makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse source
This commit is contained in:
tv 2017-03-05 00:28:32 +01:00
parent d7761aed65 39fd77b84c
commit 4499cc4065
49 changed files with 782 additions and 653 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
krebs/3modules/default.nix
View file

@ -22,6 +22,7 @@ let
./go.nix ./go.nix
./iptables.nix ./iptables.nix
./kapacitor.nix ./kapacitor.nix
./monit.nix
./newsbot-js.nix ./newsbot-js.nix
./nginx.nix ./nginx.nix
./nixpkgs.nix ./nixpkgs.nix

2
krebs/3modules/exim-smarthost.nix
View file

@ -55,7 +55,7 @@ let
local_domains = mkOption { local_domains = mkOption {
type = with types; listOf hostname; type = with types; listOf hostname;
default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases; default = unique (["localhost" cfg.primary_hostname] ++ config.krebs.build.host.nets.retiolum.aliases);
}; };
relay_from_hosts = mkOption { relay_from_hosts = mkOption {

28
krebs/3modules/fetchWallpaper.nix
View file

@ -21,13 +21,14 @@ let
OnCalendar = "*:00,10,20,30,40,50"; OnCalendar = "*:00,10,20,30,40,50";
}; };
}; };
# TODO find a better default stateDir
stateDir = mkOption { stateDir = mkOption {
type = types.str; type = types.str;
default = "/var/lib/wallpaper"; default = "$HOME/wallpaper";
}; };
display = mkOption { display = mkOption {
type = types.str; type = types.str;
default = ":11"; default = ":0";
}; };
unitConfig = mkOption { unitConfig = mkOption {
type = types.attrsOf types.str; type = types.attrsOf types.str;
@ -48,38 +49,30 @@ let
fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" '' fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
set -euf set -euf
mkdir -p ${shell.escape cfg.stateDir} mkdir -p ${cfg.stateDir}
cd ${shell.escape cfg.stateDir} cd ${cfg.stateDir}
(curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || : (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper feh --no-fehbg --bg-scale wallpaper
''; '';
imp = { imp = {
users.users.fetchWallpaper = { systemd.user.timers.fetchWallpaper = {
name = "fetchWallpaper";
uid = genid "fetchWallpaper";
description = "fetchWallpaper user";
home = cfg.stateDir;
createHome = true;
};
systemd.timers.fetchWallpaper = {
description = "fetch wallpaper timer"; description = "fetch wallpaper timer";
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = cfg.timerConfig; timerConfig = cfg.timerConfig;
}; };
systemd.services.fetchWallpaper = { systemd.user.services.fetchWallpaper = {
description = "fetch wallpaper"; description = "fetch wallpaper";
after = [ "network.target" ]; wantedBy = [ "default.target" ];
path = with pkgs; [ path = with pkgs; [
curl curl
feh feh
coreutils
]; ];
environment = { environment = {
URL = cfg.url;
DISPLAY = cfg.display; DISPLAY = cfg.display;
}; };
restartIfChanged = true; restartIfChanged = true;
@ -87,7 +80,6 @@ let
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = fetchWallpaperScript; ExecStart = fetchWallpaperScript;
User = "fetchWallpaper";
}; };
unitConfig = cfg.unitConfig; unitConfig = cfg.unitConfig;

10
krebs/3modules/lass/default.nix
View file

@ -73,13 +73,21 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
}; };
prism = { prism = rec {
cores = 4; cores = 4;
extraZones = {
"krebsco.de" = ''
prism IN A ${nets.internet.ip4.addr}
paste IN A ${nets.internet.ip4.addr}
'';
};
nets = rec { nets = rec {
internet = { internet = {
ip4.addr = "213.239.205.240"; ip4.addr = "213.239.205.240";
aliases = [ aliases = [
"prism.internet" "prism.internet"
"paste.i"
"paste.internet"
]; ];
ssh.port = 45621; ssh.port = 45621;
}; };

2
krebs/3modules/lass/ssh/icarus.rsa
View file

@ -1 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz97C5WVGXgKZ3I7FMvL4TyUv+0rsrSOGI7jj5uQaaHx0SSR0V4tnZtv2hXYrfnkaPHwu2PYUeeUdMBHfbZS6l2dmaXRI9f2WG7182G3IUskMktpi84DMyh0kwK2pWmHoS+Kwo//q+lu4WXIRy4X5wVMVpPT1Oc7boDtqJt4rK8uZkuVmVzGi+5SFaBxspCsdZsX/uDWOeC4/U2l+2Pd4YYl8UdmgN3bJceKTwqKIcbK7AL91My0jrnRSU6XLuED0hcVKzjkjc6bcj1R+Mlch9cflsMQV8TfT6p7VGGvUOtVwhG1+CjraHfilzFn76wINClsQXF/ncKrGabTEWO3zTi12ukAzL2/B0IB0q61tror9uYqeI74WgLjwhnuF98hUL7hnqgV3KB1ytpt6yzXqf1Uz784z9dh0n9r0fLTkeTDbJ4uOz1XzpmAMRwuo0o7/Op7rRBLHohu2Tp6AV8sISKJN5hDGe0wD6861pH9ZrRBiUux6uylzfWp2qrZmERnk0brBl+oDQNhKs3Z0CZmLG4DZWMc5pxpQ5751/8bb6nEorg2ulDZ/h+G3myC+9Zbc/owb/HHOGOBMEpyYYYMvYAfchu50e4xtHd+wMqzFxzjfcM7u6dTdyDEXi6+TFXKBEZyvaAhW2J27HKj4iK6Td2GyK59myPG6OtCnIbw9BPw== lass@icarus ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm4qnRU8/Zyb+7x/QxW1grN+i1qcN39Sr/TSkBdccAPyfPdk8ph/G+wZKgsyr9sl5CgbA4hOsqDBN97dp4dKghKARuk0GldHDgo+2odWwBTa4EOSmE4Bfj3z7r9tW33Y+ujy55L4w5Qw21lj51mbhc0qvC/03xypEeKsLM0RtNAf8TsdGMPGmbha7uCF75VjFJvrHysbjonh6ZQ+Or8N0MSNABZ9oawJQxxBUqtLFhnq20zCJmm281f9GS/EaGYwcpOjiHd4fj3XWyfEIJRK/LRBZXkidvVDN7mhOQY3G+qiGZfPeyged9CRDRFoc5QbZ43NtrmPS+yUtjHQZKynkjI0lA00fegRzb0FkEJmYSy1Vdqgj338CjNwcuTaKJTw2EotMqMuHyk1FllnphafJtgMTMLIGoZRTpJpC91gbP0MGTnRoCwD4McZcz1YD3cxng101QsLsDv/FPxzbyxr+P6rjBB6eP6IhP4k4ALjWzoMURdCo1BW4//zt+PXImUpcX2+urtAMmVBQ8BwZry1hsEcR+r6C1Yb+jzeWGnvtfjXSFv+ZjpA0eEnqeKeh3LDCxybjkok51zdTe97EZ0sDAnKcnrVzpXJwehY02E2N9Sw1HhvWIUUulr09a2bC2rYR7HWryOjaEzT2aKmUyrxPkflCawB8gn2iSbVMWK74VJw== lass@icarus

