Merge remote-tracking branch 'prism/master'

This commit is contained in:
tv 2017-03-05 00:28:32 +01:00
commit 4499cc4065
49 changed files with 782 additions and 653 deletions

View file

@ -22,6 +22,7 @@ let
./go.nix
./iptables.nix
./kapacitor.nix
./monit.nix
./newsbot-js.nix
./nginx.nix
./nixpkgs.nix

View file

@ -55,7 +55,7 @@ let
local_domains = mkOption {
type = with types; listOf hostname;
default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
default = unique (["localhost" cfg.primary_hostname] ++ config.krebs.build.host.nets.retiolum.aliases);
};
relay_from_hosts = mkOption {

View file

@ -21,13 +21,14 @@ let
OnCalendar = "*:00,10,20,30,40,50";
};
};
# TODO find a better default stateDir
stateDir = mkOption {
type = types.str;
default = "/var/lib/wallpaper";
default = "$HOME/wallpaper";
};
display = mkOption {
type = types.str;
default = ":11";
default = ":0";
};
unitConfig = mkOption {
type = types.attrsOf types.str;
@ -48,38 +49,30 @@ let
fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
set -euf
mkdir -p ${shell.escape cfg.stateDir}
cd ${shell.escape cfg.stateDir}
mkdir -p ${cfg.stateDir}
cd ${cfg.stateDir}
(curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
feh --no-fehbg --bg-scale wallpaper
'';
imp = {
users.users.fetchWallpaper = {
name = "fetchWallpaper";
uid = genid "fetchWallpaper";
description = "fetchWallpaper user";
home = cfg.stateDir;
createHome = true;
};
systemd.timers.fetchWallpaper = {
systemd.user.timers.fetchWallpaper = {
description = "fetch wallpaper timer";
wantedBy = [ "timers.target" ];
timerConfig = cfg.timerConfig;
};
systemd.services.fetchWallpaper = {
systemd.user.services.fetchWallpaper = {
description = "fetch wallpaper";
after = [ "network.target" ];
wantedBy = [ "default.target" ];
path = with pkgs; [
curl
feh
coreutils
];
environment = {
URL = cfg.url;
DISPLAY = cfg.display;
};
restartIfChanged = true;
@ -87,7 +80,6 @@ let
serviceConfig = {
Type = "simple";
ExecStart = fetchWallpaperScript;
User = "fetchWallpaper";
};
unitConfig = cfg.unitConfig;

View file

@ -73,13 +73,21 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
};
prism = {
prism = rec {
cores = 4;
extraZones = {
"krebsco.de" = ''
prism IN A ${nets.internet.ip4.addr}
paste IN A ${nets.internet.ip4.addr}
'';
};
nets = rec {
internet = {
ip4.addr = "213.239.205.240";
aliases = [
"prism.internet"
"paste.i"
"paste.internet"
];
ssh.port = 45621;
};

View file

@ -1 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz97C5WVGXgKZ3I7FMvL4TyUv+0rsrSOGI7jj5uQaaHx0SSR0V4tnZtv2hXYrfnkaPHwu2PYUeeUdMBHfbZS6l2dmaXRI9f2WG7182G3IUskMktpi84DMyh0kwK2pWmHoS+Kwo//q+lu4WXIRy4X5wVMVpPT1Oc7boDtqJt4rK8uZkuVmVzGi+5SFaBxspCsdZsX/uDWOeC4/U2l+2Pd4YYl8UdmgN3bJceKTwqKIcbK7AL91My0jrnRSU6XLuED0hcVKzjkjc6bcj1R+Mlch9cflsMQV8TfT6p7VGGvUOtVwhG1+CjraHfilzFn76wINClsQXF/ncKrGabTEWO3zTi12ukAzL2/B0IB0q61tror9uYqeI74WgLjwhnuF98hUL7hnqgV3KB1ytpt6yzXqf1Uz784z9dh0n9r0fLTkeTDbJ4uOz1XzpmAMRwuo0o7/Op7rRBLHohu2Tp6AV8sISKJN5hDGe0wD6861pH9ZrRBiUux6uylzfWp2qrZmERnk0brBl+oDQNhKs3Z0CZmLG4DZWMc5pxpQ5751/8bb6nEorg2ulDZ/h+G3myC+9Zbc/owb/HHOGOBMEpyYYYMvYAfchu50e4xtHd+wMqzFxzjfcM7u6dTdyDEXi6+TFXKBEZyvaAhW2J27HKj4iK6Td2GyK59myPG6OtCnIbw9BPw== lass@icarus
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm4qnRU8/Zyb+7x/QxW1grN+i1qcN39Sr/TSkBdccAPyfPdk8ph/G+wZKgsyr9sl5CgbA4hOsqDBN97dp4dKghKARuk0GldHDgo+2odWwBTa4EOSmE4Bfj3z7r9tW33Y+ujy55L4w5Qw21lj51mbhc0qvC/03xypEeKsLM0RtNAf8TsdGMPGmbha7uCF75VjFJvrHysbjonh6ZQ+Or8N0MSNABZ9oawJQxxBUqtLFhnq20zCJmm281f9GS/EaGYwcpOjiHd4fj3XWyfEIJRK/LRBZXkidvVDN7mhOQY3G+qiGZfPeyged9CRDRFoc5QbZ43NtrmPS+yUtjHQZKynkjI0lA00fegRzb0FkEJmYSy1Vdqgj338CjNwcuTaKJTw2EotMqMuHyk1FllnphafJtgMTMLIGoZRTpJpC91gbP0MGTnRoCwD4McZcz1YD3cxng101QsLsDv/FPxzbyxr+P6rjBB6eP6IhP4k4ALjWzoMURdCo1BW4//zt+PXImUpcX2+urtAMmVBQ8BwZry1hsEcR+r6C1Yb+jzeWGnvtfjXSFv+ZjpA0eEnqeKeh3LDCxybjkok51zdTe97EZ0sDAnKcnrVzpXJwehY02E2N9Sw1HhvWIUUulr09a2bC2rYR7HWryOjaEzT2aKmUyrxPkflCawB8gn2iSbVMWK74VJw== lass@icarus

View file

@ -5,50 +5,50 @@ with import <stockholm/lib>;
{
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
drop = rec {
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.177.9";
ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce";
aliases = [
"drop.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl
6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI
GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW
0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C
Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT
F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.177.9";
ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce";
aliases = [
"drop.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl
6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI
GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW
0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C
Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT
F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
fileleech = rec {
cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
nets = {
retiolum = {
ip4.addr = "10.243.113.98";
ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
aliases = [
"fileleech.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
nets = {
retiolum = {
ip4.addr = "10.243.113.98";
ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
aliases = [
"fileleech.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
pnp = {
@ -123,16 +123,16 @@ with import <stockholm/lib>;
aliases = [
"ossim.siem"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl
RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL
cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand
mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd
dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL
WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl
RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL
cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand
mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd
dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL
WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
@ -169,7 +169,7 @@ with import <stockholm/lib>;
XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
'';
};
};
};
@ -228,16 +228,15 @@ with import <stockholm/lib>;
"vbob.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
-----END RSA PUBLIC KEY-----
'';
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
@ -278,7 +277,7 @@ with import <stockholm/lib>;
DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv
sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB
-----END RSA PUBLIC KEY-----
'';
'';
};
};
};
@ -291,7 +290,6 @@ with import <stockholm/lib>;
wry IN A ${nets.internet.ip4.addr}
io IN NS wry.krebsco.de.
graphs IN A ${nets.internet.ip4.addr}
paste 60 IN A ${nets.internet.ip4.addr}
tinc IN A ${nets.internet.ip4.addr}
'';
};
@ -300,9 +298,7 @@ with import <stockholm/lib>;
ip4.addr = "104.233.87.86";
aliases = [
"wry.i"
"paste.i"
"wry.internet"
"paste.internet"
];
};
retiolum = {
@ -353,7 +349,7 @@ with import <stockholm/lib>;
ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
aliases = [
"filepimp.retiolum"
"filepimp.r"
"filepimp.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -364,7 +360,7 @@ with import <stockholm/lib>;
UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
-----END RSA PUBLIC KEY-----
'';
'';
};
};
};
@ -389,15 +385,15 @@ with import <stockholm/lib>;
"stats.makefu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
-----END RSA PUBLIC KEY-----
'';
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
@ -428,18 +424,18 @@ with import <stockholm/lib>;
ip4.addr = "10.243.214.15";
ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
aliases = [
"wbob.retiolum"
"wbob.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
-----END RSA PUBLIC KEY-----
'';
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
@ -487,7 +483,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
-----END RSA PUBLIC KEY-----
'';
'';
};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
@ -538,7 +534,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
+DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5
uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB
-----END RSA PUBLIC KEY-----
'';
'';
};
};
};
@ -551,8 +547,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
ip4.addr = "10.243.83.237";
ip6.addr = "42:af50:99cf:c185:f1a8:14d5:acb:8101";
aliases = [
"sdev.retiolum"
"sdev.r"
"sdev.retiolum"
"sdev.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -569,7 +565,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
# non-stockholm
# non-stockholm
flap = rec {
cores = 1;
@ -602,7 +598,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
-----END RSA PUBLIC KEY-----
'';
'';
};
};
};
@ -819,32 +815,30 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
tcac-0-1 = rec {
cores = 1;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1
";
nets = {
retiolum = {
ip4.addr = "10.243.144.142";
ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278";
aliases = [
"tcac-0-1.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j
7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs
zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO
Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs
QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl
HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
cores = 1;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1
";
nets = {
retiolum = {
ip4.addr = "10.243.144.142";
ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278";
aliases = [
"tcac-0-1.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j
7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs
zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO
Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs
QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl
HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
} // { # hosts only maintained in stockholm, not owned by me
muhbaasu = rec {
owner = config.krebs.users.root;
@ -878,23 +872,23 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
tpsw = {
cores = 2;
owner = config.krebs.users.ciko; # main laptop
nets = {
retiolum = {
ip4.addr = "10.243.183.236";
ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c";
aliases = [ "tpsw.r" "tpsw.retiolum" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
-----END RSA PUBLIC KEY-----
'';
nets = {
retiolum = {
ip4.addr = "10.243.183.236";
ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c";
aliases = [ "tpsw.r" "tpsw.retiolum" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
};
};
users = rec {
@ -920,6 +914,10 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum";
};
makefu-bob = {
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";
};
ciko = {
mail = "wieczorek.stefan@googlemail.com";
};

116
krebs/3modules/monit.nix Normal file
View file

@ -0,0 +1,116 @@
{ config, lib, pkgs, ... }:
with builtins;
with import <stockholm/lib>;
let
cfg = config.krebs.monit;
out = {
options.krebs.monit = api;
config = mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "monit";
http = {
enable = mkEnableOption "monit http server";
port = mkOption {
type = types.int;
default = 9093;
};
user = mkOption {
type = types.str;
default = "krebs";
};
pass = mkOption {
type = types.str;
default = "bob";
};
};
user = mkOption {
type = types.user;
default = {
name = "monit";
};
};
group = mkOption {
type = types.group;
default = {
name = "monitor";
};
};
extraConfig = mkOption {
type = types.attrs;
default = {};
};
alarms = mkOption {
default = {};
type = with types; attrsOf (submodule {
options = {
test = mkOption {
type = path;
};
alarm = mkOption {
type = path;
};
interval = mkOption {
type = str;
default = "10";
};
};
});
};
};
imp = let
configFile = pkgs.writeText "monit.cfg" ''
${optionalString cfg.http.enable ''
set httpd port ${toString cfg.http.port}
allow ${cfg.http.user}:${cfg.http.pass}
''}
set daemon 10
${concatStringsSep "\n" (mapAttrsToList (name: alarm: ''
check program ${name} with path "${alarm.test}"
every ${alarm.interval} cycles
if status != 0 then exec "${alarm.alarm}"
'') cfg.alarms)}
'';
in {
environment.etc = [
{
source = configFile;
target = "monit.conf";
mode = "0400";
uid = config.users.users.${cfg.user.name}.uid;
}
];
users = {
groups.${cfg.group.name} = {
inherit (cfg.group) name gid;
};
users.${cfg.user.name} = {
inherit (cfg.user) home name uid;
createHome = true;
group = cfg.group.name;
};
};
systemd.services.monit = {
description = "monit";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
serviceConfig = {
Restart = "always";
User = cfg.user.name;
ExecStart = "${pkgs.monit}/bin/monit -I -c /etc/monit.conf";
# Monit should restart when the config changes
ExecStartPre = "${pkgs.coreutils}/bin/echo ${configFile}";
};
};
};
in out

View file

@ -38,6 +38,8 @@ with import <stockholm/lib>;
aliases = [
"onondaga.retiolum"
"onondaga.r"
"cgit.onondaga.r"
"cgit.onondaga.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----

View file

@ -3,10 +3,10 @@
pythonPackages.buildPythonApplication (rec {
name = "${pname}-${version}";
pname = "buildbot";
version = "0.9.1";
version = "0.9.4";
src = fetchurl {
url = "mirror://pypi/b/${pname}/${name}.tar.gz";
sha256 = "1kk4dlkk4rznwid9xykq2lbzksvkcr4r5kmz9hgh5hswdzv8bwx9";
sha256 = "0wklrn4fszac9wi8zw3vbsznwyff6y57cz0i81zvh46skb6n3086";
};
doCheck = false;
buildInputs = with pythonPackages; [
@ -22,6 +22,7 @@ pythonPackages.buildPythonApplication (rec {
pylint
astroid
pyflakes
pyjwt
];
propagatedBuildInputs = with pythonPackages; [
@ -55,9 +56,6 @@ pythonPackages.buildPythonApplication (rec {
] ++ plugins;
patchPhase = ''
patch -p1 < ${./irc_messages.patch}
'';
preInstall = ''
# writes out a file that can't be read properly
sed -i.bak -e '69,84d' buildbot/test/unit/test_www_config.py

View file

@ -1,40 +0,0 @@
diff --git a/buildbot/reporters/words.py b/master/buildbot/reporters/words.py
index a65147b..bf44118 100644
--- a/buildbot/reporters/words.py
+++ b/buildbot/reporters/words.py
@@ -550,14 +550,15 @@ class Contact(service.AsyncService):
if self.useRevisions:
revisions = yield self.getRevisionsForBuild(build)
- r = "Hey! build %s containing revision(s) [%s] is complete: %s" % \
+ r = "Build %s containing revision(s) [%s] is complete: %s" % \
(builderName, ','.join(revisions), results[0])
else:
- r = "Hey! build %s #%d is complete: %s" % \
+ r = "Build %s #%d is complete: %s" % \
(builderName, buildNumber, results[0])
r += ' [%s]' % maybeColorize(build['state_string'],
results[1], self.useColors)
+ r += " - %s" % self.master.status.getURLForBuild(builder['builderid'],buildNumber)
self.send(r)
# FIXME: where do we get the list of changes for a build ?
@@ -622,14 +623,15 @@ class Contact(service.AsyncService):
results = self.getResultsDescriptionAndColor(build['results'])
if self.useRevisions:
revisions = yield self.getRevisionsForBuild(build)
- r = "Hey! build %s containing revision(s) [%s] is complete: %s" % \
+ r = "Build %s containing revision(s) [%s] is complete: %s" % \
(builder_name, ','.join(revisions), results[0])
else:
- r = "Hey! build %s #%d is complete: %s" % \
+ r = "Build %s #%d is complete: %s" % \
(builder_name, buildnum, results[0])
r += ' [%s]' % maybeColorize(build['state_string'],
results[1], self.useColors)
+ r += " - %s" % self.master.status.getURLForBuild(builder['builderid'],buildNumber)
self.send(r)
# FIXME: where do we get the base_url? Then do we use the build Link to

View file

@ -2,12 +2,12 @@
pythonPackages.buildPythonApplication (rec {
name = "${pname}-${version}";
pname = "buildbot-worker";
version = "0.9.1";
version = "0.9.4";
doCheck = false;
src = fetchurl {
url = "mirror://pypi/b/${pname}/${name}.tar.gz";
sha256 = "00p9l1qz6mx12npjwsycp8f9a8f2har15ig79pfsg8z7a7yw93hx";
sha256 = "0rdrr8x7sn2nxl51p6h9ad42s3c28lb6sys84zrg0d7fm4zhv7hj";
};
buildInputs = with pythonPackages; [ setuptoolsTrial mock ];

View file

@ -0,0 +1,83 @@
{ stdenv
, atk
, bzip2
, cairo
, fetchurl
, fluidsynth
, fontconfig
, freetype
, gdk_pixbuf
, glib
, gtk2
, libjpeg_turbo
, mesa_glu
, mesa_noglu
, openssl
, pango
, SDL
, zlib
, makeWrapper
}:
stdenv.mkDerivation rec {
name = "zandronum-3.0";
src = fetchurl {
url = "http://zandronum.com/downloads/testing/3.0/ZandroDev3.0-170205-2117linux-x86_64.tar.bz2";
sha256 = "17vrzk0m5b17sp3sqcg57r7812ma97lp3qxn9hmd39fwl1z40fz3";
};
libPath = stdenv.lib.makeLibraryPath [
atk
bzip2
cairo
fluidsynth
fontconfig
freetype
gdk_pixbuf
glib
gtk2
libjpeg_turbo
mesa_glu
mesa_noglu
openssl
pango
SDL
stdenv.cc.cc
zlib
];
nativeBuildInputs = [ makeWrapper ];
phases = [ "unpackPhase" "installPhase" ];
sourceRoot = ".";
installPhase = ''
mkdir -p $out/bin
mkdir -p $out/share/zandronum
cp *.so *.pk3 zandronum zandronum-server $out/share/zandronum
patchelf \
--set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
--set-rpath $libPath:$out/share/zandronum \
$out/share/zandronum/zandronum
patchelf \
--set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
--set-rpath $libPath \
$out/share/zandronum/zandronum-server
# If we don't set absolute argv0, zandronum.wad file is not found.
makeWrapper $out/share/zandronum/zandronum $out/bin/zandronum
makeWrapper $out/share/zandronum/zandronum-server $out/bin/zandronum-server
'';
meta = {
homepage = http://zandronum.com/;
description = "Multiplayer oriented port, based off Skulltag, for Doom and Doom II by id Software. Binary version for online play";
maintainers = [ stdenv.lib.maintainers.lassulus ];
# Binary version has different version string than source code version.
license = stdenv.lib.licenses.unfreeRedistributable;
platforms = [ "x86_64-linux" ];
};
}

View file

@ -76,56 +76,15 @@ with import <stockholm/lib>;
{
services.redis.enable = true;
}
#{
# #gitit magic
# imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ];
# services.gitit = {
# enable = true;
# haskellPackages = pkgs.haskell.packages.ghc7103;
# };
#}
#{
# lass.icinga2 = {
# enable = true;
# configFiles = [
# ''
# template Service "generic-service" {
# max_check_attempts = 3
# check_interval = 5m
# retry_interval = 1m
# enable_perfdata = true
# }
# apply Service "ping4" {
# }
# ''
# ];
# };
# services.mysql = {
# enable = true;
# package = pkgs.mariadb;
# rootPassword = "<secrets>/mysql_rootPassword";
# };
# lass.icingaweb2 = {
# enable = true;
# initialRootPasswordHash = "$1$HpWDCehI$ITbAoyfOB6HEN1ftooxZq0";
# resources = {
# icinga2db = {
# type = "mysql";
# host = "localhost";
# user = "icingaweb2";
# db = "icinga";
# passfile = <secrets/icinga2-pw>;
# };
# icingaweb2db = {
# type = "mysql";
# host = "localhost";
# user = "icingaweb2";
# db = "icingaweb2";
# passfile = <secrets/icinga2-pw>;
# };
# };
# };
#}
{
#ipfs-testing
services.ipfs.enable = true;
}
{
environment.systemPackages = [
pkgs.krebszones
];
}
];
krebs.build.host = config.krebs.hosts.mors;

View file

@ -44,6 +44,7 @@ in {
../2configs/hfos.nix
../2configs/makefu-sip.nix
../2configs/monitoring/server.nix
../2configs/monitoring/monit-alarms.nix
{
imports = [
../2configs/bepasty.nix
@ -164,7 +165,6 @@ in {
}
{
imports = [
../2configs/websites/wohnprojekt-rhh.de.nix
../2configs/websites/domsen.nix
../2configs/websites/lassulus.nix
];
@ -215,7 +215,8 @@ in {
}
{
krebs.repo-sync.timerConfig = {
OnUnitInactiveSec = "5min";
OnBootSec = "5min";
OnUnitInactiveSec = "3min";
RandomizedDelaySec = "2min";
};
}
@ -247,7 +248,13 @@ in {
];
}
{
krebs.Reaktor.coders = {
krebs.Reaktor.coders = let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
}) {}).lambdabot;
in {
nickname = "reaktor-lass";
channels = [ "#coders" ];
extraEnviron = {
@ -263,7 +270,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";
script = pkgs.writeDash "lambda-pl" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@pl $1"
'';
@ -271,7 +278,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-type" {
pattern = "^@type (?P<args>.*)$$";
script = pkgs.writeDash "lambda-type" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@type $1"
'';
@ -279,7 +286,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-let" {
pattern = "^@let (?P<args>.*)$$";
script = pkgs.writeDash "lambda-let" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@let $1"
'';
@ -287,7 +294,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-run" {
pattern = "^@run (?P<args>.*)$$";
script = pkgs.writeDash "lambda-run" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@run $1"
'';
@ -295,7 +302,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
@ -303,7 +310,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';

View file

@ -42,6 +42,29 @@ with import <stockholm/lib>;
pkgs.python27Packages.python
];
}
{
krebs.monit = let
echoToIrc = msg:
pkgs.writeDash "echo_irc" ''
set -euf
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
'';
in {
enable = true;
http.enable = true;
alarms = {
hfos = {
test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'";
alarm = echoToIrc "test hfos failed";
};
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
];
}
];
krebs.build.host = config.krebs.hosts.shodan;

View file

@ -1,13 +1,15 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
mainUser = config.users.extraUsers.mainUser;
user = config.krebs.build.user;
in {
imports = [
./xserver
./mpv.nix
./power-action.nix
./screenlock.nix
./copyq.nix
./xresources.nix
./livestream.nix
{
hardware.pulseaudio = {
enable = true;
@ -32,15 +34,15 @@ in {
programs.ssh.startAgent = false;
security.setuidPrograms = [ "slock" ];
services.printing = {
enable = true;
drivers = [ pkgs.foomatic_filters ];
drivers = [
pkgs.foomatic_filters
pkgs.gutenprint
];
};
environment.systemPackages = with pkgs; [
acpi
dic
dmenu
@ -66,37 +68,37 @@ in {
youtube-tools
rxvt_unicode
#window manager stuff
#haskellPackages.xmobar
#haskellPackages.yeganesh
#dmenu2
#xlibs.fontschumachermisc
];
#fonts.fonts = [
# pkgs.xlibs.fontschumachermisc
#];
fonts.fonts = [
pkgs.xlibs.fontschumachermisc
];
#services.xserver = {
# enable = true;
services.xserver = {
enable = true;
# windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [
# X11-xshape
# ];
# windowManager.xmonad.enable = true;
# windowManager.xmonad.enableContribAndExtras = true;
# windowManager.default = "xmonad";
# desktopManager.default = "none";
# desktopManager.xterm.enable = false;
# displayManager.slim.enable = true;
# displayManager.auto.enable = true;
# displayManager.auto.user = mainUser.name;
desktopManager.xterm.enable = false;
desktopManager.default = "none";
displayManager.lightdm.enable = true;
displayManager.lightdm.autoLogin = {
enable = true;
user = "lass";
};
windowManager.default = "xmonad";
windowManager.session = [{
name = "xmonad";
start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
${pkgs.xmonad-lass}/bin/xmonad &
waitPID=$!
'';
}];
# layout = "us";
# xkbModel = "evdev";
# xkbVariant = "altgr-intl";
# xkbOptions = "caps:backspace";
#};
layout = "us";
xkbModel = "evdev";
xkbVariant = "altgr-intl";
xkbOptions = "caps:backspace";
};
services.logind.extraConfig = ''
HandleLidSwitch=ignore
@ -107,4 +109,6 @@ in {
twoFingerScroll = true;
accelFactor = "0.035";
};
services.urxvtd.enable = true;
}

View file

@ -2,8 +2,14 @@
{
nix = {
binaryCaches = ["http://cache.prism.r"];
binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
binaryCaches = [
"http://cache.prism.r"
"https://cache.nixos.org/"
];
binaryCachePublicKeys = [
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
];
};
}

View file

@ -20,7 +20,7 @@ let
createChromiumUser = name: extraGroups:
let
bin = pkgs.writeScriptBin name ''
/var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
'';
in {
users.extraUsers.${name} = {
@ -43,7 +43,7 @@ let
createFirefoxUser = name: extraGroups:
let
bin = pkgs.writeScriptBin name ''
/var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
'';
in {
users.extraUsers.${name} = {

View file

@ -216,7 +216,7 @@ in {
enable = true;
nick = "buildbot-lass";
server = "ni.r";
channels = [ { channel = "retiolum"; } ];
channels = [ { channel = "retiolum"; } { channel = "noise"; } ];
allowForce = true;
};
};

38
lass/2configs/copyq.nix Normal file
View file

@ -0,0 +1,38 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
copyqConfig = pkgs.writeDash "copyq-config" ''
${pkgs.copyq}/bin/copyq config check_clipboard true
${pkgs.copyq}/bin/copyq config check_selection true
${pkgs.copyq}/bin/copyq config copy_clipboard true
${pkgs.copyq}/bin/copyq config copy_selection true
${pkgs.copyq}/bin/copyq config activate_closes true
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
${pkgs.copyq}/bin/copyq config disable_tray true
${pkgs.copyq}/bin/copyq config hide_tabs true
${pkgs.copyq}/bin/copyq config hide_toolbar true
${pkgs.copyq}/bin/copyq config item_popup_interval true
${pkgs.copyq}/bin/copyq config maxitems 1000
${pkgs.copyq}/bin/copyq config move true
${pkgs.copyq}/bin/copyq config text_wrap true
'';
in {
systemd.user.services.copyq = {
after = [ "graphical.target" ];
wants = [ "graphical.target" ];
wantedBy = [ "default.target" ];
environment = {
DISPLAY = ":0";
};
serviceConfig = {
SyslogIdentifier = "copyq";
ExecStart = "${pkgs.copyq}/bin/copyq";
ExecStartPost = copyqConfig;
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
};
};
}

View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
@ -11,6 +10,7 @@ with import <stockholm/lib>;
../2configs/vim.nix
../2configs/monitoring/client.nix
./backups.nix
./security-workarounds.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
@ -62,6 +62,12 @@ with import <stockholm/lib>;
pkgs.pythonPackages.python
];
}
{
services.dnscrypt-proxy.enable = true;
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
}
];
networking.hostName = config.krebs.build.host.name;
@ -129,6 +135,7 @@ with import <stockholm/lib>;
#neat utils
krebspaste
mosh
pciutils
pop
psmisc
@ -155,6 +162,7 @@ with import <stockholm/lib>;
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS
'';
promptInit = ''
if test $UID = 0; then
@ -202,6 +210,7 @@ with import <stockholm/lib>;
filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }

View file

@ -8,11 +8,12 @@ with import <stockholm/lib>;
dkim = [
{ domain = "lassul.us"; }
];
primary_hostname = "lassul.us";
sender_domains = [
"lassul.us"
"aidsballs.de"
];
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
config.krebs.hosts.uriel
config.krebs.hosts.helios

View file

@ -9,9 +9,5 @@ in {
url = "prism/wallpaper.png";
maxTime = 10;
};
systemd.services.fetchWallpaper = {
after = [ "xmonad.service" ];
wantedBy = [ "xmonad.service" ];
};
}

View file

@ -11,7 +11,6 @@ let
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${vdoom} \
-file $DOOM_DIR/lib/brutalv20.pk3 \
-file $DOOM_DIR/lib/RebotStarcraftMarines.pk3 \
"$@"
'';
doom1 = pkgs.writeDashBin "doom1" ''
@ -31,6 +30,31 @@ let
${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
'';
doomservercfg = pkgs.writeText "doomserver.cfg" ''
skill 7
#survival true
#sv_maxlives 4
#sv_norespawn true
#sv_weapondrop true
no_jump true
#sv_noweaponspawn true
sv_sharekeys true
sv_survivalcountdowntime 1
sv_noteamselect true
sv_updatemaster false
#sv_coop_loseinventory true
#cl_startasspectator false
#lms_spectatorview false
'';
vdoomserver = pkgs.writeDashBin "vdoomserver" ''
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${pkgs.zandronum-bin}/bin/zandronum-server \
+exec ${doomservercfg} \
"$@"
'';
in {
environment.systemPackages = with pkgs; [
dwarf_fortress
@ -38,6 +62,7 @@ in {
doom2
vdoom1
vdoom2
vdoomserver
];
users.extraUsers = {
@ -56,4 +81,9 @@ in {
security.sudo.extraConfig = ''
${mainUser.name} ALL=(games) NOPASSWD: ALL
'';
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 10666"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 10666"; target = "ACCEPT"; }
];
}

View file

@ -5,6 +5,7 @@ with import <stockholm/lib>;
let
out = {
services.nginx.enable = true;
krebs.git = {
enable = true;
cgit = {

View file

@ -8,7 +8,6 @@ with import <stockholm/lib>;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
config.krebs.users.lass.pubkey
];
};
@ -32,4 +31,10 @@ with import <stockholm/lib>;
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.OUTPUT.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
];
systemd.services.krebs-iptables.after = [ "libvirtd.service" ];
}

View file

@ -48,4 +48,9 @@ with import <stockholm/lib>;
];
security.rngd.enable = true;
services.xserver.synaptics = {
enable = true;
additionalOptions = ''Option "TouchpadOff" "1"'';
};
}

View file

@ -0,0 +1,12 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
stream = pkgs.writeDashBin "stream" ''
${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@"
'';
in {
environment.systemPackages = [ stream ];
}

View file

@ -0,0 +1,44 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
let
echoToIrc = msg:
pkgs.writeDash "echo_irc" ''
set -euf
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
'';
in {
krebs.monit = {
enable = true;
http.enable = true;
alarms = {
nirwanabluete = {
test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'";
alarm = echoToIrc "test nirwanabluete failed";
};
ubik = {
test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'";
alarm = echoToIrc "test ubik failed";
};
cac-panel = {
test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'";
alarm = echoToIrc "test cac-panel failed";
};
radio = {
test = pkgs.writeBash "check_stream" ''
${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \
| ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \
| ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}"
'';
alarm = echoToIrc "test radio failed";
};
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
];
}

View file

@ -29,7 +29,7 @@ with import <stockholm/lib>;
data="$(${pkgs.jq}/bin/jq -r .message)"
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
ni.r 6667 prism-alarm \#retiolum "$data" >/dev/null
ni.r 6667 prism-alarm \#noise "$data" >/dev/null
'';
in {
enable = true;

View file

@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "f7b7d8e";
ref = "5b0c9d4";
};
}

View file

@ -5,7 +5,7 @@
before = [ "sleep.target" ];
wantedBy = [ "sleep.target" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
DISPLAY = ":0";
};
serviceConfig = {
SyslogIdentifier = "screenlock";

View file

@ -0,0 +1,8 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
# http://seclists.org/oss-sec/2017/q1/471
boot.extraModprobeConfig = ''
install dccp /run/current-system/sw/bin/false
'';
}

22
lass/2configs/termite.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
environment.systemPackages = [
pkgs.termite
];
krebs.per-user.lass.packages = let
termitecfg = pkgs.writeTextFile {
name = "termite-config";
destination = "/etc/xdg/termite/config";
text = ''
[colors]
foreground = #d0d7d0
background = #000000
'';
};
in [
termitecfg
];
}

View file

@ -25,7 +25,7 @@ let
set hlsearch
set incsearch
set mouse=a
set noruler
set ruler
set pastetoggle=<INS>
set runtimepath=${extra-runtimepath},$VIMRUNTIME
set shortmess+=I
@ -66,6 +66,7 @@ let
"Syntastic config
let g:syntastic_python_checkers=['flake8']
let g:syntastic_python_flake8_post_args='--ignore=E501'
nmap <esc>q :buffer
nmap <M-q> :buffer

View file

@ -110,7 +110,10 @@ in {
'';
enableSSL = true;
extraConfig = "listen 80;";
extraConfig = ''
listen 80;
listen [::]:80;
'';
sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem";
sslCertificateKey = "/var/lib/acme/lassul.us/key.pem";
};
@ -123,7 +126,10 @@ in {
root /var/lib/acme/acme-challenges;
'';
enableSSL = true;
extraConfig = "listen 80;";
extraConfig = ''
listen 80;
listen [::]:80;
'';
sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
};

View file

@ -17,7 +17,10 @@ rec {
services.nginx.virtualHosts.${domain} = {
enableACME = true;
enableSSL = true;
extraConfig = "listen 80;";
extraConfig = ''
listen 80;
listen [::]:80;
'';
serverAliases = domains;
locations."/".extraConfig = ''
root /srv/http/${domain};
@ -29,12 +32,14 @@ rec {
let
domain = head domains;
in {
services.phpfpm.phpPackage = pkgs.php56;
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
enableSSL = true;
serverAliases = domains;
extraConfig = ''
listen 80;
listen [::]:80;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
@ -148,6 +153,8 @@ rec {
serverAliases = domains;
extraConfig = ''
listen 80;
listen [::]:80;
root /srv/http/${domain}/;
index index.php;
access_log /tmp/nginx_acc.log;
@ -175,10 +182,10 @@ rec {
user = nginx
group = nginx
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.max_children = 15
pm.start_servers = 3
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_spare_servers = 10
listen.owner = nginx
listen.group = nginx
php_admin_value[error_log] = 'stderr'

View file

@ -1,23 +0,0 @@
{ config, pkgs, lib, ... }:
let
inherit (import <stockholm/lib>)
genid
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
ssl
servePage
;
in {
imports = [
( ssl [ "wohnprojekt-rhh.de" ])
( servePage [ "wohnprojekt-rhh.de" ])
];
users.users.laura = {
home = "/srv/http/wohnprojekt-rhh.de";
createHome = true;
useDefaultShell = true;
};
}

View file

@ -0,0 +1,55 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
xresources = pkgs.writeText "Xresources" ''
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*SaveLines: 4096
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
! ref https://github.com/muennich/urxvt-perls
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select
URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.intensityStyles: false
URxvt*background: #000000
URxvt*foreground: #d0d7d0
URxvt*cursorColor: #f042b0
URxvt*cursorColor2: #f0b000
URxvt*cursorBlink: off
URxvt*.pointerBlank: true
URxvt*.pointerBlankDelay: 987654321
URxvt*.pointerColor: #f042b0
URxvt*.pointerColor2: #050505
'';
in {
systemd.user.services.xresources = {
description = "xresources";
wantedBy = [ "default.target" ];
environment = {
DISPLAY = ":0";
};
restartIfChanged = true;
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
Restart = "on-failure";
};
};
}

View file

@ -1,66 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
pkgs.writeText "Xresources" ''
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
! ref https://github.com/muennich/urxvt-perls
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select
URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.intensityStyles: false
URxvt*background: #050505
! URxvt*background: #041204
!URxvt.depth: 32
!URxvt*background: rgba:0500/0500/0500/cccc
! URxvt*background: #080810
URxvt*foreground: #d0d7d0
! URxvt*background: black
! URxvt*foreground: white
! URxvt*background: rgb:00/00/40
! URxvt*foreground: rgb:a0/a0/d0
! XTerm*cursorColor: rgb:00/00/60
URxvt*cursorColor: #f042b0
URxvt*cursorColor2: #f0b000
URxvt*cursorBlink: off
! URxvt*cursorUnderline: true
! URxvt*highlightColor: #232323
! URxvt*highlightTextColor: #b0ffb0
URxvt*.pointerBlank: true
URxvt*.pointerBlankDelay: 987654321
URxvt*.pointerColor: #f042b0
URxvt*.pointerColor2: #050505
! URxvt*color0: #000000
! URxvt*color1: #c00000
! URxvt*color2: #80c070
URxvt*color3: #c07000
! URxvt*color4: #0000c0
URxvt*color4: #4040c0
! URxvt*color5: #c000c0
! URxvt*color6: #008080
URxvt*color7: #c0c0c0
URxvt*color8: #707070
URxvt*color9: #ff6060
URxvt*color10: #70ff70
URxvt*color11: #ffff70
URxvt*color12: #7070ff
URxvt*color13: #ff50ff
URxvt*color14: #70ffff
URxvt*color15: #ffffff
''

View file

@ -1,147 +0,0 @@
{ config, pkgs, ... }@args:
with import <stockholm/lib>;
let
user = config.krebs.build.user;
copyqConfig = pkgs.writeDash "copyq-config" ''
${pkgs.copyq}/bin/copyq config check_clipboard true
${pkgs.copyq}/bin/copyq config check_selection true
${pkgs.copyq}/bin/copyq config copy_clipboard true
${pkgs.copyq}/bin/copyq config copy_selection true
${pkgs.copyq}/bin/copyq config activate_closes true
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
${pkgs.copyq}/bin/copyq config clipboard_tab &clipboard
${pkgs.copyq}/bin/copyq config disable_tray true
${pkgs.copyq}/bin/copyq config hide_tabs true
${pkgs.copyq}/bin/copyq config hide_toolbar true
${pkgs.copyq}/bin/copyq config item_popup_interval true
${pkgs.copyq}/bin/copyq config maxitems 1000
${pkgs.copyq}/bin/copyq config move true
${pkgs.copyq}/bin/copyq config text_wrap true
'';
in {
environment.systemPackages = [
pkgs.gitAndTools.qgit
pkgs.mpv
pkgs.sxiv
pkgs.xsel
pkgs.zathura
];
fonts.fonts = [
pkgs.xlibs.fontschumachermisc
];
services.xserver = {
enable = true;
display = 11;
tty = 11;
synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
};
layout = "us";
xkbVariant = "altgr-intl";
xkbOptions = "caps:backspace";
};
systemd.services.display-manager.enable = false;
systemd.services.xmonad = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} &
${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
wait
'';
XMONAD_STATE = "/tmp/xmonad.state";
# XXX JSON is close enough :)
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
"dashboard" # we start here
]);
};
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
ExecStop = pkgs.writeScript "xmonad-stop" ''
#! /bin/sh
${pkgs.xmonad-lass}/bin/xmonad --shutdown
${pkgs.coreutils}/bin/sleep 2s
'';
User = user.name;
WorkingDirectory = user.home;
};
};
systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = {
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
};
serviceConfig = {
SyslogIdentifier = "xserver";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString config.services.xserver.display}"
"vt${toString config.services.xserver.tty}"
"-config ${import ./xserver.conf.nix args}"
"-logfile /dev/null -logverbose 0 -verbose 3"
"-nolisten tcp"
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
];
};
};
systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
systemd.services.copyq = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};
serviceConfig = {
SyslogIdentifier = "copyq";
ExecStart = "${pkgs.copyq}/bin/copyq";
ExecStartPost = copyqConfig;
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
}

View file

@ -1,40 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.services.xserver;
in
pkgs.stdenv.mkDerivation {
name = "xserver.conf";
xfs = optionalString (cfg.useXFS != false)
''FontPath "${toString cfg.useXFS}"'';
inherit (cfg) config;
buildCommand =
''
echo 'Section "Files"' >> $out
echo $xfs >> $out
for i in ${toString config.fonts.fonts}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString cfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo 'EndSection' >> $out
echo "$config" >> $out
'';
}

View file

@ -22,7 +22,7 @@ import XMonad
import qualified XMonad.StackSet as W
import Control.Exception
import Data.List (isInfixOf)
import System.Environment (getArgs, withArgs, getEnv)
import System.Environment (getArgs, withArgs)
import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile)
import Text.Read (readEither)
@ -60,21 +60,17 @@ main = getArgs >>= \case
mainNoArgs :: IO ()
mainNoArgs = do
workspaces0 <- getWorkspaces0
xmonad'
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def
{ terminal = urxvtcPath
, modMask = mod4Mask
, workspaces = workspaces0
, layoutHook = smartBorders $ myLayoutHook
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
, startupHook = do
path <- liftIO (getEnv "XMONAD_STARTUP_HOOK")
forkFile path [] Nothing
, normalBorderColor = "#1c1c1c"
, focusedBorderColor = "#f000b0"
, handleEventHook = handleShutdownEvent
, workspaces = [ "dashboard" ]
} `additionalKeysP` myKeyMap
myLayoutHook = defLayout
@ -84,7 +80,7 @@ myLayoutHook = defLayout
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
xmonad' conf = do
path <- getEnv "XMONAD_STATE"
let path = "/tmp/xmonad.state"
try (readFile path) >>= \case
Right content -> do
hPutStrLn stderr ("resuming from " ++ path)
@ -93,25 +89,13 @@ xmonad' conf = do
hPutStrLn stderr (displaySomeException e)
xmonad conf
getWorkspaces0 :: IO [String]
getWorkspaces0 =
try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
Left e -> warn (displaySomeException e)
Right p -> try (readFile p) >>= \case
Left e -> warn (displaySomeException e)
Right x -> case readEither x of
Left e -> warn e
Right y -> return y
where
warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
displaySomeException :: SomeException -> String
displaySomeException = displayException
myKeyMap :: [([Char], X ())]
myKeyMap =
[ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f")
[ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i $HOME/wallpaper -f")
, ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")

View file

@ -35,6 +35,7 @@ in {
# ../2configs/opentracker.nix
../2configs/logging/central-stats-client.nix
../2configs/logging/central-logging-client.nix
];
services.smartd.devices = [ { device = "/dev/sda";} ];
@ -64,7 +65,7 @@ in {
# access
users.users = {
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
};
# Chat

View file

@ -25,6 +25,7 @@ in {
# collectd
../2configs/logging/central-stats-client.nix
../2configs/logging/central-logging-client.nix
../2configs/tinc/retiolum.nix
# ../2configs/torrent.nix

View file

@ -10,9 +10,10 @@
../2configs/main-laptop.nix
../2configs/laptop-utils.nix
../2configs/laptop-backup.nix
../2configs/dnscrypt.nix
# testing
../2configs/openvpn/vpngate.nix
# ../2configs/openvpn/vpngate.nix
#../2configs/temp/share-samba.nix
# ../2configs/mediawiki.nix
# ../2configs/wordpress.nix
@ -26,7 +27,6 @@
#../2configs/elchos/stats.nix
#../2configs/elchos/test/ftpservers.nix
../2configs/laptop-backup.nix
# ../2configs/tinc/siem.nix
#../2configs/torrent.nix
# temporary modules
@ -59,7 +59,7 @@
# hardware specifics are in here
../2configs/hw/tp-x230.nix
../2configs/hw/rtl8812au.nix
../2configs/hw/bcm4352.nix
# mount points
../2configs/fs/sda-crypto-root-home.nix

View file

@ -0,0 +1,6 @@
{
services.dnscrypt-proxy.enable = true;
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
}

View file

@ -101,6 +101,7 @@ browser = "firefox"
-- I suggest you to remap Mod4 to another key using xmodmap or other tools.
-- However, you can use another modifier like Mod1, but it may interact with others.
modkey = "@modkey@"
-- modkey = "Mod4"
-- Table of layouts to cover with awful.layout.inc, order matters.
awful.layout.layouts =
@ -116,10 +117,24 @@ awful.layout.layouts =
-- awful.layout.suit.spiral.dwindle,
awful.layout.suit.max,
awful.layout.suit.max.fullscreen,
-- awful.layout.suit.magnifier,
awful.layout.suit.magnifier,
awful.layout.suit.corner.nw
}
-- }}}
-- {{{ Helper Functions
local function client_menu_toggle_fn()
local instance = nil
return function ()
if instance and instance.wibox.visible then
instance:hide()
instance = nil
else
instance = awful.menu.clients({ theme = { width = 250 } })
end
end
end
-- }}}
-- {{{ Wallpaper
if beautiful.wallpaper then
@ -166,50 +181,51 @@ mytextclock = wibox.widget.textclock()
-- Create a wibox for each screen and add it
mywibox = {}
mylayoutbox = {}
mytaglist = {}
mytaglist.buttons = awful.util.table.join(
awful.button({ }, 1, awful.tag.viewonly),
awful.button({ modkey }, 1, awful.client.movetotag),
-- Create a wibox for each screen and add it
local taglist_buttons = awful.util.table.join(
awful.button({ }, 1, function(t) t:view_only() end),
awful.button({ modkey }, 1, function(t)
if client.focus then
client.focus:move_to_tag(t)
end
end),
awful.button({ }, 3, awful.tag.viewtoggle),
awful.button({ modkey }, 3, awful.client.toggletag),
awful.button({ }, 4, function(t) awful.tag.viewnext(awful.tag.getscreen(t)) end),
awful.button({ }, 5, function(t) awful.tag.viewprev(awful.tag.getscreen(t)) end)
)
mytasklist = {}
mytasklist.buttons = awful.util.table.join(
awful.button({ modkey }, 3, function(t)
if client.focus then
client.focus:toggle_tag(t)
end
end),
awful.button({ }, 4, function(t) awful.tag.viewnext(t.screen) end),
awful.button({ }, 5, function(t) awful.tag.viewprev(t.screen) end)
)
local tasklist_buttons = awful.util.table.join(
awful.button({ }, 1, function (c)
if c == client.focus then
c.minimized = true
else
-- Without this, the following
-- :isvisible() makes no sense
c.minimized = false
if not c:isvisible() then
awful.tag.viewonly(c:tags()[1])
end
-- This will also un-minimize
-- the client, if needed
client.focus = c
c:raise()
end
end),
awful.button({ }, 3, function ()
if instance then
instance:hide()
instance = nil
else
instance = awful.menu.clients({ width=250 })
end
end),
if c == client.focus then
c.minimized = true
else
-- Without this, the following
-- :isvisible() makes no sense
c.minimized = false
if not c:isvisible() and c.first_tag then
c.first_tag:view_only()
end
-- This will also un-minimize
-- the client, if needed
client.focus = c
c:raise()
end
end),
awful.button({ }, 3, client_menu_toggle_fn()),
awful.button({ }, 4, function ()
awful.client.focus.byidx(1)
if client.focus then client.focus:raise() end
end),
awful.button({ }, 5, function ()
awful.client.focus.byidx(-1)
if client.focus then client.focus:raise() end
end))
local function set_wallpaper(s)
-- Wallpaper
if beautiful.wallpaper then

View file

@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "6b28bd0daf00b8e5e370a04347844cb8614138ff";
ref = "6651c72";
};
}