Merge branch 'master' of prism.r:stockholm

This commit is contained in:
Markus Hihn 2017-12-15 19:58:16 +01:00
commit 60676b4a8e
40 changed files with 462 additions and 87 deletions

View file

@ -0,0 +1,99 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.initrd.luks.devices = [
{
name = "root";
device = "/dev/sda2";
preLVM = true;
allowDiscards = true;
}
];
# networking.hostName = "nixos"; # Define your hostname.
networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [
vim
git
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.bash.enableCompletion = true;
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.extraUsers.jeschli = {
isNormalUser = true;
uid = 1000;
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.03"; # Did you read the comment?
}

View file

@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sdhci_pci" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e264fc21-45bb-4224-93fc-b0e19c2c3478";
fsType = "ext4";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/bd0846ce-7d39-4329-bcb4-7c76becd6ab1";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/42BF-0795";
fsType = "vfat";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
}

View file

@ -0,0 +1,4 @@
import <stockholm/jeschli/source.nix> {
name = "brauerei";
secure = true;
}

View file

@ -1,7 +1,6 @@
{lib, ... }:
# TODO: do not check out nixpkgs master but fetch revision from github
{
environment.noXlibs = true;
nix.gc.automatic = true;
nix.gc.dates = lib.mkDefault "03:10";
programs.info.enable = false;

View file

@ -83,6 +83,7 @@ let
rsync
utillinux
];
restartIfChanged = false;
serviceConfig = rec {
ExecStart = start plan;
SyslogIdentifier = ExecStart.name;

View file

@ -44,6 +44,7 @@ let
./tinc_graphs.nix
./urlwatch.nix
./repo-sync.nix
./xresources.nix
./zones.nix
];
options.krebs = api;
@ -226,21 +227,26 @@ let
};
})
//
# GitHub's IPv4 address range is 192.30.252.0/22
# Refs https://help.github.com/articles/github-s-ip-addresses/
# 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses)
# Because line length is limited by OPENSSH_LINE_MAX (= 8192),
# we split each /24 into its own entry.
listToAttrs (map
(c: {
name = "github${toString c}";
value = {
hostNames = ["github.com"] ++
map (d: "192.30.${toString c}.${toString d}") (range 0 255);
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
})
(range 252 255))
{
github = {
hostNames = [
"github.com"
# List generated with
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
"192.30.253.*"
"192.30.254.*"
"192.30.255.*"
"185.199.108.*"
"185.199.109.*"
"185.199.110.*"
"185.199.111.*"
"18.195.85.27"
"18.194.104.89"
"35.159.8.160"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
}
//
mapAttrs
(name: host: {

View file

@ -7,10 +7,7 @@ with import <stockholm/lib>;
owner = config.krebs.users.jeschli;
ci = true;
}) {
bln = {
ci = false;
external = true;
nets = {
retiolum = {
ip4.addr = "10.243.27.28";
@ -47,9 +44,44 @@ with import <stockholm/lib>;
};
};
};
brauerei = {
nets = {
retiolum = {
ip4.addr = "10.243.27.29";
ip6.addr = "42::29";
aliases = [
"brauerei.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEAvC4AjkAoH01sKDXE3xVM2YUpPQ9iewIPQCCCSWYZQh2BWOfl+FFs
pW3ix5FjAzTxzkIf5NxW0usff8UTkFHB+sGZLZ9DPqvb8AM4GJsvXR06LORHtBlo
Vt/g1sndD3i3NXn5IJ2G4mZDImQjI3vuTkPyFQsR5LRAaPQgIORHBtN/X1UEVMRq
gThUeMb1kZ/y4AmUx0pepQYmAcYf0cN/7r9n68dWJCZ7DWX3q49bIz4TPG519IQp
KzoCtdXImKl6cFDepa2pRmIW4SPaDXztHDmXoJA1NBfdDOMOW67FUjzhcwZS9usM
q9x/1Tph63PJy4Vc0jsJnY29WrInx/nVAb22QuTOXQ9SfBNoOATYoFoVmY+yw1FX
67y3bRbq8lQk1y3F2vZVYxQ52WiYLmtNtuzUMZHErL7VgFIEfQKoO2Oa/WZXdgSJ
Asmn67NSicc5QNI4rBUthju1JDuM/3ja0yCXh7trDCmPxKd94KzxMlq9VA6S2f/Q
uke3VnXEDqOWOZdcon5DnRTT1y4xjk1XHuO/9tVDcrL7x1unkdGL9BNMU6opJiLm
batAtKQ/7EJrlgIxYpEQyCNAjj0dEn0BgNZNqQSKkeGe6giVMuHtnXeTYMEraDas
DWxHmGOvYWrs3tZdELkB/h/y7DdijOabS4AlLOljKHiacw8e0D7p9qeIU2EwRaXD
ebPYaAIIWn1FU1aCYpvF4YJYbdNJZg6aKpoWNz86ZjO9t3GBkf612xB7fRO9mbTg
Ww2Hl6lir0rnlo7P9M1xhQqmZ0phaUjkqYRCaTOW1kC5ACpJJ/Jrq0oyplHVBY8Y
IvzPDA4nu/YOpyhQjlQwcVt62NgW0CZdwp3ZnMMoy7akgEo71bjoHbRxAeWy5oRB
5CgGvQAB+qdf97XjZ5RggWQ2rglkCn49X4fXN6r4zuaIji1VVFTEZGRNsi0vt1YC
Eedz68auu1ZDO1qwNcX00n94E09B05DQBjE/6SAX6wBCY/BwUtzdQ9JnyfHNSl8i
dmHBPLssB9Dku4U0mo+LLer+bf6fiR7r5gp/KRuY/tMGFahprZRfWFtyO2Pg1cYI
HCdmDmSlbFq3EJmBl0egbU8Ym1m6t4EvPcoTxwy3ljZWybHlhm4wvhGcA/2bDRZA
jcXSL3G7buBOf8WJNYnMXCtPEyIYUdRyNvz3EUfvmbzZDhHd/bc0pJRrrtI7HqoF
+g67gCrtXx6i9PD0LSDJ1jExMZcmU1+DPg0dzDEmLHvW+HW538/HXGJ8FsunWBwD
/8wsQfoqAwlBSucLHDDrYVvfSp0+TLzg/HDMhNkcN7d5hm3syrI+IN4gEEjYeZIO
g7fjR1X7g5FGCDQnRA/dzNsZVnk6UFpCRwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
reagenzglas = {
ci = false;
external = true;
nets = {
retiolum = {
ip4.addr = "10.243.27.27";
@ -92,5 +124,8 @@ with import <stockholm/lib>;
mail = "jeschli@gmail.com";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01";
};
jeschli-bln = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de";
};
};
}

View file

@ -628,8 +628,5 @@ with import <stockholm/lib>;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
mail = "joerg@higgsboson.tk";
};
jeschli = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01";
};
};
}

View file

@ -173,6 +173,7 @@ let
REPONAME = "${name}.git";
};
restartIfChanged = false;
serviceConfig = {
Type = "simple";
PermissionsStartOnly = true;

View file

@ -4,12 +4,15 @@
}:
mkDerivation {
pname = "nix-diff";
version = "1.0.0";
version = "1.0.0-krebs1";
src = fetchgit {
url = "https://github.com/Gabriel439/nix-diff";
sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k";
rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d";
};
patches = [
./nixos-system.patch
];
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [

View file

@ -0,0 +1,18 @@
diff --git a/src/Main.hs b/src/Main.hs
index 959ab8e..d3b6077 100644
--- a/src/Main.hs
+++ b/src/Main.hs
@@ -95,7 +95,12 @@ pathToText path =
underneath `/nix/store`, but this is the overwhelmingly common use case
-}
derivationName :: FilePath -> Text
-derivationName = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText
+derivationName p =
+ if Data.Text.isPrefixOf "nixos-system" s
+ then "nixos-system"
+ else s
+ where
+ s = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText $ p
-- | Group input derivations by their name
groupByName :: Map FilePath (Set Text) -> Map Text (Map FilePath (Set Text))

View file

@ -1,21 +0,0 @@
{ stdenv, fetchurl, cmake, doxygen, zlib, openssl, bzip2, pkgconfig, libpthreadstubs }:
stdenv.mkDerivation rec {
name = "apt-cacher-ng-${version}";
version = "2";
src = fetchurl {
url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz";
sha256 = "0bkc3012vinridl5ch46pwnxjalymx4wf6nxax64nm7bdkcj9azf";
};
NIX_LDFLAGS = "-lpthread";
buildInputs = [ doxygen cmake zlib openssl bzip2 pkgconfig libpthreadstubs ];
meta = {
description = "A caching proxy specialized for linux distribution files";
homepage = http://www.unix-ag.uni-kl.de/~bloch/acng/;
license = stdenv.lib.licenses.gpl2;
maintainers = [ stdenv.lib.maintainers.makefu ];
};
}

View file

@ -0,0 +1,30 @@
{ python, writeScriptBin, ... }:
let
pythonEnv = python.withPackages (ps: [ ps.netaddr ]);
in
writeScriptBin "cidr2glob" ''
#! ${pythonEnv}/bin/python
import netaddr
import re
import sys
def cidr2glob(cidr):
net = netaddr.IPNetwork(cidr)
if net.prefixlen <= 8:
return map(lambda subnet: re.sub(r'\.0\.0\.0$', '.*', str(subnet.ip)), net.subnet(8))
elif net.prefixlen <= 16:
return map(lambda subnet: re.sub(r'\.0\.0$', '.*', str(subnet.ip)), net.subnet(16))
elif net.prefixlen <= 24:
return map(lambda subnet: re.sub(r'\.0$', '.*', str(subnet.ip)), net.subnet(24))
else:
return map(lambda ip: str(ip), list(net))
if __name__ == "__main__":
for cidr in sys.stdin:
for glob in cidr2glob(cidr):
print glob
''

View file

@ -1,24 +1,27 @@
{ coreutils, fetchgit, git, jq, openssh, proot, rsync, stdenv, ... }:
{ coreutils, fetchgit, findutils, git, gnused, jq, openssh, pass, rsync, stdenv
}:
let
PATH = stdenv.lib.makeBinPath [
coreutils
findutils
git
gnused
jq
openssh
proot
pass
rsync
];
in
stdenv.mkDerivation rec {
name = "populate";
version = "1.2.5";
version = "2.1.0";
src = fetchgit {
url = http://cgit.ni.krebsco.de/populate;
rev = "refs/tags/v${version}";
sha256 = "10s4x117zp5whqq991xzw1i2jc1xhl580kx8hhzv8f1b4c9carx1";
sha256 = "0cr50y6h6nps0qgpmi01h0z9wzpv2704y5zgx2salk1grkmvcfmh";
};
phases = [

View file

@ -7,13 +7,16 @@ host@{ name, secure ? false }: let
in
evalSource (toString _file) {
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
secrets.file = getAttr builder {
buildbot = toString <stockholm/krebs/6tests/data/secrets>;
krebs = "${getEnv "HOME"}/secrets/krebs/${host.name}";
secrets = getAttr builder {
buildbot.file = toString <stockholm/krebs/6tests/data/secrets>;
krebs.pass = {
dir = "${getEnv "HOME"}/brain";
name = "krebs-secrets/${name}";
};
};
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "0c5a587eeba5302ff87e494baefd2f14f4e19bee"; # nixos-17.09 @ 2017-11-10
ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13
};
}

View file

@ -41,7 +41,7 @@ in {
default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
};
};
config.services.xresources.resources.X = ''
config.krebs.xresources.resources.X = ''
*.font: ${config.lass.fonts.regular}
*.boldFont: ${config.lass.fonts.bold}
*.italicFont: ${config.lass.fonts.italic}
@ -112,11 +112,7 @@ in {
xkbOptions = "caps:backspace";
};
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
services.urxvtd.enable = true;
services.xresources.enable = true;
krebs.xresources.enable = true;
lass.screenlock.enable = true;
}

View file

@ -18,7 +18,7 @@ with import <stockholm/lib>;
netDevices = {
bra = {
model = "MFCL2700DN";
ip = "10.23.42.221";
ip = "10.42.23.221";
};
};
};

View file

@ -47,7 +47,7 @@ let
createFirefoxUser = name: extraGroups: precedence:
let
bin = pkgs.writeScriptBin name ''
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@
'';
in {
users.extraUsers.${name} = {

View file

@ -15,6 +15,7 @@ in {
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-android.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
];
@ -42,6 +43,10 @@ in {
};
};
krebs.per-user.dev.packages = [
pkgs.go
];
security.sudo.extraConfig = ''
${mainUser.name} ALL=(dev) NOPASSWD: ALL
'';

View file

@ -48,6 +48,7 @@ with import <stockholm/lib>;
{ from = "tomtop@lassul.us"; to = lass.mail; }
{ from = "aliexpress@lassul.us"; to = lass.mail; }
{ from = "business@lassul.us"; to = lass.mail; }
{ from = "payeer@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

View file

@ -57,7 +57,7 @@ let
in {
environment.systemPackages = with pkgs; [
dwarf_fortress
(dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; })
doom1
doom2
vdoom1

View file

@ -0,0 +1,125 @@
# Sample variables file for BCM94356Z NGFF 22x30mm iPA, iLNA board with PCIe for production package
NVRAMRev=$Rev: 492104 $
#4356 chip = 4354 A2 chip
sromrev=11
boardrev=0x1102
boardtype=0x073e
boardflags=0x02400201
#0x2000 enable 2G spur WAR
boardflags2=0x00802000
boardflags3=0x0000000a
#boardflags3 0x00000100 /* to read swctrlmap from nvram*/
#define BFL3_5G_SPUR_WAR 0x00080000 /* enable spur WAR in 5G band */
#define BFL3_AvVim 0x40000000 /* load AvVim from nvram */
macaddr=00:90:4c:1a:10:01
ccode=0x5854
regrev=205
antswitch=0
pdgain5g=4
pdgain2g=4
tworangetssi2g=0
tworangetssi5g=0
paprdis=0
femctrl=10
vendid=0x14e4
devid=0x43ec
manfid=0x2d0
#prodid=0x052e
nocrc=1
otpimagesize=502
xtalfreq=37400
rxgains2gelnagaina0=0
rxgains2gtrisoa0=7
rxgains2gtrelnabypa0=0
rxgains5gelnagaina0=0
rxgains5gtrisoa0=11
rxgains5gtrelnabypa0=0
rxgains5gmelnagaina0=0
rxgains5gmtrisoa0=13
rxgains5gmtrelnabypa0=0
rxgains5ghelnagaina0=0
rxgains5ghtrisoa0=12
rxgains5ghtrelnabypa0=0
rxgains2gelnagaina1=0
rxgains2gtrisoa1=7
rxgains2gtrelnabypa1=0
rxgains5gelnagaina1=0
rxgains5gtrisoa1=10
rxgains5gtrelnabypa1=0
rxgains5gmelnagaina1=0
rxgains5gmtrisoa1=11
rxgains5gmtrelnabypa1=0
rxgains5ghelnagaina1=0
rxgains5ghtrisoa1=11
rxgains5ghtrelnabypa1=0
rxchain=3
txchain=3
aa2g=3
aa5g=3
agbg0=2
agbg1=2
aga0=2
aga1=2
tssipos2g=1
extpagain2g=2
tssipos5g=1
extpagain5g=2
tempthresh=255
tempoffset=255
rawtempsense=0x1ff
pa2ga0=-147,6192,-705
pa2ga1=-161,6041,-701
pa5ga0=-194,6069,-739,-188,6137,-743,-185,5931,-725,-171,5898,-715
pa5ga1=-190,6248,-757,-190,6275,-759,-190,6225,-757,-184,6131,-746
subband5gver=0x4
pdoffsetcckma0=0x4
pdoffsetcckma1=0x4
pdoffset40ma0=0x0000
pdoffset80ma0=0x0000
pdoffset40ma1=0x0000
pdoffset80ma1=0x0000
maxp2ga0=76
maxp5ga0=74,74,74,74
maxp2ga1=76
maxp5ga1=74,74,74,74
cckbw202gpo=0x0000
cckbw20ul2gpo=0x0000
mcsbw202gpo=0x99644422
mcsbw402gpo=0x99644422
dot11agofdmhrbw202gpo=0x6666
ofdmlrbw202gpo=0x0022
mcsbw205glpo=0x88766663
mcsbw405glpo=0x88666663
mcsbw805glpo=0xbb666665
mcsbw205gmpo=0xd8666663
mcsbw405gmpo=0x88666663
mcsbw805gmpo=0xcc666665
mcsbw205ghpo=0xdc666663
mcsbw405ghpo=0xaa666663
mcsbw805ghpo=0xdd666665
mcslr5glpo=0x0000
mcslr5gmpo=0x0000
mcslr5ghpo=0x0000
sb20in40hrpo=0x0
sb20in80and160hr5glpo=0x0
sb40and80hr5glpo=0x0
sb20in80and160hr5gmpo=0x0
sb40and80hr5gmpo=0x0
sb20in80and160hr5ghpo=0x0
sb40and80hr5ghpo=0x0
sb20in40lrpo=0x0
sb20in80and160lr5glpo=0x0
sb40and80lr5glpo=0x0
sb20in80and160lr5gmpo=0x0
sb40and80lr5gmpo=0x0
sb20in80and160lr5ghpo=0x0
sb40and80lr5ghpo=0x0
dot11agduphrpo=0x0
dot11agduplrpo=0x0
phycal_tempdelta=255
temps_period=15
temps_hysteresis=15
rssicorrnorm_c0=4,4
rssicorrnorm_c1=4,4
rssicorrnorm5g_c0=1,2,3,1,2,3,6,6,8,6,6,8
rssicorrnorm5g_c1=1,2,3,2,2,2,7,7,8,7,7,8

View file

@ -16,7 +16,6 @@ in {
boot.kernelParams = [
"fbcon=rotate:1"
];
services.tlp.enable = true;
services.xserver.displayManager.sessionCommands = ''
(sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right)
(sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1)

View file

@ -29,4 +29,9 @@
options = ["nosuid" "nodev" "noatime"];
};
};
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
}

View file

@ -4,7 +4,7 @@ with import <stockholm/lib>;
{
services.urxvtd.enable = true;
services.xresources.resources.urxvt = ''
krebs.xresources.resources.urxvt = ''
URxvt*SaveLines: 4096
URxvt*scrollBar: false
URxvt*urgentOnBell: true

View file

@ -153,15 +153,15 @@ in {
};
security.acme.certs."cgit.lassul.us" = {
email = "lassulus@gmail.com";
webroot = "/var/lib/acme/acme-challenges";
email = "lassulus@lassul.us";
webroot = "/var/lib/acme/acme-challenge";
plugins = [
"account_key.json"
"key.pem"
"fullchain.pem"
"key.pem"
];
group = "nginx";
allowKeysForGroup = true;
user = "nginx";
};
@ -170,6 +170,9 @@ in {
addSSL = true;
sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
locations."/.well-known/acme-challenge".extraConfig = ''
root /var/lib/acme/acme-challenge;
'';
};
users.users.blog = {

View file

@ -12,6 +12,5 @@ _:
./umts.nix
./usershadow.nix
./xserver
./xresources.nix
];
}

View file

@ -17,10 +17,6 @@ let
imp = {
services.xserver = {
# Don't install feh into systemPackages
# refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
desktopManager.session = mkForce [];
enable = true;
display = 11;
tty = 11;
@ -80,7 +76,7 @@ let
];
};
};
services.xresources.resources.dpi = ''
krebs.xresources.resources.dpi = ''
${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"}
'';
systemd.services.urxvtd = {

View file

@ -23,7 +23,7 @@
screengrab = pkgs.writeDashBin "screengrab" ''
resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')"
${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :0.0 -s $resolution -c:v huffyuv $1
${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1
'';
};
}

View file

@ -30,6 +30,7 @@ import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
import XMonad.Actions.DynamicWorkspaces (withWorkspace)
import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
import XMonad.Hooks.EwmhDesktops (ewmh)
import XMonad.Hooks.FloatNext (floatNext)
import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
@ -39,10 +40,10 @@ import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
import XMonad.Layout.NoBorders (smartBorders)
import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Layout.SimpleFloat (simpleFloat)
import XMonad.Stockholm.Shutdown
@ -59,7 +60,7 @@ main = getArgs >>= \case
main' :: IO ()
main' = do
xmonad
xmonad $ ewmh
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def
{ terminal = myTerm
@ -77,7 +78,7 @@ main' = do
myLayoutHook = defLayout
where
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1) ||| simpleFloat
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
myKeyMap :: [([Char], X ())]
myKeyMap =
@ -86,6 +87,8 @@ myKeyMap =
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
, ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type")
, ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
, ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%")
, ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%")

View file

@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "b4a0c01";
ref = "cb751f9";
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

View file

@ -231,7 +231,12 @@ rec {
source = submodule ({ config, ... }: {
options = {
type = let
types = ["file" "git" "symlink"];
types = [
"file"
"git"
"pass"
"symlink"
];
in mkOption {
type = enum types;
default = let
@ -255,6 +260,10 @@ rec {
type = nullOr git-source;
default = null;
};
pass = mkOption {
type = nullOr pass-source;
default = null;
};
symlink = let
symlink-target = (symlink-source.getSubOptions "FIXME").target.type;
in mkOption {
@ -287,6 +296,17 @@ rec {
};
};
pass-source = submodule {
options = {
dir = mkOption {
type = absolute-pathname;
};
name = mkOption {
type = pathname; # TODO relative-pathname
};
};
};
symlink-source = submodule {
options = {
target = mkOption {

View file

@ -15,7 +15,6 @@ with lib;
<stockholm/nin/2configs/git.nix>
<stockholm/nin/2configs/retiolum.nix>
<stockholm/nin/2configs/termite.nix>
<stockholm/nin/2configs/skype.nix>
];
krebs.build.host = config.krebs.hosts.hiawatha;
@ -87,6 +86,7 @@ with lib;
environment.systemPackages = with pkgs; [
firefox
git
lmms
networkmanagerapplet
python
steam

View file

@ -4,6 +4,7 @@ with import <stockholm/lib>;
{
imports = [
../2configs/vim.nix
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
{
users.extraUsers =

View file

@ -40,8 +40,8 @@ let
post-receive = pkgs.git-hooks.irc-announce {
# TODO make nick = config.krebs.build.host.name the default
nick = config.krebs.build.host.name;
channel = "#retiolum";
server = "ni.r";
channel = "#xxx";
server = "irc.r";
verbose = config.krebs.build.host.name == "onondaga";
# TODO define branches in some kind of option per repo
branches = [ "master" ];

View file

@ -14,6 +14,6 @@ in
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "c99239b";
ref = "afe9649";
};
}

View file

@ -11,6 +11,9 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.querel;
krebs.build.user = mkForce config.krebs.users.itak;
boot.extraModulePackages = [
config.boot.kernelPackages.exfat-nofuse
];
boot.initrd.availableKernelModules = [ "ahci" ];
boot.initrd.luks = {
cryptoModules = [ "aes" "sha512" "xts" ];

View file

@ -13,8 +13,16 @@ with import <stockholm/lib>;
http://www.exim.org/
{
url = https://api.github.com/repos/Gabriel439/nix-diff/git/refs/heads/master;
filter = "system:${pkgs.jq}/bin/jq -r .object.sha";
}
# ref src/nixpkgs/pkgs/tools/admin/sec/default.nix
https://api.github.com/repos/simple-evcorr/sec/tags
{
url = https://api.github.com/repos/simple-evcorr/sec/tags;
filter = "system:${pkgs.jq}/bin/jq .";
}
# ref src/nixpkgs/pkgs/tools/networking/urlwatch/default.nix
https://thp.io/2008/urlwatch/
@ -47,7 +55,7 @@ with import <stockholm/lib>;
#http://hackage.haskell.org/package/web-page
# ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github*
https://help.github.com/articles/github-s-ip-addresses/
https://api.github.com/meta
# <stockholm/tv/2configs/xserver/xserver.conf.nix>
# is derived from `configFile` in: