makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'prism/newest'

Browse source
This commit is contained in:
nin 2017-03-07 16:27:15 +01:00
parent 01868340e2 c05db24090
commit 2edd8ca37b
64 changed files with 483 additions and 224 deletions

2
krebs/3modules/exim-smarthost.nix
View file

@ -55,7 +55,7 @@ let
local_domains = mkOption {
type = with types; listOf hostname;
default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
default = unique (["localhost" cfg.primary_hostname] ++ config.krebs.build.host.nets.retiolum.aliases);
};
relay_from_hosts = mkOption {

2
krebs/3modules/exim.nix
View file

@ -40,7 +40,7 @@ in {
etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" ''
exim_user = ${cfg.user.name}
exim_group = ${cfg.group.name}
exim_path = /var/setuid-wrappers/exim
exim_path = /run/wrappers/bin/exim
spool_directory = ${cfg.user.home}
${cfg.config}
'';

2
krebs/3modules/on-failure.nix
View file

@ -58,7 +58,7 @@
};
sendmail = mkOption {
type = types.str;
default = "/var/setuid-wrappers/sendmail";
default = "/run/wrappers/bin/sendmail";
};
};

2
krebs/3modules/setuid.nix
View file

@ -73,7 +73,7 @@ let
};
imp = {
system.activationScripts."krebs.setuid" = stringAfter [ "setuid" ]
system.activationScripts."krebs.setuid" = stringAfter [ "wrappers" ]
(concatMapStringsSep "\n" (getAttr "activate") (attrValues cfg));
};

2
krebs/3modules/tv/default.nix
View file

@ -85,7 +85,7 @@ with import <stockholm/lib>;
};
nets = {
internet = {
ip4.addr = "64.137.177.226";
ip4.addr = "45.62.237.203";
aliases = [
"cd.i"
"cd.krebsco.de"

2
krebs/3modules/urlwatch.nix
View file

@ -178,7 +178,7 @@ let
echo To: ${shell.escape cfg.mailto}
echo
cat changes
} | /var/setuid-wrappers/sendmail -t
} | /run/wrappers/bin/sendmail -t
fi
'';
};

19
krebs/5pkgs/git-hooks/default.nix
View file

@ -1,13 +1,10 @@
{ lib, pkgs, ... }:
{ pkgs, ... }:
with lib;
let
out = {
inherit irc-announce;
};
with import <stockholm/lib>;
{
# TODO irc-announce should return a derivation
# but it cannot because krebs.git.repos.*.hooks :: attrsOf str
irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: ''
#! /bin/sh
set -euf
@ -37,7 +34,7 @@ let
port=${toString port}
host=$nick
cgit_endpoint=http://cgit.$host
cgit_endpoint=http://cgit.$host.r
empty=0000000000000000000000000000000000000000
@ -99,7 +96,7 @@ let
done
if test -n "''${message-}"; then
exec ${irc-announce-script} \
exec ${pkgs.irc-announce}/bin/irc-announce \
"$server" \
"$port" \
"$nick" \
@ -107,6 +104,4 @@ let
"$message"
fi
'';
irc-announce-script = "${pkgs.irc-announce}/bin/irc-announce";
in out
}

21
lass/1systems/prism.nix
View file

@ -215,6 +215,7 @@ in {
}
{
krebs.repo-sync.timerConfig = {
OnBootSec = "5min";
OnUnitInactiveSec = "3min";
RandomizedDelaySec = "2min";
};
@ -247,7 +248,13 @@ in {
];
}
{
krebs.Reaktor.coders = {
krebs.Reaktor.coders = let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
}) {}).lambdabot;
in {
nickname = "reaktor-lass";
channels = [ "#coders" ];
extraEnviron = {
@ -263,7 +270,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";
script = pkgs.writeDash "lambda-pl" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@pl $1"
'';
@ -271,7 +278,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-type" {
pattern = "^@type (?P<args>.*)$$";
script = pkgs.writeDash "lambda-type" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@type $1"
'';
@ -279,7 +286,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-let" {
pattern = "^@let (?P<args>.*)$$";
script = pkgs.writeDash "lambda-let" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@let $1"
'';
@ -287,7 +294,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-run" {
pattern = "^@run (?P<args>.*)$$";
script = pkgs.writeDash "lambda-run" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@run $1"
'';
@ -295,7 +302,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
@ -303,7 +310,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';

18
lass/2configs/baseX.nix
View file

@ -8,6 +8,8 @@ in {
./power-action.nix
./screenlock.nix
./copyq.nix
./xresources.nix
./livestream.nix
{
hardware.pulseaudio = {
enable = true;
@ -32,15 +34,15 @@ in {
programs.ssh.startAgent = false;
security.setuidPrograms = [ "slock" ];
services.printing = {
enable = true;
drivers = [ pkgs.foomatic_filters ];
drivers = [
pkgs.foomatic_filters
pkgs.gutenprint
];
};
environment.systemPackages = with pkgs; [
acpi
dic
dmenu
@ -76,7 +78,13 @@ in {
enable = true;
desktopManager.xterm.enable = false;
displayManager.slim.enable = true;
desktopManager.default = "none";
displayManager.lightdm.enable = true;
displayManager.lightdm.autoLogin = {
enable = true;
user = "lass";
};
windowManager.default = "xmonad";
windowManager.session = [{
name = "xmonad";
start = ''

10
lass/2configs/binary-cache/client.nix
View file

@ -2,8 +2,14 @@
{
nix = {
binaryCaches = ["http://cache.prism.r"];
binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
binaryCaches = [
"http://cache.prism.r"
"https://cache.nixos.org/"
];
binaryCachePublicKeys = [
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
];
};
}

4
lass/2configs/browsers.nix
View file

@ -20,7 +20,7 @@ let
createChromiumUser = name: extraGroups:
let
bin = pkgs.writeScriptBin name ''
/var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
'';
in {
users.extraUsers.${name} = {
@ -43,7 +43,7 @@ let
createFirefoxUser = name: extraGroups:
let
bin = pkgs.writeScriptBin name ''
/var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
'';
in {
users.extraUsers.${name} = {

5
lass/2configs/default.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
@ -11,6 +10,7 @@ with import <stockholm/lib>;
../2configs/vim.nix
../2configs/monitoring/client.nix
./backups.nix
./security-workarounds.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
@ -135,6 +135,7 @@ with import <stockholm/lib>;
#neat utils
krebspaste
mosh
pciutils
pop
psmisc

3
lass/2configs/exim-smarthost.nix
View file

@ -8,11 +8,12 @@ with import <stockholm/lib>;
dkim = [
{ domain = "lassul.us"; }
];
primary_hostname = "lassul.us";
sender_domains = [
"lassul.us"
"aidsballs.de"
];
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
config.krebs.hosts.uriel
config.krebs.hosts.helios

1
lass/2configs/games.nix
View file

@ -84,5 +84,6 @@ in {
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 10666"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 10666"; target = "ACCEPT"; }
];
}

1
lass/2configs/git.nix
View file

@ -5,6 +5,7 @@ with import <stockholm/lib>;
let
out = {
services.nginx.enable = true;
krebs.git = {
enable = true;
cgit = {

1
lass/2configs/hfos.nix
View file

@ -8,7 +8,6 @@ with import <stockholm/lib>;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
config.krebs.users.lass.pubkey
];
};

12
lass/2configs/livestream.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
stream = pkgs.writeDashBin "stream" ''
${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@"
'';
in {
environment.systemPackages = [ stream ];
}

2
lass/2configs/nixpkgs.nix
View file

@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "6651c72";
ref = "5b0c9d4";
};
}

1
lass/2configs/programs.nix
View file

@ -12,7 +12,6 @@
pavucontrol
pv
pwgen
python34Packages.livestreamer
remmina
silver-searcher
wget

8
lass/2configs/security-workarounds.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
# http://seclists.org/oss-sec/2017/q1/471
boot.extraModprobeConfig = ''
install dccp /run/current-system/sw/bin/false
'';
}

22
lass/2configs/termite.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
environment.systemPackages = [
pkgs.termite
];
krebs.per-user.lass.packages = let
termitecfg = pkgs.writeTextFile {
name = "termite-config";
destination = "/etc/xdg/termite/config";
text = ''
[colors]
foreground = #d0d7d0
background = #000000
'';
};
in [
termitecfg
];
}

1
lass/2configs/vim.nix
View file

@ -66,6 +66,7 @@ let
"Syntastic config
let g:syntastic_python_checkers=['flake8']
let g:syntastic_python_flake8_post_args='--ignore=E501'
nmap <esc>q :buffer
nmap <M-q> :buffer

7
lass/2configs/websites/util.nix
View file

@ -32,6 +32,7 @@ rec {
let
domain = head domains;
in {
services.phpfpm.phpPackage = pkgs.php56;
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
enableSSL = true;
@ -181,10 +182,10 @@ rec {
user = nginx
group = nginx
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.max_children = 15
pm.start_servers = 3
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_spare_servers = 10
listen.owner = nginx
listen.group = nginx
php_admin_value[error_log] = 'stderr'

55
lass/2configs/xresources.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
xresources = pkgs.writeText "Xresources" ''
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*SaveLines: 4096
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
! ref https://github.com/muennich/urxvt-perls
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select
URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.intensityStyles: false
URxvt*background: #000000
URxvt*foreground: #d0d7d0
URxvt*cursorColor: #f042b0
URxvt*cursorColor2: #f0b000
URxvt*cursorBlink: off
URxvt*.pointerBlank: true
URxvt*.pointerBlankDelay: 987654321
URxvt*.pointerColor: #f042b0
URxvt*.pointerColor2: #050505
'';
in {
systemd.user.services.xresources = {
description = "xresources";
wantedBy = [ "default.target" ];
environment = {
DISPLAY = ":0";
};
restartIfChanged = true;
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
Restart = "on-failure";
};
};
}

2
lass/5pkgs/xmonad-lass.nix
View file

@ -95,7 +95,7 @@ displaySomeException = displayException
myKeyMap :: [([Char], X ())]
myKeyMap =
[ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f")
[ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i $HOME/wallpaper -f")
, ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")

2
makefu/1systems/filepimp.nix
View file

@ -3,7 +3,7 @@ let
byid = dev: "/dev/disk/by-id/" + dev;
part1 = disk: disk + "-part1";
rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890";
primary-interface = "enp2s0"; # c8:cb:b8:cf:e4:dc
primary-interface = "enp3s0"; # c8:cb:b8:cf:e4:dc
# N54L Chassis:
# ____________________
# |______FRONT_______|

9
makefu/1systems/x.nix
View file

@ -8,7 +8,7 @@
[ # base
../.
../2configs/main-laptop.nix
../2configs/laptop-utils.nix
../2configs/tools/all.nix
../2configs/laptop-backup.nix
../2configs/dnscrypt.nix
@ -46,7 +46,7 @@
../2configs/mail-client.nix
../2configs/printer.nix
../2configs/virtualization.nix
../2configs/virtualization-virtualbox.nix
# ../2configs/virtualization-virtualbox.nix
../2configs/wwan.nix
../2configs/rad1o.nix
@ -64,8 +64,10 @@
../2configs/fs/sda-crypto-root-home.nix
];
makefu.server.primary-itf = "wlp2s0";
makefu.server.primary-itf = "wlp3s0";
makefu.full-populate = true;
makefu.umts.apn = "web.vodafone.de";
nixpkgs.config.allowUnfree = true;
krebs.nginx = {
@ -74,6 +76,7 @@
servers.default.server-names = [ "_" ];
};
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ];
virtualisation.docker.enable = true;

2
makefu/2configs/base-gui.nix
View file

@ -82,7 +82,7 @@ in
URxvt.perl-ext: default,url-select
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.url-select.launcher: chromium
URxvt.url-select.launcher: firefox -new-tab
URxvt.url-select.underline: true
URxvt.searchable-scrollback: CM-s
'';

14
makefu/2configs/default.nix
View file

@ -22,7 +22,7 @@ with import <stockholm/lib>;
user = config.krebs.users.makefu;
source = let
inherit (config.krebs.build) host user;
ref = "f66d782"; # unstable @ 2017-02-04
ref = "53a2baa"; # unstable @ 2017-02-28
in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
{
@ -145,21 +145,21 @@ with import <stockholm/lib>;
tinc = pkgs.tinc_pre;
};
services.cron.enable = false;
services.nscd.enable = false;
services.ntp.enable = false;
services.timesyncd.enable = true;
services.ntp.servers = [
networking.timeServers = [
"pool.ntp.org"
"time.windows.com"
"time.apple.com"
"time.nist.gov"
];
nix.extraOptions = ''
auto-optimise-store = true
'';
security.setuidPrograms = [ "sendmail" ];
security.wrappers.sendmail = {
source = "${pkgs.exim}/bin/sendmail";
setuid = true;
};
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M

8
makefu/2configs/deployment/owncloud.nix
View file

@ -131,11 +131,15 @@ in {
( serveCloud [ "o.euer.krebsco.de" ] )
];
services.mysql = {
enable = true;
services.mysql = { # TODO: currently nextcloud uses sqlite
enable = false;
package = pkgs.mariadb;
rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
};
services.mysqlBackup = {
enable = false;
databases = [ "nextcloud" ];
};
krebs.secret.files.mysql_rootPassword = {
path = "${config.services.mysql.dataDir}/mysql_rootPassword";

12
makefu/2configs/hw/tp-x230.nix
View file

@ -9,20 +9,28 @@ with import <stockholm/lib>;
kernelModules = [
"kvm-intel"
"thinkpad_ec"
# "acpi_call"
"acpi_call"
# "thinkpad_acpi"
# "tpm-rng"
];
extraModulePackages = [
# config.boot.kernelPackages.acpi_call
config.boot.kernelPackages.acpi_call
];
# support backlight adjustment
kernelParams = [ "acpi_osi=Linux" "acpi_backlight=vendor" ];
};
# configured media keys inside awesomerc
# sound.mediaKeys.enable = true;
hardware.bluetooth.enable = true;
services.acpid.enable = true;
hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
services.xserver = {
videoDriver = "intel";
deviceSection = ''
Option "AccelMethod" "sna"
Option "Backlight" "intel_backlight"
'';
};
# no entropy source working

65
makefu/2configs/laptop-utils.nix
View file

@ -1,65 +0,0 @@
{ pkgs, ... }:
# tools i use when actually working with the host.
# package version will now be maintained by nix-rebuild
#
# essentially `nix-env -q` of the main user
# TODO: split gui and non-gui
{
nixpkgs.config.firefox = {
enableAdobeFlash = true;
};
krebs.per-user.makefu.packages = with pkgs; [
# core
at_spi2_core
acpi
bc
exif
file
ntfs3g
pv
proot
sshpass
unzip
unrar
usbutils
zip
# dev
python35Packages.virtualenv
# gui
chromium
clipit
feh
firefox
keepassx
pcmanfm
skype
mirage
tightvnc
gnome3.dconf
vlc
virtmanager
wireshark
xdotool
# sectools
aria2
pythonPackages.binwalk-full
dnsmasq
iodine
mtr
nmap
# stuff
cac-api
cac-panel
krebspaste
ledger
pass
];
}

15
makefu/2configs/logging/central-stats-server.nix
View file

@ -5,10 +5,9 @@ let
collectd-port = 25826;
influx-port = 8086;
grafana-port = 3000; # TODO nginx forward
db = "collectd_db";
logging-interface = config.makefu.server.primary-itf;
in {
imports = [
../../../lass/3modules/kapacitor.nix
];
services.grafana.enable = true;
services.grafana.addr = "0.0.0.0";
@ -27,11 +26,11 @@ in {
collectd = [{
enabled = true;
typesdb = "${pkgs.collectd}/share/collectd/types.db";
database = "collectd_db";
database = db;
port = collectd-port;
}];
};
lass.kapacitor =
krebs.kapacitor =
let
echoToIrc = pkgs.writeDash "echo_irc" ''
set -euf
@ -43,7 +42,8 @@ in {
in {
enable = true;
alarms = {
cpu_deadman = ''
cpu_deadman.database = db;
cpu_deadman.text = ''
var data = batch
|query(${"'''"}
SELECT mean("value") AS mean
@ -68,5 +68,8 @@ in {
iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
'';
}

5
makefu/2configs/main-laptop.nix
View file

@ -14,7 +14,8 @@ in {
./base-gui.nix
./fetchWallpaper.nix
./zsh-user.nix
./laptop-utils.nix
./tools/core.nix
./tools/core-gui.nix
];
users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ];
@ -60,7 +61,7 @@ in {
sleep 1
'')
[ 5 4 3 2 1 ]}
/var/setuid-wrappers/sudo ${pkgs.systemd}/bin/systemctl suspend
/var/run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl suspend
'';
};
};

11
makefu/2configs/omo-share.nix
View file

@ -48,15 +48,8 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
crypt0-rw = {
path = "/media/crypt0/";
"read only" = "no";
browseable = "yes";
"guest ok" = "no";
"valid users" = "makefu";
};
crypt1-rw = {
path = "/media/crypt1/";
media-rw = {
path = "/media/";
"read only" = "no";
browseable = "yes";
"guest ok" = "no";

1
makefu/2configs/printer.nix
View file

@ -5,6 +5,7 @@
enable = true;
drivers = [
pkgs.samsungUnifiedLinuxDriver
pkgs.dymo-cups-drivers
];
};

11
makefu/2configs/tools/all.nix Normal file
View file

@ -0,0 +1,11 @@
{
imports = [
./core.nix
./core-gui.nix
./dev.nix
./extra-gui.nix
./games.nix
./media.nix
./sec.nix
];
}

24
makefu/2configs/tools/core-gui.nix Normal file
View file

@ -0,0 +1,24 @@
{ pkgs, ... }:
{
nixpkgs.config.firefox = {
enableAdobeFlash = true;
};
krebs.per-user.makefu.packages = with pkgs; [
chromium
clipit
feh
firefox
keepassx
pcmanfm
skype
mirage
tightvnc
gnome3.dconf
wireshark
xdotool
xorg.xbacklight
scrot
];
}

46
makefu/2configs/tools/core.nix Normal file
View file

@ -0,0 +1,46 @@
{ pkgs, ... }:
# tools i use when actually working with the host.
# package version will now be maintained by nix-rebuild
#
# essentially `nix-env -q` of the main user
{
krebs.per-user.makefu.packages = with pkgs; [
at_spi2_core
acpi
bc
rsync
exif
file
ntfs3g
pv
proot
sshpass
populate
usbutils
p7zip
hdparm
inetutils
ncftp
mutt
tcpdump
sysstat
which
weechat
curl
wget
wol
tmux
smartmontools
cifs-utils
iftop
taskwarrior
mplayer
cac-api
cac-panel
krebspaste
ledger
pass
];
}

10
makefu/2configs/tools/dev.nix Normal file
View file

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs;[
nodemcu-uploader
esptool
python35Packages.virtualenv
flashrom
];
}

12
makefu/2configs/tools/extra-gui.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs;[
inkscape
gimp
skype
virtmanager
synergy
saleae-logic
];
}

7
makefu/2configs/tools/games.nix Normal file
View file

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs; [
steam
];
}

12
makefu/2configs/tools/media.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs; [
kodi
streamripper
youtube-dl
calibre
vlc
mumble
];
}

15
makefu/2configs/tools/sec.nix Normal file
View file

@ -0,0 +1,15 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs; [
aria2
# mitmproxy
pythonPackages.binwalk-full
dnsmasq
iodine
mtr
nmap
msf
thc-hydra
];
}

3
makefu/2configs/urlwatch.nix
View file

@ -16,6 +16,9 @@
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
https://github.com/amadvance/snapraid/releases.atom
https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
https://api.github.com/repos/embray/d2to1/tags
https://api.github.com/repos/dorimanx/exfat-nofuse/commits
https://api.github.com/repos/dorimanx/exfat-nofuse/tags
];
};
}

9
makefu/3modules/umts.nix
View file

@ -26,7 +26,7 @@ let
Dial Command = ATDT
Modem = ${cfg.modem-device}
Baud = 460800
Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0
Init2 = ATZ
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ISDN = 0
@ -54,6 +54,13 @@ let
to avoid race conditions.
'';
};
apn = mkOption {
default = "pinternet.interkom.de";
type = types.str;
description = ''
apn to use for dailing
'';
};
};
imp = {

4
makefu/5pkgs/awesomecfg/full.cfg
View file

@ -364,6 +364,10 @@ globalkeys = awful.util.table.join(
end,
{description = "restore minimized", group = "client"}),
awful.key({ }, "XF86MonBrightnessUp", function ()
awful.util.spawn("xbacklight -inc 5", false) end),
awful.key({ }, "XF86MonBrightnessDown", function ()
awful.util.spawn("xbacklight -dec 5", false) end),
awful.key({ }, "XF86AudioRaiseVolume", function ()
awful.util.spawn("amixer set Master 5%+", false) end),

41
makefu/5pkgs/default.nix
View file

@ -1,38 +1,35 @@
{ pkgs, ... }:
let
inherit (pkgs) callPackage;
in
with import <stockholm/lib>;
{
nixpkgs.config.packageOverrides = rec {
acdcli = callPackage ./acdcli {};
nixpkgs.config.packageOverrides = oldpkgs: let
# This callPackage will try to detect obsolete overrides.
callPackage = path: args: let
override = pkgs.callPackage path args;
upstream = optionalAttrs (override ? "name")
(oldpkgs.${(parseDrvName override.name).name} or {});
in if upstream ? "name" &&
override ? "name" &&
compareVersions upstream.name override.name != -1
then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
else override;
in {}
// mapAttrs (_: flip callPackage {})
(filterAttrs (_: dir: pathExists (dir + "/default.nix"))
(subdirsOf ./.))
// {
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
awesomecfg = callPackage ./awesomecfg {};
bintray-upload = callPackage ./bintray-upload {};
debmirror = callPackage ./debmirror {};
inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client;
elchhub = callPackage ./elchhub {};
f3 = callPackage ./f3 {};
farpd = callPackage ./farpd {};
git-xlsx-textconv = callPackage ./git-xlsx-textconv {};
mergerfs = callPackage ./mergerfs {};
mycube-flask = callPackage ./mycube-flask {};
nodemcu-uploader = callPackage ./nodemcu-uploader {};
ps3netsrv = callPackage ./ps3netsrv {};
pwqgen-ger = callPackage ../../krebs/5pkgs/passwdqc-utils {
wordset-file = pkgs.fetchurl {
url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ;
sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";
};
};
qcma = pkgs.qt5.callPackage ./qcma {};
tw-upload-plugin = callPackage ./tw-upload-plugin {};
skytraq-logger = callPackage ./skytraq-logger {};
taskserver = callPackage ./taskserver {};
udpt = callPackage ./udpt {};
wol = callPackage ./wol {};
snapraid = callPackage ./snapraid {};
};
}

17
makefu/5pkgs/dymo-cups-drivers/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ stdenv, lib, pkgs, fetchurl, cups, ... }:
stdenv.mkDerivation rec {
name = "dymo-cups-drivers-${version}";
version = "1.4.0";
src = fetchurl {
url = "http://download.dymo.com/dymo/Software/Download%20Drivers/Linux/Download/${name}.tar.gz";
sha256 = "0wagsrz3q7yrkzb5ws0m5faq68rqnqfap9p98sgk5jl6x7krf1y6";
};
buildInputs = [ cups ];
makeFlags = [ "cupsfilterdir=$(out)/lib/cups/filter" "cupsmodeldir=$(out)/share/cups/model" ];
# acd_cli gets dumped in bin and gets overwritten by fixupPhase
meta = {
description = "Dymo printer drivers";
};
}

32
makefu/5pkgs/esptool/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ pkgs, fetchFromGitHub, ... }:
with pkgs.python2Packages;
let
pyaes = buildPythonPackage rec {
name = "pyaes-${version}";
version = "1.6.0";
src = fetchFromGitHub {
owner = "ricmoo";
repo = "pyaes";
rev = "v${version}";
sha256 = "04934a9zgwc8g3qhfrkcfv0bs557paigllnkrnfhp9m1azr3bfqb";
};
doCheck = false;
};
in
buildPythonPackage rec {
name = "esptool-${version}";
version = "2.0beta2";
propagatedBuildInputs = [
pyserial
flake8
ecdsa
pyaes
];
src = fetchFromGitHub {
owner = "themadinventor";
repo = "esptool";
rev = "v${version}";
sha256 = "0n96pyi1k4qlyfqk5k7xpgq8726wz74qvd3gqjg0bpsl3wr7l94i";
};
doCheck = false;
}

22
makefu/5pkgs/wol/default.nix
View file

@ -1,22 +0,0 @@
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
proj = "wake-on-lan";
name = "wol-${version}";
version = "0.7.1";
enableParallelBuilding = true;
src = fetchurl {
url = "mirror://sourceforge/${proj}/${name}.tar.gz";
sha256 = "08i6l5lr14mh4n3qbmx6kyx7vjqvzdnh3j9yfvgjppqik2dnq270";
};
meta = {
description = "simple wake-on-lan client";
homepage = https://sourceforge.net/projects/wake-on-lan/;
license = stdenv.lib.licenses.gpl2;
platforms = stdenv.lib.platforms.linux;
maintainers = with stdenv.lib.maintainers; [ makefu ];
};
}

6
mv/1systems/stro.nix
View file

@ -143,9 +143,9 @@ with import <stockholm/lib>;
};
};
security.setuidPrograms = [
"sendmail"
];
security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
};
security.sudo.extraConfig = ''
Defaults env_keep+="SSH_CLIENT"

6
shared/2configs/default.nix
View file

@ -11,7 +11,7 @@ with import <stockholm/lib>;
nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; # nixos-16.09 @ 2016-10-19
ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 @ 2017-03-03
};
secrets.file =
if getEnv "dummy_secrets" == "true"
@ -30,10 +30,6 @@ with import <stockholm/lib>;
];
nix.useSandbox = true;
nixpkgs.config.packageOverrides = pkgs: {
nano = pkgs.vim;
};
environment.systemPackages = with pkgs; [
git
rxvt_unicode.terminfo

4
tv/1systems/cd.nix
View file

@ -16,11 +16,11 @@ with import <stockholm/lib>;
networking = {
interfaces.enp2s1.ip4 = singleton {
address = let
addr = "64.137.177.226";
addr = "45.62.237.203";
in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr;
prefixLength = 24;
};
defaultGateway = "64.137.177.1";
defaultGateway = "45.62.237.1";
nameservers = ["8.8.8.8"];
};

8
tv/1systems/mu.nix
View file

@ -99,10 +99,10 @@ with import <stockholm/lib>;
programs.ssh.startAgent = false;
security.setuidPrograms = [
"sendmail" # for cron
"slock"
];
security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
slock.slock = "${pkgs.slock}/bin/slock";
};
security.pam.loginLimits = [
# for jack

6
tv/1systems/wu.nix
View file

@ -157,9 +157,9 @@ with import <stockholm/lib>;
#jack2
];
security.setuidPrograms = [
"sendmail" # for cron
];
security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
};
services.printing.enable = true;

6
tv/1systems/xu.nix
View file

@ -167,9 +167,9 @@ with import <stockholm/lib>;
gptfdisk
];
security.setuidPrograms = [
"sendmail" # for cron
];
security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
};
services.printing.enable = true;

6
tv/1systems/zu.nix
View file

@ -167,9 +167,9 @@ with import <stockholm/lib>;
gptfdisk
];
security.setuidPrograms = [
"sendmail" # for cron
];
security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
};
services.printing.enable = true;

2
tv/2configs/default.nix
View file

@ -14,7 +14,7 @@ with import <stockholm/lib>;
stockholm.file = "/home/tv/stockholm";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "5d03aab044970e72a9c6cb07dab734c9c2a391e4";
ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03
};
} // optionalAttrs host.secure {
secrets-master.file = "/home/tv/secrets/master";

3
tv/2configs/pulse.nix
View file

@ -76,6 +76,9 @@ in
};
};
# TODO assert that pulse is the only user with "audio" in group/extraGroups
# otherwise the audio device can be hijacked while the pulse service restarts
# (e.g. when mpv is running) and then the service will fail.
users = {
groups.pulse.gid = config.users.users.pulse.uid;
users.pulse = {

2
tv/2configs/urlwatch.nix
View file

@ -31,7 +31,7 @@ with import <stockholm/lib>;
## other
https://nixos.org/channels/nixos-16.09/git-revision
https://nixos.org/channels/nixos-17.03/git-revision
https://nixos.org/channels/nixos-unstable/git-revision
## 2014-10-17

2
tv/2configs/xserver/default.nix
View file

@ -18,7 +18,7 @@ in {
];
# TODO dedicated group, i.e. with a single user [per-user-setuid]
# TODO krebs.setuid.slock.path vs /var/setuid-wrappers
# TODO krebs.setuid.slock.path vs /run/wrappers/bin
krebs.setuid.slock = {
filename = "${pkgs.slock}/bin/slock";
group = "wheel";

38
tv/5pkgs/q/default.nix
View file

@ -1,7 +1,19 @@
{ pkgs, ... }:
with import <stockholm/lib>;
let
q-cal = let
# XXX 23 is the longest line of cal's output
# Maximum width of cal's output.
calwidth = 23;
# Number of space characters between two calendars.
hspace = 2;
# Return number of columns required to print n calenders side by side.
need_width = n:
assert n >= 1;
n * calwidth + (n - 1) * hspace;
pad = ''{
${pkgs.gnused}/bin/sed '
# rtrim
@ -10,7 +22,7 @@ let
# delete last empty line
''${/^$/d}
' \
| ${pkgs.gawk}/bin/awk '{printf "%-23s\n", $0}' \
| ${pkgs.gawk}/bin/awk '{printf "%-${toString calwidth}s\n", $0}' \
| ${pkgs.gnused}/bin/sed '
# colorize header
1,2s/.*/&/
@ -20,23 +32,31 @@ let
'
}'';
in ''
cols=$(${pkgs.ncurses}/bin/tput cols)
${pkgs.coreutils}/bin/paste \
<(${pkgs.utillinux}/bin/cal -mw \
<(if test $cols -ge ${toString (need_width 3)}; then
${pkgs.utillinux}/bin/cal -mw \
$(${pkgs.coreutils}/bin/date +'%m %Y' -d 'last month') \
| ${pad}
) \
<(${pkgs.utillinux}/bin/cal -mw \
fi) \
<(if test $cols -ge ${toString (need_width 1)}; then
${pkgs.utillinux}/bin/cal -mw \
| ${pkgs.gnused}/bin/sed '
# colorize day of month
s/\(^\| \)'"$(${pkgs.coreutils}/bin/date +%e)"'\>/&/
' \
| ${pad}
) \
<(${pkgs.utillinux}/bin/cal -mw \
fi) \
<(if test $cols -ge ${toString (need_width 2)}; then
${pkgs.utillinux}/bin/cal -mw \
$(${pkgs.coreutils}/bin/date +'%m %Y' -d 'next month') \
| ${pad}
) \
| ${pkgs.gnused}/bin/sed 's/\t/ /g'
fi) \
| ${pkgs.gnused}/bin/sed '
s/^\t//
s/\t$//
s/\t/${lpad hspace " " ""}/g
'
'';
q-isodate = ''

4
tv/5pkgs/xmonad-tv/default.nix
View file

@ -132,7 +132,7 @@ spawnRootTerm :: X ()
spawnRootTerm =
forkFile
urxvtcPath
["-name", "root-urxvt", "-e", "/var/setuid-wrappers/su", "-"]
["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"]
Nothing
spawnTermAt :: String -> X ()
@ -143,7 +143,7 @@ spawnTermAt ws = do
myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ())
myKeys conf = Map.fromList $
[ ((_4 , xK_Escape ), forkFile "/var/setuid-wrappers/slock" [] Nothing)
[ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing)
, ((_4S , xK_c ), kill)
, ((_4 , xK_x ), chooseAction spawnTermAt)