diff --git a/default.nix b/default.nix
index 472d7597d..ac748c286 100644
--- a/default.nix
+++ b/default.nix
@@ -32,7 +32,10 @@ let stockholm = {
upath = lib.nspath current-user-name;
base-module = { config, ... }: {
- imports = map (f: f "3modules") [ kpath upath ];
+ imports = builtins.filter builtins.pathExists (lib.concatLists [
+ (map (f: f "2configs") [ upath ])
+ (map (f: f "3modules") [ kpath upath ])
+ ]);
krebs.current.enable = true;
krebs.current.host = config.krebs.hosts.${current-host-name};
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 1205e192b..7f004cd81 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -29,10 +29,13 @@ let
};
options.krebs.build.source.dir = mkOption {
- type = types.attrsOf (types.submodule ({ config, ... }: {
+ type = let
+ default-host = config.krebs.current.host;
+ in types.attrsOf (types.submodule ({ config, ... }: {
options = {
host = mkOption {
type = types.host;
+ default = default-host;
};
path = mkOption {
type = types.str;
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index fd9d56ed2..b4e7f9254 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -15,6 +15,7 @@ let
./git.nix
./iptables.nix
./nginx.nix
+ ./per-user.nix
./Reaktor.nix
./retiolum-bootstrap.nix
./realwallpaper.nix
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 2d33b9275..652527da2 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -164,6 +164,7 @@ with lib;
dc = "makefu"; #dc = "cac";
extraZones = {
"krebsco.de" = ''
+ euer IN A ${head nets.internet.addrs4}
wiki.euer IN A ${head nets.internet.addrs4}
wry IN A ${head nets.internet.addrs4}
io IN NS wry.krebsco.de.
@@ -191,6 +192,9 @@ with lib;
"paste.retiolum"
"wry.retiolum"
"wiki.makefu.retiolum"
+ "wiki.wry.retiolum"
+ "blog.makefu.retiolum"
+ "blog.wry.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -210,13 +214,36 @@ with lib;
};
};
};
+ filepimp = rec {
+ cores = 1;
+ dc = "makefu"; #nas
+
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.153.102"];
+ addrs6 = ["42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"];
+ aliases = [
+ "filepimp.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
+ BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
+ i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
+ 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
+ u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
+ OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
gum = rec {
cores = 1;
dc = "online.net"; #root-server
extraZones = {
"krebsco.de" = ''
- euer IN A ${head nets.internet.addrs4}
share.euer IN A ${head nets.internet.addrs4}
gum IN A ${head nets.internet.addrs4}
'';
diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix
new file mode 100644
index 000000000..ee213deda
--- /dev/null
+++ b/krebs/3modules/per-user.nix
@@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.krebs.per-user;
+
+ out = {
+ options.krebs.per-user = api;
+ config = imp;
+ };
+
+ api = mkOption {
+ type = with types; attrsOf (submodule {
+ options = {
+ packages = mkOption {
+ type = listOf path;
+ default = [];
+ };
+ };
+ });
+ default = {};
+ };
+
+ imp = {
+ environment = {
+ etc = flip mapAttrs' cfg (name: { packages, ... }: {
+ name = "per-user/${name}";
+ value.source = pkgs.symlinkJoin "per-user.${name}" packages;
+ });
+ profiles = ["/etc/per-user/$LOGNAME"];
+ };
+ };
+
+in out
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 4c295dffe..6fd1c4224 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -158,7 +158,8 @@ with lib;
};
};
secure = true;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILn7C3LxAs9kUynENdRNgQs4qjrhNDfXzlHTpVJt6e09";
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic";
};
ok = {
nets = {
@@ -276,17 +277,26 @@ with lib;
};
};
secure = true;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw";
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
};
};
- users = addNames {
+ users = addNames rec {
mv = {
mail = "mv@cd.retiolum";
- pubkey = readFile ../../Zpubkeys/mv_vod.ssh.pub;
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
};
tv = {
mail = "tv@wu.retiolum";
- pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
+ };
+ tv_nomic = {
+ inherit (tv) mail;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2";
+ };
+ tv_xu = {
+ inherit (tv) mail;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
};
};
}
diff --git a/krebs/5pkgs/bepasty-client-cli/default.nix b/krebs/5pkgs/bepasty-client-cli/default.nix
new file mode 100644
index 000000000..990f99af6
--- /dev/null
+++ b/krebs/5pkgs/bepasty-client-cli/default.nix
@@ -0,0 +1,22 @@
+{ lib, pkgs, pythonPackages, fetchurl, ... }:
+
+with pythonPackages; buildPythonPackage rec {
+ name = "bepasty-client-cli-${version}";
+ version = "0.3.0";
+ propagatedBuildInputs = [
+ python_magic
+ click
+ requests2
+ ];
+
+ src = fetchurl {
+ url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz";
+ sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw";
+ };
+
+ meta = {
+ homepage = https://github.com/bepasty/bepasty-client-cli;
+ description = "CLI client for bepasty-server";
+ license = lib.licenses.bsd2;
+ };
+}
diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix
new file mode 100644
index 000000000..fb318af83
--- /dev/null
+++ b/krebs/5pkgs/krebspaste/default.nix
@@ -0,0 +1,7 @@
+{ writeScriptBin, pkgs }:
+
+# TODO: use `wrapProgram --add-flags` instead?
+writeScriptBin "krebspaste" ''
+ #! /bin/sh
+ exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
+''
diff --git a/krebs/5pkgs/push/default.nix b/krebs/5pkgs/push/default.nix
index 410b43465..bc5c030a0 100644
--- a/krebs/5pkgs/push/default.nix
+++ b/krebs/5pkgs/push/default.nix
@@ -9,12 +9,12 @@
, ... }:
stdenv.mkDerivation {
- name = "push-1.1.0";
+ name = "push-1.1.1";
src = fetchgit {
url = http://cgit.cd.retiolum/push;
- rev = "c5f4bda5bd00bad7778bbd5a9af8d476de0de920";
- sha256 = "d335b644b791214263cee5c6659538c8e45326531b0588e5e7eb3bd9ef969800";
+ rev = "ea8b76569c6b226fe148e559477669b095408472";
+ sha256 = "c305a1515d30603f6ed825d44487e863fdc7d90400620ceaf2c335a3b5d1e221";
};
phases = [
@@ -45,4 +45,3 @@ stdenv.mkDerivation {
chmod +x $out/bin/push
'';
}
-
diff --git a/krebs/5pkgs/translate-shell/default.nix b/krebs/5pkgs/translate-shell/default.nix
new file mode 100644
index 000000000..00ab226e5
--- /dev/null
+++ b/krebs/5pkgs/translate-shell/default.nix
@@ -0,0 +1,43 @@
+{stdenv, fetchurl,pkgs,... }:
+let
+ s =
+ rec {
+ baseName="translate-shell";
+ version="0.9.0.9";
+ name="${baseName}-${version}";
+ url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz;
+ sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34";
+ };
+ searchpath = with pkgs; stdenv.lib.makeSearchPath "bin" [
+ fribidi
+ gawk
+ bash
+ curl
+ less
+ ];
+ buildInputs = [
+ pkgs.makeWrapper
+ ];
+in
+stdenv.mkDerivation {
+ inherit (s) name version;
+ inherit buildInputs;
+ src = fetchurl {
+ inherit (s) url sha256;
+ };
+ # TODO: maybe mplayer
+ installPhase = ''
+ mkdir -p $out/bin
+ make PREFIX=$out install
+ wrapProgram $out/bin/trans --suffix PATH : "${searchpath}"
+ '';
+
+ meta = {
+ inherit (s) version;
+ description = ''translate using google api'';
+ license = stdenv.lib.licenses.free;
+ maintainers = [stdenv.lib.maintainers.makefu];
+ platforms = stdenv.lib.platforms.linux ;
+ };
+}
+
diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum
index f1eaa4eab..d43bb0d08 100644
--- a/krebs/Zhosts/gum
+++ b/krebs/Zhosts/gum
@@ -2,7 +2,6 @@ Address= 195.154.108.70
Address= 195.154.108.70 53
Subnet = 10.243.0.211
Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
-Aliases = paste
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
diff --git a/krebs/Zpubkeys/tv_wu.ssh.pub b/krebs/Zpubkeys/tv_wu.ssh.pub
deleted file mode 100644
index b6e2634e8..000000000
--- a/krebs/Zpubkeys/tv_wu.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu
diff --git a/krebs/default.nix b/krebs/default.nix
index 31a7f7d04..bfd6175d9 100644
--- a/krebs/default.nix
+++ b/krebs/default.nix
@@ -84,6 +84,7 @@ let out = {
cat<<EOF
# put following into config.krebs.hosts.$system:
+ ssh.privkey.path = <secrets/ssh.$key_type>;
ssh.pubkey = $(echo $pubkey | jq -R .);
EOF
'';
@@ -178,7 +179,7 @@ let out = {
nix-path =
lib.concatStringsSep ":"
- (lib.mapAttrsToList (name: _: "${name}=/root/${name}")
+ (lib.mapAttrsToList (name: src: "${name}=${src.target-path}")
(config.krebs.build.source.dir //
config.krebs.build.source.git));
in ''
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
new file mode 100644
index 000000000..fb1a57552
--- /dev/null
+++ b/makefu/1systems/filepimp.nix
@@ -0,0 +1,38 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ../2configs/default.nix
+ ../2configs/fs/vm-single-partition.nix
+ ../2configs/fs/single-partition-ext4.nix
+ ../2configs/tinc-basic-retiolum.nix
+ ];
+ krebs.build.host = config.krebs.hosts.filepimp;
+
+ # AMD N54L
+ boot = {
+ loader.grub.device = "/dev/sda";
+
+ initrd.availableKernelModules = [
+ "usb_storage"
+ "ahci"
+ "xhci_hcd"
+ "ata_piix"
+ "uhci_hcd"
+ "ehci_pci"
+ ];
+
+ kernelModules = [ ];
+ extraModulePackages = [ ];
+ };
+
+ hardware.enableAllFirmware = true;
+ hardware.cpu.amd.updateMicrocode = true;
+
+ networking.firewall.allowPing = true;
+}
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index c4fa064b3..85cf4c533 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -7,8 +7,6 @@ let
in {
imports = [
# TODO: copy this config or move to krebs
- ../2configs/base.nix
- ../2configs/base-sources.nix
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
# ../2configs/iodined.nix
@@ -17,11 +15,7 @@ in {
../2configs/Reaktor/simpleExtend.nix
];
- krebs.build = {
- user = config.krebs.users.makefu;
- target = "root@gum.krebsco.de";
- host = config.krebs.hosts.gum;
- };
+ krebs.build.host = config.krebs.hosts.gum;
krebs.Reaktor.enable = true;
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 9c7be3b79..161bfa3e9 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -8,12 +8,12 @@
imports =
[ # Include the results of the hardware scan.
# Base
- ../2configs/base.nix
- ../2configs/base-sources.nix
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
# HW/FS
+
+ # enables virtio kernel modules in initrd
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/fs/vm-single-partition.nix
@@ -43,8 +43,6 @@
};
krebs.build.host = config.krebs.hosts.pnp;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@pnp";
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 97cf86a4e..8624cb2d1 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -6,12 +6,8 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/base.nix
../2configs/main-laptop.nix #< base-gui
- # configures sources
- ../2configs/base-sources.nix
-
# Krebs
../2configs/tinc-basic-retiolum.nix
#../2configs/disable_v6.nix
@@ -23,7 +19,8 @@
../2configs/exim-retiolum.nix
../2configs/mail-client.nix
#../2configs/virtualization.nix
- ../2configs/virtualization-virtualbox.nix
+ ../2configs/virtualization.nix
+ #../2configs/virtualization-virtualbox.nix
../2configs/wwan.nix
# services
@@ -34,16 +31,19 @@
../2configs/hw/tp-x220.nix
# mount points
../2configs/fs/sda-crypto-root-home.nix
+ # ../2configs/mediawiki.nix
+ #../2configs/wordpress.nix
];
- krebs.Reaktor.enable = true;
- krebs.Reaktor.debug = true;
- krebs.Reaktor.nickname = "makefu|r";
+ #krebs.Reaktor.enable = true;
+ #krebs.Reaktor.nickname = "makefu|r";
krebs.build.host = config.krebs.hosts.pornocauster;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@pornocauster";
- environment.systemPackages = with pkgs;[ get ];
+ environment.systemPackages = with pkgs;[
+ get
+ virtmanager
+ gnome3.dconf
+ ];
services.logind.extraConfig = "HandleLidSwitch=ignore";
# configure pulseAudio to provide a HDMI sink as well
diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix
index d98ff17c1..a069cc36f 100644
--- a/makefu/1systems/repunit.nix
+++ b/makefu/1systems/repunit.nix
@@ -8,26 +8,9 @@
imports =
[ # Include the results of the hardware scan.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- ../2configs/base.nix
../2configs/cgit-retiolum.nix
];
krebs.build.host = config.krebs.hosts.repunit;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@repunit";
-
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- #url = https://github.com/makefu/nixpkgs;
- rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
- };
- secrets = {
- url = "/home/makefu/secrets/${config.krebs.build.host.name}";
- };
- stockholm = {
- url = toString ../..;
- };
- };
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
index 3c2bb2eda..990db65d2 100644
--- a/makefu/1systems/tsp.nix
+++ b/makefu/1systems/tsp.nix
@@ -6,7 +6,6 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/base.nix
../2configs/base-gui.nix
../2configs/tinc-basic-retiolum.nix
../2configs/fs/sda-crypto-root.nix
@@ -21,19 +20,9 @@
];
# not working in vm
krebs.build.host = config.krebs.hosts.tsp;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@tsp";
-
networking.firewall.allowedTCPPorts = [
25
];
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- #url = https://github.com/makefu/nixpkgs;
- rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
- };
- };
}
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index c90b84451..ba94972fb 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -8,8 +8,8 @@ let
in {
imports = [
# TODO: copy this config or move to krebs
- ../../tv/2configs/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
+ ../../tv/2configs/hw/CAC.nix
+ ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/unstable-sources.nix
../2configs/headless.nix
../2configs/tinc-basic-retiolum.nix
@@ -23,15 +23,13 @@ in {
# other nginx
../2configs/nginx/euer.wiki.nix
+ ../2configs/nginx/euer.blog.nix
+
# collectd
../2configs/collectd/collectd-base.nix
];
- krebs.build = {
- user = config.krebs.users.makefu;
- target = "root@wry";
- host = config.krebs.hosts.wry;
- };
+ krebs.build.host = config.krebs.hosts.wry;
krebs.Reaktor.enable = true;
@@ -59,6 +57,7 @@ in {
};
};
};
+
networking = {
firewall.allowPing = true;
firewall.allowedTCPPorts = [ 53 80 443 ];
@@ -71,5 +70,5 @@ in {
nameservers = [ "8.8.8.8" ];
};
-
+ environment.systemPackages = [ pkgs.translate-shell ];
}
diff --git a/makefu/2configs/base-sources.nix b/makefu/2configs/base-sources.nix
deleted file mode 100644
index 65c6e8e76..000000000
--- a/makefu/2configs/base-sources.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- system.stateVersion = "15.09";
- krebs.build.source = {
- git.nixpkgs = {
- #url = https://github.com/NixOS/nixpkgs;
- url = https://github.com/makefu/nixpkgs;
- rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine
- };
-
- dir.secrets = {
- host = config.krebs.hosts.pornocauster;
- path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
- };
- dir.stockholm = {
- host = config.krebs.hosts.pornocauster;
- path = toString ../.. ;
- };
- };
-}
diff --git a/makefu/2configs/base.nix b/makefu/2configs/default.nix
similarity index 73%
rename from makefu/2configs/base.nix
rename to makefu/2configs/default.nix
index 4e38c27f8..3d9174788 100644
--- a/makefu/2configs/base.nix
+++ b/makefu/2configs/default.nix
@@ -2,6 +2,8 @@
with lib;
{
+ system.stateVersion = "15.09";
+
imports = [
{
users.extraUsers =
@@ -10,10 +12,36 @@ with lib;
}
./vim.nix
];
- krebs.enable = true;
- krebs.search-domain = "retiolum";
+ krebs = {
+ enable = true;
+ search-domain = "retiolum";
+ build = {
+ target = mkDefault "root@${config.krebs.build.host.name}";
+ user = config.krebs.users.makefu;
+ source = {
+ git.nixpkgs = {
+ #url = https://github.com/NixOS/nixpkgs;
+ url = mkDefault https://github.com/makefu/nixpkgs;
+ rev = mkDefault "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picking
+ target-path = "/var/src/nixpkgs";
+ };
+
+ dir.secrets = {
+ host = config.krebs.hosts.pornocauster;
+ path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
+ };
+
+ dir.stockholm = {
+ host = config.krebs.hosts.pornocauster;
+ path = "/home/makefu/stockholm" ;
+ target-path = "/var/src/stockholm";
+ };
+ };
+ };
+ };
+
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
@@ -56,7 +84,6 @@ with lib;
environment.systemPackages = with pkgs; [
jq
git
- vim
gnumake
rxvt_unicode.terminfo
htop
diff --git a/makefu/2configs/fs/cac-boot-partition.nix b/makefu/2configs/fs/cac-boot-partition.nix
index fdf4b89d8..cec004582 100644
--- a/makefu/2configs/fs/cac-boot-partition.nix
+++ b/makefu/2configs/fs/cac-boot-partition.nix
@@ -18,6 +18,4 @@ with lib;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
- hardware.cpu.amd.updateMicrocode = true;
-
}
diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix
index 54db87547..2bfe26960 100644
--- a/makefu/2configs/fs/sda-crypto-root.nix
+++ b/makefu/2configs/fs/sda-crypto-root.nix
@@ -6,8 +6,8 @@
with lib;
{
boot = {
- loader.grub.enable =true;
- loader.grub.version =2;
+ loader.grub.enable = true;
+ loader.grub.version = 2;
loader.grub.device = "/dev/sda";
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
diff --git a/makefu/2configs/fs/single-partition-ext4.nix b/makefu/2configs/fs/single-partition-ext4.nix
new file mode 100644
index 000000000..1970c949f
--- /dev/null
+++ b/makefu/2configs/fs/single-partition-ext4.nix
@@ -0,0 +1,10 @@
+{config, ...}:
+{
+ boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true;
+ boot.loader.grub.version = 2;
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-label/nixos";
+ fsType = "ext4";
+ };
+}
diff --git a/makefu/2configs/fs/vm-single-partition.nix b/makefu/2configs/fs/vm-single-partition.nix
index 78a5e7175..27e28cb68 100644
--- a/makefu/2configs/fs/vm-single-partition.nix
+++ b/makefu/2configs/fs/vm-single-partition.nix
@@ -3,18 +3,9 @@
# vda1 ext4 (label nixos) -> only root partition
with lib;
{
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
+ imports = [
+ ./single-partition-ext4.nix
+ ];
boot.loader.grub.device = "/dev/vda";
- fileSystems."/" = {
- device = "/dev/disk/by-label/nixos";
- fsType = "ext4";
- };
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
- hardware.cpu.amd.updateMicrocode = true;
-
-
}
diff --git a/makefu/2configs/headless.nix b/makefu/2configs/headless.nix
index 33847c5e1..772ca3771 100644
--- a/makefu/2configs/headless.nix
+++ b/makefu/2configs/headless.nix
@@ -1,4 +1,4 @@
-_:
+{lib,... }:
{
- sound.enable = false;
+ sound.enable = lib.mkForce false;
}
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index aa2fc2050..047895ce6 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -8,6 +8,8 @@ with lib;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
+ hardware.cpu.intel.updateMicrocode = true;
+
zramSwap.enable = true;
zramSwap.numDevices = 2;
diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix
index e97050ec4..c6724c617 100644
--- a/makefu/2configs/nginx/euer.blog.nix
+++ b/makefu/2configs/nginx/euer.blog.nix
@@ -5,14 +5,40 @@ let
sec = toString <secrets>;
ssl_cert = "${sec}/wildcard.krebsco.de.crt";
ssl_key = "${sec}/wildcard.krebsco.de.key";
- hostname = krebs.build.host.name;
+ hostname = config.krebs.build.host.name;
+ user = config.services.nginx.user;
+ group = config.services.nginx.group;
+ external-ip = head config.krebs.build.host.nets.internet.addrs4;
+ internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
+ base-dir = "/var/www/blog.euer";
in {
+ # Prepare Blog directory
+ systemd.services.prepare-euer-blog = {
+ wantedBy = [ "local-fs.target" ];
+ before = [ "nginx.service" ];
+ serviceConfig = {
+ # do nothing if the base dir already exists
+ ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
+ #!/bin/sh
+ if ! test -d "${base-dir}" ;then
+ mkdir -p "${base-dir}"
+ chown ${user}:${group} "${base-dir}"
+ chmod 700 "${base-dir}"
+ fi
+ '';
+ Type = "oneshot";
+ RemainAfterExit = "yes";
+ TimeoutSec = "0";
+ };
+ };
+
krebs.nginx = {
enable = mkDefault true;
servers = {
euer-blog = {
- listen = [ "80" "443 ssl" ];
- server-names = [ "euer.krebsco.de" "euer.blog.krebsco.de" "blog.${hostname}" ];
+ listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
+ "${internal-ip}:80" "${internal-ip}:443 ssl" ];
+ server-names = [ "euer.krebsco.de" "blog.euer.krebsco.de" "blog.${hostname}" ];
extraConfig = ''
gzip on;
gzip_buffers 4 32k;
@@ -22,7 +48,7 @@ in {
default_type text/plain;
'';
locations = singleton (nameValuePair "/" ''
- root /var/www/euer.blog/;
+ root ${base-dir};
'');
};
};
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index fbcfe2047..2b5fa6ead 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -51,18 +51,21 @@ in {
serviceConfig = {
ExecStart = pkgs.writeScript "prepare-tw-service" ''
#!/bin/sh
- mkdir -p "${wiki-dir}" "${backup-dir}"
+ if ! test -d "${base-dir}" ;then
+ mkdir -p "${wiki-dir}" "${backup-dir}"
- # write the base configuration
- cat > "${base-cfg}" <<EOF
+ # write the base configuration
+ cat > "${base-cfg}" <<EOF
[users]
$(cat "${tw-pass-file}")
[directories]
backupdir = ${backup-dir}
savedir = ${wiki-dir}
EOF
- chown -R ${user}:${group} "${base-dir}"
- chmod 700 -R "${base-dir}"
+
+ chown -R ${user}:${group} "${base-dir}"
+ chmod 700 -R "${base-dir}"
+ fi
'';
Type = "oneshot";
RemainAfterExit = "yes";
diff --git a/makefu/2configs/unstable-sources.nix b/makefu/2configs/unstable-sources.nix
index 7bd5f50cb..7a9a8a81c 100644
--- a/makefu/2configs/unstable-sources.nix
+++ b/makefu/2configs/unstable-sources.nix
@@ -1,20 +1,8 @@
-{ config, lib, pkgs, ... }:
+_:
{
- system.stateVersion = "15.09";
- krebs.build.source = {
- git.nixpkgs = {
+ krebs.build.source.git.nixpkgs = {
url = https://github.com/makefu/nixpkgs;
rev = "15b5bbfbd1c8a55e7d9e05dd9058dc102fac04fe"; # cherry-picked collectd
};
-
- dir.secrets = {
- host = config.krebs.hosts.pornocauster;
- path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
- };
- dir.stockholm = {
- host = config.krebs.hosts.pornocauster;
- path = toString ../.. ;
- };
- };
}
diff --git a/null/default.nix b/null/default.nix
new file mode 100644
index 000000000..2eb33a153
--- /dev/null
+++ b/null/default.nix
@@ -0,0 +1 @@
+_:{}
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 73552e705..60d1e8ce8 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -27,7 +27,7 @@ with lib;
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "e916273209560b302ab231606babf5ce1c481f08";
+ rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
};
dir.secrets = {
host = config.krebs.current.host;
diff --git a/shared/2configs/collectd-base.nix b/shared/2configs/collectd-base.nix
index b2ec40b28..3b792bf23 100644
--- a/shared/2configs/collectd-base.nix
+++ b/shared/2configs/collectd-base.nix
@@ -9,7 +9,7 @@ let
ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
Import "collectd_connect_time"
<Module collectd_connect_time>
- target "heidi.retiolum:8080" "localhost" "google.com" "google.de" "omo.retiolum" "gum.retiolum" "gum.krebsco.de"
+ target "localhost:22" "google.com" "google.de" "gum.retiolum:22" "gum.krebsco.de" "heidi.shack:22" "10.42.0.1:22" "heise.de" "t-online.de"
interval 10
</Module>
</Plugin>
@@ -18,7 +18,7 @@ let
LoadPlugin write_graphite
<Plugin "write_graphite">
<Carbon>
- Host "heidi.retiolum"
+ Host "heidi.shack"
Port "2003"
Prefix "retiolum."
EscapeCharacter "_"
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 1122e6a19..10c87b2c6 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -14,11 +14,9 @@ with lib;
rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
};
dir.secrets = {
- host = config.krebs.hosts.wu;
path = "/home/tv/secrets/cd";
};
dir.stockholm = {
- host = config.krebs.hosts.wu;
path = "/home/tv/stockholm";
};
};
@@ -26,7 +24,6 @@ with lib;
imports = [
../2configs/hw/CAC-Developer-2.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
#../2configs/consul-server.nix
../2configs/exim-smarthost.nix
../2configs/git.nix
@@ -118,7 +115,6 @@ with lib;
iftop
iotop
iptables
- mutt # for mv
nethogs
ntp # ntpate
rxvt_unicode.terminfo
@@ -129,17 +125,4 @@ with lib;
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
-
- users.extraUsers = {
- mv = {
- uid = 1338;
- group = "users";
- home = "/home/mv";
- createHome = true;
- useDefaultShell = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.mv.pubkey
- ];
- };
- };
}
diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix
index e8e354197..6ae4f80e8 100644
--- a/tv/1systems/mkdir.nix
+++ b/tv/1systems/mkdir.nix
@@ -17,29 +17,12 @@ in
{
krebs.build.host = config.krebs.hosts.mkdir;
- krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@${primary-addr4}";
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- host = config.krebs.hosts.wu;
- path = "/home/tv/secrets/mkdir";
- };
- dir.stockholm = {
- host = config.krebs.hosts.wu;
- path = "/home/tv/stockholm";
- };
- };
-
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
../2configs/consul-server.nix
../2configs/exim-smarthost.nix
../2configs/git.nix
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index df45b8177..0c6c935a3 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -4,28 +4,11 @@ with lib;
{
krebs.build.host = config.krebs.hosts.nomic;
- krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@nomic.gg23";
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- host = config.krebs.hosts.wu;
- path = "/home/tv/secrets/nomic";
- };
- dir.stockholm = {
- host = config.krebs.hosts.wu;
- path = "/home/tv/stockholm";
- };
- };
-
imports = [
../2configs/hw/AO753.nix
- ../2configs/base.nix
#../2configs/consul-server.nix
../2configs/git.nix
{
diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix
index e24ef64fc..1f1d975c9 100644
--- a/tv/1systems/rmdir.nix
+++ b/tv/1systems/rmdir.nix
@@ -17,29 +17,12 @@ in
{
krebs.build.host = config.krebs.hosts.rmdir;
- krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@rmdir.internet";
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- host = config.krebs.hosts.wu;
- path = "/home/tv/secrets/rmdir";
- };
- dir.stockholm = {
- host = config.krebs.hosts.wu;
- path = "/home/tv/stockholm";
- };
- };
-
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
../2configs/consul-server.nix
../2configs/exim-smarthost.nix
../2configs/git.nix
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 85fba1d8a..3fa5481e2 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -4,28 +4,9 @@ with lib;
{
krebs.build.host = config.krebs.hosts.wu;
- krebs.build.user = config.krebs.users.tv;
-
- krebs.build.target = "root@wu";
-
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- host = config.krebs.hosts.wu;
- path = "/home/tv/secrets/wu";
- };
- dir.stockholm = {
- host = config.krebs.hosts.wu;
- path = "/home/tv/stockholm";
- };
- };
imports = [
../2configs/hw/w110er.nix
- ../2configs/base.nix
#../2configs/consul-client.nix
../2configs/git.nix
../2configs/mail-client.nix
@@ -62,31 +43,24 @@ with lib;
bind # dig
cac
dic
- ff
file
get
- gitAndTools.qgit
gnupg21
haskellPackages.hledger
htop
jq
manpages
mkpasswd
- mpv
netcat
nix-repl
nmap
nq
p7zip
- pavucontrol
posix_man_pages
- pssh
push
qrencode
- sxiv
texLive
tmux
- zathura
#ack
#apache-httpd
@@ -145,6 +119,8 @@ with lib;
#xkill
#xl2tpd
#xsel
+
+ unison
];
}
{
@@ -180,132 +156,6 @@ with lib;
];
};
}
- {
- users.extraGroups = {
- tv.gid = 1337;
- slaves.gid = 3799582008; # genid slaves
- };
-
- users.extraUsers =
- mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
- inherit name;
- home = "/home/${name}";
- createHome = true;
- useDefaultShell = true;
- group = "tv";
- extraGroups = ["slaves"] ++ extraGroups;
- }) {
- ff = {
- uid = 13378001;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- cr = {
- uid = 13378002;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- fa = {
- uid = 2300001;
- };
-
- rl = {
- uid = 2300002;
- };
-
- tief = {
- uid = 2300702;
- };
-
- btc-bitcoind = {
- uid = 2301001;
- };
-
- btc-electrum = {
- uid = 2301002;
- };
-
- ltc-litecoind = {
- uid = 2301101;
- };
-
- eth = {
- uid = 2302001;
- };
-
- emse-hsdb = {
- uid = 4200101;
- };
-
- wine = {
- uid = 13370400;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- df = {
- uid = 13370401;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- xr = {
- uid = 13370061;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- "23" = {
- uid = 13370023;
- };
-
- electrum = {
- uid = 13370102;
- };
-
- skype = {
- uid = 6660001;
- extraGroups = [
- "audio"
- ];
- };
-
- onion = {
- uid = 6660010;
- };
-
- zalora = {
- uid = 1000301;
- extraGroups = [
- "audio"
- # TODO remove vboxusers when hardening is active
- "vboxusers"
- "video"
- ];
- };
- };
-
- security.sudo.extraConfig =
- let
- isSlave = u: elem "slaves" u.extraGroups;
- masterOf = u: u.group;
- slaves = filterAttrs (_: isSlave) config.users.extraUsers;
- toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
- in
- concatMapStringsSep "\n" toSudoers (attrValues slaves);
- }
];
boot.initrd.luks = {
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index e2cc2c06a..1a9dddb55 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -4,28 +4,12 @@ with lib;
{
krebs.build.host = config.krebs.hosts.xu;
- krebs.build.user = config.krebs.users.tv;
- krebs.build.target = "root@xu";
-
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- host = config.krebs.hosts.wu;
- path = "/home/tv/secrets/xu";
- };
- dir.stockholm = {
- host = config.krebs.hosts.wu;
- path = "/home/tv/stockholm";
- };
- };
+ krebs.build.source.git.nixpkgs.rev =
+ "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a";
imports = [
../2configs/hw/x220.nix
- ../2configs/base.nix
#../2configs/consul-client.nix
../2configs/git.nix
../2configs/mail-client.nix
@@ -62,29 +46,23 @@ with lib;
bind # dig
#cac
dic
- ff
file
- gitAndTools.qgit #xserver
gnupg21
haskellPackages.hledger
htop
jq
manpages
mkpasswd
- mpv #xserver
netcat
nix-repl
nmap
nq
p7zip
- pavucontrol #xserver
+ pass
posix_man_pages
- #pssh
qrencode
- sxiv #xserver
texLive
tmux
- zathura #xserver
#ack
#apache-httpd
@@ -142,6 +120,8 @@ with lib;
#xkill
#xl2tpd
#xsel
+
+ unison
];
}
{
@@ -178,135 +158,6 @@ with lib;
];
};
}
- {
- users.extraGroups = {
- tv.gid = 1337;
- slaves.gid = 3799582008; # genid slaves
- };
-
- users.extraUsers =
- mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
- inherit name;
- home = "/home/${name}";
- createHome = true;
- useDefaultShell = true;
- group = "tv";
- extraGroups = ["slaves"] ++ extraGroups;
- }) {
- ff = {
- uid = 13378001;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- cr = {
- uid = 13378002;
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- fa = {
- uid = 2300001;
- };
-
- rl = {
- uid = 2300002;
- };
-
- tief = {
- uid = 2300702;
- };
-
- btc-bitcoind = {
- uid = 2301001;
- };
-
- btc-electrum = {
- uid = 2301002;
- };
-
- ltc-litecoind = {
- uid = 2301101;
- };
-
- eth = {
- uid = 2302001;
- };
-
- emse-hsdb = {
- uid = 4200101;
- };
-
- wine = {
- uid = 13370400;
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- df = {
- uid = 13370401;
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- xr = {
- uid = 13370061;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- "23" = {
- uid = 13370023;
- };
-
- electrum = {
- uid = 13370102;
- };
-
- skype = {
- uid = 6660001;
- extraGroups = [
- "audio"
- ];
- };
-
- onion = {
- uid = 6660010;
- };
-
- zalora = {
- uid = 1000301;
- extraGroups = [
- "audio"
- # TODO remove vboxusers when hardening is active
- "vboxusers"
- "video"
- ];
- };
- };
-
- security.sudo.extraConfig =
- let
- isSlave = u: elem "slaves" u.extraGroups;
- masterOf = u: u.group;
- slaves = filterAttrs (_: isSlave) config.users.extraUsers;
- toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
- in
- concatMapStringsSep "\n" toSudoers (attrValues slaves);
- }
];
boot.initrd.luks = {
diff --git a/tv/2configs/base.nix b/tv/2configs/default.nix
similarity index 70%
rename from tv/2configs/base.nix
rename to tv/2configs/default.nix
index 41159690d..6ed1c65f9 100644
--- a/tv/2configs/base.nix
+++ b/tv/2configs/default.nix
@@ -1,14 +1,33 @@
{ config, lib, pkgs, ... }:
-with builtins;
with lib;
{
krebs.enable = true;
+ krebs.build = {
+ user = config.krebs.users.tv;
+ target = mkDefault "root@${config.krebs.build.host.name}";
+ source = {
+ git.nixpkgs = {
+ url = mkDefault https://github.com/NixOS/nixpkgs;
+ rev = mkDefault "c44a593aa43bba6a0708f6f36065a514a5110613";
+ target-path = mkDefault "/var/src/nixpkgs";
+ };
+ dir.secrets = {
+ path = mkDefault "/home/tv/secrets/${config.krebs.build.host.name}";
+ };
+ dir.stockholm = {
+ path = mkDefault "/home/tv/stockholm";
+ target-path = mkDefault "/var/src/stockholm";
+ };
+ };
+ };
+
networking.hostName = config.krebs.build.host.name;
imports = [
+ <secrets>
./vim.nix
{
# stockholm dependencies
@@ -17,36 +36,14 @@ with lib;
];
}
{
- # TODO never put hashedPassword into the store
- users.extraUsers =
- mapAttrs (_: h: { hashedPassword = h; })
- (import <secrets/hashedPasswords.nix>);
- }
- {
- users.defaultUserShell = "/run/current-system/sw/bin/bash";
- users.mutableUsers = false;
- }
- {
- users.extraUsers = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.tv.pubkey
- ];
- };
- tv = {
- uid = 1337;
- group = "users";
- home = "/home/tv";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- "audio"
- "video"
- "wheel"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.tv.pubkey
- ];
+ users = {
+ defaultUserShell = "/run/current-system/sw/bin/bash";
+ mutableUsers = false;
+ users = {
+ tv = {
+ isNormalUser = true;
+ uid = 1337;
+ };
};
};
}
@@ -69,22 +66,8 @@ with lib;
nix.useChroot = true;
}
{
- # oldvim
- environment.systemPackages = with pkgs; [
- vim
- ];
+ environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
- environment.etc."vim/vimrc".text = ''
- set nocp
- '';
-
- environment.etc."vim/vim${majmin pkgs.vim.version}".source =
- "${pkgs.vim}/share/vim/vim${majmin pkgs.vim.version}";
-
- environment.variables.EDITOR = mkForce "vim";
- environment.variables.VIM = "/etc/vim";
- }
- {
environment.systemPackages = with pkgs; [
rxvt_unicode.terminfo
];
@@ -107,6 +90,15 @@ with lib;
view = "vim -R";
};
+ environment.variables = {
+ NIX_PATH =
+ with config.krebs.build.source; with dir; with git;
+ mkForce (concatStringsSep ":" [
+ "nixpkgs=${nixpkgs.target-path}"
+ "secrets=${stockholm.target-path}/null"
+ ]);
+ };
+
programs.bash = {
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 8c6c9fb45..04b1480c1 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -50,6 +50,8 @@ let
set wildmenu
set wildmode=longest,full
+ set et ts=2 sts=2 sw=2
+
filetype plugin indent on
set t_Co=256
@@ -64,9 +66,10 @@ let
au BufRead,BufNewFile *.nix so ${pkgs.writeText "nix.vim" ''
setf nix
+ set isk=@,48-57,_,192-255,-,'
" Ref <nix/src/libexpr/lexer.l>
- syn match INT /[0-9]\+/
+ syn match INT /\<[0-9]\+\>/
syn match PATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match HPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match SPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
@@ -77,8 +80,8 @@ let
hi link SPATH Constant
hi link URI Constant
- syn match String /"\([^"]\|\\\"\)*"/
- syn match Comment /\s#.*/
+ syn match String /"\([^\\"]\|\\.\)*"/
+ syn match Comment /\(^\|\s\)#.*/
''}
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 4d2fe9e45..afc2d699c 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -34,7 +34,14 @@ let
};
environment.systemPackages = [
+ pkgs.ff
+ pkgs.gitAndTools.qgit
+ pkgs.mpv
+ pkgs.pavucontrol
pkgs.slock
+ pkgs.sxiv
+ pkgs.xsel
+ pkgs.zathura
];
security.setuidPrograms = [
@@ -70,14 +77,6 @@ let
ExecStart = "${xserver}/bin/xserver";
};
};
-
- programs.bash.interactiveShellInit = ''
- case ''${XMONAD_SPAWN_WORKSPACE-} in
- za|zh|zj|zs)
- exec sudo -u zalora -i
- ;;
- esac
- '';
};
xmonad-environment = {
diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix
index 1ca5e70a2..2108d972c 100644
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@@ -1,6 +1,16 @@
{ pkgs, ... }:
{
+ cr = pkgs.writeScriptBin "cr" ''
+ #! /bin/sh
+ set -efu
+ export LC_TIME=de_DE.utf8
+ exec ${pkgs.chromium}/bin/chromium \
+ --ssl-version-min=tls1 \
+ --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
+ --disk-cache-size=50000000 \
+ "%@"
+ '';
ff = pkgs.callPackage ./ff {};
viljetic-pages = pkgs.callPackage ./viljetic-pages {};
xmonad-tv =