Merge remote-tracking branch 'prism/master' (despite bad style)
This commit is contained in:
commit
3f3c12dcd0
|
@ -1,13 +1,15 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
# bln config file
|
||||
{
|
||||
imports =
|
||||
[ <stockholm/jeschli>
|
||||
<stockholm/jeschli/2configs/virtualbox.nix>
|
||||
<stockholm/jeschli/2configs/urxvt.nix>
|
||||
<stockholm/jeschli/2configs/emacs.nix>
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
<stockholm/jeschli>
|
||||
<stockholm/jeschli/2configs/virtualbox.nix>
|
||||
<stockholm/jeschli/2configs/urxvt.nix>
|
||||
<stockholm/jeschli/2configs/emacs.nix>
|
||||
<stockholm/jeschli/2configs/xdg.nix>
|
||||
<stockholm/jeschli/2configs/xserver>
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
@ -91,18 +93,17 @@
|
|||
services.printing.drivers = [ pkgs.postscript-lexmark ];
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver.enable = true;
|
||||
services.xserver.videoDrivers = [ "nvidia" ];
|
||||
|
||||
services.xserver.windowManager.xmonad.enable = true;
|
||||
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
|
||||
services.xserver.displayManager.sddm.enable = true;
|
||||
services.xserver.dpi = 100;
|
||||
fonts.fontconfig.dpi = 100;
|
||||
# services.xserver.windowManager.xmonad.enable = true;
|
||||
# services.xserver.windowManager.xmonad.enableContribAndExtras = true;
|
||||
# services.xserver.displayManager.sddm.enable = true;
|
||||
# services.xserver.dpi = 100;
|
||||
# fonts.fontconfig.dpi = 100;
|
||||
|
||||
users.extraUsers.jeschli = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["docker" "vboxusers"];
|
||||
extraGroups = ["docker" "vboxusers" "audio"];
|
||||
uid = 1000;
|
||||
};
|
||||
|
||||
|
@ -122,15 +123,17 @@
|
|||
|
||||
# DCSO Certificates
|
||||
security.pki.certificateFiles = [
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
|
||||
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
|
||||
];
|
||||
|
||||
|
||||
hardware.bluetooth.enable = true;
|
||||
krebs.build.host = config.krebs.hosts.bln;
|
||||
}
|
||||
|
|
|
@ -30,4 +30,6 @@
|
|||
|
||||
nix.maxJobs = lib.mkDefault 8;
|
||||
powerManagement.cpuFreqGovernor = "powersave";
|
||||
|
||||
hardware.pulseaudio.enable = true;
|
||||
}
|
||||
|
|
|
@ -6,6 +6,8 @@
|
|||
./hardware-configuration.nix
|
||||
<stockholm/jeschli/2configs/urxvt.nix>
|
||||
<stockholm/jeschli/2configs/emacs.nix>
|
||||
<stockholm/jeschli/2configs/xdg.nix>
|
||||
<stockholm/jeschli/2configs/xserver>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.brauerei;
|
||||
|
@ -57,7 +59,6 @@
|
|||
terminator
|
||||
tmux
|
||||
wget
|
||||
# rxvt_unicode
|
||||
# editors
|
||||
emacs
|
||||
# internet
|
||||
|
@ -65,6 +66,7 @@
|
|||
chromium
|
||||
google-chrome
|
||||
# programming languages
|
||||
exercism
|
||||
go
|
||||
gcc
|
||||
ghc
|
||||
|
@ -73,6 +75,9 @@
|
|||
# go tools
|
||||
golint
|
||||
gotools
|
||||
# rust
|
||||
cargo
|
||||
rustc
|
||||
# dev tools
|
||||
gnumake
|
||||
jetbrains.pycharm-professional
|
||||
|
@ -105,8 +110,8 @@
|
|||
# services.printing.enable = true;
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver.enable = true;
|
||||
services.xserver.layout = "us";
|
||||
# services.xserver.enable = true;
|
||||
# services.xserver.layout = "us";
|
||||
# services.xserver.xkbOptions = "eurosign:e";
|
||||
|
||||
# Enable touchpad support.
|
||||
|
@ -115,18 +120,18 @@
|
|||
# Enable the KDE Desktop Environment.
|
||||
# services.xserver.displayManager.sddm.enable = true;
|
||||
# services.xserver.desktopManager.plasma5.enable = true;
|
||||
services.xserver.displayManager.sddm.enable = true;
|
||||
services.xserver.windowManager.xmonad.enable = true;
|
||||
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
|
||||
#
|
||||
# services.xserver.displayManager.sddm.enable = true;
|
||||
# services.xserver.windowManager.xmonad.enable = true;
|
||||
# services.xserver.windowManager.xmonad.enableContribAndExtras = true;
|
||||
#
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
users.extraUsers.jeschli = {
|
||||
users.extraUsers.jeschli = { # TODO: define as krebs.users
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
};
|
||||
users.extraUsers.jamie = {
|
||||
isNormalUser = true;
|
||||
uid = 1001;
|
||||
uid = 1001; # TODO genid
|
||||
};
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
|
@ -139,4 +144,11 @@
|
|||
# should.
|
||||
system.stateVersion = "17.09"; # Did you read the comment?
|
||||
|
||||
hardware.trackpoint = {
|
||||
enable = true;
|
||||
sensitivity = 220;
|
||||
speed = 0;
|
||||
emulateWheel = true;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -31,6 +31,7 @@ let
|
|||
(scroll-bar-mode -1) ; Disable scroll bar
|
||||
(setq inhibit-startup-screen t) ; Disable startup screen with graphics
|
||||
(setq-default indent-tabs-mode nil) ; Use spaces instead of tabs
|
||||
(setq default-tab-width 2) ; Two spaces is a tab
|
||||
(setq tab-width 2) ; Four spaces is a tab
|
||||
(setq visible-bell nil) ; Disable annoying visual bell graphic
|
||||
(setq ring-bell-function 'ignore) ; Disable super annoying audio bell
|
||||
|
@ -45,30 +46,26 @@ let
|
|||
(setq org-agenda-files (quote ("~/projects/notes")))
|
||||
)
|
||||
'';
|
||||
emacsFile = ''
|
||||
${packageRepos}
|
||||
${windowCosmetics}
|
||||
(custom-set-variables
|
||||
;; custom-set-variables was added by Custom.
|
||||
;; If you edit it by hand, you could mess it up, so be careful.
|
||||
;; Your init file should contain only one such instance.
|
||||
;; If there is more than one, they won't work right.
|
||||
'(inhibit-startup-screen t)
|
||||
'(org-agenda-files nil)
|
||||
'(package-selected-packages
|
||||
(quote
|
||||
(smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme))))
|
||||
${orgMode}
|
||||
recentFiles = ''
|
||||
(recentf-mode 1)
|
||||
(setq recentf-max-menu-items 25)
|
||||
(global-set-key "\C-x\ \C-r" 'recentf-open-files)
|
||||
'';
|
||||
dotEmacs = pkgs.writeText "dot-emacs" emacsFile;
|
||||
emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [
|
||||
dotEmacs = pkgs.writeText "dot-emacs" ''
|
||||
${packageRepos}
|
||||
${orgMode}
|
||||
${recentFiles}
|
||||
${windowCosmetics}
|
||||
'';
|
||||
emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [
|
||||
epkgs.melpaStablePackages.magit
|
||||
epkgs.melpaPackages.mmm-mode
|
||||
epkgs.melpaPackages.nix-mode
|
||||
epkgs.melpaPackages.go-mode
|
||||
epkgs.melpaPackages.google-this
|
||||
]);
|
||||
myEmacs = pkgs.writeDashBin "my-emacs" ''
|
||||
exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@"
|
||||
exec ${emacsWithCustomPackages}/bin/emacs -q -l ${dotEmacs} "$@"
|
||||
'';
|
||||
in {
|
||||
environment.systemPackages = [
|
||||
|
|
14
jeschli/2configs/xdg.nix
Normal file
14
jeschli/2configs/xdg.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME";
|
||||
|
||||
systemd.tmpfiles.rules = let
|
||||
forUsers = flip map users;
|
||||
isUser = { name, group, ... }:
|
||||
name == "root" || hasSuffix "users" group;
|
||||
users = filter isUser (mapAttrsToList (_: id) config.users.users);
|
||||
in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -");
|
||||
}
|
27
jeschli/2configs/xserver/Xmodmap.nix
Normal file
27
jeschli/2configs/xserver/Xmodmap.nix
Normal file
|
@ -0,0 +1,27 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
pkgs.writeText "Xmodmap" ''
|
||||
!keycode 66 = Caps_Lock
|
||||
!remove Lock = Caps_Lock
|
||||
clear Lock
|
||||
|
||||
! caps lock
|
||||
keycode 66 = Mode_switch
|
||||
|
||||
keycode 13 = 4 dollar EuroSign cent
|
||||
keycode 30 = u U udiaeresis Udiaeresis
|
||||
keycode 32 = o O odiaeresis Odiaeresis
|
||||
keycode 38 = a A adiaeresis Adiaeresis
|
||||
keycode 39 = s S ssharp
|
||||
|
||||
keycode 33 = p P Greek_pi Greek_PI
|
||||
keycode 46 = l L Greek_lambda Greek_LAMBDA
|
||||
|
||||
keycode 54 = c C cacute Cacute
|
||||
|
||||
! BULLET OPERATOR
|
||||
keycode 17 = 8 asterisk U2219
|
||||
keycode 27 = r R r U211D
|
||||
''
|
56
jeschli/2configs/xserver/Xresources.nix
Normal file
56
jeschli/2configs/xserver/Xresources.nix
Normal file
|
@ -0,0 +1,56 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
pkgs.writeText "Xresources" /* xdefaults */ ''
|
||||
Xcursor.theme: aero-large-drop
|
||||
Xcursor.size: 128
|
||||
Xft.dpi: 144
|
||||
|
||||
URxvt*cutchars: "\\`\"'&()*,;<=>?@[]^{|}‘’"
|
||||
URxvt*eightBitInput: false
|
||||
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
|
||||
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
|
||||
URxvt*scrollBar: false
|
||||
URxvt*background: #050505
|
||||
URxvt*foreground: #d0d7d0
|
||||
URxvt*cursorColor: #f042b0
|
||||
URxvt*cursorColor2: #f0b000
|
||||
URxvt*cursorBlink: off
|
||||
URxvt*jumpScroll: true
|
||||
URxvt*allowSendEvents: false
|
||||
URxvt*charClass: 33:48,37:48,45-47:48,64:48,38:48,61:48,63:48
|
||||
URxvt*cutNewline: False
|
||||
URxvt*cutToBeginningOfLine: False
|
||||
|
||||
URxvt*color0: #232342
|
||||
URxvt*color3: #c07000
|
||||
URxvt*color4: #4040c0
|
||||
URxvt*color7: #c0c0c0
|
||||
URxvt*color8: #707070
|
||||
URxvt*color9: #ff6060
|
||||
URxvt*color10: #70ff70
|
||||
URxvt*color11: #ffff70
|
||||
URxvt*color12: #7070ff
|
||||
URxvt*color13: #ff50ff
|
||||
URxvt*color14: #70ffff
|
||||
URxvt*color15: #ffffff
|
||||
|
||||
URxvt*iso14755: False
|
||||
|
||||
URxvt*urgentOnBell: True
|
||||
URxvt*visualBell: True
|
||||
|
||||
! ref https://github.com/muennich/urxvt-perls
|
||||
URxvt*perl-ext: default,url-select
|
||||
URxvt*keysym.M-u: perl:url-select:select_next
|
||||
URxvt*url-select.underline: true
|
||||
URxvt*colorUL: #4682B4
|
||||
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
|
||||
URxvt*saveLines: 10000
|
||||
|
||||
root-urxvt*background: #230000
|
||||
root-urxvt*foreground: #e0c0c0
|
||||
root-urxvt*BorderColor: #400000
|
||||
root-urxvt*color0: #800000
|
||||
''
|
144
jeschli/2configs/xserver/default.nix
Normal file
144
jeschli/2configs/xserver/default.nix
Normal file
|
@ -0,0 +1,144 @@
|
|||
{ config, pkgs, ... }@args:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
cfg = {
|
||||
cacheDir = cfg.dataDir;
|
||||
configDir = "/var/empty";
|
||||
dataDir = "/run/xdg/${cfg.user.name}/xmonad";
|
||||
user = config.krebs.users.jeschli;
|
||||
};
|
||||
in {
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.font-size
|
||||
pkgs.gitAndTools.qgit
|
||||
pkgs.mpv
|
||||
pkgs.sxiv
|
||||
pkgs.xdotool
|
||||
pkgs.xsel
|
||||
pkgs.zathura
|
||||
];
|
||||
|
||||
fonts.fonts = [
|
||||
pkgs.xlibs.fontschumachermisc
|
||||
];
|
||||
|
||||
# TODO dedicated group, i.e. with a single user [per-user-setuid]
|
||||
# TODO krebs.setuid.slock.path vs /run/wrappers/bin
|
||||
krebs.setuid.slock = {
|
||||
filename = "${pkgs.slock}/bin/slock";
|
||||
group = "wheel";
|
||||
envp = {
|
||||
DISPLAY = ":${toString config.services.xserver.display}";
|
||||
USER = cfg.user.name;
|
||||
};
|
||||
};
|
||||
|
||||
services.xserver = {
|
||||
|
||||
# Don't install feh into systemPackages
|
||||
# refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
|
||||
desktopManager.session = mkForce [];
|
||||
|
||||
enable = true;
|
||||
display = 11;
|
||||
tty = 11;
|
||||
|
||||
dpi = 200;
|
||||
|
||||
videoDrivers = [ "nvidia" ];
|
||||
synaptics = {
|
||||
enable = true;
|
||||
twoFingerScroll = true;
|
||||
accelFactor = "0.035";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.display-manager.enable = false;
|
||||
|
||||
systemd.services.xmonad = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "xserver.service" ];
|
||||
environment = {
|
||||
DISPLAY = ":${toString config.services.xserver.display}";
|
||||
|
||||
XMONAD_CACHE_DIR = cfg.cacheDir;
|
||||
XMONAD_CONFIG_DIR = cfg.configDir;
|
||||
XMONAD_DATA_DIR = cfg.dataDir;
|
||||
|
||||
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
|
||||
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
|
||||
${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} &
|
||||
${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} &
|
||||
${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
|
||||
wait
|
||||
'';
|
||||
|
||||
# XXX JSON is close enough :)
|
||||
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
|
||||
"dashboard" # we start here
|
||||
"stockholm"
|
||||
"pycharm"
|
||||
"chromium"
|
||||
"iRC"
|
||||
"git"
|
||||
"hipbird"
|
||||
]);
|
||||
};
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "xmonad";
|
||||
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [
|
||||
"\${XMONAD_CACHE_DIR}"
|
||||
"\${XMONAD_CONFIG_DIR}"
|
||||
"\${XMONAD_DATA_DIR}"
|
||||
]}";
|
||||
ExecStart = "${pkgs.xmonad-jeschli}/bin/xmonad";
|
||||
ExecStop = "${pkgs.xmonad-jeschli}/bin/xmonad --shutdown";
|
||||
User = cfg.user.name;
|
||||
WorkingDirectory = cfg.user.home;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.xserver = {
|
||||
after = [
|
||||
"systemd-udev-settle.service"
|
||||
"local-fs.target"
|
||||
"acpid.service"
|
||||
];
|
||||
reloadIfChanged = true;
|
||||
environment = {
|
||||
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
|
||||
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
|
||||
LD_LIBRARY_PATH = concatStringsSep ":" (
|
||||
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
|
||||
++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
|
||||
};
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "xserver";
|
||||
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
|
||||
ExecStart = toString [
|
||||
"${pkgs.xorg.xorgserver}/bin/X"
|
||||
":${toString config.services.xserver.display}"
|
||||
"vt${toString config.services.xserver.tty}"
|
||||
"-config ${import ./xserver.conf.nix args}"
|
||||
"-logfile /dev/null -logverbose 0 -verbose 3"
|
||||
"-nolisten tcp"
|
||||
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.urxvtd = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
reloadIfChanged = true;
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "urxvtd";
|
||||
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
|
||||
ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
|
||||
Restart = "always";
|
||||
RestartSec = "2s";
|
||||
StartLimitBurst = 0;
|
||||
User = cfg.user.name;
|
||||
};
|
||||
};
|
||||
}
|
40
jeschli/2configs/xserver/xserver.conf.nix
Normal file
40
jeschli/2configs/xserver/xserver.conf.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
cfg = config.services.xserver;
|
||||
in
|
||||
|
||||
pkgs.stdenv.mkDerivation {
|
||||
name = "xserver.conf";
|
||||
|
||||
xfs = optionalString (cfg.useXFS != false)
|
||||
''FontPath "${toString cfg.useXFS}"'';
|
||||
|
||||
inherit (cfg) config;
|
||||
|
||||
buildCommand =
|
||||
''
|
||||
echo 'Section "Files"' >> $out
|
||||
echo $xfs >> $out
|
||||
|
||||
for i in ${toString config.fonts.fonts}; do
|
||||
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
|
||||
for j in $(find $i -name fonts.dir); do
|
||||
echo " FontPath \"$(dirname $j)\"" >> $out
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
||||
for i in $(find ${toString cfg.modules} -type d); do
|
||||
if test $(echo $i/*.so* | wc -w) -ne 0; then
|
||||
echo " ModulePath \"$i\"" >> $out
|
||||
fi
|
||||
done
|
||||
|
||||
echo 'EndSection' >> $out
|
||||
|
||||
echo "$config" >> $out
|
||||
'';
|
||||
}
|
|
@ -53,8 +53,8 @@
|
|||
eval $(dircolors -b ${pkgs.fetchFromGitHub {
|
||||
owner = "trapd00r";
|
||||
repo = "LS_COLORS";
|
||||
rev = "master";
|
||||
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
|
||||
rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
|
||||
sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
|
||||
}}/LS_COLORS)
|
||||
|
||||
#beautiful colors
|
||||
|
|
11
jeschli/5pkgs/default.nix
Normal file
11
jeschli/5pkgs/default.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
with import <stockholm/lib>;
|
||||
|
||||
self: super:
|
||||
|
||||
# Import files and subdirectories like they are overlays.
|
||||
foldl' mergeAttrs {}
|
||||
(map
|
||||
(name: import (./. + "/${name}") self super)
|
||||
(filter
|
||||
(name: name != "default.nix" && !hasPrefix "." name)
|
||||
(attrNames (readDir ./.))))
|
24
jeschli/5pkgs/simple/default.nix
Normal file
24
jeschli/5pkgs/simple/default.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
with import <stockholm/lib>;
|
||||
|
||||
self: super:
|
||||
|
||||
let
|
||||
# This callPackage will try to detect obsolete overrides.
|
||||
callPackage = path: args: let
|
||||
override = self.callPackage path args;
|
||||
upstream = optionalAttrs (override ? "name")
|
||||
(super.${(parseDrvName override.name).name} or {});
|
||||
in if upstream ? "name" &&
|
||||
override ? "name" &&
|
||||
compareVersions upstream.name override.name != -1
|
||||
then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
|
||||
else override;
|
||||
in
|
||||
|
||||
listToAttrs
|
||||
(map
|
||||
(name: nameValuePair (removeSuffix ".nix" name)
|
||||
(callPackage (./. + "/${name}") {}))
|
||||
(filter
|
||||
(name: name != "default.nix" && !hasPrefix "." name)
|
||||
(attrNames (readDir ./.))))
|
296
jeschli/5pkgs/simple/xmonad-jeschli/default.nix
Normal file
296
jeschli/5pkgs/simple/xmonad-jeschli/default.nix
Normal file
|
@ -0,0 +1,296 @@
|
|||
{ pkgs, ... }:
|
||||
pkgs.writeHaskell "xmonad-jeschli" {
|
||||
executables.xmonad = {
|
||||
extra-depends = [
|
||||
"containers"
|
||||
"extra"
|
||||
"unix"
|
||||
"X11"
|
||||
"xmonad"
|
||||
"xmonad-contrib"
|
||||
"xmonad-stockholm"
|
||||
];
|
||||
text = /* haskell */ ''
|
||||
{-# LANGUAGE DeriveDataTypeable #-} -- for XS
|
||||
{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
|
||||
{-# LANGUAGE LambdaCase #-}
|
||||
{-# LANGUAGE ScopedTypeVariables #-}
|
||||
|
||||
|
||||
module Main where
|
||||
|
||||
import Control.Exception
|
||||
import Control.Monad.Extra (whenJustM)
|
||||
import Graphics.X11.ExtraTypes.XF86
|
||||
import Text.Read (readEither)
|
||||
import XMonad
|
||||
import System.IO (hPutStrLn, stderr)
|
||||
import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv)
|
||||
import System.Posix.Process (executeFile)
|
||||
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
|
||||
, removeEmptyWorkspace)
|
||||
import XMonad.Actions.GridSelect
|
||||
import XMonad.Actions.CycleWS (toggleWS)
|
||||
--import XMonad.Actions.CopyWindow ( copy )
|
||||
import XMonad.Layout.NoBorders ( smartBorders )
|
||||
import qualified XMonad.StackSet as W
|
||||
import Data.Map (Map)
|
||||
import qualified Data.Map as Map
|
||||
-- TODO import XMonad.Layout.WorkspaceDir
|
||||
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
|
||||
-- import XMonad.Layout.Tabbed
|
||||
--import XMonad.Layout.MouseResizableTile
|
||||
import XMonad.Layout.Reflect (reflectVert)
|
||||
import XMonad.Layout.FixedColumn (FixedColumn(..))
|
||||
import XMonad.Hooks.Place (placeHook, smart)
|
||||
import XMonad.Hooks.FloatNext (floatNextHook)
|
||||
import XMonad.Hooks.SetWMName
|
||||
import XMonad.Actions.PerWorkspaceKeys (chooseAction)
|
||||
import XMonad.Layout.PerWorkspace (onWorkspace)
|
||||
--import XMonad.Layout.BinarySpacePartition
|
||||
|
||||
--import XMonad.Actions.Submap
|
||||
import XMonad.Stockholm.Pager
|
||||
import XMonad.Stockholm.Rhombus
|
||||
import XMonad.Stockholm.Shutdown
|
||||
|
||||
|
||||
amixerPath :: FilePath
|
||||
amixerPath = "${pkgs.alsaUtils}/bin/amixer"
|
||||
|
||||
urxvtcPath :: FilePath
|
||||
urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc"
|
||||
|
||||
myFont :: String
|
||||
myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
|
||||
|
||||
main :: IO ()
|
||||
main = getArgs >>= \case
|
||||
["--shutdown"] -> sendShutdownEvent
|
||||
_ -> mainNoArgs
|
||||
|
||||
mainNoArgs :: IO ()
|
||||
mainNoArgs = do
|
||||
workspaces0 <- getWorkspaces0
|
||||
xmonad
|
||||
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
|
||||
-- urgencyConfig { remindWhen = Every 1 }
|
||||
-- $ withUrgencyHook borderUrgencyHook "magenta"
|
||||
-- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never }
|
||||
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
|
||||
$ def
|
||||
{ terminal = urxvtcPath
|
||||
, modMask = mod4Mask
|
||||
, keys = myKeys
|
||||
, workspaces = workspaces0
|
||||
, layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full
|
||||
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
|
||||
--, handleEventHook = handleTimerEvent
|
||||
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
|
||||
, startupHook = do
|
||||
setWMName "LG3D"
|
||||
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
|
||||
(\path -> forkFile path [] Nothing)
|
||||
, normalBorderColor = "#1c1c1c"
|
||||
, focusedBorderColor = "#f000b0"
|
||||
, handleEventHook = handleShutdownEvent
|
||||
}
|
||||
|
||||
|
||||
getWorkspaces0 :: IO [String]
|
||||
getWorkspaces0 =
|
||||
try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
|
||||
Left e -> warn (displaySomeException e)
|
||||
Right p -> try (readFile p) >>= \case
|
||||
Left e -> warn (displaySomeException e)
|
||||
Right x -> case readEither x of
|
||||
Left e -> warn e
|
||||
Right y -> return y
|
||||
where
|
||||
warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
|
||||
|
||||
displaySomeException :: SomeException -> String
|
||||
displaySomeException = displayException
|
||||
|
||||
|
||||
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
|
||||
forkFile path args env =
|
||||
xfork (executeFile path False args env) >> return ()
|
||||
|
||||
spawnRootTerm :: X ()
|
||||
spawnRootTerm =
|
||||
forkFile
|
||||
urxvtcPath
|
||||
["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"]
|
||||
Nothing
|
||||
|
||||
spawnTermAt :: String -> X ()
|
||||
spawnTermAt ws = do
|
||||
env <- liftIO getEnvironment
|
||||
let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env
|
||||
forkFile urxvtcPath [] (Just env')
|
||||
|
||||
myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ())
|
||||
myKeys conf = Map.fromList $
|
||||
[ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing)
|
||||
, ((_4S , xK_c ), kill)
|
||||
|
||||
, ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing)
|
||||
|
||||
, ((_4 , xK_x ), chooseAction spawnTermAt)
|
||||
, ((_4C , xK_x ), spawnRootTerm)
|
||||
|
||||
--, ((_4 , xK_F1 ), withFocused jojo)
|
||||
--, ((_4 , xK_F1 ), printAllGeometries)
|
||||
|
||||
, ((0 , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
|
||||
, ((_S , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
|
||||
, ((_C , xK_Print ), toggleWS)
|
||||
, ((_4 , xK_Print ), rhombus horseConfig (liftIO . hPutStrLn stderr) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] )
|
||||
|
||||
-- %! Rotate through the available layout algorithms
|
||||
, ((_4 , xK_space ), sendMessage NextLayout)
|
||||
, ((_4S , xK_space ), setLayout $ XMonad.layoutHook conf) -- reset layout
|
||||
|
||||
---- BinarySpacePartition
|
||||
--, ((_4 , xK_l), sendMessage $ ExpandTowards R)
|
||||
--, ((_4 , xK_h), sendMessage $ ExpandTowards L)
|
||||
--, ((_4 , xK_j), sendMessage $ ExpandTowards D)
|
||||
--, ((_4 , xK_k), sendMessage $ ExpandTowards U)
|
||||
--, ((_4S , xK_l), sendMessage $ ShrinkFrom R)
|
||||
--, ((_4S , xK_h), sendMessage $ ShrinkFrom L)
|
||||
--, ((_4S , xK_j), sendMessage $ ShrinkFrom D)
|
||||
--, ((_4S , xK_k), sendMessage $ ShrinkFrom U)
|
||||
--, ((_4 , xK_n), sendMessage Rotate)
|
||||
--, ((_4S , xK_n), sendMessage Swap)
|
||||
|
||||
---- mouseResizableTile
|
||||
--, ((_4 , xK_u), sendMessage ShrinkSlave)
|
||||
--, ((_4 , xK_i), sendMessage ExpandSlave)
|
||||
|
||||
-- move focus up or down the window stack
|
||||
--, ((_4 , xK_m ), windows W.focusMaster)
|
||||
, ((_4 , xK_j ), windows W.focusDown)
|
||||
, ((_4 , xK_k ), windows W.focusUp)
|
||||
|
||||
-- modifying the window order
|
||||
, ((_4S , xK_m ), windows W.swapMaster)
|
||||
, ((_4S , xK_j ), windows W.swapDown)
|
||||
, ((_4S , xK_k ), windows W.swapUp)
|
||||
|
||||
-- resizing the master/slave ratio
|
||||
, ((_4 , xK_h ), sendMessage Shrink) -- %! Shrink the master area
|
||||
, ((_4 , xK_l ), sendMessage Expand) -- %! Expand the master area
|
||||
|
||||
-- floating layer support
|
||||
, ((_4 , xK_t ), withFocused $ windows . W.sink) -- make tiling
|
||||
|
||||
-- increase or decrease number of windows in the master area
|
||||
, ((_4 , xK_comma ), sendMessage $ IncMasterN 1)
|
||||
, ((_4 , xK_period ), sendMessage $ IncMasterN (-1))
|
||||
|
||||
, ((_4 , xK_a ), addWorkspacePrompt def)
|
||||
, ((_4 , xK_r ), renameWorkspace def)
|
||||
, ((_4 , xK_Delete ), removeEmptyWorkspace)
|
||||
|
||||
, ((_4 , xK_Return ), toggleWS)
|
||||
--, (0 , xK_Print ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view)
|
||||
--, (_4 , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view)
|
||||
--, (_4S , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.shift)
|
||||
--, (_4 , xK_b ) & \k -> (k, goToSelected wGSConfig { gs_navigate = makeGSNav k })
|
||||
, ((noModMask, xF86XK_AudioLowerVolume), amixer ["sset", "Master", "5%-"])
|
||||
, ((noModMask, xF86XK_AudioRaiseVolume), amixer ["sset", "Master", "5%+"])
|
||||
, ((noModMask, xF86XK_AudioMute), amixer ["sset", "Master", "toggle"])
|
||||
]
|
||||
where
|
||||
_4 = mod4Mask
|
||||
_C = controlMask
|
||||
_S = shiftMask
|
||||
_M = mod1Mask
|
||||
_4C = _4 .|. _C
|
||||
_4S = _4 .|. _S
|
||||
_4M = _4 .|. _M
|
||||
_4CM = _4 .|. _C .|. _M
|
||||
_4SM = _4 .|. _S .|. _M
|
||||
|
||||
amixer args = forkFile amixerPath args Nothing
|
||||
|
||||
|
||||
pagerConfig :: PagerConfig
|
||||
pagerConfig = def
|
||||
{ pc_font = myFont
|
||||
, pc_cellwidth = 256
|
||||
--, pc_cellheight = 36 -- TODO automatically keep screen aspect
|
||||
--, pc_borderwidth = 1
|
||||
--, pc_matchcolor = "#f0b000"
|
||||
, pc_matchmethod = MatchPrefix
|
||||
--, pc_colors = pagerWorkspaceColors
|
||||
, pc_windowColors = windowColors
|
||||
}
|
||||
where
|
||||
windowColors _ _ _ True _ = ("#ef4242","#ff2323")
|
||||
windowColors wsf m c u wf = do
|
||||
let y = defaultWindowColors wsf m c u wf
|
||||
if m == False && wf == True
|
||||
then ("#402020", snd y)
|
||||
else y
|
||||
|
||||
horseConfig :: RhombusConfig
|
||||
horseConfig = def
|
||||
{ rc_font = myFont
|
||||
, rc_cellwidth = 64
|
||||
--, rc_cellheight = 36 -- TODO automatically keep screen aspect
|
||||
--, rc_borderwidth = 1
|
||||
--, rc_matchcolor = "#f0b000"
|
||||
, rc_matchmethod = MatchPrefix
|
||||
--, rc_colors = pagerWorkspaceColors
|
||||
--, rc_paint = myPaint
|
||||
}
|
||||
|
||||
wGSConfig :: GSConfig Window
|
||||
wGSConfig = def
|
||||
{ gs_cellheight = 20
|
||||
, gs_cellwidth = 192
|
||||
, gs_cellpadding = 5
|
||||
, gs_font = myFont
|
||||
, gs_navigate = navNSearch
|
||||
}
|
||||
|
||||
-- wsGSConfig = def
|
||||
-- { gs_cellheight = 20
|
||||
-- , gs_cellwidth = 64
|
||||
-- , gs_cellpadding = 5
|
||||
-- , gs_font = myFont
|
||||
-- , gs_navigate = navNSearch
|
||||
-- }
|
||||
|
||||
-- custom navNSearch
|
||||
--makeGSNav :: (KeyMask, KeySym) -> TwoD a (Maybe a)
|
||||
--makeGSNav esc = nav
|
||||
-- where
|
||||
-- nav = makeXEventhandler $ shadowWithKeymap keyMap navNSearchDefaultHandler
|
||||
-- keyMap = Map.fromList
|
||||
-- [ (esc , cancel)
|
||||
-- , ((0,xK_Escape) , cancel)
|
||||
-- , ((0,xK_Return) , select)
|
||||
-- , ((0,xK_Left) , move (-1, 0) >> nav)
|
||||
-- , ((0,xK_Right) , move ( 1, 0) >> nav)
|
||||
-- , ((0,xK_Down) , move ( 0, 1) >> nav)
|
||||
-- , ((0,xK_Up) , move ( 0,-1) >> nav)
|
||||
-- , ((0,xK_BackSpace) , transformSearchString (\s -> if (s == "") then "" else init s) >> nav)
|
||||
-- ]
|
||||
-- -- The navigation handler ignores unknown key symbols, therefore we const
|
||||
-- navNSearchDefaultHandler (_,s,_) = do
|
||||
-- transformSearchString (++ s)
|
||||
-- nav
|
||||
|
||||
|
||||
(&) :: a -> (a -> c) -> c
|
||||
(&) = flip ($)
|
||||
|
||||
allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
|
||||
allWorkspaceNames ws =
|
||||
return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -1,9 +1,9 @@
|
|||
_:
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
../krebs
|
||||
./2configs
|
||||
# ./3modules
|
||||
# ./5pkgs
|
||||
];
|
||||
|
||||
nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
|
||||
}
|
||||
|
|
|
@ -1,41 +0,0 @@
|
|||
with import <stockholm/lib>;
|
||||
{ config, pkgs, ... }: let
|
||||
|
||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
|
||||
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/krebs>
|
||||
<stockholm/krebs/2configs>
|
||||
<stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix>
|
||||
|
||||
<stockholm/krebs/2configs/secret-passwords.nix>
|
||||
{
|
||||
users.extraUsers = {
|
||||
satan = {
|
||||
name = "satan";
|
||||
uid = 1338;
|
||||
home = "/home/satan";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
initialPassword = "test";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.hope;
|
||||
|
||||
networking = let
|
||||
address = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
in {
|
||||
defaultGateway = bestGuessGateway address;
|
||||
interfaces.enp2s1.ip4 = singleton {
|
||||
inherit address;
|
||||
prefixLength = 24;
|
||||
};
|
||||
nameservers = ["8.8.8.8"];
|
||||
};
|
||||
}
|
|
@ -1,3 +0,0 @@
|
|||
import <stockholm/krebs/source.nix> {
|
||||
name = "hope";
|
||||
}
|
|
@ -21,4 +21,5 @@
|
|||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
|
||||
environment.variables.NIX_REMOTE = "daemon";
|
||||
}
|
||||
|
|
|
@ -1,33 +1,34 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
# :l <nixpkgs>
|
||||
# builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
|
||||
imports = [
|
||||
<stockholm/krebs>
|
||||
<stockholm/krebs/2configs>
|
||||
{ # minimal disk usage
|
||||
environment.noXlibs = true;
|
||||
{ # flag to rebuild everything yourself:
|
||||
# environment.noXlibs = true;
|
||||
|
||||
# minimal disk usage
|
||||
nix.gc.automatic = true;
|
||||
nix.gc.dates = "03:10";
|
||||
programs.info.enable = false;
|
||||
programs.man.enable = false;
|
||||
services.journald.extraConfig = "SystemMaxUse=50M";
|
||||
documentation.man.enable = false;
|
||||
documentation.info.enable = false;
|
||||
services.nixosManual.enable = false;
|
||||
services.journald.extraConfig = "SystemMaxUse=50M";
|
||||
}
|
||||
];
|
||||
krebs.build.host = config.krebs.hosts.onebutton;
|
||||
# NixOS wants to enable GRUB by default
|
||||
boot.loader.grub.enable = false;
|
||||
|
||||
# Enables the generation of /boot/extlinux/extlinux.conf
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
|
||||
# !!! If your board is a Raspberry Pi 1, select this:
|
||||
boot.kernelPackages = pkgs.linuxPackages_rpi;
|
||||
|
||||
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
|
||||
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
|
||||
|
||||
# !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
|
||||
# boot.kernelParams = ["cma=32M"];
|
||||
|
||||
fileSystems = {
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/NIXOS_BOOT";
|
||||
|
@ -41,4 +42,7 @@
|
|||
|
||||
swapDevices = [ { device = "/swapfile"; size = 1024; } ];
|
||||
services.openssh.enable = true;
|
||||
|
||||
networking.wireless.enable = true;
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
{
|
||||
krebs.newsbot-js.news-spam = {
|
||||
urlShortenerHost = "go.lassul.us";
|
||||
feeds = pkgs.writeText "feeds" ''
|
||||
[SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
|
||||
[SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
|
||||
|
@ -120,7 +121,7 @@
|
|||
[SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews
|
||||
[SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews
|
||||
[SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews
|
||||
[SPAM]shackspace|http://blog.shackspace.de/?feed=rss2|#snews
|
||||
[SPAM]shackspace|http://shackspace.de/atom.xml|#snews
|
||||
[SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews
|
||||
[SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews
|
||||
[SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
painload|https://github.com/krebscode/painload/commits/master.atom|#news
|
||||
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
|
||||
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
|
||||
shackspace|http://blog.shackspace.de/?feed=rss2|#news
|
||||
shackspace|http://shackspace.de/atom.xml|#news
|
||||
tinc|http://tinc-vpn.org/news/index.rss|#news
|
||||
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
|
||||
weechat|http://dev.weechat.org/feed/atom|#news
|
||||
|
|
|
@ -2,8 +2,56 @@
|
|||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
pkg = pkgs.stdenv.mkDerivation {
|
||||
name = "worlddomination-2018-04-21";
|
||||
src = pkgs.fetchgit {
|
||||
url = "https://github.com/shackspace/worlddomination/";
|
||||
rev = "1b32403b9";
|
||||
sha256 = "10x7aiil13k3x9wqy95mi1ys999d6fxg5sys3jwv7a1p930gkl1i";
|
||||
};
|
||||
buildInputs = [
|
||||
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
|
||||
docopt
|
||||
LinkHeader
|
||||
aiocoap
|
||||
grequests
|
||||
paramiko
|
||||
python
|
||||
]))
|
||||
];
|
||||
installPhase = ''
|
||||
install -m755 -D backend/push_led.py $out/bin/push-led
|
||||
install -m755 -D backend/loop_single.py $out/bin/loop-single
|
||||
# copy the provided file to the package
|
||||
install -m755 -D backend/wd.lst $out/${wdpath}
|
||||
'';
|
||||
};
|
||||
pythonPackages = pkgs.python3Packages;
|
||||
# https://github.com/chrysn/aiocoap
|
||||
grequests = pythonPackages.buildPythonPackage rec {
|
||||
pname = "grequests";
|
||||
version = "0.3.1";
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "kennethreitz";
|
||||
repo = "grequests";
|
||||
rev = "d1e70eb";
|
||||
sha256 = "0drfx4fx65k0g5sj0pw8z3q1s0sp7idn2yz8xfb45nd6v82i37hc";
|
||||
};
|
||||
|
||||
doCheck = false;
|
||||
|
||||
propagatedBuildInputs = with pythonPackages; [ requests gevent ];
|
||||
|
||||
meta = with lib;{
|
||||
description = "Asynchronous HTTP requests";
|
||||
homepage = https://github.com/kennethreitz/grequests;
|
||||
license = with licenses; [ bsd2 ];
|
||||
maintainers = with maintainers; [ matejc ];
|
||||
};
|
||||
};
|
||||
|
||||
aiocoap = pythonPackages.buildPythonPackage {
|
||||
name = "aiocoap-0.3";
|
||||
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
|
||||
|
@ -25,32 +73,9 @@ let
|
|||
description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";
|
||||
};
|
||||
};
|
||||
pkg = pkgs.stdenv.mkDerivation {
|
||||
name = "worlddomination-2017-06-10";
|
||||
src = pkgs.fetchgit {
|
||||
url = "https://github.com/shackspace/worlddomination/";
|
||||
rev = "72fc9b5";
|
||||
sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf";
|
||||
};
|
||||
buildInputs = [
|
||||
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
|
||||
docopt
|
||||
LinkHeader
|
||||
aiocoap
|
||||
requests
|
||||
paramiko
|
||||
python
|
||||
]))
|
||||
];
|
||||
installPhase = ''
|
||||
install -m755 -D backend/push_led.py $out/bin/push-led
|
||||
install -m755 -D backend/loop_single.py $out/bin/loop-single
|
||||
# copy the provided file to the package
|
||||
install -m755 -D backend/wd.lst $out/${wdpath}
|
||||
'';
|
||||
};
|
||||
wdpath = "/usr/worlddomination/wd.lst";
|
||||
esphost = "10.42.24.7"; # esp8266
|
||||
afrihost = "10.42.25.201"; # africa
|
||||
timeout = 10; # minutes
|
||||
in {
|
||||
systemd.services.worlddomination = {
|
||||
|
@ -64,4 +89,16 @@ in {
|
|||
PermissionsStartOnly = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.worlddomination-africa = {
|
||||
description = "run worlddomination africa";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = "nobody"; # TODO separate user
|
||||
ExecStart = "${pkg}/bin/push-led ${afrihost} ${pkg}/${wdpath} loop ${toString timeout}";
|
||||
Restart = "always";
|
||||
PrivateTmp = true;
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -30,38 +30,6 @@ let
|
|||
});
|
||||
in {
|
||||
hosts = {
|
||||
hope = {
|
||||
ci = true;
|
||||
owner = config.krebs.users.krebs;
|
||||
nets = {
|
||||
internet = {
|
||||
ip4.addr = "45.62.225.18";
|
||||
aliases = [
|
||||
"hope.i"
|
||||
];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.77.4";
|
||||
ip6.addr = "42:0:0:0:0:0:77:4";
|
||||
aliases = [
|
||||
"hope.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5
|
||||
uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a
|
||||
2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4
|
||||
A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK
|
||||
fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC
|
||||
K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/";
|
||||
};
|
||||
hotdog = {
|
||||
ci = true;
|
||||
owner = config.krebs.users.krebs;
|
||||
|
|
|
@ -9,6 +9,7 @@ with import <stockholm/lib>;
|
|||
hosts = mapAttrs (_: recursiveUpdate {
|
||||
owner = config.krebs.users.lass;
|
||||
ci = true;
|
||||
monitoring = true;
|
||||
}) {
|
||||
dishfire = {
|
||||
cores = 4;
|
||||
|
@ -43,39 +44,6 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
|
||||
};
|
||||
echelon = {
|
||||
cores = 2;
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "64.137.242.41";
|
||||
aliases = [
|
||||
"echelon.i"
|
||||
];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.206.103";
|
||||
ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763";
|
||||
aliases = [
|
||||
"echelon.r"
|
||||
"cgit.echelon.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ
|
||||
oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX
|
||||
MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f
|
||||
4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA
|
||||
n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p
|
||||
do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
|
||||
};
|
||||
prism = rec {
|
||||
cores = 4;
|
||||
extraZones = {
|
||||
|
@ -86,14 +54,18 @@ with import <stockholm/lib>;
|
|||
"lassul.us" = ''
|
||||
$TTL 3600
|
||||
@ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300)
|
||||
60 IN NS ns16.ovh.net.
|
||||
60 IN NS dns16.ovh.net.
|
||||
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
60 IN TXT v=spf1 mx a:lassul.us -all
|
||||
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
io 60 IN NS ions.lassul.us.
|
||||
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
60 IN NS ns16.ovh.net.
|
||||
60 IN NS dns16.ovh.net.
|
||||
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
60 IN TXT v=spf1 mx a:lassul.us -all
|
||||
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
|
||||
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
|
||||
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
io 60 IN NS ions.lassul.us.
|
||||
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
nets = rec {
|
||||
|
@ -149,6 +121,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
domsen-nas = {
|
||||
ci = false;
|
||||
monitoring = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
internet = {
|
||||
|
@ -161,6 +134,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
uriel = {
|
||||
monitoring = false;
|
||||
cores = 1;
|
||||
nets = {
|
||||
gg23 = {
|
||||
|
@ -399,10 +373,12 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
|
||||
};
|
||||
iso = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
cores = 1;
|
||||
};
|
||||
sokrateslaptop = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
|
@ -426,6 +402,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
turingmachine = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
|
@ -454,6 +431,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
eddie = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
|
@ -494,6 +472,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
borg = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
|
@ -521,6 +500,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
inspector = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
|
@ -552,6 +532,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
dpdkm = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
|
@ -659,6 +640,37 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
|
||||
};
|
||||
red = {
|
||||
monitoring = false;
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.13";
|
||||
ip6.addr = "42:0:0:0:0:0:0:12ed";
|
||||
aliases = [
|
||||
"red.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG
|
||||
4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF
|
||||
Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI
|
||||
phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0
|
||||
FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox
|
||||
TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa
|
||||
mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w
|
||||
oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE
|
||||
cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ
|
||||
7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa
|
||||
5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW
|
||||
ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
|
||||
};
|
||||
};
|
||||
users = {
|
||||
lass = {
|
||||
|
@ -686,6 +698,7 @@ with import <stockholm/lib>;
|
|||
lass-icarus = {
|
||||
mail = "lass@icarus.r";
|
||||
pubkey = builtins.readFile ./ssh/icarus.rsa;
|
||||
pgp.pubkeys.default = builtins.readFile ./pgp/icarus.pgp;
|
||||
};
|
||||
lass-xerxes = {
|
||||
mail = "lass@xerxes.r";
|
||||
|
|
51
krebs/3modules/lass/pgp/icarus.pgp
Normal file
51
krebs/3modules/lass/pgp/icarus.pgp
Normal file
|
@ -0,0 +1,51 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFpqAGEBEADWiwVYVFXuK9kM7Y1XFL70jb2ZAZBRIpcZF81URMDFhm6ulvHq
|
||||
fEhXTpiKKmfnv5Mz6r6wAWLJFKOKZuEvg8NwplRrlBHMkR3iEx4+7sP/dVey7U6f
|
||||
+gI61ytFHTOKr52gstPVdXO3xhNmdrAI1hFuF2DxoXKloz8tPP92dZcCdm7+5C+2
|
||||
KSYEBrIp/Zv1cjkbAFwek5y4ut65sBh/VM+RhSLbqwzyCxwfBE9QAJdIEiSmChql
|
||||
Lcz6CToYrdXhOY0ykx+QhT092k/6Xh66JeZ63WVHGrF+SSabq5NNcbWi7EISioHd
|
||||
N6JXZmbXMpS/BxgMe145e3mWnd3KOSeOxaiORqev8VOycjRQJfSm8Ky+GtWIyxp7
|
||||
rwEHbY8vlG2X9RMW5UxVmSRPWLykZoX0Xvmnrpwcohb5WdkuCp9NjqF0gDswU8do
|
||||
bCqASfeWBvJAQkoAlMLU7YH+ymmeQcSVdLy4Jpv1fk5FocQBihTBnC1+ztt7Rm8m
|
||||
8VGEpH1h174/z4Xn+bCkRZqopl9GlvpilLT8m8N8jdL7QLZJlQwrHVtima8Rg3XZ
|
||||
TriW1Ha/NxHZ8nN7pbisqXHCrJB0szzu++yVeQ7Ebr7HA0tIHqDhqVR0s6a1g5AX
|
||||
JYI8vCErowhvPf+BVCUYfmh5dJAY6tt9zrvCneaZ7ogPzOH9kRnZXYi7ZQARAQAB
|
||||
tBZpY2FydXMgPGxhc3NAaWNhcnVzLnI+iQJOBBMBCAA4FiEEbimq9dgDayT9DrQy
|
||||
FSODpr2bDFMFAlpqAGECGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQFSOD
|
||||
pr2bDFNVohAAiY6Pp4whrAIKwNkzqLkUl2SyQCVSGOce906jthKSixdfaUORZPdD
|
||||
AnyYUmPyVpWxKYjZl7IfmDDo7D6m21tP8FxCRK8/oYAtz3uRK5b5sb0/5YR77O9+
|
||||
s65sNhU8jiHetUEHQ0Z9UJKfm1DpanJ37uIhVcye8BC8OuSD0v0s+hZ+2ZaN1qdn
|
||||
qqCkujAILxOWo1ZDqpXfHaV11AotzlgyYmxlXzClsLB0SGhU7HUZesKETn3JUmrV
|
||||
88kkpug8gn9MpTSPDIWsTeNUWpNhqdDRA+2TUygtpQSKzJC8sdkFaWkMrH3cF6wA
|
||||
BZ+4tS2mRMQWq9BNMK+xnkWPvYO9e6v4ddXtlcVgGTUhSo+opCXza3dcXE5Xbv8x
|
||||
a1T5HJSV0HQPTrlAUoXZveu7ZgYVO5SOTCm1jBNKX8WCmvO6yJRalxo9N/d6gswq
|
||||
tKAGm9tlXpTXnG6tvebmSxjzjVwjbQMDJGy4Cj4bw0GGCdapDFrPidUDY/INmU7D
|
||||
TWtNsAJlJRuu7ddxIVTspZ7rmDBAOhYzXxGuU3ntZFTiFm9BpCmHYWpeQ5EKuxhJ
|
||||
mgxzC9wKDoS8NRKwt5ak/mX0vpXkJjF2Lrza0wCAZ1ZYWFNaehEwhNT51s9kZIi3
|
||||
w1v2z8xmu7VDq/n2sMRtMe7MVIOh1Nu7l/5Uqeb+EYnEc1NGZsFxcYK5Ag0EWmoA
|
||||
YQEQALMaaF9HeDpeqDjDpxanjjIz4YXMZoMkXwrLS/Rn2mobG5lJzxU+1AkwXxTD
|
||||
K45A0YHWsnAH1S8V9Gx+NlUMS/S/m9BruSXNohUKARIJLbltEM/EufOThjgfhW0Y
|
||||
cLorZ1kOSZvORR9+Ctuq/RcvGFwyLB/4OpcGHUezTIcAkLUo0lKPS4HtT2ogSUIx
|
||||
UstAMwEOSQIDR6sDDiS0BXNdlkKK6daLpH+snQMGP+ILAyRHGu1MlYkACDQZa5aP
|
||||
9vpany7zC9Ls7vaewCevZCUJfs00VF72pdCRdBV8oPQqwPfhS+uSCV58WwWCqHTq
|
||||
8PtxCVVzQdngOvScRvjrijtzlseyyTW3w9DPoDsQ16oM3y0kcnnv2hdfTVuv4+YK
|
||||
9fVRIrWEAlU3cxud7iws9+vUO9GwyWy+epFLiCgNgJR/RVIIjcHUExn/XAcFStjw
|
||||
QtW+3BxjYmdJpsh5wvmMJSMZDJFMEdKYPm4RI7ZfKVwl6yFeJt3hNkLxxF7k2fXB
|
||||
84pIvl03hXA3tRQ5t46wS7L2EPlWT00+MCraczvbIS+SX1nCp4ZXLBs0YmicioBS
|
||||
Os0zEtVs+80eWMf86MTT7YLwre4t+QRbM/RyIvJFTqBT3ad7/7ZMyEuVJBwDJlpx
|
||||
LGwZGa6zwnbzcf8Us4kAIRzQoK8VOg/xC/ymJYCk3oJCKD9RABEBAAGJAjYEGAEI
|
||||
ACAWIQRuKar12ANrJP0OtDIVI4OmvZsMUwUCWmoAYQIbDAAKCRAVI4OmvZsMU1vw
|
||||
EACDJDmZR5BIPxwr9+1Z5ZgT7XcBUbu4F2w84J3xqCUYqcti6I4lSMtxfw94crMp
|
||||
HoexOVOhvoTneIliv0a4ZSu84u4CGoFn4M7RA0Ka1SVvbuasXf57sVwRptXjr3LL
|
||||
f/0olra5rkIyZbsvKm0g2N/bfmCfmtOClFDst2yK/FovW5PJBRx2mT38qBhHG8j2
|
||||
P7zG0/vO846FxjAGvOMGlEVGmN+R9BeecomOKsKgvUbsycAwzZi/2vWAUGbJBYjx
|
||||
Yd+K8wjPE8g5CumxaLSH/dlY/0BOZygjank+aHLrwMtNnplYVJmmqDhdbgwN6DDk
|
||||
cCQNLQyk61IdhtZ7UzJyFTkXnXiirrO4WzL6GJjunNzvcTUAU5vNiG+2he1GdxZF
|
||||
WiLRrcC+oIMWVST8fNRwJZU+Ibw/UIfEV/rHau0fJlxZatks7Qd8gjxSHIyElUVj
|
||||
CYrizbFPZ85IhkCirX2tvhycK/nseAYjDuJkJIp3Io0sl3cQ9M8Kx790LUbYzNC4
|
||||
bZn8vA1YwTr1ny3+vEhMhaaVSTeVrWYV8023kwzcLRWra7F1hJcc9+LNmqHvXR67
|
||||
uBW2KPIrXKrjJmGkMVBSrf9PJu5jNfvCWOntck7C7xOWoUcgyt3uTpP7FkHVdolh
|
||||
HFNPouS3w0HoB20zdCpmyFNs6Rjhey2r5JIttd6ATVRVYA==
|
||||
=gJia
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -539,6 +539,7 @@ with import <stockholm/lib>;
|
|||
dl.euer IN A ${nets.internet.ip4.addr}
|
||||
boot.euer IN A ${nets.internet.ip4.addr}
|
||||
wiki.euer IN A ${nets.internet.ip4.addr}
|
||||
mon.euer IN A ${nets.internet.ip4.addr}
|
||||
graph IN A ${nets.internet.ip4.addr}
|
||||
ghook IN A ${nets.internet.ip4.addr}
|
||||
dockerhub IN A ${nets.internet.ip4.addr}
|
||||
|
|
|
@ -93,6 +93,7 @@ let
|
|||
User = "newsbot-js";
|
||||
Restart = "always";
|
||||
ExecStart = "${newsbot.package}/bin/newsbot";
|
||||
WatchdogSec = "86400";
|
||||
};
|
||||
}
|
||||
) cfg;
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
krebs-source = {
|
||||
nixpkgs.git = {
|
||||
ref = "4b4bbce199d3b3a8001ee93495604289b01aaad3";
|
||||
ref = "b50443b5c4ac0f382c49352a892b9d5d970eb4e7";
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
};
|
||||
stockholm.file = toString ../.;
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/games.nix>
|
||||
<stockholm/lass/2configs/bitcoin.nix>
|
||||
<stockholm/lass/2configs/AP.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.cabal;
|
||||
|
|
|
@ -8,9 +8,9 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/boot/coreboot.nix>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/games.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
{
|
||||
# bubsy config
|
||||
users.users.bubsy = {
|
||||
|
|
|
@ -1,50 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway;
|
||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix>
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||
<stockholm/lass/2configs/git.nix>
|
||||
{
|
||||
networking.interfaces.enp2s1.ip4 = [
|
||||
{
|
||||
address = ip;
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
networking.defaultGateway = getDefaultGateway ip;
|
||||
networking.nameservers = [
|
||||
"8.8.8.8"
|
||||
];
|
||||
|
||||
}
|
||||
{
|
||||
sound.enable = false;
|
||||
}
|
||||
{
|
||||
users.extraUsers = {
|
||||
satan = {
|
||||
name = "satan";
|
||||
uid = 1338;
|
||||
home = "/home/satan";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.echelon;
|
||||
}
|
|
@ -17,6 +17,7 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/dcso-dev.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
<stockholm/lass/2configs/rtl-sdr.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
{ # automatic hardware detection
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
|
@ -137,35 +138,14 @@ with import <stockholm/lib>;
|
|||
networking.hostName = lib.mkForce "BLN02NB0162";
|
||||
|
||||
security.pki.certificateFiles = [
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
|
||||
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
|
||||
(pkgs.writeText "minio.cert" ''
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS
|
||||
MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1
|
||||
OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
||||
AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL
|
||||
8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV
|
||||
YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C
|
||||
ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM
|
||||
CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw
|
||||
hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk
|
||||
MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw
|
||||
I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB
|
||||
CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30
|
||||
hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox
|
||||
jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY
|
||||
EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM
|
||||
zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a
|
||||
qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa
|
||||
-----END CERTIFICATE-----
|
||||
'')
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
|
||||
];
|
||||
|
||||
programs.adb.enable = true;
|
||||
|
|
|
@ -14,9 +14,10 @@
|
|||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/games.nix>
|
||||
<stockholm/lass/2configs/bitcoin.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
<stockholm/lass/2configs/wine.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.icarus;
|
||||
|
@ -33,4 +34,13 @@
|
|||
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
|
||||
'';
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
macchanger
|
||||
dpass
|
||||
];
|
||||
services.redshift = {
|
||||
enable = true;
|
||||
provider = "geoclue2";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
{
|
||||
users.users.blacky = {
|
||||
|
|
|
@ -33,10 +33,13 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/ableton.nix>
|
||||
<stockholm/lass/2configs/dunst.nix>
|
||||
<stockholm/lass/2configs/rtl-sdr.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
{
|
||||
#risk of rain port
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
#risk of rain
|
||||
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
|
||||
#chromecast
|
||||
{ predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
|
@ -140,6 +143,8 @@ with import <stockholm/lib>;
|
|||
dpass
|
||||
|
||||
dnsutils
|
||||
woeusb
|
||||
l-gen-secrets
|
||||
generate-secrets
|
||||
(pkgs.writeDashBin "btc-coinbase" ''
|
||||
${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount'
|
||||
|
@ -186,6 +191,10 @@ with import <stockholm/lib>;
|
|||
programs.adb.enable = true;
|
||||
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
||||
virtualisation.docker.enable = true;
|
||||
services.redshift = {
|
||||
enable = true;
|
||||
provider = "geoclue2";
|
||||
};
|
||||
|
||||
lass.restic = genAttrs [
|
||||
"daedalus"
|
||||
|
|
|
@ -104,6 +104,7 @@ in {
|
|||
];
|
||||
}
|
||||
{ # TODO make new hfos.nix out of this vv
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
users.users.riot = {
|
||||
uid = genid "riot";
|
||||
isNormalUser = true;
|
||||
|
@ -189,26 +190,6 @@ in {
|
|||
localAddress = "10.233.2.2";
|
||||
};
|
||||
}
|
||||
{
|
||||
#kaepsele
|
||||
systemd.services."container@kaepsele".reloadIfChanged = mkForce false;
|
||||
containers.kaepsele = {
|
||||
config = { ... }: {
|
||||
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
lass.pubkey
|
||||
tv.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = true;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.3";
|
||||
localAddress = "10.233.2.4";
|
||||
};
|
||||
}
|
||||
{
|
||||
#onondaga
|
||||
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
|
||||
|
@ -237,13 +218,12 @@ in {
|
|||
<stockholm/lass/2configs/repo-sync.nix>
|
||||
<stockholm/lass/2configs/binary-cache/server.nix>
|
||||
<stockholm/lass/2configs/iodined.nix>
|
||||
<stockholm/lass/2configs/monitoring/server.nix>
|
||||
<stockholm/lass/2configs/monitoring/monit-alarms.nix>
|
||||
<stockholm/lass/2configs/paste.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
<stockholm/lass/2configs/reaktor-coders.nix>
|
||||
<stockholm/lass/2configs/ciko.nix>
|
||||
<stockholm/lass/2configs/container-networking.nix>
|
||||
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
|
||||
{ # quasi bepasty.nix
|
||||
imports = [
|
||||
<stockholm/lass/2configs/bepasty.nix>
|
||||
|
@ -324,6 +304,78 @@ in {
|
|||
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
<stockholm/lass/2configs/go.nix>
|
||||
{
|
||||
environment.systemPackages = [ pkgs.cryptsetup ];
|
||||
systemd.services."container@red".reloadIfChanged = mkForce false;
|
||||
containers.red = {
|
||||
config = { ... }: {
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = false;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.3";
|
||||
localAddress = "10.233.2.4";
|
||||
};
|
||||
services.nginx.virtualHosts."rote-allez-fraktion.de" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
proxy_set_header Host rote-allez-fraktion.de;
|
||||
proxy_pass http://10.233.2.4;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ <stockholm/lass/2configs/backup.nix> ];
|
||||
lass.restic = genAttrs [
|
||||
"daedalus"
|
||||
"icarus"
|
||||
"littleT"
|
||||
"mors"
|
||||
"shodan"
|
||||
"skynet"
|
||||
] (dest: {
|
||||
dirs = [
|
||||
"/home/chat/.weechat"
|
||||
"/bku/sql_dumps"
|
||||
];
|
||||
passwordFile = (toString <secrets>) + "/restic/${dest}";
|
||||
repo = "sftp:backup@${dest}.r:/backups/prism";
|
||||
extraArguments = [
|
||||
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
|
||||
];
|
||||
timerConfig = {
|
||||
OnCalendar = "00:05";
|
||||
RandomizedDelaySec = "5h";
|
||||
};
|
||||
});
|
||||
}
|
||||
{
|
||||
users.users.download.openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
|
||||
];
|
||||
}
|
||||
{
|
||||
lass.nichtparasoup.enable = true;
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."lol.lassul.us" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".extraConfig = ''
|
||||
proxy_pass http://localhost:5001;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.prism;
|
||||
|
|
31
lass/1systems/red/config.nix
Normal file
31
lass/1systems/red/config.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
with import <stockholm/lib>;
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
|
||||
servephpBB
|
||||
;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/websites>
|
||||
<stockholm/lass/2configs/websites/sqlBackup.nix>
|
||||
(servephpBB [ "rote-allez-fraktion.de" ])
|
||||
];
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.red;
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
|
||||
services.nginx.enable = true;
|
||||
environment.variables.NIX_REMOTE = "daemon";
|
||||
environment.systemPackages = [
|
||||
pkgs.mk_sql_pair
|
||||
];
|
||||
}
|
|
@ -1,3 +1,4 @@
|
|||
import <stockholm/lass/source.nix> {
|
||||
name = "echelon";
|
||||
name = "red";
|
||||
secure = true;
|
||||
}
|
|
@ -15,9 +15,9 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/wine.nix>
|
||||
<stockholm/lass/2configs/bitcoin.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.shodan;
|
||||
|
|
|
@ -9,7 +9,6 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/retiolum.nix>
|
||||
#<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
{
|
||||
# discordius config
|
||||
services.xserver.enable = true;
|
||||
|
|
|
@ -2,10 +2,4 @@ with import <stockholm/lib>;
|
|||
import <stockholm/lass/source.nix> {
|
||||
name = "xerxes";
|
||||
secure = true;
|
||||
override = {
|
||||
nixpkgs.git = mkForce {
|
||||
url = https://github.com/lassulus/nixpkgs;
|
||||
ref = "3eccd0b";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
77
lass/2configs/AP.nix
Normal file
77
lass/2configs/AP.nix
Normal file
|
@ -0,0 +1,77 @@
|
|||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
wifi = "wlp0s29u1u2";
|
||||
in {
|
||||
boot.extraModulePackages = [
|
||||
pkgs.linuxPackages.rtl8814au
|
||||
];
|
||||
networking.networkmanager.unmanaged = [ wifi ];
|
||||
|
||||
systemd.services.hostapd = {
|
||||
description = "hostapd wireless AP";
|
||||
path = [ pkgs.hostapd ];
|
||||
wantedBy = [ "network.target" ];
|
||||
|
||||
after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" ''
|
||||
interface=${wifi}
|
||||
hw_mode=a
|
||||
channel=36
|
||||
ieee80211d=1
|
||||
country_code=DE
|
||||
ieee80211n=1
|
||||
ieee80211ac=1
|
||||
wmm_enabled=1
|
||||
|
||||
# 5ghz
|
||||
ssid=krebsing
|
||||
auth_algs=1
|
||||
wpa=2
|
||||
wpa_key_mgmt=WPA-PSK
|
||||
rsn_pairwise=CCMP
|
||||
wpa_passphrase=aidsballz
|
||||
''}";
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
|
||||
networking.interfaces.${wifi}.ipv4.addresses = [
|
||||
{ address = "10.99.0.1"; prefixLength = 24; }
|
||||
];
|
||||
services.dhcpd4 = {
|
||||
enable = true;
|
||||
interfaces = [ wifi ];
|
||||
extraConfig = ''
|
||||
option subnet-mask 255.255.255.0;
|
||||
option routers 10.99.0.1;
|
||||
option domain-name-servers 1.1.1.1, 8.8.8.8;
|
||||
subnet 10.99.0.0 netmask 255.255.255.0 {
|
||||
range 10.99.0.100 10.99.0.200;
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||
{ v6 = false; predicate = "-d 10.99.0.0/24 -o ${wifi} -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 -i ${wifi}"; target = "ACCEPT"; }
|
||||
{ v6 = false; predicate = "-i ${wifi} -o ${wifi}"; target = "ACCEPT"; }
|
||||
{ v6 = false; predicate = "-o ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||
{ v6 = false; predicate = "-i ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||
];
|
||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; precedence = 1000; }
|
||||
];
|
||||
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||
#TODO find out what this is about?
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 -d 255.255.255.255"; target = "RETURN"; }
|
||||
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24"; target = "MASQUERADE"; }
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
|
||||
];
|
||||
}
|
20
lass/2configs/backup.nix
Normal file
20
lass/2configs/backup.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{ config, lib, ... }:
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
fileSystems = {
|
||||
"/backups" = {
|
||||
device = "/dev/pool/backup";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
users.users.backup = {
|
||||
useDefaultShell = true;
|
||||
home = "/backups";
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = with config.krebs.hosts; [
|
||||
mors.ssh.pubkey
|
||||
prism.ssh.pubkey
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,173 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
|
||||
# TODO add timerConfig to krebs.backup and randomize startup
|
||||
# TODO define plans more abstract
|
||||
krebs.backup.plans = {
|
||||
} // mapAttrs (_: recursiveUpdate {
|
||||
snapshots = {
|
||||
daily = { format = "%Y-%m-%d"; retain = 7; };
|
||||
weekly = { format = "%YW%W"; retain = 4; };
|
||||
monthly = { format = "%Y-%m"; retain = 12; };
|
||||
yearly = { format = "%Y"; };
|
||||
};
|
||||
}) {
|
||||
dishfire-http-prism = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:00";
|
||||
};
|
||||
dishfire-http-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:10";
|
||||
};
|
||||
dishfire-http-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:05";
|
||||
};
|
||||
dishfire-http-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:10";
|
||||
};
|
||||
dishfire-sql-prism = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:15";
|
||||
};
|
||||
dishfire-sql-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
dishfire-sql-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:20";
|
||||
};
|
||||
dishfire-sql-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-bitlbee-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-bitlbee"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-bitlbee-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-bitlbee-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-bitlbee"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-chat-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-chat"; };
|
||||
startAt = "03:35";
|
||||
};
|
||||
prism-chat-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
|
||||
startAt = "03:30";
|
||||
};
|
||||
prism-chat-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-chat"; };
|
||||
startAt = "03:35";
|
||||
};
|
||||
prism-sql-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-sql_dumps"; };
|
||||
startAt = "03:45";
|
||||
};
|
||||
prism-sql-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
|
||||
startAt = "03:40";
|
||||
};
|
||||
prism-sql-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-sql_dumps"; };
|
||||
startAt = "03:45";
|
||||
};
|
||||
prism-http-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-http"; };
|
||||
startAt = "03:55";
|
||||
};
|
||||
prism-http-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
|
||||
startAt = "03:50";
|
||||
};
|
||||
prism-http-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-http"; };
|
||||
startAt = "03:55";
|
||||
};
|
||||
icarus-home-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.icarus; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/icarus-home"; };
|
||||
startAt = "05:00";
|
||||
};
|
||||
icarus-home-shodan = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.icarus; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/icarus-home"; };
|
||||
startAt = "05:00";
|
||||
};
|
||||
mors-home-icarus = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.mors; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/mors-home"; };
|
||||
startAt = "05:00";
|
||||
};
|
||||
mors-home-shodan = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.mors; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; };
|
||||
startAt = "05:00";
|
||||
};
|
||||
shodan-home-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.shodan; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/shodan-home"; };
|
||||
startAt = "04:00";
|
||||
};
|
||||
shodan-home-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.shodan; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/shodan-home"; };
|
||||
startAt = "04:00";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -9,7 +9,6 @@ in {
|
|||
./power-action.nix
|
||||
./copyq.nix
|
||||
./livestream.nix
|
||||
./dns-stuff.nix
|
||||
./urxvt.nix
|
||||
./network-manager.nix
|
||||
{
|
||||
|
@ -75,6 +74,7 @@ in {
|
|||
gi
|
||||
git-preview
|
||||
gitAndTools.qgit
|
||||
gnome3.dconf
|
||||
lm_sensors
|
||||
mpv-poll
|
||||
much
|
||||
|
|
|
@ -10,9 +10,6 @@ in {
|
|||
krebs.per-user.bitcoin.packages = [
|
||||
pkgs.electrum
|
||||
];
|
||||
krebs.per-user.ethereum.packages = [
|
||||
pkgs.go-ethereum
|
||||
];
|
||||
users.extraUsers = {
|
||||
bch = {
|
||||
name = "bch";
|
||||
|
@ -28,13 +25,6 @@ in {
|
|||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
ethereum = {
|
||||
name = "ethereum";
|
||||
description = "user for ethereum stuff";
|
||||
home = "/home/ethereum";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL
|
||||
|
|
|
@ -9,6 +9,7 @@ in {
|
|||
dev = {
|
||||
name = "dev";
|
||||
uid = genid "dev";
|
||||
extraGroups = [ "docker" ];
|
||||
description = "user for collaborative development";
|
||||
home = "/home/dev";
|
||||
useDefaultShell = true;
|
||||
|
|
|
@ -6,10 +6,9 @@ with import <stockholm/lib>;
|
|||
./gc.nix
|
||||
./mc.nix
|
||||
./vim.nix
|
||||
./monitoring/client.nix
|
||||
./monitoring/node-exporter.nix
|
||||
./zsh.nix
|
||||
./htop.nix
|
||||
./backups.nix
|
||||
./security-workarounds.nix
|
||||
{
|
||||
users.extraUsers =
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
services.dnscrypt-proxy = {
|
||||
enable = true;
|
||||
localAddress = "127.1.0.1";
|
||||
customResolver = {
|
||||
address = config.krebs.hosts.gum.nets.internet.ip4.addr;
|
||||
port = 15251;
|
||||
name = "2.dnscrypt-cert.euer.krebsco.de";
|
||||
key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
|
||||
};
|
||||
};
|
||||
services.resolved.enable = true;
|
||||
services.resolved.fallbackDns = [ "127.1.0.1" ];
|
||||
}
|
|
@ -79,6 +79,7 @@ with import <stockholm/lib>;
|
|||
{ from = "ovh@lassul.us"; to = lass.mail; }
|
||||
{ from = "hetzner@lassul.us"; to = lass.mail; }
|
||||
{ from = "allygator@lassul.us"; to = lass.mail; }
|
||||
{ from = "immoscout@lassul.us"; to = lass.mail; }
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
|
|
|
@ -3,6 +3,6 @@
|
|||
with import <stockholm/lib>;
|
||||
{
|
||||
nix.gc = {
|
||||
automatic = ! elem config.krebs.build.host.name [ "prism" "mors" "helios" ];
|
||||
automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer);
|
||||
};
|
||||
}
|
||||
|
|
|
@ -57,6 +57,16 @@ let
|
|||
cgit.desc = "Fork of nix-user-chroot my lethalman";
|
||||
cgit.section = "software";
|
||||
};
|
||||
nixos-aws = {
|
||||
collaborators = [ {
|
||||
name = "fabio";
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
|
||||
} ];
|
||||
};
|
||||
krops = {
|
||||
cgit.desc = "krebs deployment";
|
||||
cgit.section = "software";
|
||||
};
|
||||
} // mapAttrs make-public-repo-silent {
|
||||
};
|
||||
|
||||
|
@ -70,8 +80,8 @@ let
|
|||
import <secrets/repos.nix> { inherit config lib pkgs; }
|
||||
);
|
||||
|
||||
make-public-repo = name: { cgit ? {}, ... }: {
|
||||
inherit cgit name;
|
||||
make-public-repo = name: { cgit ? {}, collaborators ? [], ... }: {
|
||||
inherit cgit collaborators name;
|
||||
public = true;
|
||||
hooks = {
|
||||
post-receive = pkgs.git-hooks.irc-announce {
|
||||
|
|
19
lass/2configs/go.nix
Normal file
19
lass/2configs/go.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
krebs.go = {
|
||||
enable = true;
|
||||
};
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts.go = {
|
||||
locations."/".extraConfig = ''
|
||||
proxy_set_header Host go.lassul.us;
|
||||
proxy_pass http://localhost:1337;
|
||||
'';
|
||||
serverAliases = [
|
||||
"go.lassul.us"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -206,8 +206,11 @@ in {
|
|||
msmtp
|
||||
mutt
|
||||
pkgs.much
|
||||
pkgs.notmuch
|
||||
tag-new-mails
|
||||
tag-old-mails
|
||||
];
|
||||
|
||||
nixpkgs.config.packageOverrides = opkgs: {
|
||||
notmuch = (opkgs.notmuch.overrideAttrs (o: { doCheck = false; }));
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
{pkgs, config, ...}:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
services.telegraf = {
|
||||
enable = true;
|
||||
|
||||
extraConfig = {
|
||||
agent.interval = "1s";
|
||||
outputs = {
|
||||
influxdb = {
|
||||
urls = ["http://prism:8086"];
|
||||
database = "telegraf_db";
|
||||
user_agent = "telegraf";
|
||||
};
|
||||
};
|
||||
inputs = {
|
||||
cpu = {
|
||||
percpu = false;
|
||||
totalcpu = true;
|
||||
};
|
||||
mem = {};
|
||||
net = {};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,44 +0,0 @@
|
|||
{pkgs, config, ...}:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
echoToIrc = msg:
|
||||
pkgs.writeDash "echo_irc" ''
|
||||
set -euf
|
||||
export LOGNAME=prism-alarm
|
||||
${pkgs.irc-announce}/bin/irc-announce \
|
||||
irc.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
|
||||
'';
|
||||
|
||||
in {
|
||||
krebs.monit = {
|
||||
enable = true;
|
||||
http.enable = true;
|
||||
alarms = {
|
||||
nirwanabluete = {
|
||||
test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'";
|
||||
alarm = echoToIrc "test nirwanabluete failed";
|
||||
};
|
||||
ubik = {
|
||||
test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'";
|
||||
alarm = echoToIrc "test ubik failed";
|
||||
};
|
||||
cac-panel = {
|
||||
test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'";
|
||||
alarm = echoToIrc "test cac-panel failed";
|
||||
};
|
||||
radio = {
|
||||
test = pkgs.writeBash "check_stream" ''
|
||||
${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \
|
||||
| ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \
|
||||
| ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}"
|
||||
'';
|
||||
alarm = echoToIrc "test radio failed";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
|
|
@ -1,7 +1,9 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 9100 ];
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; }
|
||||
];
|
||||
services.prometheus.exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
|
|
|
@ -9,6 +9,12 @@
|
|||
# useDHCP = true;
|
||||
#};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
services = {
|
||||
prometheus = {
|
||||
enable = true;
|
||||
|
@ -124,11 +130,10 @@
|
|||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
"localhost:9100"
|
||||
];
|
||||
labels = {
|
||||
alias = "prometheus.example.com";
|
||||
};
|
||||
] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts));
|
||||
#labels = {
|
||||
# alias = "prometheus.example.com";
|
||||
#};
|
||||
}
|
||||
];
|
||||
}
|
||||
|
@ -159,7 +164,7 @@
|
|||
];
|
||||
"webhook_configs" = [
|
||||
{
|
||||
"url" = "https://example.com/prometheus-alerts";
|
||||
"url" = "http://127.0.0.1:14813/prometheus-alerts";
|
||||
"send_resolved" = true;
|
||||
}
|
||||
];
|
||||
|
@ -176,4 +181,37 @@
|
|||
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
|
||||
};
|
||||
};
|
||||
services.logstash = {
|
||||
enable = true;
|
||||
inputConfig = ''
|
||||
http {
|
||||
port => 14813
|
||||
host => "127.0.0.1"
|
||||
}
|
||||
'';
|
||||
filterConfig = ''
|
||||
if ([alerts]) {
|
||||
ruby {
|
||||
code => '
|
||||
lines = []
|
||||
event["alerts"].each {|p|
|
||||
lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}"
|
||||
}
|
||||
event["output"] = lines.join("\n")
|
||||
'
|
||||
}
|
||||
}
|
||||
'';
|
||||
outputConfig = ''
|
||||
file { path => "/tmp/logs.json" codec => "json_lines" }
|
||||
irc {
|
||||
channels => [ "#noise" ]
|
||||
host => "irc.r"
|
||||
nick => "alarm"
|
||||
codec => "json_lines"
|
||||
format => "%{output}"
|
||||
}
|
||||
'';
|
||||
#plugins = [ ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,87 +0,0 @@
|
|||
{pkgs, config, ...}:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
services.influxdb.enable = true;
|
||||
|
||||
services.influxdb.extraConfig = {
|
||||
meta.hostname = config.krebs.build.host.name;
|
||||
# meta.logging-enabled = true;
|
||||
http.bind-address = ":8086";
|
||||
admin.bind-address = ":8083";
|
||||
http.log-enabled = false;
|
||||
monitoring = {
|
||||
enabled = false;
|
||||
# write-interval = "24h";
|
||||
};
|
||||
collectd = [{
|
||||
enabled = true;
|
||||
typesdb = "${pkgs.collectd}/share/collectd/types.db";
|
||||
database = "collectd_db";
|
||||
port = 25826;
|
||||
}];
|
||||
};
|
||||
|
||||
krebs.kapacitor =
|
||||
let
|
||||
db = "telegraf_db";
|
||||
echoToIrc = pkgs.writeDash "echo_irc" ''
|
||||
set -euf
|
||||
data="$(${pkgs.jq}/bin/jq -r .message)"
|
||||
export LOGNAME=prism-alarm
|
||||
${pkgs.irc-announce}/bin/irc-announce \
|
||||
irc.r 6667 prism-alarm \#noise "$data" >/dev/null
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
alarms = {
|
||||
cpu = {
|
||||
database = db;
|
||||
text = ''
|
||||
var data = batch
|
||||
|query(${"'''"}
|
||||
SELECT mean("usage_user") AS mean
|
||||
FROM "${db}"."default"."cpu"
|
||||
${"'''"})
|
||||
.period(10m)
|
||||
.every(1m)
|
||||
.groupBy('host')
|
||||
data |alert()
|
||||
.crit(lambda: "mean" > 90)
|
||||
.exec('${echoToIrc}')
|
||||
data |deadman(1.0,5m)
|
||||
.stateChangesOnly()
|
||||
.exec('${echoToIrc}')
|
||||
'';
|
||||
};
|
||||
ram = {
|
||||
database = db;
|
||||
text = ''
|
||||
var data = batch
|
||||
|query(${"'''"}
|
||||
SELECT mean("used_percent") AS mean
|
||||
FROM "${db}"."default"."mem"
|
||||
${"'''"})
|
||||
.period(10m)
|
||||
.every(1m)
|
||||
.groupBy('host')
|
||||
data |alert()
|
||||
.crit(lambda: "mean" > 90)
|
||||
.exec('${echoToIrc}')
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
addr = "0.0.0.0";
|
||||
auth.anonymous.enable = true;
|
||||
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
|
@ -135,7 +135,6 @@ in {
|
|||
(sync-retiolum "populate")
|
||||
(sync-retiolum "stockholm")
|
||||
(sync-retiolum "wai-middleware-time")
|
||||
(sync-retiolum "web-routes-wai-custom")
|
||||
(sync-retiolum "xmonad-stockholm")
|
||||
];
|
||||
}
|
||||
|
|
|
@ -6,66 +6,10 @@ let
|
|||
genid
|
||||
;
|
||||
|
||||
servephpBB = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
|
||||
in {
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
serverAliases = domains;
|
||||
extraConfig = ''
|
||||
index index.php;
|
||||
root /srv/http/${domain}/;
|
||||
access_log /tmp/nginx_acc.log;
|
||||
error_log /tmp/nginx_err.log;
|
||||
error_page 404 /404.html;
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
client_max_body_size 100m;
|
||||
'';
|
||||
locations."/".extraConfig = ''
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
'';
|
||||
locations."~ \.php(?:$|/)".extraConfig = ''
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
|
||||
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
|
||||
fastcgi_intercept_errors on;
|
||||
'';
|
||||
#Directives to send expires headers and turn off 404 error logging.
|
||||
locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
'';
|
||||
};
|
||||
services.phpfpm.poolConfigs."${domain}" = ''
|
||||
listen = /srv/http/${domain}/phpfpm.pool
|
||||
user = nginx
|
||||
group = nginx
|
||||
pm = dynamic
|
||||
pm.max_children = 25
|
||||
pm.start_servers = 5
|
||||
pm.min_spare_servers = 3
|
||||
pm.max_spare_servers = 20
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
php_admin_value[error_log] = 'stderr'
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
'';
|
||||
};
|
||||
|
||||
in {
|
||||
imports = [
|
||||
./default.nix
|
||||
../git.nix
|
||||
(servephpBB [ "rote-allez-fraktion.de" ])
|
||||
];
|
||||
|
||||
security.acme = {
|
||||
|
|
|
@ -16,11 +16,7 @@ rec {
|
|||
in {
|
||||
services.nginx.virtualHosts.${domain} = {
|
||||
enableACME = true;
|
||||
onlySSL = true;
|
||||
extraConfig = ''
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
'';
|
||||
forceSSL = true;
|
||||
serverAliases = domains;
|
||||
locations."/".extraConfig = ''
|
||||
root /srv/http/${domain};
|
||||
|
@ -28,18 +24,68 @@ rec {
|
|||
};
|
||||
};
|
||||
|
||||
servephpBB = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
|
||||
in {
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
serverAliases = domains;
|
||||
extraConfig = ''
|
||||
index index.php;
|
||||
root /srv/http/${domain}/;
|
||||
access_log /tmp/nginx_acc.log;
|
||||
error_log /tmp/nginx_err.log;
|
||||
error_page 404 /404.html;
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
client_max_body_size 100m;
|
||||
'';
|
||||
locations."/".extraConfig = ''
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
'';
|
||||
locations."~ \.php(?:$|/)".extraConfig = ''
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
|
||||
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
|
||||
fastcgi_intercept_errors on;
|
||||
'';
|
||||
#Directives to send expires headers and turn off 404 error logging.
|
||||
locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
'';
|
||||
};
|
||||
services.phpfpm.poolConfigs."${domain}" = ''
|
||||
listen = /srv/http/${domain}/phpfpm.pool
|
||||
user = nginx
|
||||
group = nginx
|
||||
pm = dynamic
|
||||
pm.max_children = 25
|
||||
pm.start_servers = 5
|
||||
pm.min_spare_servers = 3
|
||||
pm.max_spare_servers = 20
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
php_admin_value[error_log] = 'stderr'
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
'';
|
||||
};
|
||||
|
||||
serveOwncloud = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
in {
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
enableACME = true;
|
||||
onlySSL = true;
|
||||
forceSSL = true;
|
||||
serverAliases = domains;
|
||||
extraConfig = ''
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
# Add headers to serve security related headers
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
|
@ -148,12 +194,9 @@ rec {
|
|||
in {
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
enableACME = true;
|
||||
onlySSL = true;
|
||||
forceSSL = true;
|
||||
serverAliases = domains;
|
||||
extraConfig = ''
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
root /srv/http/${domain}/;
|
||||
index index.php;
|
||||
access_log /tmp/nginx_acc.log;
|
||||
|
|
|
@ -54,8 +54,8 @@
|
|||
eval $(dircolors -b ${pkgs.fetchFromGitHub {
|
||||
owner = "trapd00r";
|
||||
repo = "LS_COLORS";
|
||||
rev = "master";
|
||||
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
|
||||
rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
|
||||
sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
|
||||
}}/LS_COLORS)
|
||||
alias ls='ls --color'
|
||||
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
|
||||
|
|
|
@ -7,6 +7,7 @@ _:
|
|||
./hosts.nix
|
||||
./mysql-backup.nix
|
||||
./news.nix
|
||||
./nichtparasoup.nix
|
||||
./pyload.nix
|
||||
./restic.nix
|
||||
./screenlock.nix
|
||||
|
|
48
lass/3modules/nichtparasoup.nix
Normal file
48
lass/3modules/nichtparasoup.nix
Normal file
|
@ -0,0 +1,48 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
options.lass.nichtparasoup = {
|
||||
enable = mkEnableOption "nichtparasoup funny image page";
|
||||
config = mkOption {
|
||||
type = types.str;
|
||||
default = ''
|
||||
[General]
|
||||
Port: 5001
|
||||
IP: 0.0.0.0
|
||||
Useragent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25
|
||||
|
||||
[Cache]
|
||||
Images_min_limit: 15
|
||||
|
||||
[Logging]
|
||||
;; possible destinations: file syslog
|
||||
Destination: syslog
|
||||
Verbosity: ERROR
|
||||
|
||||
[Sites]
|
||||
SoupIO: everyone
|
||||
Pr0gramm: new,top
|
||||
Reddit: gifs,reactiongifs,ANormalDayInRussia,perfectloops,reallifedoodles,bizarrebuildings,cablefail,cableporn,cableporn,cableporn,educationalgifs,EngineeringPorn,forbiddensnacks,holdmybeer,itsaunixsystem,loadingicon,michaelbaygifs,nononoyesno,oddlysatisfying,ofcoursethatsathing,OSHA,PeopleFuckingDying,PerfectTiming,PixelArt,RetroFuturism,robotsbeingjerks,scriptedasiangifs,shittyrobots,startrekstabilized,ThingsCutInHalfPorn,totallynotrobots,Unexpected
|
||||
NineGag: geeky,wtf,hot,trending
|
||||
Instagram: nature,wtf
|
||||
Fourchan: sci
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.lass.nichtparasoup.enable {
|
||||
systemd.services.nichtparasoup = {
|
||||
description = "nichtparasoup";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
restartIfChanged = true;
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
ExecStart = "${pkgs.nichtparasoup}/bin/nichtparasoup -c ${pkgs.writeText "config.ini"config.lass.nichtparasoup.config}";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -90,7 +90,7 @@ main' = do
|
|||
|
||||
myLayoutHook = defLayout
|
||||
where
|
||||
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
|
||||
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
|
||||
|
||||
floatHooks :: Query (Endo WindowSet)
|
||||
floatHooks = composeAll . concat $
|
||||
|
|
15
lass/5pkgs/nichtparasoup/default.nix
Normal file
15
lass/5pkgs/nichtparasoup/default.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ stdenv, pkgs, ... }:
|
||||
let
|
||||
py = pkgs.python3Packages.python.withPackages (p: [
|
||||
p.werkzeug
|
||||
p.beautifulsoup4
|
||||
]);
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "k4cg";
|
||||
repo = "nichtparasoup";
|
||||
rev = "c6dcd0d";
|
||||
sha256 = "10xy20bjdnd5bjv2hf6v5y5wi0mc9555awxkjqf57rk6ngc5w6ss";
|
||||
};
|
||||
in pkgs.writeDashBin "nichtparasoup" ''
|
||||
${py}/bin/python ${src}/nichtparasoup.py "$@"
|
||||
''
|
13
lass/5pkgs/nichtparasoup/exception.patch
Normal file
13
lass/5pkgs/nichtparasoup/exception.patch
Normal file
|
@ -0,0 +1,13 @@
|
|||
diff --git a/nichtparasoup.py b/nichtparasoup.py
|
||||
index 9da9a2b..833ca71 100755
|
||||
--- a/nichtparasoup.py
|
||||
+++ b/nichtparasoup.py
|
||||
@@ -211,7 +211,7 @@ def cache_fill_loop():
|
||||
try:
|
||||
sources[crawler][site].crawl()
|
||||
info = Crawler.info()
|
||||
- except Exception, e:
|
||||
+ except Exception as e:
|
||||
logger.error("Error in crawler %s - %s: %s" % (crawler, site, e))
|
||||
break
|
||||
|
|
@ -50,6 +50,14 @@ rec {
|
|||
default = false;
|
||||
};
|
||||
|
||||
monitoring = mkOption {
|
||||
description = ''
|
||||
Whether the host should be monitored by monitoring tools like Prometheus.
|
||||
'';
|
||||
type = bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
owner = mkOption {
|
||||
type = user;
|
||||
};
|
||||
|
|
|
@ -62,6 +62,7 @@ in {
|
|||
## Web
|
||||
<stockholm/makefu/2configs/nginx/share-download.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.test.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.mon.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.blog.nix>
|
||||
# <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="gum";
|
||||
torrent = true;
|
||||
clever_kexec = true;
|
||||
}
|
||||
|
|
|
@ -50,6 +50,7 @@ in {
|
|||
<stockholm/makefu/2configs/smart-monitor.nix>
|
||||
<stockholm/makefu/2configs/mail-client.nix>
|
||||
<stockholm/makefu/2configs/mosh.nix>
|
||||
<stockholm/makefu/2configs/tools/mobility.nix>
|
||||
# <stockholm/makefu/2configs/disable_v6.nix>
|
||||
#<stockholm/makefu/2configs/graphite-standalone.nix>
|
||||
#<stockholm/makefu/2configs/share-user-sftp.nix>
|
||||
|
@ -85,7 +86,7 @@ in {
|
|||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
# <stockholm/makefu/2configs/logging/central-logging-client.nix>
|
||||
|
||||
# <stockholm/makefu/2configs/torrent.nix>
|
||||
<stockholm/makefu/2configs/torrent.nix>
|
||||
|
||||
# <stockholm/makefu/2configs/elchos/search.nix>
|
||||
# <stockholm/makefu/2configs/elchos/log.nix>
|
||||
|
@ -100,7 +101,7 @@ in {
|
|||
makefu.full-populate = true;
|
||||
makefu.server.primary-itf = primaryInterface;
|
||||
krebs.rtorrent = {
|
||||
downloadDir = lib.mkForce "/media/crypt0/torrent";
|
||||
downloadDir = lib.mkForce "/media/cryptX/torrent";
|
||||
extraConfig = ''
|
||||
upload_rate = 200
|
||||
'';
|
||||
|
|
|
@ -52,9 +52,10 @@ in {
|
|||
db = "collectd_db";
|
||||
logging-interface = "enp0s25";
|
||||
in {
|
||||
networking.firewall.allowedTCPPorts = [ 3000 ];
|
||||
|
||||
services.grafana.enable = true;
|
||||
services.grafana.addr = "0.0.0.0";
|
||||
|
||||
services.influxdb.enable = true;
|
||||
services.influxdb.extraConfig = {
|
||||
meta.hostname = config.krebs.build.host.name;
|
||||
|
|
|
@ -11,9 +11,8 @@
|
|||
|
||||
systemd.services.modemmanager = {
|
||||
description = "ModemManager";
|
||||
after = [ "network-manager.service" ];
|
||||
bindsTo = [ "network-manager.service" ];
|
||||
wantedBy = [ "network-manager.service" ];
|
||||
wantedBy = [ "network-manager.service" "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
|
||||
PrivateTmp = true;
|
||||
|
|
26
makefu/2configs/nginx/euer.mon.nix
Normal file
26
makefu/2configs/nginx/euer.mon.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
hostname = config.krebs.build.host.name;
|
||||
user = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
in {
|
||||
services.nginx = {
|
||||
enable = mkDefault true;
|
||||
virtualHosts."mon.euer.krebsco.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://wbob.r:3000/";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,10 +1,6 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
nixpkgs.config.firefox = {
|
||||
enableAdobeFlash = true;
|
||||
};
|
||||
|
||||
krebs.per-user.makefu.packages = with pkgs; [
|
||||
chromium
|
||||
clipit
|
||||
|
|
|
@ -1,14 +1,16 @@
|
|||
with import <stockholm/lib>;
|
||||
host@{ name,
|
||||
override ? {}
|
||||
, secure ? false
|
||||
, full ? false
|
||||
, torrent ? false
|
||||
, hw ? false
|
||||
, musnix ? false
|
||||
, python ? false
|
||||
, unstable ? false #unstable channel checked out
|
||||
, mic92 ? false
|
||||
, secure ? false
|
||||
, full ? false
|
||||
, torrent ? false
|
||||
, hw ? false
|
||||
, musnix ? false
|
||||
, python ? false
|
||||
, unstable ? false #unstable channel checked out
|
||||
, mic92 ? false
|
||||
, nms ? false
|
||||
, clever_kexec ?false
|
||||
}:
|
||||
let
|
||||
builder = if getEnv "dummy_secrets" == "true"
|
||||
|
@ -42,11 +44,15 @@ in
|
|||
file = "/home/makefu/store/${ref}";
|
||||
};
|
||||
|
||||
secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/makefu/6tests/data/secrets>;
|
||||
makefu = "/home/makefu/secrets/${name}";
|
||||
secrets = getAttr builder {
|
||||
buildbot.file = toString <stockholm/makefu/6tests/data/secrets>;
|
||||
makefu.pass = {
|
||||
inherit name;
|
||||
dir = "${getEnv "HOME"}/.secrets-pass";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
stockholm.file = toString <stockholm>;
|
||||
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
|
||||
}
|
||||
|
@ -72,9 +78,12 @@ in
|
|||
})
|
||||
|
||||
(mkIf ( torrent ) {
|
||||
torrent-secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/makefu/6tests/data/secrets>;
|
||||
makefu = "/home/makefu/secrets/torrent" ;
|
||||
torrent-secrets = getAttr builder {
|
||||
buildbot.file = toString <stockholm/makefu/6tests/data/secrets>;
|
||||
makefu.pass = {
|
||||
name = "torrent";
|
||||
dir = "${getEnv "HOME"}/.secrets-pass";
|
||||
};
|
||||
};
|
||||
})
|
||||
|
||||
|
@ -92,5 +101,19 @@ in
|
|||
};
|
||||
})
|
||||
|
||||
(mkIf ( nms ) {
|
||||
nms.git = {
|
||||
url = https://github.com/r-raymond/nixos-mailserver;
|
||||
ref = "v2.1.2";
|
||||
};
|
||||
})
|
||||
|
||||
(mkIf ( clever_kexec ) {
|
||||
clever_kexec.git = {
|
||||
url = https://github.com/cleverca22/nix-tests;
|
||||
ref = "5a670de7f2decfaafc95c34ffeb0f1896662f3d7";
|
||||
};
|
||||
})
|
||||
|
||||
override
|
||||
]
|
||||
|
|
|
@ -349,6 +349,7 @@ let
|
|||
let b:current_syntax = "nix"
|
||||
|
||||
set isk=@,48-57,_,192-255,-,'
|
||||
set bg=dark
|
||||
'';
|
||||
in
|
||||
out
|
||||
|
|
Loading…
Reference in a new issue