From 8f0f19c5539fde7c93761bb4939ab0a5349e8d2e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 24 Aug 2016 22:05:02 +0200 Subject: [PATCH 01/44] k 5 pwqgen: allow user-provided wordset --- krebs/5pkgs/passwdqc-utils/default.nix | 14 ++++++++++++-- makefu/5pkgs/default.nix | 6 ++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/passwdqc-utils/default.nix b/krebs/5pkgs/passwdqc-utils/default.nix index 0299715ba..53e7f5482 100644 --- a/krebs/5pkgs/passwdqc-utils/default.nix +++ b/krebs/5pkgs/passwdqc-utils/default.nix @@ -1,13 +1,18 @@ -{stdenv,pam,fetchurl,...}: +{ stdenv, pam, + fetchurl, lib, + wordset-file ? null, # set your own wordset-file + ... }: stdenv.mkDerivation rec { name = "passwdqc-utils-${version}"; version = "1.3.0"; buildInputs = [ pam ]; + src = fetchurl { url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz"; sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93"; }; + buildTargets = "utils"; installFlags= [ "BINDIR=$(out)/bin" "CONFDIR=$(out)/etc" @@ -15,7 +20,12 @@ stdenv.mkDerivation rec { "DEVEL_LIBDIR=$(out)/lib" "SECUREDIR=$(out)/lib/security" "INCLUDEDIR=$(out)/include" - "MANDIR=$(out)/man"]; + "MANDIR=$(out)/man" ]; + + patchPhase = lib.optionalString (wordset-file != null) '' + cp -f ${wordset-file} wordset_4k.c + ''; + installTargets = "install_lib install_utils"; meta = { diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 51987c35b..99f401ff5 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -18,6 +18,12 @@ in mycube-flask = callPackage ./mycube-flask {}; nodemcu-uploader = callPackage ./nodemcu-uploader {}; ps3netsrv = callPackage ./ps3netsrv {}; + pwqgen-ger = callPackage ../../krebs/5pkgs/passwdqc-utils { + wordset-file = pkgs.fetchurl { + url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ; + sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; + }; + }; tw-upload-plugin = callPackage ./tw-upload-plugin {}; skytraq-logger = callPackage ./skytraq-logger {}; taskserver = callPackage ./taskserver {}; From 50863545322191f91b089d6bf4d932235a2991a0 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 2 Sep 2016 12:41:26 +0200 Subject: [PATCH 02/44] m 2 urlwatch: remove override --- makefu/2configs/urlwatch.nix | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index f869f5a78..e0fbefa36 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -1,22 +1,6 @@ { config, lib, ... }: { - nixpkgs.config.packageOverrides = pkgs: { - urlwatch = with pkgs.pythonPackages; buildPythonPackage rec { - name = "urlwatch-1.18"; - - propagatedBuildInputs = [ futures ]; - - src = pkgs.fetchurl { - url = "http://thp.io/2008/urlwatch/${name}.tar.gz"; - sha256 = "090qfgx249ks7103sap6w47f8302ix2k46wxhfssxwsqcqdl25vb"; - }; - - postFixup = '' - wrapProgram "$out/bin/urlwatch" --prefix "PYTHONPATH" : "$PYTHONPATH" - ''; - }; - }; krebs.urlwatch = { enable = true; mailto = config.krebs.users.makefu.mail; From 442582f18169e4bef5c35ac817f1701c562782fb Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 2 Sep 2016 12:41:56 +0200 Subject: [PATCH 03/44] m 2 iodined: update to new revision --- makefu/2configs/iodined.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/makefu/2configs/iodined.nix b/makefu/2configs/iodined.nix index d57c91ce8..ca489d073 100644 --- a/makefu/2configs/iodined.nix +++ b/makefu/2configs/iodined.nix @@ -7,10 +7,12 @@ let in { services.iodined = { - enable = true; - domain = domain; - ip = "172.16.10.1/24"; - extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; + server = { + enable = true; + domain = domain; + ip = "172.16.10.1/24"; + extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; + }; }; } From d445954a117638b73ba8fdf43d1b2eed99b5bb8a Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 2 Sep 2016 12:42:28 +0200 Subject: [PATCH 04/44] m 2 omo-share: remove aio threads --- makefu/2configs/omo-share.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix index 7e9842e14..86f768662 100644 --- a/makefu/2configs/omo-share.nix +++ b/makefu/2configs/omo-share.nix @@ -21,7 +21,6 @@ in { sendfile on; sendfile_max_chunk 512k; directio 512; - aio threads; mp4; autoindex on; root /media; From aed8ec549f754d7008b02712e99a9e1133e21932 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 2 Sep 2016 12:47:34 +0200 Subject: [PATCH 05/44] m 1 omo: replace torrent --- makefu/1systems/omo.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 96f7be9fc..71fb85ff6 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -43,9 +43,11 @@ in { # TODO: unlock home partition via ssh ../2configs/fs/sda-crypto-root.nix ../2configs/zsh-user.nix + ../2configs/urlwatch.nix ../2configs/exim-retiolum.nix ../2configs/smart-monitor.nix ../2configs/mail-client.nix + ../2configs/disable_v6.nix #../2configs/graphite-standalone.nix #../2configs/share-user-sftp.nix ../2configs/omo-share.nix @@ -56,13 +58,11 @@ in { # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload ]; makefu.full-populate = true; - makefu.deluge.cfg = { - max_active_seeding = 1; - stop_seed_ratio = 1; - natpmp = true; - upnp = true; - max_upload_speed = 200; - + krebs.rtorrent = { + downloadDir = lib.mkForce "/media/crypt0/torrent"; + extraConfig = '' + upload_rate = 200 + ''; }; users.groups.share = { gid = config.krebs.lib.genid "share"; @@ -109,6 +109,7 @@ in { environment.systemPackages = with pkgs;[ mergerfs # hard requirement for mount wol # wake up filepimp + f3 ]; fileSystems = let cryptMount = name: From 3f09ee57c688105898cedb5e9006f6b6c1bff483 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 2 Sep 2016 12:47:53 +0200 Subject: [PATCH 06/44] m 2 temp/share-samba: add group --- makefu/2configs/temp/share-samba.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/2configs/temp/share-samba.nix b/makefu/2configs/temp/share-samba.nix index c021e66c6..34f0ab0b4 100644 --- a/makefu/2configs/temp/share-samba.nix +++ b/makefu/2configs/temp/share-samba.nix @@ -2,9 +2,11 @@ users.users.smbguest = { name = "smbguest"; uid = config.ids.uids.smbguest; + group = "share"; description = "smb guest user"; home = "/var/empty"; }; + users.groups.share.members = [ "makefu" ]; networking.firewall.allowedTCPPorts = [ 139 445 # samba From 7c799482fd1e5fcd6195a265ea74a050eb9c58f2 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 2 Sep 2016 12:48:32 +0200 Subject: [PATCH 07/44] m udpt: update config --- makefu/2configs/udpt.nix | 10 ++++++++-- makefu/3modules/udpt.nix | 3 ++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/udpt.nix b/makefu/2configs/udpt.nix index 6d55ffaf8..922743bf1 100644 --- a/makefu/2configs/udpt.nix +++ b/makefu/2configs/udpt.nix @@ -1,6 +1,7 @@ {pkgs, ...}: let + daemon-port = 6969; cfgfile = pkgs.writeText "udpt-config" '' [db] driver=sqlite3 @@ -11,7 +12,9 @@ let port=6969 threads=5 allow_remotes=yes - allow_iana_ips=no + + # allow retiolum: + allow_iana_ips=yes announce_interval=1800 cleanup_interval=120 @@ -19,7 +22,7 @@ let enable=yes [logging] - filename=- + filename=/tmp/udpt.log level=warning ''; in { @@ -27,5 +30,8 @@ in { enable = true; inherit cfgfile; }; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p udp --dport ${toString daemon-port} -j ACCEPT + ''; } diff --git a/makefu/3modules/udpt.nix b/makefu/3modules/udpt.nix index 2086bd540..59602e4a9 100644 --- a/makefu/3modules/udpt.nix +++ b/makefu/3modules/udpt.nix @@ -40,8 +40,9 @@ let restartIfChanged = true; serviceConfig = { Type = "simple"; - ExecStart = "${cfg.package}/bin/udpt -c ${shell.escape cfg.cfgfile}"; + ExecStart = "${cfg.package}/bin/udpt -i -c ${shell.escape cfg.cfgfile}"; PrivateTmp = true; + WorkingDirectory = "/tmp"; User = "${cfg.user}"; }; }; From 1258b4c7d20512c1afe0f3b0eceb52335e4155b9 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 2 Sep 2016 12:49:04 +0200 Subject: [PATCH 08/44] m 2 sabnzbd: init --- makefu/2configs/sabnzbd.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 makefu/2configs/sabnzbd.nix diff --git a/makefu/2configs/sabnzbd.nix b/makefu/2configs/sabnzbd.nix new file mode 100644 index 000000000..6b0f2ac3a --- /dev/null +++ b/makefu/2configs/sabnzbd.nix @@ -0,0 +1,16 @@ +{ pkgs, config, ... }: + +with config.krebs.lib; +let + web-port = 8080; +in { + services.sabnzbd.enable = true; + services.sabnzbd.group = "download"; + systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + + users.users.sabnzbd.group = mkForce "download"; + + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT + ''; +} From 50eea6cd812efc65babdea728515ac496055539a Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 2 Sep 2016 12:49:37 +0200 Subject: [PATCH 09/44] m 2 x: add laptop-backup --- makefu/2configs/laptop-backup.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 makefu/2configs/laptop-backup.nix diff --git a/makefu/2configs/laptop-backup.nix b/makefu/2configs/laptop-backup.nix new file mode 100644 index 000000000..8df7043c8 --- /dev/null +++ b/makefu/2configs/laptop-backup.nix @@ -0,0 +1,12 @@ +{config, lib, pkgs, ... }: + +{ + systemd.user.services.duply-secrets = { + description = "run daily secrets backup"; + startAt = "daily"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "{pkgs.duply}/bin/duply omo-secrets backup"; + }; + }; +} From c2295316a8b9e5b6b07c7871d0426bf58035693d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 2 Sep 2016 12:50:07 +0200 Subject: [PATCH 10/44] m 1 x: add laptop-backup --- makefu/1systems/x.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 4829aaabd..0243856ab 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -9,6 +9,7 @@ ../. ../2configs/main-laptop.nix #< base-gui + zsh ../2configs/laptop-utils.nix + ../2configs/laptop-backup.nix # Krebs #../2configs/disable_v6.nix @@ -42,13 +43,14 @@ ../2configs/tinc/retiolum.nix # temporary modules ../2configs/temp/share-samba.nix - ../2configs/temp/elkstack.nix + ../2configs/laptop-backup.nix + # ../2configs/temp/elkstack.nix # ../2configs/temp/sabnzbd.nix ../2configs/tinc/siem.nix - ../2configs/torrent.nix + #../2configs/torrent.nix ]; makefu.full-populate = true; - makefu.deluge.web.enable = true; + krebs.nginx = { default404 = false; servers.default.listen = [ "80 default_server" ]; From 44d94048ac0158944877776710a349063ac5a210 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 2 Sep 2016 12:50:24 +0200 Subject: [PATCH 11/44] m 1 gum: add sabnzbd config --- makefu/1systems/gum.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index ab369d192..401ec6093 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -22,6 +22,8 @@ in { ../2configs/tinc/retiolum.nix ../2configs/urlwatch.nix ../2configs/torrent.nix + ../2configs/sabnzbd.nix + ../2configs/opentracker.nix ]; From 66ba3c3c37b6c08104e3c7f53a203853a481af26 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 3 Sep 2016 00:45:11 +0200 Subject: [PATCH 12/44] m 5 qcma:init --- makefu/5pkgs/default.nix | 1 + makefu/5pkgs/qcma/default.nix | 64 +++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 makefu/5pkgs/qcma/default.nix diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 99f401ff5..0d375a510 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -24,6 +24,7 @@ in sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; }; }; + qcma = pkgs.qt5.callPackage ./qcma {}; tw-upload-plugin = callPackage ./tw-upload-plugin {}; skytraq-logger = callPackage ./skytraq-logger {}; taskserver = callPackage ./taskserver {}; diff --git a/makefu/5pkgs/qcma/default.nix b/makefu/5pkgs/qcma/default.nix new file mode 100644 index 000000000..6eb1a971d --- /dev/null +++ b/makefu/5pkgs/qcma/default.nix @@ -0,0 +1,64 @@ +{ lib, stdenv, fetchFromGitHub, fetchgit, libusb, libtool, autoconf, pkgconfig, git, +gettext, automake, libxml2 , qmakeHook, makeQtWrapper, +qtbase, qttools, qtmultimedia, libnotify, ffmpeg, gdk_pixbuf }: +let + libvitamtp = stdenv.mkDerivation rec { + name = "libvitamtp-${version}"; + version = "2.5.9"; + + src = fetchFromGitHub { + owner = "codestation"; + repo = "vitamtp"; + rev = "v"+version; + sha256 = "09c9f7gqpyicfpnhrfb4r67s2hci6hh31bzmqlpds4fywv5mzaf8"; + }; + + buildInputs = [ libusb libxml2 libtool autoconf automake gettext pkgconfig ]; + preConfigure = "sh ./autogen.sh"; + + meta = { + description = "Content Manager Assistant for the PS Vita"; + homepage = https://github.com/codestation/qcma; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ makefu ]; + }; + }; +in stdenv.mkDerivation rec { + name = "qcma-${version}"; + version = "0.3.13"; + + src = fetchgit { + url = "git://github.com/codestation/qcma.git"; + rev = "refs/tags/v"+version; + leaveDotGit = true; + sha256 = "164abjwlw2nw2i30wlwpsavz1zjkp6a14yprvinma5hflkw4yj6i"; + }; + + preConfigure = '' + lrelease common/resources/translations/*.ts + ''; + + # TODO: manually adding qtbase and qtmultimedia to the library path is shit, + # this should be done somewhere before when building the project, idk. + installPhase = '' + make INSTALL_ROOT="$(out)" install + for i in qcma qcma_cli; do + wrapQtProgram $out/bin/$i --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ + qtbase qtmultimedia ]} + done + ''; + + enableParallelBuilding = true; + + buildInputs = [ gdk_pixbuf ffmpeg libnotify libvitamtp git qtmultimedia qtbase ]; + nativeBuildInputs = [ qmakeHook qttools pkgconfig makeQtWrapper ]; + + meta = { + description = "Content Manager Assistant for the PS Vita"; + homepage = https://github.com/codestation/qcma; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ makefu ]; + }; +} From df48b1cce8982684177d3114760af107c2f76818 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Sep 2016 15:18:09 +0200 Subject: [PATCH 13/44] m 2 default: add trace for populate --- makefu/2configs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index cdaa38f27..110d1ec80 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -24,7 +24,7 @@ with config.krebs.lib; source = let inherit (config.krebs.build) host user; in { nixpkgs = if config.makefu.full-populate or (getEnv "dummy_secrets" == "true") then { # stable @ 2016-07-20 - git = { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; }; + git = trace "Populating nixpkgs via full clone" { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; }; } else # TODO use http, once it is implemented @@ -32,7 +32,7 @@ with config.krebs.lib; ## prepare so we do not have to wait for rsync: ## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs - { file = "/home/makefu/store/125ffff";}; + trace "Populating nixpkgs with local directory" { file = "/home/makefu/store/125ffff";}; secrets.file = if getEnv "dummy_secrets" == "true" then toString From 907499c10bd4063cd4649899b959edd503743ee7 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Sep 2016 15:52:18 +0200 Subject: [PATCH 14/44] m 2 default: remove trace, use || instead of or --- makefu/2configs/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 110d1ec80..a7c2a983e 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,9 +22,9 @@ with config.krebs.lib; build = { user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; in { - nixpkgs = if config.makefu.full-populate or (getEnv "dummy_secrets" == "true") then + nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { # stable @ 2016-07-20 - git = trace "Populating nixpkgs via full clone" { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; }; + git = { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; }; } else # TODO use http, once it is implemented @@ -32,7 +32,7 @@ with config.krebs.lib; ## prepare so we do not have to wait for rsync: ## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs - trace "Populating nixpkgs with local directory" { file = "/home/makefu/store/125ffff";}; + { file = "/home/makefu/store/125ffff";}; secrets.file = if getEnv "dummy_secrets" == "true" then toString From 71b41a206e22b8cf07e219028b4f365db2f765f0 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Sep 2016 15:52:37 +0200 Subject: [PATCH 15/44] k 3 repo-sync: add more explicit documentation --- krebs/3modules/repo-sync.nix | 40 ++++++++++++++++++++++++++++++------ 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 0317d1eca..bcd9da5ea 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -17,29 +17,57 @@ let # see `repo-sync --help` # `ref` provides sane defaults and can be omitted + # you can have multiple repo-sync groups and therefore multiple @latest + # configuration entries. # attrset will be converted to json and be used as config - { repo = { + # each attrset defines a group of repos for syncing + + { nxpkgs = { makefu = { origin = { - url = http://github.com/makefu/repo ; + url = http://github.com/makefu/nixpkgs; ref = "heads/dev" ; }; mirror = { - url = "git@internal:mirror" ; + url = "git@internal:nixpkgs-mirror" ; ref = "heads/github-mirror-dev" ; }; }; lass = { origin = { - url = http://github.com/lass/repo ; + url = http://github.com/lass/nixpkgs; }; mirror = { - url = "git@internal:mirror" ; + url = "git@internal:nixpkgs-mirror" ; }; }; "@latest" = { mirror = { - url = "git@internal:mirror"; + url = "git@internal:nixpkgs-mirror"; + ref = "heads/master"; + }; + }; + }; + stockholm = { + lass = { + origin = { + url = http://cgit.prism.r/stockholm; + }; + mirror = { + url = "git@internal:stockholm-mirror" ; + }; + }; + makefu = { + origin = { + url = http://gum.krebsco.de/stockholm; + }; + mirror = { + url = "git@internal:stockholm-mirror" ; + }; + }; + "@latest" = { + mirror = { + url = "git@internal:stockholm-mirror"; ref = "heads/master"; }; }; From 1daec454eb524925eebf407c54a0e9d925b2bb7a Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 8 Sep 2016 08:27:01 +0200 Subject: [PATCH 16/44] m 5 default: use cups from nixpkgs-stable --- makefu/5pkgs/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 0d375a510..6d020406d 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -2,9 +2,16 @@ let inherit (pkgs) callPackage; + nixpkgs-1509 = import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs-channels"; + rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; + sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; + }) {}; + in { nixpkgs.config.packageOverrides = rec { + cups = nixpkgs-1509.cups; alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; From f5e177b5279bbdbbb78e68bc961dc475ad8b6a1e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 1 Oct 2016 02:13:47 +0200 Subject: [PATCH 17/44] l 1 mors: add iodine to pkgs --- lass/1systems/mors.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 1aa4d9b23..c3c7f6b59 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -194,6 +194,7 @@ with config.krebs.lib; remmina logf + iodine ]; #TODO: fix this shit From fbadb5cd59158305a2358e2a240f2fda6666894c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 1 Oct 2016 02:16:47 +0200 Subject: [PATCH 18/44] l 2 iodined: add -c to running command --- lass/2configs/iodined.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/iodined.nix b/lass/2configs/iodined.nix index 3108a6b23..a02dab97c 100644 --- a/lass/2configs/iodined.nix +++ b/lass/2configs/iodined.nix @@ -10,7 +10,7 @@ in { enable = true; domain = domain; ip = "172.16.10.1/24"; - extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; + extraConfig = "-c -P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; }; krebs.iptables.tables.filter.INPUT.rules = [ From 8c618dd3f0e282a4b9235c66202b05dccff158d3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 1 Oct 2016 02:17:17 +0200 Subject: [PATCH 19/44] l 2 iodined: open the correct port --- lass/2configs/iodined.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/iodined.nix b/lass/2configs/iodined.nix index a02dab97c..ff254f39d 100644 --- a/lass/2configs/iodined.nix +++ b/lass/2configs/iodined.nix @@ -14,7 +14,7 @@ in { }; krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 54"; target = "ACCEPT";} + { predicate = "-p udp --dport 53"; target = "ACCEPT";} ]; } From 836f1d3277e97945d0029c7458ab548eb41722dd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 1 Oct 2016 02:51:26 +0200 Subject: [PATCH 20/44] l 2 nixpkgs: 3fb009d -> 8a89481 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 9e3fe888c..879da19bb 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/lassulus/nixpkgs; - ref = "3fb009d94e70f5d1151f4ec239a90d2de1979a74"; + ref = "8a8948167324f67d26a1c7ddc8e387128332b622"; }; } From 63ef87433085f10a874146bdeffb38abf17ea39f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 1 Oct 2016 02:52:35 +0200 Subject: [PATCH 21/44] l 3 umts: remove obsolete comments --- lass/3modules/umts.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lass/3modules/umts.nix b/lass/3modules/umts.nix index 01adc0409..7daaba89e 100644 --- a/lass/3modules/umts.nix +++ b/lass/3modules/umts.nix @@ -41,10 +41,6 @@ let wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113 - #modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; - modem-device = "/dev/serial/by-id/usb-HUAWEI_Technologies_HUAWEI_Mobile-if00-port0"; - - # TODO: currently it is only netzclub umts-bin = pkgs.writeScriptBin "umts" '' #!/bin/sh set -euf From 4d7df5a4ee8cfa3fd1524b9442fefa3b0e3aebe7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Oct 2016 12:38:04 +0200 Subject: [PATCH 22/44] l 1 mors: add macchanger to pkgs --- lass/1systems/mors.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index c3c7f6b59..21e992a3e 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -195,6 +195,8 @@ with config.krebs.lib; logf iodine + + macchanger ]; #TODO: fix this shit From 65494d381ea22b086f4bb30a12a58e0f7b37bf12 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:35:53 +0200 Subject: [PATCH 23/44] l 1: explicitly add /tmp as tmpfs --- lass/1systems/helios.nix | 5 +++++ lass/1systems/mors.nix | 5 +++++ lass/1systems/prism.nix | 6 ++++++ lass/1systems/shodan.nix | 5 +++++ lass/1systems/uriel.nix | 5 +++++ 5 files changed, 26 insertions(+) diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 26ad316ce..8ce1d5748 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -102,6 +102,11 @@ with config.krebs.lib; device = "/dev/pool/bku"; fsType = "ext4"; }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; }; #services.udev.extraRules = '' diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 1aa4d9b23..c5d7d2da5 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -140,6 +140,11 @@ with config.krebs.lib; device = "/dev/big/conf"; fsType = "ext4"; }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; }; services.udev.extraRules = '' diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index b508103c5..51d106b5e 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -120,6 +120,12 @@ in { device = "/dev/pool/bku"; }; + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + } { sound.enable = false; diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index af98c6968..5140591af 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -50,6 +50,11 @@ with builtins; device = "/dev/pool/home-lass"; fsType = "ext4"; }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; }; services.udev.extraRules = '' diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index c6d4dbd89..7f09836dd 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -77,6 +77,11 @@ with config.krebs.lib; "/boot" = { device = "/dev/sda1"; }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; }; services.udev.extraRules = '' From 6ebb34aac192037c7d65e736c9ad48ad693aa894 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:37:12 +0200 Subject: [PATCH 24/44] l 2 browsers: refactor, generate more stuff --- lass/2configs/browsers.nix | 70 +++++++++++++++++++++++++------------- 1 file changed, 47 insertions(+), 23 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index ea79053ce..90f420674 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,11 +1,28 @@ { config, lib, pkgs, ... }: +with config.krebs.lib; let - inherit (config.krebs.lib) genid; mainUser = config.users.extraUsers.mainUser; - createChromiumUser = name: extraGroups: packages: - { + + browser-select = pkgs.writeScriptBin "browser-select" '' + BROWSER=$(echo -e "${concatStringsSep "\\n" (attrNames config.lass.browser.paths)}" | ${pkgs.dmenu}/bin/dmenu) + case $BROWSER in + ${concatMapStringsSep "\n" (n: '' + ${n}) + export BIN=${config.lass.browser.paths.${n}}/bin/${n} + ;; + '') (attrNames config.lass.browser.paths)} + esac + $BIN "$@" + ''; + + createChromiumUser = name: extraGroups: + let + bin = pkgs.writeScriptBin name '' + /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ + ''; + in { users.extraUsers.${name} = { inherit name; inherit extraGroups; @@ -14,19 +31,21 @@ let useDefaultShell = true; createHome = true; }; - krebs.per-user.${name}.packages = packages; + lass.browser.paths.${name} = bin; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; environment.systemPackages = [ - (pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i chromium $@ - '') + bin ]; }; - createFirefoxUser = name: extraGroups: packages: - { + createFirefoxUser = name: extraGroups: + let + bin = pkgs.writeScriptBin name '' + /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ + ''; + in { users.extraUsers.${name} = { inherit name; inherit extraGroups; @@ -35,14 +54,12 @@ let useDefaultShell = true; createHome = true; }; - krebs.per-user.${name}.packages = packages; + lass.browser.paths.${name} = bin; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; environment.systemPackages = [ - (pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i firefox $@ - '') + bin ]; }; @@ -50,19 +67,26 @@ let in { + lass.browser.select = browser-select; + environment.systemPackages = [ - (pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "ff\ncr\nwk\nfb\ngm\nflash" | dmenu) - $BROWSER $@ - '') + browser-select ]; imports = [ - ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] ) - ( createChromiumUser "cr" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "wk" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "fb" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "gm" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "com" [ "video" "audio" ] [ pkgs.chromium ] ) + { + options.lass.browser.select = mkOption { + type = types.path; + }; + options.lass.browser.paths = mkOption { + type = with types; attrsOf path; + }; + } + ( createFirefoxUser "ff" [ "audio" ] ) + ( createChromiumUser "cr" [ "video" "audio" ] ) + ( createChromiumUser "wk" [ "video" "audio" ] ) + ( createChromiumUser "fb" [ "video" "audio" ] ) + ( createChromiumUser "gm" [ "video" "audio" ] ) + ( createChromiumUser "com" [ "video" "audio" ] ) ]; } From 840ba63835cd2f1074073b5d1d0c6aab0d85c1ca Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:38:05 +0200 Subject: [PATCH 25/44] l 2 nixpkgs: 3fb009d -> 0c022c4 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 9e3fe888c..069d80198 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/lassulus/nixpkgs; - ref = "3fb009d94e70f5d1151f4ec239a90d2de1979a74"; + ref = "0c022c45df220159233d591eadcd85118dd70345"; }; } From 9189028e8f2c8171c57d8b46dabd2998f1752e62 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:40:14 +0200 Subject: [PATCH 26/44] l 1 mors: disable docker (k 5 needs fixing) --- lass/1systems/mors.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index c5d7d2da5..9c9ee3912 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -54,8 +54,8 @@ with config.krebs.lib; enable = true; package = pkgs.postgresql; }; - virtualisation.docker.enable = true; - users.users.mainUser.extraGroups = [ "docker" ]; + #virtualisation.docker.enable = true; + #users.users.mainUser.extraGroups = [ "docker" ]; } { lass.umts = { From 946f33f72b7bd09085ef8b8d0cac4bda5547d567 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:40:41 +0200 Subject: [PATCH 27/44] l 1 mors: add thunderbird to pkgs --- lass/1systems/mors.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 9c9ee3912..87f83efa3 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -197,6 +197,7 @@ with config.krebs.lib; urban mk_sql_pair remmina + thunderbird logf ]; From 987404fb08b3cac4e90ffaa9a70d148c4c5265ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:41:03 +0200 Subject: [PATCH 28/44] l 2: useChroot -> useSandbox --- lass/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index af3ed1d36..1babf6011 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -67,7 +67,7 @@ with config.krebs.lib; }; }; - nix.useChroot = true; + nix.useSandbox = true; users.mutableUsers = false; From b5fcc74ba347802eb70dba5e2e597eb95166a74f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:42:08 +0200 Subject: [PATCH 29/44] l 2: add populate to pkgs --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 1babf6011..83f8265b0 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -97,6 +97,7 @@ with config.krebs.lib; jq parallel proot + populate #style most From c1118810c7c26f5066def864b317e27b943789a2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:42:37 +0200 Subject: [PATCH 30/44] l 2: remove obsolete bashrc code --- lass/2configs/default.nix | 9 --------- 1 file changed, 9 deletions(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 83f8265b0..0b7ca8eaa 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -142,15 +142,6 @@ with config.krebs.lib; shopt -s histappend histreedit histverify shopt -s no_empty_cmd_completion complete -d cd - - #fancy colors - if [ -e ~/LS_COLORS ]; then - eval $(dircolors ~/LS_COLORS) - fi - - if [ -e /etc/nixos/dotfiles/link ]; then - /etc/nixos/dotfiles/link - fi ''; promptInit = '' if test $UID = 0; then From 2d7dc45179a18a27e84bbfaf65c6301980bcf2cc Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:43:12 +0200 Subject: [PATCH 31/44] l 2 iodined: iodined -> iodine.server --- lass/2configs/iodined.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/iodined.nix b/lass/2configs/iodined.nix index 3108a6b23..52f6e9b87 100644 --- a/lass/2configs/iodined.nix +++ b/lass/2configs/iodined.nix @@ -6,7 +6,7 @@ let pw = import ; in { - services.iodined = { + services.iodine.server = { enable = true; domain = domain; ip = "172.16.10.1/24"; From 51ba4971f8b6aa69cf8ba27b5ffa1fce2503caca Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:45:28 +0200 Subject: [PATCH 32/44] l 2 xserver: use browser-select directly --- lass/2configs/xserver/Xresources.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix index 5d3661706..0f04540c3 100644 --- a/lass/2configs/xserver/Xresources.nix +++ b/lass/2configs/xserver/Xresources.nix @@ -11,7 +11,7 @@ pkgs.writeText "Xresources" '' ! ref https://github.com/muennich/urxvt-perls URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - URxvt.url-select.launcher: browser-select + URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select URxvt.url-select.underline: true URxvt.keysym.M-u: perl:url-select:select_next URxvt.keysym.M-Escape: perl:keyboard-select:activate From 9686baf42b5ff7ab67870ec82058afe3aaa2b0b3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:46:28 +0200 Subject: [PATCH 33/44] l 2 xserver: copy tv's config --- lass/2configs/xserver/default.nix | 227 +++++++++++++----------------- 1 file changed, 98 insertions(+), 129 deletions(-) diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 73b148bf7..0f9b1f84a 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -1,143 +1,112 @@ -{ config, lib, pkgs, ... }@args: - +{ config, pkgs, ... }@args: with config.krebs.lib; - let - # TODO krebs.build.user - user = config.users.users.mainUser; + user = config.krebs.build.user; +in { - out = { - services.xserver = { - display = 11; - tty = 11; + environment.systemPackages = [ + pkgs.gitAndTools.qgit + pkgs.mpv + pkgs.sxiv + pkgs.xsel + pkgs.zathura + ]; - synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - }; + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; - #keyboard stuff - layout = "us"; - xkbVariant = "altgr-intl"; - xkbOptions = "caps:backspace"; + services.xserver = { + enable = true; + display = 11; + tty = 11; + + synaptics = { + enable = true; + twoFingerScroll = true; + accelFactor = "0.035"; }; - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc + layout = "us"; + xkbVariant = "altgr-intl"; + xkbOptions = "caps:backspace"; + }; + + systemd.services.display-manager.enable = false; + + systemd.services.xmonad = { + wantedBy = [ "multi-user.target" ]; + requires = [ "xserver.service" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + + XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & + ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} & + ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & + wait + ''; + + XMONAD_STATE = "/tmp/xmonad.state"; + + # XXX JSON is close enough :) + XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ + "dashboard" # we start here + ]); + }; + serviceConfig = { + SyslogIdentifier = "xmonad"; + ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; + ExecStop = pkgs.writeScript "xmonad-stop" '' + #! /bin/sh + ${pkgs.xmonad-lass}/bin/xmonad --shutdown + ${pkgs.coreutils}/bin/sleep 2s + ''; + User = user.name; + WorkingDirectory = user.home; + }; + }; + + systemd.services.xserver = { + after = [ + "systemd-udev-settle.service" + "local-fs.target" + "acpid.service" ]; - - systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; - serviceConfig = { - ExecReload = need-reload "urxvtd.service"; - ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = user.name; - }; + reloadIfChanged = true; + environment = { + XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. + XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. + LD_LIBRARY_PATH = concatStringsSep ":" ( + [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] + ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); }; - - krebs.per-user.lass.packages = [ - pkgs.rxvt_unicode_with-plugins - ]; - - systemd.services.display-manager.enable = false; - - services.xserver.enable = true; - - systemd.services.xmonad = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; - environment = xmonad-environment; - restartIfChanged = true; - serviceConfig = { - ExecStart = "${xmonad-start}/bin/xmonad"; - ExecStop = "${xmonad-stop}/bin/xmonad-stop"; - User = user.name; - WorkingDirectory = user.home; - }; - }; - - systemd.services.xserver = { - after = [ - "systemd-udev-settle.service" - "local-fs.target" - "acpid.service" + serviceConfig = { + SyslogIdentifier = "xserver"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = toString [ + "${pkgs.xorg.xorgserver}/bin/X" + ":${toString config.services.xserver.display}" + "vt${toString config.services.xserver.tty}" + "-config ${import ./xserver.conf.nix args}" + "-logfile /dev/null -logverbose 0 -verbose 3" + "-nolisten tcp" + "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" ]; - reloadIfChanged = true; - environment = xserver-environment; - serviceConfig = { - ExecReload = need-reload "xserver.service"; - ExecStart = "${xserver}/bin/xserver"; - }; }; }; - xmonad-environment = { - DISPLAY = ":${toString config.services.xserver.display}"; - XMONAD_STATE = "/tmp/xmonad.state"; - - # XXX JSON is close enough :) - XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ - "dashboard" - ]); + systemd.services.urxvtd = { + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + serviceConfig = { + SyslogIdentifier = "urxvtd"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = user.name; + }; }; - - xmonad-start = pkgs.writeScriptBin "xmonad" '' - #! ${pkgs.bash}/bin/bash - set -efu - export PATH; PATH=${makeSearchPath "bin" ([ - pkgs.rxvt_unicode - ] ++ config.environment.systemPackages)}:/var/setuid-wrappers - settle() {( - # Use PATH for a clean journal - command=''${1##*/} - PATH=''${1%/*}; export PATH - shift - until "$command" "$@"; do - ${pkgs.coreutils}/bin/sleep 1 - done - )&} - settle ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - settle ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} - settle ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' - exec ${pkgs.xmonad-lass}/bin/xmonad - ''; - - xmonad-stop = pkgs.writeScriptBin "xmonad-stop" '' - #! /bin/sh - ${pkgs.xmonad-lass}/bin/xmonad --shutdown - ${pkgs.coreutils}/bin/sleep 2s - ''; - - xserver-environment = { - XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. - XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. - LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] - ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); - }; - - xserver = pkgs.writeScriptBin "xserver" '' - #! /bin/sh - set -efu - exec ${pkgs.xorg.xorgserver.out}/bin/X \ - :${toString config.services.xserver.display} \ - vt${toString config.services.xserver.tty} \ - -config ${import ./xserver.conf.nix args} \ - -logfile /var/log/X.${toString config.services.xserver.display}.log \ - -nolisten tcp \ - -xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb \ - ''; - - need-reload = s: let - pkg = pkgs.writeScriptBin "need-reload" '' - #! /bin/sh - echo "$*" - ''; - in "${pkg}/bin/need-reload ${s}"; - -in out +} From 4449ac801152a1366452977ff076cfdd4b0ca236 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:47:11 +0200 Subject: [PATCH 34/44] l 5 xmonad-lass: make config more like tv's --- lass/5pkgs/xmonad-lass.nix | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 86e69b10c..7d1f44fb7 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -9,7 +9,7 @@ pkgs.writeHaskell "xmonad-lass" { "xmonad-contrib" "xmonad-stockholm" ]; - text = '' + text = /* haskell */ '' {-# LANGUAGE DeriveDataTypeable #-} -- for XS {-# LANGUAGE FlexibleContexts #-} -- for xmonad' {-# LANGUAGE LambdaCase #-} @@ -24,6 +24,7 @@ import Control.Exception import Data.List (isInfixOf) import System.Environment (getArgs, withArgs, getEnv) import System.IO (hPutStrLn, stderr) +import System.Posix.Process (executeFile) import Text.Read (readEither) import XMonad.Actions.CopyWindow (copy, kill1) import XMonad.Actions.CycleWS (toggleWS) @@ -41,13 +42,13 @@ import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNext import XMonad.Layout.NoBorders (smartBorders) import XMonad.Prompt (autoComplete, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) -import XMonad.Stockholm.Shutdown (sendShutdownEvent, handleShutdownEvent) import XMonad.Util.EZConfig (additionalKeysP) import XMonad.Layout.SimpleFloat (simpleFloat) +import XMonad.Stockholm.Shutdown -myTerm :: String -myTerm = "${pkgs.rxvt_unicode}/bin/urxvtc" +urxvtcPath :: FilePath +urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc" myFont :: String myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" @@ -63,12 +64,14 @@ mainNoArgs = do xmonad' $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def - { terminal = myTerm + { terminal = urxvtcPath , modMask = mod4Mask , workspaces = workspaces0 , layoutHook = smartBorders $ myLayoutHook , manageHook = placeHook (smart (1,0)) <+> floatNextHook - , startupHook = spawn "echo emit XMonadStartup" + , startupHook = do + path <- liftIO (getEnv "XMONAD_STARTUP_HOOK") + forkFile path [] Nothing , normalBorderColor = "#1c1c1c" , focusedBorderColor = "#f000b0" , handleEventHook = handleShutdownEvent @@ -84,7 +87,7 @@ xmonad' conf = do path <- getEnv "XMONAD_STATE" try (readFile path) >>= \case Right content -> do - hPutStrLn stderr ("resuming from " ++ path ++ "; state = " ++ show content) + hPutStrLn stderr ("resuming from " ++ path) withArgs ("--resume" : lines content) (xmonad conf) Left e -> do hPutStrLn stderr (displaySomeException e) @@ -124,8 +127,8 @@ myKeyMap = , ("M4-S-", removeEmptyWorkspace) , ("M4-S-c", kill1) , ("M4-", toggleWS) - , ("M4-S-", spawn myTerm) - , ("M4-x", floatNext True >> spawn myTerm) + , ("M4-S-", spawn urxvtcPath) + , ("M4-x", floatNext True >> spawn urxvtcPath) , ("M4-f", floatNext True) , ("M4-b", sendMessage ToggleStruts) @@ -142,6 +145,10 @@ myKeyMap = , ("M4-S-q", return ()) ] +forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () +forkFile path args env = + xfork (executeFile path False args env) >> return () + autoXPConfig :: XPConfig autoXPConfig = def { autoComplete = Just 5000 @@ -160,8 +167,6 @@ gridConfig = def , gs_navigate = navNSearch , gs_font = myFont } - ''; }; } - From ef4e7dc4ba76ce990577ba800d31c9ba56ecde48 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:48:52 +0200 Subject: [PATCH 35/44] l 2 zsh: disable zsh as defaultShell urxvt terminfo is missing if connection is made via ssh --- lass/2configs/zsh.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index b221d7677..aa159be07 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -118,5 +118,4 @@ fi ''; }; - users.defaultUserShell = "/run/current-system/sw/bin/zsh"; } From 88bb31e8d2ca330c14d4a6e843d7cd7b1909d815 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:50:42 +0200 Subject: [PATCH 36/44] l 2 websites domsen: use new phpOptions --- lass/2configs/websites/domsen.nix | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2f93c1f9c..0723e9ab9 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -144,22 +144,13 @@ in { }; - #services.phpfpm.phpOptions = '' - # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - # sendmail_path = ${sendmail} -t - #''; - services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - options = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = "${sendmail} -t -i" - always_populate_raw_post_data = -1 - upload_max_filesize = 100M - post_max_size = 100M - file_uploads = on - ''; - } '' - cat ${pkgs.php}/etc/php-recommended.ini > $out - echo "$options" >> $out + services.phpfpm.phpOptions = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = ${sendmail} -t + always_populate_raw_post_data = -1 + upload_max_filesize = 100M + post_max_size = 100M + file_uploads = on ''; # MAIL STUFF From b6c5994e037ab92055f5cfdeb89f46864b348b39 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Oct 2016 17:51:22 +0200 Subject: [PATCH 37/44] l 3: add hosts.nix --- lass/3modules/default.nix | 1 + lass/3modules/hosts.nix | 12 ++++++++++++ 2 files changed, 13 insertions(+) create mode 100644 lass/3modules/hosts.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 6e1e20dd3..6588ca0d3 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -3,6 +3,7 @@ _: imports = [ ./ejabberd ./folderPerms.nix + ./hosts.nix ./mysql-backup.nix ./umts.nix ./urxvtd.nix diff --git a/lass/3modules/hosts.nix b/lass/3modules/hosts.nix new file mode 100644 index 000000000..f2ff10c06 --- /dev/null +++ b/lass/3modules/hosts.nix @@ -0,0 +1,12 @@ +{ config, ... }: + +with config.krebs.lib; + +{ + options.lass.hosts = mkOption { + type = types.attrsOf types.host; + default = + filterAttrs (_: host: host.owner.name == "lass") + config.krebs.hosts; + }; +} From 49ad272f65e310344e7a209050c54c1acedbedb8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Oct 2016 09:41:12 +0200 Subject: [PATCH 38/44] l 2 nixpkgs: change url to github/nixos --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 069d80198..09462e624 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -2,7 +2,7 @@ { krebs.build.source.nixpkgs.git = { - url = https://github.com/lassulus/nixpkgs; + url = https://github.com/nixos/nixpkgs; ref = "0c022c45df220159233d591eadcd85118dd70345"; }; } From 76a2187972ca8c0b7566aba78affdd032d8a1343 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Oct 2016 12:14:57 +0200 Subject: [PATCH 39/44] remove comments from php config, phpfpm error --- krebs/3modules/rtorrent.nix | 1 - lass/2configs/websites/util.nix | 2 -- lass/3modules/owncloud_nginx.nix | 1 - lass/3modules/wordpress_nginx.nix | 1 - 4 files changed, 5 deletions(-) diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index 57a579bc0..d53482339 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -336,7 +336,6 @@ let pm.min_spare_servers = 1 pm.max_spare_servers = 3 chdir = / - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 467229c0c..23f417195 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -167,7 +167,6 @@ rec { pm.max_spare_servers = 3 listen.owner = nginx listen.group = nginx - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes @@ -220,7 +219,6 @@ rec { pm.max_spare_servers = 3 listen.owner = nginx listen.group = nginx - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix index 35d8d04a5..4a79311a4 100644 --- a/lass/3modules/owncloud_nginx.nix +++ b/lass/3modules/owncloud_nginx.nix @@ -111,7 +111,6 @@ let pm.max_spare_servers = 3 listen.owner = ${user} listen.group = ${group} - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes diff --git a/lass/3modules/wordpress_nginx.nix b/lass/3modules/wordpress_nginx.nix index 108054cb6..4305a121b 100644 --- a/lass/3modules/wordpress_nginx.nix +++ b/lass/3modules/wordpress_nginx.nix @@ -154,7 +154,6 @@ let pm.max_spare_servers = 3 listen.owner = ${user} listen.group = ${group} - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes From 7e16427bb5afec6cfefb89e442bc3b529a583e39 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Oct 2016 12:15:57 +0200 Subject: [PATCH 40/44] l 1 mors: disable c-base vpn --- lass/1systems/mors.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 145e94921..1028ca652 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -23,7 +23,7 @@ with config.krebs.lib; ../2configs/teamviewer.nix ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix - ../2configs/c-base.nix + #../2configs/c-base.nix ../2configs/mail.nix ../2configs/krebs-pass.nix ../2configs/repo-sync.nix From 8ef5d94a78104f603d8c5882fd2de331d4d7e2f2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Oct 2016 12:16:21 +0200 Subject: [PATCH 41/44] l 1 uriel: fix duplicate definition of wireless --- lass/1systems/uriel.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 7f09836dd..aa5286ae0 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -23,7 +23,6 @@ with config.krebs.lib; useDefaultShell = true; }; networking.networkmanager.enable = true; - networking.wireless.enable = mkForce false; hardware.pulseaudio = { enable = true; systemWide = true; @@ -41,8 +40,6 @@ with config.krebs.lib; krebs.build.host = config.krebs.hosts.uriel; - networking.wireless.enable = true; - hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; From 1c4bf63ed89d93fb13d98c5a0a12fc00387bbadd Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Oct 2016 12:34:49 +0200 Subject: [PATCH 42/44] l 2 websites domsen: disable apcu --- lass/2configs/websites/domsen.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 0723e9ab9..e05f40d97 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -143,11 +143,8 @@ in { }; }; - services.phpfpm.phpOptions = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so sendmail_path = ${sendmail} -t - always_populate_raw_post_data = -1 upload_max_filesize = 100M post_max_size = 100M file_uploads = on From 9db5a1e5b8d360d77e0a748435e668c3bccd9415 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 13 Oct 2016 11:44:22 +0200 Subject: [PATCH 43/44] l 5 xmonad-lass: use nix-path for i3lock --- lass/5pkgs/xmonad-lass.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 7d1f44fb7..96b12b9d4 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -111,7 +111,7 @@ displaySomeException = displayException myKeyMap :: [([Char], X ())] myKeyMap = - [ ("M4-", spawn "i3lock -i /var/lib/wallpaper/wallpaper -f") + [ ("M4-", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 +4%") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 -4%") From 8458ffd7a00a3e4c734755de7d72f95458d1bb52 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 13 Oct 2016 19:45:21 +0200 Subject: [PATCH 44/44] l 2 nixpkgs: 0c022c4 -> 354fd37 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 09462e624..6e9138b61 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0c022c45df220159233d591eadcd85118dd70345"; + ref = "354fd3728952c229fee4f2924737c601d7ab4725"; }; }