makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse source
This commit is contained in:
nin 2017-12-14 21:13:46 +01:00
parent 7ed6fd18bb 04f7ae22d6
commit 37771ad34e
129 changed files with 2817 additions and 1964 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
jeschli/1systems/reagenzglas/.source.nix.swp Normal file
View file

Binary file not shown.

146
jeschli/1systems/reagenzglas/config.nix Normal file
View file

@ -0,0 +1,146 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
<stockholm/jeschli>
./hardware-configuration.nix
];
# Use the GRUB 2 boot loader.
# boot.loader.grub.enable = true;
# boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Define on which hard drive you want to install Grub.
# boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538844584d30"; # or "nodev" for efi only
boot.initrd.luks.devices = [
{
name = "root";
device = "/dev/disk/by-id/wwn-0x5002538844584d30-part2";
preLVM = true;
allowDiscards = true;
}
];
networking.hostName = "reaganzglas"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true;
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
nixpkgs.config.allowUnfree = true;
environment.shellAliases = { n = "nix-shell"; };
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
environment.systemPackages = with pkgs; [
# system helper
ag
curl
copyq
dmenu
git
i3lock
keepass
networkmanagerapplet
rsync
terminator
tmux
wget
rxvt_unicode
# editors
emacs
# internet
thunderbird
chromium
google-chrome
# programming languages
go
gcc
ghc
python35
python35Packages.pip
# go tools
golint
gotools
# dev tools
gnumake
# document viewer
zathura
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01 markus@reaganzglas"
];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "us";
services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.windowManager.xmonad.enable = true;
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.extraUsers.jeschli = {
isNormalUser = true;
uid = 1000;
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.03"; # Did you read the comment?
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
'';
};
krebs.build.host = config.krebs.hosts.reagenzglas;
hardware.bluetooth.enable = true;
}

33
jeschli/1systems/reagenzglas/hardware-configuration.nix Normal file
View file

@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/09130cf7-b71b-42ab-9fa3-cb3c745f1fc9";
fsType = "ext4";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/8bee50b3-5733-4373-a966-388def141774";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/DA40-AC19";
fsType = "vfat";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 8;
# powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

4
jeschli/1systems/reagenzglas/source.nix Normal file
View file

@ -0,0 +1,4 @@
import <stockholm/jeschli/source.nix> {
name = "reagenzglas";
secure = true;
}

102
jeschli/2configs/copy-vim.nix Normal file
View file

@ -0,0 +1,102 @@
{ config, pkgs, ... }:
# let
# customPlugins.ultisnips = pkgs.vimUtils.buildVimPlugin {
# name = "ultisnips";
# src = pkgs.fetchFromGitHub {
# owner = "SirVer";
# repo = "ultisnips";
# rev = "3.1";
# sha256 = "0p9d91h9pm0nx0d77lqsgv6158q052cyj4nm1rd6zvbay9bkkf8b";
# };
# };
#
let
customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin {
name = "vim-javascript";
src = pkgs.fetchFromGitHub {
owner = "pangloss";
repo = "vim-javascript";
rev = "1.2.5.1";
sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7";
};
};
customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin {
name = "vim-jsx";
src = pkgs.fetchFromGitHub {
owner = "mxw";
repo = "vim-jsx";
rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a";
sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a";
};
};
in {
# {
environment.systemPackages = [
(pkgs.vim_configurable.customize {
name = "vim";
vimrcConfig.customRC = ''
:imap jk <Esc>
:vmap v v
:map gr :GoRun<Enter>
:nnoremap <S-TAB> :bnext<CR>
:nnoremap <C-TAB> <c-w><c-w>
set autowrite
set number
set ruler
noremap x "_x
set clipboard=unnamedplus
let g:jsx_ext_required = 0
let g:go_list_type = "quickfix"
let g:go_test_timeout = '10s'
let g:go_fmt_command = "goimports"
let g:go_snippet_case_type = "camelcase"
let g:go_highlight_types = 1
let g:go_highlight_fields = 1
let g:go_highlight_functions = 1
let g:go_highlight_methods = 1
let g:go_highlight_extra_types = 1
autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
let g:rehash256 = 1
let g:molokai_original = 1
colorscheme molokai
let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck']
let g:go_metalinter_autosave = 1
" let g:go_metalinter_autosave_enabled = ['vet', 'golint']
" let g:go_def_mode = 'godef'
" let g:go_decls_includes = "func,type"
" Trigger configuration. Do not use <tab> if you use https://github.com/Valloric/YouCompleteMe.
let g:UltiSnipsExpandTrigger="<c-e>"
let g:UltiSnipsJumpForwardTrigger="<c-t>"
let g:UltiSnipsJumpBackwardTrigger="<c-q>"
" If you want :UltiSnipsEdit to split your window.
let g:UltiSnipsEditSplit="vertical"
if has('persistent_undo') "check if your vim version supports it
set undofile "turn on the feature
set undodir=$HOME/.vim/undo "directory where the undo files will be stored
endif
'';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
vimrcConfig.vam.pluginDictionaries = [
{ names = [ "undotree" "molokai" ]; } # wanted: fatih/molokai
# vim-nix handles indentation better but does not perform sanity
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
{ names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode
{ names = [ "vim-javascript" ]; ft_regex = "^js\$"; }
{ names = [ "vim-jsx" ]; ft_regex = "^js\$"; }
{ names = [ "UltiSnips" ]; ft_regex = "^go\$"; }
];
})
];
}

66
jeschli/2configs/default.nix Normal file
View file

@ -0,0 +1,66 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
./vim.nix
./retiolum.nix
{
environment.variables = {
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
};
}
];
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
#stockholm
git
gnumake
jq
parallel
proot
populate
#style
most
rxvt_unicode.terminfo
#monitoring tools
htop
iotop
#network
iptables
iftop
#stuff for dl
aria2
#neat utils
file
kpaste
krebspaste
mosh
pciutils
psmisc
# q
# rs
tmux
untilport
usbutils
# logify
goify
#unpack stuff
p7zip
unzip
unrar
(pkgs.writeDashBin "sshn" ''
${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
'')
];
krebs.enable = true;
}

22
jeschli/2configs/retiolum.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
{
krebs.tinc.retiolum = {
enable = true;
connectTo = [
"prism"
"gum"
"ni"
"dishfire"
];
};
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
environment.systemPackages = [
pkgs.tinc
];
}

373
jeschli/2configs/vim.nix Normal file
View file

@ -0,0 +1,373 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
out = {
environment.systemPackages = [
(hiPrio vim)
pkgs.python35Packages.flake8
];
environment.etc.vimrc.source = vimrc;
environment.variables.EDITOR = mkForce "vim";
environment.variables.VIMINIT = ":so /etc/vimrc";
};
vimrc = pkgs.writeText "vimrc" ''
set nocompatible
set autoindent
set backspace=indent,eol,start
set backup
set backupdir=${dirs.backupdir}/
set directory=${dirs.swapdir}//
set hlsearch
set incsearch
set mouse=a
set ruler
set pastetoggle=<INS>
set runtimepath=${extra-runtimepath},$VIMRUNTIME
set shortmess+=I
set showcmd
set showmatch
set ttimeoutlen=0
set undodir=${dirs.undodir}
set undofile
set undolevels=1000000
set undoreload=1000000
set viminfo='20,<1000,s100,h,n${files.viminfo}
set visualbell
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
set wildmenu
set wildmode=longest,full
set title
set titleold=
set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
set et ts=2 sts=2 sw=2
filetype plugin indent on
set t_Co=256
colorscheme hack
syntax on
au Syntax * syn match Garbage containedin=ALL /\s\+$/
\ | syn match TabStop containedin=ALL /\t\+/
\ | syn keyword Todo containedin=ALL TODO
au BufRead,BufNewFile *.hs so ${hs.vim}
au BufRead,BufNewFile *.nix so ${nix.vim}
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
"Syntastic config
let g:syntastic_python_checkers=['flake8']
let g:syntastic_python_flake8_post_args='--ignore=E501'
nmap <esc>q :buffer
nmap <M-q> :buffer
cnoremap <C-A> <Home>
noremap <C-c> :q<cr>
vnoremap < <gv
vnoremap > >gv
nnoremap <esc>[5^ :tabp<cr>
nnoremap <esc>[6^ :tabn<cr>
nnoremap <esc>[5@ :tabm -1<cr>
nnoremap <esc>[6@ :tabm +1<cr>
nnoremap <f1> :tabp<cr>
nnoremap <f2> :tabn<cr>
inoremap <f1> <esc>:tabp<cr>
inoremap <f2> <esc>:tabn<cr>
" <C-{Up,Down,Right,Left>
noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
noremap <esc>Od <nop> | noremap! <esc>Od <nop>
" <[C]S-{Up,Down,Right,Left>
noremap <esc>[a <nop> | noremap! <esc>[a <nop>
noremap <esc>[b <nop> | noremap! <esc>[b <nop>
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
" search with ack
let g:ackprg = 'ag --vimgrep'
cnoreabbrev Ack Ack!
" copy/paste from/to xclipboard
noremap x "_x
set clipboard=unnamedplus
'';
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
pkgs.vimPlugins.ack-vim
pkgs.vimPlugins.Gundo
pkgs.vimPlugins.Syntastic
pkgs.vimPlugins.undotree
pkgs.vimPlugins.vim-go
(pkgs.vimUtils.buildVimPlugin {
name = "file-line-1.0";
src = pkgs.fetchFromGitHub {
owner = "bogado";
repo = "file-line";
rev = "1.0";
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
};
})
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "hack";
in {
name = "vim-color-${name}-1.0.2";
destination = "/colors/${name}.vim";
text = /* vim */ ''
set background=dark
hi clear
if exists("syntax_on")
syntax clear
endif
let colors_name = ${toJSON name}
hi Normal ctermbg=235
hi Comment ctermfg=242
hi Constant ctermfg=062
hi Identifier ctermfg=068
hi Function ctermfg=041
hi Statement ctermfg=167
hi PreProc ctermfg=167
hi Type ctermfg=041
hi Delimiter ctermfg=251
hi Special ctermfg=062
hi Garbage ctermbg=088
hi TabStop ctermbg=016
hi Todo ctermfg=174 ctermbg=NONE
hi NixCode ctermfg=148
hi NixData ctermfg=149
hi NixQuote ctermfg=150
hi diffNewFile ctermfg=207
hi diffFile ctermfg=207
hi diffLine ctermfg=207
hi diffSubname ctermfg=207
hi diffAdded ctermfg=010
hi diffRemoved ctermfg=009
'';
})))
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "vim";
in {
name = "vim-syntax-${name}-1.0.0";
destination = "/syntax/${name}.vim";
text = /* vim */ ''
${concatMapStringsSep "\n" (s: /* vim */ ''
syn keyword vimColor${s} ${s}
\ containedin=ALLBUT,vimComment,vimLineComment
hi vimColor${s} ctermfg=${s}
'') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
'';
})))
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "showsyntax";
in {
name = "vim-plugin-${name}-1.0.0";
destination = "/plugin/${name}.vim";
text = /* vim */ ''
if exists('g:loaded_showsyntax')
finish
endif
let g:loaded_showsyntax = 0
fu! ShowSyntax()
let id = synID(line("."), col("."), 1)
let name = synIDattr(id, "name")
let transName = synIDattr(synIDtrans(id),"name")
if name != transName
let name .= " (" . transName . ")"
endif
echo "Syntax: " . name
endfu
command! -n=0 -bar ShowSyntax :call ShowSyntax()
'';
})))
];
dirs = {
backupdir = "$HOME/.cache/vim/backup";
swapdir = "$HOME/.cache/vim/swap";
undodir = "$HOME/.cache/vim/undo";
};
files = {
viminfo = "$HOME/.cache/vim/info";
};
mkdirs = let
dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
in assert out != ""; out;
alldirs = attrValues dirs ++ map dirOf (attrValues files);
in unique (sort lessThan alldirs);
vim = pkgs.symlinkJoin {
name = "vim";
paths = [
(pkgs.writeDashBin "vim" ''
set -efu
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
exec ${pkgs.vim}/bin/vim "$@"
'')
pkgs.vim
];
};
hs.vim = pkgs.writeText "hs.vim" ''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
hi link ConId Identifier
hi link VarId Identifier
hi link hsDelimiter Delimiter
'';
nix.vim = pkgs.writeText "nix.vim" ''
setf nix
" Ref <nix/src/libexpr/lexer.l>
syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
syn match NixINT /\<[0-9]\+\>/
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
syn region NixSTRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
syn region NixIND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
syn match NixOther /[():/;=.,?\[\]]/
syn match NixCommentMatch /\(^\|\s\)#.*/
syn region NixCommentRegion start="/\*" end="\*/"
hi link NixCode Statement
hi link NixData Constant
hi link NixComment Comment
hi link NixCommentMatch NixComment
hi link NixCommentRegion NixComment
hi link NixID NixCode
hi link NixINT NixData
hi link NixPATH NixData
hi link NixHPATH NixData
hi link NixSPATH NixData
hi link NixURI NixData
hi link NixSTRING NixData
hi link NixIND_STRING NixData
hi link NixEnter NixCode
hi link NixOther NixCode
hi link NixQuote NixData
syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
syn cluster nix_ind_strings contains=NixIND_STRING
syn cluster nix_strings contains=NixSTRING
${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
startAlts = filter isString [
''/\* ${lang} \*/''
extraStart
];
sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
in /* vim */ ''
syn include @nix_${lang}_syntax syntax/${lang}.vim
unlet b:current_syntax
syn match nix_${lang}_sigil
\ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
\ transparent
syn region nix_${lang}_region_STRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn region nix_${lang}_region_IND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn cluster nix_ind_strings
\ add=nix_${lang}_region_IND_STRING
syn cluster nix_strings
\ add=nix_${lang}_region_STRING
syn cluster nix_has_dollar_curly
\ add=@nix_${lang}_syntax
'') {
c = {};
cabal = {};
haskell = {};
sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
vim.extraStart =
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
})}
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
syn clear shVarAssign
syn region nixINSIDE_DOLLAR_CURLY
\ matchgroup=NixEnter
\ start="[$]{"
\ end="}"
\ contains=TOP
\ containedin=@nix_has_dollar_curly
\ transparent
syn region nix_inside_curly
\ matchgroup=NixEnter
\ start="{"
\ end="}"
\ contains=TOP
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
\ transparent
syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
\ containedin=@nix_ind_strings
\ contained
syn match NixQuote /\\./he=s+1
\ containedin=@nix_strings
\ contained
syn sync fromstart
let b:current_syntax = "nix"
set isk=@,48-57,_,192-255,-,'
'';
in
out

9
jeschli/default.nix Normal file
View file

@ -0,0 +1,9 @@
_:
{
imports = [
../krebs
./2configs
# ./3modules
# ./5pkgs
];
}

22
jeschli/source.nix Normal file
View file

@ -0,0 +1,22 @@
with import <stockholm/lib>;
host@{ name, secure ? false, override ? {} }: let
builder = if getEnv "dummy_secrets" == "true"
then "buildbot"
else "jeschli";
_file = <stockholm> + "/jeschli/1systems/${name}/source.nix";
in
evalSource (toString _file) [
{
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "f9390d6";
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>;
jeschli = "/home/jeschli/secrets/${name}";
};
stockholm.file = toString <stockholm>;
}
override
]

1
krebs/1systems/hotdog/config.nix
View file

@ -13,7 +13,6 @@
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/krebs/2configs/reaktor-retiolum.nix>
];

10
krebs/1systems/wolf/config.nix
View file

@ -26,9 +26,13 @@ in
<stockholm/krebs/2configs/shack/share.nix>
{
systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate
#systemd.services.telegraf.environment = {
# "MIBDIRS" : ""; # extra mibs like ADSL
#};
systemd.services.telegraf.environment = {
MIBDIRS = pkgs.fetchgit {
url = "http://git.shackspace.de/makefu/modem-mibs.git";
sha256 =
"1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k";
}; # extra mibs like ADSL
};
services.telegraf = {
enable = true;
extraConfig = {

3
krebs/2configs/ircd.nix
View file

@ -7,6 +7,9 @@
services.charybdis = {
enable = true;
motd = ''
hello
'';
config = ''
serverinfo {
name = "${config.krebs.build.host.name}.irc.retiolum";

1
krebs/3modules/backup.nix
View file

@ -83,6 +83,7 @@ let
rsync
utillinux
];
restartIfChanged = false;
serviceConfig = rec {
ExecStart = start plan;
SyslogIdentifier = ExecStart.name;

2
krebs/3modules/ci.nix
View file

@ -104,7 +104,7 @@ in
"dummy_secrets": "true",
},
command=[
"nix-shell", "--run", " ".join(["test",
"nix-shell", "-I", "stockholm=.", "--run", " ".join(["test",
"--user={}".format(user),
"--system={}".format(host),
"--force-populate",

48
krebs/3modules/default.nix
View file

@ -44,6 +44,7 @@ let
./tinc_graphs.nix
./urlwatch.nix
./repo-sync.nix
./zones.nix
];
options.krebs = api;
config = lib.mkIf cfg.enable imp;
@ -60,6 +61,7 @@ let
hosts = mkOption {
type = with types; attrsOf host;
default = {};
};
users = mkOption {
@ -171,17 +173,6 @@ let
'';
};
# Implements environment.etc."zones/<zone-name>"
environment.etc = let
stripEmptyLines = s: (concatStringsSep "\n"
(remove "\n" (remove "" (splitString "\n" s)))) + "\n";
all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
([cfg.zone-head-config] ++ combined-hosts);
combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
in lib.mapAttrs' (name: value: nameValuePair
("zones/" + name)
{ text=(stripEmptyLines value); }) all-zones;
krebs.exim-smarthost.internet-aliases = let
format = from: to: {
inherit from;
@ -234,21 +225,26 @@ let
};
})
//
# GitHub's IPv4 address range is 192.30.252.0/22
# Refs https://help.github.com/articles/github-s-ip-addresses/
# 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses)
# Because line length is limited by OPENSSH_LINE_MAX (= 8192),
# we split each /24 into its own entry.
listToAttrs (map
(c: {
name = "github${toString c}";
value = {
hostNames = ["github.com"] ++
map (d: "192.30.${toString c}.${toString d}") (range 0 255);
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
})
(range 252 255))
{
github = {
hostNames = [
"github.com"
# List generated with
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
"192.30.253.*"
"192.30.254.*"
"192.30.255.*"
"185.199.108.*"
"185.199.109.*"
"185.199.110.*"
"185.199.111.*"
"18.195.85.27"
"18.194.104.89"
"35.159.8.160"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
}
//
mapAttrs
(name: host: {

4
krebs/3modules/exim.nix
View file

@ -42,6 +42,10 @@ in {
exim_group = ${cfg.group.name}
exim_path = /run/wrappers/bin/exim
spool_directory = ${cfg.user.home}
# https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
chunking_advertise_hosts =
${cfg.config}
'';
systemPackages = [ pkgs.exim ];

2
krebs/3modules/fetchWallpaper.nix
View file

@ -27,7 +27,7 @@ let
};
display = mkOption {
type = types.str;
default = ":0";
default = ":${toString config.services.xserver.display}";
};
unitConfig = mkOption {
type = types.attrsOf types.str;

170
krebs/3modules/lass/default.nix
View file

@ -132,38 +132,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
};
archprism = rec {
cores = 4;
nets = rec {
retiolum = {
via = internet;
ip4.addr = "10.243.0.104";
ip6.addr = "42::fa17";
aliases = [
"archprism.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
internet = {
ip4.addr = "213.239.205.240";
aliases = [
"archprism.i"
];
ssh.port = 45621;
};
};
ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
};
domsen-nas = {
ci = false;
external = true;
@ -374,6 +342,47 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpx9jJnn4QMGO8BOrGOLRN1rgpIkR14sQb8S+otWEL";
};
littleT = {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.133.77";
ip6.addr = "42:0:0:0:0:0:717:7137";
aliases = [
"littleT.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF
/m2ZWpKDZyKx17GXQwm8n0NgyvcemvoCVGqSHIsbxvLB6aBF6ZLkeKyx1mZioEDY
1MWR+yr42dFn+6uVTxJhLPmOxgX0D3pWe31UycoAMSWf4eAhmFIEFUvQCAW43arO
ni1TFSsaHOCxOaLVd/r7tSO0aT72WbOat84zWccwBZXvpqt/V6/o1MGB28JwZ92G
sBMjsCsoiciSg9aAzMCdjOYdM+RSwHEHI9xMineJgZFAbQqwTvK9axyvleJvgaWR
M9906r/17tlqJ/hZ0IwA6X+OT4w/JNGruy/5phxHvZmDgvXmYD9hf2a6JmjOMPp/
Zn6zYCDYgSYugwJ7GI39GG7f+3Xpmre87O6g6WSaMWCfdOaAeYnj+glP5+YvTLpT
+cdN9HweV27wShRozJAqTGZbD0Nfs+EXd0J/q6kP43lwv6wyZdmXCShPF2NzBlEY
xdtWKhRYKC1cs0Z2nK+XGEyznNzp1f8NC5qvTguj4kDMhoOd6WXwk460HF49Tf/c
aGQTGzgEVMAI7phTJubEmxdBooedvPFamS5wpHTmOt9dZ3qbpCgThaMblVvUu/lm
7pkPgc60Y2RAk/Rvyy5A8AaxBXPRBNwVkM5TY/5TW+S1zY09600ZCC2GE27qGT9v
k4GHabO42n3wTHk+APodzKDBbEazhOp5Oclg4nNKqgg+IrmheB91oEqBXlfyDj8B
idVoUvbH9WPwBqdh7hoqzrHDur5wCFBphrkjEe98o5iFFFi2C8W04H7iqe+nFqvJ
y/vzKk5kbfpjov71EEje+hNUCLTWF7sjgT4Z2z8LuqjpIq+d2i5dASfTqj4VBs6D
SeiHyyAfCHG/03I9E5eizCCd98Tr30yhu3IKsdFFXsVwxHVFenq2Y1ca7uypCk+i
mDC5q5WQFEK/8SSO25i1teWBawfNVVVI/A1b676VJyafS9ebJs8TmXYRbE6rcBzH
PssdHNwbtEwhbGdQhgQ2pqQg1SIZM3zvjcpgzL9QP29tulubJ05keaw/4p/Yg/mB
ivF8EAIefXYYVxYkRQsHox7UQpSCzjOtj7gvc0KdJxshSLuryM0LxP+gk+x6JPX5
Ht8x+oE7iL0cqBsIenc/e0XdTZ+4zrBY5hWbGH8a8VJqEYs54WRJhzQf1jzNaCbS
8328MpRF5lXujv61aveg0i4pvczznlSV7wXmmwNAdhvSUTh34tCpRqabpCJdlRBt
NvVuij6guPKt4XV1TxXNsPCfib1vYjvwX8gUE4UhL69VmM8OBaC3XdroMfNvz9YW
5ObxDGIEiP53Jp8hiWId0AI/XF5Ct3Gh2wIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
};
iso = {
ci = false;
cores = 1;
@ -440,8 +449,6 @@ with import <stockholm/lib>;
retiolum = rec {
via = internet;
addrs = [
# edinburgh university
"129.215.0.0/16"
ip4.addr
ip6.addr
];
@ -463,6 +470,10 @@ with import <stockholm/lib>;
lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.subnets = [
# edinburgh university
"129.215.0.0/16"
];
};
};
};
@ -524,6 +535,86 @@ with import <stockholm/lib>;
};
};
};
reagenzglas = {
ci = false;
external = true;
nets = {
retiolum = {
ip4.addr = "10.243.27.27";
ip6.addr = "42::27";
aliases = [
"reagenzglas.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P
bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0
utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO
2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5
hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u
mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW
8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06
aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw
pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu
3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/
lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5
+IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz
9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli
PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0
ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn
GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE
hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2
ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX
vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe
G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44
5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x
Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
xerxes = {
cores = 2;
nets = rec {
retiolum = {
ip4.addr = "10.243.1.3";
ip6.addr = "42::1:3";
aliases = [
"xerxes.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U
MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk
gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W
/EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb
mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO
X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj
+2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim
hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9
3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4
H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5
JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4
hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe
SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo
4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe
vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3
Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO
scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv
jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ
Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u
/Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0
bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ
sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
};
};
users = {
lass = {
@ -552,13 +643,13 @@ with import <stockholm/lib>;
mail = "lass@icarus.r";
pubkey = builtins.readFile ./ssh/icarus.rsa;
};
lass-xerxes = {
mail = "lass@xerxes.r";
pubkey = builtins.readFile ./ssh/xerxes.rsa;
};
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};
archprism-repo-sync = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C";
mail = "lass@prism.r";
};
prism-repo-sync = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe";
mail = "lass@prism.r";
@ -576,5 +667,8 @@ with import <stockholm/lib>;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
mail = "joerg@higgsboson.tk";
};
jeschli = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01";
};
};
}

1
krebs/3modules/lass/ssh/xerxes.rsa Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGjBN0aFs6GxNwMjCvlddbN6+vb6LZuWiWWe+wbAynaGuGbae0TXCLp0/eMNy7fH8poDjpdW9M4mKbBFKOqyG8WJLCPFoQw761tjKl1hccJn0hFSkQAEGKxtfzHlAl/Mz+59yvqNg7/WNSivv41hE7btYltzRy238VQDYFv2eLM7acyxrgGo7tWOtkbpfELj5cM8Qw1j3TF9bGV5pK6IOEtaHbmalS8Iiz77syAu+6E/y6zKBTtGMHI15l6RNJ/Y7A1LM/WwuNL+9dJMYWJFVHy3/4dpaxiioHREiSawUbz9wNHknCrT6vaPCIVVcujhz9Oee1C5UiYUyyfJrFYdlzaTg7FuLNIt2hKMY6NYx1D8/Pwpq1JOsaEfK/K5ytCgaJb115mRevcaUA5s7KYNWHmmZvy08JzCgSM6ZPRtfkQIcha77wVq6DugJ+KgBz+oADQRKiaMrumOMldd0B3q4Oxb71gDTE1XLAbWJnd/0Up1H5GAtZZUUrMUslZiU/23R6SOkyEMLWQTx/KgkWcz8DZLtib5o03uZpfJDVqp2CR+sjmy4x9aa+lSaOzuZP0KRyg+mOKl0o3zL7TNAzrzSCORVBg7nOh+0SPJkDxVRkc6dVY1L3ZOfdm2P/19fhWEr5ECgVrmYYKnDPwWY1iWJlZsiEc3Mj7KB1m44ov0FJg2hiNnydImqcXTCoszp515MBmeHnpqJsqEZuWS8dAnaEiOwZaSKIO1E7lQ7CoP86+eD4yAwLq6fb2tgjHT69LgDMaIha4hMfrO2o4UDVw9OZMfnPtyatI4pxplaQDoQM1p0dej0rZ7uxL1tfoKAyT0UCdtjhxfnNs0x1gOQbML4eGbqyKuyF82eOQRgKRDqH/tParoE4SRBVi7o3s0kILRmXA3ng3n1uhEiGwPTH8JsQ9huM+XOhH8+CzQeg4yb/jCrhsDzvLaW654+ouq9G+kjwqmO4vLNs5eZxfae84rppbS2MJqK1x8rkJixvKBKEfvYJOuDNV+hXyMbToaq8qtGy7cCSq4+UDio3DsSHY0Tpt9e+yEzoOOqFQLQyq6uHv/+u9MY+VADoa4N64U3S2SXul9tE3g6hOAY0F5BYMbxQSuj59kzwghlAmbsyWN2FCmWdsfCQkkZX7wCTj20DtZB/GdVSGNgHGAoU5JZrXKca3A2Yc9hzbYjyNYr0NmQ9NUbkbaOkcYJRIUXtS2OBOHP+FoUkkqL3ieKXR07l5xJbWLzbyVUxN9Zii4Baj5xnDO/RLZPDvTUxbER/0d1orMZztL2EKmfSn4j4uhWqpi04Rg9sWH+WVLAq22EKhAuqcFEOUimjcyZWYKxcAq5Z51NJNBQB7euz55eCJUZkBUYEpNuYr0UDlmBxKB2r6ZWDeNXT7eLxBdwDHCHSqXV7qOG1vMhHtjbbxmQMnkQ4InhO9TdpaN3tj67nGmc6hhgYO4b7NvyL1/pvDPrHrR/3GzkDkwqvt3uESdVdqAJSCk6gFh9V1aGs= lass@xerxes

11
krebs/3modules/makefu/default.nix
View file

@ -5,7 +5,7 @@ with import <stockholm/lib>;
{
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
cake = rec {
cores = 1;
cores = 4;
ci = false;
nets = {
retiolum = {
@ -107,7 +107,7 @@ with import <stockholm/lib>;
ci = true;
cores = 1;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
# ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
nets = {
internet = {
ip4.addr = "185.215.224.160";
@ -500,7 +500,7 @@ with import <stockholm/lib>;
};
retiolum = {
ip4.addr = "10.243.214.15";
ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
# ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
aliases = [
"wbob.r"
];
@ -540,13 +540,14 @@ with import <stockholm/lib>;
wiki.euer IN A ${nets.internet.ip4.addr}
graph IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
io IN NS gum.krebsco.de.
'';
};
nets = rec {
internet = {
ip4.addr = "188.68.40.19";
ip6.addr = "2a03:4000:17:2df::1";
ip4.addr = "185.194.143.140";
ip6.addr = "2a03:4000:1c:43f::1";
aliases = [
"gum.i"
];

44
krebs/3modules/per-user.nix
View file

@ -1,38 +1,34 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
{ config, pkgs, ... }: let
cfg = config.krebs.per-user;
out = {
options.krebs.per-user = api;
config = imp;
};
api = mkOption {
type = with types; attrsOf (submodule {
in {
options.krebs.per-user = mkOption {
type = types.attrsOf (types.submodule {
options = {
packages = mkOption {
type = listOf path;
type = types.listOf types.path;
default = [];
};
};
});
default = {};
};
imp = {
config = {
environment = {
etc = flip mapAttrs' cfg (name: { packages, ... }: {
name = "per-user/${name}";
value.source = pkgs.symlinkJoin {
name = "per-user.${name}";
paths = packages;
};
});
etc =
mapAttrs'
(name: per-user: {
name = "per-user/${name}";
value.source = pkgs.buildEnv {
name = "per-user.${name}";
paths = per-user.packages;
pathsToLink = [
"/bin"
];
};
})
(filterAttrs (_: per-user: per-user.packages != []) cfg);
profiles = ["/etc/per-user/$LOGNAME"];
};
};
in out
}

1
krebs/3modules/repo-sync.nix
View file

@ -173,6 +173,7 @@ let
REPONAME = "${name}.git";
};
restartIfChanged = false;
serviceConfig = {
Type = "simple";
PermissionsStartOnly = true;

4
krebs/3modules/rtorrent.nix
View file

@ -38,12 +38,12 @@ let
${optionalString (cfg.enableXMLRPC ) ''
# prepare socket and set permissions. rtorrent user is part of group nginx
# TODO: configure a shared torrent group
execute_nothrow = rm,${cfg.xmlrpc-socket}
execute.nothrow = rm,${cfg.xmlrpc-socket}
scgi_local = ${cfg.xmlrpc-socket}
schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"ug+w,o=\",${cfg.xmlrpc-socket}"
''}
system.file_allocate.set = ${if cfg.preAllocate then "yes" else "no"}
system.file.allocate.set = ${if cfg.preAllocate then "yes" else "no"}
# Prepare systemd logging
log.open_file = "rtorrent-systemd", ${systemd-logfile}

32
krebs/3modules/tv/default.nix
View file

@ -254,6 +254,36 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
};
querel = {
ci = true;
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.22.22";
ip6.addr = "42::2222";
aliases = [
"querel.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEArv9eB8acpUhJwRaLY9kGeM7DEPvInVvoduEbec10p4Y2PFx2MjSz
2OhyxFRkONC4EMV9oVTKD+NRtpbRGZGLYD8ZPB622SvccgB0XnL6ZZfie1feSgrn
bPyVnX8EnEgtx9IQckHyaxWgtyrluJnY2CbLkCYgD+50KFT12rdHyAa3+QoYU65x
ACQo28i9xIpsl6dm7iWBb+ecHc7fST35OqWywtVxSpHPe1nvwaYm1p3rqqtkCGVh
iXE5ruAscri7Dskc5dGR1p7LquhBaebuylH6sfRKA6kre05+/IkXi+JLeAmAtJ+W
xezYlecEvxhguql9ZmSYAYkR4KknZb56KtvCnm29o0evvEpsaYcbtgq1D0JhoGyk
4DixS5e+5dg470icVKxPfz1AzejxrTUTtMlI28qjAIx1FcmCBGM+T6yHs/MhNGbf
aqUmN+FwtsJ2QWFYqu9zjxxyAfrAw+gqHm0LnsKK1ttwF/2fYCTRLowY+ItB3axs
UVq7DQxyunyYalKGX2RSJ5BHczREHrfgX43HCSlcAuMuow9jHLOjzul0A49rSZ9E
vOPqbjrki0KEEQj0HN3Ax4UVqZ6mPWaTQzuup+bPQ/2Sjkx6COzMSAPmKo4l6DkA
J++ZonpnOCUkwCeCU6qJgMuHeXn0uh117Ypj/3J9eKYMO/RTSs3x8l0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFM2GdL9yOjSBmYBE07ClywNOADc/zxqXwZuWd7Mael root@querel.r";
};
xu = {
binary-cache = {
pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
@ -339,6 +369,8 @@ with import <stockholm/lib>;
dv = {
mail = "dv@alnus.r";
};
itak = {
};
mv-ni = {
mail = "mv@ni.r";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";

22
krebs/3modules/zones.nix Normal file
View file

@ -0,0 +1,22 @@
with import <stockholm/lib>;
{ config, ... }: {
config = {
# Implements environment.etc."zones/<zone-name>"
environment.etc = let
stripEmptyLines = s: (concatStringsSep "\n"
(remove "\n" (remove "" (splitString "\n" s)))) + "\n";
all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
([config.krebs.zone-head-config] ++ combined-hosts);
combined-hosts =
mapAttrsToList (name: getAttr "extraZones") config.krebs.hosts;
in
mapAttrs'
(name: value: {
name = "zones/${name}";
value.text = stripEmptyLines value;
})
all-zones;
};
}

25
krebs/5pkgs/haskell/nix-diff/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl
, nix-derivation, optparse-generic, stdenv, system-filepath, text
, unix, vector
}:
mkDerivation {
pname = "nix-diff";
version = "1.0.0-krebs1";
src = fetchgit {
url = "https://github.com/Gabriel439/nix-diff";
sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k";
rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d";
};
patches = [
./nixos-system.patch
];
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
attoparsec base containers Diff mtl nix-derivation optparse-generic
system-filepath text unix vector
];
homepage = "https://github.com/Gabriel439/nix-diff";
description = "Explain why two Nix derivations differ";
license = stdenv.lib.licenses.bsd3;
}

18
krebs/5pkgs/haskell/nix-diff/nixos-system.patch Normal file
View file

@ -0,0 +1,18 @@
diff --git a/src/Main.hs b/src/Main.hs
index 959ab8e..d3b6077 100644
--- a/src/Main.hs
+++ b/src/Main.hs
@@ -95,7 +95,12 @@ pathToText path =
underneath `/nix/store`, but this is the overwhelmingly common use case
-}
derivationName :: FilePath -> Text
-derivationName = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText
+derivationName p =
+ if Data.Text.isPrefixOf "nixos-system" s
+ then "nixos-system"
+ else s
+ where
+ s = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText $ p
-- | Group input derivations by their name
groupByName :: Map FilePath (Set Text) -> Map Text (Map FilePath (Set Text))

8
krebs/5pkgs/haskell/xmonad-stockholm.nix
View file

@ -1,13 +1,13 @@
{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape
, xmonad, xmonad-contrib
}:
mkDerivation {
mkDerivation rec {
pname = "xmonad-stockholm";
version = "1.1.0";
version = "1.1.1";
src = fetchgit {
url = http://cgit.ni.krebsco.de/xmonad-stockholm;
rev = "179d29fd4c765dee698058ef63295331ac603639";
sha256 = "0c6mj68xsxxr4j8adkzhjszi7bg6cpisrsmqn587a16sblpbrnkj";
rev = "refs/tags/v${version}";
sha256 = "05nnfg6q35z3qgf507qa80bz32jl4k719dl5phlmchplp3769585";
};
libraryHaskellDepends = [
base containers X11 X11-xshape xmonad xmonad-contrib

21
krebs/5pkgs/simple/apt-cacher-ng/default.nix
View file

@ -1,21 +0,0 @@
{ stdenv, fetchurl, cmake, doxygen, zlib, openssl, bzip2, pkgconfig, libpthreadstubs }:
stdenv.mkDerivation rec {
name = "apt-cacher-ng-${version}";
version = "2";
src = fetchurl {
url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz";
sha256 = "0bkc3012vinridl5ch46pwnxjalymx4wf6nxax64nm7bdkcj9azf";
};
NIX_LDFLAGS = "-lpthread";
buildInputs = [ doxygen cmake zlib openssl bzip2 pkgconfig libpthreadstubs ];
meta = {
description = "A caching proxy specialized for linux distribution files";
homepage = http://www.unix-ag.uni-kl.de/~bloch/acng/;
license = stdenv.lib.licenses.gpl2;
maintainers = [ stdenv.lib.maintainers.makefu ];
};
}

30
krebs/5pkgs/simple/cidr2glob.nix Normal file
View file

@ -0,0 +1,30 @@
{ python, writeScriptBin, ... }:
let
pythonEnv = python.withPackages (ps: [ ps.netaddr ]);
in
writeScriptBin "cidr2glob" ''
#! ${pythonEnv}/bin/python
import netaddr
import re
import sys
def cidr2glob(cidr):
net = netaddr.IPNetwork(cidr)
if net.prefixlen <= 8:
return map(lambda subnet: re.sub(r'\.0\.0\.0$', '.*', str(subnet.ip)), net.subnet(8))
elif net.prefixlen <= 16:
return map(lambda subnet: re.sub(r'\.0\.0$', '.*', str(subnet.ip)), net.subnet(16))
elif net.prefixlen <= 24:
return map(lambda subnet: re.sub(r'\.0$', '.*', str(subnet.ip)), net.subnet(24))
else:
return map(lambda ip: str(ip), list(net))
if __name__ == "__main__":
for cidr in sys.stdin:
for glob in cidr2glob(cidr):
print glob
''

38
krebs/5pkgs/simple/internetarchive/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ pkgs, fetchFromGitHub, ... }:
with pkgs.python3Packages;
buildPythonPackage rec {
pname = "internetarchive";
version = "1.7.3";
name = "${pname}-${version}";
propagatedBuildInputs = [
requests
jsonpatch
docopt
clint
six
schema
backports_csv
];
# check only works when cloned from git repo
doCheck = false;
checkInputs = [
pytest
responses
];
prePatch = ''
sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py
'';
src = fetchPypi {
inherit pname version;
sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g";
};
meta = with stdenv.lib; {
description = "python library and cli for uploading files to internet archive";
license = licenses.agpl3;
};
}

2
krebs/5pkgs/simple/krebszones/default.nix
View file

@ -2,7 +2,7 @@
pkgs.writeDashBin "krebszones" ''
set -efu
export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf
export OVH_ZONE_CONFIG=''${OVH_ZONE_CONFIG:-$HOME/.secrets/krebs/ovh-zone.conf}
case $* in
import)
set -- import /etc/zones/krebsco.de krebsco.de

26
krebs/5pkgs/simple/slog/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ pkgs, stdenv, fetchFromGitHub }:
## use with:
# . $(command -v slog.sh)
stdenv.mkDerivation rec {
name = "slog-${version}";
version = "2017-10-27";
src = fetchFromGitHub {
owner = "makefu";
repo = "slog";
rev = "50367c3";
sha256 = "16wlh8xz430101lrxmgl2wangbbhvyj4pg8k5aibnh76sgj6x77r";
};
installPhase = ''
mkdir -p $out/bin
install -m755 slog.sh $out/bin
'';
meta = with stdenv.lib; {
description = "POSIX shell logging";
license = licenses.mit;
};
}

291
krebs/5pkgs/simple/stockholm/default.nix Normal file
View file

@ -0,0 +1,291 @@
{ pkgs }: let
stockholm-dir = ../../../..;
lib = import (stockholm-dir + "/lib");
#
# high level commands
#
cmds.deploy = pkgs.withGetopt {
diff = { default = /* sh */ "false"; switch = true; };
force-populate = { default = /* sh */ "false"; switch = true; };
quiet = { default = /* sh */ "false"; switch = true; };
source_file = {
default = /* sh */ "$user/1systems/$system/source.nix";
long = "source";
};
system = {};
target.default = /* sh */ "$system";
user.default = /* sh */ "$LOGNAME";
} (opts: pkgs.writeDash "stockholm.deploy" ''
set -efu
. ${init.env}
. ${init.proxy "deploy" opts}
if \test ${opts.diff.ref} = true; then
system_profile=/nix/var/nix/profiles/system
system_drv_cur=/etc/system.drv
system_drv_new=$(
${pkgs.nix}/bin/nix-instantiate \
-Q \
-I "$target_path" \
-E '
(import <nixpkgs/nixos/lib/eval-config.nix> {
modules = [ <nixos-config> ];
}).config.system.build.toplevel
'
)
if \test -e "$system_drv_cur"; then
system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur")
system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new")
if \test "$system_drv_cur_c" = "$system_drv_new_c"; then
echo "$0: system up to date" >&2
exit 0
fi
system_drv_cur=$system_drv_cur_c \
system_drv_new=$system_drv_new_c \
${pkgs.utillinux}/bin/script \
--command '
${pkgs.haskellPackages.nix-diff}/bin/nix-diff \
"$system_drv_cur" "$system_drv_new"
' \
--quiet \
--return \
/dev/null
printf 'deploy? [N/y] ' >&2
read -r REPLY
if \test "$REPLY" != y; then
echo "$0: abort!" >&2
exit 1
fi
else
echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2
fi
new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new")
${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system"
PATH=${lib.makeBinPath [
pkgs.systemd
]} \
"$system_profile"/bin/switch-to-configuration switch
${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur"
exit
fi
# Use system's nixos-rebuild, which is not self-contained
export PATH=/run/current-system/sw/bin
exec ${utils.with-whatsupnix} \
nixos-rebuild switch \
--show-trace \
-I "$target_path"
'');
cmds.install = pkgs.withGetopt {
force-populate = { default = /* sh */ "false"; switch = true; };
quiet = { default = /* sh */ "false"; switch = true; };
source_file = {
default = /* sh */ "$user/1systems/$system/source.nix";
long = "source";
};
system = {};
target = {};
user.default = /* sh */ "$LOGNAME";
} (opts: pkgs.writeBash "stockholm.install" ''
set -efu
. ${init.env}
if \test "''${using_proxy-}" != true; then
${pkgs.openssh}/bin/ssh \
-o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \
"$target_user@$target_host" -p "$target_port" \
env target_path=$(${pkgs.quote}/bin/quote "$target_path") \
sh -s prepare \
< ${stockholm-dir + "/krebs/4lib/infest/prepare.sh"}
# TODO inline prepare.sh?
fi
. ${init.proxy "install" opts}
# these variables get defined by nix-shell (i.e. nix-build) from
# XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0),
# which only exists on / and not at /mnt.
export NIX_BUILD_TOP=/tmp
export TEMPDIR=/tmp
export TEMP=/tmp
export TMPDIR=/tmp
export TMP=/tmp
export XDG_RUNTIME_DIR=/tmp
export NIXOS_CONFIG="$target_path/nixos-config"
cd
exec nixos-install
'');
cmds.test = pkgs.withGetopt {
force-populate = { default = /* sh */ "false"; switch = true; };
quiet = { default = /* sh */ "false"; switch = true; };
source_file = {
default = /* sh */ "$user/1systems/$system/source.nix";
long = "source";
};
system = {};
target = {};
user.default = /* sh */ "$LOGNAME";
} (opts: pkgs.writeDash "stockholm.test" /* sh */ ''
set -efu
export dummy_secrets=true
. ${init.env}
. ${init.proxy "test" opts}
exec ${utils.build} config.system.build.toplevel
'');
#
# low level commands
#
# usage: get-source SOURCE_FILE
cmds.get-source = pkgs.writeDash "stockholm.get-source" ''
set -efu
exec ${pkgs.nix}/bin/nix-instantiate \
--eval \
--json \
--readonly-mode \
--show-trace \
--strict \
"$1"
'';
# usage: parse-target [--default=TARGET] TARGET
# TARGET = [USER@]HOST[:PORT][/PATH]
cmds.parse-target = pkgs.withGetopt {
default_target = {
long = "default";
short = "d";
};
} (opts: pkgs.writeDash "stockholm.parse-target" ''
set -efu
target=$1; shift
for arg; do echo "$0: bad argument: $arg" >&2; done
if \test $# != 0; then exit 2; fi
exec ${pkgs.jq}/bin/jq \
-enr \
--arg default_target "$default_target" \
--arg target "$target" \
-f ${pkgs.writeText "stockholm.parse-target.jq" ''
def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | {
user: .captures[0].string,
host: .captures[1].string,
port: .captures[2].string,
path: .captures[3].string,
};
def sanitize: with_entries(select(.value != null));
($default_target | parse) + ($target | parse | sanitize) |
. + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) }
''}
'');
init.env = pkgs.writeText "init.env" /* sh */ ''
export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}"
export quiet
export system
export target
export user
default_target=root@$system:22/var/src
export target_object="$(
${cmds.parse-target} "$target" -d "$default_target"
)"
export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)"
export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)"
export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)"
export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)"
export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)"
'';
init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ ''
if \test "''${using_proxy-}" != true; then
source=$(${cmds.get-source} "$source_file")
qualified_target=$target_user@$target_host:$target_port$target_path
if \test "$force_populate" = true; then
echo "$source" | ${pkgs.populate}/bin/populate --force "$qualified_target"
else
echo "$source" | ${pkgs.populate}/bin/populate "$qualified_target"
fi
if \test "$target_local" != true; then
exec ${pkgs.openssh}/bin/ssh \
"$target_user@$target_host" -p "$target_port" \
cd "$target_path/stockholm" \; \
NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \
STOCKHOLM_VERSION=$(${pkgs.quote}/bin/quote "$STOCKHOLM_VERSION") \
nix-shell --run "$(${pkgs.quote}/bin/quote "
${lib.concatStringsSep " " (lib.mapAttrsToList
(name: opt: /* sh */
"${opt.varname}=\$(${pkgs.quote}/bin/quote ${opt.ref})")
opts
)} \
using_proxy=true \
${lib.shell.escape command} \
$WITHGETOPT_ORIG_ARGS \
")"
fi
fi
'';
utils.build = pkgs.writeDash "utils.build" ''
set -efu
${utils.with-whatsupnix} \
${pkgs.nix}/bin/nix-build \
--no-out-link \
--show-trace \
-E "with import <stockholm>; $1" \
-I "$target_path" \
'';
utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" ''
set -efu
if \test "$quiet" = true; then
"$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix
else
exec "$@"
fi
'';
shell.get-version = pkgs.writeDash "stockholm.get-version" ''
set -efu
version=git.$(${pkgs.git}/bin/git describe --always --dirty)
case $version in (*-dirty)
version=$version@$HOSTNAME
esac
date=$(${pkgs.coreutils}/bin/date +%y.%m)
echo "$date.$version"
'';
in
pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link:
lib.nameValuePair "/bin/${name}" { inherit link; }
) cmds)

23
krebs/5pkgs/simple/urlwatch/default.nix
View file

@ -1,14 +1,18 @@
{ stdenv, fetchurl, python3Packages }:
{ stdenv, fetchFromGitHub, python3Packages }:
python3Packages.buildPythonPackage rec {
name = "urlwatch-${meta.version}";
python3Packages.buildPythonApplication rec {
name = "urlwatch-${version}";
version = "2.7";
src = fetchurl {
url = "https://github.com/thp/urlwatch/archive/${meta.version}.tar.gz";
sha256 = "09bn31gn03swi7yr3s1ql8x07hx96gap1ka77kk44kk0lvfxn55b";
src = fetchFromGitHub {
owner = "thp";
repo = "urlwatch";
rev = version;
sha256 = "0fx964z73yv08b1lpymmjsigf6929zx9ax5bp34rcf2c5gk11l5m";
};
propagatedBuildInputs = with python3Packages; [
appdirs
keyring
minidb
pycodestyle
@ -16,11 +20,10 @@ python3Packages.buildPythonPackage rec {
requests
];
meta = {
meta = with stdenv.lib; {
description = "A tool for monitoring webpages for updates";
homepage = https://thp.io/2008/urlwatch/;
license = stdenv.lib.licenses.bsd3;
maintainers = [ stdenv.lib.maintainers.tv ];
version = "2.6";
license = licenses.bsd3;
maintainers = with maintainers; [ tv ];
};
}

2
krebs/5pkgs/simple/withGetopt.nix
View file

@ -20,7 +20,7 @@ opt-spec: cmd-spec: let
# true if b requires a to define its default value
opts-before = a: b:
test ".*[$]${stringAsChars (c: "[${c}]") a.varname}\\>.*" (b.default or "");
test ".*[$]${stringAsChars (c: "[${c}]") a.varname}([^0-9A-Za-z_].*)?" (b.default or "");
opts-list = let
sort-out = toposort opts-before (attrValues opts);

2
krebs/source.nix
View file

@ -14,6 +14,6 @@ in
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "07ca7b64d2ff2fa7a79e4eab1aba70ff746fed8c"; # nixos-17.09 @ 2017-10-02
ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13
};
}

328
lass/1systems/archprism/config.nix
View file

@ -1,328 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
ip = config.krebs.build.host.nets.internet.ip4.addr;
in {
imports = [
<stockholm/lass>
{
networking.interfaces.et0.ip4 = [
{
address = ip;
prefixLength = 24;
}
];
networking.defaultGateway = "213.239.205.225";
networking.nameservers = [
"8.8.8.8"
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
'';
}
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/exim-smarthost.nix>
#<stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/ts3.nix>
<stockholm/lass/2configs/bitlbee.nix>
<stockholm/lass/2configs/weechat.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/radio.nix>
<stockholm/lass/2configs/repo-sync.nix>
<stockholm/lass/2configs/binary-cache/server.nix>
<stockholm/lass/2configs/iodined.nix>
<stockholm/lass/2configs/libvirt.nix>
<stockholm/lass/2configs/hfos.nix>
<stockholm/lass/2configs/monitoring/server.nix>
<stockholm/lass/2configs/monitoring/monit-alarms.nix>
<stockholm/lass/2configs/paste.nix>
<stockholm/lass/2configs/syncthing.nix>
#<stockholm/lass/2configs/reaktor-coders.nix>
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
#<stockholm/lass/2configs/reaktor-krebs.nix>
#{
# lass.pyload.enable = true;
#}
{
imports = [
<stockholm/lass/2configs/bepasty.nix>
];
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
return 403;
}
'';
}
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
# Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
# Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
# Docs: man:tmpfiles.d(5)
# man:systemd-tmpfiles(8)
# Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
# Main PID: 19272 (code=exited, status=1/FAILURE)
#
# Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
# Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
# Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
# warning: error(s) occured while switching to the new configuration
lock.gid = 10001;
};
}
{
boot.loader.grub = {
devices = [
"/dev/sda"
"/dev/sdb"
];
splashImage = null;
};
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
];
fileSystems."/" = {
device = "/dev/pool/nix";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36";
};
fileSystems."/var/download" = {
device = "/dev/pool/download";
};
fileSystems."/srv/http" = {
device = "/dev/pool/http";
};
fileSystems."/srv/o.ubikmedia.de-data" = {
device = "/dev/pool/owncloud-ubik-data";
};
fileSystems."/bku" = {
device = "/dev/pool/bku";
};
fileSystems."/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
}
{
sound.enable = false;
}
{
nixpkgs.config.allowUnfree = true;
}
{
#stuff for juhulian
users.extraUsers.juhulian = {
name = "juhulian";
uid = 1339;
home = "/home/juhulian";
group = "users";
createHome = true;
useDefaultShell = true;
extraGroups = [
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
];
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
];
}
{
environment.systemPackages = [
pkgs.perlPackages.Plack
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8080"; target = "ACCEPT";}
];
}
{
time.timeZone = "Europe/Berlin";
}
{
imports = [
<stockholm/lass/2configs/websites/domsen.nix>
<stockholm/lass/2configs/websites/lassulus.nix>
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
{
services.tor = {
enable = true;
};
}
{
lass.ejabberd = {
enable = true;
hosts = [ "lassul.us" ];
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
];
}
{
imports = [
<stockholm/lass/2configs/realwallpaper.nix>
];
services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
alias /var/realwallpaper/realwallpaper.png;
'';
}
{
environment.systemPackages = with pkgs; [
mk_sql_pair
];
}
{
users.users.tv = {
uid = genid "tv";
inherit (config.krebs.users.tv) home;
group = "users";
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
];
};
users.users.makefu = {
uid = genid "makefu";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.makefu.pubkey
];
};
users.users.nin = {
uid = genid "nin";
inherit (config.krebs.users.nin) home;
group = "users";
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
];
extraGroups = [
"libvirtd"
];
};
}
{
krebs.repo-sync.timerConfig = {
OnBootSec = "15min";
OnUnitInactiveSec = "90min";
RandomizedDelaySec = "30min";
};
krebs.repo-sync.repos.stockholm.timerConfig = {
OnBootSec = "5min";
OnUnitInactiveSec = "2min";
RandomizedDelaySec = "2min";
};
}
{
lass.usershadow = {
enable = true;
};
}
#{
# krebs.Reaktor.prism = {
# nickname = "Reaktor|lass";
# channels = [ "#retiolum" ];
# extraEnviron = {
# REAKTOR_HOST = "ni.r";
# };
# plugins = with pkgs.ReaktorPlugins; [
# sed-plugin
# ];
# };
#}
{
#stuff for dritter
users.extraUsers.dritter = {
name = "dritter";
uid = genid "dritter";
home = "/home/dritter";
group = "users";
createHome = true;
useDefaultShell = true;
extraGroups = [
"download"
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
];
};
}
{
#hotdog
containers.hotdog = {
config = { ... }: {
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.1";
localAddress = "10.233.2.2";
};
}
{
#kaepsele
containers.kaepsele = {
config = { ... }: {
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
tv.pubkey
];
};
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.3";
localAddress = "10.233.2.4";
};
}
{
#onondaga
containers.onondaga = {
config = { ... }: {
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.nin.pubkey
];
};
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.4";
localAddress = "10.233.2.5";
};
}
];
krebs.build.host = config.krebs.hosts.archprism;
}

5
lass/1systems/daedalus/config.nix
View file

@ -37,6 +37,9 @@ with import <stockholm/lib>;
networkmanagerapplet
libreoffice
audacity
zathura
skype
wine
];
services.xserver.enable = true;
services.xserver.displayManager.lightdm.enable = true;
@ -52,8 +55,10 @@ with import <stockholm/lib>;
name = "bitcoin";
description = "user for bitcoin stuff";
home = "/home/bitcoin";
isNormalUser = true;
useDefaultShell = true;
createHome = true;
extraGroups = [ "audio" ];
};
};
security.sudo.extraConfig = ''

39
lass/1systems/helios/config.nix
View file

@ -10,8 +10,12 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/otp-ssh.nix>
<stockholm/lass/2configs/git.nix>
# TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined
#<stockholm/lass/2configs/git.nix>
<stockholm/lass/2configs/dcso-vpn.nix>
<stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
@ -59,6 +63,13 @@ with import <stockholm/lib>;
maxTime = 9001;
};
}
{
#urban terror port
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 27960"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 27960"; target = "ACCEPT"; }
];
}
];
krebs.build.host = config.krebs.hosts.helios;
@ -68,6 +79,16 @@ with import <stockholm/lib>;
repo = [ config.krebs.git.repos.stockholm ];
perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ];
}
{
lass.umts = {
enable = true;
modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09";
initstrings = ''
Init1 = AT+CFUN=1
Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
'';
};
}
];
# Use the systemd-boot EFI boot loader.
@ -80,7 +101,6 @@ with import <stockholm/lib>;
environment.systemPackages = with pkgs; [
ag
vim
rxvt_unicode
git
rsync
hashPassword
@ -100,11 +120,16 @@ with import <stockholm/lib>;
services.xserver.videoDrivers = [ "nvidia" ];
services.xserver.xrandrHeads = [
{ output = "DP-0.8"; }
{ output = "DP-4"; monitorConfig = ''Option "Rotate" "right"''; }
{ output = "DP-2"; primary = true; }
{ output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
{ output = "DP-0"; }
];
services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
${pkgs.systemd}/bin/systemctl start xresources.service
'';
networking.hostName = lib.mkForce "BLN02NB0162";
security.pki.certificateFiles = [
@ -123,8 +148,6 @@ with import <stockholm/lib>;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" ];
services.printing = {
enable = true;
drivers = [ pkgs.postscript-lexmark ];
};
services.printing.drivers = [ pkgs.postscript-lexmark ];
}

84
lass/1systems/littleT/config.nix Normal file
View file

@ -0,0 +1,84 @@
with import <stockholm/lib>;
{ config, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/backups.nix>
<stockholm/lass/2configs/steam.nix>
{
users.users.blacky = {
uid = genid "blacky";
home = "/home/blacky";
group = "users";
createHome = true;
extraGroups = [
"audio"
"networkmanager"
"video"
];
useDefaultShell = true;
};
networking.networkmanager.enable = true;
networking.wireless.enable = mkForce false;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
environment.systemPackages = with pkgs; [
pavucontrol
chromium
hexchat
networkmanagerapplet
vlc
];
services.xserver.enable = true;
services.xserver.displayManager.lightdm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
services.xserver.layout = "de";
users.mutableUsers = mkForce true;
services.xserver.synaptics.enable = true;
}
{
#remote control
environment.systemPackages = with pkgs; [
x11vnc
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }
];
}
];
time.timeZone = "Europe/Berlin";
hardware.trackpoint = {
enable = true;
sensitivity = 220;
speed = 0;
emulateWheel = true;
};
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
krebs.build.host = config.krebs.hosts.littleT;
#fileSystems = {
# "/bku" = {
# device = "/dev/mapper/pool-bku";
# fsType = "btrfs";
# options = ["defaults" "noatime" "ssd" "compress=lzo"];
# };
#};
#services.udev.extraRules = ''
# SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
#'';
}

3
lass/1systems/archprism/source.nix → lass/1systems/littleT/source.nix
View file

@ -1,3 +1,4 @@
import <stockholm/lass/source.nix> {
name = "archprism";
name = "littleT";
secure = true;
}

10
lass/1systems/mors/config.nix
View file

@ -29,7 +29,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/otp-ssh.nix>
<stockholm/lass/2configs/c-base.nix>
<stockholm/tv/2configs/br.nix>
<stockholm/lass/2configs/br.nix>
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@ -135,6 +135,8 @@ with import <stockholm/lib>;
macchanger
dpass
dnsutils
];
#TODO: fix this shit
@ -177,7 +179,7 @@ with import <stockholm/lib>;
echo 'secrets are crypted' >&2
exit 23
else
exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"'
fi
'';
predeploy = pkgs.writeDash "predeploy" ''
@ -192,4 +194,8 @@ with import <stockholm/lib>;
exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate'
'';
};
#nix.package = pkgs.nixUnstable;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" ];
}

20
lass/1systems/prism/config.nix
View file

@ -67,6 +67,11 @@ in {
fsType = "ext4";
};
fileSystems."/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
swapDevices = [
{ label = "swap1"; }
{ label = "swap2"; }
@ -220,8 +225,8 @@ in {
};
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.4";
localAddress = "10.233.2.5";
hostAddress = "10.233.2.5";
localAddress = "10.233.2.6";
};
}
<stockholm/lass/2configs/exim-smarthost.nix>
@ -280,6 +285,17 @@ in {
{ predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
];
}
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/lass/2configs/dcso-dev.nix>
{
krebs.git.rules = [
{
user = [ config.krebs.users.jeschli ];
repo = [ config.krebs.git.repos.stockholm ];
perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ];
}
];
}
];
krebs.build.host = config.krebs.hosts.prism;

40
lass/1systems/xerxes/config.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/hw/gpd-pocket.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/baseX.nix>
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
];
krebs.build.host = config.krebs.hosts.xerxes;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0"
'';
fileSystems."/" = {
device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/16C8-D053";
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358";
fsType = "btrfs";
};
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ];
networking.wireless.enable = true;
}

11
lass/1systems/xerxes/source.nix Normal file
View file

@ -0,0 +1,11 @@
with import <stockholm/lib>;
import <stockholm/lass/source.nix> {
name = "xerxes";
secure = true;
override = {
nixpkgs.git = mkForce {
url = https://github.com/lassulus/nixpkgs;
ref = "3eccd0b";
};
};
}

9
lass/2configs/audit.nix
View file

@ -1,9 +0,0 @@
{ ... }:
{
security.audit = {
rules = [
"-a task,never"
];
};
}

55
lass/2configs/baseX.nix
View file

@ -7,9 +7,9 @@ in {
./mpv.nix
./power-action.nix
./copyq.nix
./xresources.nix
./livestream.nix
./dns-stuff.nix
./urxvt.nix
{
hardware.pulseaudio = {
enable = true;
@ -41,6 +41,11 @@ in {
default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
};
};
config.services.xresources.resources.X = ''
*.font: ${config.lass.fonts.regular}
*.boldFont: ${config.lass.fonts.bold}
*.italicFont: ${config.lass.fonts.italic}
'';
}
];
@ -64,9 +69,11 @@ in {
dic
dmenu
gi
git-preview
gitAndTools.qgit
lm_sensors
haskellPackages.hledger
lm_sensors
mpv-poll
much
ncdu
nix-repl
@ -74,21 +81,20 @@ in {
pavucontrol
powertop
push
rxvt_unicode_with-plugins
screengrab
slock
sxiv
termite
xclip
xorg.xbacklight
xorg.xhost
xsel
youtube-tools
yt-next
zathura
mpv-poll
yt-next
youtube-tools
rxvt_unicode
termite
cabal2nix
];
fonts.fonts = with pkgs; [
@ -98,42 +104,15 @@ in {
xlibs.fontschumachermisc
];
lass.xserver.enable = true;
services.xserver = {
enable = true;
desktopManager.xterm.enable = false;
desktopManager.default = "none";
displayManager.lightdm.enable = true;
displayManager.lightdm.autoLogin = {
enable = true;
user = "lass";
};
windowManager.default = "xmonad";
windowManager.session = [{
name = "xmonad";
start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
${pkgs.xmonad-lass}/bin/xmonad &
waitPID=$!
'';
}];
layout = "us";
xkbModel = "evdev";
xkbVariant = "altgr-intl";
xkbOptions = "caps:backspace";
};
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
services.xserver.synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
};
services.urxvtd.enable = true;
services.xresources.enable = true;
lass.screenlock.enable = true;
}

2
lass/2configs/br.nix
View file

@ -18,7 +18,7 @@ with import <stockholm/lib>;
netDevices = {
bra = {
model = "MFCL2700DN";
ip = "10.23.42.221";
ip = "10.42.23.221";
};
};
};

45
lass/2configs/browsers.nix
View file

@ -5,19 +5,23 @@ let
mainUser = config.users.extraUsers.mainUser;
browser-select = pkgs.writeScriptBin "browser-select" ''
BROWSER=$(echo -e "${concatStringsSep "\\n" (attrNames config.lass.browser.paths)}" | ${pkgs.dmenu}/bin/dmenu)
browser-select = let
sortedPaths = sort (a: b: a.value.precedence > b.value.precedence)
(mapAttrsToList (name: value: { inherit name value; })
config.lass.browser.paths);
in pkgs.writeScriptBin "browser-select" ''
BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu)
case $BROWSER in
${concatMapStringsSep "\n" (n: ''
${n})
export BIN=${config.lass.browser.paths.${n}}/bin/${n}
${n.name})
export BIN=${n.value.path}/bin/${n.name}
;;
'') (attrNames config.lass.browser.paths)}
'') (sortedPaths)}
esac
$BIN "$@"
'';
createChromiumUser = name: extraGroups:
createChromiumUser = name: extraGroups: precedence:
let
bin = pkgs.writeScriptBin name ''
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
@ -31,7 +35,7 @@ let
useDefaultShell = true;
createHome = true;
};
lass.browser.paths.${name} = bin;
lass.browser.paths.${name}.path = bin;
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
@ -40,10 +44,10 @@ let
];
};
createFirefoxUser = name: extraGroups:
createFirefoxUser = name: extraGroups: precedence:
let
bin = pkgs.writeScriptBin name ''
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@
'';
in {
users.extraUsers.${name} = {
@ -54,7 +58,10 @@ let
useDefaultShell = true;
createHome = true;
};
lass.browser.paths.${name} = bin;
lass.browser.paths.${name} = {
path = bin;
inherit precedence;
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
@ -79,14 +86,24 @@ in {
type = types.path;
};
options.lass.browser.paths = mkOption {
type = with types; attrsOf path;
type = types.attrsOf (types.submodule ({
options = {
path = mkOption {
type = types.path;
};
precedence = mkOption {
type = types.int;
default = 0;
};
};
}));
};
}
( createFirefoxUser "ff" [ "audio" ] )
( createChromiumUser "cr" [ "video" "audio" ] )
( createFirefoxUser "ff" [ "audio" ] 10 )
( createChromiumUser "cr" [ "video" "audio" ] 9 )
( createChromiumUser "gm" [ "video" "audio" ] 8 )
( createChromiumUser "wk" [ "video" "audio" ] )
( createChromiumUser "fb" [ "video" "audio" ] )
( createChromiumUser "gm" [ "video" "audio" ] )
( createChromiumUser "com" [ "video" "audio" ] )
];
}

4
lass/2configs/copyq.nix
View file

@ -21,9 +21,9 @@ let
in {
systemd.services.copyq = {
wantedBy = [ "multi-user.target" ];
requires = [ "display-manager.service" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":0";
DISPLAY = ":${toString config.services.xserver.display}";
};
path = with pkgs; [
qt5.full

53
lass/2configs/dcso-dev.nix Normal file
View file

@ -0,0 +1,53 @@
{ config, lib, pkgs, ... }:
let
mainUser = config.users.extraUsers.mainUser;
inherit (import <stockholm/lib>) genid;
in {
users.extraUsers = {
dev = {
name = "dev";
uid = genid "dev";
description = "user for collaborative development";
home = "/home/dev";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-android.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
];
packages = with pkgs; [
emacs25-nox
(pkgs.symlinkJoin {
name = "tmux";
paths = [
(pkgs.writeDashBin "tmux" ''
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
set-option -g default-terminal screen-256color
#use session instead of windows
bind-key c new-session
bind-key p switch-client -p
bind-key n switch-client -n
bind-key C-s switch-client -l
''} "$@"
'')
pkgs.tmux
];
})
];
};
};
krebs.per-user.dev.packages = [
pkgs.go
];
security.sudo.extraConfig = ''
${mainUser.name} ALL=(dev) NOPASSWD: ALL
'';
}

2
lass/2configs/default.nix
View file

@ -2,7 +2,6 @@
with import <stockholm/lib>;
{
imports = [
../2configs/audit.nix
../2configs/binary-cache/client.nix
../2configs/gc.nix
../2configs/mc.nix
@ -23,6 +22,7 @@ with import <stockholm/lib>;
config.krebs.users.lass.pubkey
config.krebs.users.lass-shodan.pubkey
config.krebs.users.lass-icarus.pubkey
config.krebs.users.lass-xerxes.pubkey
];
};
mainUser = {

3
lass/2configs/exim-smarthost.nix
View file

@ -46,6 +46,9 @@ with import <stockholm/lib>;
{ from = "apple@lassul.us"; to = lass.mail; }
{ from = "coinbase@lassul.us"; to = lass.mail; }
{ from = "tomtop@lassul.us"; to = lass.mail; }
{ from = "aliexpress@lassul.us"; to = lass.mail; }
{ from = "business@lassul.us"; to = lass.mail; }
{ from = "payeer@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

2
lass/2configs/games.nix
View file

@ -57,7 +57,7 @@ let
in {
environment.systemPackages = with pkgs; [
dwarf_fortress
(dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; })
doom1
doom2
vdoom1

28
lass/2configs/hw/gpd-pocket.nix Normal file
View file

@ -0,0 +1,28 @@
{ pkgs, ... }:
let
dummy_firmware = pkgs.writeTextFile {
name = "brcmfmac4356-pcie.txt";
text = builtins.readFile ./brcmfmac4356-pcie.txt;
destination = "/lib/firmware/brcm/brcmfmac4356-pcie.txt";
};
in {
#imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
hardware.firmware = [ dummy_firmware ];
hardware.enableRedistributableFirmware = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" "sdhci_pci" ];
boot.kernelPackages = pkgs.linuxPackages_4_14;
boot.kernelParams = [
"fbcon=rotate:1"
];
services.xserver.displayManager.sessionCommands = ''
(sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right)
(sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1)
'';
services.xserver.dpi = 200;
fonts.fontconfig.dpi = 200;
lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola";
lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola";
lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol";
}

5
lass/2configs/hw/x220.nix
View file

@ -29,4 +29,9 @@
options = ["nosuid" "nodev" "noatime"];
};
};
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
}

1
lass/2configs/mail.nix
View file

@ -76,6 +76,7 @@ let
"INBOX" "notmuch://?query=tag:inbox \
and NOT to:nix-devel\
and NOT to:shackspace\
and NOT to:security\
and NOT to:c-base" \
"shack" "notmuch://?query=to:shackspace"\
"c-base" "notmuch://?query=to:c-base"\

25
lass/2configs/repo-sync.nix
View file

@ -22,15 +22,22 @@ let
});
};
in {
rules = with git; singleton {
user = with config.krebs.users; [
config.krebs.users."${config.networking.hostName}-repo-sync"
lass
lass-shodan
];
repo = [ repo ];
perm = push ''refs/*'' [ non-fast-forward create delete merge ];
};
rules = with git; [
{
user = with config.krebs.users; [
config.krebs.users."${config.networking.hostName}-repo-sync"
lass
lass-shodan
];
repo = [ repo ];
perm = push ''refs/*'' [ non-fast-forward create delete merge ];
}
{
user = attrValues config.krebs.users;
repo = [ repo ];
perm = fetch;
}
];
repos."${name}" = repo;
};

40
lass/2configs/urxvt.nix
View file

@ -1,40 +1,32 @@
{ config, pkgs, ... }:
let
inherit (config.users.extraUsers) mainUser;
in
with import <stockholm/lib>;
{
imports = [
../3modules/urxvtd.nix
../3modules/xresources.nix
];
services.urxvtd.enable = true;
services.urxvtd = {
enable = true;
users = [ mainUser.name ];
urxvtPackage = pkgs.rxvt_unicode_with-plugins;
};
services.xresources.enable = true;
services.xresources.resources.urxvt = ''
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
URxvt*SaveLines: 4096
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
URxvt.url-select.launcher: browser-select
${optionalString (hasAttr "browser" config.lass)
"URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select"
}
URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.intensityStyles: false
URxvt.intensityStyles: false
URxvt*background: #000000
URxvt*foreground: #ffffff
URxvt*background: #000000
URxvt*foreground: #ffffff
!change unreadable blue
URxvt*color4: #268bd2
URxvt*color4: #268bd2
URxvt*color0: #232342
'';
}

5
lass/2configs/vim.nix
View file

@ -98,8 +98,13 @@ let
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
" search with ack
let g:ackprg = 'ag --vimgrep'
cnoreabbrev Ack Ack!
" copy/paste from/to xclipboard
noremap x "_x
set clipboard=unnamedplus
'';
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [

22
lass/2configs/websites/lassulus.nix
View file

@ -147,12 +147,32 @@ in {
in ''
alias ${initscript};
'';
locations."/pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
'';
};
security.acme.certs."cgit.lassul.us" = {
email = "lassulus@lassul.us";
webroot = "/var/lib/acme/acme-challenge";
plugins = [
"account_key.json"
"fullchain.pem"
"key.pem"
];
group = "nginx";
user = "nginx";
};
services.nginx.virtualHosts.cgit = {
serverName = "cgit.lassul.us";
addSSL = true;
enableACME = true;
sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
locations."/.well-known/acme-challenge".extraConfig = ''
root /var/lib/acme/acme-challenge;
'';
};
users.users.blog = {

22
lass/2configs/wine.nix
View file

@ -4,10 +4,6 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
krebs.per-user.wine.packages = with pkgs; [
wine
#(wineFull.override { wineBuild = "wine64"; })
];
users.users= {
wine = {
name = "wine";
@ -19,9 +15,27 @@ in {
"video"
];
createHome = true;
packages = [
pkgs.wine
];
};
wine64 = {
name = "wine64";
description = "user for running wine in 64bit";
home = "/home/wine64";
useDefaultShell = true;
extraGroups = [
"audio"
"video"
];
createHome = true;
packages = [
(pkgs.wine.override { wineBuild = "wineWow"; })
];
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(wine) NOPASSWD: ALL
${mainUser.name} ALL=(wine64) NOPASSWD: ALL
'';
}

63
lass/2configs/xresources.nix
View file

@ -1,63 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
xresources = pkgs.writeText "Xresources" ''
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*SaveLines: 4096
URxvt.font: ${config.lass.fonts.regular}
URxvt.boldFont: ${config.lass.fonts.bold}
URxvt.italicFont: ${config.lass.fonts.italic}
! ref https://github.com/muennich/urxvt-perls
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
${optionalString (hasAttr "browser" config.lass)
"URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select"
}
URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.intensityStyles: false
URxvt*background: #000000
URxvt*foreground: #d0d7d0
URxvt*cursorColor: #f042b0
URxvt*cursorColor2: #f0b000
URxvt*cursorBlink: off
URxvt*.pointerBlank: true
URxvt*.pointerBlankDelay: 987654321
URxvt*.pointerColor: #f042b0
URxvt*.pointerColor2: #050505
URxvt*color0: #232342
'';
in {
systemd.services.xresources = {
description = "xresources";
wantedBy = [ "multi-user.target" ];
after = [ "display-manager.service" ];
environment = {
DISPLAY = ":0";
};
restartIfChanged = true;
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
Restart = "on-failure";
User = "lass";
};
};
}

1
lass/3modules/default.nix
View file

@ -11,6 +11,7 @@ _:
./screenlock.nix
./umts.nix
./usershadow.nix
./xserver
./xresources.nix
];
}

2
lass/3modules/screenlock.nix
View file

@ -23,7 +23,7 @@ let
before = [ "sleep.target" ];
wantedBy = [ "sleep.target" ];
environment = {
DISPLAY = ":0";
DISPLAY = ":${toString config.services.xserver.display}";
};
serviceConfig = {
SyslogIdentifier = "screenlock";

15
lass/3modules/xresources.nix
View file

@ -4,16 +4,13 @@
#prefix with Attribute Name
#ex: urxvt
#
#
with builtins;
with lib;
let
inherit (import ../../tv/4lib { inherit pkgs lib; }) shell-escape;
inherit (pkgs) writeScript;
inherit (pkgs) writeScript writeText;
in
@ -46,12 +43,16 @@ in
config =
let
cfg = config.services.xresources;
xres = concatStringsSep "\n" (attrValues cfg.resources);
xres = writeText "xresources" (concatStringsSep "\n" (attrValues cfg.resources));
in mkIf cfg.enable {
services.xserver.displayManager.sessionCommands = ''
echo ${shell-escape xres} | xrdb -merge
${pkgs.xorg.xrdb}/bin/xrdb -merge ${xres}
'';
environment.systemPackages = [
(pkgs.writeDashBin "updateXresources" ''
${pkgs.xorg.xrdb}/bin/xrdb -merge ${xres}
'')
];
};
}

101
lass/3modules/xserver/default.nix Normal file
View file

@ -0,0 +1,101 @@
{ config, pkgs, ... }@args:
with import <stockholm/lib>;
let
out = {
options.lass.xserver = api;
config = mkIf cfg.enable imp;
};
user = config.krebs.build.user;
cfg = config.lass.xserver;
xcfg = config.services.xserver;
api = {
enable = mkEnableOption "lass xserver";
};
imp = {
services.xserver = {
# Don't install feh into systemPackages
# refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
desktopManager.session = mkForce [];
enable = true;
display = 11;
tty = 11;
};
systemd.services.display-manager.enable = false;
systemd.services.xmonad = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString xcfg.display}";
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${xcfg.displayManager.sessionCommands}
wait
'';
XMONAD_DATA_DIR = "/tmp";
};
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
User = user.name;
WorkingDirectory = user.home;
};
};
systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = {
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
++ concatLists (catAttrs "libPath" xcfg.drivers));
};
serviceConfig = {
SyslogIdentifier = "xserver";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString xcfg.display}"
"vt${toString xcfg.tty}"
"-config ${import ./xserver.conf.nix args}"
"-logfile /dev/null -logverbose 0 -verbose 3"
"-nolisten tcp"
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
(optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
];
};
};
services.xresources.resources.dpi = ''
${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"}
'';
systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
};
in out

40
lass/3modules/xserver/xserver.conf.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.services.xserver;
in
pkgs.stdenv.mkDerivation {
name = "xserver.conf";
xfs = optionalString (cfg.useXFS != false)
''FontPath "${toString cfg.useXFS}"'';
inherit (cfg) config;
buildCommand =
''
echo 'Section "Files"' >> $out
echo $xfs >> $out
for i in ${toString config.fonts.fonts}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString cfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo 'EndSection' >> $out
echo "$config" >> $out
'';
}

5
lass/5pkgs/default.nix
View file

@ -20,5 +20,10 @@
xml2json = pkgs.callPackage ./xml2json/default.nix {};
xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; };
yt-next = pkgs.callPackage ./yt-next/default.nix {};
screengrab = pkgs.writeDashBin "screengrab" ''
resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')"
${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1
'';
};
}

49
lass/5pkgs/xmonad-lass.nix
View file

@ -3,6 +3,7 @@ pkgs.writeHaskell "xmonad-lass" {
executables.xmonad = {
extra-depends = [
"containers"
"extra"
"unix"
"X11"
"xmonad"
@ -20,18 +21,16 @@ module Main where
import XMonad
import qualified XMonad.StackSet as W
import Control.Exception
import Control.Monad.Extra (whenJustM)
import Data.List (isInfixOf)
import System.Environment (getArgs, withArgs)
import System.IO (hPutStrLn, stderr)
import System.Environment (getArgs, lookupEnv)
import System.Posix.Process (executeFile)
import Text.Read (readEither)
import XMonad.Actions.CopyWindow (copy, kill1)
import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
import XMonad.Actions.DynamicWorkspaces (withWorkspace)
import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
import XMonad.Actions.UpdatePointer (updatePointer)
import XMonad.Hooks.EwmhDesktops (ewmh)
import XMonad.Hooks.FloatNext (floatNext)
import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
@ -41,59 +40,45 @@ import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
import XMonad.Layout.NoBorders (smartBorders)
import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Layout.SimpleFloat (simpleFloat)
import XMonad.Stockholm.Shutdown
myTerm :: FilePath
myTerm = "${pkgs.rxvt_unicode}/bin/urxvtc"
myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc"
myFont :: String
myFont = "${config.lass.fonts.regular}"
main :: IO ()
main = getArgs >>= \case
["--shutdown"] -> sendShutdownEvent
_ -> mainNoArgs
["--shutdown"] -> sendShutdownEvent
_ -> main'
mainNoArgs :: IO ()
mainNoArgs = do
xmonad'
main' :: IO ()
main' = do
xmonad $ ewmh
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def
{ terminal = myTerm
, modMask = mod4Mask
, layoutHook = smartBorders $ myLayoutHook
, logHook = updatePointer (0.25, 0.25) (0.25, 0.25)
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
, startupHook =
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
(\path -> forkFile path [] Nothing)
, normalBorderColor = "#1c1c1c"
, focusedBorderColor = "#f000b0"
, focusedBorderColor = "#ff0000"
, handleEventHook = handleShutdownEvent
, workspaces = [ "dashboard", "sys", "wp" ]
} `additionalKeysP` myKeyMap
myLayoutHook = defLayout
where
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1) ||| simpleFloat
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
xmonad' conf = do
let path = "/tmp/xmonad.state"
try (readFile path) >>= \case
Right content -> do
hPutStrLn stderr ("resuming from " ++ path)
withArgs ("--resume" : lines content) (xmonad conf)
Left e -> do
hPutStrLn stderr (displaySomeException e)
xmonad conf
displaySomeException :: SomeException -> String
displaySomeException = displayException
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
myKeyMap :: [([Char], X ())]
myKeyMap =
@ -102,6 +87,8 @@ myKeyMap =
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
, ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type")
, ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
, ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%")
, ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%")

2
lass/source.nix
View file

@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "e53e9a2";
ref = "cb751f9";
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

9
lib/types.nix
View file

@ -92,7 +92,7 @@ rec {
default = null;
};
addrs = mkOption {
type = listOf cidr;
type = listOf addr;
default =
optional (config.ip4 != null) config.ip4.addr ++
optional (config.ip6 != null) config.ip6.addr;
@ -155,6 +155,8 @@ rec {
++
(map (a: "Subnet = ${a}") net.addrs)
++
(map (a: "Subnet = ${a}") config.subnets)
++
[config.extraConfig]
++
[config.pubkey]
@ -173,6 +175,11 @@ rec {
description = "tinc port to use to connect to host";
default = 655;
};
subnets = mkOption {
type = listOf cidr;
description = "tinc subnets";
default = [];
};
};
}));
default = null;

4
makefu/1systems/cake/config.nix
View file

@ -6,9 +6,6 @@
# configure your hw:
# <stockholm/makefu/2configs/save-diskspace.nix>
];
users.extraUsers.root.openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
];
krebs = {
enable = true;
tinc.retiolum.enable = true;
@ -23,6 +20,7 @@
programs.man.enable = false;
services.nixosManual.enable = false;
boot.tmpOnTmpfs = lib.mkForce false;
sound.enable = false;
hardware.enableRedistributableFirmware = true;
hardware.firmware = [

41
makefu/1systems/darth/config.nix
View file

@ -2,6 +2,8 @@
with import <stockholm/lib>;
let
# all the good stuff resides in /data
byid = dev: "/dev/disk/by-id/" + dev;
rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN";
bootPart = rootDisk + "-part1";
@ -21,44 +23,23 @@ in {
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/stats/client.nix>
<stockholm/makefu/2configs/nsupdate-data.nix>
# <stockholm/makefu/2configs/nsupdate-data.nix>
# SIEM
#<stockholm/makefu/2configs/tinc/siem.nix>
# {services.tinc.networks.siem = {
# name = "sdarth";
# extraConfig = "ConnectTo = sjump";
# };
# }
# {
# makefu.forward-journal = {
# enable = true;
# src = "10.8.10.2";
# dst = "10.8.10.6";
# };
# }
## Sharing
# <stockholm/makefu/2configs/share/temp-share-samba.nix>
#{
# services.samba.shares = {
# isos = {
# path = "/data/isos/";
# "read only" = "yes";
# browseable = "yes";
# "guest ok" = "yes";
# };
# };
#}
<stockholm/makefu/2configs/share/anon-ftp.nix>
# lan party
<stockholm/makefu/2configs/lanparty/lancache.nix>
<stockholm/makefu/2configs/lanparty/lancache-dns.nix>
<stockholm/makefu/2configs/lanparty/samba.nix>
<stockholm/makefu/2configs/lanparty/mumble-server.nix>
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
];
#networking.firewall.enable = false;
makefu.server.primary-itf = "enp0s25";
krebs.hidden-ssh.enable = true;
# krebs.hidden-ssh.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ];
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;

52
makefu/1systems/gum/config.nix
View file

@ -2,16 +2,22 @@
with import <stockholm/lib>;
let
external-mac = "3a:66:48:8e:82:b2";
# hw-specific
external-mac = "2a:c5:6e:d2:fc:7f";
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
external-gw = "185.194.140.1";
# single partition, label "nixos"
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
# static
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
external-gw = "188.68.40.1";
external-gw6 = "fe80::1";
external-netmask = 22;
external-netmask6 = 64;
ext-if = "et0"; # gets renamed on the fly
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
ext-if = "et0"; # gets renamed on the fly
in {
imports = [
<stockholm/makefu>
@ -19,6 +25,7 @@ in {
<stockholm/makefu/2configs/headless.nix>
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
# <stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
<stockholm/makefu/2configs/backup.nix>
# <stockholm/makefu/2configs/mattermost-docker.nix>
@ -39,7 +46,7 @@ in {
# services
<stockholm/makefu/2configs/share/gum.nix>
<stockholm/makefu/2configs/sabnzbd.nix>
# <stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/iodined.nix>
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
@ -58,6 +65,8 @@ in {
<stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
{
services.taskserver.enable = true;
services.taskserver.fqdn = config.krebs.build.host.name;
@ -76,14 +85,41 @@ in {
# <stockholm/makefu/2configs/logging/client.nix>
# Temporary:
<stockholm/makefu/2configs/temp/rst-issue.nix>
# <stockholm/makefu/2configs/temp/rst-issue.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
#{
# services.dockerRegistry.enable = true;
# networking.firewall.allowedTCPPorts = [ 8443 ];
# services.nginx.virtualHosts."euer.krebsco.de" = {
# forceSSL = true;
# enableACME = true;
# extraConfig = ''
# client_max_body_size 1000M;
# '';
# locations."/".proxyPass = "http://localhost:5000";
# };
#}
{ # wireguard server
networking.firewall.allowedUDPPorts = [ 51820 ];
#networking.wireguard.interfaces.wg0 = {
# ips = [ "10.244.0.1/24" ];
# privateKeyFile = (toString <secrets>) + "/wireguard.key";
# allowedIPsAsRoutes = true;
# peers = [{
# allowedIPs = [ "0.0.0.0/0" "::/0" ];
# publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
# }];
#};
}
];
makefu.dl-dir = "/var/download";
services.openssh.hostKeys = [
{ bits = 4096; path = <secrets/ssh_host_rsa_key>; type = "rsa"; }
{ path = <secrets/ssh_host_ed25519_key>; type = "ed25519"; } ];
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
###### stable
services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
krebs.build.host = config.krebs.hosts.gum;

2
makefu/1systems/latte/config.nix
View file

@ -18,7 +18,7 @@ in {
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/stats/client.nix>
# Tools
<stockholm/makefu/2configs/tools/core.nix>

3
makefu/1systems/omo/config.nix
View file

@ -61,6 +61,7 @@ in {
# logs to influx
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf>
<stockholm/makefu/2configs/stats/telegraf/europastats.nix>
# services
<stockholm/makefu/2configs/syncthing.nix>
@ -82,7 +83,7 @@ in {
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
# Temporary:
<stockholm/makefu/2configs/temp/rst-issue.nix>
# <stockholm/makefu/2configs/temp/rst-issue.nix>
];
makefu.full-populate = true;
makefu.server.primary-itf = primaryInterface;

44
makefu/1systems/tsp/config.nix
View file

@ -1,20 +1,20 @@
#
#
#
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{
imports =
[ # Include the results of the hardware scan.
<stockholm/makefu>
<stockholm/makefu/2configs/gui/base.nix>
<stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/tools/all.nix>
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
# hardware specifics are in here
# imports tp-x2x0.nix
<stockholm/makefu/2configs/hw/tp-x200.nix>
# <stockholm/makefu/2configs/hw/tp-x200.nix>
<stockholm/makefu/2configs/disable_v6.nix>
<stockholm/makefu/2configs/rad1o.nix>
# <stockholm/makefu/2configs/rad1o.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
@ -22,9 +22,43 @@
];
# not working in vm
krebs.build.host = config.krebs.hosts.tsp;
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
boot.loader.grub.copyKernels = true;
networking.firewall.allowedTCPPorts = [
25
];
# acer aspire
networking.wireless.enable = lib.mkDefault true;
services.xserver.synaptics.enable = true;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
hardware.cpu.intel.updateMicrocode = true;
zramSwap.enable = true;
zramSwap.numDevices = 2;
services.tlp.enable = true;
services.tlp.extraConfig = ''
# BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
START_CHARGE_THRESH_BAT0=67
STOP_CHARGE_THRESH_BAT0=100
CPU_SCALING_GOVERNOR_ON_AC=performance
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
CPU_MIN_PERF_ON_AC=0
CPU_MAX_PERF_ON_AC=100
CPU_MIN_PERF_ON_BAT=0
CPU_MAX_PERF_ON_BAT=30
'';
powerManagement.resumeCommands = ''
${pkgs.rfkill}/bin/rfkill unblock all
'';
}

51
makefu/1systems/wbob/config.nix
View file

@ -3,6 +3,7 @@ let
rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115";
datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F";
user = config.makefu.gui.user;
primaryIP = "192.168.8.11";
in {
imports =
@ -10,23 +11,63 @@ in {
<stockholm/makefu>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/tools/core-gui.nix>
<stockholm/makefu/2configs/tools/extra-gui.nix>
<stockholm/makefu/2configs/tools/media.nix>
<stockholm/makefu/2configs/disable_v6.nix>
# <stockholm/makefu/2configs/tools/core-gui.nix>
# <stockholm/makefu/2configs/tools/extra-gui.nix>
# <stockholm/makefu/2configs/tools/media.nix>
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/deployment/led-fader.nix>
# <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/gui/studio-virtual.nix>
# <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
# <stockholm/makefu/2configs/audio/realtime-audio.nix>
# <stockholm/makefu/2configs/vncserver.nix>
<stockholm/makefu/2configs/temp/rst-issue.nix>
# Services
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/share/wbob.nix>
<stockholm/makefu/2configs/stats/telegraf>
<stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
<stockholm/makefu/2configs/deployment/bureautomation>
(let
collectd-port = 25826;
influx-port = 8086;
grafana-port = 3000; # TODO nginx forward
db = "collectd_db";
logging-interface = "enp0s25";
in {
services.grafana.enable = true;
services.grafana.addr = "0.0.0.0";
services.influxdb.enable = true;
services.influxdb.extraConfig = {
meta.hostname = config.krebs.build.host.name;
# meta.logging-enabled = true;
http.bind-address = ":${toString influx-port}";
admin.bind-address = ":8083";
collectd = [{
enabled = true;
typesdb = "${pkgs.collectd}/share/collectd/types.db";
database = db;
bind-address = ":${toString collectd-port}";
}];
};
networking.firewall.extraCommands = ''
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
'';
})
# temporary
# <stockholm/makefu/2configs/temp/rst-issue.nix>
];
krebs = {

2
makefu/1systems/wbob/source.nix
View file

@ -1,4 +1,4 @@
import <stockholm/makefu/source.nix> {
name="wbob";
musnix = true;
# musnix = true;
}

13
makefu/1systems/x/config.nix
View file

@ -23,8 +23,6 @@ with import <stockholm/lib>;
# <stockholm/makefu/2configs/deployment/wiki-irc-bot>
# <stockholm/makefu/2configs/torrent.nix>
# <stockholm/makefu/2configs/lanparty/lancache.nix>
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
# <stockholm/makefu/2configs/deployment/dirctator.nix>
# <stockholm/makefu/2configs/vncserver.nix>
# <stockholm/makefu/2configs/deployment/led-fader>
@ -64,7 +62,7 @@ with import <stockholm/lib>;
<stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/exfat-nofuse.nix>
<stockholm/makefu/2configs/hw/wwan.nix>
<stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix>
# Filesystem
@ -75,6 +73,11 @@ with import <stockholm/lib>;
{
programs.adb.enable = true;
}
# temporary
# <stockholm/makefu/2configs/lanparty/lancache.nix>
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
# <stockholm/makefu/2configs/lanparty/samba.nix>
# <stockholm/makefu/2configs/lanparty/mumble-server.nix>
];
@ -84,7 +87,6 @@ with import <stockholm/lib>;
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ pkgs.passwdqc-utils ];
# configure pulseAudio to provide a HDMI sink as well
@ -102,4 +104,7 @@ with import <stockholm/lib>;
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
nix.package = pkgs.nixUnstable;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
}

13
makefu/2configs/backup.nix
View file

@ -31,6 +31,19 @@ in {
krebs.backup.plans = {
# wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )//
{
dst.path = "/media/cryptX/backup/gum/var-download";
dst.host = defaultBackupServer;
startAt = "19:00";
};
gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )//
{
dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de";
dst.host = defaultBackupServer;
startAt = "05:00";
};
# wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/";
};
environment.systemPackages = [

48
makefu/2configs/deployment/bgt/hidden_service.nix Normal file
View file

@ -0,0 +1,48 @@
{ pkgs, lib, ... }:
with lib;
let
name = "bgt_cyberwar_hidden_service";
sec = (toString <secrets>) + "/";
secdir = sec + name;
srvdir = "/var/lib/tor/onion/";
basedir = srvdir + name;
hn = builtins.readFile (secdir + "/hostname");
in
{
systemd.services.prepare-hidden-service = {
wantedBy = [ "local-fs.target" ];
before = [ "tor.service" ];
serviceConfig = {
ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
#!/bin/sh
set -euf
if ! test -d "${basedir}" ;then
mkdir -p "${srvdir}"
cp -r "${secdir}" "${srvdir}"
chown -R tor:tor "${srvdir}"
chmod -R 700 "${basedir}"
else
echo "not overwriting ${basedir}"
fi
'';
Type = "oneshot";
RemainAfterExit = "yes";
TimeoutSec = "0";
};
};
services.nginx.virtualHosts."${hn}".locations."/" = {
proxyPass = "https://blog.binaergewitter.de";
extraConfig = ''
proxy_set_header Host blog.binaergewitter.de;
proxy_ssl_server_name on;
'';
};
services.tor = {
enable = true;
hiddenServices."${name}".map = [
{ port = "80"; }
# { port = "443"; toHost = "blog.binaergewitter.de"; }
];
};
}

41
makefu/2configs/deployment/bureautomation/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ pkgs, lib, ... }:
with lib;
let
port = 3001;
runit = pkgs.writeDash "runit" ''
set -xeuf
PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin
name=''${1?must provide name as first arg}
state=''${2?must provide state as second arg}
# val=''${3?must provide val as third arg}
# we ignore non-alerting events
test $state = alerting || exit 0
echo $name - $state
curl 'http://bauarbeiterlampe/ay?o=1'
sleep 5
curl 'http://bauarbeiterlampe/ay?o=1'
'';
in {
services.logstash = {
package = pkgs.logstash5;
enable = true;
inputConfig = ''
http {
port => ${toString port}
host => "127.0.0.1"
}
'';
filterConfig = ''
'';
outputConfig = ''
stdout { codec => json }
exec { command => "${runit} '%{ruleName}' '%{state}'" }
'';
extraSettings = ''
path.plugins: [ "${pkgs.logstash-output-exec}" ]
'';
};
}

28
makefu/2configs/deployment/led-fader.nix
View file

@ -1,27 +1,25 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, buildPythonPackage, ... }:
with import <stockholm/lib>;
let
mq = "192.168.8.11";
pkg = pkgs.stdenv.mkDerivation {
pkg = pkgs.python3Packages.buildPythonPackage {
name = "ampel-master";
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
rev = "07a6791de368e16cc0864d2676fd255eba522cee";
sha256 = "1jxjapvkfglvgapy7gjbr1nra3ay418nvz70bvypcmv7wc8d4h8q";
rev = "531741b";
sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c";
};
buildInputs = [
(pkgs.python35.withPackages (pythonPackages: with pythonPackages; [
propagatedBuildInputs = with pkgs.python3Packages; [
docopt
paho-mqtt
]))
requests
pytz
influxdb
httplib2
google_api_python_client
];
installPhase = ''
install -m755 -D fade.py $out/bin/fade.py
install -m755 -D ampel.py $out/bin/ampel
install -m755 -D times.json $out/share/times.json
'';
};
in {
systemd.services.led-fader = {
@ -34,7 +32,9 @@ in {
serviceConfig = {
# User = "nobody"; # need a user with permissions to run nix-shell
ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2";
ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json";
ExecStart = "${pkg}/bin/ampel 4";
Restart = "always";
RestartSec = 10;
PrivateTmp = true;
};
};

6
makefu/2configs/deployment/scrape/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./elkstack.nix
./selenium.nix
];
}

0
makefu/2configs/temp/elkstack.nix → makefu/2configs/deployment/scrape/elkstack.nix
View file

65
makefu/2configs/deployment/scrape/selenium.nix Normal file
View file

@ -0,0 +1,65 @@
{config, pkgs, lib, ...}:
with <stockholm/lib>;
let
selenium-pw = <secrets/selenium-vncpasswd>;
in {
services.jenkinsSlave.enable = true;
users.users.selenium = {
uid = genid "selenium";
extraGroups = [ "plugdev" ];
};
fonts.enableFontDir = true;
# networking.firewall.allowedTCPPorts = [ 5910 ];
systemd.services.selenium-X11 =
{
description = "X11 vnc for selenium";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.xorg.xorgserver pkgs.tightvnc pkgs.dwm ];
environment =
{
DISPLAY = ":10";
};
script = ''
set -ex
[ -e /tmp/.X10-lock ] && ( set +e ; chmod u+w /tmp/.X10-lock ; rm /tmp/.X10-lock )
[ -e /tmp/.X11-unix/X10 ] && ( set +e ; chmod u+w /tmp/.X11-unix/X10 ; rm /tmp/.X11-unix/X10 )
mkdir -p ~/.vnc
cp -f ${selenium-pw} ~/.vnc/passwd
chmod go-rwx ~/.vnc/passwd
echo > ~/.vnc/xstartup
chmod u+x ~/.vnc/xstartup
vncserver $DISPLAY -geometry 1280x1024 -depth 24 -name jenkins -ac
dwm
'';
preStop = ''
vncserver -kill $DISPLAY
'';
serviceConfig = {
User = "selenium";
};
};
systemd.services.selenium-server =
{
description = "selenium-server";
wantedBy = [ "multi-user.target" ];
requires = [ "selenium-X11.service" ];
path = [ pkgs.chromium
pkgs.firefoxWrapper ];
environment =
{
DISPLAY = ":10";
};
script = ''
${pkgs.selenium-server-standalone}/bin/selenium-server -Dwebdriver.enable.native.events=1
'';
serviceConfig = {
User = "selenium";
};
};
}

15
makefu/2configs/hw/stk1160.nix
View file

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
# TODO: un-pin linuxPackages somehow
boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages;
nixpkgs.config.packageOverrides = pkgs: {
linux_4_9 = pkgs.linux_4_9.override {
extraConfig = ''
MEDIA_ANALOG_TV_SUPPORT y
VIDEO_STK1160_COMMON m
VIDEO_STK1160_AC97 y
VIDEO_STK1160 m
'';
};
};
}

21
makefu/2configs/lanparty/lancache-dns.nix
View file

@ -1,6 +1,19 @@
{ pkgs, lib, config, ... }:
with import <stockholm/lib>;
let
upstream-server = "8.8.8.8";
# make sure the router pins the ip address to the deployed host
# and set it as dns server ( dhcp option 6,192.168.10.10 )
local_ip = "192.168.10.10";
extra-config = pkgs.writeText "local.conf" ''
server:
local-data: "piratebox. A ${local_ip}"
local-data: "store. A ${local_ip}"
local-data: "share. A ${local_ip}"
'';
# see https://github.com/zeropingheroes/lancache for full docs
lancache-dns = pkgs.stdenv.mkDerivation rec {
name = "lancache-dns-2017-06-28";
@ -11,8 +24,9 @@ let
rev = "420aa62";
sha256 = "0ik7by7ripdv2avyy5kk9jp1i7rz9ksc8xmg7n9iik365q9pv94m";
};
phases = [ "unpackPhase" "installPhase" ];
# here we can chance to edit `includes/proxy-cache-paths.conf`
# here we have the chance to edit `includes/proxy-cache-paths.conf`
installPhase = ''
mkdir -p $out
cp -r * $out/
@ -20,7 +34,6 @@ let
};
stateDir = "/var/lib/unbound";
user = "unbound";
upstream-server = "8.8.8.8";
in {
services.unbound = {
enable = true;
@ -29,6 +42,7 @@ in {
forwardAddresses = [ upstream-server ];
extraConfig = ''
include: "${stateDir}/lancache/*.conf"
include: "${extra-config}"
'';
};
services.dnscrypt-proxy.enable = lib.mkForce false;
@ -42,7 +56,8 @@ in {
path = [ pkgs.gawk pkgs.iproute pkgs.gnused ];
script = ''
set -xeu
current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}')
# current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}')
current_ip=${local_ip}
old_ip=10.1.1.250
mkdir -p ${stateDir}
rm -rvf ${stateDir}/lancache

9
makefu/2configs/lanparty/lancache.nix
View file

@ -17,15 +17,21 @@ let
installPhase = ''
mkdir -p $out
cp -r * $out/
rm $out/caches-enabled/*
sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \
-e '1 idaemon off;' \
-e 's#/var/lancache#${cfg.statedir}#g' \
$out/nginx.conf
sed -i -e 's#/var/lancache#${cfg.statedir}#g' \
$out/*/*.conf
ln -s $out/caches-available/* $out/caches-enabled/
'';
};
cfg = {
statedir = "/data/cache";
group = "nginx-lancache";
user = "nginx-lancache";
statedir = "/var/lancache";
package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{
configureFlags = old.configureFlags ++ [
"--with-http_slice_module"
@ -43,6 +49,7 @@ in {
preStart = ''
mkdir -p ${cfg.statedir} && cd ${cfg.statedir}
chmod 700 ${cfg.statedir}
PATH_CACHE=$PATH_BASE/cache
PATH_LOGS=$PATH_BASE/logs

12
makefu/2configs/lanparty/mumble-server.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, ... }:
{
networking.firewall.allowedTCPPorts = [ 64738 ];
networking.firewall.allowedUDPPorts = [ 64738 ];
services.murmur = {
enable = true;
welcometext = "Welcome to the LANest Party mumble server";
bonjour = true;
hostName = "0.0.0.0";
sendVersion = true;
};
}

9
makefu/2configs/lanparty/samba.nix
View file

@ -10,9 +10,16 @@
};
services.samba = {
enable = true;
enableNmbd = true;
shares = {
share-home = {
lanparty = {
path = "/data/lanparty/";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
share = {
path = "/data/incoming";
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";

18
makefu/2configs/share/omo.nix
View file

@ -30,24 +30,18 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
usenet = {
path = "/media/crypt0/usenet/dst";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
pyload = {
path = "/media/crypt0/pyload";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
crypt0 = {
path = "/media/crypt0";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
crypX-games = {
path = "/media/cryptX/games";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
media-rw = {
path = "/media/";
"read only" = "no";

38
makefu/2configs/share/wbob.nix Normal file
View file

@ -0,0 +1,38 @@
{config, ... }:{
networking.firewall.allowedUDPPorts = [ 137 138 ];
networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
description = "smb guest user";
home = "/home/share";
createHome = true;
};
services.samba = {
enable = true;
enableNmbd = true;
shares = {
incoming = {
path = "/data/incoming";
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
data = {
path = "/data/";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
};
extraConfig = ''
guest account = smbguest
map to guest = bad user
# disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
'';
};
}

19
makefu/2configs/stats/telegraf/airsensor.nix Normal file
View file

@ -0,0 +1,19 @@
{ pkgs, ...}:
{
services.udev.extraRules = ''
SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input"
'';
users.users.telegraf.extraGroups = [ "input" ];
services.telegraf.extraConfig.inputs.exec = [
{
commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"];
timeout = "10s";
data_format = "value";
data_type = "integer";
name_override = "airquality";
interval = "10s";
tags.unit="VOC";
}
];
}

3
makefu/2configs/stats/telegraf/default.nix
View file

@ -2,9 +2,6 @@
let
url = "http://localhost:8086";
in {
imports = [
./europastats.nix
];
services.telegraf = {
enable = true;
extraConfig = {

38
makefu/2configs/tools/core.nix
View file

@ -5,38 +5,44 @@
#
# essentially `nix-env -q` of the main user
{
krebs.per-user.makefu.packages = with pkgs; [
environment.systemPackages = with pkgs; [
at_spi2_core
acpi
bc
rsync
exif
file
lsof
which
binutils
# fs
ntfs3g
cifs-utils
dosfstools
ntfs3g
smartmontools
# io
pv
sshpass
usbutils
p7zip
hdparm
inetutils
ncftp
mutt
tcpdump
sysstat
which
weechat
wol
tmux
iftop
mkpasswd
# storage
smartmontools
cifs-utils
# net
wget
curl
inetutils
ncftp
tcpdump
sysstat
wol
iftop
mkpasswd
mutt
weechat
tmux
# stockholm
git

Some files were not shown because too many files have changed in this diff Show more