262
krebs/3modules/makefu/default.nix
View file

@ -5,50 +5,50 @@ with import <stockholm/lib>;
{ {
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
drop = rec { drop = rec {
cores = 1; cores = 1;
nets = { nets = {
retiolum = { retiolum = {
ip4.addr = "10.243.177.9"; ip4.addr = "10.243.177.9";
ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce"; ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce";
aliases = [ aliases = [
"drop.retiolum" "drop.retiolum"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl
6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI 6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI
GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW
0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C 0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C
Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT
F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
};
}; };
};
}; };
fileleech = rec { fileleech = rec {
cores = 4; cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
nets = { nets = {
retiolum = { retiolum = {
ip4.addr = "10.243.113.98"; ip4.addr = "10.243.113.98";
ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
aliases = [ aliases = [
"fileleech.retiolum" "fileleech.retiolum"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
};
}; };
};
}; };
pnp = { pnp = {
@ -123,16 +123,16 @@ with import <stockholm/lib>;
aliases = [ aliases = [
"ossim.siem" "ossim.siem"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl
RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL
cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand
mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd
dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL
WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
}; };
}; };
@ -169,7 +169,7 @@ with import <stockholm/lib>;
XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ== teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
}; };
}; };
@ -228,16 +228,15 @@ with import <stockholm/lib>;
"vbob.retiolum" "vbob.retiolum"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI 4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
'';
'';
}; };
}; };
ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
@ -278,7 +277,7 @@ with import <stockholm/lib>;
DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv
sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
}; };
}; };
@ -291,7 +290,6 @@ with import <stockholm/lib>;
wry IN A ${nets.internet.ip4.addr} wry IN A ${nets.internet.ip4.addr}
io IN NS wry.krebsco.de. io IN NS wry.krebsco.de.
graphs IN A ${nets.internet.ip4.addr} graphs IN A ${nets.internet.ip4.addr}
paste 60 IN A ${nets.internet.ip4.addr}
tinc IN A ${nets.internet.ip4.addr} tinc IN A ${nets.internet.ip4.addr}
''; '';
}; };
@ -300,9 +298,7 @@ with import <stockholm/lib>;
ip4.addr = "104.233.87.86"; ip4.addr = "104.233.87.86";
aliases = [ aliases = [
"wry.i" "wry.i"
"paste.i"
"wry.internet" "wry.internet"
"paste.internet"
]; ];
}; };
retiolum = { retiolum = {
@ -353,7 +349,7 @@ with import <stockholm/lib>;
ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"; ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
aliases = [ aliases = [
"filepimp.retiolum" "filepimp.retiolum"
"filepimp.r" "filepimp.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -364,7 +360,7 @@ with import <stockholm/lib>;
UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB 8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
}; };
}; };
@ -389,15 +385,15 @@ with import <stockholm/lib>;
"stats.makefu.r" "stats.makefu.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6 s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6 GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB 5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
}; };
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
@ -428,18 +424,18 @@ with import <stockholm/lib>;
ip4.addr = "10.243.214.15"; ip4.addr = "10.243.214.15";
ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
aliases = [ aliases = [
"wbob.retiolum" "wbob.retiolum"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8 cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9 rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
}; };
}; };
@ -487,7 +483,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
}; };
ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
@ -538,7 +534,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
+DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5 +DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5
uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
}; };
}; };
@ -551,8 +547,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
ip4.addr = "10.243.83.237"; ip4.addr = "10.243.83.237";
ip6.addr = "42:af50:99cf:c185:f1a8:14d5:acb:8101"; ip6.addr = "42:af50:99cf:c185:f1a8:14d5:acb:8101";
aliases = [ aliases = [
"sdev.retiolum" "sdev.retiolum"
"sdev.r" "sdev.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -569,7 +565,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
}; };
# non-stockholm # non-stockholm
flap = rec { flap = rec {
cores = 1; cores = 1;
@ -602,7 +598,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
}; };
}; };
@ -819,32 +815,30 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
}; };
}; };
tcac-0-1 = rec { tcac-0-1 = rec {
cores = 1; cores = 1;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1 ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1
"; ";
nets = { nets = {
retiolum = { retiolum = {
ip4.addr = "10.243.144.142"; ip4.addr = "10.243.144.142";
ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278"; ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278";
aliases = [ aliases = [
"tcac-0-1.retiolum" "tcac-0-1.retiolum"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j
7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs 7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs
zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO
Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs
QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl
HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
};
}; };
};
}; };
} // { # hosts only maintained in stockholm, not owned by me } // { # hosts only maintained in stockholm, not owned by me
muhbaasu = rec { muhbaasu = rec {
owner = config.krebs.users.root; owner = config.krebs.users.root;
@ -878,23 +872,23 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
tpsw = { tpsw = {
cores = 2; cores = 2;
owner = config.krebs.users.ciko; # main laptop owner = config.krebs.users.ciko; # main laptop
nets = { nets = {
retiolum = { retiolum = {
ip4.addr = "10.243.183.236"; ip4.addr = "10.243.183.236";
ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c"; ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c";
aliases = [ "tpsw.r" "tpsw.retiolum" ]; aliases = [ "tpsw.r" "tpsw.retiolum" ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd 0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
};
}; };
};
}; };
}; };
users = rec { users = rec {
@ -920,6 +914,10 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
inherit (makefu) mail pgp; inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum";
}; };
makefu-bob = {
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";
};
ciko = { ciko = {
mail = "wieczorek.stefan@googlemail.com"; mail = "wieczorek.stefan@googlemail.com";
}; };

116
krebs/3modules/monit.nix Normal file
View file

@ -0,0 +1,116 @@
{ config, lib, pkgs, ... }:
with builtins;
with import <stockholm/lib>;
let
cfg = config.krebs.monit;
out = {
options.krebs.monit = api;
config = mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "monit";
http = {
enable = mkEnableOption "monit http server";
port = mkOption {
type = types.int;
default = 9093;
};
user = mkOption {
type = types.str;
default = "krebs";
};
pass = mkOption {
type = types.str;
default = "bob";
};
};
user = mkOption {
type = types.user;
default = {
name = "monit";
};
};
group = mkOption {
type = types.group;
default = {
name = "monitor";
};
};
extraConfig = mkOption {
type = types.attrs;
default = {};
};
alarms = mkOption {
default = {};
type = with types; attrsOf (submodule {
options = {
test = mkOption {
type = path;
};
alarm = mkOption {
type = path;
};
interval = mkOption {
type = str;
default = "10";
};
};
});
};
};
imp = let
configFile = pkgs.writeText "monit.cfg" ''
${optionalString cfg.http.enable ''
set httpd port ${toString cfg.http.port}
allow ${cfg.http.user}:${cfg.http.pass}
''}
set daemon 10
${concatStringsSep "\n" (mapAttrsToList (name: alarm: ''
check program ${name} with path "${alarm.test}"
every ${alarm.interval} cycles
if status != 0 then exec "${alarm.alarm}"
'') cfg.alarms)}
'';
in {
environment.etc = [
{
source = configFile;
target = "monit.conf";
mode = "0400";
uid = config.users.users.${cfg.user.name}.uid;
}
];
users = {
groups.${cfg.group.name} = {
inherit (cfg.group) name gid;
};
users.${cfg.user.name} = {
inherit (cfg.user) home name uid;
createHome = true;
group = cfg.group.name;
};
};
systemd.services.monit = {
description = "monit";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
serviceConfig = {
Restart = "always";
User = cfg.user.name;
ExecStart = "${pkgs.monit}/bin/monit -I -c /etc/monit.conf";
# Monit should restart when the config changes
ExecStartPre = "${pkgs.coreutils}/bin/echo ${configFile}";
};
};
};
in out

2
krebs/3modules/nin/default.nix
View file

@ -38,6 +38,8 @@ with import <stockholm/lib>;
aliases = [ aliases = [
"onondaga.retiolum" "onondaga.retiolum"
"onondaga.r" "onondaga.r"
"cgit.onondaga.r"
"cgit.onondaga.retiolum"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----

8
krebs/5pkgs/buildbot/default.nix
View file

@ -3,10 +3,10 @@
pythonPackages.buildPythonApplication (rec { pythonPackages.buildPythonApplication (rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
pname = "buildbot"; pname = "buildbot";
version = "0.9.1"; version = "0.9.4";
src = fetchurl { src = fetchurl {
url = "mirror://pypi/b/${pname}/${name}.tar.gz"; url = "mirror://pypi/b/${pname}/${name}.tar.gz";
sha256 = "1kk4dlkk4rznwid9xykq2lbzksvkcr4r5kmz9hgh5hswdzv8bwx9"; sha256 = "0wklrn4fszac9wi8zw3vbsznwyff6y57cz0i81zvh46skb6n3086";
}; };
doCheck = false; doCheck = false;
buildInputs = with pythonPackages; [ buildInputs = with pythonPackages; [
@ -22,6 +22,7 @@ pythonPackages.buildPythonApplication (rec {
pylint pylint
astroid astroid
pyflakes pyflakes
pyjwt
]; ];
propagatedBuildInputs = with pythonPackages; [ propagatedBuildInputs = with pythonPackages; [
@ -55,9 +56,6 @@ pythonPackages.buildPythonApplication (rec {
] ++ plugins; ] ++ plugins;
patchPhase = ''
patch -p1 < ${./irc_messages.patch}
'';
preInstall = '' preInstall = ''
# writes out a file that can't be read properly # writes out a file that can't be read properly
sed -i.bak -e '69,84d' buildbot/test/unit/test_www_config.py sed -i.bak -e '69,84d' buildbot/test/unit/test_www_config.py

40
krebs/5pkgs/buildbot/irc_messages.patch
View file

@ -1,40 +0,0 @@
diff --git a/buildbot/reporters/words.py b/master/buildbot/reporters/words.py
index a65147b..bf44118 100644
--- a/buildbot/reporters/words.py
+++ b/buildbot/reporters/words.py
@@ -550,14 +550,15 @@ class Contact(service.AsyncService):
if self.useRevisions:
revisions = yield self.getRevisionsForBuild(build)
- r = "Hey! build %s containing revision(s) [%s] is complete: %s" % \
+ r = "Build %s containing revision(s) [%s] is complete: %s" % \
(builderName, ','.join(revisions), results[0])
else:
- r = "Hey! build %s #%d is complete: %s" % \
+ r = "Build %s #%d is complete: %s" % \
(builderName, buildNumber, results[0])
r += ' [%s]' % maybeColorize(build['state_string'],
results[1], self.useColors)
+ r += " - %s" % self.master.status.getURLForBuild(builder['builderid'],buildNumber)
self.send(r)
# FIXME: where do we get the list of changes for a build ?
@@ -622,14 +623,15 @@ class Contact(service.AsyncService):
results = self.getResultsDescriptionAndColor(build['results'])
if self.useRevisions:
revisions = yield self.getRevisionsForBuild(build)
- r = "Hey! build %s containing revision(s) [%s] is complete: %s" % \
+ r = "Build %s containing revision(s) [%s] is complete: %s" % \
(builder_name, ','.join(revisions), results[0])
else:
- r = "Hey! build %s #%d is complete: %s" % \
+ r = "Build %s #%d is complete: %s" % \
(builder_name, buildnum, results[0])
r += ' [%s]' % maybeColorize(build['state_string'],
results[1], self.useColors)
+ r += " - %s" % self.master.status.getURLForBuild(builder['builderid'],buildNumber)
self.send(r)
# FIXME: where do we get the base_url? Then do we use the build Link to

4
krebs/5pkgs/buildbot/worker.nix
View file

@ -2,12 +2,12 @@
pythonPackages.buildPythonApplication (rec { pythonPackages.buildPythonApplication (rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
pname = "buildbot-worker"; pname = "buildbot-worker";
version = "0.9.1"; version = "0.9.4";
doCheck = false; doCheck = false;
src = fetchurl { src = fetchurl {
url = "mirror://pypi/b/${pname}/${name}.tar.gz"; url = "mirror://pypi/b/${pname}/${name}.tar.gz";
sha256 = "00p9l1qz6mx12npjwsycp8f9a8f2har15ig79pfsg8z7a7yw93hx"; sha256 = "0rdrr8x7sn2nxl51p6h9ad42s3c28lb6sys84zrg0d7fm4zhv7hj";
}; };
buildInputs = with pythonPackages; [ setuptoolsTrial mock ]; buildInputs = with pythonPackages; [ setuptoolsTrial mock ];

83
krebs/5pkgs/zandronum-bin/default.nix Normal file
View file

@ -0,0 +1,83 @@
{ stdenv
, atk
, bzip2
, cairo
, fetchurl
, fluidsynth
, fontconfig
, freetype
, gdk_pixbuf
, glib
, gtk2
, libjpeg_turbo
, mesa_glu
, mesa_noglu
, openssl
, pango
, SDL
, zlib
, makeWrapper
}:
stdenv.mkDerivation rec {
name = "zandronum-3.0";
src = fetchurl {
url = "http://zandronum.com/downloads/testing/3.0/ZandroDev3.0-170205-2117linux-x86_64.tar.bz2";
sha256 = "17vrzk0m5b17sp3sqcg57r7812ma97lp3qxn9hmd39fwl1z40fz3";
};
libPath = stdenv.lib.makeLibraryPath [
atk
bzip2
cairo
fluidsynth
fontconfig
freetype
gdk_pixbuf
glib
gtk2
libjpeg_turbo
mesa_glu
mesa_noglu
openssl
pango
SDL
stdenv.cc.cc
zlib
];
nativeBuildInputs = [ makeWrapper ];
phases = [ "unpackPhase" "installPhase" ];
sourceRoot = ".";
installPhase = ''
mkdir -p $out/bin
mkdir -p $out/share/zandronum
cp *.so *.pk3 zandronum zandronum-server $out/share/zandronum
patchelf \
--set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
--set-rpath $libPath:$out/share/zandronum \
$out/share/zandronum/zandronum
patchelf \
--set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
--set-rpath $libPath \
$out/share/zandronum/zandronum-server
# If we don't set absolute argv0, zandronum.wad file is not found.
makeWrapper $out/share/zandronum/zandronum $out/bin/zandronum
makeWrapper $out/share/zandronum/zandronum-server $out/bin/zandronum-server
'';
meta = {
homepage = http://zandronum.com/;
description = "Multiplayer oriented port, based off Skulltag, for Doom and Doom II by id Software. Binary version for online play";
maintainers = [ stdenv.lib.maintainers.lassulus ];
# Binary version has different version string than source code version.
license = stdenv.lib.licenses.unfreeRedistributable;
platforms = [ "x86_64-linux" ];
};
}

59
lass/1systems/mors.nix
View file

@ -76,56 +76,15 @@ with import <stockholm/lib>;
{ {
services.redis.enable = true; services.redis.enable = true;
} }
#{ {
# #gitit magic #ipfs-testing
# imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ]; services.ipfs.enable = true;
# services.gitit = { }
# enable = true; {
# haskellPackages = pkgs.haskell.packages.ghc7103; environment.systemPackages = [
# }; pkgs.krebszones
#} ];
#{ }
# lass.icinga2 = {
# enable = true;
# configFiles = [
# ''
# template Service "generic-service" {
# max_check_attempts = 3
# check_interval = 5m
# retry_interval = 1m
# enable_perfdata = true
# }
# apply Service "ping4" {
# }
# ''
# ];
# };
# services.mysql = {
# enable = true;
# package = pkgs.mariadb;
# rootPassword = "<secrets>/mysql_rootPassword";
# };
# lass.icingaweb2 = {
# enable = true;
# initialRootPasswordHash = "$1$HpWDCehI$ITbAoyfOB6HEN1ftooxZq0";
# resources = {
# icinga2db = {
# type = "mysql";
# host = "localhost";
# user = "icingaweb2";
# db = "icinga";
# passfile = <secrets/icinga2-pw>;
# };
# icingaweb2db = {
# type = "mysql";
# host = "localhost";
# user = "icingaweb2";
# db = "icingaweb2";
# passfile = <secrets/icinga2-pw>;
# };
# };
# };
#}
]; ];
krebs.build.host = config.krebs.hosts.mors; krebs.build.host = config.krebs.hosts.mors;

25
lass/1systems/prism.nix
View file

@ -44,6 +44,7 @@ in {
../2configs/hfos.nix ../2configs/hfos.nix
../2configs/makefu-sip.nix ../2configs/makefu-sip.nix
../2configs/monitoring/server.nix ../2configs/monitoring/server.nix
../2configs/monitoring/monit-alarms.nix
{ {
imports = [ imports = [
../2configs/bepasty.nix ../2configs/bepasty.nix
@ -164,7 +165,6 @@ in {
} }
{ {
imports = [ imports = [
../2configs/websites/wohnprojekt-rhh.de.nix
../2configs/websites/domsen.nix ../2configs/websites/domsen.nix
../2configs/websites/lassulus.nix ../2configs/websites/lassulus.nix
]; ];
@ -215,7 +215,8 @@ in {
} }
{ {
krebs.repo-sync.timerConfig = { krebs.repo-sync.timerConfig = {
OnUnitInactiveSec = "5min"; OnBootSec = "5min";
OnUnitInactiveSec = "3min";
RandomizedDelaySec = "2min"; RandomizedDelaySec = "2min";
}; };
} }
@ -247,7 +248,13 @@ in {
]; ];
} }
{ {
krebs.Reaktor.coders = { krebs.Reaktor.coders = let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
}) {}).lambdabot;
in {
nickname = "reaktor-lass"; nickname = "reaktor-lass";
channels = [ "#coders" ]; channels = [ "#coders" ];
extraEnviron = { extraEnviron = {
@ -263,7 +270,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-pl" { (buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$"; pattern = "^@pl (?P<args>.*)$$";
script = pkgs.writeDash "lambda-pl" '' script = pkgs.writeDash "lambda-pl" ''
exec ${pkgs.lambdabot}/bin/lambdabot \ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags} ${indent lambdabotflags}
-e "@pl $1" -e "@pl $1"
''; '';
@ -271,7 +278,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-type" { (buildSimpleReaktorPlugin "lambdabot-type" {
pattern = "^@type (?P<args>.*)$$"; pattern = "^@type (?P<args>.*)$$";
script = pkgs.writeDash "lambda-type" '' script = pkgs.writeDash "lambda-type" ''
exec ${pkgs.lambdabot}/bin/lambdabot \ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags} ${indent lambdabotflags}
-e "@type $1" -e "@type $1"
''; '';
@ -279,7 +286,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-let" { (buildSimpleReaktorPlugin "lambdabot-let" {
pattern = "^@let (?P<args>.*)$$"; pattern = "^@let (?P<args>.*)$$";
script = pkgs.writeDash "lambda-let" '' script = pkgs.writeDash "lambda-let" ''
exec ${pkgs.lambdabot}/bin/lambdabot \ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags} ${indent lambdabotflags}
-e "@let $1" -e "@let $1"
''; '';
@ -287,7 +294,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-run" { (buildSimpleReaktorPlugin "lambdabot-run" {
pattern = "^@run (?P<args>.*)$$"; pattern = "^@run (?P<args>.*)$$";
script = pkgs.writeDash "lambda-run" '' script = pkgs.writeDash "lambda-run" ''
exec ${pkgs.lambdabot}/bin/lambdabot \ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags} ${indent lambdabotflags}
-e "@run $1" -e "@run $1"
''; '';
@ -295,7 +302,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-kind" { (buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$"; pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" '' script = pkgs.writeDash "lambda-kind" ''
exec ${pkgs.lambdabot}/bin/lambdabot \ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags} ${indent lambdabotflags}
-e "@kind $1" -e "@kind $1"
''; '';
@ -303,7 +310,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-kind" { (buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$"; pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" '' script = pkgs.writeDash "lambda-kind" ''
exec ${pkgs.lambdabot}/bin/lambdabot \ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags} ${indent lambdabotflags}
-e "@kind $1" -e "@kind $1"
''; '';

23
lass/1systems/shodan.nix
View file

@ -42,6 +42,29 @@ with import <stockholm/lib>;
pkgs.python27Packages.python pkgs.python27Packages.python
]; ];
} }
{
krebs.monit = let
echoToIrc = msg:
pkgs.writeDash "echo_irc" ''
set -euf
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
'';
in {
enable = true;
http.enable = true;
alarms = {
hfos = {
test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'";
alarm = echoToIrc "test hfos failed";
};
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
];
}
]; ];
krebs.build.host = config.krebs.hosts.shodan; krebs.build.host = config.krebs.hosts.shodan;

70
lass/2configs/baseX.nix
View file

@ -1,13 +1,15 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
with import <stockholm/lib>;
let let
mainUser = config.users.extraUsers.mainUser; user = config.krebs.build.user;
in { in {
imports = [ imports = [
./xserver
./mpv.nix ./mpv.nix
./power-action.nix ./power-action.nix
./screenlock.nix ./screenlock.nix
./copyq.nix
./xresources.nix
./livestream.nix
{ {
hardware.pulseaudio = { hardware.pulseaudio = {
enable = true; enable = true;
@ -32,15 +34,15 @@ in {
programs.ssh.startAgent = false; programs.ssh.startAgent = false;
security.setuidPrograms = [ "slock" ];
services.printing = { services.printing = {
enable = true; enable = true;
drivers = [ pkgs.foomatic_filters ]; drivers = [
pkgs.foomatic_filters
pkgs.gutenprint
];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
acpi acpi
dic dic
dmenu dmenu
@ -66,37 +68,37 @@ in {
youtube-tools youtube-tools
rxvt_unicode rxvt_unicode
#window manager stuff
#haskellPackages.xmobar
#haskellPackages.yeganesh
#dmenu2
#xlibs.fontschumachermisc
]; ];
#fonts.fonts = [ fonts.fonts = [
# pkgs.xlibs.fontschumachermisc pkgs.xlibs.fontschumachermisc
#]; ];
#services.xserver = { services.xserver = {
# enable = true; enable = true;
# windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [ desktopManager.xterm.enable = false;
# X11-xshape desktopManager.default = "none";
# ]; displayManager.lightdm.enable = true;
# windowManager.xmonad.enable = true; displayManager.lightdm.autoLogin = {
# windowManager.xmonad.enableContribAndExtras = true; enable = true;
# windowManager.default = "xmonad"; user = "lass";
# desktopManager.default = "none"; };
# desktopManager.xterm.enable = false; windowManager.default = "xmonad";
# displayManager.slim.enable = true; windowManager.session = [{
# displayManager.auto.enable = true; name = "xmonad";
# displayManager.auto.user = mainUser.name; start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
${pkgs.xmonad-lass}/bin/xmonad &
waitPID=$!
'';
}];
# layout = "us"; layout = "us";
# xkbModel = "evdev"; xkbModel = "evdev";
# xkbVariant = "altgr-intl"; xkbVariant = "altgr-intl";
# xkbOptions = "caps:backspace"; xkbOptions = "caps:backspace";
#}; };
services.logind.extraConfig = '' services.logind.extraConfig = ''
HandleLidSwitch=ignore HandleLidSwitch=ignore
@ -107,4 +109,6 @@ in {
twoFingerScroll = true; twoFingerScroll = true;
accelFactor = "0.035"; accelFactor = "0.035";
}; };
services.urxvtd.enable = true;
} }

10
lass/2configs/binary-cache/client.nix
View file

@ -2,8 +2,14 @@
{ {
nix = { nix = {
binaryCaches = ["http://cache.prism.r"]; binaryCaches = [
binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; "http://cache.prism.r"
"https://cache.nixos.org/"
];
binaryCachePublicKeys = [
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
];
}; };
} }

4
lass/2configs/browsers.nix
View file

@ -20,7 +20,7 @@ let
createChromiumUser = name: extraGroups: createChromiumUser = name: extraGroups:
let let
bin = pkgs.writeScriptBin name '' bin = pkgs.writeScriptBin name ''
/var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
''; '';
in { in {
users.extraUsers.${name} = { users.extraUsers.${name} = {
@ -43,7 +43,7 @@ let
createFirefoxUser = name: extraGroups: createFirefoxUser = name: extraGroups:
let let
bin = pkgs.writeScriptBin name '' bin = pkgs.writeScriptBin name ''
/var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
''; '';
in { in {
users.extraUsers.${name} = { users.extraUsers.${name} = {

2
lass/2configs/buildbot-standalone.nix
View file

@ -216,7 +216,7 @@ in {
enable = true; enable = true;
nick = "buildbot-lass"; nick = "buildbot-lass";
server = "ni.r"; server = "ni.r";
channels = [ { channel = "retiolum"; } ]; channels = [ { channel = "retiolum"; } { channel = "noise"; } ];
allowForce = true; allowForce = true;
}; };
}; };

38
lass/2configs/copyq.nix Normal file
View file

@ -0,0 +1,38 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
copyqConfig = pkgs.writeDash "copyq-config" ''
${pkgs.copyq}/bin/copyq config check_clipboard true
${pkgs.copyq}/bin/copyq config check_selection true
${pkgs.copyq}/bin/copyq config copy_clipboard true
${pkgs.copyq}/bin/copyq config copy_selection true
${pkgs.copyq}/bin/copyq config activate_closes true
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
${pkgs.copyq}/bin/copyq config disable_tray true
${pkgs.copyq}/bin/copyq config hide_tabs true
${pkgs.copyq}/bin/copyq config hide_toolbar true
${pkgs.copyq}/bin/copyq config item_popup_interval true
${pkgs.copyq}/bin/copyq config maxitems 1000
${pkgs.copyq}/bin/copyq config move true
${pkgs.copyq}/bin/copyq config text_wrap true
'';
in {
systemd.user.services.copyq = {
after = [ "graphical.target" ];
wants = [ "graphical.target" ];
wantedBy = [ "default.target" ];
environment = {
DISPLAY = ":0";
};
serviceConfig = {
SyslogIdentifier = "copyq";
ExecStart = "${pkgs.copyq}/bin/copyq";
ExecStartPost = copyqConfig;
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
};
};
}

13
lass/2configs/default.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, pkgs, ... }:
with import <stockholm/lib>; with import <stockholm/lib>;
{ {
imports = [ imports = [
@ -11,6 +10,7 @@ with import <stockholm/lib>;
../2configs/vim.nix ../2configs/vim.nix
../2configs/monitoring/client.nix ../2configs/monitoring/client.nix
./backups.nix ./backups.nix
./security-workarounds.nix
{ {
users.extraUsers = users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; }) mapAttrs (_: h: { hashedPassword = h; })
@ -62,6 +62,12 @@ with import <stockholm/lib>;
pkgs.pythonPackages.python pkgs.pythonPackages.python
]; ];
} }
{
services.dnscrypt-proxy.enable = true;
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
}
]; ];
networking.hostName = config.krebs.build.host.name; networking.hostName = config.krebs.build.host.name;
@ -129,6 +135,7 @@ with import <stockholm/lib>;
#neat utils #neat utils
krebspaste krebspaste
mosh
pciutils pciutils
pop pop
psmisc psmisc
@ -155,6 +162,7 @@ with import <stockholm/lib>;
shopt -s histappend histreedit histverify shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion shopt -s no_empty_cmd_completion
complete -d cd complete -d cd
LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS
''; '';
promptInit = '' promptInit = ''
if test $UID = 0; then if test $UID = 0; then
@ -202,6 +210,7 @@ with import <stockholm/lib>;
filter.INPUT.rules = [ filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }

3
lass/2configs/exim-smarthost.nix
View file

@ -8,11 +8,12 @@ with import <stockholm/lib>;
dkim = [ dkim = [
{ domain = "lassul.us"; } { domain = "lassul.us"; }
]; ];
primary_hostname = "lassul.us";
sender_domains = [ sender_domains = [
"lassul.us" "lassul.us"
"aidsballs.de" "aidsballs.de"
]; ];
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors config.krebs.hosts.mors
config.krebs.hosts.uriel config.krebs.hosts.uriel
config.krebs.hosts.helios config.krebs.hosts.helios

4
lass/2configs/fetchWallpaper.nix
View file

@ -9,9 +9,5 @@ in {
url = "prism/wallpaper.png"; url = "prism/wallpaper.png";
maxTime = 10; maxTime = 10;
}; };
systemd.services.fetchWallpaper = {
after = [ "xmonad.service" ];
wantedBy = [ "xmonad.service" ];
};
} }

32
lass/2configs/games.nix
View file

@ -11,7 +11,6 @@ let
DOOM_DIR=''${DOOM_DIR:-~/doom/} DOOM_DIR=''${DOOM_DIR:-~/doom/}
${vdoom} \ ${vdoom} \
-file $DOOM_DIR/lib/brutalv20.pk3 \ -file $DOOM_DIR/lib/brutalv20.pk3 \
-file $DOOM_DIR/lib/RebotStarcraftMarines.pk3 \
"$@" "$@"
''; '';
doom1 = pkgs.writeDashBin "doom1" '' doom1 = pkgs.writeDashBin "doom1" ''
@ -31,6 +30,31 @@ let
${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
''; '';
doomservercfg = pkgs.writeText "doomserver.cfg" ''
skill 7
#survival true
#sv_maxlives 4
#sv_norespawn true
#sv_weapondrop true
no_jump true
#sv_noweaponspawn true
sv_sharekeys true
sv_survivalcountdowntime 1
sv_noteamselect true
sv_updatemaster false
#sv_coop_loseinventory true
#cl_startasspectator false
#lms_spectatorview false
'';
vdoomserver = pkgs.writeDashBin "vdoomserver" ''
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${pkgs.zandronum-bin}/bin/zandronum-server \
+exec ${doomservercfg} \
"$@"
'';
in { in {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
dwarf_fortress dwarf_fortress
@ -38,6 +62,7 @@ in {
doom2 doom2
vdoom1 vdoom1
vdoom2 vdoom2
vdoomserver
]; ];
users.extraUsers = { users.extraUsers = {
@ -56,4 +81,9 @@ in {
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
${mainUser.name} ALL=(games) NOPASSWD: ALL ${mainUser.name} ALL=(games) NOPASSWD: ALL
''; '';
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 10666"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 10666"; target = "ACCEPT"; }
];
} }

1
lass/2configs/git.nix
View file

@ -5,6 +5,7 @@ with import <stockholm/lib>;
let let
out = { out = {
services.nginx.enable = true;
krebs.git = { krebs.git = {
enable = true; enable = true;
cgit = { cgit = {

7
lass/2configs/hfos.nix
View file

@ -8,7 +8,6 @@ with import <stockholm/lib>;
extraGroups = [ "libvirtd" ]; extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
config.krebs.users.lass.pubkey
]; ];
}; };
@ -32,4 +31,10 @@ with import <stockholm/lib>;
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
]; ];
krebs.iptables.tables.nat.OUTPUT.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
];
systemd.services.krebs-iptables.after = [ "libvirtd.service" ];
} }

5
lass/2configs/hw/tp-x220.nix
View file

@ -48,4 +48,9 @@ with import <stockholm/lib>;
]; ];
security.rngd.enable = true; security.rngd.enable = true;
services.xserver.synaptics = {
enable = true;
additionalOptions = ''Option "TouchpadOff" "1"'';
};
} }

12
lass/2configs/livestream.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
stream = pkgs.writeDashBin "stream" ''
${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@"
'';
in {
environment.systemPackages = [ stream ];
}

44
lass/2configs/monitoring/monit-alarms.nix Normal file
View file

@ -0,0 +1,44 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
let
echoToIrc = msg:
pkgs.writeDash "echo_irc" ''
set -euf
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
'';
in {
krebs.monit = {
enable = true;
http.enable = true;
alarms = {
nirwanabluete = {
test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'";
alarm = echoToIrc "test nirwanabluete failed";
};
ubik = {
test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'";
alarm = echoToIrc "test ubik failed";
};
cac-panel = {
test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'";
alarm = echoToIrc "test cac-panel failed";
};
radio = {
test = pkgs.writeBash "check_stream" ''
${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \
| ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \
| ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}"
'';
alarm = echoToIrc "test radio failed";
};
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
];
}

2
lass/2configs/monitoring/server.nix
View file

@ -29,7 +29,7 @@ with import <stockholm/lib>;
data="$(${pkgs.jq}/bin/jq -r .message)" data="$(${pkgs.jq}/bin/jq -r .message)"
export LOGNAME=prism-alarm export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \ ${pkgs.irc-announce}/bin/irc-announce \
ni.r 6667 prism-alarm \#retiolum "$data" >/dev/null ni.r 6667 prism-alarm \#noise "$data" >/dev/null
''; '';
in { in {
enable = true; enable = true;

2
lass/2configs/nixpkgs.nix
View file

@ -3,6 +3,6 @@
{ {
krebs.build.source.nixpkgs.git = { krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs; url = https://github.com/nixos/nixpkgs;
ref = "f7b7d8e"; ref = "5b0c9d4";
}; };
} }

2
lass/2configs/screenlock.nix
View file

@ -5,7 +5,7 @@
before = [ "sleep.target" ]; before = [ "sleep.target" ];
wantedBy = [ "sleep.target" ]; wantedBy = [ "sleep.target" ];
environment = { environment = {
DISPLAY = ":${toString config.services.xserver.display}"; DISPLAY = ":0";
}; };
serviceConfig = { serviceConfig = {
SyslogIdentifier = "screenlock"; SyslogIdentifier = "screenlock";

8
lass/2configs/security-workarounds.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
# http://seclists.org/oss-sec/2017/q1/471
boot.extraModprobeConfig = ''
install dccp /run/current-system/sw/bin/false
'';
}

22
lass/2configs/termite.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
environment.systemPackages = [
pkgs.termite
];
krebs.per-user.lass.packages = let
termitecfg = pkgs.writeTextFile {
name = "termite-config";
destination = "/etc/xdg/termite/config";
text = ''
[colors]
foreground = #d0d7d0
background = #000000
'';
};
in [
termitecfg
];
}

3
lass/2configs/vim.nix
View file

@ -25,7 +25,7 @@ let
set hlsearch set hlsearch
set incsearch set incsearch
set mouse=a set mouse=a
set noruler set ruler
set pastetoggle=<INS> set pastetoggle=<INS>
set runtimepath=${extra-runtimepath},$VIMRUNTIME set runtimepath=${extra-runtimepath},$VIMRUNTIME
set shortmess+=I set shortmess+=I
@ -66,6 +66,7 @@ let
"Syntastic config "Syntastic config
let g:syntastic_python_checkers=['flake8'] let g:syntastic_python_checkers=['flake8']
let g:syntastic_python_flake8_post_args='--ignore=E501'
nmap <esc>q :buffer nmap <esc>q :buffer
nmap <M-q> :buffer nmap <M-q> :buffer

10
lass/2configs/websites/lassulus.nix
View file

@ -110,7 +110,10 @@ in {
''; '';
enableSSL = true; enableSSL = true;
extraConfig = "listen 80;"; extraConfig = ''
listen 80;
listen [::]:80;
'';
sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem"; sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem";
sslCertificateKey = "/var/lib/acme/lassul.us/key.pem"; sslCertificateKey = "/var/lib/acme/lassul.us/key.pem";
}; };
@ -123,7 +126,10 @@ in {
root /var/lib/acme/acme-challenges; root /var/lib/acme/acme-challenges;
''; '';
enableSSL = true; enableSSL = true;
extraConfig = "listen 80;"; extraConfig = ''
listen 80;
listen [::]:80;
'';
sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
}; };

15
lass/2configs/websites/util.nix
View file

@ -17,7 +17,10 @@ rec {
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
enableACME = true; enableACME = true;
enableSSL = true; enableSSL = true;
extraConfig = "listen 80;"; extraConfig = ''
listen 80;
listen [::]:80;
'';
serverAliases = domains; serverAliases = domains;
locations."/".extraConfig = '' locations."/".extraConfig = ''
root /srv/http/${domain}; root /srv/http/${domain};
@ -29,12 +32,14 @@ rec {
let let
domain = head domains; domain = head domains;
in { in {
services.phpfpm.phpPackage = pkgs.php56;
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true; enableACME = true;
enableSSL = true; enableSSL = true;
serverAliases = domains; serverAliases = domains;
extraConfig = '' extraConfig = ''
listen 80; listen 80;
listen [::]:80;
# Add headers to serve security related headers # Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
@ -148,6 +153,8 @@ rec {
serverAliases = domains; serverAliases = domains;
extraConfig = '' extraConfig = ''
listen 80; listen 80;
listen [::]:80;
root /srv/http/${domain}/; root /srv/http/${domain}/;
index index.php; index index.php;
access_log /tmp/nginx_acc.log; access_log /tmp/nginx_acc.log;
@ -175,10 +182,10 @@ rec {
user = nginx user = nginx
group = nginx group = nginx
pm = dynamic pm = dynamic
pm.max_children = 5 pm.max_children = 15
pm.start_servers = 2 pm.start_servers = 3
pm.min_spare_servers = 1 pm.min_spare_servers = 1
pm.max_spare_servers = 3 pm.max_spare_servers = 10
listen.owner = nginx listen.owner = nginx
listen.group = nginx listen.group = nginx
php_admin_value[error_log] = 'stderr' php_admin_value[error_log] = 'stderr'

23
lass/2configs/websites/wohnprojekt-rhh.de.nix
View file

@ -1,23 +0,0 @@
{ config, pkgs, lib, ... }:
let
inherit (import <stockholm/lib>)
genid
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
ssl
servePage
;
in {
imports = [
( ssl [ "wohnprojekt-rhh.de" ])
( servePage [ "wohnprojekt-rhh.de" ])
];
users.users.laura = {
home = "/srv/http/wohnprojekt-rhh.de";
createHome = true;
useDefaultShell = true;
};
}

55
lass/2configs/xresources.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
xresources = pkgs.writeText "Xresources" ''
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*SaveLines: 4096
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
! ref https://github.com/muennich/urxvt-perls
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select
URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.intensityStyles: false
URxvt*background: #000000
URxvt*foreground: #d0d7d0
URxvt*cursorColor: #f042b0
URxvt*cursorColor2: #f0b000
URxvt*cursorBlink: off
URxvt*.pointerBlank: true
URxvt*.pointerBlankDelay: 987654321
URxvt*.pointerColor: #f042b0
URxvt*.pointerColor2: #050505
'';
in {
systemd.user.services.xresources = {
description = "xresources";
wantedBy = [ "default.target" ];
environment = {
DISPLAY = ":0";
};
restartIfChanged = true;
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
Restart = "on-failure";
};
};
}

66
lass/2configs/xserver/Xresources.nix
View file

@ -1,66 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
pkgs.writeText "Xresources" ''
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
! ref https://github.com/muennich/urxvt-perls
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select
URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.intensityStyles: false
URxvt*background: #050505
! URxvt*background: #041204
!URxvt.depth: 32
!URxvt*background: rgba:0500/0500/0500/cccc
! URxvt*background: #080810
URxvt*foreground: #d0d7d0
! URxvt*background: black
! URxvt*foreground: white
! URxvt*background: rgb:00/00/40
! URxvt*foreground: rgb:a0/a0/d0
! XTerm*cursorColor: rgb:00/00/60
URxvt*cursorColor: #f042b0
URxvt*cursorColor2: #f0b000
URxvt*cursorBlink: off
! URxvt*cursorUnderline: true
! URxvt*highlightColor: #232323
! URxvt*highlightTextColor: #b0ffb0
URxvt*.pointerBlank: true
URxvt*.pointerBlankDelay: 987654321
URxvt*.pointerColor: #f042b0
URxvt*.pointerColor2: #050505
! URxvt*color0: #000000
! URxvt*color1: #c00000
! URxvt*color2: #80c070
URxvt*color3: #c07000
! URxvt*color4: #0000c0
URxvt*color4: #4040c0
! URxvt*color5: #c000c0
! URxvt*color6: #008080
URxvt*color7: #c0c0c0
URxvt*color8: #707070
URxvt*color9: #ff6060
URxvt*color10: #70ff70
URxvt*color11: #ffff70
URxvt*color12: #7070ff
URxvt*color13: #ff50ff
URxvt*color14: #70ffff
URxvt*color15: #ffffff
''

147
lass/2configs/xserver/default.nix
View file

@ -1,147 +0,0 @@
{ config, pkgs, ... }@args:
with import <stockholm/lib>;
let
user = config.krebs.build.user;
copyqConfig = pkgs.writeDash "copyq-config" ''
${pkgs.copyq}/bin/copyq config check_clipboard true
${pkgs.copyq}/bin/copyq config check_selection true
${pkgs.copyq}/bin/copyq config copy_clipboard true
${pkgs.copyq}/bin/copyq config copy_selection true
${pkgs.copyq}/bin/copyq config activate_closes true
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
${pkgs.copyq}/bin/copyq config clipboard_tab &clipboard
${pkgs.copyq}/bin/copyq config disable_tray true
${pkgs.copyq}/bin/copyq config hide_tabs true
${pkgs.copyq}/bin/copyq config hide_toolbar true
${pkgs.copyq}/bin/copyq config item_popup_interval true
${pkgs.copyq}/bin/copyq config maxitems 1000
${pkgs.copyq}/bin/copyq config move true
${pkgs.copyq}/bin/copyq config text_wrap true
'';
in {
environment.systemPackages = [
pkgs.gitAndTools.qgit
pkgs.mpv
pkgs.sxiv
pkgs.xsel
pkgs.zathura
];
fonts.fonts = [
pkgs.xlibs.fontschumachermisc
];
services.xserver = {
enable = true;
display = 11;
tty = 11;
synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
};
layout = "us";
xkbVariant = "altgr-intl";
xkbOptions = "caps:backspace";
};
systemd.services.display-manager.enable = false;
systemd.services.xmonad = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} &
${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
wait
'';
XMONAD_STATE = "/tmp/xmonad.state";
# XXX JSON is close enough :)
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
"dashboard" # we start here
]);
};
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
ExecStop = pkgs.writeScript "xmonad-stop" ''
#! /bin/sh
${pkgs.xmonad-lass}/bin/xmonad --shutdown
${pkgs.coreutils}/bin/sleep 2s
'';
User = user.name;
WorkingDirectory = user.home;
};
};
systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = {
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
};
serviceConfig = {
SyslogIdentifier = "xserver";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString config.services.xserver.display}"
"vt${toString config.services.xserver.tty}"
"-config ${import ./xserver.conf.nix args}"
"-logfile /dev/null -logverbose 0 -verbose 3"
"-nolisten tcp"
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
];
};
};
systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
systemd.services.copyq = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};
serviceConfig = {
SyslogIdentifier = "copyq";
ExecStart = "${pkgs.copyq}/bin/copyq";
ExecStartPost = copyqConfig;
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
}

40
lass/2configs/xserver/xserver.conf.nix
View file

@ -1,40 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.services.xserver;
in
pkgs.stdenv.mkDerivation {
name = "xserver.conf";
xfs = optionalString (cfg.useXFS != false)
''FontPath "${toString cfg.useXFS}"'';
inherit (cfg) config;
buildCommand =
''
echo 'Section "Files"' >> $out
echo $xfs >> $out
for i in ${toString config.fonts.fonts}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString cfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo 'EndSection' >> $out
echo "$config" >> $out
'';
}

24
lass/5pkgs/xmonad-lass.nix
View file

@ -22,7 +22,7 @@ import XMonad
import qualified XMonad.StackSet as W import qualified XMonad.StackSet as W
import Control.Exception import Control.Exception
import Data.List (isInfixOf) import Data.List (isInfixOf)
import System.Environment (getArgs, withArgs, getEnv) import System.Environment (getArgs, withArgs)
import System.IO (hPutStrLn, stderr) import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile) import System.Posix.Process (executeFile)
import Text.Read (readEither) import Text.Read (readEither)
@ -60,21 +60,17 @@ main = getArgs >>= \case
mainNoArgs :: IO () mainNoArgs :: IO ()
mainNoArgs = do mainNoArgs = do
workspaces0 <- getWorkspaces0
xmonad' xmonad'
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def $ def
{ terminal = urxvtcPath { terminal = urxvtcPath
, modMask = mod4Mask , modMask = mod4Mask
, workspaces = workspaces0
, layoutHook = smartBorders $ myLayoutHook , layoutHook = smartBorders $ myLayoutHook
, manageHook = placeHook (smart (1,0)) <+> floatNextHook , manageHook = placeHook (smart (1,0)) <+> floatNextHook
, startupHook = do
path <- liftIO (getEnv "XMONAD_STARTUP_HOOK")
forkFile path [] Nothing
, normalBorderColor = "#1c1c1c" , normalBorderColor = "#1c1c1c"
, focusedBorderColor = "#f000b0" , focusedBorderColor = "#f000b0"
, handleEventHook = handleShutdownEvent , handleEventHook = handleShutdownEvent
, workspaces = [ "dashboard" ]
} `additionalKeysP` myKeyMap } `additionalKeysP` myKeyMap
myLayoutHook = defLayout myLayoutHook = defLayout
@ -84,7 +80,7 @@ myLayoutHook = defLayout
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO () xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
xmonad' conf = do xmonad' conf = do
path <- getEnv "XMONAD_STATE" let path = "/tmp/xmonad.state"
try (readFile path) >>= \case try (readFile path) >>= \case
Right content -> do Right content -> do
hPutStrLn stderr ("resuming from " ++ path) hPutStrLn stderr ("resuming from " ++ path)
@ -93,25 +89,13 @@ xmonad' conf = do
hPutStrLn stderr (displaySomeException e) hPutStrLn stderr (displaySomeException e)
xmonad conf xmonad conf
getWorkspaces0 :: IO [String]
getWorkspaces0 =
try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
Left e -> warn (displaySomeException e)
Right p -> try (readFile p) >>= \case
Left e -> warn (displaySomeException e)
Right x -> case readEither x of
Left e -> warn e
Right y -> return y
where
warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
displaySomeException :: SomeException -> String displaySomeException :: SomeException -> String
displaySomeException = displayException displaySomeException = displayException
myKeyMap :: [([Char], X ())] myKeyMap :: [([Char], X ())]
myKeyMap = myKeyMap =
[ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f") [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i $HOME/wallpaper -f")
, ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")

3
makefu/1systems/gum.nix
View file

@ -35,6 +35,7 @@ in {
# ../2configs/opentracker.nix # ../2configs/opentracker.nix
../2configs/logging/central-stats-client.nix ../2configs/logging/central-stats-client.nix
../2configs/logging/central-logging-client.nix
]; ];
services.smartd.devices = [ { device = "/dev/sda";} ]; services.smartd.devices = [ { device = "/dev/sda";} ];
@ -64,7 +65,7 @@ in {
# access # access
users.users = { users.users = {
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
}; };
# Chat # Chat

1
makefu/1systems/wry.nix
View file

@ -25,6 +25,7 @@ in {
# collectd # collectd
../2configs/logging/central-stats-client.nix ../2configs/logging/central-stats-client.nix
../2configs/logging/central-logging-client.nix
../2configs/tinc/retiolum.nix ../2configs/tinc/retiolum.nix
# ../2configs/torrent.nix # ../2configs/torrent.nix

6
makefu/1systems/x.nix
View file

@ -10,9 +10,10 @@
../2configs/main-laptop.nix ../2configs/main-laptop.nix
../2configs/laptop-utils.nix ../2configs/laptop-utils.nix
../2configs/laptop-backup.nix ../2configs/laptop-backup.nix
../2configs/dnscrypt.nix
# testing # testing
../2configs/openvpn/vpngate.nix # ../2configs/openvpn/vpngate.nix
#../2configs/temp/share-samba.nix #../2configs/temp/share-samba.nix
# ../2configs/mediawiki.nix # ../2configs/mediawiki.nix
# ../2configs/wordpress.nix # ../2configs/wordpress.nix
@ -26,7 +27,6 @@
#../2configs/elchos/stats.nix #../2configs/elchos/stats.nix
#../2configs/elchos/test/ftpservers.nix #../2configs/elchos/test/ftpservers.nix
../2configs/laptop-backup.nix
# ../2configs/tinc/siem.nix # ../2configs/tinc/siem.nix
#../2configs/torrent.nix #../2configs/torrent.nix
# temporary modules # temporary modules
@ -59,7 +59,7 @@
# hardware specifics are in here # hardware specifics are in here
../2configs/hw/tp-x230.nix ../2configs/hw/tp-x230.nix
../2configs/hw/rtl8812au.nix ../2configs/hw/rtl8812au.nix
../2configs/hw/bcm4352.nix
# mount points # mount points
../2configs/fs/sda-crypto-root-home.nix ../2configs/fs/sda-crypto-root-home.nix

6
makefu/2configs/dnscrypt.nix Normal file
View file

@ -0,0 +1,6 @@
{
services.dnscrypt-proxy.enable = true;
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
}

88
makefu/5pkgs/awesomecfg/full.cfg
View file

@ -101,6 +101,7 @@ browser = "firefox"
-- I suggest you to remap Mod4 to another key using xmodmap or other tools. -- I suggest you to remap Mod4 to another key using xmodmap or other tools.
-- However, you can use another modifier like Mod1, but it may interact with others. -- However, you can use another modifier like Mod1, but it may interact with others.
modkey = "@modkey@" modkey = "@modkey@"
-- modkey = "Mod4"
-- Table of layouts to cover with awful.layout.inc, order matters. -- Table of layouts to cover with awful.layout.inc, order matters.
awful.layout.layouts = awful.layout.layouts =
@ -116,10 +117,24 @@ awful.layout.layouts =
-- awful.layout.suit.spiral.dwindle, -- awful.layout.suit.spiral.dwindle,
awful.layout.suit.max, awful.layout.suit.max,
awful.layout.suit.max.fullscreen, awful.layout.suit.max.fullscreen,
-- awful.layout.suit.magnifier, awful.layout.suit.magnifier,
awful.layout.suit.corner.nw awful.layout.suit.corner.nw
} }
-- }}} -- }}}
-- {{{ Helper Functions
local function client_menu_toggle_fn()
local instance = nil
return function ()
if instance and instance.wibox.visible then
instance:hide()
instance = nil
else
instance = awful.menu.clients({ theme = { width = 250 } })
end
end
end
-- }}}
-- {{{ Wallpaper -- {{{ Wallpaper
if beautiful.wallpaper then if beautiful.wallpaper then
@ -166,50 +181,51 @@ mytextclock = wibox.widget.textclock()
-- Create a wibox for each screen and add it -- Create a wibox for each screen and add it
mywibox = {} mywibox = {}
mylayoutbox = {} mylayoutbox = {}
mytaglist = {}
mytaglist.buttons = awful.util.table.join( -- Create a wibox for each screen and add it
awful.button({ }, 1, awful.tag.viewonly), local taglist_buttons = awful.util.table.join(
awful.button({ modkey }, 1, awful.client.movetotag), awful.button({ }, 1, function(t) t:view_only() end),
awful.button({ modkey }, 1, function(t)
if client.focus then
client.focus:move_to_tag(t)
end
end),
awful.button({ }, 3, awful.tag.viewtoggle), awful.button({ }, 3, awful.tag.viewtoggle),
awful.button({ modkey }, 3, awful.client.toggletag), awful.button({ modkey }, 3, function(t)
awful.button({ }, 4, function(t) awful.tag.viewnext(awful.tag.getscreen(t)) end), if client.focus then
awful.button({ }, 5, function(t) awful.tag.viewprev(awful.tag.getscreen(t)) end) client.focus:toggle_tag(t)
) end
mytasklist = {} end),
mytasklist.buttons = awful.util.table.join( awful.button({ }, 4, function(t) awful.tag.viewnext(t.screen) end),
awful.button({ }, 5, function(t) awful.tag.viewprev(t.screen) end)
)
local tasklist_buttons = awful.util.table.join(
awful.button({ }, 1, function (c) awful.button({ }, 1, function (c)
if c == client.focus then if c == client.focus then
c.minimized = true c.minimized = true
else else
-- Without this, the following -- Without this, the following
-- :isvisible() makes no sense -- :isvisible() makes no sense
c.minimized = false c.minimized = false
if not c:isvisible() then if not c:isvisible() and c.first_tag then
awful.tag.viewonly(c:tags()[1]) c.first_tag:view_only()
end end
-- This will also un-minimize -- This will also un-minimize
-- the client, if needed -- the client, if needed
client.focus = c client.focus = c
c:raise() c:raise()
end end
end), end),
awful.button({ }, 3, function () awful.button({ }, 3, client_menu_toggle_fn()),
if instance then
instance:hide()
instance = nil
else
instance = awful.menu.clients({ width=250 })
end
end),
awful.button({ }, 4, function () awful.button({ }, 4, function ()
awful.client.focus.byidx(1) awful.client.focus.byidx(1)
if client.focus then client.focus:raise() end
end), end),
awful.button({ }, 5, function () awful.button({ }, 5, function ()
awful.client.focus.byidx(-1) awful.client.focus.byidx(-1)
if client.focus then client.focus:raise() end
end)) end))
local function set_wallpaper(s) local function set_wallpaper(s)
-- Wallpaper -- Wallpaper
if beautiful.wallpaper then if beautiful.wallpaper then

2
nin/2configs/nixpkgs.nix
View file

@ -3,6 +3,6 @@
{ {
krebs.build.source.nixpkgs.git = { krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs; url = https://github.com/nixos/nixpkgs;
ref = "6b28bd0daf00b8e5e370a04347844cb8614138ff"; ref = "6651c72";
}; };
} }