heise.de/newsticker/heise-atom.xml|#snews
|
||||
[SPAM]hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews
|
||||
[SPAM]hindu|http://www.thehindu.com/?service=rss|#snews
|
||||
[SPAM]ign|http://feeds.ign.com/ign/all|#snews
|
||||
[SPAM]independent|http://www.independent.com/rss/headlines/|#snews
|
||||
[SPAM]indymedia|https://de.indymedia.org/rss.xml|#snews
|
||||
[SPAM]info_libera|http://www.informationliberation.com/rss.xml|#snews
|
||||
[SPAM]klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews
|
||||
[SPAM]korea_herald|http://www.koreaherald.com/rss_xml.php|#snews
|
||||
[SPAM]linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews
|
||||
[SPAM]lisp|http://planet.lisp.org/rss20.xml|#snews
|
||||
[SPAM]liveleak|http://www.liveleak.com/rss|#snews
|
||||
[SPAM]lolmythesis|http://lolmythesis.com/rss|#snews
|
||||
[SPAM]LtU|http://lambda-the-ultimate.org/rss.xml|#snews
|
||||
[SPAM]lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews
|
||||
[SPAM]mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews
|
||||
[SPAM]mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews
|
||||
[SPAM]nds|http://www.nachdenkseiten.de/?feed=atom|#snews
|
||||
[SPAM]netzpolitik|https://netzpolitik.org/feed/|#snews
|
||||
[SPAM]newsbtc|http://newsbtc.com/feed/|#snews
|
||||
[SPAM]nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews
|
||||
[SPAM]npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews
|
||||
[SPAM]npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews
|
||||
[SPAM]npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews
|
||||
[SPAM]npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews
|
||||
[SPAM]nsa|https://www.nsa.gov/rss.xml|#snews #bullerei
|
||||
[SPAM]nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews
|
||||
[SPAM]painload|https://github.com/krebs/painload/commits/master.atom|#snews
|
||||
[SPAM]phys|http://phys.org/rss-feed/|#snews
|
||||
[SPAM]piraten|https://www.piratenpartei.de/feed/|#snews
|
||||
[SPAM]polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews
|
||||
[SPAM]presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews
|
||||
[SPAM]presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews
|
||||
[SPAM]prisonplanet|http://prisonplanet.com/feed.rss|#snews
|
||||
[SPAM]rawstory|http://www.rawstory.com/rs/feed/|#snews
|
||||
[SPAM]reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews
|
||||
[SPAM]reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews
|
||||
[SPAM]reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews
|
||||
[SPAM]reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews
|
||||
[SPAM]reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews
|
||||
[SPAM]reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews
|
||||
[SPAM]reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews
|
||||
[SPAM]reddit_sci|http://www.reddit.com/r/science/.rss|#snews
|
||||
[SPAM]reddit_tech|http://www.reddit.com/r/technology/.rss|#snews
|
||||
[SPAM]reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews
|
||||
[SPAM]reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews
|
||||
[SPAM]r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews
|
||||
[SPAM]reuters|http://feeds.reuters.com/Reuters/worldNews|#snews
|
||||
[SPAM]reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews
|
||||
[SPAM]rt|http://rt.com/rss/news/|#snews
|
||||
[SPAM]schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews
|
||||
[SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews
|
||||
[SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews
|
||||
[SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews
|
||||
[SPAM]shackspace|http://shackspace.de/atom.xml|#snews
|
||||
[SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews
|
||||
[SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews
|
||||
[SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews
|
||||
[SPAM]sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews
|
||||
[SPAM]sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews
|
||||
[SPAM]sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews
|
||||
[SPAM]slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews
|
||||
[SPAM]slate|http://feeds.slate.com/slate|#snews
|
||||
[SPAM]spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews
|
||||
[SPAM]spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews
|
||||
[SPAM]standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews
|
||||
[SPAM]stern|http://www.stern.de/feed/standard/all/|#snews
|
||||
[SPAM]stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews
|
||||
[SPAM]sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews
|
||||
[SPAM]sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews
|
||||
[SPAM]sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews
|
||||
[SPAM]tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews
|
||||
[SPAM]taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews
|
||||
[SPAM]telegraph|http://www.telegraph.co.uk/rss.xml|#snews
|
||||
[SPAM]telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews
|
||||
[SPAM]the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews
|
||||
[SPAM]tigsource|http://www.tigsource.com/feed/|#snews
|
||||
[SPAM]tinc|http://tinc-vpn.org/news/index.rss|#snews
|
||||
[SPAM]torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews
|
||||
[SPAM]torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews
|
||||
[SPAM]torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews
|
||||
[SPAM]travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews
|
||||
[SPAM]un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews
|
||||
[SPAM]un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews
|
||||
[SPAM]un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews
|
||||
[SPAM]un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews
|
||||
[SPAM]un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews
|
||||
[SPAM]un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews
|
||||
[SPAM]us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews
|
||||
[SPAM]vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews
|
||||
[SPAM]weechat|http://dev.weechat.org/feed/atom|#snews
|
||||
[SPAM]xkcd|https://xkcd.com/rss.xml|#snews
|
||||
[SPAM]zdnet|http://www.zdnet.com/news/rss.xml|#snews
|
||||
_aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
|
||||
_allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
|
||||
_antirez|http://antirez.com/rss|#snews
|
||||
_archlinux|http://www.archlinux.org/feeds/news/|#snews
|
||||
_ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews
|
||||
_augustl|http://augustl.com/atom.xml|#snews
|
||||
_bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews
|
||||
_bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews
|
||||
_bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews
|
||||
_bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews
|
||||
_bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews
|
||||
_bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews
|
||||
_cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews
|
||||
_carta|http://feeds2.feedburner.com/carta-standard-rss|#snews
|
||||
_catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews
|
||||
_cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews
|
||||
_cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews
|
||||
_cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews
|
||||
_cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews
|
||||
_cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews
|
||||
_ccc|http://www.ccc.de/rss/updates.rdf|#snews
|
||||
_chan_biz|http://boards.4chan.org/biz/index.rss|#snews
|
||||
_chan_g|http://boards.4chan.org/g/index.rss|#snews
|
||||
_chan_int|http://boards.4chan.org/int/index.rss|#snews
|
||||
_chan_sci|http://boards.4chan.org/sci/index.rss|#snews
|
||||
_chan_x|http://boards.4chan.org/x/index.rss|#snews
|
||||
_c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews
|
||||
_cryptogon|http://www.cryptogon.com/?feed=rss2|#snews
|
||||
_csm|http://rss.csmonitor.com/feeds/csm|#snews
|
||||
_csm_world|http://rss.csmonitor.com/feeds/world|#snews
|
||||
_danisch|http://www.danisch.de/blog/feed/|#snews
|
||||
_dod|http://www.defense.gov/news/afps2.xml|#snews
|
||||
_dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews
|
||||
_ecat|http://ecat.com/feed|#snews
|
||||
_eia_press|http://www.eia.gov/rss/press_rss.xml|#snews
|
||||
_eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews
|
||||
_embargowatch|https://embargowatch.wordpress.com/feed/|#snews
|
||||
_ethereum-comments|http://blog.ethereum.org/comments/feed|#snews
|
||||
_ethereum|http://blog.ethereum.org/feed|#snews
|
||||
_europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews
|
||||
_eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews
|
||||
_exploitdb|http://www.exploit-db.com/rss.xml|#snews
|
||||
_fars|http://www.farsnews.com/rss.php|#snews #test
|
||||
_faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews
|
||||
_faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews
|
||||
_faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews
|
||||
_fbi|https://www.fbi.gov/news/rss.xml|#snews
|
||||
_fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews
|
||||
_fefe|http://blog.fefe.de/rss.xml|#snews
|
||||
_forbes|http://www.forbes.com/forbes/feed2/|#snews
|
||||
_forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews
|
||||
_fox|http://feeds.foxnews.com/foxnews/latest|#snews
|
||||
_geheimorganisation|http://geheimorganisation.org/feed/|#snews
|
||||
_GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews
|
||||
_gmanet|http://www.gmanetwork.com/news/rss/news|#snews
|
||||
_golem|http://rss.golem.de/rss.php|#snews
|
||||
_google|http://news.google.com/?output=rss|#snews
|
||||
_greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews
|
||||
_guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews
|
||||
_gulli|http://ticker.gulli.com/rss/|#snews
|
||||
_hackernews|https://news.ycombinator.com/rss|#snews
|
||||
_handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews
|
||||
_heise|https://www.heise.de/newsticker/heise-atom.xml|#snews
|
||||
_hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews
|
||||
_hindu|http://www.thehindu.com/?service=rss|#snews
|
||||
_ign|http://feeds.ign.com/ign/all|#snews
|
||||
_independent|http://www.independent.com/rss/headlines/|#snews
|
||||
_indymedia|https://de.indymedia.org/rss.xml|#snews
|
||||
_info_libera|http://www.informationliberation.com/rss.xml|#snews
|
||||
_klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews
|
||||
_korea_herald|http://www.koreaherald.com/rss_xml.php|#snews
|
||||
_linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews
|
||||
_lisp|http://planet.lisp.org/rss20.xml|#snews
|
||||
_liveleak|http://www.liveleak.com/rss|#snews
|
||||
_lolmythesis|http://lolmythesis.com/rss|#snews
|
||||
_LtU|http://lambda-the-ultimate.org/rss.xml|#snews
|
||||
_lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews
|
||||
_mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews
|
||||
_mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews
|
||||
_nds|http://www.nachdenkseiten.de/?feed=atom|#snews
|
||||
_netzpolitik|https://netzpolitik.org/feed/|#snews
|
||||
_newsbtc|http://newsbtc.com/feed/|#snews
|
||||
_nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews
|
||||
_npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews
|
||||
_npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews
|
||||
_npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews
|
||||
_npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews
|
||||
_nsa|https://www.nsa.gov/rss.xml|#snews #bullerei
|
||||
_nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews
|
||||
_painload|https://github.com/krebs/painload/commits/master.atom|#snews
|
||||
_phys|http://phys.org/rss-feed/|#snews
|
||||
_piraten|https://www.piratenpartei.de/feed/|#snews
|
||||
_polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews
|
||||
_presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews
|
||||
_presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews
|
||||
_prisonplanet|http://prisonplanet.com/feed.rss|#snews
|
||||
_rawstory|http://www.rawstory.com/rs/feed/|#snews
|
||||
_reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews
|
||||
_reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews
|
||||
_reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews
|
||||
_reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews
|
||||
_reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews
|
||||
_reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews
|
||||
_reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews
|
||||
_reddit_sci|http://www.reddit.com/r/science/.rss|#snews
|
||||
_reddit_tech|http://www.reddit.com/r/technology/.rss|#snews
|
||||
_reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews
|
||||
_reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews
|
||||
_r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews
|
||||
_reuters|http://feeds.reuters.com/Reuters/worldNews|#snews
|
||||
_reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews
|
||||
_rt|http://rt.com/rss/news/|#snews
|
||||
_schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews
|
||||
_sciencemag|http://news.sciencemag.org/rss/current.xml|#snews
|
||||
_scmp|http://www.scmp.com/rss/91/feed|#snews
|
||||
_sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews
|
||||
_shackspace|http://shackspace.de/atom.xml|#snews
|
||||
_shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews
|
||||
_sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews
|
||||
_sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews
|
||||
_sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews
|
||||
_sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews
|
||||
_sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews
|
||||
_slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews
|
||||
_slate|http://feeds.slate.com/slate|#snews
|
||||
_spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews
|
||||
_spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews
|
||||
_standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews
|
||||
_stern|http://www.stern.de/feed/standard/all/|#snews
|
||||
_stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews
|
||||
_sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews
|
||||
_sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews
|
||||
_sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews
|
||||
_tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews
|
||||
_taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews
|
||||
_telegraph|http://www.telegraph.co.uk/rss.xml|#snews
|
||||
_telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews
|
||||
_the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews
|
||||
_tigsource|http://www.tigsource.com/feed/|#snews
|
||||
_tinc|http://tinc-vpn.org/news/index.rss|#snews
|
||||
_torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews
|
||||
_torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews
|
||||
_torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews
|
||||
_travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews
|
||||
_un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews
|
||||
_un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews
|
||||
_un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews
|
||||
_un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews
|
||||
_un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews
|
||||
_un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews
|
||||
_us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews
|
||||
_vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews
|
||||
_weechat|http://dev.weechat.org/feed/atom|#snews
|
||||
_xkcd|https://xkcd.com/rss.xml|#snews
|
||||
_zdnet|http://www.zdnet.com/news/rss.xml|#snews
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ let
|
|||
|
||||
out = {
|
||||
options.krebs.Reaktor = api;
|
||||
config = imp;
|
||||
config = mkIf (cfg != {}) imp;
|
||||
};
|
||||
|
||||
api = mkOption {
|
||||
|
|
|
@ -143,12 +143,12 @@ let
|
|||
) cfg.servers;
|
||||
|
||||
users.extraUsers.bepasty = {
|
||||
uid = genid "bepasty";
|
||||
uid = genid_uint31 "bepasty";
|
||||
group = "bepasty";
|
||||
home = "/var/lib/bepasty-server";
|
||||
};
|
||||
users.extraGroups.bepasty = {
|
||||
gid = genid "bepasty";
|
||||
gid = genid_uint31 "bepasty";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -109,6 +109,7 @@ let
|
|||
};
|
||||
|
||||
imp = lib.mkMerge [
|
||||
{ krebs = import ./external { inherit config; }; }
|
||||
{ krebs = import ./jeschli { inherit config; }; }
|
||||
{ krebs = import ./krebs { inherit config; }; }
|
||||
{ krebs = import ./lass { inherit config; }; }
|
||||
|
|
312
krebs/3modules/external/default.nix
vendored
Normal file
312
krebs/3modules/external/default.nix
vendored
Normal file
|
@ -0,0 +1,312 @@
|
|||
{ config, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
hosts = mapAttrs (_: recursiveUpdate {
|
||||
ci = false;
|
||||
external = true;
|
||||
monitoring = false;
|
||||
}) {
|
||||
sokrateslaptop = {
|
||||
owner = config.krebs.users.sokratess;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.142.104";
|
||||
ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc";
|
||||
aliases = [
|
||||
"sokrateslaptop.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
|
||||
t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
|
||||
rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
|
||||
egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
|
||||
aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
|
||||
VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
kruck = {
|
||||
owner = config.krebs.users.palo;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.201";
|
||||
ip6.addr = "42:4234:6a6d:600::1";
|
||||
aliases = [
|
||||
"kruck.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
|
||||
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
|
||||
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
|
||||
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
|
||||
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
|
||||
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
|
||||
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
|
||||
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
|
||||
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
|
||||
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
|
||||
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
scardanelli = {
|
||||
owner = config.krebs.users.kmein;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.2.2";
|
||||
ip6.addr = "42:2:5ca:da:3111::1";
|
||||
aliases = [
|
||||
"scardanelli.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
|
||||
MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
|
||||
UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
|
||||
kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
|
||||
gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
|
||||
we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
|
||||
QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
|
||||
SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
|
||||
2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
|
||||
m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
|
||||
FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
|
||||
lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
homeros = {
|
||||
owner = config.krebs.users.kmein;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.2.1";
|
||||
ip6.addr = "42:2::0:3:05::1";
|
||||
aliases = [
|
||||
"homeros.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd
|
||||
ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc
|
||||
6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v
|
||||
RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd
|
||||
vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3
|
||||
+LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc
|
||||
QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm
|
||||
fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh
|
||||
VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7
|
||||
k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX
|
||||
gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N
|
||||
mJ/hywVtvLxNkNimyztoKKMCAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
turingmachine = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.168";
|
||||
ip6.addr = "42:4992:6a6d:600::1";
|
||||
aliases = [
|
||||
"turingmachine.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
|
||||
t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
|
||||
6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
|
||||
ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
|
||||
nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
|
||||
5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
|
||||
1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
|
||||
gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
|
||||
DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
|
||||
W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
|
||||
OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
eddie = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = rec {
|
||||
internet = {
|
||||
# eddie.thalheim.io
|
||||
ip4.addr = "129.215.197.11";
|
||||
aliases = [ "eddie.i" ];
|
||||
};
|
||||
retiolum = rec {
|
||||
via = internet;
|
||||
addrs = [
|
||||
ip4.addr
|
||||
ip6.addr
|
||||
];
|
||||
ip4.addr = "10.243.29.170";
|
||||
ip6.addr = "42:4992:6a6d:700::1";
|
||||
aliases = [ "eddie.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d
|
||||
j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm
|
||||
3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF
|
||||
2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua
|
||||
KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq
|
||||
iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t
|
||||
6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD
|
||||
kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u
|
||||
hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay
|
||||
pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ
|
||||
lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.subnets = [
|
||||
# edinburgh university
|
||||
"129.215.0.0/16"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
rock = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.171";
|
||||
ip6.addr = "42:4992:6a6d:700::2";
|
||||
aliases = [ "rock.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
|
||||
DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
|
||||
HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
|
||||
mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
|
||||
Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
|
||||
Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
|
||||
91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
|
||||
fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
|
||||
3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
|
||||
ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
|
||||
cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
inspector = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "141.76.44.154";
|
||||
aliases = [ "inspector.i" ];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.29.172";
|
||||
ip6.addr = "42:4992:6a6d:800::1";
|
||||
aliases = [ "inspector.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
|
||||
EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
|
||||
7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
|
||||
m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
|
||||
WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
|
||||
eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
|
||||
OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
|
||||
ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
|
||||
B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
|
||||
q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
|
||||
7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
dpdkm = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = rec {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.173";
|
||||
ip6.addr = "42:4992:6a6d:900::1";
|
||||
aliases = [ "dpdkm.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
|
||||
NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
|
||||
qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
|
||||
X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
|
||||
f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
|
||||
bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
|
||||
Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
|
||||
B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
|
||||
tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
|
||||
dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
|
||||
mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
eve = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = rec {
|
||||
internet = {
|
||||
# eve.thalheim.io
|
||||
ip4.addr = "188.68.39.17";
|
||||
ip6.addr = "2a03:4000:13:31e::1";
|
||||
aliases = [ "eve.i" ];
|
||||
};
|
||||
retiolum = rec {
|
||||
via = internet;
|
||||
addrs = [
|
||||
ip4.addr
|
||||
ip6.addr
|
||||
];
|
||||
ip4.addr = "10.243.29.174";
|
||||
ip6.addr = "42:4992:6a6d:a00::1";
|
||||
aliases = [ "eve.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
|
||||
XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82
|
||||
08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk
|
||||
6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI
|
||||
+xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3
|
||||
dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW
|
||||
pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP
|
||||
c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi
|
||||
YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI
|
||||
61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13
|
||||
Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
users = {
|
||||
Mic92 = {
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
|
||||
mail = "joerg@higgsboson.tk";
|
||||
};
|
||||
kmein = {
|
||||
};
|
||||
palo = {
|
||||
};
|
||||
sokratess = {
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -53,7 +53,7 @@ let
|
|||
imp = {
|
||||
users.users.fetchWallpaper = {
|
||||
name = "fetchWallpaper";
|
||||
uid = genid "fetchWallpaper";
|
||||
uid = genid_uint31 "fetchWallpaper";
|
||||
description = "fetchWallpaper user";
|
||||
home = cfg.stateDir;
|
||||
createHome = true;
|
||||
|
|
|
@ -427,7 +427,7 @@ let
|
|||
system.activationScripts.cgit = ''
|
||||
mkdir -m 0770 -p ${cfg.cgit.settings.cache-root}
|
||||
chmod 0770 ${cfg.cgit.settings.cache-root}
|
||||
chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root}
|
||||
chown ${toString cfg.cgit.fcgiwrap.user.name}:${toString cfg.cgit.fcgiwrap.group.name} ${cfg.cgit.settings.cache-root}
|
||||
'';
|
||||
|
||||
services.nginx.virtualHosts.cgit = {
|
||||
|
|
|
@ -129,29 +129,10 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
||||
};
|
||||
|
||||
domsen-nas = {
|
||||
ci = false;
|
||||
monitoring = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
internet = {
|
||||
aliases = [
|
||||
"domsen-nas.internet"
|
||||
];
|
||||
ip4.addr = "87.138.180.167";
|
||||
ssh.port = 2223;
|
||||
};
|
||||
};
|
||||
};
|
||||
uriel = {
|
||||
monitoring = false;
|
||||
cores = 1;
|
||||
nets = {
|
||||
gg23 = {
|
||||
ip4.addr = "10.23.1.12";
|
||||
aliases = ["uriel.gg23"];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.81.176";
|
||||
ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56";
|
||||
|
@ -178,11 +159,6 @@ with import <stockholm/lib>;
|
|||
mors = {
|
||||
cores = 2;
|
||||
nets = {
|
||||
gg23 = {
|
||||
ip4.addr = "10.23.1.11";
|
||||
aliases = ["mors.gg23"];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.2";
|
||||
ip6.addr = "42:0:0:0:0:0:0:dea7";
|
||||
|
@ -351,258 +327,6 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
|
||||
};
|
||||
iso = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
cores = 1;
|
||||
};
|
||||
sokrateslaptop = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.142.104";
|
||||
ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc";
|
||||
aliases = [
|
||||
"sokrateslaptop.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
|
||||
t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
|
||||
rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
|
||||
egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
|
||||
aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
|
||||
VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
kruck = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.201";
|
||||
ip6.addr = "42:4234:6a6d:600::1";
|
||||
aliases = [
|
||||
"kruck.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
|
||||
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
|
||||
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
|
||||
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
|
||||
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
|
||||
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
|
||||
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
|
||||
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
|
||||
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
|
||||
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
|
||||
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
turingmachine = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.168";
|
||||
ip6.addr = "42:4992:6a6d:600::1";
|
||||
aliases = [
|
||||
"turingmachine.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
|
||||
t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
|
||||
6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
|
||||
ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
|
||||
nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
|
||||
5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
|
||||
1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
|
||||
gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
|
||||
DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
|
||||
W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
|
||||
OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
eddie = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
internet = {
|
||||
# eddie.thalheim.io
|
||||
ip4.addr = "129.215.197.11";
|
||||
aliases = [ "eddie.i" ];
|
||||
};
|
||||
retiolum = rec {
|
||||
via = internet;
|
||||
addrs = [
|
||||
ip4.addr
|
||||
ip6.addr
|
||||
];
|
||||
ip4.addr = "10.243.29.170";
|
||||
ip6.addr = "42:4992:6a6d:700::1";
|
||||
aliases = [ "eddie.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d
|
||||
j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm
|
||||
3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF
|
||||
2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua
|
||||
KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq
|
||||
iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t
|
||||
6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD
|
||||
kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u
|
||||
hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay
|
||||
pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ
|
||||
lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.subnets = [
|
||||
# edinburgh university
|
||||
"129.215.0.0/16"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
rock = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.171";
|
||||
ip6.addr = "42:4992:6a6d:700::2";
|
||||
aliases = [ "rock.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
|
||||
DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
|
||||
HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
|
||||
mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
|
||||
Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
|
||||
Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
|
||||
91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
|
||||
fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
|
||||
3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
|
||||
ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
|
||||
cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
inspector = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "141.76.44.154";
|
||||
aliases = [ "inspector.i" ];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.29.172";
|
||||
ip6.addr = "42:4992:6a6d:800::1";
|
||||
aliases = [ "inspector.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
|
||||
EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
|
||||
7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
|
||||
m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
|
||||
WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
|
||||
eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
|
||||
OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
|
||||
ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
|
||||
B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
|
||||
q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
|
||||
7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
dpdkm = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.173";
|
||||
ip6.addr = "42:4992:6a6d:900::1";
|
||||
aliases = [ "dpdkm.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
|
||||
NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
|
||||
qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
|
||||
X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
|
||||
f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
|
||||
bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
|
||||
Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
|
||||
B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
|
||||
tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
|
||||
dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
|
||||
mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
eve = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
internet = {
|
||||
# eve.thalheim.io
|
||||
ip4.addr = "188.68.39.17";
|
||||
ip6.addr = "2a03:4000:13:31e::1";
|
||||
aliases = [ "eve.i" ];
|
||||
};
|
||||
retiolum = rec {
|
||||
via = internet;
|
||||
addrs = [
|
||||
ip4.addr
|
||||
ip6.addr
|
||||
];
|
||||
ip4.addr = "10.243.29.174";
|
||||
ip6.addr = "42:4992:6a6d:a00::1";
|
||||
aliases = [ "eve.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
|
||||
XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82
|
||||
08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk
|
||||
6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI
|
||||
+xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3
|
||||
dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW
|
||||
pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP
|
||||
c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi
|
||||
YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI
|
||||
61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13
|
||||
Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
xerxes = {
|
||||
cores = 2;
|
||||
nets = rec {
|
||||
|
@ -644,47 +368,6 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
|
||||
};
|
||||
cabal = {
|
||||
cores = 2;
|
||||
nets = rec {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.1.4";
|
||||
ip6.addr = "42::1:4";
|
||||
aliases = [
|
||||
"cabal.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A
|
||||
SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj
|
||||
rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK
|
||||
qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e
|
||||
LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq
|
||||
rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3
|
||||
6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE
|
||||
fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v
|
||||
yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A
|
||||
kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR
|
||||
KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi
|
||||
TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U
|
||||
oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs
|
||||
TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw
|
||||
3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD
|
||||
rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ
|
||||
4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf
|
||||
luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py
|
||||
w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG
|
||||
09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1
|
||||
K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g
|
||||
ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
|
||||
};
|
||||
red = {
|
||||
monitoring = false;
|
||||
cores = 1;
|
||||
|
@ -716,6 +399,36 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
|
||||
};
|
||||
yellow = {
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.14";
|
||||
ip6.addr = "42:0:0:0:0:0:0:14";
|
||||
aliases = [
|
||||
"yellow.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP
|
||||
MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY
|
||||
b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU
|
||||
Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd
|
||||
OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP
|
||||
vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6
|
||||
C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp
|
||||
Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU
|
||||
52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg
|
||||
zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p
|
||||
DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ
|
||||
Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje ";
|
||||
};
|
||||
blue = {
|
||||
cores = 1;
|
||||
nets = {
|
||||
|
@ -789,9 +502,6 @@ with import <stockholm/lib>;
|
|||
mail = "lass@daedalus.r";
|
||||
pubkey = builtins.readFile ./ssh/daedalus.rsa;
|
||||
};
|
||||
fritz = {
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
|
||||
};
|
||||
prism-repo-sync = {
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe";
|
||||
mail = "lass@prism.r";
|
||||
|
@ -800,14 +510,8 @@ with import <stockholm/lib>;
|
|||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
|
||||
mail = "lass@mors.r";
|
||||
};
|
||||
sokratess = {
|
||||
};
|
||||
wine-mors = {
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKfTIKmbe1RjX1fjAn//08363zAsI0CijWnaYyAC842";
|
||||
};
|
||||
Mic92 = {
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
|
||||
mail = "joerg@higgsboson.tk";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -77,7 +77,190 @@ let
|
|||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh";
|
||||
ExecStart = pkgs.writeDash "generate-wallpaper" ''
|
||||
set -xeuf
|
||||
|
||||
# usage: getimg FILENAME URL
|
||||
fetch() {
|
||||
echo "fetch $1"
|
||||
curl -LsS -z "$1" -o "$1" "$2"
|
||||
}
|
||||
|
||||
# usage: check_type FILENAME TYPE
|
||||
check_type() {
|
||||
if ! file -ib "$1" | grep -q "^$2/"; then
|
||||
echo "$1 is not of type $2" >&2
|
||||
rm "$1"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# usage: image_size FILENAME
|
||||
image_size() {
|
||||
identify "$1" | awk '{print$3}'
|
||||
}
|
||||
|
||||
# usage: make_mask DST SRC MASK
|
||||
make_layer() {
|
||||
if needs_rebuild "$@"; then
|
||||
echo "make $1 (apply mask)" >&2
|
||||
convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
# usage: flatten DST HILAYER LOLAYER
|
||||
flatten() {
|
||||
if needs_rebuild "$@"; then
|
||||
echo "make $1 (flatten)" >&2
|
||||
composite "$2" "$3" "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
# usage: needs_rebuild DST SRC...
|
||||
needs_rebuild() {
|
||||
a="$1"
|
||||
shift
|
||||
if ! test -e "$a"; then
|
||||
#echo " $a does not exist" >&2
|
||||
result=0
|
||||
else
|
||||
result=1
|
||||
for b; do
|
||||
if test "$b" -nt "$a"; then
|
||||
#echo " $b is newer than $a" >&2
|
||||
result=0
|
||||
fi
|
||||
done
|
||||
fi
|
||||
#case $result in
|
||||
# 0) echo "$a needs rebuild" >&2;;
|
||||
#esac
|
||||
return $result
|
||||
}
|
||||
|
||||
main() {
|
||||
cd ${cfg.workingDir}
|
||||
|
||||
# fetch source images in parallel
|
||||
fetch nightmap-raw.jpg \
|
||||
${cfg.nightmap} &
|
||||
fetch daymap-raw.png \
|
||||
${cfg.daymap} &
|
||||
fetch clouds-raw.jpg \
|
||||
${cfg.cloudmap} &
|
||||
fetch marker.json \
|
||||
${cfg.marker} &
|
||||
wait
|
||||
|
||||
check_type nightmap-raw.jpg image
|
||||
check_type daymap-raw.png image
|
||||
check_type clouds-raw.jpg image
|
||||
|
||||
in_size=2048x1024
|
||||
xplanet_out_size=1466x1200
|
||||
out_geometry=1366x768+100+160
|
||||
|
||||
nightsnow_color='#0c1a49' # nightmap
|
||||
|
||||
for raw in \
|
||||
nightmap-raw.jpg \
|
||||
daymap-raw.png \
|
||||
clouds-raw.jpg \
|
||||
;
|
||||
do
|
||||
normal=''${raw%-raw.*}.png
|
||||
if needs_rebuild $normal $raw; then
|
||||
echo "make $normal; normalize $raw" >&2
|
||||
convert $raw -scale $in_size $normal
|
||||
fi
|
||||
done
|
||||
|
||||
# create nightmap-fullsnow
|
||||
if needs_rebuild nightmap-fullsnow.png; then
|
||||
convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png
|
||||
fi
|
||||
|
||||
# extract daymap-snowmask from daymap-final
|
||||
if needs_rebuild daymap-snowmask.png daymap.png; then
|
||||
convert daymap.png -threshold 95% daymap-snowmask.png
|
||||
fi
|
||||
|
||||
# extract nightmap-lightmask from nightmap
|
||||
if needs_rebuild nightmap-lightmask.png nightmap.png; then
|
||||
convert nightmap.png -threshold 25% nightmap-lightmask.png
|
||||
fi
|
||||
|
||||
# create layers
|
||||
make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png
|
||||
make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png
|
||||
|
||||
# apply layers
|
||||
flatten nightmap-lightsnowlayer.png \
|
||||
nightmap-lightlayer.png \
|
||||
nightmap-snowlayer.png
|
||||
|
||||
flatten nightmap-final.png \
|
||||
nightmap-lightsnowlayer.png \
|
||||
nightmap.png
|
||||
|
||||
# create marker file from json
|
||||
if [ -s marker.json ]; then
|
||||
jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file
|
||||
fi
|
||||
|
||||
# make all unmodified files as final
|
||||
for normal in \
|
||||
daymap.png \
|
||||
clouds.png \
|
||||
;
|
||||
do
|
||||
final=''${normal%.png}-final.png
|
||||
needs_rebuild $final &&
|
||||
ln $normal $final
|
||||
done
|
||||
|
||||
# rebuild every time to update shadow
|
||||
xplanet --num_times 1 --geometry $xplanet_out_size \
|
||||
--output xplanet-output.png --projection merc \
|
||||
-config ${pkgs.writeText "xplanet.config" ''
|
||||
[earth]
|
||||
"Earth"
|
||||
map=daymap-final.png
|
||||
night_map=nightmap-final.png
|
||||
cloud_map=clouds-final.png
|
||||
cloud_threshold=10
|
||||
shade=15
|
||||
''}
|
||||
|
||||
xplanet --num_times 1 --geometry $xplanet_out_size \
|
||||
--output xplanet-krebs-output.png --projection merc \
|
||||
-config ${pkgs.writeText "xplanet-krebs.config" ''
|
||||
[earth]
|
||||
"Earth"
|
||||
map=daymap-final.png
|
||||
night_map=nightmap-final.png
|
||||
cloud_map=clouds-final.png
|
||||
cloud_threshold=10
|
||||
marker_file=marker_file
|
||||
shade=15
|
||||
''}
|
||||
|
||||
# trim xplanet output
|
||||
if needs_rebuild realwallpaper.png xplanet-output.png; then
|
||||
convert xplanet-output.png -crop $out_geometry \
|
||||
realwallpaper-tmp.png
|
||||
mv realwallpaper-tmp.png realwallpaper.png
|
||||
fi
|
||||
|
||||
if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then
|
||||
convert xplanet-krebs-output.png -crop $out_geometry \
|
||||
realwallpaper-krebs-tmp.png
|
||||
mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png
|
||||
fi
|
||||
}
|
||||
|
||||
main "$@"
|
||||
'';
|
||||
User = "realwallpaper";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -124,7 +124,7 @@ let
|
|||
};
|
||||
|
||||
users.extraUsers.tinc_graphs = {
|
||||
uid = genid "tinc_graphs";
|
||||
uid = genid_uint31 "tinc_graphs";
|
||||
home = "/var/spool/tinc_graphs";
|
||||
};
|
||||
services.nginx = mkIf cfg.nginx.enable {
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
{ stdenv, fetchgit, xplanet, imagemagick, curl, file }:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "realwallpaper";
|
||||
|
||||
src = fetchgit {
|
||||
url = https://github.com/Lassulus/realwallpaper;
|
||||
rev = "847faebc9b7e87e4bea078e3a2304ec00b4cdfc0";
|
||||
sha256 = "10zihkwj9vpshlxw2jk67zbsy8g4i8b1y4jzna9fdcsgn7s12jrr";
|
||||
};
|
||||
|
||||
phases = [
|
||||
"unpackPhase"
|
||||
"installPhase"
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
cp realwallpaper.sh $out/realwallpaper.sh
|
||||
'';
|
||||
}
|
|
@ -6,26 +6,10 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/libvirt.nix>
|
||||
{
|
||||
services.nginx.enable = true;
|
||||
imports = [
|
||||
<stockholm/lass/2configs/websites/domsen.nix>
|
||||
<stockholm/lass/2configs/websites/lassulus.nix>
|
||||
];
|
||||
# needed by domsen.nix ^^
|
||||
lass.usershadow = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
{ # TODO make new hfos.nix out of this vv
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
users.users.riot = {
|
||||
uid = genid "riot";
|
||||
uid = genid_uint31 "riot";
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "libvirtd" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
|
@ -42,153 +26,7 @@ with import <stockholm/lib>;
|
|||
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
users.users.tv = {
|
||||
uid = genid "tv";
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.tv.pubkey
|
||||
];
|
||||
};
|
||||
users.users.makefu = {
|
||||
uid = genid "makefu";
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.makefu.pubkey
|
||||
];
|
||||
};
|
||||
users.extraUsers.dritter = {
|
||||
uid = genid "dritter";
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"download"
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
|
||||
];
|
||||
};
|
||||
users.extraUsers.juhulian = {
|
||||
uid = 1339;
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
|
||||
];
|
||||
};
|
||||
users.users.hellrazor = {
|
||||
uid = genid "hellrazor";
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"download"
|
||||
];
|
||||
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
#hotdog
|
||||
systemd.services."container@hotdog".reloadIfChanged = mkForce false;
|
||||
containers.hotdog = {
|
||||
config = { ... }: {
|
||||
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = true;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.1";
|
||||
localAddress = "10.233.2.2";
|
||||
};
|
||||
}
|
||||
<stockholm/lass/2configs/exim-smarthost.nix>
|
||||
<stockholm/lass/2configs/ts3.nix>
|
||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||
<stockholm/lass/2configs/radio.nix>
|
||||
<stockholm/lass/2configs/binary-cache/server.nix>
|
||||
<stockholm/lass/2configs/iodined.nix>
|
||||
<stockholm/lass/2configs/paste.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
<stockholm/lass/2configs/ciko.nix>
|
||||
<stockholm/lass/2configs/container-networking.nix>
|
||||
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
|
||||
{ # quasi bepasty.nix
|
||||
imports = [
|
||||
<stockholm/lass/2configs/bepasty.nix>
|
||||
];
|
||||
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
|
||||
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
|
||||
return 403;
|
||||
}
|
||||
'';
|
||||
}
|
||||
{
|
||||
services.tor = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
||||
{
|
||||
lass.ejabberd = {
|
||||
enable = true;
|
||||
hosts = [ "lassul.us" ];
|
||||
};
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass/2configs/realwallpaper.nix>
|
||||
];
|
||||
services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
|
||||
alias /var/realwallpaper/realwallpaper.png;
|
||||
'';
|
||||
}
|
||||
{
|
||||
users.users.jeschli = {
|
||||
uid = genid "jeschli";
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
jeschli.pubkey
|
||||
jeschli-bln.pubkey
|
||||
jeschli-bolide.pubkey
|
||||
jeschli-brauerei.pubkey
|
||||
];
|
||||
};
|
||||
krebs.git.rules = [
|
||||
{
|
||||
user = with config.krebs.users; [
|
||||
jeschli
|
||||
jeschli-bln
|
||||
jeschli-bolide
|
||||
jeschli-brauerei
|
||||
];
|
||||
repo = [ config.krebs.git.repos.xmonad-stockholm ];
|
||||
perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ];
|
||||
}
|
||||
{
|
||||
user = with config.krebs.users; [
|
||||
jeschli
|
||||
jeschli-bln
|
||||
jeschli-bolide
|
||||
jeschli-brauerei
|
||||
];
|
||||
repo = [ config.krebs.git.repos.stockholm ];
|
||||
perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ];
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
krebs.repo-sync.repos.stockholm.timerConfig = {
|
||||
OnBootSec = "5min";
|
||||
OnUnitInactiveSec = "2min";
|
||||
RandomizedDelaySec = "2min";
|
||||
};
|
||||
}
|
||||
<stockholm/lass/2configs/downloading.nix>
|
||||
<stockholm/lass/2configs/minecraft.nix>
|
||||
{
|
||||
services.taskserver = {
|
||||
enable = true;
|
||||
|
@ -201,123 +39,11 @@ with import <stockholm/lib>;
|
|||
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
#<stockholm/lass/2configs/go.nix>
|
||||
{
|
||||
environment.systemPackages = [ pkgs.cryptsetup ];
|
||||
systemd.services."container@red".reloadIfChanged = mkForce false;
|
||||
containers.red = {
|
||||
config = { ... }: {
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = false;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.3";
|
||||
localAddress = "10.233.2.4";
|
||||
};
|
||||
services.nginx.virtualHosts."rote-allez-fraktion.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
proxy_set_header Host rote-allez-fraktion.de;
|
||||
proxy_pass http://10.233.2.4;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
#{
|
||||
# imports = [ <stockholm/lass/2configs/backup.nix> ];
|
||||
# lass.restic = genAttrs [
|
||||
# "daedalus"
|
||||
# "icarus"
|
||||
# "littleT"
|
||||
# "mors"
|
||||
# "shodan"
|
||||
# "skynet"
|
||||
# ] (dest: {
|
||||
# dirs = [
|
||||
# "/home/chat/.weechat"
|
||||
# "/bku/sql_dumps"
|
||||
# ];
|
||||
# passwordFile = (toString <secrets>) + "/restic/${dest}";
|
||||
# repo = "sftp:backup@${dest}.r:/backups/prism";
|
||||
# extraArguments = [
|
||||
# "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
|
||||
# ];
|
||||
# timerConfig = {
|
||||
# OnCalendar = "00:05";
|
||||
# RandomizedDelaySec = "5h";
|
||||
# };
|
||||
# });
|
||||
#}
|
||||
{
|
||||
users.users.download.openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
|
||||
];
|
||||
}
|
||||
{
|
||||
}
|
||||
{
|
||||
lass.nichtparasoup.enable = true;
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."lol.lassul.us" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".extraConfig = ''
|
||||
proxy_pass http://localhost:5001;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
|
||||
];
|
||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
|
||||
];
|
||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
|
||||
{ v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
|
||||
];
|
||||
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
|
||||
];
|
||||
networking.wireguard.interfaces.wg0 = {
|
||||
ips = [ "10.244.1.1/24" ];
|
||||
listenPort = 51820;
|
||||
privateKeyFile = (toString <secrets>) + "/wireguard.key";
|
||||
allowedIPsAsRoutes = true;
|
||||
peers = [
|
||||
{
|
||||
# lass-android
|
||||
allowedIPs = [ "10.244.1.2/32" ];
|
||||
publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
|
||||
];
|
||||
}
|
||||
{
|
||||
services.murmur.enable = true;
|
||||
services.murmur.registerName = "lassul.us";
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
|
||||
];
|
||||
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.archprism;
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
|
||||
<stockholm/lass/2configs/mouse.nix>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/baseX.nix>
|
||||
<stockholm/lass/2configs/AP.nix>
|
||||
<stockholm/lass/2configs/blue-host.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.cabal;
|
||||
}
|
|
@ -1,12 +0,0 @@
|
|||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
<stockholm/lass/2configs/hw/x220.nix>
|
||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||
];
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0"
|
||||
'';
|
||||
}
|
|
@ -25,9 +25,5 @@
|
|||
macchanger
|
||||
dpass
|
||||
];
|
||||
services.redshift = {
|
||||
enable = true;
|
||||
provider = "geoclue2";
|
||||
};
|
||||
programs.adb.enable = true;
|
||||
}
|
||||
|
|
|
@ -102,6 +102,7 @@ with import <stockholm/lib>;
|
|||
urban
|
||||
mk_sql_pair
|
||||
remmina
|
||||
transmission
|
||||
|
||||
iodine
|
||||
|
||||
|
@ -148,10 +149,6 @@ with import <stockholm/lib>;
|
|||
programs.adb.enable = true;
|
||||
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
||||
virtualisation.docker.enable = true;
|
||||
services.redshift = {
|
||||
enable = true;
|
||||
provider = "geoclue2";
|
||||
};
|
||||
|
||||
lass.restic = genAttrs [
|
||||
"daedalus"
|
||||
|
|
|
@ -25,7 +25,7 @@ with import <stockholm/lib>;
|
|||
{ # TODO make new hfos.nix out of this vv
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
users.users.riot = {
|
||||
uid = genid "riot";
|
||||
uid = genid_uint31 "riot";
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "libvirtd" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
|
@ -44,21 +44,21 @@ with import <stockholm/lib>;
|
|||
}
|
||||
{
|
||||
users.users.tv = {
|
||||
uid = genid "tv";
|
||||
uid = genid_uint31 "tv";
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.tv.pubkey
|
||||
];
|
||||
};
|
||||
users.users.makefu = {
|
||||
uid = genid "makefu";
|
||||
uid = genid_uint31 "makefu";
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.makefu.pubkey
|
||||
];
|
||||
};
|
||||
users.extraUsers.dritter = {
|
||||
uid = genid "dritter";
|
||||
uid = genid_uint31 "dritter";
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"download"
|
||||
|
@ -75,7 +75,7 @@ with import <stockholm/lib>;
|
|||
];
|
||||
};
|
||||
users.users.hellrazor = {
|
||||
uid = genid "hellrazor";
|
||||
uid = genid_uint31 "hellrazor";
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"download"
|
||||
|
@ -168,7 +168,7 @@ with import <stockholm/lib>;
|
|||
}
|
||||
{
|
||||
users.users.jeschli = {
|
||||
uid = genid "jeschli";
|
||||
uid = genid_uint31 "jeschli";
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
jeschli.pubkey
|
||||
|
@ -207,7 +207,6 @@ with import <stockholm/lib>;
|
|||
RandomizedDelaySec = "2min";
|
||||
};
|
||||
}
|
||||
<stockholm/lass/2configs/downloading.nix>
|
||||
<stockholm/lass/2configs/minecraft.nix>
|
||||
{
|
||||
services.taskserver = {
|
||||
|
@ -324,6 +323,15 @@ with import <stockholm/lib>;
|
|||
}
|
||||
];
|
||||
};
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
resolveLocalQueries = false;
|
||||
|
||||
extraConfig= ''
|
||||
except-interface=lo
|
||||
interface=wg0
|
||||
'';
|
||||
};
|
||||
}
|
||||
{
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
|
@ -338,6 +346,61 @@ with import <stockholm/lib>;
|
|||
];
|
||||
|
||||
}
|
||||
{
|
||||
systemd.services."container@yellow".reloadIfChanged = mkForce false;
|
||||
containers.yellow = {
|
||||
config = { ... }: {
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = false;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.13";
|
||||
localAddress = "10.233.2.14";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = ''
|
||||
if ($scheme != "https") {
|
||||
rewrite ^ https://$host$uri permanent;
|
||||
}
|
||||
auth_basic "Restricted Content";
|
||||
auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''
|
||||
krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
|
||||
''};
|
||||
proxy_pass http://10.233.2.14:9091;
|
||||
'';
|
||||
|
||||
users.groups.download = {};
|
||||
users.users = {
|
||||
download = {
|
||||
createHome = true;
|
||||
group = "download";
|
||||
name = "download";
|
||||
home = "/var/download";
|
||||
useDefaultShell = true;
|
||||
openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
lass.pubkey
|
||||
lass-shodan.pubkey
|
||||
lass-icarus.pubkey
|
||||
lass-daedalus.pubkey
|
||||
lass-helios.pubkey
|
||||
makefu.pubkey
|
||||
wine-mors.pubkey
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
system.activationScripts.downloadFolder = ''
|
||||
mkdir -p /var/download
|
||||
chmod 775 /var/download
|
||||
ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
|
||||
chown download: /var/download/finished
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.prism;
|
||||
|
|
|
@ -25,6 +25,11 @@
|
|||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/download" = {
|
||||
device = "tank/download";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/containers" = {
|
||||
device = "tank/containers";
|
||||
fsType = "zfs";
|
||||
|
|
|
@ -8,14 +8,13 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/mouse.nix>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/baseX.nix>
|
||||
<stockholm/lass/2configs/git.nix>
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/wine.nix>
|
||||
<stockholm/lass/2configs/bitcoin.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
<stockholm/lass/2configs/blue-host.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.shodan;
|
||||
|
|
|
@ -7,6 +7,7 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/blue-host.nix>
|
||||
<stockholm/lass/2configs/power-action.nix>
|
||||
{
|
||||
services.xserver.enable = true;
|
||||
services.xserver.desktopManager.xfce.enable = true;
|
||||
|
|
167
lass/1systems/yellow/config.nix
Normal file
167
lass/1systems/yellow/config.nix
Normal file
|
@ -0,0 +1,167 @@
|
|||
with import <stockholm/lib>;
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.yellow;
|
||||
|
||||
system.activationScripts.downloadFolder = ''
|
||||
mkdir -p /var/download
|
||||
chown download:download /var/download
|
||||
chmod 775 /var/download
|
||||
'';
|
||||
|
||||
users.users.download = { uid = genid "download"; };
|
||||
users.groups.download.members = [ "transmission" ];
|
||||
users.users.transmission.group = mkForce "download";
|
||||
|
||||
systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ];
|
||||
services.transmission = {
|
||||
enable = true;
|
||||
settings = {
|
||||
download-dir = "/var/download/finished";
|
||||
incomplete-dir = "/var/download/incoming";
|
||||
incomplete-dir-enable = true;
|
||||
umask = "002";
|
||||
rpc-whitelist-enabled = false;
|
||||
rpc-host-whitelist-enabled = false;
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
package = pkgs.nginx.override {
|
||||
modules = with pkgs.nginxModules; [
|
||||
fancyindex
|
||||
];
|
||||
};
|
||||
virtualHosts."dl" = {
|
||||
default = true;
|
||||
locations."/Nginx-Fancyindex-Theme-dark" = {
|
||||
extraConfig = ''
|
||||
alias ${pkgs.fetchFromGitHub {
|
||||
owner = "Naereen";
|
||||
repo = "Nginx-Fancyindex-Theme";
|
||||
rev = "e84f7d6a32085c2b6238f85f5fdebe9ceb710fc4";
|
||||
sha256 = "0wzl4ws2w8f0749vxfd1c8c21p3jw463wishgfcmaljbh4dwplg6";
|
||||
}}/Nginx-Fancyindex-Theme-dark;
|
||||
autoindex on;
|
||||
'';
|
||||
};
|
||||
locations."/" = {
|
||||
root = "/var/download/finished";
|
||||
extraConfig = ''
|
||||
fancyindex on;
|
||||
fancyindex_header "/Nginx-Fancyindex-Theme-dark/header.html";
|
||||
fancyindex_footer "/Nginx-Fancyindex-Theme-dark/footer.html";
|
||||
dav_methods PUT DELETE MKCOL COPY MOVE;
|
||||
|
||||
create_full_put_path on;
|
||||
dav_access all:r;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
krebs.iptables = {
|
||||
enable = true;
|
||||
tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
|
||||
services.openvpn.servers.nordvpn.config = ''
|
||||
client
|
||||
dev tun
|
||||
proto udp
|
||||
remote 82.102.16.229 1194
|
||||
resolv-retry infinite
|
||||
remote-random
|
||||
nobind
|
||||
tun-mtu 1500
|
||||
tun-mtu-extra 32
|
||||
mssfix 1450
|
||||
persist-key
|
||||
persist-tun
|
||||
ping 15
|
||||
ping-restart 0
|
||||
ping-timer-rem
|
||||
reneg-sec 0
|
||||
comp-lzo no
|
||||
|
||||
explicit-exit-notify 3
|
||||
|
||||
remote-cert-tls server
|
||||
|
||||
#mute 10000
|
||||
auth-user-pass ${toString <secrets/nordvpn.txt>}
|
||||
|
||||
verb 3
|
||||
pull
|
||||
fast-io
|
||||
cipher AES-256-CBC
|
||||
auth SHA512
|
||||
|
||||
<ca>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
|
||||
VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH
|
||||
Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw
|
||||
bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y
|
||||
ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG
|
||||
A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT
|
||||
B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2
|
||||
cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v
|
||||
cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG
|
||||
UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny
|
||||
mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X
|
||||
+D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT
|
||||
ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI
|
||||
583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA
|
||||
VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT
|
||||
Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh
|
||||
MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ
|
||||
MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy
|
||||
Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW
|
||||
EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG
|
||||
SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ
|
||||
e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW
|
||||
//DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB
|
||||
wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB
|
||||
KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p
|
||||
lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9
|
||||
-----END CERTIFICATE-----
|
||||
</ca>
|
||||
key-direction 1
|
||||
<tls-auth>
|
||||
#
|
||||
# 2048 bit OpenVPN static key
|
||||
#
|
||||
-----BEGIN OpenVPN Static key V1-----
|
||||
49b2f54c6ee58d2d97331681bb577d55
|
||||
054f56d92b743c31e80b684de0388702
|
||||
ad3bf51088cd88f3fac7eb0729f2263c
|
||||
51d82a6eb7e2ed4ae6dfa65b1ac764d0
|
||||
b9dedf1379c1b29b36396d64cb6fd6b2
|
||||
e61f869f9a13001dadc02db171f04c4d
|
||||
c46d1132c1f31709e7b54a6eabae3ea8
|
||||
fbd2681363c185f4cb1be5aa42a27c31
|
||||
21db7b2187fd11c1acf224a0d5a44466
|
||||
b4b5a3cc34ec0227fe40007e8b379654
|
||||
f1e8e2b63c6b46ee7ab6f1bd82f57837
|
||||
92c209e8f25bc9ed493cb5c1d891ae72
|
||||
7f54f4693c5b20f136ca23e639fd8ea0
|
||||
865b4e22dd2af43e13e6b075f12427b2
|
||||
08af9ffd09c56baa694165f57fe2697a
|
||||
3377fa34aebcba587c79941d83deaf45
|
||||
-----END OpenVPN Static key V1-----
|
||||
</tls-auth>
|
||||
'';
|
||||
}
|
8
lass/1systems/yellow/physical.nix
Normal file
8
lass/1systems/yellow/physical.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
];
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
environment.variables.NIX_REMOTE = "daemon";
|
||||
}
|
|
@ -126,6 +126,12 @@ in {
|
|||
restartIfChanged = false;
|
||||
};
|
||||
|
||||
nixpkgs.config.packageOverrides = super: {
|
||||
dmenu = pkgs.writeDashBin "dmenu" ''
|
||||
${pkgs.fzfmenu}/bin/fzfmenu "$@"
|
||||
'';
|
||||
};
|
||||
|
||||
krebs.xresources.enable = true;
|
||||
lass.screenlock.enable = true;
|
||||
}
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
'';
|
||||
};
|
||||
virtualHosts."cache.krebsco.de" = {
|
||||
forceSSL = true;
|
||||
serverAliases = [ "cache.lassul.us" ];
|
||||
enableACME = true;
|
||||
locations."/".extraConfig = ''
|
||||
|
|
|
@ -81,6 +81,7 @@ in {
|
|||
host = "${host}.r",
|
||||
targetdir = "/var/lib/containers/.blue",
|
||||
rsync = {
|
||||
archive = true,
|
||||
owner = true,
|
||||
group = true,
|
||||
};
|
||||
|
|
|
@ -1,65 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
users.extraUsers = {
|
||||
download = {
|
||||
name = "download";
|
||||
home = "/var/download";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
"download"
|
||||
];
|
||||
openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
lass.pubkey
|
||||
lass-shodan.pubkey
|
||||
lass-icarus.pubkey
|
||||
lass-daedalus.pubkey
|
||||
lass-helios.pubkey
|
||||
makefu.pubkey
|
||||
wine-mors.pubkey
|
||||
];
|
||||
};
|
||||
|
||||
transmission = {
|
||||
extraGroups = [
|
||||
"download"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
users.extraGroups = {
|
||||
download = {
|
||||
members = [
|
||||
"download"
|
||||
"transmission"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
krebs.rtorrent = {
|
||||
enable = true;
|
||||
web = {
|
||||
enable = true;
|
||||
port = 9091;
|
||||
basicAuth = import <secrets/torrent-auth>;
|
||||
};
|
||||
rutorrent.enable = true;
|
||||
enableXMLRPC = true;
|
||||
listenPort = 51413;
|
||||
downloadDir = "/var/download/finished";
|
||||
# dump old torrents into watch folder to have them re-added
|
||||
watchDir = "/var/download/watch";
|
||||
};
|
||||
|
||||
krebs.iptables = {
|
||||
enable = true;
|
||||
tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
}
|
|
@ -93,6 +93,7 @@ with import <stockholm/lib>;
|
|||
{ from = "neocron@lassul.us"; to = lass.mail; }
|
||||
{ from = "osmocom@lassul.us"; to = lass.mail; }
|
||||
{ from = "lesswrong@lassul.us"; to = lass.mail; }
|
||||
{ from = "nordvpn@lassul.us"; to = lass.mail; }
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
|
|
|
@ -174,6 +174,16 @@ let
|
|||
macro pager a "<modify-labels>-archive\n" # tag as Archived
|
||||
|
||||
|
||||
bind index U noop
|
||||
bind index u noop
|
||||
bind pager U noop
|
||||
bind pager u noop
|
||||
macro index U "<modify-labels>+unread\n"
|
||||
macro index u "<modify-labels>-unread\n"
|
||||
macro pager U "<modify-labels>+unread\n"
|
||||
macro pager u "<modify-labels>-unread\n"
|
||||
|
||||
|
||||
bind index t noop
|
||||
bind pager t noop
|
||||
macro index t "<modify-labels>" # tag as Archived
|
||||
|
|
|
@ -5,7 +5,6 @@ with import <stockholm/lib>;
|
|||
let
|
||||
name = "radio";
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
inherit (import <stockholm/lib>) genid;
|
||||
|
||||
admin-password = import <secrets/icecast-admin-pw>;
|
||||
source-password = import <secrets/icecast-source-pw>;
|
||||
|
@ -31,7 +30,7 @@ in {
|
|||
"${name}" = rec {
|
||||
inherit name;
|
||||
group = name;
|
||||
uid = genid name;
|
||||
uid = genid_uint31 name;
|
||||
description = "radio manager";
|
||||
home = "/home/${name}";
|
||||
useDefaultShell = true;
|
||||
|
|
0
lass/2configs/tests/dummy-secrets/nordvpn.txt
Normal file
0
lass/2configs/tests/dummy-secrets/nordvpn.txt
Normal file
|
@ -1,70 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
inherit (import <stockholm/lib>)
|
||||
genid
|
||||
head
|
||||
;
|
||||
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
|
||||
servePage
|
||||
serveWordpress
|
||||
;
|
||||
|
||||
msmtprc = pkgs.writeText "msmtprc" ''
|
||||
account default
|
||||
host localhost
|
||||
'';
|
||||
|
||||
sendmail = pkgs.writeDash "msmtp" ''
|
||||
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
|
||||
'';
|
||||
|
||||
in {
|
||||
|
||||
services.nginx.enable = true;
|
||||
|
||||
imports = [
|
||||
./default.nix
|
||||
./sqlBackup.nix
|
||||
|
||||
(serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])
|
||||
|
||||
(serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ])
|
||||
|
||||
(serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
|
||||
|
||||
(servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
|
||||
|
||||
(serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
|
||||
|
||||
(serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
|
||||
|
||||
(serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
|
||||
];
|
||||
|
||||
lass.mysqlBackup.config.all.databases = [
|
||||
"eastuttgart_de"
|
||||
"radical_dreamers_de"
|
||||
"spielwaren_kern_de"
|
||||
"ttf_kleinaspach_de"
|
||||
];
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.fritz.pubkey
|
||||
];
|
||||
|
||||
users.users.goldbarrendiebstahl = {
|
||||
home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de";
|
||||
uid = genid "goldbarrendiebstahl";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.fritz.pubkey
|
||||
];
|
||||
};
|
||||
|
||||
services.phpfpm.phpOptions = ''
|
||||
sendmail_path = ${sendmail} -t
|
||||
'';
|
||||
}
|
|
@ -3,7 +3,7 @@
|
|||
with lib;
|
||||
let
|
||||
inherit (import <stockholm/lib>)
|
||||
genid
|
||||
genid_uint31
|
||||
;
|
||||
|
||||
in {
|
||||
|
@ -22,7 +22,7 @@ in {
|
|||
krebs.tinc_graphs.enable = true;
|
||||
|
||||
users.users.lass-stuff = {
|
||||
uid = genid "lass-stuff";
|
||||
uid = genid_uint31 "lass-stuff";
|
||||
description = "lassul.us blog cgi stuff";
|
||||
home = "/var/empty";
|
||||
};
|
||||
|
@ -66,22 +66,6 @@ in {
|
|||
locations."/tinc".extraConfig = ''
|
||||
alias ${config.krebs.tinc_graphs.workingDir}/external;
|
||||
'';
|
||||
locations."/urlaubyay2018".extraConfig = ''
|
||||
autoindex on;
|
||||
alias /srv/http/lassul.us-media/india2018;
|
||||
auth_basic "Restricted Content";
|
||||
auth_basic_user_file ${pkgs.writeText "pics-user-pass" ''
|
||||
paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0
|
||||
''};
|
||||
'';
|
||||
locations."/heilstadt".extraConfig = ''
|
||||
autoindex on;
|
||||
alias /srv/http/lassul.us-media/grabowsee2018;
|
||||
auth_basic "Restricted Content";
|
||||
auth_basic_user_file ${pkgs.writeText "pics-user-pass" ''
|
||||
c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0
|
||||
''};
|
||||
'';
|
||||
locations."/krebspage".extraConfig = ''
|
||||
default_type "text/html";
|
||||
alias ${pkgs.krebspage}/index.html;
|
||||
|
@ -140,7 +124,7 @@ in {
|
|||
};
|
||||
|
||||
users.users.blog = {
|
||||
uid = genid "blog";
|
||||
uid = genid_uint31 "blog";
|
||||
description = "lassul.us blog deployment";
|
||||
home = "/srv/http/lassul.us";
|
||||
useDefaultShell = true;
|
||||
|
|
|
@ -142,7 +142,7 @@ with import <stockholm/lib>;
|
|||
|
||||
users.users = mapAttrs' (_: cfg:
|
||||
nameValuePair cfg.name {
|
||||
uid = genid cfg.name;
|
||||
uid = genid_uint31 cfg.name;
|
||||
home = "/home/${cfg.name}";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
|
|
|
@ -38,7 +38,7 @@ import XMonad.Hooks.EwmhDesktops (ewmh)
|
|||
import XMonad.Hooks.FloatNext (floatNext)
|
||||
import XMonad.Hooks.FloatNext (floatNextHook)
|
||||
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
|
||||
import XMonad.Hooks.Place (placeHook, smart)
|
||||
import XMonad.Hooks.ManageHelpers (composeOne, doCenterFloat, (-?>))
|
||||
import XMonad.Hooks.UrgencyHook (focusUrgent)
|
||||
import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
|
||||
import XMonad.Layout.FixedColumn (FixedColumn(..))
|
||||
|
@ -84,7 +84,7 @@ main' = do
|
|||
{ terminal = myTerm
|
||||
, modMask = mod4Mask
|
||||
, layoutHook = smartBorders $ myLayoutHook
|
||||
, manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks
|
||||
, manageHook = floatHooks <+> floatNextHook
|
||||
, startupHook =
|
||||
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
|
||||
(\path -> forkFile path [] Nothing)
|
||||
|
@ -99,13 +99,12 @@ myLayoutHook = defLayout
|
|||
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
|
||||
|
||||
floatHooks :: Query (Endo WindowSet)
|
||||
floatHooks = composeAll . concat $
|
||||
[ [ title =? t --> doFloat | t <- myTitleFloats]
|
||||
, [ className =? c --> doFloat | c <- myClassFloats ] ]
|
||||
where
|
||||
myTitleFloats = []
|
||||
myClassFloats = ["Pinentry"] -- for gpg passphrase entry
|
||||
|
||||
floatHooks = composeOne
|
||||
[ className =? "Pinentry" -?> doCenterFloat
|
||||
, title =? "fzfmenu" -?> doCenterFloat
|
||||
, title =? "glxgears" -?> doCenterFloat
|
||||
, resource =? "Dialog" -?> doFloat
|
||||
]
|
||||
|
||||
myKeyMap :: [([Char], X ())]
|
||||
myKeyMap =
|
||||
|
@ -114,6 +113,7 @@ myKeyMap =
|
|||
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
|
||||
, ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
|
||||
, ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type")
|
||||
, ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons")
|
||||
|
||||
, ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
|
||||
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
|
||||
|
@ -163,6 +163,9 @@ myKeyMap =
|
|||
, ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
|
||||
, ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
|
||||
|
||||
, ("M4-<F9>", spawn "${pkgs.redshift}/bin/redshift -O 4000 -g 0.9:0.8:0.8")
|
||||
, ("M4-<F10>", spawn "${pkgs.redshift}/bin/redshift -x")
|
||||
|
||||
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
|
||||
|
||||
, ("M4-s", spawn "${pkgs.knav}/bin/knav")
|
||||
|
|
31
lass/5pkgs/emot-menu/default.nix
Normal file
31
lass/5pkgs/emot-menu/default.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
{ coreutils, dmenu, gnused, writeDashBin, writeText, xdotool }: let
|
||||
|
||||
emoticons = writeText "emoticons" ''
|
||||
¯\(°_o)/¯ | dunno lol shrug dlol
|
||||
¯\_(ツ)_/¯ | dunno lol shrug dlol
|
||||
( ͡° ͜ʖ ͡°) | lenny
|
||||
¯\_( ͡° ͜ʖ ͡°)_/¯ | lenny shrug dlol
|
||||
( ゚д゚) | aaah sad noo
|
||||
ヽ(^o^)丿 | hi yay hello
|
||||
(^o^; | ups hehe
|
||||
(^∇^) | yay
|
||||
┗(`皿´)┛ | angry argh
|
||||
ヾ(^_^) byebye!! | bye
|
||||
<(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) | dance
|
||||
(-.-)Zzz... | sleep
|
||||
(∩╹□╹∩) | oh noes woot
|
||||
™ | tm
|
||||
ζ | zeta
|
||||
(╯°□°)╯ ┻━┻ | table flip
|
||||
(」゜ロ゜)」 | why woot
|
||||
'';
|
||||
|
||||
in
|
||||
writeDashBin "emoticons" ''
|
||||
set -efu
|
||||
|
||||
data=$(${coreutils}/bin/cat ${emoticons})
|
||||
emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//')
|
||||
${xdotool}/bin/xdotool type -- "$emoticon"
|
||||
exit 0
|
||||
''
|
45
lass/5pkgs/fzfmenu/default.nix
Normal file
45
lass/5pkgs/fzfmenu/default.nix
Normal file
|
@ -0,0 +1,45 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeDashBin "fzfmenu" ''
|
||||
set -efu
|
||||
PROMPT=">"
|
||||
for i in "$@"
|
||||
do
|
||||
case $i in
|
||||
-p)
|
||||
PROMPT="$2"
|
||||
shift
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-l)
|
||||
# no reason to filter number of lines
|
||||
LINES="$2"
|
||||
shift
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-i)
|
||||
# we do this anyway
|
||||
shift
|
||||
break
|
||||
;;
|
||||
*)
|
||||
echo "Unknown option $1" >&2
|
||||
shift
|
||||
;;
|
||||
esac
|
||||
done
|
||||
INPUT=$(${pkgs.coreutils}/bin/cat)
|
||||
OUTPUT="$(${pkgs.coreutils}/bin/mktemp)"
|
||||
${pkgs.rxvt_unicode}/bin/urxvt \
|
||||
-name fzfmenu -title fzfmenu \
|
||||
-e ${pkgs.dash}/bin/dash -c \
|
||||
"echo \"$INPUT\" | ${pkgs.fzf}/bin/fzf \
|
||||
--history=/dev/null \
|
||||
--no-sort \
|
||||
--prompt=\"$PROMPT\" \
|
||||
> \"$OUTPUT\"" 2>/dev/null
|
||||
${pkgs.coreutils}/bin/cat "$OUTPUT"
|
||||
${pkgs.coreutils}/bin/rm "$OUTPUT"
|
||||
''
|
|
@ -13,8 +13,9 @@ let
|
|||
ne = x: y: x != y;
|
||||
mod = x: y: x - y * (x / y);
|
||||
|
||||
genid = import ./genid.nix { inherit lib; };
|
||||
genid_uint31 = x: ((lib.genid x) + 16777216) / 2;
|
||||
genid = lib.genid_uint32; # TODO remove
|
||||
genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2;
|
||||
genid_uint32 = import ./genid.nix { inherit lib; };
|
||||
|
||||
lpad = n: c: s:
|
||||
if lib.stringLength s < n
|
||||
|
|
|
@ -19,7 +19,7 @@ rec {
|
|||
default = config._module.args.name;
|
||||
};
|
||||
cores = mkOption {
|
||||
type = positive;
|
||||
type = uint;
|
||||
};
|
||||
nets = mkOption {
|
||||
type = attrsOf net;
|
||||
|
|
|
@ -10,7 +10,7 @@ with import <stockholm/lib>;
|
|||
];
|
||||
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
|
||||
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
|
||||
krebs.build.host = config.krebs.hosts.iso;
|
||||
krebs.build.host = { cores = 0; };
|
||||
isoImage.isoBaseName = lib.mkForce "stockholm";
|
||||
krebs.hidden-ssh.enable = true;
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
|
Loading…
Reference in a new issue