Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
4499cc4065
|
@ -22,6 +22,7 @@ let
|
|||
./go.nix
|
||||
./iptables.nix
|
||||
./kapacitor.nix
|
||||
./monit.nix
|
||||
./newsbot-js.nix
|
||||
./nginx.nix
|
||||
./nixpkgs.nix
|
||||
|
|
|
@ -55,7 +55,7 @@ let
|
|||
|
||||
local_domains = mkOption {
|
||||
type = with types; listOf hostname;
|
||||
default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
|
||||
default = unique (["localhost" cfg.primary_hostname] ++ config.krebs.build.host.nets.retiolum.aliases);
|
||||
};
|
||||
|
||||
relay_from_hosts = mkOption {
|
||||
|
|
|
@ -21,13 +21,14 @@ let
|
|||
OnCalendar = "*:00,10,20,30,40,50";
|
||||
};
|
||||
};
|
||||
# TODO find a better default stateDir
|
||||
stateDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/wallpaper";
|
||||
default = "$HOME/wallpaper";
|
||||
};
|
||||
display = mkOption {
|
||||
type = types.str;
|
||||
default = ":11";
|
||||
default = ":0";
|
||||
};
|
||||
unitConfig = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
|
@ -48,38 +49,30 @@ let
|
|||
fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
|
||||
set -euf
|
||||
|
||||
mkdir -p ${shell.escape cfg.stateDir}
|
||||
cd ${shell.escape cfg.stateDir}
|
||||
mkdir -p ${cfg.stateDir}
|
||||
cd ${cfg.stateDir}
|
||||
(curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
|
||||
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
|
||||
feh --no-fehbg --bg-scale wallpaper
|
||||
'';
|
||||
|
||||
imp = {
|
||||
users.users.fetchWallpaper = {
|
||||
name = "fetchWallpaper";
|
||||
uid = genid "fetchWallpaper";
|
||||
description = "fetchWallpaper user";
|
||||
home = cfg.stateDir;
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
systemd.timers.fetchWallpaper = {
|
||||
systemd.user.timers.fetchWallpaper = {
|
||||
description = "fetch wallpaper timer";
|
||||
wantedBy = [ "timers.target" ];
|
||||
|
||||
timerConfig = cfg.timerConfig;
|
||||
};
|
||||
systemd.services.fetchWallpaper = {
|
||||
systemd.user.services.fetchWallpaper = {
|
||||
description = "fetch wallpaper";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "default.target" ];
|
||||
|
||||
path = with pkgs; [
|
||||
curl
|
||||
feh
|
||||
coreutils
|
||||
];
|
||||
|
||||
environment = {
|
||||
URL = cfg.url;
|
||||
DISPLAY = cfg.display;
|
||||
};
|
||||
restartIfChanged = true;
|
||||
|
@ -87,7 +80,6 @@ let
|
|||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = fetchWallpaperScript;
|
||||
User = "fetchWallpaper";
|
||||
};
|
||||
|
||||
unitConfig = cfg.unitConfig;
|
||||
|
|
|
@ -73,13 +73,21 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
|
||||
};
|
||||
prism = {
|
||||
prism = rec {
|
||||
cores = 4;
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
prism IN A ${nets.internet.ip4.addr}
|
||||
paste IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "213.239.205.240";
|
||||
aliases = [
|
||||
"prism.internet"
|
||||
"paste.i"
|
||||
"paste.internet"
|
||||
];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
|
|
|
@ -1 +1 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz97C5WVGXgKZ3I7FMvL4TyUv+0rsrSOGI7jj5uQaaHx0SSR0V4tnZtv2hXYrfnkaPHwu2PYUeeUdMBHfbZS6l2dmaXRI9f2WG7182G3IUskMktpi84DMyh0kwK2pWmHoS+Kwo//q+lu4WXIRy4X5wVMVpPT1Oc7boDtqJt4rK8uZkuVmVzGi+5SFaBxspCsdZsX/uDWOeC4/U2l+2Pd4YYl8UdmgN3bJceKTwqKIcbK7AL91My0jrnRSU6XLuED0hcVKzjkjc6bcj1R+Mlch9cflsMQV8TfT6p7VGGvUOtVwhG1+CjraHfilzFn76wINClsQXF/ncKrGabTEWO3zTi12ukAzL2/B0IB0q61tror9uYqeI74WgLjwhnuF98hUL7hnqgV3KB1ytpt6yzXqf1Uz784z9dh0n9r0fLTkeTDbJ4uOz1XzpmAMRwuo0o7/Op7rRBLHohu2Tp6AV8sISKJN5hDGe0wD6861pH9ZrRBiUux6uylzfWp2qrZmERnk0brBl+oDQNhKs3Z0CZmLG4DZWMc5pxpQ5751/8bb6nEorg2ulDZ/h+G3myC+9Zbc/owb/HHOGOBMEpyYYYMvYAfchu50e4xtHd+wMqzFxzjfcM7u6dTdyDEXi6+TFXKBEZyvaAhW2J27HKj4iK6Td2GyK59myPG6OtCnIbw9BPw== lass@icarus
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm4qnRU8/Zyb+7x/QxW1grN+i1qcN39Sr/TSkBdccAPyfPdk8ph/G+wZKgsyr9sl5CgbA4hOsqDBN97dp4dKghKARuk0GldHDgo+2odWwBTa4EOSmE4Bfj3z7r9tW33Y+ujy55L4w5Qw21lj51mbhc0qvC/03xypEeKsLM0RtNAf8TsdGMPGmbha7uCF75VjFJvrHysbjonh6ZQ+Or8N0MSNABZ9oawJQxxBUqtLFhnq20zCJmm281f9GS/EaGYwcpOjiHd4fj3XWyfEIJRK/LRBZXkidvVDN7mhOQY3G+qiGZfPeyged9CRDRFoc5QbZ43NtrmPS+yUtjHQZKynkjI0lA00fegRzb0FkEJmYSy1Vdqgj338CjNwcuTaKJTw2EotMqMuHyk1FllnphafJtgMTMLIGoZRTpJpC91gbP0MGTnRoCwD4McZcz1YD3cxng101QsLsDv/FPxzbyxr+P6rjBB6eP6IhP4k4ALjWzoMURdCo1BW4//zt+PXImUpcX2+urtAMmVBQ8BwZry1hsEcR+r6C1Yb+jzeWGnvtfjXSFv+ZjpA0eEnqeKeh3LDCxybjkok51zdTe97EZ0sDAnKcnrVzpXJwehY02E2N9Sw1HhvWIUUulr09a2bC2rYR7HWryOjaEzT2aKmUyrxPkflCawB8gn2iSbVMWK74VJw== lass@icarus
|
||||
|
|
|
@ -5,50 +5,50 @@ with import <stockholm/lib>;
|
|||
{
|
||||
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
|
||||
drop = rec {
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.177.9";
|
||||
ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce";
|
||||
aliases = [
|
||||
"drop.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl
|
||||
6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI
|
||||
GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW
|
||||
0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C
|
||||
Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT
|
||||
F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.177.9";
|
||||
ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce";
|
||||
aliases = [
|
||||
"drop.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl
|
||||
6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI
|
||||
GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW
|
||||
0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C
|
||||
Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT
|
||||
F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
fileleech = rec {
|
||||
cores = 4;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.113.98";
|
||||
ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
|
||||
aliases = [
|
||||
"fileleech.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
|
||||
8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
|
||||
YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
|
||||
nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
|
||||
e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
|
||||
UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
cores = 4;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.113.98";
|
||||
ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
|
||||
aliases = [
|
||||
"fileleech.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
|
||||
8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
|
||||
YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
|
||||
nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
|
||||
e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
|
||||
UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
pnp = {
|
||||
|
@ -123,16 +123,16 @@ with import <stockholm/lib>;
|
|||
aliases = [
|
||||
"ossim.siem"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl
|
||||
RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL
|
||||
cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand
|
||||
mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd
|
||||
dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL
|
||||
WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl
|
||||
RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL
|
||||
cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand
|
||||
mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd
|
||||
dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL
|
||||
WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -169,7 +169,7 @@ with import <stockholm/lib>;
|
|||
XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
|
||||
teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -228,16 +228,15 @@ with import <stockholm/lib>;
|
|||
"vbob.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
|
||||
4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
|
||||
AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
|
||||
hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
|
||||
Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
|
||||
AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
|
||||
'';
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
|
||||
4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
|
||||
AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
|
||||
hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
|
||||
Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
|
||||
AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
|
@ -278,7 +277,7 @@ with import <stockholm/lib>;
|
|||
DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv
|
||||
sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -291,7 +290,6 @@ with import <stockholm/lib>;
|
|||
wry IN A ${nets.internet.ip4.addr}
|
||||
io IN NS wry.krebsco.de.
|
||||
graphs IN A ${nets.internet.ip4.addr}
|
||||
paste 60 IN A ${nets.internet.ip4.addr}
|
||||
tinc IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
|
@ -300,9 +298,7 @@ with import <stockholm/lib>;
|
|||
ip4.addr = "104.233.87.86";
|
||||
aliases = [
|
||||
"wry.i"
|
||||
"paste.i"
|
||||
"wry.internet"
|
||||
"paste.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
|
@ -353,7 +349,7 @@ with import <stockholm/lib>;
|
|||
ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
|
||||
aliases = [
|
||||
"filepimp.retiolum"
|
||||
"filepimp.r"
|
||||
"filepimp.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
|
@ -364,7 +360,7 @@ with import <stockholm/lib>;
|
|||
UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
|
||||
8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -389,15 +385,15 @@ with import <stockholm/lib>;
|
|||
"stats.makefu.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
|
||||
ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
|
||||
sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
|
||||
s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
|
||||
GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
|
||||
5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
|
||||
ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
|
||||
sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
|
||||
s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
|
||||
GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
|
||||
5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
|
@ -428,18 +424,18 @@ with import <stockholm/lib>;
|
|||
ip4.addr = "10.243.214.15";
|
||||
ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
|
||||
aliases = [
|
||||
"wbob.retiolum"
|
||||
"wbob.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
|
||||
QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
|
||||
cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
|
||||
khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
|
||||
rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
|
||||
TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
|
||||
QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
|
||||
cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
|
||||
khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
|
||||
rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
|
||||
TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -487,7 +483,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
|
||||
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
|
@ -538,7 +534,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||
+DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5
|
||||
uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -551,8 +547,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||
ip4.addr = "10.243.83.237";
|
||||
ip6.addr = "42:af50:99cf:c185:f1a8:14d5:acb:8101";
|
||||
aliases = [
|
||||
"sdev.retiolum"
|
||||
"sdev.r"
|
||||
"sdev.retiolum"
|
||||
"sdev.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
|
@ -569,7 +565,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||
};
|
||||
|
||||
|
||||
# non-stockholm
|
||||
# non-stockholm
|
||||
|
||||
flap = rec {
|
||||
cores = 1;
|
||||
|
@ -602,7 +598,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||
hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
|
||||
Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -819,32 +815,30 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||
};
|
||||
};
|
||||
tcac-0-1 = rec {
|
||||
cores = 1;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1
|
||||
";
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.144.142";
|
||||
ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278";
|
||||
aliases = [
|
||||
"tcac-0-1.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j
|
||||
7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs
|
||||
zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO
|
||||
Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs
|
||||
QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl
|
||||
HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
cores = 1;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1
|
||||
";
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.144.142";
|
||||
ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278";
|
||||
aliases = [
|
||||
"tcac-0-1.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j
|
||||
7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs
|
||||
zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO
|
||||
Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs
|
||||
QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl
|
||||
HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
} // { # hosts only maintained in stockholm, not owned by me
|
||||
muhbaasu = rec {
|
||||
owner = config.krebs.users.root;
|
||||
|
@ -878,23 +872,23 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||
tpsw = {
|
||||
cores = 2;
|
||||
owner = config.krebs.users.ciko; # main laptop
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.183.236";
|
||||
ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c";
|
||||
aliases = [ "tpsw.r" "tpsw.retiolum" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
|
||||
Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
|
||||
WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
|
||||
OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
|
||||
0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
|
||||
pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.183.236";
|
||||
ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c";
|
||||
aliases = [ "tpsw.r" "tpsw.retiolum" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
|
||||
Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
|
||||
WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
|
||||
OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
|
||||
0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
|
||||
pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
users = rec {
|
||||
|
@ -920,6 +914,10 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||
inherit (makefu) mail pgp;
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum";
|
||||
};
|
||||
makefu-bob = {
|
||||
inherit (makefu) mail pgp;
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";
|
||||
};
|
||||
ciko = {
|
||||
mail = "wieczorek.stefan@googlemail.com";
|
||||
};
|
||||
|
|
116
krebs/3modules/monit.nix
Normal file
116
krebs/3modules/monit.nix
Normal file
|
@ -0,0 +1,116 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with builtins;
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
cfg = config.krebs.monit;
|
||||
|
||||
out = {
|
||||
options.krebs.monit = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkEnableOption "monit";
|
||||
http = {
|
||||
enable = mkEnableOption "monit http server";
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 9093;
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "krebs";
|
||||
};
|
||||
pass = mkOption {
|
||||
type = types.str;
|
||||
default = "bob";
|
||||
};
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.user;
|
||||
default = {
|
||||
name = "monit";
|
||||
};
|
||||
};
|
||||
group = mkOption {
|
||||
type = types.group;
|
||||
default = {
|
||||
name = "monitor";
|
||||
};
|
||||
};
|
||||
extraConfig = mkOption {
|
||||
type = types.attrs;
|
||||
default = {};
|
||||
};
|
||||
alarms = mkOption {
|
||||
default = {};
|
||||
type = with types; attrsOf (submodule {
|
||||
options = {
|
||||
test = mkOption {
|
||||
type = path;
|
||||
};
|
||||
alarm = mkOption {
|
||||
type = path;
|
||||
};
|
||||
interval = mkOption {
|
||||
type = str;
|
||||
default = "10";
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
imp = let
|
||||
configFile = pkgs.writeText "monit.cfg" ''
|
||||
${optionalString cfg.http.enable ''
|
||||
set httpd port ${toString cfg.http.port}
|
||||
allow ${cfg.http.user}:${cfg.http.pass}
|
||||
''}
|
||||
set daemon 10
|
||||
|
||||
${concatStringsSep "\n" (mapAttrsToList (name: alarm: ''
|
||||
check program ${name} with path "${alarm.test}"
|
||||
every ${alarm.interval} cycles
|
||||
if status != 0 then exec "${alarm.alarm}"
|
||||
'') cfg.alarms)}
|
||||
'';
|
||||
in {
|
||||
environment.etc = [
|
||||
{
|
||||
source = configFile;
|
||||
target = "monit.conf";
|
||||
mode = "0400";
|
||||
uid = config.users.users.${cfg.user.name}.uid;
|
||||
}
|
||||
];
|
||||
users = {
|
||||
groups.${cfg.group.name} = {
|
||||
inherit (cfg.group) name gid;
|
||||
};
|
||||
users.${cfg.user.name} = {
|
||||
inherit (cfg.user) home name uid;
|
||||
createHome = true;
|
||||
group = cfg.group.name;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.monit = {
|
||||
description = "monit";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
User = cfg.user.name;
|
||||
ExecStart = "${pkgs.monit}/bin/monit -I -c /etc/monit.conf";
|
||||
# Monit should restart when the config changes
|
||||
ExecStartPre = "${pkgs.coreutils}/bin/echo ${configFile}";
|
||||
};
|
||||
};
|
||||
};
|
||||
in out
|
|
@ -38,6 +38,8 @@ with import <stockholm/lib>;
|
|||
aliases = [
|
||||
"onondaga.retiolum"
|
||||
"onondaga.r"
|
||||
"cgit.onondaga.r"
|
||||
"cgit.onondaga.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
|
|
|
@ -3,10 +3,10 @@
|
|||
pythonPackages.buildPythonApplication (rec {
|
||||
name = "${pname}-${version}";
|
||||
pname = "buildbot";
|
||||
version = "0.9.1";
|
||||
version = "0.9.4";
|
||||
src = fetchurl {
|
||||
url = "mirror://pypi/b/${pname}/${name}.tar.gz";
|
||||
sha256 = "1kk4dlkk4rznwid9xykq2lbzksvkcr4r5kmz9hgh5hswdzv8bwx9";
|
||||
sha256 = "0wklrn4fszac9wi8zw3vbsznwyff6y57cz0i81zvh46skb6n3086";
|
||||
};
|
||||
doCheck = false;
|
||||
buildInputs = with pythonPackages; [
|
||||
|
@ -22,6 +22,7 @@ pythonPackages.buildPythonApplication (rec {
|
|||
pylint
|
||||
astroid
|
||||
pyflakes
|
||||
pyjwt
|
||||
];
|
||||
|
||||
propagatedBuildInputs = with pythonPackages; [
|
||||
|
@ -55,9 +56,6 @@ pythonPackages.buildPythonApplication (rec {
|
|||
|
||||
] ++ plugins;
|
||||
|
||||
patchPhase = ''
|
||||
patch -p1 < ${./irc_messages.patch}
|
||||
'';
|
||||
preInstall = ''
|
||||
# writes out a file that can't be read properly
|
||||
sed -i.bak -e '69,84d' buildbot/test/unit/test_www_config.py
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
diff --git a/buildbot/reporters/words.py b/master/buildbot/reporters/words.py
|
||||
index a65147b..bf44118 100644
|
||||
--- a/buildbot/reporters/words.py
|
||||
+++ b/buildbot/reporters/words.py
|
||||
@@ -550,14 +550,15 @@ class Contact(service.AsyncService):
|
||||
|
||||
if self.useRevisions:
|
||||
revisions = yield self.getRevisionsForBuild(build)
|
||||
- r = "Hey! build %s containing revision(s) [%s] is complete: %s" % \
|
||||
+ r = "Build %s containing revision(s) [%s] is complete: %s" % \
|
||||
(builderName, ','.join(revisions), results[0])
|
||||
else:
|
||||
- r = "Hey! build %s #%d is complete: %s" % \
|
||||
+ r = "Build %s #%d is complete: %s" % \
|
||||
(builderName, buildNumber, results[0])
|
||||
|
||||
r += ' [%s]' % maybeColorize(build['state_string'],
|
||||
results[1], self.useColors)
|
||||
+ r += " - %s" % self.master.status.getURLForBuild(builder['builderid'],buildNumber)
|
||||
self.send(r)
|
||||
|
||||
# FIXME: where do we get the list of changes for a build ?
|
||||
@@ -622,14 +623,15 @@ class Contact(service.AsyncService):
|
||||
results = self.getResultsDescriptionAndColor(build['results'])
|
||||
if self.useRevisions:
|
||||
revisions = yield self.getRevisionsForBuild(build)
|
||||
- r = "Hey! build %s containing revision(s) [%s] is complete: %s" % \
|
||||
+ r = "Build %s containing revision(s) [%s] is complete: %s" % \
|
||||
(builder_name, ','.join(revisions), results[0])
|
||||
else:
|
||||
- r = "Hey! build %s #%d is complete: %s" % \
|
||||
+ r = "Build %s #%d is complete: %s" % \
|
||||
(builder_name, buildnum, results[0])
|
||||
|
||||
r += ' [%s]' % maybeColorize(build['state_string'],
|
||||
results[1], self.useColors)
|
||||
+ r += " - %s" % self.master.status.getURLForBuild(builder['builderid'],buildNumber)
|
||||
self.send(r)
|
||||
|
||||
# FIXME: where do we get the base_url? Then do we use the build Link to
|
|
@ -2,12 +2,12 @@
|
|||
pythonPackages.buildPythonApplication (rec {
|
||||
name = "${pname}-${version}";
|
||||
pname = "buildbot-worker";
|
||||
version = "0.9.1";
|
||||
version = "0.9.4";
|
||||
|
||||
doCheck = false;
|
||||
src = fetchurl {
|
||||
url = "mirror://pypi/b/${pname}/${name}.tar.gz";
|
||||
sha256 = "00p9l1qz6mx12npjwsycp8f9a8f2har15ig79pfsg8z7a7yw93hx";
|
||||
sha256 = "0rdrr8x7sn2nxl51p6h9ad42s3c28lb6sys84zrg0d7fm4zhv7hj";
|
||||
};
|
||||
|
||||
buildInputs = with pythonPackages; [ setuptoolsTrial mock ];
|
||||
|
|
83
krebs/5pkgs/zandronum-bin/default.nix
Normal file
83
krebs/5pkgs/zandronum-bin/default.nix
Normal file
|
@ -0,0 +1,83 @@
|
|||
{ stdenv
|
||||
, atk
|
||||
, bzip2
|
||||
, cairo
|
||||
, fetchurl
|
||||
, fluidsynth
|
||||
, fontconfig
|
||||
, freetype
|
||||
, gdk_pixbuf
|
||||
, glib
|
||||
, gtk2
|
||||
, libjpeg_turbo
|
||||
, mesa_glu
|
||||
, mesa_noglu
|
||||
, openssl
|
||||
, pango
|
||||
, SDL
|
||||
, zlib
|
||||
, makeWrapper
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "zandronum-3.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://zandronum.com/downloads/testing/3.0/ZandroDev3.0-170205-2117linux-x86_64.tar.bz2";
|
||||
sha256 = "17vrzk0m5b17sp3sqcg57r7812ma97lp3qxn9hmd39fwl1z40fz3";
|
||||
};
|
||||
|
||||
libPath = stdenv.lib.makeLibraryPath [
|
||||
atk
|
||||
bzip2
|
||||
cairo
|
||||
fluidsynth
|
||||
fontconfig
|
||||
freetype
|
||||
gdk_pixbuf
|
||||
glib
|
||||
gtk2
|
||||
libjpeg_turbo
|
||||
mesa_glu
|
||||
mesa_noglu
|
||||
openssl
|
||||
pango
|
||||
SDL
|
||||
stdenv.cc.cc
|
||||
zlib
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
phases = [ "unpackPhase" "installPhase" ];
|
||||
|
||||
sourceRoot = ".";
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
mkdir -p $out/share/zandronum
|
||||
cp *.so *.pk3 zandronum zandronum-server $out/share/zandronum
|
||||
|
||||
patchelf \
|
||||
--set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
|
||||
--set-rpath $libPath:$out/share/zandronum \
|
||||
$out/share/zandronum/zandronum
|
||||
patchelf \
|
||||
--set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
|
||||
--set-rpath $libPath \
|
||||
$out/share/zandronum/zandronum-server
|
||||
|
||||
# If we don't set absolute argv0, zandronum.wad file is not found.
|
||||
makeWrapper $out/share/zandronum/zandronum $out/bin/zandronum
|
||||
makeWrapper $out/share/zandronum/zandronum-server $out/bin/zandronum-server
|
||||
'';
|
||||
|
||||
meta = {
|
||||
homepage = http://zandronum.com/;
|
||||
description = "Multiplayer oriented port, based off Skulltag, for Doom and Doom II by id Software. Binary version for online play";
|
||||
maintainers = [ stdenv.lib.maintainers.lassulus ];
|
||||
# Binary version has different version string than source code version.
|
||||
license = stdenv.lib.licenses.unfreeRedistributable;
|
||||
platforms = [ "x86_64-linux" ];
|
||||
};
|
||||
}
|
|
@ -76,56 +76,15 @@ with import <stockholm/lib>;
|
|||
{
|
||||
services.redis.enable = true;
|
||||
}
|
||||
#{
|
||||
# #gitit magic
|
||||
# imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ];
|
||||
# services.gitit = {
|
||||
# enable = true;
|
||||
# haskellPackages = pkgs.haskell.packages.ghc7103;
|
||||
# };
|
||||
#}
|
||||
#{
|
||||
# lass.icinga2 = {
|
||||
# enable = true;
|
||||
# configFiles = [
|
||||
# ''
|
||||
# template Service "generic-service" {
|
||||
# max_check_attempts = 3
|
||||
# check_interval = 5m
|
||||
# retry_interval = 1m
|
||||
# enable_perfdata = true
|
||||
# }
|
||||
# apply Service "ping4" {
|
||||
# }
|
||||
# ''
|
||||
# ];
|
||||
# };
|
||||
# services.mysql = {
|
||||
# enable = true;
|
||||
# package = pkgs.mariadb;
|
||||
# rootPassword = "<secrets>/mysql_rootPassword";
|
||||
# };
|
||||
# lass.icingaweb2 = {
|
||||
# enable = true;
|
||||
# initialRootPasswordHash = "$1$HpWDCehI$ITbAoyfOB6HEN1ftooxZq0";
|
||||
# resources = {
|
||||
# icinga2db = {
|
||||
# type = "mysql";
|
||||
# host = "localhost";
|
||||
# user = "icingaweb2";
|
||||
# db = "icinga";
|
||||
# passfile = <secrets/icinga2-pw>;
|
||||
# };
|
||||
# icingaweb2db = {
|
||||
# type = "mysql";
|
||||
# host = "localhost";
|
||||
# user = "icingaweb2";
|
||||
# db = "icingaweb2";
|
||||
# passfile = <secrets/icinga2-pw>;
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
#}
|
||||
{
|
||||
#ipfs-testing
|
||||
services.ipfs.enable = true;
|
||||
}
|
||||
{
|
||||
environment.systemPackages = [
|
||||
pkgs.krebszones
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.mors;
|
||||
|
|
|
@ -44,6 +44,7 @@ in {
|
|||
../2configs/hfos.nix
|
||||
../2configs/makefu-sip.nix
|
||||
../2configs/monitoring/server.nix
|
||||
../2configs/monitoring/monit-alarms.nix
|
||||
{
|
||||
imports = [
|
||||
../2configs/bepasty.nix
|
||||
|
@ -164,7 +165,6 @@ in {
|
|||
}
|
||||
{
|
||||
imports = [
|
||||
../2configs/websites/wohnprojekt-rhh.de.nix
|
||||
../2configs/websites/domsen.nix
|
||||
../2configs/websites/lassulus.nix
|
||||
];
|
||||
|
@ -215,7 +215,8 @@ in {
|
|||
}
|
||||
{
|
||||
krebs.repo-sync.timerConfig = {
|
||||
OnUnitInactiveSec = "5min";
|
||||
OnBootSec = "5min";
|
||||
OnUnitInactiveSec = "3min";
|
||||
RandomizedDelaySec = "2min";
|
||||
};
|
||||
}
|
||||
|
@ -247,7 +248,13 @@ in {
|
|||
];
|
||||
}
|
||||
{
|
||||
krebs.Reaktor.coders = {
|
||||
krebs.Reaktor.coders = let
|
||||
lambdabot = (import (pkgs.fetchFromGitHub {
|
||||
owner = "NixOS"; repo = "nixpkgs";
|
||||
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
|
||||
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
|
||||
}) {}).lambdabot;
|
||||
in {
|
||||
nickname = "reaktor-lass";
|
||||
channels = [ "#coders" ];
|
||||
extraEnviron = {
|
||||
|
@ -263,7 +270,7 @@ in {
|
|||
(buildSimpleReaktorPlugin "lambdabot-pl" {
|
||||
pattern = "^@pl (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-pl" ''
|
||||
exec ${pkgs.lambdabot}/bin/lambdabot \
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@pl $1"
|
||||
'';
|
||||
|
@ -271,7 +278,7 @@ in {
|
|||
(buildSimpleReaktorPlugin "lambdabot-type" {
|
||||
pattern = "^@type (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-type" ''
|
||||
exec ${pkgs.lambdabot}/bin/lambdabot \
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@type $1"
|
||||
'';
|
||||
|
@ -279,7 +286,7 @@ in {
|
|||
(buildSimpleReaktorPlugin "lambdabot-let" {
|
||||
pattern = "^@let (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-let" ''
|
||||
exec ${pkgs.lambdabot}/bin/lambdabot \
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@let $1"
|
||||
'';
|
||||
|
@ -287,7 +294,7 @@ in {
|
|||
(buildSimpleReaktorPlugin "lambdabot-run" {
|
||||
pattern = "^@run (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-run" ''
|
||||
exec ${pkgs.lambdabot}/bin/lambdabot \
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@run $1"
|
||||
'';
|
||||
|
@ -295,7 +302,7 @@ in {
|
|||
(buildSimpleReaktorPlugin "lambdabot-kind" {
|
||||
pattern = "^@kind (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-kind" ''
|
||||
exec ${pkgs.lambdabot}/bin/lambdabot \
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@kind $1"
|
||||
'';
|
||||
|
@ -303,7 +310,7 @@ in {
|
|||
(buildSimpleReaktorPlugin "lambdabot-kind" {
|
||||
pattern = "^@kind (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-kind" ''
|
||||
exec ${pkgs.lambdabot}/bin/lambdabot \
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@kind $1"
|
||||
'';
|
||||
|
|
|
@ -42,6 +42,29 @@ with import <stockholm/lib>;
|
|||
pkgs.python27Packages.python
|
||||
];
|
||||
}
|
||||
{
|
||||
krebs.monit = let
|
||||
echoToIrc = msg:
|
||||
pkgs.writeDash "echo_irc" ''
|
||||
set -euf
|
||||
export LOGNAME=prism-alarm
|
||||
${pkgs.irc-announce}/bin/irc-announce \
|
||||
ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
http.enable = true;
|
||||
alarms = {
|
||||
hfos = {
|
||||
test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'";
|
||||
alarm = echoToIrc "test hfos failed";
|
||||
};
|
||||
};
|
||||
};
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.shodan;
|
||||
|
|
|
@ -1,13 +1,15 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
user = config.krebs.build.user;
|
||||
in {
|
||||
imports = [
|
||||
./xserver
|
||||
./mpv.nix
|
||||
./power-action.nix
|
||||
./screenlock.nix
|
||||
./copyq.nix
|
||||
./xresources.nix
|
||||
./livestream.nix
|
||||
{
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
|
@ -32,15 +34,15 @@ in {
|
|||
|
||||
programs.ssh.startAgent = false;
|
||||
|
||||
security.setuidPrograms = [ "slock" ];
|
||||
|
||||
services.printing = {
|
||||
enable = true;
|
||||
drivers = [ pkgs.foomatic_filters ];
|
||||
drivers = [
|
||||
pkgs.foomatic_filters
|
||||
pkgs.gutenprint
|
||||
];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
||||
acpi
|
||||
dic
|
||||
dmenu
|
||||
|
@ -66,37 +68,37 @@ in {
|
|||
youtube-tools
|
||||
|
||||
rxvt_unicode
|
||||
#window manager stuff
|
||||
#haskellPackages.xmobar
|
||||
#haskellPackages.yeganesh
|
||||
#dmenu2
|
||||
#xlibs.fontschumachermisc
|
||||
];
|
||||
|
||||
#fonts.fonts = [
|
||||
# pkgs.xlibs.fontschumachermisc
|
||||
#];
|
||||
fonts.fonts = [
|
||||
pkgs.xlibs.fontschumachermisc
|
||||
];
|
||||
|
||||
#services.xserver = {
|
||||
# enable = true;
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
|
||||
# windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [
|
||||
# X11-xshape
|
||||
# ];
|
||||
# windowManager.xmonad.enable = true;
|
||||
# windowManager.xmonad.enableContribAndExtras = true;
|
||||
# windowManager.default = "xmonad";
|
||||
# desktopManager.default = "none";
|
||||
# desktopManager.xterm.enable = false;
|
||||
# displayManager.slim.enable = true;
|
||||
# displayManager.auto.enable = true;
|
||||
# displayManager.auto.user = mainUser.name;
|
||||
desktopManager.xterm.enable = false;
|
||||
desktopManager.default = "none";
|
||||
displayManager.lightdm.enable = true;
|
||||
displayManager.lightdm.autoLogin = {
|
||||
enable = true;
|
||||
user = "lass";
|
||||
};
|
||||
windowManager.default = "xmonad";
|
||||
windowManager.session = [{
|
||||
name = "xmonad";
|
||||
start = ''
|
||||
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
|
||||
${pkgs.xmonad-lass}/bin/xmonad &
|
||||
waitPID=$!
|
||||
'';
|
||||
}];
|
||||
|
||||
# layout = "us";
|
||||
# xkbModel = "evdev";
|
||||
# xkbVariant = "altgr-intl";
|
||||
# xkbOptions = "caps:backspace";
|
||||
#};
|
||||
layout = "us";
|
||||
xkbModel = "evdev";
|
||||
xkbVariant = "altgr-intl";
|
||||
xkbOptions = "caps:backspace";
|
||||
};
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
HandleLidSwitch=ignore
|
||||
|
@ -107,4 +109,6 @@ in {
|
|||
twoFingerScroll = true;
|
||||
accelFactor = "0.035";
|
||||
};
|
||||
|
||||
services.urxvtd.enable = true;
|
||||
}
|
||||
|
|
|
@ -2,8 +2,14 @@
|
|||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = ["http://cache.prism.r"];
|
||||
binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
|
||||
binaryCaches = [
|
||||
"http://cache.prism.r"
|
||||
"https://cache.nixos.org/"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
|
||||
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ let
|
|||
createChromiumUser = name: extraGroups:
|
||||
let
|
||||
bin = pkgs.writeScriptBin name ''
|
||||
/var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
|
||||
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
|
||||
'';
|
||||
in {
|
||||
users.extraUsers.${name} = {
|
||||
|
@ -43,7 +43,7 @@ let
|
|||
createFirefoxUser = name: extraGroups:
|
||||
let
|
||||
bin = pkgs.writeScriptBin name ''
|
||||
/var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
|
||||
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
|
||||
'';
|
||||
in {
|
||||
users.extraUsers.${name} = {
|
||||
|
|
|
@ -216,7 +216,7 @@ in {
|
|||
enable = true;
|
||||
nick = "buildbot-lass";
|
||||
server = "ni.r";
|
||||
channels = [ { channel = "retiolum"; } ];
|
||||
channels = [ { channel = "retiolum"; } { channel = "noise"; } ];
|
||||
allowForce = true;
|
||||
};
|
||||
};
|
||||
|
|
38
lass/2configs/copyq.nix
Normal file
38
lass/2configs/copyq.nix
Normal file
|
@ -0,0 +1,38 @@
|
|||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
copyqConfig = pkgs.writeDash "copyq-config" ''
|
||||
${pkgs.copyq}/bin/copyq config check_clipboard true
|
||||
${pkgs.copyq}/bin/copyq config check_selection true
|
||||
${pkgs.copyq}/bin/copyq config copy_clipboard true
|
||||
${pkgs.copyq}/bin/copyq config copy_selection true
|
||||
|
||||
${pkgs.copyq}/bin/copyq config activate_closes true
|
||||
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
|
||||
${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
|
||||
${pkgs.copyq}/bin/copyq config disable_tray true
|
||||
${pkgs.copyq}/bin/copyq config hide_tabs true
|
||||
${pkgs.copyq}/bin/copyq config hide_toolbar true
|
||||
${pkgs.copyq}/bin/copyq config item_popup_interval true
|
||||
${pkgs.copyq}/bin/copyq config maxitems 1000
|
||||
${pkgs.copyq}/bin/copyq config move true
|
||||
${pkgs.copyq}/bin/copyq config text_wrap true
|
||||
'';
|
||||
in {
|
||||
systemd.user.services.copyq = {
|
||||
after = [ "graphical.target" ];
|
||||
wants = [ "graphical.target" ];
|
||||
wantedBy = [ "default.target" ];
|
||||
environment = {
|
||||
DISPLAY = ":0";
|
||||
};
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "copyq";
|
||||
ExecStart = "${pkgs.copyq}/bin/copyq";
|
||||
ExecStartPost = copyqConfig;
|
||||
Restart = "always";
|
||||
RestartSec = "2s";
|
||||
StartLimitBurst = 0;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,5 +1,4 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
imports = [
|
||||
|
@ -11,6 +10,7 @@ with import <stockholm/lib>;
|
|||
../2configs/vim.nix
|
||||
../2configs/monitoring/client.nix
|
||||
./backups.nix
|
||||
./security-workarounds.nix
|
||||
{
|
||||
users.extraUsers =
|
||||
mapAttrs (_: h: { hashedPassword = h; })
|
||||
|
@ -62,6 +62,12 @@ with import <stockholm/lib>;
|
|||
pkgs.pythonPackages.python
|
||||
];
|
||||
}
|
||||
{
|
||||
services.dnscrypt-proxy.enable = true;
|
||||
networking.extraResolvconfConf = ''
|
||||
name_servers='127.0.0.1'
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
networking.hostName = config.krebs.build.host.name;
|
||||
|
@ -129,6 +135,7 @@ with import <stockholm/lib>;
|
|||
|
||||
#neat utils
|
||||
krebspaste
|
||||
mosh
|
||||
pciutils
|
||||
pop
|
||||
psmisc
|
||||
|
@ -155,6 +162,7 @@ with import <stockholm/lib>;
|
|||
shopt -s histappend histreedit histverify
|
||||
shopt -s no_empty_cmd_completion
|
||||
complete -d cd
|
||||
LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS
|
||||
'';
|
||||
promptInit = ''
|
||||
if test $UID = 0; then
|
||||
|
@ -202,6 +210,7 @@ with import <stockholm/lib>;
|
|||
filter.INPUT.rules = [
|
||||
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
|
||||
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
|
||||
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
|
||||
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
|
||||
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
|
||||
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
|
||||
|
|
|
@ -8,11 +8,12 @@ with import <stockholm/lib>;
|
|||
dkim = [
|
||||
{ domain = "lassul.us"; }
|
||||
];
|
||||
primary_hostname = "lassul.us";
|
||||
sender_domains = [
|
||||
"lassul.us"
|
||||
"aidsballs.de"
|
||||
];
|
||||
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
|
||||
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
|
||||
config.krebs.hosts.mors
|
||||
config.krebs.hosts.uriel
|
||||
config.krebs.hosts.helios
|
||||
|
|
|
@ -9,9 +9,5 @@ in {
|
|||
url = "prism/wallpaper.png";
|
||||
maxTime = 10;
|
||||
};
|
||||
systemd.services.fetchWallpaper = {
|
||||
after = [ "xmonad.service" ];
|
||||
wantedBy = [ "xmonad.service" ];
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -11,7 +11,6 @@ let
|
|||
DOOM_DIR=''${DOOM_DIR:-~/doom/}
|
||||
${vdoom} \
|
||||
-file $DOOM_DIR/lib/brutalv20.pk3 \
|
||||
-file $DOOM_DIR/lib/RebotStarcraftMarines.pk3 \
|
||||
"$@"
|
||||
'';
|
||||
doom1 = pkgs.writeDashBin "doom1" ''
|
||||
|
@ -31,6 +30,31 @@ let
|
|||
${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
|
||||
'';
|
||||
|
||||
doomservercfg = pkgs.writeText "doomserver.cfg" ''
|
||||
skill 7
|
||||
#survival true
|
||||
#sv_maxlives 4
|
||||
#sv_norespawn true
|
||||
#sv_weapondrop true
|
||||
no_jump true
|
||||
#sv_noweaponspawn true
|
||||
sv_sharekeys true
|
||||
sv_survivalcountdowntime 1
|
||||
sv_noteamselect true
|
||||
sv_updatemaster false
|
||||
#sv_coop_loseinventory true
|
||||
#cl_startasspectator false
|
||||
#lms_spectatorview false
|
||||
'';
|
||||
|
||||
vdoomserver = pkgs.writeDashBin "vdoomserver" ''
|
||||
DOOM_DIR=''${DOOM_DIR:-~/doom/}
|
||||
|
||||
${pkgs.zandronum-bin}/bin/zandronum-server \
|
||||
+exec ${doomservercfg} \
|
||||
"$@"
|
||||
'';
|
||||
|
||||
in {
|
||||
environment.systemPackages = with pkgs; [
|
||||
dwarf_fortress
|
||||
|
@ -38,6 +62,7 @@ in {
|
|||
doom2
|
||||
vdoom1
|
||||
vdoom2
|
||||
vdoomserver
|
||||
];
|
||||
|
||||
users.extraUsers = {
|
||||
|
@ -56,4 +81,9 @@ in {
|
|||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(games) NOPASSWD: ALL
|
||||
'';
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 10666"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport 10666"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
|
|
|
@ -5,6 +5,7 @@ with import <stockholm/lib>;
|
|||
let
|
||||
|
||||
out = {
|
||||
services.nginx.enable = true;
|
||||
krebs.git = {
|
||||
enable = true;
|
||||
cgit = {
|
||||
|
|
|
@ -8,7 +8,6 @@ with import <stockholm/lib>;
|
|||
extraGroups = [ "libvirtd" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -32,4 +31,10 @@ with import <stockholm/lib>;
|
|||
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
|
||||
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
krebs.iptables.tables.nat.OUTPUT.rules = [
|
||||
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
|
||||
];
|
||||
|
||||
systemd.services.krebs-iptables.after = [ "libvirtd.service" ];
|
||||
}
|
||||
|
|
|
@ -48,4 +48,9 @@ with import <stockholm/lib>;
|
|||
];
|
||||
|
||||
security.rngd.enable = true;
|
||||
|
||||
services.xserver.synaptics = {
|
||||
enable = true;
|
||||
additionalOptions = ''Option "TouchpadOff" "1"'';
|
||||
};
|
||||
}
|
||||
|
|
12
lass/2configs/livestream.nix
Normal file
12
lass/2configs/livestream.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
|
||||
stream = pkgs.writeDashBin "stream" ''
|
||||
${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@"
|
||||
'';
|
||||
|
||||
in {
|
||||
environment.systemPackages = [ stream ];
|
||||
}
|
44
lass/2configs/monitoring/monit-alarms.nix
Normal file
44
lass/2configs/monitoring/monit-alarms.nix
Normal file
|
@ -0,0 +1,44 @@
|
|||
{pkgs, config, ...}:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
echoToIrc = msg:
|
||||
pkgs.writeDash "echo_irc" ''
|
||||
set -euf
|
||||
export LOGNAME=prism-alarm
|
||||
${pkgs.irc-announce}/bin/irc-announce \
|
||||
ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
|
||||
'';
|
||||
|
||||
in {
|
||||
krebs.monit = {
|
||||
enable = true;
|
||||
http.enable = true;
|
||||
alarms = {
|
||||
nirwanabluete = {
|
||||
test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'";
|
||||
alarm = echoToIrc "test nirwanabluete failed";
|
||||
};
|
||||
ubik = {
|
||||
test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'";
|
||||
alarm = echoToIrc "test ubik failed";
|
||||
};
|
||||
cac-panel = {
|
||||
test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'";
|
||||
alarm = echoToIrc "test cac-panel failed";
|
||||
};
|
||||
radio = {
|
||||
test = pkgs.writeBash "check_stream" ''
|
||||
${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \
|
||||
| ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \
|
||||
| ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}"
|
||||
'';
|
||||
alarm = echoToIrc "test radio failed";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
|
|
@ -29,7 +29,7 @@ with import <stockholm/lib>;
|
|||
data="$(${pkgs.jq}/bin/jq -r .message)"
|
||||
export LOGNAME=prism-alarm
|
||||
${pkgs.irc-announce}/bin/irc-announce \
|
||||
ni.r 6667 prism-alarm \#retiolum "$data" >/dev/null
|
||||
ni.r 6667 prism-alarm \#noise "$data" >/dev/null
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
|
|
|
@ -3,6 +3,6 @@
|
|||
{
|
||||
krebs.build.source.nixpkgs.git = {
|
||||
url = https://github.com/nixos/nixpkgs;
|
||||
ref = "f7b7d8e";
|
||||
ref = "5b0c9d4";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
before = [ "sleep.target" ];
|
||||
wantedBy = [ "sleep.target" ];
|
||||
environment = {
|
||||
DISPLAY = ":${toString config.services.xserver.display}";
|
||||
DISPLAY = ":0";
|
||||
};
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "screenlock";
|
||||
|
|
8
lass/2configs/security-workarounds.nix
Normal file
8
lass/2configs/security-workarounds.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
# http://seclists.org/oss-sec/2017/q1/471
|
||||
boot.extraModprobeConfig = ''
|
||||
install dccp /run/current-system/sw/bin/false
|
||||
'';
|
||||
}
|
22
lass/2configs/termite.nix
Normal file
22
lass/2configs/termite.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
environment.systemPackages = [
|
||||
pkgs.termite
|
||||
];
|
||||
|
||||
krebs.per-user.lass.packages = let
|
||||
termitecfg = pkgs.writeTextFile {
|
||||
name = "termite-config";
|
||||
destination = "/etc/xdg/termite/config";
|
||||
text = ''
|
||||
[colors]
|
||||
foreground = #d0d7d0
|
||||
background = #000000
|
||||
'';
|
||||
};
|
||||
in [
|
||||
termitecfg
|
||||
];
|
||||
}
|
|
@ -25,7 +25,7 @@ let
|
|||
set hlsearch
|
||||
set incsearch
|
||||
set mouse=a
|
||||
set noruler
|
||||
set ruler
|
||||
set pastetoggle=<INS>
|
||||
set runtimepath=${extra-runtimepath},$VIMRUNTIME
|
||||
set shortmess+=I
|
||||
|
@ -66,6 +66,7 @@ let
|
|||
|
||||
"Syntastic config
|
||||
let g:syntastic_python_checkers=['flake8']
|
||||
let g:syntastic_python_flake8_post_args='--ignore=E501'
|
||||
|
||||
nmap <esc>q :buffer
|
||||
nmap <M-q> :buffer
|
||||
|
|
|
@ -110,7 +110,10 @@ in {
|
|||
'';
|
||||
|
||||
enableSSL = true;
|
||||
extraConfig = "listen 80;";
|
||||
extraConfig = ''
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
'';
|
||||
sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/lassul.us/key.pem";
|
||||
};
|
||||
|
@ -123,7 +126,10 @@ in {
|
|||
root /var/lib/acme/acme-challenges;
|
||||
'';
|
||||
enableSSL = true;
|
||||
extraConfig = "listen 80;";
|
||||
extraConfig = ''
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
'';
|
||||
sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
|
||||
};
|
||||
|
|
|
@ -17,7 +17,10 @@ rec {
|
|||
services.nginx.virtualHosts.${domain} = {
|
||||
enableACME = true;
|
||||
enableSSL = true;
|
||||
extraConfig = "listen 80;";
|
||||
extraConfig = ''
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
'';
|
||||
serverAliases = domains;
|
||||
locations."/".extraConfig = ''
|
||||
root /srv/http/${domain};
|
||||
|
@ -29,12 +32,14 @@ rec {
|
|||
let
|
||||
domain = head domains;
|
||||
in {
|
||||
services.phpfpm.phpPackage = pkgs.php56;
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
enableACME = true;
|
||||
enableSSL = true;
|
||||
serverAliases = domains;
|
||||
extraConfig = ''
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
# Add headers to serve security related headers
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
|
@ -148,6 +153,8 @@ rec {
|
|||
serverAliases = domains;
|
||||
extraConfig = ''
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
root /srv/http/${domain}/;
|
||||
index index.php;
|
||||
access_log /tmp/nginx_acc.log;
|
||||
|
@ -175,10 +182,10 @@ rec {
|
|||
user = nginx
|
||||
group = nginx
|
||||
pm = dynamic
|
||||
pm.max_children = 5
|
||||
pm.start_servers = 2
|
||||
pm.max_children = 15
|
||||
pm.start_servers = 3
|
||||
pm.min_spare_servers = 1
|
||||
pm.max_spare_servers = 3
|
||||
pm.max_spare_servers = 10
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
php_admin_value[error_log] = 'stderr'
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
inherit (import <stockholm/lib>)
|
||||
genid
|
||||
;
|
||||
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
|
||||
ssl
|
||||
servePage
|
||||
;
|
||||
in {
|
||||
imports = [
|
||||
( ssl [ "wohnprojekt-rhh.de" ])
|
||||
( servePage [ "wohnprojekt-rhh.de" ])
|
||||
];
|
||||
|
||||
users.users.laura = {
|
||||
home = "/srv/http/wohnprojekt-rhh.de";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
};
|
||||
}
|
||||
|
55
lass/2configs/xresources.nix
Normal file
55
lass/2configs/xresources.nix
Normal file
|
@ -0,0 +1,55 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
|
||||
xresources = pkgs.writeText "Xresources" ''
|
||||
URxvt*scrollBar: false
|
||||
URxvt*urgentOnBell: true
|
||||
URxvt*SaveLines: 4096
|
||||
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
|
||||
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
|
||||
|
||||
! ref https://github.com/muennich/urxvt-perls
|
||||
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
|
||||
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
|
||||
URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select
|
||||
URxvt.url-select.underline: true
|
||||
URxvt.keysym.M-u: perl:url-select:select_next
|
||||
URxvt.keysym.M-Escape: perl:keyboard-select:activate
|
||||
URxvt.keysym.M-s: perl:keyboard-select:search
|
||||
|
||||
URxvt.intensityStyles: false
|
||||
|
||||
URxvt*background: #000000
|
||||
URxvt*foreground: #d0d7d0
|
||||
|
||||
URxvt*cursorColor: #f042b0
|
||||
URxvt*cursorColor2: #f0b000
|
||||
URxvt*cursorBlink: off
|
||||
|
||||
URxvt*.pointerBlank: true
|
||||
URxvt*.pointerBlankDelay: 987654321
|
||||
URxvt*.pointerColor: #f042b0
|
||||
URxvt*.pointerColor2: #050505
|
||||
'';
|
||||
|
||||
in {
|
||||
systemd.user.services.xresources = {
|
||||
description = "xresources";
|
||||
wantedBy = [ "default.target" ];
|
||||
|
||||
environment = {
|
||||
DISPLAY = ":0";
|
||||
};
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,66 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
pkgs.writeText "Xresources" ''
|
||||
URxvt*scrollBar: false
|
||||
URxvt*urgentOnBell: true
|
||||
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
|
||||
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
|
||||
|
||||
! ref https://github.com/muennich/urxvt-perls
|
||||
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
|
||||
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
|
||||
URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select
|
||||
URxvt.url-select.underline: true
|
||||
URxvt.keysym.M-u: perl:url-select:select_next
|
||||
URxvt.keysym.M-Escape: perl:keyboard-select:activate
|
||||
URxvt.keysym.M-s: perl:keyboard-select:search
|
||||
|
||||
URxvt.intensityStyles: false
|
||||
|
||||
URxvt*background: #050505
|
||||
! URxvt*background: #041204
|
||||
|
||||
!URxvt.depth: 32
|
||||
!URxvt*background: rgba:0500/0500/0500/cccc
|
||||
|
||||
! URxvt*background: #080810
|
||||
URxvt*foreground: #d0d7d0
|
||||
! URxvt*background: black
|
||||
! URxvt*foreground: white
|
||||
! URxvt*background: rgb:00/00/40
|
||||
! URxvt*foreground: rgb:a0/a0/d0
|
||||
! XTerm*cursorColor: rgb:00/00/60
|
||||
URxvt*cursorColor: #f042b0
|
||||
URxvt*cursorColor2: #f0b000
|
||||
URxvt*cursorBlink: off
|
||||
! URxvt*cursorUnderline: true
|
||||
! URxvt*highlightColor: #232323
|
||||
! URxvt*highlightTextColor: #b0ffb0
|
||||
|
||||
URxvt*.pointerBlank: true
|
||||
URxvt*.pointerBlankDelay: 987654321
|
||||
URxvt*.pointerColor: #f042b0
|
||||
URxvt*.pointerColor2: #050505
|
||||
|
||||
! URxvt*color0: #000000
|
||||
! URxvt*color1: #c00000
|
||||
! URxvt*color2: #80c070
|
||||
URxvt*color3: #c07000
|
||||
! URxvt*color4: #0000c0
|
||||
URxvt*color4: #4040c0
|
||||
! URxvt*color5: #c000c0
|
||||
! URxvt*color6: #008080
|
||||
URxvt*color7: #c0c0c0
|
||||
|
||||
URxvt*color8: #707070
|
||||
URxvt*color9: #ff6060
|
||||
URxvt*color10: #70ff70
|
||||
URxvt*color11: #ffff70
|
||||
URxvt*color12: #7070ff
|
||||
URxvt*color13: #ff50ff
|
||||
URxvt*color14: #70ffff
|
||||
URxvt*color15: #ffffff
|
||||
|
||||
''
|
|
@ -1,147 +0,0 @@
|
|||
{ config, pkgs, ... }@args:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
user = config.krebs.build.user;
|
||||
|
||||
copyqConfig = pkgs.writeDash "copyq-config" ''
|
||||
${pkgs.copyq}/bin/copyq config check_clipboard true
|
||||
${pkgs.copyq}/bin/copyq config check_selection true
|
||||
${pkgs.copyq}/bin/copyq config copy_clipboard true
|
||||
${pkgs.copyq}/bin/copyq config copy_selection true
|
||||
|
||||
${pkgs.copyq}/bin/copyq config activate_closes true
|
||||
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
|
||||
${pkgs.copyq}/bin/copyq config clipboard_tab &clipboard
|
||||
${pkgs.copyq}/bin/copyq config disable_tray true
|
||||
${pkgs.copyq}/bin/copyq config hide_tabs true
|
||||
${pkgs.copyq}/bin/copyq config hide_toolbar true
|
||||
${pkgs.copyq}/bin/copyq config item_popup_interval true
|
||||
${pkgs.copyq}/bin/copyq config maxitems 1000
|
||||
${pkgs.copyq}/bin/copyq config move true
|
||||
${pkgs.copyq}/bin/copyq config text_wrap true
|
||||
'';
|
||||
in {
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.gitAndTools.qgit
|
||||
pkgs.mpv
|
||||
pkgs.sxiv
|
||||
pkgs.xsel
|
||||
pkgs.zathura
|
||||
];
|
||||
|
||||
fonts.fonts = [
|
||||
pkgs.xlibs.fontschumachermisc
|
||||
];
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
display = 11;
|
||||
tty = 11;
|
||||
|
||||
synaptics = {
|
||||
enable = true;
|
||||
twoFingerScroll = true;
|
||||
accelFactor = "0.035";
|
||||
};
|
||||
|
||||
layout = "us";
|
||||
xkbVariant = "altgr-intl";
|
||||
xkbOptions = "caps:backspace";
|
||||
};
|
||||
|
||||
systemd.services.display-manager.enable = false;
|
||||
|
||||
systemd.services.xmonad = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "xserver.service" ];
|
||||
environment = {
|
||||
DISPLAY = ":${toString config.services.xserver.display}";
|
||||
|
||||
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
|
||||
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
|
||||
${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} &
|
||||
${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
|
||||
wait
|
||||
'';
|
||||
|
||||
XMONAD_STATE = "/tmp/xmonad.state";
|
||||
|
||||
# XXX JSON is close enough :)
|
||||
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
|
||||
"dashboard" # we start here
|
||||
]);
|
||||
};
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "xmonad";
|
||||
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
|
||||
ExecStop = pkgs.writeScript "xmonad-stop" ''
|
||||
#! /bin/sh
|
||||
${pkgs.xmonad-lass}/bin/xmonad --shutdown
|
||||
${pkgs.coreutils}/bin/sleep 2s
|
||||
'';
|
||||
User = user.name;
|
||||
WorkingDirectory = user.home;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.xserver = {
|
||||
after = [
|
||||
"systemd-udev-settle.service"
|
||||
"local-fs.target"
|
||||
"acpid.service"
|
||||
];
|
||||
reloadIfChanged = true;
|
||||
environment = {
|
||||
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
|
||||
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
|
||||
LD_LIBRARY_PATH = concatStringsSep ":" (
|
||||
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
|
||||
++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
|
||||
};
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "xserver";
|
||||
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
|
||||
ExecStart = toString [
|
||||
"${pkgs.xorg.xorgserver}/bin/X"
|
||||
":${toString config.services.xserver.display}"
|
||||
"vt${toString config.services.xserver.tty}"
|
||||
"-config ${import ./xserver.conf.nix args}"
|
||||
"-logfile /dev/null -logverbose 0 -verbose 3"
|
||||
"-nolisten tcp"
|
||||
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.urxvtd = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
reloadIfChanged = true;
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "urxvtd";
|
||||
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
|
||||
ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
|
||||
Restart = "always";
|
||||
RestartSec = "2s";
|
||||
StartLimitBurst = 0;
|
||||
User = user.name;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.copyq = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "xserver.service" ];
|
||||
environment = {
|
||||
DISPLAY = ":${toString config.services.xserver.display}";
|
||||
};
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "copyq";
|
||||
ExecStart = "${pkgs.copyq}/bin/copyq";
|
||||
ExecStartPost = copyqConfig;
|
||||
Restart = "always";
|
||||
RestartSec = "2s";
|
||||
StartLimitBurst = 0;
|
||||
User = user.name;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,40 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
cfg = config.services.xserver;
|
||||
in
|
||||
|
||||
pkgs.stdenv.mkDerivation {
|
||||
name = "xserver.conf";
|
||||
|
||||
xfs = optionalString (cfg.useXFS != false)
|
||||
''FontPath "${toString cfg.useXFS}"'';
|
||||
|
||||
inherit (cfg) config;
|
||||
|
||||
buildCommand =
|
||||
''
|
||||
echo 'Section "Files"' >> $out
|
||||
echo $xfs >> $out
|
||||
|
||||
for i in ${toString config.fonts.fonts}; do
|
||||
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
|
||||
for j in $(find $i -name fonts.dir); do
|
||||
echo " FontPath \"$(dirname $j)\"" >> $out
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
||||
for i in $(find ${toString cfg.modules} -type d); do
|
||||
if test $(echo $i/*.so* | wc -w) -ne 0; then
|
||||
echo " ModulePath \"$i\"" >> $out
|
||||
fi
|
||||
done
|
||||
|
||||
echo 'EndSection' >> $out
|
||||
|
||||
echo "$config" >> $out
|
||||
'';
|
||||
}
|
|
@ -22,7 +22,7 @@ import XMonad
|
|||
import qualified XMonad.StackSet as W
|
||||
import Control.Exception
|
||||
import Data.List (isInfixOf)
|
||||
import System.Environment (getArgs, withArgs, getEnv)
|
||||
import System.Environment (getArgs, withArgs)
|
||||
import System.IO (hPutStrLn, stderr)
|
||||
import System.Posix.Process (executeFile)
|
||||
import Text.Read (readEither)
|
||||
|
@ -60,21 +60,17 @@ main = getArgs >>= \case
|
|||
|
||||
mainNoArgs :: IO ()
|
||||
mainNoArgs = do
|
||||
workspaces0 <- getWorkspaces0
|
||||
xmonad'
|
||||
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
|
||||
$ def
|
||||
{ terminal = urxvtcPath
|
||||
, modMask = mod4Mask
|
||||
, workspaces = workspaces0
|
||||
, layoutHook = smartBorders $ myLayoutHook
|
||||
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
|
||||
, startupHook = do
|
||||
path <- liftIO (getEnv "XMONAD_STARTUP_HOOK")
|
||||
forkFile path [] Nothing
|
||||
, normalBorderColor = "#1c1c1c"
|
||||
, focusedBorderColor = "#f000b0"
|
||||
, handleEventHook = handleShutdownEvent
|
||||
, workspaces = [ "dashboard" ]
|
||||
} `additionalKeysP` myKeyMap
|
||||
|
||||
myLayoutHook = defLayout
|
||||
|
@ -84,7 +80,7 @@ myLayoutHook = defLayout
|
|||
|
||||
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
|
||||
xmonad' conf = do
|
||||
path <- getEnv "XMONAD_STATE"
|
||||
let path = "/tmp/xmonad.state"
|
||||
try (readFile path) >>= \case
|
||||
Right content -> do
|
||||
hPutStrLn stderr ("resuming from " ++ path)
|
||||
|
@ -93,25 +89,13 @@ xmonad' conf = do
|
|||
hPutStrLn stderr (displaySomeException e)
|
||||
xmonad conf
|
||||
|
||||
getWorkspaces0 :: IO [String]
|
||||
getWorkspaces0 =
|
||||
try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
|
||||
Left e -> warn (displaySomeException e)
|
||||
Right p -> try (readFile p) >>= \case
|
||||
Left e -> warn (displaySomeException e)
|
||||
Right x -> case readEither x of
|
||||
Left e -> warn e
|
||||
Right y -> return y
|
||||
where
|
||||
warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
|
||||
|
||||
displaySomeException :: SomeException -> String
|
||||
displaySomeException = displayException
|
||||
|
||||
|
||||
myKeyMap :: [([Char], X ())]
|
||||
myKeyMap =
|
||||
[ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f")
|
||||
[ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i $HOME/wallpaper -f")
|
||||
, ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
|
||||
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
|
||||
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
|
||||
|
|
|
@ -35,6 +35,7 @@ in {
|
|||
|
||||
# ../2configs/opentracker.nix
|
||||
../2configs/logging/central-stats-client.nix
|
||||
../2configs/logging/central-logging-client.nix
|
||||
|
||||
];
|
||||
services.smartd.devices = [ { device = "/dev/sda";} ];
|
||||
|
@ -64,7 +65,7 @@ in {
|
|||
# access
|
||||
users.users = {
|
||||
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
|
||||
makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
|
||||
makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
|
||||
};
|
||||
|
||||
# Chat
|
||||
|
|
|
@ -25,6 +25,7 @@ in {
|
|||
|
||||
# collectd
|
||||
../2configs/logging/central-stats-client.nix
|
||||
../2configs/logging/central-logging-client.nix
|
||||
|
||||
../2configs/tinc/retiolum.nix
|
||||
# ../2configs/torrent.nix
|
||||
|
|
|
@ -10,9 +10,10 @@
|
|||
../2configs/main-laptop.nix
|
||||
../2configs/laptop-utils.nix
|
||||
../2configs/laptop-backup.nix
|
||||
../2configs/dnscrypt.nix
|
||||
|
||||
# testing
|
||||
../2configs/openvpn/vpngate.nix
|
||||
# ../2configs/openvpn/vpngate.nix
|
||||
#../2configs/temp/share-samba.nix
|
||||
# ../2configs/mediawiki.nix
|
||||
# ../2configs/wordpress.nix
|
||||
|
@ -26,7 +27,6 @@
|
|||
#../2configs/elchos/stats.nix
|
||||
#../2configs/elchos/test/ftpservers.nix
|
||||
|
||||
../2configs/laptop-backup.nix
|
||||
# ../2configs/tinc/siem.nix
|
||||
#../2configs/torrent.nix
|
||||
# temporary modules
|
||||
|
@ -59,7 +59,7 @@
|
|||
# hardware specifics are in here
|
||||
../2configs/hw/tp-x230.nix
|
||||
../2configs/hw/rtl8812au.nix
|
||||
../2configs/hw/bcm4352.nix
|
||||
|
||||
# mount points
|
||||
../2configs/fs/sda-crypto-root-home.nix
|
||||
|
||||
|
|
6
makefu/2configs/dnscrypt.nix
Normal file
6
makefu/2configs/dnscrypt.nix
Normal file
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
services.dnscrypt-proxy.enable = true;
|
||||
networking.extraResolvconfConf = ''
|
||||
name_servers='127.0.0.1'
|
||||
'';
|
||||
}
|
|
@ -101,6 +101,7 @@ browser = "firefox"
|
|||
-- I suggest you to remap Mod4 to another key using xmodmap or other tools.
|
||||
-- However, you can use another modifier like Mod1, but it may interact with others.
|
||||
modkey = "@modkey@"
|
||||
-- modkey = "Mod4"
|
||||
|
||||
-- Table of layouts to cover with awful.layout.inc, order matters.
|
||||
awful.layout.layouts =
|
||||
|
@ -116,10 +117,24 @@ awful.layout.layouts =
|
|||
-- awful.layout.suit.spiral.dwindle,
|
||||
awful.layout.suit.max,
|
||||
awful.layout.suit.max.fullscreen,
|
||||
-- awful.layout.suit.magnifier,
|
||||
awful.layout.suit.magnifier,
|
||||
awful.layout.suit.corner.nw
|
||||
}
|
||||
-- }}}
|
||||
-- {{{ Helper Functions
|
||||
local function client_menu_toggle_fn()
|
||||
local instance = nil
|
||||
|
||||
return function ()
|
||||
if instance and instance.wibox.visible then
|
||||
instance:hide()
|
||||
instance = nil
|
||||
else
|
||||
instance = awful.menu.clients({ theme = { width = 250 } })
|
||||
end
|
||||
end
|
||||
end
|
||||
-- }}}
|
||||
|
||||
-- {{{ Wallpaper
|
||||
if beautiful.wallpaper then
|
||||
|
@ -166,50 +181,51 @@ mytextclock = wibox.widget.textclock()
|
|||
-- Create a wibox for each screen and add it
|
||||
mywibox = {}
|
||||
mylayoutbox = {}
|
||||
mytaglist = {}
|
||||
mytaglist.buttons = awful.util.table.join(
|
||||
awful.button({ }, 1, awful.tag.viewonly),
|
||||
awful.button({ modkey }, 1, awful.client.movetotag),
|
||||
|
||||
-- Create a wibox for each screen and add it
|
||||
local taglist_buttons = awful.util.table.join(
|
||||
awful.button({ }, 1, function(t) t:view_only() end),
|
||||
awful.button({ modkey }, 1, function(t)
|
||||
if client.focus then
|
||||
client.focus:move_to_tag(t)
|
||||
end
|
||||
end),
|
||||
awful.button({ }, 3, awful.tag.viewtoggle),
|
||||
awful.button({ modkey }, 3, awful.client.toggletag),
|
||||
awful.button({ }, 4, function(t) awful.tag.viewnext(awful.tag.getscreen(t)) end),
|
||||
awful.button({ }, 5, function(t) awful.tag.viewprev(awful.tag.getscreen(t)) end)
|
||||
)
|
||||
mytasklist = {}
|
||||
mytasklist.buttons = awful.util.table.join(
|
||||
awful.button({ modkey }, 3, function(t)
|
||||
if client.focus then
|
||||
client.focus:toggle_tag(t)
|
||||
end
|
||||
end),
|
||||
awful.button({ }, 4, function(t) awful.tag.viewnext(t.screen) end),
|
||||
awful.button({ }, 5, function(t) awful.tag.viewprev(t.screen) end)
|
||||
)
|
||||
|
||||
local tasklist_buttons = awful.util.table.join(
|
||||
awful.button({ }, 1, function (c)
|
||||
if c == client.focus then
|
||||
c.minimized = true
|
||||
else
|
||||
-- Without this, the following
|
||||
-- :isvisible() makes no sense
|
||||
c.minimized = false
|
||||
if not c:isvisible() then
|
||||
awful.tag.viewonly(c:tags()[1])
|
||||
end
|
||||
-- This will also un-minimize
|
||||
-- the client, if needed
|
||||
client.focus = c
|
||||
c:raise()
|
||||
end
|
||||
end),
|
||||
awful.button({ }, 3, function ()
|
||||
if instance then
|
||||
instance:hide()
|
||||
instance = nil
|
||||
else
|
||||
instance = awful.menu.clients({ width=250 })
|
||||
end
|
||||
end),
|
||||
if c == client.focus then
|
||||
c.minimized = true
|
||||
else
|
||||
-- Without this, the following
|
||||
-- :isvisible() makes no sense
|
||||
c.minimized = false
|
||||
if not c:isvisible() and c.first_tag then
|
||||
c.first_tag:view_only()
|
||||
end
|
||||
-- This will also un-minimize
|
||||
-- the client, if needed
|
||||
client.focus = c
|
||||
c:raise()
|
||||
end
|
||||
end),
|
||||
awful.button({ }, 3, client_menu_toggle_fn()),
|
||||
awful.button({ }, 4, function ()
|
||||
awful.client.focus.byidx(1)
|
||||
if client.focus then client.focus:raise() end
|
||||
end),
|
||||
awful.button({ }, 5, function ()
|
||||
awful.client.focus.byidx(-1)
|
||||
if client.focus then client.focus:raise() end
|
||||
end))
|
||||
|
||||
|
||||
local function set_wallpaper(s)
|
||||
-- Wallpaper
|
||||
if beautiful.wallpaper then
|
||||
|
|
|
@ -3,6 +3,6 @@
|
|||
{
|
||||
krebs.build.source.nixpkgs.git = {
|
||||
url = https://github.com/nixos/nixpkgs;
|
||||
ref = "6b28bd0daf00b8e5e370a04347844cb8614138ff";
|
||||
ref = "6651c72";
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue