Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
37771ad34e
BIN
jeschli/1systems/reagenzglas/.source.nix.swp
Normal file
BIN
jeschli/1systems/reagenzglas/.source.nix.swp
Normal file
Binary file not shown.
146
jeschli/1systems/reagenzglas/config.nix
Normal file
146
jeschli/1systems/reagenzglas/config.nix
Normal file
|
@ -0,0 +1,146 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
<stockholm/jeschli>
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
# Use the GRUB 2 boot loader.
|
||||
# boot.loader.grub.enable = true;
|
||||
# boot.loader.grub.version = 2;
|
||||
# boot.loader.grub.efiSupport = true;
|
||||
# boot.loader.grub.efiInstallAsRemovable = true;
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
# Define on which hard drive you want to install Grub.
|
||||
# boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538844584d30"; # or "nodev" for efi only
|
||||
|
||||
boot.initrd.luks.devices = [
|
||||
{
|
||||
name = "root";
|
||||
device = "/dev/disk/by-id/wwn-0x5002538844584d30-part2";
|
||||
preLVM = true;
|
||||
allowDiscards = true;
|
||||
}
|
||||
];
|
||||
networking.hostName = "reaganzglas"; # Define your hostname.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
networking.networkmanager.enable = true;
|
||||
# Select internationalisation properties.
|
||||
# i18n = {
|
||||
# consoleFont = "Lat2-Terminus16";
|
||||
# consoleKeyMap = "us";
|
||||
# defaultLocale = "en_US.UTF-8";
|
||||
# };
|
||||
|
||||
# Set your time zone.
|
||||
# time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
# List packages installed in system profile. To search by name, run:
|
||||
# $ nix-env -qaP | grep wget
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
environment.shellAliases = { n = "nix-shell"; };
|
||||
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
|
||||
environment.systemPackages = with pkgs; [
|
||||
# system helper
|
||||
ag
|
||||
curl
|
||||
copyq
|
||||
dmenu
|
||||
git
|
||||
i3lock
|
||||
keepass
|
||||
networkmanagerapplet
|
||||
rsync
|
||||
terminator
|
||||
tmux
|
||||
wget
|
||||
rxvt_unicode
|
||||
# editors
|
||||
emacs
|
||||
# internet
|
||||
thunderbird
|
||||
chromium
|
||||
google-chrome
|
||||
# programming languages
|
||||
go
|
||||
gcc
|
||||
ghc
|
||||
python35
|
||||
python35Packages.pip
|
||||
# go tools
|
||||
golint
|
||||
gotools
|
||||
# dev tools
|
||||
gnumake
|
||||
# document viewer
|
||||
zathura
|
||||
];
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
# programs.mtr.enable = true;
|
||||
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01 markus@reaganzglas"
|
||||
];
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
# networking.firewall.enable = false;
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
# services.printing.enable = true;
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver.enable = true;
|
||||
services.xserver.layout = "us";
|
||||
services.xserver.xkbOptions = "eurosign:e";
|
||||
|
||||
# Enable touchpad support.
|
||||
services.xserver.libinput.enable = true;
|
||||
|
||||
# Enable the KDE Desktop Environment.
|
||||
services.xserver.displayManager.sddm.enable = true;
|
||||
services.xserver.windowManager.xmonad.enable = true;
|
||||
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
|
||||
|
||||
# services.xserver.desktopManager.plasma5.enable = true;
|
||||
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
users.extraUsers.jeschli = {
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "18.03"; # Did you read the comment?
|
||||
|
||||
programs.bash = {
|
||||
enableCompletion = true;
|
||||
interactiveShellInit = ''
|
||||
export GOPATH=$HOME/go
|
||||
export PATH=$PATH:$GOPATH/bin
|
||||
'';
|
||||
};
|
||||
|
||||
krebs.build.host = config.krebs.hosts.reagenzglas;
|
||||
|
||||
hardware.bluetooth.enable = true;
|
||||
}
|
33
jeschli/1systems/reagenzglas/hardware-configuration.nix
Normal file
33
jeschli/1systems/reagenzglas/hardware-configuration.nix
Normal file
|
@ -0,0 +1,33 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/09130cf7-b71b-42ab-9fa3-cb3c745f1fc9";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "/dev/disk/by-uuid/8bee50b3-5733-4373-a966-388def141774";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/DA40-AC19";
|
||||
fsType = "vfat";
|
||||
};
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 8;
|
||||
# powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
}
|
4
jeschli/1systems/reagenzglas/source.nix
Normal file
4
jeschli/1systems/reagenzglas/source.nix
Normal file
|
@ -0,0 +1,4 @@
|
|||
import <stockholm/jeschli/source.nix> {
|
||||
name = "reagenzglas";
|
||||
secure = true;
|
||||
}
|
102
jeschli/2configs/copy-vim.nix
Normal file
102
jeschli/2configs/copy-vim.nix
Normal file
|
@ -0,0 +1,102 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
|
||||
# let
|
||||
# customPlugins.ultisnips = pkgs.vimUtils.buildVimPlugin {
|
||||
# name = "ultisnips";
|
||||
# src = pkgs.fetchFromGitHub {
|
||||
# owner = "SirVer";
|
||||
# repo = "ultisnips";
|
||||
# rev = "3.1";
|
||||
# sha256 = "0p9d91h9pm0nx0d77lqsgv6158q052cyj4nm1rd6zvbay9bkkf8b";
|
||||
# };
|
||||
# };
|
||||
#
|
||||
let
|
||||
customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin {
|
||||
name = "vim-javascript";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "pangloss";
|
||||
repo = "vim-javascript";
|
||||
rev = "1.2.5.1";
|
||||
sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7";
|
||||
};
|
||||
};
|
||||
customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin {
|
||||
name = "vim-jsx";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "mxw";
|
||||
repo = "vim-jsx";
|
||||
rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a";
|
||||
sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a";
|
||||
};
|
||||
};
|
||||
in {
|
||||
# {
|
||||
environment.systemPackages = [
|
||||
(pkgs.vim_configurable.customize {
|
||||
name = "vim";
|
||||
|
||||
vimrcConfig.customRC = ''
|
||||
:imap jk <Esc>
|
||||
:vmap v v
|
||||
:map gr :GoRun<Enter>
|
||||
:nnoremap <S-TAB> :bnext<CR>
|
||||
:nnoremap <C-TAB> <c-w><c-w>
|
||||
set autowrite
|
||||
set number
|
||||
set ruler
|
||||
|
||||
noremap x "_x
|
||||
set clipboard=unnamedplus
|
||||
|
||||
let g:jsx_ext_required = 0
|
||||
|
||||
let g:go_list_type = "quickfix"
|
||||
let g:go_test_timeout = '10s'
|
||||
let g:go_fmt_command = "goimports"
|
||||
let g:go_snippet_case_type = "camelcase"
|
||||
let g:go_highlight_types = 1
|
||||
let g:go_highlight_fields = 1
|
||||
let g:go_highlight_functions = 1
|
||||
let g:go_highlight_methods = 1
|
||||
let g:go_highlight_extra_types = 1
|
||||
autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
|
||||
let g:rehash256 = 1
|
||||
let g:molokai_original = 1
|
||||
colorscheme molokai
|
||||
let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck']
|
||||
let g:go_metalinter_autosave = 1
|
||||
" let g:go_metalinter_autosave_enabled = ['vet', 'golint']
|
||||
" let g:go_def_mode = 'godef'
|
||||
" let g:go_decls_includes = "func,type"
|
||||
|
||||
|
||||
" Trigger configuration. Do not use <tab> if you use https://github.com/Valloric/YouCompleteMe.
|
||||
let g:UltiSnipsExpandTrigger="<c-e>"
|
||||
let g:UltiSnipsJumpForwardTrigger="<c-t>"
|
||||
let g:UltiSnipsJumpBackwardTrigger="<c-q>"
|
||||
|
||||
" If you want :UltiSnipsEdit to split your window.
|
||||
let g:UltiSnipsEditSplit="vertical"
|
||||
|
||||
if has('persistent_undo') "check if your vim version supports it
|
||||
set undofile "turn on the feature
|
||||
set undodir=$HOME/.vim/undo "directory where the undo files will be stored
|
||||
endif
|
||||
'';
|
||||
|
||||
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
|
||||
vimrcConfig.vam.pluginDictionaries = [
|
||||
{ names = [ "undotree" "molokai" ]; } # wanted: fatih/molokai
|
||||
# vim-nix handles indentation better but does not perform sanity
|
||||
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
||||
{ names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode
|
||||
{ names = [ "vim-javascript" ]; ft_regex = "^js\$"; }
|
||||
{ names = [ "vim-jsx" ]; ft_regex = "^js\$"; }
|
||||
{ names = [ "UltiSnips" ]; ft_regex = "^go\$"; }
|
||||
];
|
||||
|
||||
})
|
||||
];
|
||||
}
|
66
jeschli/2configs/default.nix
Normal file
66
jeschli/2configs/default.nix
Normal file
|
@ -0,0 +1,66 @@
|
|||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
imports = [
|
||||
./vim.nix
|
||||
./retiolum.nix
|
||||
{
|
||||
environment.variables = {
|
||||
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
#stockholm
|
||||
git
|
||||
gnumake
|
||||
jq
|
||||
parallel
|
||||
proot
|
||||
populate
|
||||
|
||||
#style
|
||||
most
|
||||
rxvt_unicode.terminfo
|
||||
|
||||
#monitoring tools
|
||||
htop
|
||||
iotop
|
||||
|
||||
#network
|
||||
iptables
|
||||
iftop
|
||||
|
||||
#stuff for dl
|
||||
aria2
|
||||
|
||||
#neat utils
|
||||
file
|
||||
kpaste
|
||||
krebspaste
|
||||
mosh
|
||||
pciutils
|
||||
psmisc
|
||||
# q
|
||||
# rs
|
||||
tmux
|
||||
untilport
|
||||
usbutils
|
||||
# logify
|
||||
goify
|
||||
|
||||
#unpack stuff
|
||||
p7zip
|
||||
unzip
|
||||
unrar
|
||||
|
||||
(pkgs.writeDashBin "sshn" ''
|
||||
${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
|
||||
'')
|
||||
];
|
||||
|
||||
krebs.enable = true;
|
||||
}
|
22
jeschli/2configs/retiolum.nix
Normal file
22
jeschli/2configs/retiolum.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
krebs.tinc.retiolum = {
|
||||
enable = true;
|
||||
connectTo = [
|
||||
"prism"
|
||||
"gum"
|
||||
"ni"
|
||||
"dishfire"
|
||||
];
|
||||
};
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
tinc = pkgs.tinc_pre;
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.tinc
|
||||
];
|
||||
}
|
373
jeschli/2configs/vim.nix
Normal file
373
jeschli/2configs/vim.nix
Normal file
|
@ -0,0 +1,373 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
out = {
|
||||
environment.systemPackages = [
|
||||
(hiPrio vim)
|
||||
pkgs.python35Packages.flake8
|
||||
];
|
||||
|
||||
environment.etc.vimrc.source = vimrc;
|
||||
|
||||
environment.variables.EDITOR = mkForce "vim";
|
||||
environment.variables.VIMINIT = ":so /etc/vimrc";
|
||||
};
|
||||
|
||||
vimrc = pkgs.writeText "vimrc" ''
|
||||
set nocompatible
|
||||
|
||||
set autoindent
|
||||
set backspace=indent,eol,start
|
||||
set backup
|
||||
set backupdir=${dirs.backupdir}/
|
||||
set directory=${dirs.swapdir}//
|
||||
set hlsearch
|
||||
set incsearch
|
||||
set mouse=a
|
||||
set ruler
|
||||
set pastetoggle=<INS>
|
||||
set runtimepath=${extra-runtimepath},$VIMRUNTIME
|
||||
set shortmess+=I
|
||||
set showcmd
|
||||
set showmatch
|
||||
set ttimeoutlen=0
|
||||
set undodir=${dirs.undodir}
|
||||
set undofile
|
||||
set undolevels=1000000
|
||||
set undoreload=1000000
|
||||
set viminfo='20,<1000,s100,h,n${files.viminfo}
|
||||
set visualbell
|
||||
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
|
||||
set wildmenu
|
||||
set wildmode=longest,full
|
||||
|
||||
set title
|
||||
set titleold=
|
||||
set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
|
||||
|
||||
set et ts=2 sts=2 sw=2
|
||||
|
||||
filetype plugin indent on
|
||||
|
||||
set t_Co=256
|
||||
colorscheme hack
|
||||
syntax on
|
||||
|
||||
au Syntax * syn match Garbage containedin=ALL /\s\+$/
|
||||
\ | syn match TabStop containedin=ALL /\t\+/
|
||||
\ | syn keyword Todo containedin=ALL TODO
|
||||
|
||||
au BufRead,BufNewFile *.hs so ${hs.vim}
|
||||
|
||||
au BufRead,BufNewFile *.nix so ${nix.vim}
|
||||
|
||||
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
|
||||
|
||||
"Syntastic config
|
||||
let g:syntastic_python_checkers=['flake8']
|
||||
let g:syntastic_python_flake8_post_args='--ignore=E501'
|
||||
|
||||
nmap <esc>q :buffer
|
||||
nmap <M-q> :buffer
|
||||
|
||||
cnoremap <C-A> <Home>
|
||||
|
||||
noremap <C-c> :q<cr>
|
||||
vnoremap < <gv
|
||||
vnoremap > >gv
|
||||
|
||||
nnoremap <esc>[5^ :tabp<cr>
|
||||
nnoremap <esc>[6^ :tabn<cr>
|
||||
nnoremap <esc>[5@ :tabm -1<cr>
|
||||
nnoremap <esc>[6@ :tabm +1<cr>
|
||||
|
||||
nnoremap <f1> :tabp<cr>
|
||||
nnoremap <f2> :tabn<cr>
|
||||
inoremap <f1> <esc>:tabp<cr>
|
||||
inoremap <f2> <esc>:tabn<cr>
|
||||
|
||||
" <C-{Up,Down,Right,Left>
|
||||
noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
|
||||
noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
|
||||
noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
|
||||
noremap <esc>Od <nop> | noremap! <esc>Od <nop>
|
||||
" <[C]S-{Up,Down,Right,Left>
|
||||
noremap <esc>[a <nop> | noremap! <esc>[a <nop>
|
||||
noremap <esc>[b <nop> | noremap! <esc>[b <nop>
|
||||
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
|
||||
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
|
||||
|
||||
" search with ack
|
||||
let g:ackprg = 'ag --vimgrep'
|
||||
cnoreabbrev Ack Ack!
|
||||
|
||||
" copy/paste from/to xclipboard
|
||||
noremap x "_x
|
||||
set clipboard=unnamedplus
|
||||
'';
|
||||
|
||||
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
|
||||
pkgs.vimPlugins.ack-vim
|
||||
pkgs.vimPlugins.Gundo
|
||||
pkgs.vimPlugins.Syntastic
|
||||
pkgs.vimPlugins.undotree
|
||||
pkgs.vimPlugins.vim-go
|
||||
(pkgs.vimUtils.buildVimPlugin {
|
||||
name = "file-line-1.0";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "bogado";
|
||||
repo = "file-line";
|
||||
rev = "1.0";
|
||||
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
|
||||
};
|
||||
})
|
||||
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
|
||||
name = "hack";
|
||||
in {
|
||||
name = "vim-color-${name}-1.0.2";
|
||||
destination = "/colors/${name}.vim";
|
||||
text = /* vim */ ''
|
||||
set background=dark
|
||||
hi clear
|
||||
if exists("syntax_on")
|
||||
syntax clear
|
||||
endif
|
||||
|
||||
let colors_name = ${toJSON name}
|
||||
|
||||
hi Normal ctermbg=235
|
||||
hi Comment ctermfg=242
|
||||
hi Constant ctermfg=062
|
||||
hi Identifier ctermfg=068
|
||||
hi Function ctermfg=041
|
||||
hi Statement ctermfg=167
|
||||
hi PreProc ctermfg=167
|
||||
hi Type ctermfg=041
|
||||
hi Delimiter ctermfg=251
|
||||
hi Special ctermfg=062
|
||||
|
||||
hi Garbage ctermbg=088
|
||||
hi TabStop ctermbg=016
|
||||
hi Todo ctermfg=174 ctermbg=NONE
|
||||
|
||||
hi NixCode ctermfg=148
|
||||
hi NixData ctermfg=149
|
||||
hi NixQuote ctermfg=150
|
||||
|
||||
hi diffNewFile ctermfg=207
|
||||
hi diffFile ctermfg=207
|
||||
hi diffLine ctermfg=207
|
||||
hi diffSubname ctermfg=207
|
||||
hi diffAdded ctermfg=010
|
||||
hi diffRemoved ctermfg=009
|
||||
'';
|
||||
})))
|
||||
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
|
||||
name = "vim";
|
||||
in {
|
||||
name = "vim-syntax-${name}-1.0.0";
|
||||
destination = "/syntax/${name}.vim";
|
||||
text = /* vim */ ''
|
||||
${concatMapStringsSep "\n" (s: /* vim */ ''
|
||||
syn keyword vimColor${s} ${s}
|
||||
\ containedin=ALLBUT,vimComment,vimLineComment
|
||||
hi vimColor${s} ctermfg=${s}
|
||||
'') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
|
||||
'';
|
||||
})))
|
||||
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
|
||||
name = "showsyntax";
|
||||
in {
|
||||
name = "vim-plugin-${name}-1.0.0";
|
||||
destination = "/plugin/${name}.vim";
|
||||
text = /* vim */ ''
|
||||
if exists('g:loaded_showsyntax')
|
||||
finish
|
||||
endif
|
||||
let g:loaded_showsyntax = 0
|
||||
|
||||
fu! ShowSyntax()
|
||||
let id = synID(line("."), col("."), 1)
|
||||
let name = synIDattr(id, "name")
|
||||
let transName = synIDattr(synIDtrans(id),"name")
|
||||
if name != transName
|
||||
let name .= " (" . transName . ")"
|
||||
endif
|
||||
echo "Syntax: " . name
|
||||
endfu
|
||||
|
||||
command! -n=0 -bar ShowSyntax :call ShowSyntax()
|
||||
'';
|
||||
})))
|
||||
];
|
||||
|
||||
dirs = {
|
||||
backupdir = "$HOME/.cache/vim/backup";
|
||||
swapdir = "$HOME/.cache/vim/swap";
|
||||
undodir = "$HOME/.cache/vim/undo";
|
||||
};
|
||||
files = {
|
||||
viminfo = "$HOME/.cache/vim/info";
|
||||
};
|
||||
|
||||
mkdirs = let
|
||||
dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
|
||||
in assert out != ""; out;
|
||||
alldirs = attrValues dirs ++ map dirOf (attrValues files);
|
||||
in unique (sort lessThan alldirs);
|
||||
|
||||
vim = pkgs.symlinkJoin {
|
||||
name = "vim";
|
||||
paths = [
|
||||
(pkgs.writeDashBin "vim" ''
|
||||
set -efu
|
||||
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
|
||||
exec ${pkgs.vim}/bin/vim "$@"
|
||||
'')
|
||||
pkgs.vim
|
||||
];
|
||||
};
|
||||
|
||||
hs.vim = pkgs.writeText "hs.vim" ''
|
||||
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
|
||||
|
||||
hi link ConId Identifier
|
||||
hi link VarId Identifier
|
||||
hi link hsDelimiter Delimiter
|
||||
'';
|
||||
|
||||
nix.vim = pkgs.writeText "nix.vim" ''
|
||||
setf nix
|
||||
|
||||
" Ref <nix/src/libexpr/lexer.l>
|
||||
syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
|
||||
syn match NixINT /\<[0-9]\+\>/
|
||||
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
|
||||
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
|
||||
syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
|
||||
syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
|
||||
syn region NixSTRING
|
||||
\ matchgroup=NixSTRING
|
||||
\ start='"'
|
||||
\ skip='\\"'
|
||||
\ end='"'
|
||||
syn region NixIND_STRING
|
||||
\ matchgroup=NixIND_STRING
|
||||
\ start="'''"
|
||||
\ skip="'''\('\|[$]\|\\[nrt]\)"
|
||||
\ end="'''"
|
||||
|
||||
syn match NixOther /[():/;=.,?\[\]]/
|
||||
|
||||
syn match NixCommentMatch /\(^\|\s\)#.*/
|
||||
syn region NixCommentRegion start="/\*" end="\*/"
|
||||
|
||||
hi link NixCode Statement
|
||||
hi link NixData Constant
|
||||
hi link NixComment Comment
|
||||
|
||||
hi link NixCommentMatch NixComment
|
||||
hi link NixCommentRegion NixComment
|
||||
hi link NixID NixCode
|
||||
hi link NixINT NixData
|
||||
hi link NixPATH NixData
|
||||
hi link NixHPATH NixData
|
||||
hi link NixSPATH NixData
|
||||
hi link NixURI NixData
|
||||
hi link NixSTRING NixData
|
||||
hi link NixIND_STRING NixData
|
||||
|
||||
hi link NixEnter NixCode
|
||||
hi link NixOther NixCode
|
||||
hi link NixQuote NixData
|
||||
|
||||
syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
|
||||
syn cluster nix_ind_strings contains=NixIND_STRING
|
||||
syn cluster nix_strings contains=NixSTRING
|
||||
|
||||
${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
|
||||
startAlts = filter isString [
|
||||
''/\* ${lang} \*/''
|
||||
extraStart
|
||||
];
|
||||
sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
|
||||
in /* vim */ ''
|
||||
syn include @nix_${lang}_syntax syntax/${lang}.vim
|
||||
unlet b:current_syntax
|
||||
|
||||
syn match nix_${lang}_sigil
|
||||
\ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
|
||||
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
|
||||
\ transparent
|
||||
|
||||
syn region nix_${lang}_region_STRING
|
||||
\ matchgroup=NixSTRING
|
||||
\ start='"'
|
||||
\ skip='\\"'
|
||||
\ end='"'
|
||||
\ contained
|
||||
\ contains=@nix_${lang}_syntax
|
||||
\ transparent
|
||||
|
||||
syn region nix_${lang}_region_IND_STRING
|
||||
\ matchgroup=NixIND_STRING
|
||||
\ start="'''"
|
||||
\ skip="'''\('\|[$]\|\\[nrt]\)"
|
||||
\ end="'''"
|
||||
\ contained
|
||||
\ contains=@nix_${lang}_syntax
|
||||
\ transparent
|
||||
|
||||
syn cluster nix_ind_strings
|
||||
\ add=nix_${lang}_region_IND_STRING
|
||||
|
||||
syn cluster nix_strings
|
||||
\ add=nix_${lang}_region_STRING
|
||||
|
||||
syn cluster nix_has_dollar_curly
|
||||
\ add=@nix_${lang}_syntax
|
||||
'') {
|
||||
c = {};
|
||||
cabal = {};
|
||||
haskell = {};
|
||||
sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
|
||||
vim.extraStart =
|
||||
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
|
||||
})}
|
||||
|
||||
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
|
||||
syn clear shVarAssign
|
||||
|
||||
syn region nixINSIDE_DOLLAR_CURLY
|
||||
\ matchgroup=NixEnter
|
||||
\ start="[$]{"
|
||||
\ end="}"
|
||||
\ contains=TOP
|
||||
\ containedin=@nix_has_dollar_curly
|
||||
\ transparent
|
||||
|
||||
syn region nix_inside_curly
|
||||
\ matchgroup=NixEnter
|
||||
\ start="{"
|
||||
\ end="}"
|
||||
\ contains=TOP
|
||||
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
|
||||
\ transparent
|
||||
|
||||
syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
|
||||
\ containedin=@nix_ind_strings
|
||||
\ contained
|
||||
|
||||
syn match NixQuote /\\./he=s+1
|
||||
\ containedin=@nix_strings
|
||||
\ contained
|
||||
|
||||
syn sync fromstart
|
||||
|
||||
let b:current_syntax = "nix"
|
||||
|
||||
set isk=@,48-57,_,192-255,-,'
|
||||
'';
|
||||
in
|
||||
out
|
9
jeschli/default.nix
Normal file
9
jeschli/default.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
_:
|
||||
{
|
||||
imports = [
|
||||
../krebs
|
||||
./2configs
|
||||
# ./3modules
|
||||
# ./5pkgs
|
||||
];
|
||||
}
|
22
jeschli/source.nix
Normal file
22
jeschli/source.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
with import <stockholm/lib>;
|
||||
host@{ name, secure ? false, override ? {} }: let
|
||||
builder = if getEnv "dummy_secrets" == "true"
|
||||
then "buildbot"
|
||||
else "jeschli";
|
||||
_file = <stockholm> + "/jeschli/1systems/${name}/source.nix";
|
||||
in
|
||||
evalSource (toString _file) [
|
||||
{
|
||||
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
|
||||
nixpkgs.git = {
|
||||
url = https://github.com/nixos/nixpkgs;
|
||||
ref = "f9390d6";
|
||||
};
|
||||
secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>;
|
||||
jeschli = "/home/jeschli/secrets/${name}";
|
||||
};
|
||||
stockholm.file = toString <stockholm>;
|
||||
}
|
||||
override
|
||||
]
|
|
@ -13,7 +13,6 @@
|
|||
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
|
||||
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
||||
<stockholm/krebs/2configs/ircd.nix>
|
||||
<stockholm/krebs/2configs/reaktor-krebs.nix>
|
||||
<stockholm/krebs/2configs/reaktor-retiolum.nix>
|
||||
];
|
||||
|
||||
|
|
|
@ -26,9 +26,13 @@ in
|
|||
<stockholm/krebs/2configs/shack/share.nix>
|
||||
{
|
||||
systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate
|
||||
#systemd.services.telegraf.environment = {
|
||||
# "MIBDIRS" : ""; # extra mibs like ADSL
|
||||
#};
|
||||
systemd.services.telegraf.environment = {
|
||||
MIBDIRS = pkgs.fetchgit {
|
||||
url = "http://git.shackspace.de/makefu/modem-mibs.git";
|
||||
sha256 =
|
||||
"1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k";
|
||||
}; # extra mibs like ADSL
|
||||
};
|
||||
services.telegraf = {
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
|
|
|
@ -7,6 +7,9 @@
|
|||
|
||||
services.charybdis = {
|
||||
enable = true;
|
||||
motd = ''
|
||||
hello
|
||||
'';
|
||||
config = ''
|
||||
serverinfo {
|
||||
name = "${config.krebs.build.host.name}.irc.retiolum";
|
||||
|
|
|
@ -83,6 +83,7 @@ let
|
|||
rsync
|
||||
utillinux
|
||||
];
|
||||
restartIfChanged = false;
|
||||
serviceConfig = rec {
|
||||
ExecStart = start plan;
|
||||
SyslogIdentifier = ExecStart.name;
|
||||
|
|
|
@ -104,7 +104,7 @@ in
|
|||
"dummy_secrets": "true",
|
||||
},
|
||||
command=[
|
||||
"nix-shell", "--run", " ".join(["test",
|
||||
"nix-shell", "-I", "stockholm=.", "--run", " ".join(["test",
|
||||
"--user={}".format(user),
|
||||
"--system={}".format(host),
|
||||
"--force-populate",
|
||||
|
|
|
@ -44,6 +44,7 @@ let
|
|||
./tinc_graphs.nix
|
||||
./urlwatch.nix
|
||||
./repo-sync.nix
|
||||
./zones.nix
|
||||
];
|
||||
options.krebs = api;
|
||||
config = lib.mkIf cfg.enable imp;
|
||||
|
@ -60,6 +61,7 @@ let
|
|||
|
||||
hosts = mkOption {
|
||||
type = with types; attrsOf host;
|
||||
default = {};
|
||||
};
|
||||
|
||||
users = mkOption {
|
||||
|
@ -171,17 +173,6 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
# Implements environment.etc."zones/<zone-name>"
|
||||
environment.etc = let
|
||||
stripEmptyLines = s: (concatStringsSep "\n"
|
||||
(remove "\n" (remove "" (splitString "\n" s)))) + "\n";
|
||||
all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
|
||||
([cfg.zone-head-config] ++ combined-hosts);
|
||||
combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
|
||||
in lib.mapAttrs' (name: value: nameValuePair
|
||||
("zones/" + name)
|
||||
{ text=(stripEmptyLines value); }) all-zones;
|
||||
|
||||
krebs.exim-smarthost.internet-aliases = let
|
||||
format = from: to: {
|
||||
inherit from;
|
||||
|
@ -234,21 +225,26 @@ let
|
|||
};
|
||||
})
|
||||
//
|
||||
# GitHub's IPv4 address range is 192.30.252.0/22
|
||||
# Refs https://help.github.com/articles/github-s-ip-addresses/
|
||||
# 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses)
|
||||
# Because line length is limited by OPENSSH_LINE_MAX (= 8192),
|
||||
# we split each /24 into its own entry.
|
||||
listToAttrs (map
|
||||
(c: {
|
||||
name = "github${toString c}";
|
||||
value = {
|
||||
hostNames = ["github.com"] ++
|
||||
map (d: "192.30.${toString c}.${toString d}") (range 0 255);
|
||||
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
|
||||
};
|
||||
})
|
||||
(range 252 255))
|
||||
{
|
||||
github = {
|
||||
hostNames = [
|
||||
"github.com"
|
||||
# List generated with
|
||||
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
|
||||
"192.30.253.*"
|
||||
"192.30.254.*"
|
||||
"192.30.255.*"
|
||||
"185.199.108.*"
|
||||
"185.199.109.*"
|
||||
"185.199.110.*"
|
||||
"185.199.111.*"
|
||||
"18.195.85.27"
|
||||
"18.194.104.89"
|
||||
"35.159.8.160"
|
||||
];
|
||||
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
|
||||
};
|
||||
}
|
||||
//
|
||||
mapAttrs
|
||||
(name: host: {
|
||||
|
|
|
@ -42,6 +42,10 @@ in {
|
|||
exim_group = ${cfg.group.name}
|
||||
exim_path = /run/wrappers/bin/exim
|
||||
spool_directory = ${cfg.user.home}
|
||||
|
||||
# https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
|
||||
chunking_advertise_hosts =
|
||||
|
||||
${cfg.config}
|
||||
'';
|
||||
systemPackages = [ pkgs.exim ];
|
||||
|
|
|
@ -27,7 +27,7 @@ let
|
|||
};
|
||||
display = mkOption {
|
||||
type = types.str;
|
||||
default = ":0";
|
||||
default = ":${toString config.services.xserver.display}";
|
||||
};
|
||||
unitConfig = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
|
|
|
@ -132,38 +132,6 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
||||
};
|
||||
archprism = rec {
|
||||
cores = 4;
|
||||
nets = rec {
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.0.104";
|
||||
ip6.addr = "42::fa17";
|
||||
aliases = [
|
||||
"archprism.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
|
||||
kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
|
||||
JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
|
||||
AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
|
||||
jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
|
||||
anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
internet = {
|
||||
ip4.addr = "213.239.205.240";
|
||||
aliases = [
|
||||
"archprism.i"
|
||||
];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_rsa>;
|
||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
|
||||
};
|
||||
domsen-nas = {
|
||||
ci = false;
|
||||
external = true;
|
||||
|
@ -374,6 +342,47 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpx9jJnn4QMGO8BOrGOLRN1rgpIkR14sQb8S+otWEL";
|
||||
};
|
||||
littleT = {
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.133.77";
|
||||
ip6.addr = "42:0:0:0:0:0:717:7137";
|
||||
aliases = [
|
||||
"littleT.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF
|
||||
/m2ZWpKDZyKx17GXQwm8n0NgyvcemvoCVGqSHIsbxvLB6aBF6ZLkeKyx1mZioEDY
|
||||
1MWR+yr42dFn+6uVTxJhLPmOxgX0D3pWe31UycoAMSWf4eAhmFIEFUvQCAW43arO
|
||||
ni1TFSsaHOCxOaLVd/r7tSO0aT72WbOat84zWccwBZXvpqt/V6/o1MGB28JwZ92G
|
||||
sBMjsCsoiciSg9aAzMCdjOYdM+RSwHEHI9xMineJgZFAbQqwTvK9axyvleJvgaWR
|
||||
M9906r/17tlqJ/hZ0IwA6X+OT4w/JNGruy/5phxHvZmDgvXmYD9hf2a6JmjOMPp/
|
||||
Zn6zYCDYgSYugwJ7GI39GG7f+3Xpmre87O6g6WSaMWCfdOaAeYnj+glP5+YvTLpT
|
||||
+cdN9HweV27wShRozJAqTGZbD0Nfs+EXd0J/q6kP43lwv6wyZdmXCShPF2NzBlEY
|
||||
xdtWKhRYKC1cs0Z2nK+XGEyznNzp1f8NC5qvTguj4kDMhoOd6WXwk460HF49Tf/c
|
||||
aGQTGzgEVMAI7phTJubEmxdBooedvPFamS5wpHTmOt9dZ3qbpCgThaMblVvUu/lm
|
||||
7pkPgc60Y2RAk/Rvyy5A8AaxBXPRBNwVkM5TY/5TW+S1zY09600ZCC2GE27qGT9v
|
||||
k4GHabO42n3wTHk+APodzKDBbEazhOp5Oclg4nNKqgg+IrmheB91oEqBXlfyDj8B
|
||||
idVoUvbH9WPwBqdh7hoqzrHDur5wCFBphrkjEe98o5iFFFi2C8W04H7iqe+nFqvJ
|
||||
y/vzKk5kbfpjov71EEje+hNUCLTWF7sjgT4Z2z8LuqjpIq+d2i5dASfTqj4VBs6D
|
||||
SeiHyyAfCHG/03I9E5eizCCd98Tr30yhu3IKsdFFXsVwxHVFenq2Y1ca7uypCk+i
|
||||
mDC5q5WQFEK/8SSO25i1teWBawfNVVVI/A1b676VJyafS9ebJs8TmXYRbE6rcBzH
|
||||
PssdHNwbtEwhbGdQhgQ2pqQg1SIZM3zvjcpgzL9QP29tulubJ05keaw/4p/Yg/mB
|
||||
ivF8EAIefXYYVxYkRQsHox7UQpSCzjOtj7gvc0KdJxshSLuryM0LxP+gk+x6JPX5
|
||||
Ht8x+oE7iL0cqBsIenc/e0XdTZ+4zrBY5hWbGH8a8VJqEYs54WRJhzQf1jzNaCbS
|
||||
8328MpRF5lXujv61aveg0i4pvczznlSV7wXmmwNAdhvSUTh34tCpRqabpCJdlRBt
|
||||
NvVuij6guPKt4XV1TxXNsPCfib1vYjvwX8gUE4UhL69VmM8OBaC3XdroMfNvz9YW
|
||||
5ObxDGIEiP53Jp8hiWId0AI/XF5Ct3Gh2wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
|
||||
};
|
||||
iso = {
|
||||
ci = false;
|
||||
cores = 1;
|
||||
|
@ -440,8 +449,6 @@ with import <stockholm/lib>;
|
|||
retiolum = rec {
|
||||
via = internet;
|
||||
addrs = [
|
||||
# edinburgh university
|
||||
"129.215.0.0/16"
|
||||
ip4.addr
|
||||
ip6.addr
|
||||
];
|
||||
|
@ -463,6 +470,10 @@ with import <stockholm/lib>;
|
|||
lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.subnets = [
|
||||
# edinburgh university
|
||||
"129.215.0.0/16"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -524,6 +535,86 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
};
|
||||
reagenzglas = {
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.27.27";
|
||||
ip6.addr = "42::27";
|
||||
aliases = [
|
||||
"reagenzglas.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P
|
||||
bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0
|
||||
utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO
|
||||
2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5
|
||||
hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u
|
||||
mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW
|
||||
8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06
|
||||
aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw
|
||||
pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu
|
||||
3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/
|
||||
lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5
|
||||
+IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz
|
||||
9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli
|
||||
PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0
|
||||
ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn
|
||||
GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE
|
||||
hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2
|
||||
ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX
|
||||
vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe
|
||||
G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44
|
||||
5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x
|
||||
Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
xerxes = {
|
||||
cores = 2;
|
||||
nets = rec {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.1.3";
|
||||
ip6.addr = "42::1:3";
|
||||
aliases = [
|
||||
"xerxes.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U
|
||||
MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk
|
||||
gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W
|
||||
/EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb
|
||||
mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO
|
||||
X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj
|
||||
+2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim
|
||||
hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9
|
||||
3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4
|
||||
H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5
|
||||
JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4
|
||||
hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe
|
||||
SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo
|
||||
4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe
|
||||
vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3
|
||||
Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO
|
||||
scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv
|
||||
jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ
|
||||
Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u
|
||||
/Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0
|
||||
bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ
|
||||
sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
|
||||
};
|
||||
};
|
||||
users = {
|
||||
lass = {
|
||||
|
@ -552,13 +643,13 @@ with import <stockholm/lib>;
|
|||
mail = "lass@icarus.r";
|
||||
pubkey = builtins.readFile ./ssh/icarus.rsa;
|
||||
};
|
||||
lass-xerxes = {
|
||||
mail = "lass@xerxes.r";
|
||||
pubkey = builtins.readFile ./ssh/xerxes.rsa;
|
||||
};
|
||||
fritz = {
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
|
||||
};
|
||||
archprism-repo-sync = {
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C";
|
||||
mail = "lass@prism.r";
|
||||
};
|
||||
prism-repo-sync = {
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe";
|
||||
mail = "lass@prism.r";
|
||||
|
@ -576,5 +667,8 @@ with import <stockholm/lib>;
|
|||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
|
||||
mail = "joerg@higgsboson.tk";
|
||||
};
|
||||
jeschli = {
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
1
krebs/3modules/lass/ssh/xerxes.rsa
Normal file
1
krebs/3modules/lass/ssh/xerxes.rsa
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGjBN0aFs6GxNwMjCvlddbN6+vb6LZuWiWWe+wbAynaGuGbae0TXCLp0/eMNy7fH8poDjpdW9M4mKbBFKOqyG8WJLCPFoQw761tjKl1hccJn0hFSkQAEGKxtfzHlAl/Mz+59yvqNg7/WNSivv41hE7btYltzRy238VQDYFv2eLM7acyxrgGo7tWOtkbpfELj5cM8Qw1j3TF9bGV5pK6IOEtaHbmalS8Iiz77syAu+6E/y6zKBTtGMHI15l6RNJ/Y7A1LM/WwuNL+9dJMYWJFVHy3/4dpaxiioHREiSawUbz9wNHknCrT6vaPCIVVcujhz9Oee1C5UiYUyyfJrFYdlzaTg7FuLNIt2hKMY6NYx1D8/Pwpq1JOsaEfK/K5ytCgaJb115mRevcaUA5s7KYNWHmmZvy08JzCgSM6ZPRtfkQIcha77wVq6DugJ+KgBz+oADQRKiaMrumOMldd0B3q4Oxb71gDTE1XLAbWJnd/0Up1H5GAtZZUUrMUslZiU/23R6SOkyEMLWQTx/KgkWcz8DZLtib5o03uZpfJDVqp2CR+sjmy4x9aa+lSaOzuZP0KRyg+mOKl0o3zL7TNAzrzSCORVBg7nOh+0SPJkDxVRkc6dVY1L3ZOfdm2P/19fhWEr5ECgVrmYYKnDPwWY1iWJlZsiEc3Mj7KB1m44ov0FJg2hiNnydImqcXTCoszp515MBmeHnpqJsqEZuWS8dAnaEiOwZaSKIO1E7lQ7CoP86+eD4yAwLq6fb2tgjHT69LgDMaIha4hMfrO2o4UDVw9OZMfnPtyatI4pxplaQDoQM1p0dej0rZ7uxL1tfoKAyT0UCdtjhxfnNs0x1gOQbML4eGbqyKuyF82eOQRgKRDqH/tParoE4SRBVi7o3s0kILRmXA3ng3n1uhEiGwPTH8JsQ9huM+XOhH8+CzQeg4yb/jCrhsDzvLaW654+ouq9G+kjwqmO4vLNs5eZxfae84rppbS2MJqK1x8rkJixvKBKEfvYJOuDNV+hXyMbToaq8qtGy7cCSq4+UDio3DsSHY0Tpt9e+yEzoOOqFQLQyq6uHv/+u9MY+VADoa4N64U3S2SXul9tE3g6hOAY0F5BYMbxQSuj59kzwghlAmbsyWN2FCmWdsfCQkkZX7wCTj20DtZB/GdVSGNgHGAoU5JZrXKca3A2Yc9hzbYjyNYr0NmQ9NUbkbaOkcYJRIUXtS2OBOHP+FoUkkqL3ieKXR07l5xJbWLzbyVUxN9Zii4Baj5xnDO/RLZPDvTUxbER/0d1orMZztL2EKmfSn4j4uhWqpi04Rg9sWH+WVLAq22EKhAuqcFEOUimjcyZWYKxcAq5Z51NJNBQB7euz55eCJUZkBUYEpNuYr0UDlmBxKB2r6ZWDeNXT7eLxBdwDHCHSqXV7qOG1vMhHtjbbxmQMnkQ4InhO9TdpaN3tj67nGmc6hhgYO4b7NvyL1/pvDPrHrR/3GzkDkwqvt3uESdVdqAJSCk6gFh9V1aGs= lass@xerxes
|
|
@ -5,7 +5,7 @@ with import <stockholm/lib>;
|
|||
{
|
||||
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
|
||||
cake = rec {
|
||||
cores = 1;
|
||||
cores = 4;
|
||||
ci = false;
|
||||
nets = {
|
||||
retiolum = {
|
||||
|
@ -107,7 +107,7 @@ with import <stockholm/lib>;
|
|||
ci = true;
|
||||
cores = 1;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
|
||||
# ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
|
||||
nets = {
|
||||
internet = {
|
||||
ip4.addr = "185.215.224.160";
|
||||
|
@ -500,7 +500,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.214.15";
|
||||
ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
|
||||
# ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
|
||||
aliases = [
|
||||
"wbob.r"
|
||||
];
|
||||
|
@ -540,13 +540,14 @@ with import <stockholm/lib>;
|
|||
wiki.euer IN A ${nets.internet.ip4.addr}
|
||||
graph IN A ${nets.internet.ip4.addr}
|
||||
ghook IN A ${nets.internet.ip4.addr}
|
||||
dockerhub IN A ${nets.internet.ip4.addr}
|
||||
io IN NS gum.krebsco.de.
|
||||
'';
|
||||
};
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "188.68.40.19";
|
||||
ip6.addr = "2a03:4000:17:2df::1";
|
||||
ip4.addr = "185.194.143.140";
|
||||
ip6.addr = "2a03:4000:1c:43f::1";
|
||||
aliases = [
|
||||
"gum.i"
|
||||
];
|
||||
|
|
|
@ -1,38 +1,34 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
{ config, pkgs, ... }: let
|
||||
cfg = config.krebs.per-user;
|
||||
|
||||
out = {
|
||||
options.krebs.per-user = api;
|
||||
config = imp;
|
||||
};
|
||||
|
||||
api = mkOption {
|
||||
type = with types; attrsOf (submodule {
|
||||
in {
|
||||
options.krebs.per-user = mkOption {
|
||||
type = types.attrsOf (types.submodule {
|
||||
options = {
|
||||
packages = mkOption {
|
||||
type = listOf path;
|
||||
type = types.listOf types.path;
|
||||
default = [];
|
||||
};
|
||||
};
|
||||
});
|
||||
default = {};
|
||||
};
|
||||
|
||||
imp = {
|
||||
config = {
|
||||
environment = {
|
||||
etc = flip mapAttrs' cfg (name: { packages, ... }: {
|
||||
name = "per-user/${name}";
|
||||
value.source = pkgs.symlinkJoin {
|
||||
name = "per-user.${name}";
|
||||
paths = packages;
|
||||
};
|
||||
});
|
||||
etc =
|
||||
mapAttrs'
|
||||
(name: per-user: {
|
||||
name = "per-user/${name}";
|
||||
value.source = pkgs.buildEnv {
|
||||
name = "per-user.${name}";
|
||||
paths = per-user.packages;
|
||||
pathsToLink = [
|
||||
"/bin"
|
||||
];
|
||||
};
|
||||
})
|
||||
(filterAttrs (_: per-user: per-user.packages != []) cfg);
|
||||
profiles = ["/etc/per-user/$LOGNAME"];
|
||||
};
|
||||
};
|
||||
|
||||
in out
|
||||
}
|
||||
|
|
|
@ -173,6 +173,7 @@ let
|
|||
REPONAME = "${name}.git";
|
||||
};
|
||||
|
||||
restartIfChanged = false;
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
PermissionsStartOnly = true;
|
||||
|
|
|
@ -38,12 +38,12 @@ let
|
|||
${optionalString (cfg.enableXMLRPC ) ''
|
||||
# prepare socket and set permissions. rtorrent user is part of group nginx
|
||||
# TODO: configure a shared torrent group
|
||||
execute_nothrow = rm,${cfg.xmlrpc-socket}
|
||||
execute.nothrow = rm,${cfg.xmlrpc-socket}
|
||||
scgi_local = ${cfg.xmlrpc-socket}
|
||||
schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"ug+w,o=\",${cfg.xmlrpc-socket}"
|
||||
''}
|
||||
|
||||
system.file_allocate.set = ${if cfg.preAllocate then "yes" else "no"}
|
||||
system.file.allocate.set = ${if cfg.preAllocate then "yes" else "no"}
|
||||
|
||||
# Prepare systemd logging
|
||||
log.open_file = "rtorrent-systemd", ${systemd-logfile}
|
||||
|
|
|
@ -254,6 +254,36 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
|
||||
};
|
||||
querel = {
|
||||
ci = true;
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.22.22";
|
||||
ip6.addr = "42::2222";
|
||||
aliases = [
|
||||
"querel.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEArv9eB8acpUhJwRaLY9kGeM7DEPvInVvoduEbec10p4Y2PFx2MjSz
|
||||
2OhyxFRkONC4EMV9oVTKD+NRtpbRGZGLYD8ZPB622SvccgB0XnL6ZZfie1feSgrn
|
||||
bPyVnX8EnEgtx9IQckHyaxWgtyrluJnY2CbLkCYgD+50KFT12rdHyAa3+QoYU65x
|
||||
ACQo28i9xIpsl6dm7iWBb+ecHc7fST35OqWywtVxSpHPe1nvwaYm1p3rqqtkCGVh
|
||||
iXE5ruAscri7Dskc5dGR1p7LquhBaebuylH6sfRKA6kre05+/IkXi+JLeAmAtJ+W
|
||||
xezYlecEvxhguql9ZmSYAYkR4KknZb56KtvCnm29o0evvEpsaYcbtgq1D0JhoGyk
|
||||
4DixS5e+5dg470icVKxPfz1AzejxrTUTtMlI28qjAIx1FcmCBGM+T6yHs/MhNGbf
|
||||
aqUmN+FwtsJ2QWFYqu9zjxxyAfrAw+gqHm0LnsKK1ttwF/2fYCTRLowY+ItB3axs
|
||||
UVq7DQxyunyYalKGX2RSJ5BHczREHrfgX43HCSlcAuMuow9jHLOjzul0A49rSZ9E
|
||||
vOPqbjrki0KEEQj0HN3Ax4UVqZ6mPWaTQzuup+bPQ/2Sjkx6COzMSAPmKo4l6DkA
|
||||
J++ZonpnOCUkwCeCU6qJgMuHeXn0uh117Ypj/3J9eKYMO/RTSs3x8l0CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFM2GdL9yOjSBmYBE07ClywNOADc/zxqXwZuWd7Mael root@querel.r";
|
||||
};
|
||||
xu = {
|
||||
binary-cache = {
|
||||
pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
|
||||
|
@ -339,6 +369,8 @@ with import <stockholm/lib>;
|
|||
dv = {
|
||||
mail = "dv@alnus.r";
|
||||
};
|
||||
itak = {
|
||||
};
|
||||
mv-ni = {
|
||||
mail = "mv@ni.r";
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
|
||||
|
|
22
krebs/3modules/zones.nix
Normal file
22
krebs/3modules/zones.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
with import <stockholm/lib>;
|
||||
{ config, ... }: {
|
||||
|
||||
config = {
|
||||
# Implements environment.etc."zones/<zone-name>"
|
||||
environment.etc = let
|
||||
stripEmptyLines = s: (concatStringsSep "\n"
|
||||
(remove "\n" (remove "" (splitString "\n" s)))) + "\n";
|
||||
all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
|
||||
([config.krebs.zone-head-config] ++ combined-hosts);
|
||||
combined-hosts =
|
||||
mapAttrsToList (name: getAttr "extraZones") config.krebs.hosts;
|
||||
in
|
||||
mapAttrs'
|
||||
(name: value: {
|
||||
name = "zones/${name}";
|
||||
value.text = stripEmptyLines value;
|
||||
})
|
||||
all-zones;
|
||||
};
|
||||
|
||||
}
|
25
krebs/5pkgs/haskell/nix-diff/default.nix
Normal file
25
krebs/5pkgs/haskell/nix-diff/default.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl
|
||||
, nix-derivation, optparse-generic, stdenv, system-filepath, text
|
||||
, unix, vector
|
||||
}:
|
||||
mkDerivation {
|
||||
pname = "nix-diff";
|
||||
version = "1.0.0-krebs1";
|
||||
src = fetchgit {
|
||||
url = "https://github.com/Gabriel439/nix-diff";
|
||||
sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k";
|
||||
rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d";
|
||||
};
|
||||
patches = [
|
||||
./nixos-system.patch
|
||||
];
|
||||
isLibrary = false;
|
||||
isExecutable = true;
|
||||
executableHaskellDepends = [
|
||||
attoparsec base containers Diff mtl nix-derivation optparse-generic
|
||||
system-filepath text unix vector
|
||||
];
|
||||
homepage = "https://github.com/Gabriel439/nix-diff";
|
||||
description = "Explain why two Nix derivations differ";
|
||||
license = stdenv.lib.licenses.bsd3;
|
||||
}
|
18
krebs/5pkgs/haskell/nix-diff/nixos-system.patch
Normal file
18
krebs/5pkgs/haskell/nix-diff/nixos-system.patch
Normal file
|
@ -0,0 +1,18 @@
|
|||
diff --git a/src/Main.hs b/src/Main.hs
|
||||
index 959ab8e..d3b6077 100644
|
||||
--- a/src/Main.hs
|
||||
+++ b/src/Main.hs
|
||||
@@ -95,7 +95,12 @@ pathToText path =
|
||||
underneath `/nix/store`, but this is the overwhelmingly common use case
|
||||
-}
|
||||
derivationName :: FilePath -> Text
|
||||
-derivationName = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText
|
||||
+derivationName p =
|
||||
+ if Data.Text.isPrefixOf "nixos-system" s
|
||||
+ then "nixos-system"
|
||||
+ else s
|
||||
+ where
|
||||
+ s = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText $ p
|
||||
|
||||
-- | Group input derivations by their name
|
||||
groupByName :: Map FilePath (Set Text) -> Map Text (Map FilePath (Set Text))
|
|
@ -1,13 +1,13 @@
|
|||
{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape
|
||||
, xmonad, xmonad-contrib
|
||||
}:
|
||||
mkDerivation {
|
||||
mkDerivation rec {
|
||||
pname = "xmonad-stockholm";
|
||||
version = "1.1.0";
|
||||
version = "1.1.1";
|
||||
src = fetchgit {
|
||||
url = http://cgit.ni.krebsco.de/xmonad-stockholm;
|
||||
rev = "179d29fd4c765dee698058ef63295331ac603639";
|
||||
sha256 = "0c6mj68xsxxr4j8adkzhjszi7bg6cpisrsmqn587a16sblpbrnkj";
|
||||
rev = "refs/tags/v${version}";
|
||||
sha256 = "05nnfg6q35z3qgf507qa80bz32jl4k719dl5phlmchplp3769585";
|
||||
};
|
||||
libraryHaskellDepends = [
|
||||
base containers X11 X11-xshape xmonad xmonad-contrib
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
{ stdenv, fetchurl, cmake, doxygen, zlib, openssl, bzip2, pkgconfig, libpthreadstubs }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "apt-cacher-ng-${version}";
|
||||
version = "2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz";
|
||||
sha256 = "0bkc3012vinridl5ch46pwnxjalymx4wf6nxax64nm7bdkcj9azf";
|
||||
};
|
||||
|
||||
NIX_LDFLAGS = "-lpthread";
|
||||
buildInputs = [ doxygen cmake zlib openssl bzip2 pkgconfig libpthreadstubs ];
|
||||
|
||||
meta = {
|
||||
description = "A caching proxy specialized for linux distribution files";
|
||||
homepage = http://www.unix-ag.uni-kl.de/~bloch/acng/;
|
||||
license = stdenv.lib.licenses.gpl2;
|
||||
maintainers = [ stdenv.lib.maintainers.makefu ];
|
||||
};
|
||||
}
|
30
krebs/5pkgs/simple/cidr2glob.nix
Normal file
30
krebs/5pkgs/simple/cidr2glob.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{ python, writeScriptBin, ... }:
|
||||
|
||||
let
|
||||
pythonEnv = python.withPackages (ps: [ ps.netaddr ]);
|
||||
in
|
||||
writeScriptBin "cidr2glob" ''
|
||||
#! ${pythonEnv}/bin/python
|
||||
|
||||
import netaddr
|
||||
import re
|
||||
import sys
|
||||
|
||||
def cidr2glob(cidr):
|
||||
net = netaddr.IPNetwork(cidr)
|
||||
|
||||
if net.prefixlen <= 8:
|
||||
return map(lambda subnet: re.sub(r'\.0\.0\.0$', '.*', str(subnet.ip)), net.subnet(8))
|
||||
elif net.prefixlen <= 16:
|
||||
return map(lambda subnet: re.sub(r'\.0\.0$', '.*', str(subnet.ip)), net.subnet(16))
|
||||
elif net.prefixlen <= 24:
|
||||
return map(lambda subnet: re.sub(r'\.0$', '.*', str(subnet.ip)), net.subnet(24))
|
||||
else:
|
||||
return map(lambda ip: str(ip), list(net))
|
||||
|
||||
if __name__ == "__main__":
|
||||
for cidr in sys.stdin:
|
||||
for glob in cidr2glob(cidr):
|
||||
print glob
|
||||
|
||||
''
|
38
krebs/5pkgs/simple/internetarchive/default.nix
Normal file
38
krebs/5pkgs/simple/internetarchive/default.nix
Normal file
|
@ -0,0 +1,38 @@
|
|||
{ pkgs, fetchFromGitHub, ... }:
|
||||
with pkgs.python3Packages;
|
||||
buildPythonPackage rec {
|
||||
pname = "internetarchive";
|
||||
version = "1.7.3";
|
||||
name = "${pname}-${version}";
|
||||
propagatedBuildInputs = [
|
||||
requests
|
||||
jsonpatch
|
||||
docopt
|
||||
clint
|
||||
six
|
||||
schema
|
||||
backports_csv
|
||||
];
|
||||
|
||||
# check only works when cloned from git repo
|
||||
doCheck = false;
|
||||
checkInputs = [
|
||||
pytest
|
||||
responses
|
||||
];
|
||||
|
||||
prePatch = ''
|
||||
sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py
|
||||
'';
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g";
|
||||
};
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "python library and cli for uploading files to internet archive";
|
||||
license = licenses.agpl3;
|
||||
};
|
||||
|
||||
}
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
pkgs.writeDashBin "krebszones" ''
|
||||
set -efu
|
||||
export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf
|
||||
export OVH_ZONE_CONFIG=''${OVH_ZONE_CONFIG:-$HOME/.secrets/krebs/ovh-zone.conf}
|
||||
case $* in
|
||||
import)
|
||||
set -- import /etc/zones/krebsco.de krebsco.de
|
||||
|
|
26
krebs/5pkgs/simple/slog/default.nix
Normal file
26
krebs/5pkgs/simple/slog/default.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ pkgs, stdenv, fetchFromGitHub }:
|
||||
|
||||
## use with:
|
||||
# . $(command -v slog.sh)
|
||||
stdenv.mkDerivation rec {
|
||||
name = "slog-${version}";
|
||||
version = "2017-10-27";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "makefu";
|
||||
repo = "slog";
|
||||
rev = "50367c3";
|
||||
sha256 = "16wlh8xz430101lrxmgl2wangbbhvyj4pg8k5aibnh76sgj6x77r";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
install -m755 slog.sh $out/bin
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "POSIX shell logging";
|
||||
license = licenses.mit;
|
||||
};
|
||||
|
||||
}
|
291
krebs/5pkgs/simple/stockholm/default.nix
Normal file
291
krebs/5pkgs/simple/stockholm/default.nix
Normal file
|
@ -0,0 +1,291 @@
|
|||
{ pkgs }: let
|
||||
|
||||
stockholm-dir = ../../../..;
|
||||
|
||||
lib = import (stockholm-dir + "/lib");
|
||||
|
||||
#
|
||||
# high level commands
|
||||
#
|
||||
|
||||
cmds.deploy = pkgs.withGetopt {
|
||||
diff = { default = /* sh */ "false"; switch = true; };
|
||||
force-populate = { default = /* sh */ "false"; switch = true; };
|
||||
quiet = { default = /* sh */ "false"; switch = true; };
|
||||
source_file = {
|
||||
default = /* sh */ "$user/1systems/$system/source.nix";
|
||||
long = "source";
|
||||
};
|
||||
system = {};
|
||||
target.default = /* sh */ "$system";
|
||||
user.default = /* sh */ "$LOGNAME";
|
||||
} (opts: pkgs.writeDash "stockholm.deploy" ''
|
||||
set -efu
|
||||
|
||||
. ${init.env}
|
||||
. ${init.proxy "deploy" opts}
|
||||
|
||||
if \test ${opts.diff.ref} = true; then
|
||||
|
||||
system_profile=/nix/var/nix/profiles/system
|
||||
system_drv_cur=/etc/system.drv
|
||||
|
||||
system_drv_new=$(
|
||||
${pkgs.nix}/bin/nix-instantiate \
|
||||
-Q \
|
||||
-I "$target_path" \
|
||||
-E '
|
||||
(import <nixpkgs/nixos/lib/eval-config.nix> {
|
||||
modules = [ <nixos-config> ];
|
||||
}).config.system.build.toplevel
|
||||
'
|
||||
)
|
||||
|
||||
if \test -e "$system_drv_cur"; then
|
||||
|
||||
system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur")
|
||||
system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new")
|
||||
|
||||
if \test "$system_drv_cur_c" = "$system_drv_new_c"; then
|
||||
echo "$0: system up to date" >&2
|
||||
exit 0
|
||||
fi
|
||||
|
||||
system_drv_cur=$system_drv_cur_c \
|
||||
system_drv_new=$system_drv_new_c \
|
||||
${pkgs.utillinux}/bin/script \
|
||||
--command '
|
||||
${pkgs.haskellPackages.nix-diff}/bin/nix-diff \
|
||||
"$system_drv_cur" "$system_drv_new"
|
||||
' \
|
||||
--quiet \
|
||||
--return \
|
||||
/dev/null
|
||||
|
||||
printf 'deploy? [N/y] ' >&2
|
||||
read -r REPLY
|
||||
if \test "$REPLY" != y; then
|
||||
echo "$0: abort!" >&2
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2
|
||||
fi
|
||||
|
||||
new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new")
|
||||
|
||||
${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system"
|
||||
PATH=${lib.makeBinPath [
|
||||
pkgs.systemd
|
||||
]} \
|
||||
"$system_profile"/bin/switch-to-configuration switch
|
||||
|
||||
${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur"
|
||||
exit
|
||||
fi
|
||||
|
||||
# Use system's nixos-rebuild, which is not self-contained
|
||||
export PATH=/run/current-system/sw/bin
|
||||
exec ${utils.with-whatsupnix} \
|
||||
nixos-rebuild switch \
|
||||
--show-trace \
|
||||
-I "$target_path"
|
||||
'');
|
||||
|
||||
cmds.install = pkgs.withGetopt {
|
||||
force-populate = { default = /* sh */ "false"; switch = true; };
|
||||
quiet = { default = /* sh */ "false"; switch = true; };
|
||||
source_file = {
|
||||
default = /* sh */ "$user/1systems/$system/source.nix";
|
||||
long = "source";
|
||||
};
|
||||
system = {};
|
||||
target = {};
|
||||
user.default = /* sh */ "$LOGNAME";
|
||||
} (opts: pkgs.writeBash "stockholm.install" ''
|
||||
set -efu
|
||||
|
||||
. ${init.env}
|
||||
|
||||
if \test "''${using_proxy-}" != true; then
|
||||
${pkgs.openssh}/bin/ssh \
|
||||
-o StrictHostKeyChecking=no \
|
||||
-o UserKnownHostsFile=/dev/null \
|
||||
"$target_user@$target_host" -p "$target_port" \
|
||||
env target_path=$(${pkgs.quote}/bin/quote "$target_path") \
|
||||
sh -s prepare \
|
||||
< ${stockholm-dir + "/krebs/4lib/infest/prepare.sh"}
|
||||
# TODO inline prepare.sh?
|
||||
fi
|
||||
|
||||
. ${init.proxy "install" opts}
|
||||
|
||||
# these variables get defined by nix-shell (i.e. nix-build) from
|
||||
# XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0),
|
||||
# which only exists on / and not at /mnt.
|
||||
export NIX_BUILD_TOP=/tmp
|
||||
export TEMPDIR=/tmp
|
||||
export TEMP=/tmp
|
||||
export TMPDIR=/tmp
|
||||
export TMP=/tmp
|
||||
export XDG_RUNTIME_DIR=/tmp
|
||||
|
||||
export NIXOS_CONFIG="$target_path/nixos-config"
|
||||
|
||||
cd
|
||||
exec nixos-install
|
||||
'');
|
||||
|
||||
cmds.test = pkgs.withGetopt {
|
||||
force-populate = { default = /* sh */ "false"; switch = true; };
|
||||
quiet = { default = /* sh */ "false"; switch = true; };
|
||||
source_file = {
|
||||
default = /* sh */ "$user/1systems/$system/source.nix";
|
||||
long = "source";
|
||||
};
|
||||
system = {};
|
||||
target = {};
|
||||
user.default = /* sh */ "$LOGNAME";
|
||||
} (opts: pkgs.writeDash "stockholm.test" /* sh */ ''
|
||||
set -efu
|
||||
|
||||
export dummy_secrets=true
|
||||
|
||||
. ${init.env}
|
||||
. ${init.proxy "test" opts}
|
||||
|
||||
exec ${utils.build} config.system.build.toplevel
|
||||
'');
|
||||
|
||||
#
|
||||
# low level commands
|
||||
#
|
||||
|
||||
# usage: get-source SOURCE_FILE
|
||||
cmds.get-source = pkgs.writeDash "stockholm.get-source" ''
|
||||
set -efu
|
||||
exec ${pkgs.nix}/bin/nix-instantiate \
|
||||
--eval \
|
||||
--json \
|
||||
--readonly-mode \
|
||||
--show-trace \
|
||||
--strict \
|
||||
"$1"
|
||||
'';
|
||||
|
||||
# usage: parse-target [--default=TARGET] TARGET
|
||||
# TARGET = [USER@]HOST[:PORT][/PATH]
|
||||
cmds.parse-target = pkgs.withGetopt {
|
||||
default_target = {
|
||||
long = "default";
|
||||
short = "d";
|
||||
};
|
||||
} (opts: pkgs.writeDash "stockholm.parse-target" ''
|
||||
set -efu
|
||||
target=$1; shift
|
||||
for arg; do echo "$0: bad argument: $arg" >&2; done
|
||||
if \test $# != 0; then exit 2; fi
|
||||
exec ${pkgs.jq}/bin/jq \
|
||||
-enr \
|
||||
--arg default_target "$default_target" \
|
||||
--arg target "$target" \
|
||||
-f ${pkgs.writeText "stockholm.parse-target.jq" ''
|
||||
def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | {
|
||||
user: .captures[0].string,
|
||||
host: .captures[1].string,
|
||||
port: .captures[2].string,
|
||||
path: .captures[3].string,
|
||||
};
|
||||
def sanitize: with_entries(select(.value != null));
|
||||
($default_target | parse) + ($target | parse | sanitize) |
|
||||
. + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) }
|
||||
''}
|
||||
'');
|
||||
|
||||
init.env = pkgs.writeText "init.env" /* sh */ ''
|
||||
|
||||
export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
|
||||
export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}"
|
||||
|
||||
export quiet
|
||||
export system
|
||||
export target
|
||||
export user
|
||||
|
||||
default_target=root@$system:22/var/src
|
||||
|
||||
export target_object="$(
|
||||
${cmds.parse-target} "$target" -d "$default_target"
|
||||
)"
|
||||
export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)"
|
||||
export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)"
|
||||
export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)"
|
||||
export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)"
|
||||
export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)"
|
||||
'';
|
||||
|
||||
init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ ''
|
||||
if \test "''${using_proxy-}" != true; then
|
||||
|
||||
source=$(${cmds.get-source} "$source_file")
|
||||
qualified_target=$target_user@$target_host:$target_port$target_path
|
||||
if \test "$force_populate" = true; then
|
||||
echo "$source" | ${pkgs.populate}/bin/populate --force "$qualified_target"
|
||||
else
|
||||
echo "$source" | ${pkgs.populate}/bin/populate "$qualified_target"
|
||||
fi
|
||||
|
||||
if \test "$target_local" != true; then
|
||||
exec ${pkgs.openssh}/bin/ssh \
|
||||
"$target_user@$target_host" -p "$target_port" \
|
||||
cd "$target_path/stockholm" \; \
|
||||
NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \
|
||||
STOCKHOLM_VERSION=$(${pkgs.quote}/bin/quote "$STOCKHOLM_VERSION") \
|
||||
nix-shell --run "$(${pkgs.quote}/bin/quote "
|
||||
${lib.concatStringsSep " " (lib.mapAttrsToList
|
||||
(name: opt: /* sh */
|
||||
"${opt.varname}=\$(${pkgs.quote}/bin/quote ${opt.ref})")
|
||||
opts
|
||||
)} \
|
||||
using_proxy=true \
|
||||
${lib.shell.escape command} \
|
||||
$WITHGETOPT_ORIG_ARGS \
|
||||
")"
|
||||
fi
|
||||
fi
|
||||
'';
|
||||
|
||||
utils.build = pkgs.writeDash "utils.build" ''
|
||||
set -efu
|
||||
${utils.with-whatsupnix} \
|
||||
${pkgs.nix}/bin/nix-build \
|
||||
--no-out-link \
|
||||
--show-trace \
|
||||
-E "with import <stockholm>; $1" \
|
||||
-I "$target_path" \
|
||||
'';
|
||||
|
||||
utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" ''
|
||||
set -efu
|
||||
if \test "$quiet" = true; then
|
||||
"$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix
|
||||
else
|
||||
exec "$@"
|
||||
fi
|
||||
'';
|
||||
|
||||
shell.get-version = pkgs.writeDash "stockholm.get-version" ''
|
||||
set -efu
|
||||
version=git.$(${pkgs.git}/bin/git describe --always --dirty)
|
||||
case $version in (*-dirty)
|
||||
version=$version@$HOSTNAME
|
||||
esac
|
||||
date=$(${pkgs.coreutils}/bin/date +%y.%m)
|
||||
echo "$date.$version"
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link:
|
||||
lib.nameValuePair "/bin/${name}" { inherit link; }
|
||||
) cmds)
|
|
@ -1,14 +1,18 @@
|
|||
{ stdenv, fetchurl, python3Packages }:
|
||||
{ stdenv, fetchFromGitHub, python3Packages }:
|
||||
|
||||
python3Packages.buildPythonPackage rec {
|
||||
name = "urlwatch-${meta.version}";
|
||||
python3Packages.buildPythonApplication rec {
|
||||
name = "urlwatch-${version}";
|
||||
version = "2.7";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/thp/urlwatch/archive/${meta.version}.tar.gz";
|
||||
sha256 = "09bn31gn03swi7yr3s1ql8x07hx96gap1ka77kk44kk0lvfxn55b";
|
||||
src = fetchFromGitHub {
|
||||
owner = "thp";
|
||||
repo = "urlwatch";
|
||||
rev = version;
|
||||
sha256 = "0fx964z73yv08b1lpymmjsigf6929zx9ax5bp34rcf2c5gk11l5m";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = with python3Packages; [
|
||||
appdirs
|
||||
keyring
|
||||
minidb
|
||||
pycodestyle
|
||||
|
@ -16,11 +20,10 @@ python3Packages.buildPythonPackage rec {
|
|||
requests
|
||||
];
|
||||
|
||||
meta = {
|
||||
meta = with stdenv.lib; {
|
||||
description = "A tool for monitoring webpages for updates";
|
||||
homepage = https://thp.io/2008/urlwatch/;
|
||||
license = stdenv.lib.licenses.bsd3;
|
||||
maintainers = [ stdenv.lib.maintainers.tv ];
|
||||
version = "2.6";
|
||||
license = licenses.bsd3;
|
||||
maintainers = with maintainers; [ tv ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -20,7 +20,7 @@ opt-spec: cmd-spec: let
|
|||
|
||||
# true if b requires a to define its default value
|
||||
opts-before = a: b:
|
||||
test ".*[$]${stringAsChars (c: "[${c}]") a.varname}\\>.*" (b.default or "");
|
||||
test ".*[$]${stringAsChars (c: "[${c}]") a.varname}([^0-9A-Za-z_].*)?" (b.default or "");
|
||||
|
||||
opts-list = let
|
||||
sort-out = toposort opts-before (attrValues opts);
|
||||
|
|
|
@ -14,6 +14,6 @@ in
|
|||
stockholm.file = toString <stockholm>;
|
||||
nixpkgs.git = {
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
ref = "07ca7b64d2ff2fa7a79e4eab1aba70ff746fed8c"; # nixos-17.09 @ 2017-10-02
|
||||
ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,328 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
{
|
||||
networking.interfaces.et0.ip4 = [
|
||||
{
|
||||
address = ip;
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
networking.defaultGateway = "213.239.205.225";
|
||||
networking.nameservers = [
|
||||
"8.8.8.8"
|
||||
];
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
|
||||
'';
|
||||
}
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/exim-smarthost.nix>
|
||||
#<stockholm/lass/2configs/downloading.nix>
|
||||
<stockholm/lass/2configs/ts3.nix>
|
||||
<stockholm/lass/2configs/bitlbee.nix>
|
||||
<stockholm/lass/2configs/weechat.nix>
|
||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||
<stockholm/lass/2configs/radio.nix>
|
||||
<stockholm/lass/2configs/repo-sync.nix>
|
||||
<stockholm/lass/2configs/binary-cache/server.nix>
|
||||
<stockholm/lass/2configs/iodined.nix>
|
||||
<stockholm/lass/2configs/libvirt.nix>
|
||||
<stockholm/lass/2configs/hfos.nix>
|
||||
<stockholm/lass/2configs/monitoring/server.nix>
|
||||
<stockholm/lass/2configs/monitoring/monit-alarms.nix>
|
||||
<stockholm/lass/2configs/paste.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
#<stockholm/lass/2configs/reaktor-coders.nix>
|
||||
<stockholm/lass/2configs/ciko.nix>
|
||||
<stockholm/lass/2configs/container-networking.nix>
|
||||
#<stockholm/lass/2configs/reaktor-krebs.nix>
|
||||
#{
|
||||
# lass.pyload.enable = true;
|
||||
#}
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass/2configs/bepasty.nix>
|
||||
];
|
||||
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
|
||||
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
|
||||
return 403;
|
||||
}
|
||||
'';
|
||||
}
|
||||
{
|
||||
users.extraGroups = {
|
||||
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
|
||||
# Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
|
||||
# Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
|
||||
# Docs: man:tmpfiles.d(5)
|
||||
# man:systemd-tmpfiles(8)
|
||||
# Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
|
||||
# Main PID: 19272 (code=exited, status=1/FAILURE)
|
||||
#
|
||||
# Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
|
||||
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
|
||||
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
|
||||
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
|
||||
# Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
|
||||
# Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
|
||||
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
|
||||
# warning: error(s) occured while switching to the new configuration
|
||||
lock.gid = 10001;
|
||||
};
|
||||
}
|
||||
{
|
||||
boot.loader.grub = {
|
||||
devices = [
|
||||
"/dev/sda"
|
||||
"/dev/sdb"
|
||||
];
|
||||
splashImage = null;
|
||||
};
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix"
|
||||
"vmw_pvscsi"
|
||||
];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/pool/nix";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36";
|
||||
};
|
||||
|
||||
fileSystems."/var/download" = {
|
||||
device = "/dev/pool/download";
|
||||
};
|
||||
|
||||
fileSystems."/srv/http" = {
|
||||
device = "/dev/pool/http";
|
||||
};
|
||||
|
||||
fileSystems."/srv/o.ubikmedia.de-data" = {
|
||||
device = "/dev/pool/owncloud-ubik-data";
|
||||
};
|
||||
|
||||
fileSystems."/bku" = {
|
||||
device = "/dev/pool/bku";
|
||||
};
|
||||
|
||||
fileSystems."/tmp" = {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
options = ["nosuid" "nodev" "noatime"];
|
||||
};
|
||||
|
||||
}
|
||||
{
|
||||
sound.enable = false;
|
||||
}
|
||||
{
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
}
|
||||
{
|
||||
#stuff for juhulian
|
||||
users.extraUsers.juhulian = {
|
||||
name = "juhulian";
|
||||
uid = 1339;
|
||||
home = "/home/juhulian";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
|
||||
];
|
||||
};
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
|
||||
];
|
||||
}
|
||||
{
|
||||
environment.systemPackages = [
|
||||
pkgs.perlPackages.Plack
|
||||
];
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 8080"; target = "ACCEPT";}
|
||||
];
|
||||
}
|
||||
{
|
||||
time.timeZone = "Europe/Berlin";
|
||||
}
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass/2configs/websites/domsen.nix>
|
||||
<stockholm/lass/2configs/websites/lassulus.nix>
|
||||
];
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
services.tor = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
||||
{
|
||||
lass.ejabberd = {
|
||||
enable = true;
|
||||
hosts = [ "lassul.us" ];
|
||||
};
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass/2configs/realwallpaper.nix>
|
||||
];
|
||||
services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
|
||||
alias /var/realwallpaper/realwallpaper.png;
|
||||
'';
|
||||
}
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
mk_sql_pair
|
||||
];
|
||||
}
|
||||
{
|
||||
users.users.tv = {
|
||||
uid = genid "tv";
|
||||
inherit (config.krebs.users.tv) home;
|
||||
group = "users";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.tv.pubkey
|
||||
];
|
||||
};
|
||||
users.users.makefu = {
|
||||
uid = genid "makefu";
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.makefu.pubkey
|
||||
];
|
||||
};
|
||||
users.users.nin = {
|
||||
uid = genid "nin";
|
||||
inherit (config.krebs.users.nin) home;
|
||||
group = "users";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.nin.pubkey
|
||||
];
|
||||
extraGroups = [
|
||||
"libvirtd"
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
krebs.repo-sync.timerConfig = {
|
||||
OnBootSec = "15min";
|
||||
OnUnitInactiveSec = "90min";
|
||||
RandomizedDelaySec = "30min";
|
||||
};
|
||||
krebs.repo-sync.repos.stockholm.timerConfig = {
|
||||
OnBootSec = "5min";
|
||||
OnUnitInactiveSec = "2min";
|
||||
RandomizedDelaySec = "2min";
|
||||
};
|
||||
}
|
||||
{
|
||||
lass.usershadow = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
||||
#{
|
||||
# krebs.Reaktor.prism = {
|
||||
# nickname = "Reaktor|lass";
|
||||
# channels = [ "#retiolum" ];
|
||||
# extraEnviron = {
|
||||
# REAKTOR_HOST = "ni.r";
|
||||
# };
|
||||
# plugins = with pkgs.ReaktorPlugins; [
|
||||
# sed-plugin
|
||||
# ];
|
||||
# };
|
||||
#}
|
||||
{
|
||||
#stuff for dritter
|
||||
users.extraUsers.dritter = {
|
||||
name = "dritter";
|
||||
uid = genid "dritter";
|
||||
home = "/home/dritter";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
"download"
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
#hotdog
|
||||
containers.hotdog = {
|
||||
config = { ... }: {
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.1";
|
||||
localAddress = "10.233.2.2";
|
||||
};
|
||||
}
|
||||
{
|
||||
#kaepsele
|
||||
containers.kaepsele = {
|
||||
config = { ... }: {
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
lass.pubkey
|
||||
tv.pubkey
|
||||
];
|
||||
};
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.3";
|
||||
localAddress = "10.233.2.4";
|
||||
};
|
||||
}
|
||||
{
|
||||
#onondaga
|
||||
containers.onondaga = {
|
||||
config = { ... }: {
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.nin.pubkey
|
||||
];
|
||||
};
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.4";
|
||||
localAddress = "10.233.2.5";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.archprism;
|
||||
}
|
|
@ -37,6 +37,9 @@ with import <stockholm/lib>;
|
|||
networkmanagerapplet
|
||||
libreoffice
|
||||
audacity
|
||||
zathura
|
||||
skype
|
||||
wine
|
||||
];
|
||||
services.xserver.enable = true;
|
||||
services.xserver.displayManager.lightdm.enable = true;
|
||||
|
@ -52,8 +55,10 @@ with import <stockholm/lib>;
|
|||
name = "bitcoin";
|
||||
description = "user for bitcoin stuff";
|
||||
home = "/home/bitcoin";
|
||||
isNormalUser = true;
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
extraGroups = [ "audio" ];
|
||||
};
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
|
|
|
@ -10,8 +10,12 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/pass.nix>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/otp-ssh.nix>
|
||||
<stockholm/lass/2configs/git.nix>
|
||||
# TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined
|
||||
#<stockholm/lass/2configs/git.nix>
|
||||
<stockholm/lass/2configs/dcso-vpn.nix>
|
||||
<stockholm/lass/2configs/virtualbox.nix>
|
||||
<stockholm/lass/2configs/dcso-dev.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
{ # automatic hardware detection
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
|
@ -59,6 +63,13 @@ with import <stockholm/lib>;
|
|||
maxTime = 9001;
|
||||
};
|
||||
}
|
||||
{
|
||||
#urban terror port
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 27960"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport 27960"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
];
|
||||
krebs.build.host = config.krebs.hosts.helios;
|
||||
|
||||
|
@ -68,6 +79,16 @@ with import <stockholm/lib>;
|
|||
repo = [ config.krebs.git.repos.stockholm ];
|
||||
perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ];
|
||||
}
|
||||
{
|
||||
lass.umts = {
|
||||
enable = true;
|
||||
modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09";
|
||||
initstrings = ''
|
||||
Init1 = AT+CFUN=1
|
||||
Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
|
||||
'';
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
|
@ -80,7 +101,6 @@ with import <stockholm/lib>;
|
|||
environment.systemPackages = with pkgs; [
|
||||
ag
|
||||
vim
|
||||
rxvt_unicode
|
||||
git
|
||||
rsync
|
||||
hashPassword
|
||||
|
@ -100,11 +120,16 @@ with import <stockholm/lib>;
|
|||
|
||||
services.xserver.videoDrivers = [ "nvidia" ];
|
||||
services.xserver.xrandrHeads = [
|
||||
{ output = "DP-0.8"; }
|
||||
{ output = "DP-4"; monitorConfig = ''Option "Rotate" "right"''; }
|
||||
{ output = "DP-2"; primary = true; }
|
||||
{ output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
|
||||
{ output = "DP-0"; }
|
||||
];
|
||||
|
||||
services.xserver.displayManager.sessionCommands = ''
|
||||
${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
|
||||
${pkgs.systemd}/bin/systemctl start xresources.service
|
||||
'';
|
||||
|
||||
networking.hostName = lib.mkForce "BLN02NB0162";
|
||||
|
||||
security.pki.certificateFiles = [
|
||||
|
@ -123,8 +148,6 @@ with import <stockholm/lib>;
|
|||
programs.adb.enable = true;
|
||||
users.users.mainUser.extraGroups = [ "adbusers" ];
|
||||
|
||||
services.printing = {
|
||||
enable = true;
|
||||
drivers = [ pkgs.postscript-lexmark ];
|
||||
};
|
||||
services.printing.drivers = [ pkgs.postscript-lexmark ];
|
||||
|
||||
}
|
||||
|
|
84
lass/1systems/littleT/config.nix
Normal file
84
lass/1systems/littleT/config.nix
Normal file
|
@ -0,0 +1,84 @@
|
|||
with import <stockholm/lib>;
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs/hw/x220.nix>
|
||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
{
|
||||
users.users.blacky = {
|
||||
uid = genid "blacky";
|
||||
home = "/home/blacky";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"networkmanager"
|
||||
"video"
|
||||
];
|
||||
useDefaultShell = true;
|
||||
};
|
||||
networking.networkmanager.enable = true;
|
||||
networking.wireless.enable = mkForce false;
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
pavucontrol
|
||||
chromium
|
||||
hexchat
|
||||
networkmanagerapplet
|
||||
vlc
|
||||
];
|
||||
services.xserver.enable = true;
|
||||
services.xserver.displayManager.lightdm.enable = true;
|
||||
services.xserver.desktopManager.plasma5.enable = true;
|
||||
services.xserver.layout = "de";
|
||||
users.mutableUsers = mkForce true;
|
||||
services.xserver.synaptics.enable = true;
|
||||
}
|
||||
{
|
||||
#remote control
|
||||
environment.systemPackages = with pkgs; [
|
||||
x11vnc
|
||||
];
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
hardware.trackpoint = {
|
||||
enable = true;
|
||||
sensitivity = 220;
|
||||
speed = 0;
|
||||
emulateWheel = true;
|
||||
};
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
HandleLidSwitch=ignore
|
||||
'';
|
||||
|
||||
krebs.build.host = config.krebs.hosts.littleT;
|
||||
|
||||
#fileSystems = {
|
||||
# "/bku" = {
|
||||
# device = "/dev/mapper/pool-bku";
|
||||
# fsType = "btrfs";
|
||||
# options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||
# };
|
||||
#};
|
||||
|
||||
#services.udev.extraRules = ''
|
||||
# SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
|
||||
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
|
||||
#'';
|
||||
}
|
|
@ -1,3 +1,4 @@
|
|||
import <stockholm/lass/source.nix> {
|
||||
name = "archprism";
|
||||
name = "littleT";
|
||||
secure = true;
|
||||
}
|
|
@ -29,7 +29,7 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/syncthing.nix>
|
||||
<stockholm/lass/2configs/otp-ssh.nix>
|
||||
<stockholm/lass/2configs/c-base.nix>
|
||||
<stockholm/tv/2configs/br.nix>
|
||||
<stockholm/lass/2configs/br.nix>
|
||||
{
|
||||
#risk of rain port
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
|
@ -135,6 +135,8 @@ with import <stockholm/lib>;
|
|||
|
||||
macchanger
|
||||
dpass
|
||||
|
||||
dnsutils
|
||||
];
|
||||
|
||||
#TODO: fix this shit
|
||||
|
@ -177,7 +179,7 @@ with import <stockholm/lib>;
|
|||
echo 'secrets are crypted' >&2
|
||||
exit 23
|
||||
else
|
||||
exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
|
||||
exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"'
|
||||
fi
|
||||
'';
|
||||
predeploy = pkgs.writeDash "predeploy" ''
|
||||
|
@ -192,4 +194,8 @@ with import <stockholm/lib>;
|
|||
exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate'
|
||||
'';
|
||||
};
|
||||
|
||||
#nix.package = pkgs.nixUnstable;
|
||||
programs.adb.enable = true;
|
||||
users.users.mainUser.extraGroups = [ "adbusers" ];
|
||||
}
|
||||
|
|
|
@ -67,6 +67,11 @@ in {
|
|||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/bku" = {
|
||||
device = "/dev/pool/bku";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{ label = "swap1"; }
|
||||
{ label = "swap2"; }
|
||||
|
@ -220,8 +225,8 @@ in {
|
|||
};
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.4";
|
||||
localAddress = "10.233.2.5";
|
||||
hostAddress = "10.233.2.5";
|
||||
localAddress = "10.233.2.6";
|
||||
};
|
||||
}
|
||||
<stockholm/lass/2configs/exim-smarthost.nix>
|
||||
|
@ -280,6 +285,17 @@ in {
|
|||
{ predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
<stockholm/krebs/2configs/reaktor-krebs.nix>
|
||||
<stockholm/lass/2configs/dcso-dev.nix>
|
||||
{
|
||||
krebs.git.rules = [
|
||||
{
|
||||
user = [ config.krebs.users.jeschli ];
|
||||
repo = [ config.krebs.git.repos.stockholm ];
|
||||
perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.prism;
|
||||
|
|
40
lass/1systems/xerxes/config.nix
Normal file
40
lass/1systems/xerxes/config.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs/hw/gpd-pocket.nix>
|
||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/baseX.nix>
|
||||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.xerxes;
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0"
|
||||
'';
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/16C8-D053";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/home" = {
|
||||
device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ];
|
||||
networking.wireless.enable = true;
|
||||
}
|
11
lass/1systems/xerxes/source.nix
Normal file
11
lass/1systems/xerxes/source.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
with import <stockholm/lib>;
|
||||
import <stockholm/lass/source.nix> {
|
||||
name = "xerxes";
|
||||
secure = true;
|
||||
override = {
|
||||
nixpkgs.git = mkForce {
|
||||
url = https://github.com/lassulus/nixpkgs;
|
||||
ref = "3eccd0b";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
security.audit = {
|
||||
rules = [
|
||||
"-a task,never"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -7,9 +7,9 @@ in {
|
|||
./mpv.nix
|
||||
./power-action.nix
|
||||
./copyq.nix
|
||||
./xresources.nix
|
||||
./livestream.nix
|
||||
./dns-stuff.nix
|
||||
./urxvt.nix
|
||||
{
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
|
@ -41,6 +41,11 @@ in {
|
|||
default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
|
||||
};
|
||||
};
|
||||
config.services.xresources.resources.X = ''
|
||||
*.font: ${config.lass.fonts.regular}
|
||||
*.boldFont: ${config.lass.fonts.bold}
|
||||
*.italicFont: ${config.lass.fonts.italic}
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
|
@ -64,9 +69,11 @@ in {
|
|||
dic
|
||||
dmenu
|
||||
gi
|
||||
git-preview
|
||||
gitAndTools.qgit
|
||||
lm_sensors
|
||||
haskellPackages.hledger
|
||||
lm_sensors
|
||||
mpv-poll
|
||||
much
|
||||
ncdu
|
||||
nix-repl
|
||||
|
@ -74,21 +81,20 @@ in {
|
|||
pavucontrol
|
||||
powertop
|
||||
push
|
||||
rxvt_unicode_with-plugins
|
||||
screengrab
|
||||
slock
|
||||
sxiv
|
||||
termite
|
||||
xclip
|
||||
xorg.xbacklight
|
||||
xorg.xhost
|
||||
xsel
|
||||
youtube-tools
|
||||
yt-next
|
||||
zathura
|
||||
|
||||
mpv-poll
|
||||
yt-next
|
||||
|
||||
youtube-tools
|
||||
|
||||
rxvt_unicode
|
||||
termite
|
||||
cabal2nix
|
||||
];
|
||||
|
||||
fonts.fonts = with pkgs; [
|
||||
|
@ -98,42 +104,15 @@ in {
|
|||
xlibs.fontschumachermisc
|
||||
];
|
||||
|
||||
lass.xserver.enable = true;
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
|
||||
desktopManager.xterm.enable = false;
|
||||
desktopManager.default = "none";
|
||||
displayManager.lightdm.enable = true;
|
||||
displayManager.lightdm.autoLogin = {
|
||||
enable = true;
|
||||
user = "lass";
|
||||
};
|
||||
windowManager.default = "xmonad";
|
||||
windowManager.session = [{
|
||||
name = "xmonad";
|
||||
start = ''
|
||||
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
|
||||
${pkgs.xmonad-lass}/bin/xmonad &
|
||||
waitPID=$!
|
||||
'';
|
||||
}];
|
||||
|
||||
layout = "us";
|
||||
xkbModel = "evdev";
|
||||
xkbVariant = "altgr-intl";
|
||||
xkbOptions = "caps:backspace";
|
||||
};
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
HandleLidSwitch=ignore
|
||||
'';
|
||||
|
||||
services.xserver.synaptics = {
|
||||
enable = true;
|
||||
twoFingerScroll = true;
|
||||
accelFactor = "0.035";
|
||||
};
|
||||
|
||||
services.urxvtd.enable = true;
|
||||
services.xresources.enable = true;
|
||||
lass.screenlock.enable = true;
|
||||
}
|
||||
|
|
|
@ -18,7 +18,7 @@ with import <stockholm/lib>;
|
|||
netDevices = {
|
||||
bra = {
|
||||
model = "MFCL2700DN";
|
||||
ip = "10.23.42.221";
|
||||
ip = "10.42.23.221";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -5,19 +5,23 @@ let
|
|||
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
|
||||
browser-select = pkgs.writeScriptBin "browser-select" ''
|
||||
BROWSER=$(echo -e "${concatStringsSep "\\n" (attrNames config.lass.browser.paths)}" | ${pkgs.dmenu}/bin/dmenu)
|
||||
browser-select = let
|
||||
sortedPaths = sort (a: b: a.value.precedence > b.value.precedence)
|
||||
(mapAttrsToList (name: value: { inherit name value; })
|
||||
config.lass.browser.paths);
|
||||
in pkgs.writeScriptBin "browser-select" ''
|
||||
BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu)
|
||||
case $BROWSER in
|
||||
${concatMapStringsSep "\n" (n: ''
|
||||
${n})
|
||||
export BIN=${config.lass.browser.paths.${n}}/bin/${n}
|
||||
${n.name})
|
||||
export BIN=${n.value.path}/bin/${n.name}
|
||||
;;
|
||||
'') (attrNames config.lass.browser.paths)}
|
||||
'') (sortedPaths)}
|
||||
esac
|
||||
$BIN "$@"
|
||||
'';
|
||||
|
||||
createChromiumUser = name: extraGroups:
|
||||
createChromiumUser = name: extraGroups: precedence:
|
||||
let
|
||||
bin = pkgs.writeScriptBin name ''
|
||||
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
|
||||
|
@ -31,7 +35,7 @@ let
|
|||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
lass.browser.paths.${name} = bin;
|
||||
lass.browser.paths.${name}.path = bin;
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
||||
'';
|
||||
|
@ -40,10 +44,10 @@ let
|
|||
];
|
||||
};
|
||||
|
||||
createFirefoxUser = name: extraGroups:
|
||||
createFirefoxUser = name: extraGroups: precedence:
|
||||
let
|
||||
bin = pkgs.writeScriptBin name ''
|
||||
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
|
||||
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@
|
||||
'';
|
||||
in {
|
||||
users.extraUsers.${name} = {
|
||||
|
@ -54,7 +58,10 @@ let
|
|||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
lass.browser.paths.${name} = bin;
|
||||
lass.browser.paths.${name} = {
|
||||
path = bin;
|
||||
inherit precedence;
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
||||
'';
|
||||
|
@ -79,14 +86,24 @@ in {
|
|||
type = types.path;
|
||||
};
|
||||
options.lass.browser.paths = mkOption {
|
||||
type = with types; attrsOf path;
|
||||
type = types.attrsOf (types.submodule ({
|
||||
options = {
|
||||
path = mkOption {
|
||||
type = types.path;
|
||||
};
|
||||
precedence = mkOption {
|
||||
type = types.int;
|
||||
default = 0;
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
}
|
||||
( createFirefoxUser "ff" [ "audio" ] )
|
||||
( createChromiumUser "cr" [ "video" "audio" ] )
|
||||
( createFirefoxUser "ff" [ "audio" ] 10 )
|
||||
( createChromiumUser "cr" [ "video" "audio" ] 9 )
|
||||
( createChromiumUser "gm" [ "video" "audio" ] 8 )
|
||||
( createChromiumUser "wk" [ "video" "audio" ] )
|
||||
( createChromiumUser "fb" [ "video" "audio" ] )
|
||||
( createChromiumUser "gm" [ "video" "audio" ] )
|
||||
( createChromiumUser "com" [ "video" "audio" ] )
|
||||
];
|
||||
}
|
||||
|
|
|
@ -21,9 +21,9 @@ let
|
|||
in {
|
||||
systemd.services.copyq = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "display-manager.service" ];
|
||||
requires = [ "xserver.service" ];
|
||||
environment = {
|
||||
DISPLAY = ":0";
|
||||
DISPLAY = ":${toString config.services.xserver.display}";
|
||||
};
|
||||
path = with pkgs; [
|
||||
qt5.full
|
||||
|
|
53
lass/2configs/dcso-dev.nix
Normal file
53
lass/2configs/dcso-dev.nix
Normal file
|
@ -0,0 +1,53 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
inherit (import <stockholm/lib>) genid;
|
||||
|
||||
in {
|
||||
users.extraUsers = {
|
||||
dev = {
|
||||
name = "dev";
|
||||
uid = genid "dev";
|
||||
description = "user for collaborative development";
|
||||
home = "/home/dev";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.lass-android.pubkey
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
|
||||
];
|
||||
packages = with pkgs; [
|
||||
emacs25-nox
|
||||
|
||||
(pkgs.symlinkJoin {
|
||||
name = "tmux";
|
||||
paths = [
|
||||
(pkgs.writeDashBin "tmux" ''
|
||||
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
|
||||
set-option -g default-terminal screen-256color
|
||||
|
||||
#use session instead of windows
|
||||
bind-key c new-session
|
||||
bind-key p switch-client -p
|
||||
bind-key n switch-client -n
|
||||
bind-key C-s switch-client -l
|
||||
''} "$@"
|
||||
'')
|
||||
pkgs.tmux
|
||||
];
|
||||
})
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
krebs.per-user.dev.packages = [
|
||||
pkgs.go
|
||||
];
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(dev) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
|
@ -2,7 +2,6 @@
|
|||
with import <stockholm/lib>;
|
||||
{
|
||||
imports = [
|
||||
../2configs/audit.nix
|
||||
../2configs/binary-cache/client.nix
|
||||
../2configs/gc.nix
|
||||
../2configs/mc.nix
|
||||
|
@ -23,6 +22,7 @@ with import <stockholm/lib>;
|
|||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.lass-shodan.pubkey
|
||||
config.krebs.users.lass-icarus.pubkey
|
||||
config.krebs.users.lass-xerxes.pubkey
|
||||
];
|
||||
};
|
||||
mainUser = {
|
||||
|
|
|
@ -46,6 +46,9 @@ with import <stockholm/lib>;
|
|||
{ from = "apple@lassul.us"; to = lass.mail; }
|
||||
{ from = "coinbase@lassul.us"; to = lass.mail; }
|
||||
{ from = "tomtop@lassul.us"; to = lass.mail; }
|
||||
{ from = "aliexpress@lassul.us"; to = lass.mail; }
|
||||
{ from = "business@lassul.us"; to = lass.mail; }
|
||||
{ from = "payeer@lassul.us"; to = lass.mail; }
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
|
|
|
@ -57,7 +57,7 @@ let
|
|||
|
||||
in {
|
||||
environment.systemPackages = with pkgs; [
|
||||
dwarf_fortress
|
||||
(dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; })
|
||||
doom1
|
||||
doom2
|
||||
vdoom1
|
||||
|
|
28
lass/2configs/hw/gpd-pocket.nix
Normal file
28
lass/2configs/hw/gpd-pocket.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
dummy_firmware = pkgs.writeTextFile {
|
||||
name = "brcmfmac4356-pcie.txt";
|
||||
text = builtins.readFile ./brcmfmac4356-pcie.txt;
|
||||
destination = "/lib/firmware/brcm/brcmfmac4356-pcie.txt";
|
||||
};
|
||||
in {
|
||||
#imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
||||
hardware.firmware = [ dummy_firmware ];
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" "sdhci_pci" ];
|
||||
boot.kernelPackages = pkgs.linuxPackages_4_14;
|
||||
boot.kernelParams = [
|
||||
"fbcon=rotate:1"
|
||||
];
|
||||
services.xserver.displayManager.sessionCommands = ''
|
||||
(sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right)
|
||||
(sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1)
|
||||
'';
|
||||
services.xserver.dpi = 200;
|
||||
fonts.fontconfig.dpi = 200;
|
||||
lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola";
|
||||
lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola";
|
||||
lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol";
|
||||
}
|
|
@ -29,4 +29,9 @@
|
|||
options = ["nosuid" "nodev" "noatime"];
|
||||
};
|
||||
};
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
HandleLidSwitch=ignore
|
||||
'';
|
||||
|
||||
}
|
||||
|
|
|
@ -76,6 +76,7 @@ let
|
|||
"INBOX" "notmuch://?query=tag:inbox \
|
||||
and NOT to:nix-devel\
|
||||
and NOT to:shackspace\
|
||||
and NOT to:security\
|
||||
and NOT to:c-base" \
|
||||
"shack" "notmuch://?query=to:shackspace"\
|
||||
"c-base" "notmuch://?query=to:c-base"\
|
||||
|
|
|
@ -22,15 +22,22 @@ let
|
|||
});
|
||||
};
|
||||
in {
|
||||
rules = with git; singleton {
|
||||
user = with config.krebs.users; [
|
||||
config.krebs.users."${config.networking.hostName}-repo-sync"
|
||||
lass
|
||||
lass-shodan
|
||||
];
|
||||
repo = [ repo ];
|
||||
perm = push ''refs/*'' [ non-fast-forward create delete merge ];
|
||||
};
|
||||
rules = with git; [
|
||||
{
|
||||
user = with config.krebs.users; [
|
||||
config.krebs.users."${config.networking.hostName}-repo-sync"
|
||||
lass
|
||||
lass-shodan
|
||||
];
|
||||
repo = [ repo ];
|
||||
perm = push ''refs/*'' [ non-fast-forward create delete merge ];
|
||||
}
|
||||
{
|
||||
user = attrValues config.krebs.users;
|
||||
repo = [ repo ];
|
||||
perm = fetch;
|
||||
}
|
||||
];
|
||||
repos."${name}" = repo;
|
||||
};
|
||||
|
||||
|
|
|
@ -1,40 +1,32 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (config.users.extraUsers) mainUser;
|
||||
|
||||
in
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
imports = [
|
||||
../3modules/urxvtd.nix
|
||||
../3modules/xresources.nix
|
||||
];
|
||||
services.urxvtd.enable = true;
|
||||
|
||||
services.urxvtd = {
|
||||
enable = true;
|
||||
users = [ mainUser.name ];
|
||||
urxvtPackage = pkgs.rxvt_unicode_with-plugins;
|
||||
};
|
||||
services.xresources.enable = true;
|
||||
services.xresources.resources.urxvt = ''
|
||||
URxvt*scrollBar: false
|
||||
URxvt*urgentOnBell: true
|
||||
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
|
||||
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
|
||||
URxvt*SaveLines: 4096
|
||||
URxvt*scrollBar: false
|
||||
URxvt*urgentOnBell: true
|
||||
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
|
||||
URxvt.url-select.launcher: browser-select
|
||||
|
||||
${optionalString (hasAttr "browser" config.lass)
|
||||
"URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select"
|
||||
}
|
||||
|
||||
URxvt.url-select.underline: true
|
||||
URxvt.keysym.M-u: perl:url-select:select_next
|
||||
URxvt.keysym.M-Escape: perl:keyboard-select:activate
|
||||
URxvt.keysym.M-s: perl:keyboard-select:search
|
||||
|
||||
URxvt.intensityStyles: false
|
||||
URxvt.intensityStyles: false
|
||||
|
||||
URxvt*background: #000000
|
||||
URxvt*foreground: #ffffff
|
||||
URxvt*background: #000000
|
||||
URxvt*foreground: #ffffff
|
||||
|
||||
!change unreadable blue
|
||||
URxvt*color4: #268bd2
|
||||
URxvt*color4: #268bd2
|
||||
|
||||
URxvt*color0: #232342
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -98,8 +98,13 @@ let
|
|||
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
|
||||
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
|
||||
|
||||
" search with ack
|
||||
let g:ackprg = 'ag --vimgrep'
|
||||
cnoreabbrev Ack Ack!
|
||||
|
||||
" copy/paste from/to xclipboard
|
||||
noremap x "_x
|
||||
set clipboard=unnamedplus
|
||||
'';
|
||||
|
||||
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
|
||||
|
|
|
@ -147,12 +147,32 @@ in {
|
|||
in ''
|
||||
alias ${initscript};
|
||||
'';
|
||||
locations."/pub".extraConfig = ''
|
||||
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
|
||||
'';
|
||||
};
|
||||
|
||||
security.acme.certs."cgit.lassul.us" = {
|
||||
email = "lassulus@lassul.us";
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
plugins = [
|
||||
"account_key.json"
|
||||
"fullchain.pem"
|
||||
"key.pem"
|
||||
];
|
||||
group = "nginx";
|
||||
user = "nginx";
|
||||
};
|
||||
|
||||
|
||||
services.nginx.virtualHosts.cgit = {
|
||||
serverName = "cgit.lassul.us";
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
|
||||
locations."/.well-known/acme-challenge".extraConfig = ''
|
||||
root /var/lib/acme/acme-challenge;
|
||||
'';
|
||||
};
|
||||
|
||||
users.users.blog = {
|
||||
|
|
|
@ -4,10 +4,6 @@ let
|
|||
mainUser = config.users.extraUsers.mainUser;
|
||||
|
||||
in {
|
||||
krebs.per-user.wine.packages = with pkgs; [
|
||||
wine
|
||||
#(wineFull.override { wineBuild = "wine64"; })
|
||||
];
|
||||
users.users= {
|
||||
wine = {
|
||||
name = "wine";
|
||||
|
@ -19,9 +15,27 @@ in {
|
|||
"video"
|
||||
];
|
||||
createHome = true;
|
||||
packages = [
|
||||
pkgs.wine
|
||||
];
|
||||
};
|
||||
wine64 = {
|
||||
name = "wine64";
|
||||
description = "user for running wine in 64bit";
|
||||
home = "/home/wine64";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
];
|
||||
createHome = true;
|
||||
packages = [
|
||||
(pkgs.wine.override { wineBuild = "wineWow"; })
|
||||
];
|
||||
};
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(wine) NOPASSWD: ALL
|
||||
${mainUser.name} ALL=(wine64) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -1,63 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
|
||||
xresources = pkgs.writeText "Xresources" ''
|
||||
URxvt*scrollBar: false
|
||||
URxvt*urgentOnBell: true
|
||||
URxvt*SaveLines: 4096
|
||||
|
||||
URxvt.font: ${config.lass.fonts.regular}
|
||||
URxvt.boldFont: ${config.lass.fonts.bold}
|
||||
URxvt.italicFont: ${config.lass.fonts.italic}
|
||||
|
||||
! ref https://github.com/muennich/urxvt-perls
|
||||
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
|
||||
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
|
||||
${optionalString (hasAttr "browser" config.lass)
|
||||
"URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select"
|
||||
}
|
||||
URxvt.url-select.underline: true
|
||||
URxvt.keysym.M-u: perl:url-select:select_next
|
||||
URxvt.keysym.M-Escape: perl:keyboard-select:activate
|
||||
URxvt.keysym.M-s: perl:keyboard-select:search
|
||||
|
||||
URxvt.intensityStyles: false
|
||||
|
||||
URxvt*background: #000000
|
||||
URxvt*foreground: #d0d7d0
|
||||
|
||||
URxvt*cursorColor: #f042b0
|
||||
URxvt*cursorColor2: #f0b000
|
||||
URxvt*cursorBlink: off
|
||||
|
||||
URxvt*.pointerBlank: true
|
||||
URxvt*.pointerBlankDelay: 987654321
|
||||
URxvt*.pointerColor: #f042b0
|
||||
URxvt*.pointerColor2: #050505
|
||||
|
||||
URxvt*color0: #232342
|
||||
'';
|
||||
|
||||
in {
|
||||
systemd.services.xresources = {
|
||||
description = "xresources";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "display-manager.service" ];
|
||||
|
||||
environment = {
|
||||
DISPLAY = ":0";
|
||||
};
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
|
||||
Restart = "on-failure";
|
||||
User = "lass";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -11,6 +11,7 @@ _:
|
|||
./screenlock.nix
|
||||
./umts.nix
|
||||
./usershadow.nix
|
||||
./xserver
|
||||
./xresources.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@ let
|
|||
before = [ "sleep.target" ];
|
||||
wantedBy = [ "sleep.target" ];
|
||||
environment = {
|
||||
DISPLAY = ":0";
|
||||
DISPLAY = ":${toString config.services.xserver.display}";
|
||||
};
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "screenlock";
|
||||
|
|
|
@ -4,16 +4,13 @@
|
|||
#prefix with Attribute Name
|
||||
#ex: urxvt
|
||||
|
||||
#
|
||||
#
|
||||
with builtins;
|
||||
with lib;
|
||||
|
||||
|
||||
let
|
||||
|
||||
inherit (import ../../tv/4lib { inherit pkgs lib; }) shell-escape;
|
||||
inherit (pkgs) writeScript;
|
||||
inherit (pkgs) writeScript writeText;
|
||||
|
||||
in
|
||||
|
||||
|
@ -46,12 +43,16 @@ in
|
|||
config =
|
||||
let
|
||||
cfg = config.services.xresources;
|
||||
xres = concatStringsSep "\n" (attrValues cfg.resources);
|
||||
xres = writeText "xresources" (concatStringsSep "\n" (attrValues cfg.resources));
|
||||
|
||||
in mkIf cfg.enable {
|
||||
services.xserver.displayManager.sessionCommands = ''
|
||||
echo ${shell-escape xres} | xrdb -merge
|
||||
${pkgs.xorg.xrdb}/bin/xrdb -merge ${xres}
|
||||
'';
|
||||
environment.systemPackages = [
|
||||
(pkgs.writeDashBin "updateXresources" ''
|
||||
${pkgs.xorg.xrdb}/bin/xrdb -merge ${xres}
|
||||
'')
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
101
lass/3modules/xserver/default.nix
Normal file
101
lass/3modules/xserver/default.nix
Normal file
|
@ -0,0 +1,101 @@
|
|||
{ config, pkgs, ... }@args:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
|
||||
out = {
|
||||
options.lass.xserver = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
user = config.krebs.build.user;
|
||||
|
||||
cfg = config.lass.xserver;
|
||||
xcfg = config.services.xserver;
|
||||
api = {
|
||||
enable = mkEnableOption "lass xserver";
|
||||
};
|
||||
imp = {
|
||||
|
||||
services.xserver = {
|
||||
# Don't install feh into systemPackages
|
||||
# refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
|
||||
desktopManager.session = mkForce [];
|
||||
|
||||
enable = true;
|
||||
display = 11;
|
||||
tty = 11;
|
||||
};
|
||||
|
||||
systemd.services.display-manager.enable = false;
|
||||
|
||||
systemd.services.xmonad = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "xserver.service" ];
|
||||
environment = {
|
||||
DISPLAY = ":${toString xcfg.display}";
|
||||
|
||||
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
|
||||
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
|
||||
${xcfg.displayManager.sessionCommands}
|
||||
wait
|
||||
'';
|
||||
|
||||
XMONAD_DATA_DIR = "/tmp";
|
||||
};
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "xmonad";
|
||||
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
|
||||
ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
|
||||
User = user.name;
|
||||
WorkingDirectory = user.home;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.xserver = {
|
||||
after = [
|
||||
"systemd-udev-settle.service"
|
||||
"local-fs.target"
|
||||
"acpid.service"
|
||||
];
|
||||
reloadIfChanged = true;
|
||||
environment = {
|
||||
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
|
||||
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
|
||||
LD_LIBRARY_PATH = concatStringsSep ":" (
|
||||
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
|
||||
++ concatLists (catAttrs "libPath" xcfg.drivers));
|
||||
};
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "xserver";
|
||||
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
|
||||
ExecStart = toString [
|
||||
"${pkgs.xorg.xorgserver}/bin/X"
|
||||
":${toString xcfg.display}"
|
||||
"vt${toString xcfg.tty}"
|
||||
"-config ${import ./xserver.conf.nix args}"
|
||||
"-logfile /dev/null -logverbose 0 -verbose 3"
|
||||
"-nolisten tcp"
|
||||
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
|
||||
(optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
|
||||
];
|
||||
};
|
||||
};
|
||||
services.xresources.resources.dpi = ''
|
||||
${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"}
|
||||
'';
|
||||
systemd.services.urxvtd = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
reloadIfChanged = true;
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "urxvtd";
|
||||
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
|
||||
ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd";
|
||||
Restart = "always";
|
||||
RestartSec = "2s";
|
||||
StartLimitBurst = 0;
|
||||
User = user.name;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
in out
|
40
lass/3modules/xserver/xserver.conf.nix
Normal file
40
lass/3modules/xserver/xserver.conf.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
cfg = config.services.xserver;
|
||||
in
|
||||
|
||||
pkgs.stdenv.mkDerivation {
|
||||
name = "xserver.conf";
|
||||
|
||||
xfs = optionalString (cfg.useXFS != false)
|
||||
''FontPath "${toString cfg.useXFS}"'';
|
||||
|
||||
inherit (cfg) config;
|
||||
|
||||
buildCommand =
|
||||
''
|
||||
echo 'Section "Files"' >> $out
|
||||
echo $xfs >> $out
|
||||
|
||||
for i in ${toString config.fonts.fonts}; do
|
||||
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
|
||||
for j in $(find $i -name fonts.dir); do
|
||||
echo " FontPath \"$(dirname $j)\"" >> $out
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
||||
for i in $(find ${toString cfg.modules} -type d); do
|
||||
if test $(echo $i/*.so* | wc -w) -ne 0; then
|
||||
echo " ModulePath \"$i\"" >> $out
|
||||
fi
|
||||
done
|
||||
|
||||
echo 'EndSection' >> $out
|
||||
|
||||
echo "$config" >> $out
|
||||
'';
|
||||
}
|
|
@ -20,5 +20,10 @@
|
|||
xml2json = pkgs.callPackage ./xml2json/default.nix {};
|
||||
xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; };
|
||||
yt-next = pkgs.callPackage ./yt-next/default.nix {};
|
||||
|
||||
screengrab = pkgs.writeDashBin "screengrab" ''
|
||||
resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')"
|
||||
${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@ pkgs.writeHaskell "xmonad-lass" {
|
|||
executables.xmonad = {
|
||||
extra-depends = [
|
||||
"containers"
|
||||
"extra"
|
||||
"unix"
|
||||
"X11"
|
||||
"xmonad"
|
||||
|
@ -20,18 +21,16 @@ module Main where
|
|||
import XMonad
|
||||
|
||||
import qualified XMonad.StackSet as W
|
||||
import Control.Exception
|
||||
import Control.Monad.Extra (whenJustM)
|
||||
import Data.List (isInfixOf)
|
||||
import System.Environment (getArgs, withArgs)
|
||||
import System.IO (hPutStrLn, stderr)
|
||||
import System.Environment (getArgs, lookupEnv)
|
||||
import System.Posix.Process (executeFile)
|
||||
import Text.Read (readEither)
|
||||
import XMonad.Actions.CopyWindow (copy, kill1)
|
||||
import XMonad.Actions.CycleWS (toggleWS)
|
||||
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
|
||||
import XMonad.Actions.DynamicWorkspaces (withWorkspace)
|
||||
import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
|
||||
import XMonad.Actions.UpdatePointer (updatePointer)
|
||||
import XMonad.Hooks.EwmhDesktops (ewmh)
|
||||
import XMonad.Hooks.FloatNext (floatNext)
|
||||
import XMonad.Hooks.FloatNext (floatNextHook)
|
||||
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
|
||||
|
@ -41,59 +40,45 @@ import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
|
|||
import XMonad.Layout.FixedColumn (FixedColumn(..))
|
||||
import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
|
||||
import XMonad.Layout.NoBorders (smartBorders)
|
||||
import XMonad.Layout.SimplestFloat (simplestFloat)
|
||||
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
|
||||
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
|
||||
import XMonad.Util.EZConfig (additionalKeysP)
|
||||
import XMonad.Layout.SimpleFloat (simpleFloat)
|
||||
|
||||
import XMonad.Stockholm.Shutdown
|
||||
|
||||
myTerm :: FilePath
|
||||
myTerm = "${pkgs.rxvt_unicode}/bin/urxvtc"
|
||||
myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc"
|
||||
|
||||
myFont :: String
|
||||
myFont = "${config.lass.fonts.regular}"
|
||||
|
||||
main :: IO ()
|
||||
main = getArgs >>= \case
|
||||
["--shutdown"] -> sendShutdownEvent
|
||||
_ -> mainNoArgs
|
||||
["--shutdown"] -> sendShutdownEvent
|
||||
_ -> main'
|
||||
|
||||
mainNoArgs :: IO ()
|
||||
mainNoArgs = do
|
||||
xmonad'
|
||||
main' :: IO ()
|
||||
main' = do
|
||||
xmonad $ ewmh
|
||||
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
|
||||
$ def
|
||||
{ terminal = myTerm
|
||||
, modMask = mod4Mask
|
||||
, layoutHook = smartBorders $ myLayoutHook
|
||||
, logHook = updatePointer (0.25, 0.25) (0.25, 0.25)
|
||||
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
|
||||
, startupHook =
|
||||
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
|
||||
(\path -> forkFile path [] Nothing)
|
||||
, normalBorderColor = "#1c1c1c"
|
||||
, focusedBorderColor = "#f000b0"
|
||||
, focusedBorderColor = "#ff0000"
|
||||
, handleEventHook = handleShutdownEvent
|
||||
, workspaces = [ "dashboard", "sys", "wp" ]
|
||||
} `additionalKeysP` myKeyMap
|
||||
|
||||
myLayoutHook = defLayout
|
||||
where
|
||||
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1) ||| simpleFloat
|
||||
|
||||
|
||||
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
|
||||
xmonad' conf = do
|
||||
let path = "/tmp/xmonad.state"
|
||||
try (readFile path) >>= \case
|
||||
Right content -> do
|
||||
hPutStrLn stderr ("resuming from " ++ path)
|
||||
withArgs ("--resume" : lines content) (xmonad conf)
|
||||
Left e -> do
|
||||
hPutStrLn stderr (displaySomeException e)
|
||||
xmonad conf
|
||||
|
||||
displaySomeException :: SomeException -> String
|
||||
displaySomeException = displayException
|
||||
|
||||
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
|
||||
|
||||
myKeyMap :: [([Char], X ())]
|
||||
myKeyMap =
|
||||
|
@ -102,6 +87,8 @@ myKeyMap =
|
|||
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
|
||||
, ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
|
||||
, ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type")
|
||||
|
||||
, ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
|
||||
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
|
||||
, ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%")
|
||||
, ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%")
|
||||
|
|
|
@ -10,7 +10,7 @@ in
|
|||
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
|
||||
nixpkgs.git = {
|
||||
url = https://github.com/nixos/nixpkgs;
|
||||
ref = "e53e9a2";
|
||||
ref = "cb751f9";
|
||||
};
|
||||
secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;
|
||||
|
|
|
@ -92,7 +92,7 @@ rec {
|
|||
default = null;
|
||||
};
|
||||
addrs = mkOption {
|
||||
type = listOf cidr;
|
||||
type = listOf addr;
|
||||
default =
|
||||
optional (config.ip4 != null) config.ip4.addr ++
|
||||
optional (config.ip6 != null) config.ip6.addr;
|
||||
|
@ -155,6 +155,8 @@ rec {
|
|||
++
|
||||
(map (a: "Subnet = ${a}") net.addrs)
|
||||
++
|
||||
(map (a: "Subnet = ${a}") config.subnets)
|
||||
++
|
||||
[config.extraConfig]
|
||||
++
|
||||
[config.pubkey]
|
||||
|
@ -173,6 +175,11 @@ rec {
|
|||
description = "tinc port to use to connect to host";
|
||||
default = 655;
|
||||
};
|
||||
subnets = mkOption {
|
||||
type = listOf cidr;
|
||||
description = "tinc subnets";
|
||||
default = [];
|
||||
};
|
||||
};
|
||||
}));
|
||||
default = null;
|
||||
|
|
|
@ -6,9 +6,6 @@
|
|||
# configure your hw:
|
||||
# <stockholm/makefu/2configs/save-diskspace.nix>
|
||||
];
|
||||
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.tv.pubkey
|
||||
];
|
||||
krebs = {
|
||||
enable = true;
|
||||
tinc.retiolum.enable = true;
|
||||
|
@ -23,6 +20,7 @@
|
|||
programs.man.enable = false;
|
||||
services.nixosManual.enable = false;
|
||||
boot.tmpOnTmpfs = lib.mkForce false;
|
||||
sound.enable = false;
|
||||
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
hardware.firmware = [
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
# all the good stuff resides in /data
|
||||
|
||||
byid = dev: "/dev/disk/by-id/" + dev;
|
||||
rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN";
|
||||
bootPart = rootDisk + "-part1";
|
||||
|
@ -21,44 +23,23 @@ in {
|
|||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
<stockholm/makefu/2configs/tools/core.nix>
|
||||
<stockholm/makefu/2configs/stats/client.nix>
|
||||
<stockholm/makefu/2configs/nsupdate-data.nix>
|
||||
# <stockholm/makefu/2configs/nsupdate-data.nix>
|
||||
|
||||
# SIEM
|
||||
#<stockholm/makefu/2configs/tinc/siem.nix>
|
||||
# {services.tinc.networks.siem = {
|
||||
# name = "sdarth";
|
||||
# extraConfig = "ConnectTo = sjump";
|
||||
# };
|
||||
# }
|
||||
|
||||
# {
|
||||
# makefu.forward-journal = {
|
||||
# enable = true;
|
||||
# src = "10.8.10.2";
|
||||
# dst = "10.8.10.6";
|
||||
# };
|
||||
# }
|
||||
|
||||
## Sharing
|
||||
# <stockholm/makefu/2configs/share/temp-share-samba.nix>
|
||||
#{
|
||||
# services.samba.shares = {
|
||||
# isos = {
|
||||
# path = "/data/isos/";
|
||||
# "read only" = "yes";
|
||||
# browseable = "yes";
|
||||
# "guest ok" = "yes";
|
||||
# };
|
||||
# };
|
||||
#}
|
||||
<stockholm/makefu/2configs/share/anon-ftp.nix>
|
||||
|
||||
# lan party
|
||||
<stockholm/makefu/2configs/lanparty/lancache.nix>
|
||||
<stockholm/makefu/2configs/lanparty/lancache-dns.nix>
|
||||
<stockholm/makefu/2configs/lanparty/samba.nix>
|
||||
<stockholm/makefu/2configs/lanparty/mumble-server.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||
];
|
||||
|
||||
|
||||
|
||||
#networking.firewall.enable = false;
|
||||
makefu.server.primary-itf = "enp0s25";
|
||||
krebs.hidden-ssh.enable = true;
|
||||
# krebs.hidden-ssh.enable = true;
|
||||
boot.kernelModules = [ "coretemp" "f71882fg" ];
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
|
|
@ -2,16 +2,22 @@
|
|||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
external-mac = "3a:66:48:8e:82:b2";
|
||||
# hw-specific
|
||||
external-mac = "2a:c5:6e:d2:fc:7f";
|
||||
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
|
||||
external-gw = "185.194.140.1";
|
||||
# single partition, label "nixos"
|
||||
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
|
||||
|
||||
|
||||
# static
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
|
||||
external-gw = "188.68.40.1";
|
||||
external-gw6 = "fe80::1";
|
||||
external-netmask = 22;
|
||||
external-netmask6 = 64;
|
||||
ext-if = "et0"; # gets renamed on the fly
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
|
||||
ext-if = "et0"; # gets renamed on the fly
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/makefu>
|
||||
|
@ -19,6 +25,7 @@ in {
|
|||
<stockholm/makefu/2configs/headless.nix>
|
||||
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
||||
# <stockholm/makefu/2configs/smart-monitor.nix>
|
||||
|
||||
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
||||
<stockholm/makefu/2configs/backup.nix>
|
||||
# <stockholm/makefu/2configs/mattermost-docker.nix>
|
||||
|
@ -39,7 +46,7 @@ in {
|
|||
|
||||
# services
|
||||
<stockholm/makefu/2configs/share/gum.nix>
|
||||
<stockholm/makefu/2configs/sabnzbd.nix>
|
||||
# <stockholm/makefu/2configs/sabnzbd.nix>
|
||||
<stockholm/makefu/2configs/torrent.nix>
|
||||
<stockholm/makefu/2configs/iodined.nix>
|
||||
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
||||
|
@ -58,6 +65,8 @@ in {
|
|||
<stockholm/makefu/2configs/deployment/graphs.nix>
|
||||
<stockholm/makefu/2configs/deployment/owncloud.nix>
|
||||
<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
||||
<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
|
||||
|
||||
{
|
||||
services.taskserver.enable = true;
|
||||
services.taskserver.fqdn = config.krebs.build.host.name;
|
||||
|
@ -76,14 +85,41 @@ in {
|
|||
# <stockholm/makefu/2configs/logging/client.nix>
|
||||
|
||||
# Temporary:
|
||||
<stockholm/makefu/2configs/temp/rst-issue.nix>
|
||||
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||
|
||||
#{
|
||||
# services.dockerRegistry.enable = true;
|
||||
# networking.firewall.allowedTCPPorts = [ 8443 ];
|
||||
|
||||
# services.nginx.virtualHosts."euer.krebsco.de" = {
|
||||
# forceSSL = true;
|
||||
# enableACME = true;
|
||||
# extraConfig = ''
|
||||
# client_max_body_size 1000M;
|
||||
# '';
|
||||
# locations."/".proxyPass = "http://localhost:5000";
|
||||
# };
|
||||
#}
|
||||
{ # wireguard server
|
||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||
#networking.wireguard.interfaces.wg0 = {
|
||||
# ips = [ "10.244.0.1/24" ];
|
||||
# privateKeyFile = (toString <secrets>) + "/wireguard.key";
|
||||
# allowedIPsAsRoutes = true;
|
||||
# peers = [{
|
||||
# allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
||||
# publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
|
||||
# }];
|
||||
#};
|
||||
}
|
||||
|
||||
];
|
||||
makefu.dl-dir = "/var/download";
|
||||
|
||||
services.openssh.hostKeys = [
|
||||
{ bits = 4096; path = <secrets/ssh_host_rsa_key>; type = "rsa"; }
|
||||
{ path = <secrets/ssh_host_ed25519_key>; type = "ed25519"; } ];
|
||||
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
|
||||
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
|
||||
###### stable
|
||||
services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
|
||||
krebs.build.host = config.krebs.hosts.gum;
|
||||
|
|
|
@ -18,7 +18,7 @@ in {
|
|||
|
||||
# Security
|
||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
<stockholm/makefu/2configs/stats/client.nix>
|
||||
# <stockholm/makefu/2configs/stats/client.nix>
|
||||
|
||||
# Tools
|
||||
<stockholm/makefu/2configs/tools/core.nix>
|
||||
|
|
|
@ -61,6 +61,7 @@ in {
|
|||
# logs to influx
|
||||
<stockholm/makefu/2configs/stats/external/aralast.nix>
|
||||
<stockholm/makefu/2configs/stats/telegraf>
|
||||
<stockholm/makefu/2configs/stats/telegraf/europastats.nix>
|
||||
|
||||
# services
|
||||
<stockholm/makefu/2configs/syncthing.nix>
|
||||
|
@ -82,7 +83,7 @@ in {
|
|||
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
|
||||
|
||||
# Temporary:
|
||||
<stockholm/makefu/2configs/temp/rst-issue.nix>
|
||||
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
||||
];
|
||||
makefu.full-populate = true;
|
||||
makefu.server.primary-itf = primaryInterface;
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
#
|
||||
#
|
||||
#
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/gui/base.nix>
|
||||
<stockholm/makefu/2configs/main-laptop.nix>
|
||||
<stockholm/makefu/2configs/tools/all.nix>
|
||||
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
|
||||
# hardware specifics are in here
|
||||
# imports tp-x2x0.nix
|
||||
<stockholm/makefu/2configs/hw/tp-x200.nix>
|
||||
# <stockholm/makefu/2configs/hw/tp-x200.nix>
|
||||
|
||||
<stockholm/makefu/2configs/disable_v6.nix>
|
||||
<stockholm/makefu/2configs/rad1o.nix>
|
||||
# <stockholm/makefu/2configs/rad1o.nix>
|
||||
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
|
@ -22,9 +22,43 @@
|
|||
];
|
||||
# not working in vm
|
||||
krebs.build.host = config.krebs.hosts.tsp;
|
||||
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
||||
boot.loader.grub.copyKernels = true;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
25
|
||||
];
|
||||
|
||||
# acer aspire
|
||||
networking.wireless.enable = lib.mkDefault true;
|
||||
|
||||
services.xserver.synaptics.enable = true;
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
|
||||
zramSwap.enable = true;
|
||||
zramSwap.numDevices = 2;
|
||||
|
||||
services.tlp.enable = true;
|
||||
services.tlp.extraConfig = ''
|
||||
# BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
|
||||
START_CHARGE_THRESH_BAT0=67
|
||||
STOP_CHARGE_THRESH_BAT0=100
|
||||
|
||||
|
||||
CPU_SCALING_GOVERNOR_ON_AC=performance
|
||||
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
|
||||
CPU_MIN_PERF_ON_AC=0
|
||||
CPU_MAX_PERF_ON_AC=100
|
||||
CPU_MIN_PERF_ON_BAT=0
|
||||
CPU_MAX_PERF_ON_BAT=30
|
||||
'';
|
||||
|
||||
powerManagement.resumeCommands = ''
|
||||
${pkgs.rfkill}/bin/rfkill unblock all
|
||||
'';
|
||||
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@ let
|
|||
rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115";
|
||||
datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F";
|
||||
user = config.makefu.gui.user;
|
||||
primaryIP = "192.168.8.11";
|
||||
in {
|
||||
|
||||
imports =
|
||||
|
@ -10,23 +11,63 @@ in {
|
|||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/tools/core.nix>
|
||||
<stockholm/makefu/2configs/tools/core-gui.nix>
|
||||
<stockholm/makefu/2configs/tools/extra-gui.nix>
|
||||
<stockholm/makefu/2configs/tools/media.nix>
|
||||
<stockholm/makefu/2configs/disable_v6.nix>
|
||||
# <stockholm/makefu/2configs/tools/core-gui.nix>
|
||||
# <stockholm/makefu/2configs/tools/extra-gui.nix>
|
||||
# <stockholm/makefu/2configs/tools/media.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
<stockholm/makefu/2configs/mqtt.nix>
|
||||
<stockholm/makefu/2configs/deployment/led-fader.nix>
|
||||
# <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
|
||||
|
||||
<stockholm/makefu/2configs/stats/client.nix>
|
||||
|
||||
|
||||
# <stockholm/makefu/2configs/gui/studio-virtual.nix>
|
||||
# <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
|
||||
# <stockholm/makefu/2configs/audio/realtime-audio.nix>
|
||||
# <stockholm/makefu/2configs/vncserver.nix>
|
||||
<stockholm/makefu/2configs/temp/rst-issue.nix>
|
||||
|
||||
# Services
|
||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||
<stockholm/makefu/2configs/share/wbob.nix>
|
||||
|
||||
<stockholm/makefu/2configs/stats/telegraf>
|
||||
<stockholm/makefu/2configs/deployment/led-fader.nix>
|
||||
<stockholm/makefu/2configs/stats/external/aralast.nix>
|
||||
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
|
||||
<stockholm/makefu/2configs/deployment/bureautomation>
|
||||
(let
|
||||
collectd-port = 25826;
|
||||
influx-port = 8086;
|
||||
grafana-port = 3000; # TODO nginx forward
|
||||
db = "collectd_db";
|
||||
logging-interface = "enp0s25";
|
||||
in {
|
||||
services.grafana.enable = true;
|
||||
services.grafana.addr = "0.0.0.0";
|
||||
|
||||
services.influxdb.enable = true;
|
||||
services.influxdb.extraConfig = {
|
||||
meta.hostname = config.krebs.build.host.name;
|
||||
# meta.logging-enabled = true;
|
||||
http.bind-address = ":${toString influx-port}";
|
||||
admin.bind-address = ":8083";
|
||||
collectd = [{
|
||||
enabled = true;
|
||||
typesdb = "${pkgs.collectd}/share/collectd/types.db";
|
||||
database = db;
|
||||
bind-address = ":${toString collectd-port}";
|
||||
}];
|
||||
};
|
||||
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
|
||||
'';
|
||||
})
|
||||
|
||||
# temporary
|
||||
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
||||
];
|
||||
|
||||
krebs = {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="wbob";
|
||||
musnix = true;
|
||||
# musnix = true;
|
||||
}
|
||||
|
|
|
@ -23,8 +23,6 @@ with import <stockholm/lib>;
|
|||
# <stockholm/makefu/2configs/deployment/wiki-irc-bot>
|
||||
|
||||
# <stockholm/makefu/2configs/torrent.nix>
|
||||
# <stockholm/makefu/2configs/lanparty/lancache.nix>
|
||||
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
|
||||
# <stockholm/makefu/2configs/deployment/dirctator.nix>
|
||||
# <stockholm/makefu/2configs/vncserver.nix>
|
||||
# <stockholm/makefu/2configs/deployment/led-fader>
|
||||
|
@ -64,7 +62,7 @@ with import <stockholm/lib>;
|
|||
<stockholm/makefu/2configs/hw/rtl8812au.nix>
|
||||
<stockholm/makefu/2configs/hw/exfat-nofuse.nix>
|
||||
<stockholm/makefu/2configs/hw/wwan.nix>
|
||||
<stockholm/makefu/2configs/hw/stk1160.nix>
|
||||
# <stockholm/makefu/2configs/hw/stk1160.nix>
|
||||
# <stockholm/makefu/2configs/rad1o.nix>
|
||||
|
||||
# Filesystem
|
||||
|
@ -75,6 +73,11 @@ with import <stockholm/lib>;
|
|||
{
|
||||
programs.adb.enable = true;
|
||||
}
|
||||
# temporary
|
||||
# <stockholm/makefu/2configs/lanparty/lancache.nix>
|
||||
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
|
||||
# <stockholm/makefu/2configs/lanparty/samba.nix>
|
||||
# <stockholm/makefu/2configs/lanparty/mumble-server.nix>
|
||||
|
||||
];
|
||||
|
||||
|
@ -84,7 +87,6 @@ with import <stockholm/lib>;
|
|||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
environment.systemPackages = [ pkgs.passwdqc-utils ];
|
||||
|
||||
|
||||
# configure pulseAudio to provide a HDMI sink as well
|
||||
|
@ -102,4 +104,7 @@ with import <stockholm/lib>;
|
|||
'';
|
||||
# hard dependency because otherwise the device will not be unlocked
|
||||
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
||||
|
||||
nix.package = pkgs.nixUnstable;
|
||||
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
|
||||
}
|
||||
|
|
|
@ -31,6 +31,19 @@ in {
|
|||
krebs.backup.plans = {
|
||||
# wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
|
||||
gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
|
||||
gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )//
|
||||
{
|
||||
dst.path = "/media/cryptX/backup/gum/var-download";
|
||||
dst.host = defaultBackupServer;
|
||||
startAt = "19:00";
|
||||
};
|
||||
gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )//
|
||||
{
|
||||
dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de";
|
||||
dst.host = defaultBackupServer;
|
||||
|
||||
startAt = "05:00";
|
||||
};
|
||||
# wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/";
|
||||
};
|
||||
environment.systemPackages = [
|
||||
|
|
48
makefu/2configs/deployment/bgt/hidden_service.nix
Normal file
48
makefu/2configs/deployment/bgt/hidden_service.nix
Normal file
|
@ -0,0 +1,48 @@
|
|||
{ pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
name = "bgt_cyberwar_hidden_service";
|
||||
sec = (toString <secrets>) + "/";
|
||||
secdir = sec + name;
|
||||
srvdir = "/var/lib/tor/onion/";
|
||||
basedir = srvdir + name;
|
||||
hn = builtins.readFile (secdir + "/hostname");
|
||||
in
|
||||
{
|
||||
systemd.services.prepare-hidden-service = {
|
||||
wantedBy = [ "local-fs.target" ];
|
||||
before = [ "tor.service" ];
|
||||
serviceConfig = {
|
||||
ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
|
||||
#!/bin/sh
|
||||
set -euf
|
||||
if ! test -d "${basedir}" ;then
|
||||
mkdir -p "${srvdir}"
|
||||
cp -r "${secdir}" "${srvdir}"
|
||||
chown -R tor:tor "${srvdir}"
|
||||
chmod -R 700 "${basedir}"
|
||||
else
|
||||
echo "not overwriting ${basedir}"
|
||||
fi
|
||||
'';
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = "yes";
|
||||
TimeoutSec = "0";
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts."${hn}".locations."/" = {
|
||||
proxyPass = "https://blog.binaergewitter.de";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host blog.binaergewitter.de;
|
||||
proxy_ssl_server_name on;
|
||||
'';
|
||||
};
|
||||
services.tor = {
|
||||
enable = true;
|
||||
hiddenServices."${name}".map = [
|
||||
{ port = "80"; }
|
||||
# { port = "443"; toHost = "blog.binaergewitter.de"; }
|
||||
];
|
||||
};
|
||||
}
|
41
makefu/2configs/deployment/bureautomation/default.nix
Normal file
41
makefu/2configs/deployment/bureautomation/default.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
{ pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
port = 3001;
|
||||
runit = pkgs.writeDash "runit" ''
|
||||
set -xeuf
|
||||
PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin
|
||||
name=''${1?must provide name as first arg}
|
||||
state=''${2?must provide state as second arg}
|
||||
# val=''${3?must provide val as third arg}
|
||||
|
||||
# we ignore non-alerting events
|
||||
test $state = alerting || exit 0
|
||||
|
||||
echo $name - $state
|
||||
curl 'http://bauarbeiterlampe/ay?o=1'
|
||||
sleep 5
|
||||
curl 'http://bauarbeiterlampe/ay?o=1'
|
||||
'';
|
||||
in {
|
||||
services.logstash = {
|
||||
package = pkgs.logstash5;
|
||||
enable = true;
|
||||
inputConfig = ''
|
||||
http {
|
||||
port => ${toString port}
|
||||
host => "127.0.0.1"
|
||||
}
|
||||
'';
|
||||
filterConfig = ''
|
||||
'';
|
||||
outputConfig = ''
|
||||
stdout { codec => json }
|
||||
exec { command => "${runit} '%{ruleName}' '%{state}'" }
|
||||
'';
|
||||
extraSettings = ''
|
||||
path.plugins: [ "${pkgs.logstash-output-exec}" ]
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -1,27 +1,25 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, buildPythonPackage, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
mq = "192.168.8.11";
|
||||
|
||||
pkg = pkgs.stdenv.mkDerivation {
|
||||
pkg = pkgs.python3Packages.buildPythonPackage {
|
||||
name = "ampel-master";
|
||||
|
||||
src = pkgs.fetchgit {
|
||||
url = "http://cgit.euer.krebsco.de/ampel";
|
||||
rev = "07a6791de368e16cc0864d2676fd255eba522cee";
|
||||
sha256 = "1jxjapvkfglvgapy7gjbr1nra3ay418nvz70bvypcmv7wc8d4h8q";
|
||||
rev = "531741b";
|
||||
sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c";
|
||||
};
|
||||
buildInputs = [
|
||||
(pkgs.python35.withPackages (pythonPackages: with pythonPackages; [
|
||||
propagatedBuildInputs = with pkgs.python3Packages; [
|
||||
docopt
|
||||
paho-mqtt
|
||||
]))
|
||||
requests
|
||||
pytz
|
||||
influxdb
|
||||
httplib2
|
||||
google_api_python_client
|
||||
];
|
||||
installPhase = ''
|
||||
install -m755 -D fade.py $out/bin/fade.py
|
||||
install -m755 -D ampel.py $out/bin/ampel
|
||||
install -m755 -D times.json $out/share/times.json
|
||||
'';
|
||||
};
|
||||
in {
|
||||
systemd.services.led-fader = {
|
||||
|
@ -34,7 +32,9 @@ in {
|
|||
serviceConfig = {
|
||||
# User = "nobody"; # need a user with permissions to run nix-shell
|
||||
ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2";
|
||||
ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json";
|
||||
ExecStart = "${pkg}/bin/ampel 4";
|
||||
Restart = "always";
|
||||
RestartSec = 10;
|
||||
PrivateTmp = true;
|
||||
};
|
||||
};
|
||||
|
|
6
makefu/2configs/deployment/scrape/default.nix
Normal file
6
makefu/2configs/deployment/scrape/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
imports = [
|
||||
./elkstack.nix
|
||||
./selenium.nix
|
||||
];
|
||||
}
|
65
makefu/2configs/deployment/scrape/selenium.nix
Normal file
65
makefu/2configs/deployment/scrape/selenium.nix
Normal file
|
@ -0,0 +1,65 @@
|
|||
{config, pkgs, lib, ...}:
|
||||
with <stockholm/lib>;
|
||||
let
|
||||
selenium-pw = <secrets/selenium-vncpasswd>;
|
||||
in {
|
||||
services.jenkinsSlave.enable = true;
|
||||
users.users.selenium = {
|
||||
uid = genid "selenium";
|
||||
extraGroups = [ "plugdev" ];
|
||||
};
|
||||
|
||||
fonts.enableFontDir = true;
|
||||
|
||||
# networking.firewall.allowedTCPPorts = [ 5910 ];
|
||||
|
||||
systemd.services.selenium-X11 =
|
||||
{
|
||||
description = "X11 vnc for selenium";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.xorg.xorgserver pkgs.tightvnc pkgs.dwm ];
|
||||
environment =
|
||||
{
|
||||
DISPLAY = ":10";
|
||||
};
|
||||
script = ''
|
||||
set -ex
|
||||
[ -e /tmp/.X10-lock ] && ( set +e ; chmod u+w /tmp/.X10-lock ; rm /tmp/.X10-lock )
|
||||
[ -e /tmp/.X11-unix/X10 ] && ( set +e ; chmod u+w /tmp/.X11-unix/X10 ; rm /tmp/.X11-unix/X10 )
|
||||
mkdir -p ~/.vnc
|
||||
cp -f ${selenium-pw} ~/.vnc/passwd
|
||||
chmod go-rwx ~/.vnc/passwd
|
||||
echo > ~/.vnc/xstartup
|
||||
chmod u+x ~/.vnc/xstartup
|
||||
vncserver $DISPLAY -geometry 1280x1024 -depth 24 -name jenkins -ac
|
||||
dwm
|
||||
'';
|
||||
preStop = ''
|
||||
vncserver -kill $DISPLAY
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = "selenium";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.selenium-server =
|
||||
{
|
||||
description = "selenium-server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "selenium-X11.service" ];
|
||||
path = [ pkgs.chromium
|
||||
pkgs.firefoxWrapper ];
|
||||
environment =
|
||||
{
|
||||
DISPLAY = ":10";
|
||||
};
|
||||
script = ''
|
||||
${pkgs.selenium-server-standalone}/bin/selenium-server -Dwebdriver.enable.native.events=1
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = "selenium";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
}
|
|
@ -1,15 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
# TODO: un-pin linuxPackages somehow
|
||||
boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages;
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
linux_4_9 = pkgs.linux_4_9.override {
|
||||
extraConfig = ''
|
||||
MEDIA_ANALOG_TV_SUPPORT y
|
||||
VIDEO_STK1160_COMMON m
|
||||
VIDEO_STK1160_AC97 y
|
||||
VIDEO_STK1160 m
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,6 +1,19 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
upstream-server = "8.8.8.8";
|
||||
# make sure the router pins the ip address to the deployed host
|
||||
# and set it as dns server ( dhcp option 6,192.168.10.10 )
|
||||
local_ip = "192.168.10.10";
|
||||
|
||||
extra-config = pkgs.writeText "local.conf" ''
|
||||
server:
|
||||
local-data: "piratebox. A ${local_ip}"
|
||||
local-data: "store. A ${local_ip}"
|
||||
local-data: "share. A ${local_ip}"
|
||||
'';
|
||||
|
||||
|
||||
# see https://github.com/zeropingheroes/lancache for full docs
|
||||
lancache-dns = pkgs.stdenv.mkDerivation rec {
|
||||
name = "lancache-dns-2017-06-28";
|
||||
|
@ -11,8 +24,9 @@ let
|
|||
rev = "420aa62";
|
||||
sha256 = "0ik7by7ripdv2avyy5kk9jp1i7rz9ksc8xmg7n9iik365q9pv94m";
|
||||
};
|
||||
|
||||
phases = [ "unpackPhase" "installPhase" ];
|
||||
# here we can chance to edit `includes/proxy-cache-paths.conf`
|
||||
# here we have the chance to edit `includes/proxy-cache-paths.conf`
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
cp -r * $out/
|
||||
|
@ -20,7 +34,6 @@ let
|
|||
};
|
||||
stateDir = "/var/lib/unbound";
|
||||
user = "unbound";
|
||||
upstream-server = "8.8.8.8";
|
||||
in {
|
||||
services.unbound = {
|
||||
enable = true;
|
||||
|
@ -29,6 +42,7 @@ in {
|
|||
forwardAddresses = [ upstream-server ];
|
||||
extraConfig = ''
|
||||
include: "${stateDir}/lancache/*.conf"
|
||||
include: "${extra-config}"
|
||||
'';
|
||||
};
|
||||
services.dnscrypt-proxy.enable = lib.mkForce false;
|
||||
|
@ -42,7 +56,8 @@ in {
|
|||
path = [ pkgs.gawk pkgs.iproute pkgs.gnused ];
|
||||
script = ''
|
||||
set -xeu
|
||||
current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}')
|
||||
# current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}')
|
||||
current_ip=${local_ip}
|
||||
old_ip=10.1.1.250
|
||||
mkdir -p ${stateDir}
|
||||
rm -rvf ${stateDir}/lancache
|
||||
|
|
|
@ -17,15 +17,21 @@ let
|
|||
installPhase = ''
|
||||
mkdir -p $out
|
||||
cp -r * $out/
|
||||
rm $out/caches-enabled/*
|
||||
sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \
|
||||
-e '1 idaemon off;' \
|
||||
-e 's#/var/lancache#${cfg.statedir}#g' \
|
||||
$out/nginx.conf
|
||||
sed -i -e 's#/var/lancache#${cfg.statedir}#g' \
|
||||
$out/*/*.conf
|
||||
ln -s $out/caches-available/* $out/caches-enabled/
|
||||
'';
|
||||
};
|
||||
cfg = {
|
||||
statedir = "/data/cache";
|
||||
|
||||
group = "nginx-lancache";
|
||||
user = "nginx-lancache";
|
||||
statedir = "/var/lancache";
|
||||
package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{
|
||||
configureFlags = old.configureFlags ++ [
|
||||
"--with-http_slice_module"
|
||||
|
@ -43,6 +49,7 @@ in {
|
|||
|
||||
preStart = ''
|
||||
mkdir -p ${cfg.statedir} && cd ${cfg.statedir}
|
||||
chmod 700 ${cfg.statedir}
|
||||
PATH_CACHE=$PATH_BASE/cache
|
||||
PATH_LOGS=$PATH_BASE/logs
|
||||
|
||||
|
|
12
makefu/2configs/lanparty/mumble-server.nix
Normal file
12
makefu/2configs/lanparty/mumble-server.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 64738 ];
|
||||
networking.firewall.allowedUDPPorts = [ 64738 ];
|
||||
services.murmur = {
|
||||
enable = true;
|
||||
welcometext = "Welcome to the LANest Party mumble server";
|
||||
bonjour = true;
|
||||
hostName = "0.0.0.0";
|
||||
sendVersion = true;
|
||||
};
|
||||
}
|
|
@ -10,9 +10,16 @@
|
|||
};
|
||||
services.samba = {
|
||||
enable = true;
|
||||
enableNmbd = true;
|
||||
shares = {
|
||||
share-home = {
|
||||
lanparty = {
|
||||
path = "/data/lanparty/";
|
||||
"read only" = "yes";
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
share = {
|
||||
path = "/data/incoming";
|
||||
"read only" = "no";
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
|
|
|
@ -30,24 +30,18 @@ in {
|
|||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
usenet = {
|
||||
path = "/media/crypt0/usenet/dst";
|
||||
"read only" = "yes";
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
pyload = {
|
||||
path = "/media/crypt0/pyload";
|
||||
"read only" = "yes";
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
crypt0 = {
|
||||
path = "/media/crypt0";
|
||||
"read only" = "yes";
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
crypX-games = {
|
||||
path = "/media/cryptX/games";
|
||||
"read only" = "yes";
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
media-rw = {
|
||||
path = "/media/";
|
||||
"read only" = "no";
|
||||
|
|
38
makefu/2configs/share/wbob.nix
Normal file
38
makefu/2configs/share/wbob.nix
Normal file
|
@ -0,0 +1,38 @@
|
|||
{config, ... }:{
|
||||
networking.firewall.allowedUDPPorts = [ 137 138 ];
|
||||
networking.firewall.allowedTCPPorts = [ 139 445 ];
|
||||
users.users.smbguest = {
|
||||
name = "smbguest";
|
||||
uid = config.ids.uids.smbguest;
|
||||
description = "smb guest user";
|
||||
home = "/home/share";
|
||||
createHome = true;
|
||||
};
|
||||
services.samba = {
|
||||
enable = true;
|
||||
enableNmbd = true;
|
||||
shares = {
|
||||
incoming = {
|
||||
path = "/data/incoming";
|
||||
"read only" = "no";
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
data = {
|
||||
path = "/data/";
|
||||
"read only" = "yes";
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
guest account = smbguest
|
||||
map to guest = bad user
|
||||
# disable printing
|
||||
load printers = no
|
||||
printing = bsd
|
||||
printcap name = /dev/null
|
||||
disable spoolss = yes
|
||||
'';
|
||||
};
|
||||
}
|
19
makefu/2configs/stats/telegraf/airsensor.nix
Normal file
19
makefu/2configs/stats/telegraf/airsensor.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{ pkgs, ...}:
|
||||
|
||||
{
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input"
|
||||
'';
|
||||
users.users.telegraf.extraGroups = [ "input" ];
|
||||
services.telegraf.extraConfig.inputs.exec = [
|
||||
{
|
||||
commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"];
|
||||
timeout = "10s";
|
||||
data_format = "value";
|
||||
data_type = "integer";
|
||||
name_override = "airquality";
|
||||
interval = "10s";
|
||||
tags.unit="VOC";
|
||||
}
|
||||
];
|
||||
}
|
|
@ -2,9 +2,6 @@
|
|||
let
|
||||
url = "http://localhost:8086";
|
||||
in {
|
||||
imports = [
|
||||
./europastats.nix
|
||||
];
|
||||
services.telegraf = {
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
|
|
|
@ -5,38 +5,44 @@
|
|||
#
|
||||
# essentially `nix-env -q` of the main user
|
||||
{
|
||||
krebs.per-user.makefu.packages = with pkgs; [
|
||||
environment.systemPackages = with pkgs; [
|
||||
at_spi2_core
|
||||
acpi
|
||||
bc
|
||||
rsync
|
||||
exif
|
||||
file
|
||||
lsof
|
||||
which
|
||||
binutils
|
||||
|
||||
# fs
|
||||
ntfs3g
|
||||
cifs-utils
|
||||
dosfstools
|
||||
ntfs3g
|
||||
smartmontools
|
||||
|
||||
# io
|
||||
pv
|
||||
sshpass
|
||||
usbutils
|
||||
p7zip
|
||||
hdparm
|
||||
inetutils
|
||||
ncftp
|
||||
mutt
|
||||
tcpdump
|
||||
sysstat
|
||||
which
|
||||
weechat
|
||||
wol
|
||||
tmux
|
||||
iftop
|
||||
mkpasswd
|
||||
# storage
|
||||
smartmontools
|
||||
cifs-utils
|
||||
|
||||
# net
|
||||
wget
|
||||
curl
|
||||
inetutils
|
||||
ncftp
|
||||
tcpdump
|
||||
sysstat
|
||||
wol
|
||||
iftop
|
||||
|
||||
mkpasswd
|
||||
mutt
|
||||
weechat
|
||||
tmux
|
||||
|
||||
# stockholm
|
||||
git
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue