Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
729549d154
|
@ -1,2 +1,3 @@
|
|||
- /.git
|
||||
- /.graveyard
|
||||
P /.version-suffix
|
||||
|
|
41
krebs/1systems/hope/config.nix
Normal file
41
krebs/1systems/hope/config.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
with import <stockholm/lib>;
|
||||
{ config, pkgs, ... }: let
|
||||
|
||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
|
||||
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/krebs>
|
||||
<stockholm/krebs/2configs>
|
||||
<stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix>
|
||||
|
||||
<stockholm/krebs/2configs/secret-passwords.nix>
|
||||
{
|
||||
users.extraUsers = {
|
||||
satan = {
|
||||
name = "satan";
|
||||
uid = 1338;
|
||||
home = "/home/satan";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
initialPassword = "test";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.hope;
|
||||
|
||||
networking = let
|
||||
address = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
in {
|
||||
defaultGateway = bestGuessGateway address;
|
||||
interfaces.enp2s1.ip4 = singleton {
|
||||
inherit address;
|
||||
prefixLength = 24;
|
||||
};
|
||||
nameservers = ["8.8.8.8"];
|
||||
};
|
||||
}
|
3
krebs/1systems/hope/source.nix
Normal file
3
krebs/1systems/hope/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/krebs/source.nix> {
|
||||
name = "hope";
|
||||
}
|
|
@ -11,6 +11,9 @@
|
|||
<stockholm/krebs/2configs/stats/puyak-client.nix>
|
||||
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
||||
<stockholm/krebs/2configs/binary-cache/prism.nix>
|
||||
<stockholm/krebs/2configs/go.nix>
|
||||
<stockholm/krebs/2configs/ircd.nix>
|
||||
<stockholm/krebs/2configs/news.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.puyak;
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
with import <stockholm/lib>;
|
||||
{ lib, config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
|
@ -7,10 +8,6 @@
|
|||
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
|
||||
krebs.ci.enable = true;
|
||||
krebs.ci.treeStableTimer = 1;
|
||||
krebs.ci.users.krebs.all = true;
|
||||
krebs.ci.users.lass.all = true;
|
||||
krebs.ci.users.makefu.all = true;
|
||||
krebs.ci.users.nin.all = true;
|
||||
krebs.ci.users.tv.all = true;
|
||||
krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
|
||||
}
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
with import <stockholm/lib>;
|
||||
{ lib, config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
|
@ -7,7 +8,5 @@
|
|||
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
|
||||
krebs.ci.enable = true;
|
||||
krebs.ci.treeStableTimer = 120;
|
||||
krebs.ci.users.krebs.hosts = [
|
||||
config.networking.hostName
|
||||
];
|
||||
krebs.ci.hosts = [ config.krebs.build.host ];
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 6667"; target = "ACCEPT"; }
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
6667 6669
|
||||
];
|
||||
|
||||
services.charybdis = {
|
||||
|
@ -13,7 +13,6 @@
|
|||
sid = "1as";
|
||||
description = "miep!";
|
||||
network_name = "irc.retiolum";
|
||||
network_desc = "Retiolum IRC Network";
|
||||
hub = yes;
|
||||
|
||||
vhost = "0.0.0.0";
|
176
krebs/2configs/news.nix
Normal file
176
krebs/2configs/news.nix
Normal file
|
@ -0,0 +1,176 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
in {
|
||||
environment.systemPackages = [
|
||||
pkgs.newsbot-js
|
||||
];
|
||||
krebs.newsbot-js = {
|
||||
enable = true;
|
||||
ircServer = "localhost";
|
||||
urlShortenerHost = "go";
|
||||
urlShortenerPort = "80";
|
||||
feeds = pkgs.writeText "feeds" ''
|
||||
aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#news
|
||||
allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#news
|
||||
antirez|http://antirez.com/rss|#news
|
||||
arbor|http://feeds2.feedburner.com/asert/|#news
|
||||
archlinux|http://www.archlinux.org/feeds/news/|#news
|
||||
ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news
|
||||
augustl|http://augustl.com/atom.xml|#news
|
||||
bbc|http://feeds.bbci.co.uk/news/rss.xml|#news
|
||||
bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#news
|
||||
bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag
|
||||
bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag
|
||||
bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#news
|
||||
bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial
|
||||
cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news
|
||||
carta|http://feeds2.feedburner.com/carta-standard-rss|#news
|
||||
catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#news
|
||||
cbc_busi|http://rss.cbc.ca/lineup/business.xml|#news
|
||||
cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#news
|
||||
cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#news
|
||||
cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#news
|
||||
cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#news
|
||||
ccc|http://www.ccc.de/rss/updates.rdf|#news
|
||||
chan_b|https://boards.4chan.org/b/index.rss|#brainfuck
|
||||
chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck
|
||||
chan_g|https://boards.4chan.org/g/index.rss|#news
|
||||
chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck
|
||||
chan_sci|https://boards.4chan.org/sci/index.rss|#news
|
||||
chan_x|https://boards.4chan.org/x/index.rss|#news
|
||||
c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news
|
||||
cryptogon|http://www.cryptogon.com/?feed=rss2|#news
|
||||
csm|http://rss.csmonitor.com/feeds/csm|#news
|
||||
csm_world|http://rss.csmonitor.com/feeds/world|#news
|
||||
danisch|http://www.danisch.de/blog/feed/|#news
|
||||
dod|http://www.defense.gov/news/afps2.xml|#news
|
||||
dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news
|
||||
ecat|http://ecat.com/feed|#news
|
||||
eia_press|http://www.eia.gov/rss/press_rss.xml|#news
|
||||
eia_today|http://www.eia.gov/rss/todayinenergy.xml|#news
|
||||
embargowatch|https://embargowatch.wordpress.com/feed/|#news
|
||||
ethereum-comments|http://blog.ethereum.org/comments/feed|#news
|
||||
ethereum|http://blog.ethereum.org/feed|#news
|
||||
europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#news
|
||||
eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#news
|
||||
exploitdb|http://www.exploit-db.com/rss.xml|#news
|
||||
fars|http://www.farsnews.com/rss.php|#news #test
|
||||
faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#news
|
||||
faz_politik|http://www.faz.net/rss/aktuell/politik/|#news
|
||||
faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#news
|
||||
fbi|https://www.fbi.gov/news/rss.xml|#news
|
||||
fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#news
|
||||
fefe|http://blog.fefe.de/rss.xml|#news
|
||||
forbes|http://www.forbes.com/forbes/feed2/|#news
|
||||
forbes_realtime|http://www.forbes.com/real-time/feed2/|#news
|
||||
fox|http://feeds.foxnews.com/foxnews/latest|#news
|
||||
geheimorganisation|http://geheimorganisation.org/feed/|#news
|
||||
GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#news
|
||||
gmanet|http://www.gmanetwork.com/news/rss/news|#news
|
||||
golem|https://rss.golem.de/rss.php|#news
|
||||
google|http://news.google.com/?output=rss|#news
|
||||
greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news
|
||||
guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news
|
||||
gulli|http://ticker.gulli.com/rss/|#news
|
||||
hackernews|https://news.ycombinator.com/rss|#news
|
||||
handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial
|
||||
heise|https://www.heise.de/newsticker/heise-atom.xml|#news
|
||||
hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial
|
||||
hindu|http://www.thehindu.com/?service=rss|#news
|
||||
ign|http://feeds.ign.com/ign/all|#news
|
||||
independent|http://www.independent.com/rss/headlines/|#news
|
||||
indymedia|https://de.indymedia.org/rss.xml|#news
|
||||
info_libera|http://www.informationliberation.com/rss.xml|#news
|
||||
klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#news
|
||||
korea_herald|http://www.koreaherald.com/rss_xml.php|#news
|
||||
linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#news
|
||||
lisp|http://planet.lisp.org/rss20.xml|#news
|
||||
liveleak|http://www.liveleak.com/rss|#news
|
||||
lolmythesis|http://lolmythesis.com/rss|#news
|
||||
LtU|http://lambda-the-ultimate.org/rss.xml|#news
|
||||
lukepalmer|http://lukepalmer.wordpress.com/feed/|#news
|
||||
mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#news
|
||||
mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news
|
||||
nds|http://www.nachdenkseiten.de/?feed=atom|#news
|
||||
netzpolitik|https://netzpolitik.org/feed/|#news
|
||||
newsbtc|http://newsbtc.com/feed/|#news #financial
|
||||
nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#news
|
||||
npr_busi|http://www.npr.org/rss/rss.php?id=1006|#news
|
||||
npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news
|
||||
npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news
|
||||
npr_world|http://www.npr.org/rss/rss.php?id=1004|#news
|
||||
nsa|https://www.nsa.gov/rss.xml|#news #bullerei
|
||||
nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news
|
||||
painload|https://github.com/krebscode/painload/commits/master.atom|#news
|
||||
phys|http://phys.org/rss-feed/|#news
|
||||
piraten|https://www.piratenpartei.de/feed/|#news
|
||||
polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#news #bullerei
|
||||
presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#news #bullerei
|
||||
presseportal|http://www.presseportal.de/rss/presseportal.rss2|#news
|
||||
prisonplanet|http://prisonplanet.com/feed.rss|#news
|
||||
rawstory|http://www.rawstory.com/rs/feed/|#news
|
||||
reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#news #brainfuck
|
||||
reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#news
|
||||
reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#news #financial
|
||||
reddit_consp|http://reddit.com/r/conspiracy/.rss|#news
|
||||
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
|
||||
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
|
||||
reddit_prog|http://www.reddit.com/r/programming/new/.rss|#news
|
||||
reddit_sci|http://www.reddit.com/r/science/.rss|#news
|
||||
reddit_tech|http://www.reddit.com/r/technology/.rss|#news
|
||||
reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#news #tpp
|
||||
reddit_world|http://www.reddit.com/r/worldnews/.rss|#news
|
||||
r-ethereum|http://www.reddit.com/r/ethereum/.rss|#news
|
||||
reuters|http://feeds.reuters.com/Reuters/worldNews|#news
|
||||
reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#news
|
||||
rt|http://rt.com/rss/news/|#news
|
||||
schallurauch|http://feeds.feedburner.com/SchallUndRauch|#news
|
||||
sciencemag|http://news.sciencemag.org/rss/current.xml|#news
|
||||
scmp|http://www.scmp.com/rss/91/feed|#news
|
||||
sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#news
|
||||
shackspace|http://blog.shackspace.de/?feed=rss2|#news
|
||||
shz_news|http://www.shz.de/nachrichten/newsticker/rss|#news
|
||||
sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#news
|
||||
sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#news
|
||||
sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#news
|
||||
sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#news
|
||||
sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#news
|
||||
slashdot|http://rss.slashdot.org/Slashdot/slashdot|#news
|
||||
slate|http://feeds.slate.com/slate|#news
|
||||
spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#news
|
||||
spiegelfechter|http://feeds.feedburner.com/DerSpiegelfechter?format=xml|#news
|
||||
spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#news
|
||||
standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#news
|
||||
stern|http://www.stern.de/feed/standard/all/|#news
|
||||
stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#news
|
||||
sz_politik|http://rss.sueddeutsche.de/rss/Politik|#news
|
||||
sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#news #financial
|
||||
sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#news
|
||||
tagesschau|http://www.tagesschau.de/newsticker.rdf|#news
|
||||
taz|http://taz.de/Themen-des-Tages/!p15;rss/|#news
|
||||
telegraph|http://www.telegraph.co.uk/rss.xml|#news
|
||||
telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news
|
||||
the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news
|
||||
tigsource|http://www.tigsource.com/feed/|#news
|
||||
tinc|http://tinc-vpn.org/news/index.rss|#news
|
||||
topix_b|http://www.topix.com/rss/wire/de/berlin|#news
|
||||
torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news
|
||||
torrentfreak|http://feeds.feedburner.com/Torrentfreak|#news
|
||||
torr_news|http://feed.torrentfreak.com/Torrentfreak/|#news
|
||||
travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news
|
||||
un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#news
|
||||
un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news
|
||||
un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news
|
||||
un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#news
|
||||
un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#news
|
||||
un_top|http://www.un.org/apps/news/rss/rss_top.asp|#news
|
||||
us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#news
|
||||
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
|
||||
weechat|http://dev.weechat.org/feed/atom|#news
|
||||
wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#news
|
||||
xkcd|https://xkcd.com/rss.xml|#news
|
||||
zdnet|http://www.zdnet.com/news/rss.xml|#news
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -17,30 +17,12 @@ in
|
|||
default = 10;
|
||||
description = "how long to wait until we test changes (in minutes)";
|
||||
};
|
||||
users = mkOption {
|
||||
type = with types; attrsOf (submodule {
|
||||
options = {
|
||||
all = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
};
|
||||
hosts = mkOption {
|
||||
type = listOf str;
|
||||
default = [];
|
||||
};
|
||||
};
|
||||
});
|
||||
example = {
|
||||
lass.all = true;
|
||||
krebs = {
|
||||
all = true;
|
||||
hosts = [
|
||||
"test-all-krebs-modules"
|
||||
"test-arch"
|
||||
];
|
||||
};
|
||||
};
|
||||
default = {};
|
||||
hosts = mkOption {
|
||||
type = types.listOf types.host;
|
||||
default = [];
|
||||
description = ''
|
||||
List of hosts that should be build
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -132,23 +114,9 @@ in
|
|||
timeout=90001
|
||||
)
|
||||
|
||||
${let
|
||||
user-hosts = mapAttrs (user: a: let
|
||||
managed-hosts = attrNames (filterAttrs (_: h: (h.owner.name == user) && h.managed) config.krebs.hosts);
|
||||
defined-hosts = a.hosts;
|
||||
in
|
||||
defined-hosts ++ (optionals a.all managed-hosts)
|
||||
) cfg.users;
|
||||
|
||||
in
|
||||
concatStringsSep "\n" (
|
||||
(mapAttrsToList (user: hosts:
|
||||
concatMapStringsSep "\n" (host:
|
||||
"build_host(\"${user}\", \"${host}\")"
|
||||
) hosts
|
||||
) user-hosts)
|
||||
)
|
||||
}
|
||||
${concatMapStringsSep "\n" (host:
|
||||
"build_host(\"${host.owner.name}\", \"${host.name}\")"
|
||||
) cfg.hosts}
|
||||
|
||||
bu.append(
|
||||
util.BuilderConfig(
|
||||
|
|
|
@ -30,15 +30,48 @@ let
|
|||
});
|
||||
in {
|
||||
hosts = {
|
||||
hotdog = {
|
||||
hope = {
|
||||
ci = true;
|
||||
owner = config.krebs.users.krebs;
|
||||
nets = {
|
||||
internet = {
|
||||
ip4.addr = "45.62.225.18";
|
||||
aliases = [
|
||||
"hope.i"
|
||||
];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.77.4";
|
||||
ip6.addr = "42:0:0:0:0:0:77:4";
|
||||
aliases = [
|
||||
"hope.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5
|
||||
uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a
|
||||
2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4
|
||||
A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK
|
||||
fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC
|
||||
K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/";
|
||||
};
|
||||
hotdog = {
|
||||
ci = true;
|
||||
owner = config.krebs.users.krebs;
|
||||
managed = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.77.3";
|
||||
ip6.addr = "42:0:0:0:0:0:77:3";
|
||||
aliases = [
|
||||
"hotdog.r"
|
||||
"build.r"
|
||||
"build.hotdog.r"
|
||||
"cgit.hotdog.r"
|
||||
];
|
||||
|
@ -58,8 +91,8 @@ in {
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp";
|
||||
};
|
||||
puyak = {
|
||||
ci = true;
|
||||
owner = config.krebs.users.krebs;
|
||||
managed = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.77.2";
|
||||
|
@ -68,6 +101,7 @@ in {
|
|||
"puyak.r"
|
||||
"build.puyak.r"
|
||||
"cgit.puyak.r"
|
||||
"go.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
|
@ -85,8 +119,8 @@ in {
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
|
||||
};
|
||||
wolf = {
|
||||
ci = true;
|
||||
owner = config.krebs.users.krebs;
|
||||
managed = true;
|
||||
nets = {
|
||||
shack = {
|
||||
ip4.addr = "10.42.2.150" ;
|
||||
|
|
|
@ -5,7 +5,7 @@ with import <stockholm/lib>;
|
|||
{
|
||||
hosts = mapAttrs (_: recursiveUpdate {
|
||||
owner = config.krebs.users.lass;
|
||||
managed = true;
|
||||
ci = true;
|
||||
}) {
|
||||
dishfire = {
|
||||
cores = 4;
|
||||
|
@ -43,7 +43,7 @@ with import <stockholm/lib>;
|
|||
cores = 2;
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "104.233.79.118";
|
||||
ip4.addr = "45.62.226.163";
|
||||
aliases = [
|
||||
"echelon.i"
|
||||
];
|
||||
|
@ -56,7 +56,6 @@ with import <stockholm/lib>;
|
|||
aliases = [
|
||||
"echelon.r"
|
||||
"cgit.echelon.r"
|
||||
"go.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
|
@ -117,6 +116,8 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
|
||||
};
|
||||
domsen-nas = {
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
internet = {
|
||||
aliases = [
|
||||
|
@ -126,40 +127,6 @@ with import <stockholm/lib>;
|
|||
ssh.port = 2223;
|
||||
};
|
||||
};
|
||||
managed = false;
|
||||
};
|
||||
cloudkrebs = {
|
||||
cores = 1;
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "104.167.113.104";
|
||||
aliases = [
|
||||
"cloudkrebs.i"
|
||||
];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.206.102";
|
||||
ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f762";
|
||||
aliases = [
|
||||
"cloudkrebs.r"
|
||||
"cgit.cloudkrebs.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA
|
||||
OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF
|
||||
QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v
|
||||
3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC
|
||||
sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO
|
||||
TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7oYx7Lbkc0wPYNp92LQF93DCtxsGzOkVD91FJQzVZl";
|
||||
};
|
||||
uriel = {
|
||||
cores = 1;
|
||||
|
@ -328,10 +295,12 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
|
||||
};
|
||||
iso = {
|
||||
ci = false;
|
||||
cores = 1;
|
||||
managed = false;
|
||||
};
|
||||
sokrateslaptop = {
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.142.104";
|
||||
|
@ -351,7 +320,6 @@ with import <stockholm/lib>;
|
|||
'';
|
||||
};
|
||||
};
|
||||
managed = false;
|
||||
};
|
||||
};
|
||||
users = {
|
||||
|
|
|
@ -5,8 +5,8 @@ with import <stockholm/lib>;
|
|||
{
|
||||
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
|
||||
drop = rec {
|
||||
ci = true;
|
||||
cores = 1;
|
||||
managed = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.177.9";
|
||||
|
@ -28,8 +28,8 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
studio = rec {
|
||||
ci = true;
|
||||
cores = 4;
|
||||
managed = true;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
|
||||
nets = {
|
||||
|
@ -54,8 +54,8 @@ with import <stockholm/lib>;
|
|||
};
|
||||
|
||||
fileleech = rec {
|
||||
ci = true;
|
||||
cores = 4;
|
||||
managed = true;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
|
||||
nets = {
|
||||
|
@ -80,8 +80,8 @@ with import <stockholm/lib>;
|
|||
};
|
||||
|
||||
pnp = {
|
||||
ci = true;
|
||||
cores = 1;
|
||||
managed = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.210";
|
||||
|
@ -104,8 +104,8 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
darth = {
|
||||
ci = true;
|
||||
cores = 4;
|
||||
managed = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.84";
|
||||
|
@ -176,7 +176,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
tsp = {
|
||||
managed = true;
|
||||
ci = true;
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
|
@ -204,7 +204,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
x = {
|
||||
managed = true;
|
||||
ci = true;
|
||||
cores = 4;
|
||||
nets = {
|
||||
retiolum = {
|
||||
|
@ -249,8 +249,8 @@ with import <stockholm/lib>;
|
|||
};
|
||||
|
||||
vbob = {
|
||||
ci = true;
|
||||
cores = 2;
|
||||
managed = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.1.91";
|
||||
|
@ -312,8 +312,8 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
wry = rec {
|
||||
ci = true;
|
||||
cores = 1;
|
||||
managed = true;
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
wry IN A ${nets.internet.ip4.addr}
|
||||
|
@ -357,8 +357,8 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry";
|
||||
};
|
||||
filepimp = rec {
|
||||
ci = true;
|
||||
cores = 1;
|
||||
managed = true;
|
||||
nets = {
|
||||
lan = {
|
||||
ip4.addr = "192.168.1.12";
|
||||
|
@ -387,8 +387,8 @@ with import <stockholm/lib>;
|
|||
};
|
||||
|
||||
omo = rec {
|
||||
ci = true;
|
||||
cores = 2;
|
||||
managed = true;
|
||||
|
||||
nets = {
|
||||
lan = {
|
||||
|
@ -421,8 +421,8 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH";
|
||||
};
|
||||
wbob = rec {
|
||||
ci = true;
|
||||
cores = 4;
|
||||
managed = true;
|
||||
nets = {
|
||||
siem = {
|
||||
ip4.addr = "10.8.10.7";
|
||||
|
@ -463,8 +463,8 @@ with import <stockholm/lib>;
|
|||
};
|
||||
|
||||
gum = rec {
|
||||
ci = true;
|
||||
cores = 2;
|
||||
managed = true;
|
||||
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
|
@ -526,8 +526,8 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
|
||||
};
|
||||
shoney = rec {
|
||||
ci = true;
|
||||
cores = 1;
|
||||
managed = true;
|
||||
nets = rec {
|
||||
siem = {
|
||||
via = internet;
|
||||
|
@ -575,8 +575,8 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
sdev = rec {
|
||||
ci = true;
|
||||
cores = 1;
|
||||
managed = true;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev";
|
||||
nets = {
|
||||
|
|
|
@ -5,6 +5,7 @@ with import <stockholm/lib>;
|
|||
{
|
||||
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.mv) {
|
||||
stro = {
|
||||
ci = true;
|
||||
cores = 4;
|
||||
nets = {
|
||||
retiolum = {
|
||||
|
|
|
@ -8,8 +8,8 @@ with import <stockholm/lib>;
|
|||
};
|
||||
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.tv) {
|
||||
alnus = {
|
||||
ci = true;
|
||||
cores = 2;
|
||||
managed = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.21.1";
|
||||
|
@ -33,6 +33,7 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
|
||||
};
|
||||
cd = {
|
||||
ci = true;
|
||||
cores = 2;
|
||||
extraZones = {
|
||||
# TODO generate krebsco.de zone from nets and don't use extraZones at all
|
||||
|
@ -40,7 +41,6 @@ with import <stockholm/lib>;
|
|||
cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
managed = true;
|
||||
nets = {
|
||||
internet = {
|
||||
ip4.addr = "45.62.237.203";
|
||||
|
@ -79,6 +79,7 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6";
|
||||
};
|
||||
ju = {
|
||||
external = true;
|
||||
nets = {
|
||||
gg23 = {
|
||||
ip4.addr = "10.23.1.144";
|
||||
|
@ -112,15 +113,8 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM6dL0fQ8Bd0hER0Xa3I2pAWVHdnwOBaAZhbDlLJmUu";
|
||||
};
|
||||
kaepsele = {
|
||||
external = true;
|
||||
nets = {
|
||||
internet = {
|
||||
ip4.addr = "92.222.10.169";
|
||||
aliases = [
|
||||
"kaepsele.i"
|
||||
"kaepsele.internet"
|
||||
# TODO "kaepsele.org"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.166.2";
|
||||
ip6.addr = "42:b9d:6660:d07c:2bb7:4e91:1a01:2e7d";
|
||||
|
@ -129,21 +123,22 @@ with import <stockholm/lib>;
|
|||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/
|
||||
Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo
|
||||
rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y
|
||||
y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu
|
||||
yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5
|
||||
FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB
|
||||
MIIBCgKCAQEA4+kDaKhCBNlpHqRCA2R6c4UEFk0OaiPwHvjmBBjpihTJVyffIEYm
|
||||
QFZ5ZNkaVumSOAgKk9ygppO9WsNasl1ag+IRWik9oupdzEkNjgvOMBVJGhcwGZGF
|
||||
6UEY5sdA1n0qg74og5BGSiXUBiaahVM0rAfCNk8gV3qrot5kWJMQLb9BKabJ56eb
|
||||
JrgWepxuVaw3BoEhz6uusuvw5i1IF382L8R11hlvyefifXONFOAUjCrCr0bCb4uK
|
||||
ZZcRUU35pbHLDXXTOrOarOO1tuVGu85VXo3S1sLaaouHYjhTVT8bxqbwcNhxBXYf
|
||||
ONLv0f7G5XwecgUNbE6ZTfjV5PQKaww3lwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wr36T0MmB8pnSO5/pw9/Dfe5+IMgVHOhm6EUa55jj";
|
||||
};
|
||||
mu = {
|
||||
ci = true;
|
||||
cores = 2;
|
||||
managed = true;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.20.1";
|
||||
|
@ -212,8 +207,8 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb";
|
||||
};
|
||||
nomic = {
|
||||
ci = true;
|
||||
cores = 2;
|
||||
managed = true;
|
||||
nets = {
|
||||
gg23 = {
|
||||
ip4.addr = "10.23.1.110";
|
||||
|
@ -244,6 +239,7 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic";
|
||||
};
|
||||
ok = {
|
||||
external = true;
|
||||
nets = {
|
||||
gg23 = {
|
||||
ip4.addr = "10.23.1.1";
|
||||
|
@ -252,6 +248,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
schnabeldrucker = {
|
||||
external = true;
|
||||
nets = {
|
||||
gg23 = {
|
||||
ip4.addr = "10.23.1.21";
|
||||
|
@ -260,6 +257,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
schnabelscanner = {
|
||||
external = true;
|
||||
nets = {
|
||||
gg23 = {
|
||||
ip4.addr = "10.23.1.22";
|
||||
|
@ -268,8 +266,8 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
wu = {
|
||||
ci = true;
|
||||
cores = 4;
|
||||
managed = true;
|
||||
nets = {
|
||||
gg23 = {
|
||||
ip4.addr = "10.23.1.37";
|
||||
|
@ -306,8 +304,8 @@ with import <stockholm/lib>;
|
|||
binary-cache = {
|
||||
pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
|
||||
};
|
||||
ci = true;
|
||||
cores = 4;
|
||||
managed = true;
|
||||
nets = {
|
||||
gg23 = {
|
||||
ip4.addr = "10.23.1.38";
|
||||
|
@ -342,8 +340,8 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
|
||||
};
|
||||
zu = {
|
||||
ci = true;
|
||||
cores = 4;
|
||||
managed = true;
|
||||
nets = {
|
||||
gg23 = {
|
||||
ip4.addr = "10.23.1.39";
|
||||
|
|
|
@ -128,4 +128,24 @@ rec {
|
|||
'';
|
||||
});
|
||||
|
||||
wiki-todo-add = buildSimpleReaktorPlugin "wiki-todo-add" {
|
||||
pattern = "^wiki-todo: (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "wiki-todo-add" ''
|
||||
echo "$*" >> wiki-todo
|
||||
echo "added todo. check on http://lassul.us/wiki-todo"
|
||||
'';
|
||||
};
|
||||
wiki-todo-done = buildSimpleReaktorPlugin "wiki-todo-done" {
|
||||
pattern = "^wiki-done: (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "wiki-todo-done" ''
|
||||
${pkgs.gnugrep}/bin/grep -Fvxe "$*" wiki-todo > wiki-todo.tmp
|
||||
${pkgs.coreutils}/bin/mv wiki-todo.tmp wiki-todo
|
||||
echo "thank you for resolving todo: $*"
|
||||
'';
|
||||
};
|
||||
wiki-todo-show = buildSimpleReaktorPlugin "wiki-todo" {
|
||||
script = pkgs.writeDash "wiki-todo-add" ''
|
||||
${pkgs.coreutils}/bin/cat wiki-todo
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
{ stdenv, fetchgit, coreutils, curl, gnused, gnugrep, ... }:
|
||||
{ coreutils, curl, fetchgit, gnugrep, gnused, stdenv, utillinux }:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "dic";
|
||||
|
||||
src = fetchgit {
|
||||
url = http://cgit.ni.krebsco.de/dic;
|
||||
rev = "refs/tags/v1.0.2";
|
||||
sha256 = "133x2z3dr5synckdvgnyc9fa7jdca43vj0973v148i13x4dqgr36";
|
||||
rev = "refs/tags/v1.1.0";
|
||||
sha256 = "1xzn20b9kfz96nvjli8grpi11v80jbl0dmifksmirwcj5v81ndav";
|
||||
};
|
||||
|
||||
phases = [
|
||||
|
@ -21,6 +21,7 @@ stdenv.mkDerivation {
|
|||
curl
|
||||
gnused
|
||||
gnugrep
|
||||
utillinux
|
||||
];
|
||||
in
|
||||
''
|
||||
|
|
|
@ -13,12 +13,12 @@ in
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "populate";
|
||||
version = "1.2.2";
|
||||
version = "1.2.3";
|
||||
|
||||
src = fetchgit {
|
||||
url = http://cgit.ni.krebsco.de/populate;
|
||||
rev = "refs/tags/v${version}";
|
||||
sha256 = "041rpyhss6kby3jm14k7lhvagmg7hwvwxli06b00p76s110is40w";
|
||||
sha256 = "14p9v28d5vcr5384qgycmgjh1angi2zx7qvi51651i7nd9qkjzmi";
|
||||
};
|
||||
|
||||
phases = [
|
||||
|
|
|
@ -14,6 +14,6 @@ in
|
|||
stockholm.file = toString <stockholm>;
|
||||
nixpkgs.git = {
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
ref = "0590ecbe9e6b9a076065be29370701da758c61f1"; # nixos-17.03 @ 2017-07-30
|
||||
ref = "56da88a298a6f549701a10bb12072804a1ebfbd5"; # nixos-17.03 @ 2017-09-03
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,34 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway;
|
||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix>
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/git.nix>
|
||||
<stockholm/lass/2configs/realwallpaper.nix>
|
||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||
{
|
||||
networking.interfaces.enp2s1.ip4 = [
|
||||
{
|
||||
address = ip;
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
networking.defaultGateway = getDefaultGateway ip;
|
||||
networking.nameservers = [
|
||||
"8.8.8.8"
|
||||
];
|
||||
|
||||
}
|
||||
{
|
||||
sound.enable = false;
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.cloudkrebs;
|
||||
}
|
|
@ -1,3 +0,0 @@
|
|||
import <stockholm/lass/source.nix> {
|
||||
name = "cloudkrebs";
|
||||
}
|
|
@ -1,23 +1,86 @@
|
|||
with import <stockholm/lib>;
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs/hw/x220.nix>
|
||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||
<stockholm/lass/2configs/boot/coreboot.nix>
|
||||
|
||||
<stockholm/lass/2configs/mouse.nix>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/git.nix>
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/baseX.nix>
|
||||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/games.nix>
|
||||
{
|
||||
# bubsy config
|
||||
users.users.bubsy = {
|
||||
uid = genid "bubsy";
|
||||
home = "/home/bubsy";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"networkmanager"
|
||||
];
|
||||
useDefaultShell = true;
|
||||
};
|
||||
networking.networkmanager.enable = true;
|
||||
networking.wireless.enable = mkForce false;
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
pavucontrol
|
||||
firefox
|
||||
hexchat
|
||||
networkmanagerapplet
|
||||
libreoffice
|
||||
];
|
||||
services.xserver.enable = true;
|
||||
services.xserver.displayManager.lightdm.enable = true;
|
||||
services.xserver.desktopManager.plasma5.enable = true;
|
||||
services.xserver.layout = "de";
|
||||
}
|
||||
{
|
||||
krebs.per-user.bitcoin.packages = [
|
||||
pkgs.electrum
|
||||
];
|
||||
users.extraUsers = {
|
||||
bitcoin = {
|
||||
name = "bitcoin";
|
||||
description = "user for bitcoin stuff";
|
||||
home = "/home/bitcoin";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
bubsy ALL=(bitcoin) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
||||
{
|
||||
#remote control
|
||||
environment.systemPackages = with pkgs; [
|
||||
x11vnc
|
||||
];
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
hardware.trackpoint = {
|
||||
enable = true;
|
||||
sensitivity = 220;
|
||||
speed = 0;
|
||||
emulateWheel = true;
|
||||
};
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
HandleLidSwitch=ignore
|
||||
'';
|
||||
|
||||
krebs.build.host = config.krebs.hosts.daedalus;
|
||||
|
||||
fileSystems = {
|
||||
|
@ -29,7 +92,7 @@
|
|||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -9,12 +9,8 @@ in {
|
|||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix>
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/realwallpaper.nix>
|
||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||
<stockholm/lass/2configs/git.nix>
|
||||
<stockholm/lass/2configs/go.nix>
|
||||
<stockholm/lass/2configs/ircd.nix>
|
||||
<stockholm/lass/2configs/newsbot-js.nix>
|
||||
{
|
||||
networking.interfaces.enp2s1.ip4 = [
|
||||
{
|
||||
|
|
|
@ -37,6 +37,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
boot.kernelParams = [ "copytoram" ];
|
||||
networking.hostName = "lass-iso";
|
||||
}
|
||||
{
|
||||
krebs.enable = true;
|
||||
|
|
|
@ -5,7 +5,7 @@ with import <stockholm/lib>;
|
|||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs/hw/x220.nix>
|
||||
<stockholm/lass/2configs/boot/coreboot.nix>
|
||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||
|
||||
<stockholm/lass/2configs/mouse.nix>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
|
@ -24,30 +24,17 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/mail.nix>
|
||||
<stockholm/lass/2configs/repo-sync.nix>
|
||||
<stockholm/lass/2configs/ircd.nix>
|
||||
<stockholm/krebs/2configs/ircd.nix>
|
||||
<stockholm/lass/2configs/logf.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
<stockholm/lass/2configs/otp-ssh.nix>
|
||||
<stockholm/lass/2configs/c-base.nix>
|
||||
{
|
||||
#risk of rain port
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
services.elasticsearch = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
||||
{
|
||||
#zalando project
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql;
|
||||
};
|
||||
virtualisation.docker.enable = true;
|
||||
#users.users.mainUser.extraGroups = [ "docker" ];
|
||||
}
|
||||
{
|
||||
lass.umts = {
|
||||
enable = true;
|
||||
|
@ -91,6 +78,9 @@ with import <stockholm/lib>;
|
|||
client.enable = true;
|
||||
};
|
||||
}
|
||||
{
|
||||
services.mongodb.enable = true;
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.mors;
|
||||
|
@ -104,8 +94,8 @@ with import <stockholm/lib>;
|
|||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0"
|
||||
'';
|
||||
|
||||
#TODO activationScripts seem broken, fix them!
|
||||
|
@ -139,7 +129,6 @@ with import <stockholm/lib>;
|
|||
urban
|
||||
mk_sql_pair
|
||||
remmina
|
||||
thunderbird
|
||||
|
||||
iodine
|
||||
|
||||
|
|
|
@ -39,9 +39,10 @@ in {
|
|||
<stockholm/lass/2configs/monitoring/monit-alarms.nix>
|
||||
<stockholm/lass/2configs/paste.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
<stockholm/lass/2configs/coders-irc.nix>
|
||||
<stockholm/lass/2configs/reaktor-coders.nix>
|
||||
<stockholm/lass/2configs/ciko.nix>
|
||||
<stockholm/lass/2configs/container-networking.nix>
|
||||
<stockholm/lass/2configs/reaktor-krebs.nix>
|
||||
{
|
||||
lass.pyload.enable = true;
|
||||
}
|
||||
|
@ -244,10 +245,6 @@ in {
|
|||
OnUnitInactiveSec = "2min";
|
||||
RandomizedDelaySec = "2min";
|
||||
};
|
||||
krebs.repo-sync.repos.nixpkgs.timerConfig = {
|
||||
OnBootSec = "90min";
|
||||
OnUnitInactiveSec = "24h";
|
||||
};
|
||||
}
|
||||
{
|
||||
lass.usershadow = {
|
||||
|
@ -298,6 +295,22 @@ in {
|
|||
localAddress = "10.233.2.2";
|
||||
};
|
||||
}
|
||||
{
|
||||
#kaepsele
|
||||
containers.kaepsele = {
|
||||
config = { ... }: {
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
lass.pubkey
|
||||
tv.pubkey
|
||||
];
|
||||
};
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.3";
|
||||
localAddress = "10.233.2.4";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.prism;
|
||||
|
|
|
@ -41,7 +41,11 @@ with import <stockholm/lib>;
|
|||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
};
|
||||
|
||||
"/home" = {
|
||||
device = "/dev/mapper/pool-home";
|
||||
fsType = "btrfs";
|
||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||
};
|
||||
"/tmp" = {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
|
|
|
@ -42,7 +42,11 @@ with import <stockholm/lib>;
|
|||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.daedalus;
|
||||
krebs.build.host = config.krebs.hosts.skynet;
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
HandleLidSwitch=ignore
|
||||
'';
|
||||
|
||||
#fileSystems = {
|
||||
# "/bku" = {
|
||||
|
|
|
@ -48,6 +48,7 @@ in {
|
|||
acpi
|
||||
dic
|
||||
dmenu
|
||||
gi
|
||||
gitAndTools.qgit
|
||||
lm_sensors
|
||||
haskellPackages.hledger
|
||||
|
|
|
@ -200,6 +200,7 @@ with import <stockholm/lib>;
|
|||
filter.INPUT.policy = "DROP";
|
||||
filter.FORWARD.policy = "DROP";
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
|
||||
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
|
||||
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
|
||||
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
|
||||
|
|
|
@ -40,6 +40,8 @@ with import <stockholm/lib>;
|
|||
{ from = "patreon@lassul.us"; to = lass.mail; }
|
||||
{ from = "steam@lassul.us"; to = lass.mail; }
|
||||
{ from = "securityfocus@lassul.us"; to = lass.mail; }
|
||||
{ from = "radio@lassul.us"; to = lass.mail; }
|
||||
{ from = "btce@lassul.us"; to = lass.mail; }
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
|
|
|
@ -34,6 +34,10 @@ let
|
|||
cgit.desc = "take a rss feed and a timeout and print it to stdout";
|
||||
cgit.section = "software";
|
||||
};
|
||||
nixpkgs = {
|
||||
cgit.desc = "nixpkgs fork";
|
||||
cgit.section = "configuration";
|
||||
};
|
||||
stockholm = {
|
||||
cgit.desc = "take all the computers hostage, they'll love you!";
|
||||
cgit.section = "configuration";
|
||||
|
@ -80,7 +84,7 @@ let
|
|||
public = true;
|
||||
};
|
||||
|
||||
make-restricted-repo = name: { collaborators ? [], announce ? false, ... }: {
|
||||
make-restricted-repo = name: { collaborators ? [], announce ? false, hooks ? {}, ... }: {
|
||||
inherit collaborators name;
|
||||
public = false;
|
||||
hooks = optionalAttrs announce {
|
||||
|
@ -93,7 +97,7 @@ let
|
|||
# TODO define branches in some kind of option per repo
|
||||
branches = [ "master" "staging*" ];
|
||||
};
|
||||
};
|
||||
} // hooks;
|
||||
};
|
||||
|
||||
make-rules =
|
||||
|
|
|
@ -72,17 +72,19 @@ let
|
|||
''} %r |"
|
||||
|
||||
virtual-mailboxes \
|
||||
"Unread" "notmuch://?query=tag:unread"\
|
||||
"INBOX" "notmuch://?query=tag:inbox \
|
||||
and NOT tag:killed \
|
||||
and NOT to:shackspace \
|
||||
and NOT to:c-base \
|
||||
and NOT from:security-alert@hpe.com \
|
||||
and NOT to:nix-devel"\
|
||||
"Unread" "notmuch://?query=tag:unread"\
|
||||
and NOT to:nix-devel\
|
||||
and NOT to:radio"\
|
||||
"shack" "notmuch://?query=to:shackspace"\
|
||||
"c-base" "notmuch://?query=to:c-base"\
|
||||
"security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\
|
||||
"nix" "notmuch://?query=to:nix-devel"\
|
||||
"radio" "notmuch://?query=to:radio or tag:radio"\
|
||||
"TODO" "notmuch://?query=tag:TODO"\
|
||||
"Starred" "notmuch://?query=tag:*"\
|
||||
"Archive" "notmuch://?query=tag:archive"\
|
||||
|
@ -126,7 +128,7 @@ let
|
|||
|
||||
bind index t noop
|
||||
bind pager t noop
|
||||
macro index t "<modify-labels>+TODO\n" # tag as Archived
|
||||
macro index t "<modify-labels>" # tag as Archived
|
||||
|
||||
# top index bar in email view
|
||||
set pager_index_lines=7
|
||||
|
|
|
@ -2,40 +2,16 @@
|
|||
|
||||
let
|
||||
|
||||
scripts = lib.concatStringsSep "," [
|
||||
good
|
||||
delete
|
||||
];
|
||||
|
||||
mpv = pkgs.symlinkJoin {
|
||||
name = "mpv";
|
||||
paths = [
|
||||
(pkgs.writeDashBin "mpv" ''
|
||||
exec ${pkgs.mpv}/bin/mpv --no-config --script=${scripts} "$@"
|
||||
exec ${pkgs.mpv}/bin/mpv --no-config "$@"
|
||||
'')
|
||||
pkgs.mpv
|
||||
];
|
||||
};
|
||||
|
||||
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
|
||||
tmp_dir = "${dir}"
|
||||
|
||||
function move_current_track_${key}()
|
||||
track = mp.get_property("path")
|
||||
os.execute("mkdir -p '" .. tmp_dir .. "'")
|
||||
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
|
||||
print("moved '" .. track .. "' to " .. tmp_dir)
|
||||
end
|
||||
|
||||
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
|
||||
'';
|
||||
|
||||
good = moveToDir "G" "./.good";
|
||||
delete = moveToDir "D" "./.graveyard";
|
||||
|
||||
up = moveToDir "U" "./up";
|
||||
down = moveToDir "Y" "./down";
|
||||
|
||||
in {
|
||||
environment.systemPackages = [
|
||||
mpv
|
||||
|
|
|
@ -1,184 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
newsfile = pkgs.writeText "feeds" ''
|
||||
aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#news
|
||||
allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#news
|
||||
antirez|http://antirez.com/rss|#news
|
||||
arbor|http://feeds2.feedburner.com/asert/|#news
|
||||
archlinux|http://www.archlinux.org/feeds/news/|#news
|
||||
ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news
|
||||
augustl|http://augustl.com/atom.xml|#news
|
||||
bbc|http://feeds.bbci.co.uk/news/rss.xml|#news
|
||||
bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#news
|
||||
bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag
|
||||
bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag
|
||||
bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#news
|
||||
bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial
|
||||
c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news
|
||||
cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news
|
||||
carta|http://feeds2.feedburner.com/carta-standard-rss|#news
|
||||
catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#news
|
||||
cbc_busi|http://rss.cbc.ca/lineup/business.xml|#news
|
||||
cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#news
|
||||
cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#news
|
||||
cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#news
|
||||
cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#news
|
||||
ccc|http://www.ccc.de/rss/updates.rdf|#news
|
||||
chan_b|https://boards.4chan.org/b/index.rss|#brainfuck
|
||||
chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck
|
||||
chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck
|
||||
coinspotting|http://coinspotting.com/rss|#news #financial
|
||||
cryptocoinsnews|http://www.cryptocoinsnews.com/feed/|#news #financial
|
||||
cryptogon|http://www.cryptogon.com/?feed=rss2|#news
|
||||
csm|http://rss.csmonitor.com/feeds/csm|#news
|
||||
csm_world|http://rss.csmonitor.com/feeds/world|#news
|
||||
danisch|http://www.danisch.de/blog/feed/|#news
|
||||
dod|http://www.defense.gov/news/afps2.xml|#news
|
||||
dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news
|
||||
ecat|http://ecat.com/feed|#news
|
||||
eia_press|http://www.eia.gov/rss/press_rss.xml|#news
|
||||
eia_today|http://www.eia.gov/rss/todayinenergy.xml|#news
|
||||
embargowatch|https://embargowatch.wordpress.com/feed/|#news
|
||||
ethereum-comments|http://blog.ethereum.org/comments/feed|#news
|
||||
ethereum|http://blog.ethereum.org/feed|#news
|
||||
europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#news
|
||||
eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#news
|
||||
exploitdb|http://www.exploit-db.com/rss.xml|#news
|
||||
fars|http://www.farsnews.com/rss.php|#news #test
|
||||
faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#news
|
||||
faz_politik|http://www.faz.net/rss/aktuell/politik/|#news
|
||||
faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#news
|
||||
fbi|https://www.fbi.gov/news/rss.xml|#news
|
||||
fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#news
|
||||
fefe|http://blog.fefe.de/rss.xml|#news
|
||||
forbes|http://www.forbes.com/forbes/feed2/|#news
|
||||
forbes_realtime|http://www.forbes.com/real-time/feed2/|#news
|
||||
fox|http://feeds.foxnews.com/foxnews/latest|#news
|
||||
geheimorganisation|http://geheimorganisation.org/feed/|#news
|
||||
GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#news
|
||||
gmanet|http://www.gmanetwork.com/news/rss/news|#news
|
||||
golem|https://rss.golem.de/rss.php|#news
|
||||
google|http://news.google.com/?output=rss|#news
|
||||
greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news
|
||||
guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news
|
||||
gulli|http://ticker.gulli.com/rss/|#news
|
||||
handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial
|
||||
heise|https://www.heise.de/newsticker/heise-atom.xml|#news
|
||||
hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial
|
||||
hindu|http://www.thehindu.com/?service=rss|#news
|
||||
ign|http://feeds.ign.com/ign/all|#news
|
||||
independent|http://www.independent.com/rss/headlines/|#news
|
||||
indymedia|https://de.indymedia.org/rss.xml|#news
|
||||
info_libera|http://www.informationliberation.com/rss.xml|#news
|
||||
klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#news
|
||||
korea_herald|http://www.koreaherald.com/rss_xml.php|#news
|
||||
linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#news
|
||||
lisp|http://planet.lisp.org/rss20.xml|#news
|
||||
liveleak|http://www.liveleak.com/rss|#news
|
||||
lolmythesis|http://lolmythesis.com/rss|#news
|
||||
LtU|http://lambda-the-ultimate.org/rss.xml|#news
|
||||
lukepalmer|http://lukepalmer.wordpress.com/feed/|#news
|
||||
mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#news
|
||||
mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news
|
||||
nds|http://www.nachdenkseiten.de/?feed=atom|#news
|
||||
netzpolitik|https://netzpolitik.org/feed/|#news
|
||||
newsbtc|http://newsbtc.com/feed/|#news #financial
|
||||
nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#news
|
||||
npr_busi|http://www.npr.org/rss/rss.php?id=1006|#news
|
||||
npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news
|
||||
npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news
|
||||
npr_world|http://www.npr.org/rss/rss.php?id=1004|#news
|
||||
nsa|https://www.nsa.gov/rss.xml|#news #bullerei
|
||||
nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news
|
||||
painload|https://github.com/krebscode/painload/commits/master.atom|#news
|
||||
phys|http://phys.org/rss-feed/|#news
|
||||
piraten|https://www.piratenpartei.de/feed/|#news
|
||||
polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#news #bullerei
|
||||
presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#news #bullerei
|
||||
presseportal|http://www.presseportal.de/rss/presseportal.rss2|#news
|
||||
prisonplanet|http://prisonplanet.com/feed.rss|#news
|
||||
proofmarket|https://proofmarket.org/feed_problem|#news
|
||||
rawstory|http://www.rawstory.com/rs/feed/|#news
|
||||
reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#news #brainfuck
|
||||
reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#news
|
||||
reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#news #financial
|
||||
reddit_prog|http://www.reddit.com/r/programming/new/.rss|#news
|
||||
reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#news #tpp
|
||||
reddit_world|http://www.reddit.com/r/worldnews/.rss|#news
|
||||
r-ethereum|http://www.reddit.com/r/ethereum/.rss|#news
|
||||
reuters|http://feeds.reuters.com/Reuters/worldNews|#news
|
||||
reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#news
|
||||
rt|http://rt.com/rss/news/|#news
|
||||
schallurauch|http://feeds.feedburner.com/SchallUndRauch|#news
|
||||
sciencemag|http://news.sciencemag.org/rss/current.xml|#news
|
||||
scmp|http://www.scmp.com/rss/91/feed|#news
|
||||
sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#news
|
||||
shackspace|http://shackspace.de/?feed=rss2|#news
|
||||
shz_news|http://www.shz.de/nachrichten/newsticker/rss|#news
|
||||
sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#news
|
||||
sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#news
|
||||
sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#news
|
||||
sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#news
|
||||
sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#news
|
||||
slashdot|http://rss.slashdot.org/Slashdot/slashdot|#news
|
||||
slate|http://feeds.slate.com/slate|#news
|
||||
spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#news
|
||||
spiegelfechter|http://feeds.feedburner.com/DerSpiegelfechter?format=xml|#news
|
||||
spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#news
|
||||
standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#news
|
||||
stern|http://www.stern.de/feed/standard/all/|#news
|
||||
stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#news
|
||||
sz_politik|http://rss.sueddeutsche.de/rss/Politik|#news
|
||||
sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#news #financial
|
||||
sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#news
|
||||
tagesschau|http://www.tagesschau.de/newsticker.rdf|#news
|
||||
taz|http://taz.de/Themen-des-Tages/!p15;rss/|#news
|
||||
telegraph_finance|http://www.telegraph.co.uk/finance/rss|#news #financial
|
||||
telegraph_pol|http://www.telegraph.co.uk/news/politics/rss|#news
|
||||
telegraph_uk|http://www.telegraph.co.uk/news/uknews/rss|#news
|
||||
telegraph_world|http://www.telegraph.co.uk/news/worldnews/rss|#news
|
||||
telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news
|
||||
the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news
|
||||
tigsource|http://www.tigsource.com/feed/|#news
|
||||
tinc|http://tinc-vpn.org/news/index.rss|#news
|
||||
topix_b|http://www.topix.com/rss/wire/de/berlin|#news
|
||||
torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news
|
||||
torrentfreak|http://feeds.feedburner.com/Torrentfreak|#news
|
||||
torr_news|http://feed.torrentfreak.com/Torrentfreak/|#news
|
||||
travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news
|
||||
un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#news
|
||||
un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news
|
||||
un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news
|
||||
un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#news
|
||||
un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#news
|
||||
un_top|http://www.un.org/apps/news/rss/rss_top.asp|#news
|
||||
us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#news
|
||||
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
|
||||
weechat|http://dev.weechat.org/feed/atom|#news
|
||||
wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#news
|
||||
xkcd|https://xkcd.com/rss.xml|#news
|
||||
zdnet|http://www.zdnet.com/news/rss.xml|#news
|
||||
|
||||
chan_g|https://boards.4chan.org/g/index.rss|#news
|
||||
chan_x|https://boards.4chan.org/x/index.rss|#news
|
||||
chan_sci|https://boards.4chan.org/sci/index.rss|#news
|
||||
reddit_consp|http://reddit.com/r/conspiracy/.rss|#news
|
||||
reddit_sci|http://www.reddit.com/r/science/.rss|#news
|
||||
reddit_tech|http://www.reddit.com/r/technology/.rss|#news
|
||||
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
|
||||
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
|
||||
hackernews|https://news.ycombinator.com/rss|#news
|
||||
'';
|
||||
in {
|
||||
environment.systemPackages = [
|
||||
pkgs.newsbot-js
|
||||
];
|
||||
krebs.newsbot-js = {
|
||||
enable = true;
|
||||
ircServer = "localhost";
|
||||
feeds = newsfile;
|
||||
urlShortenerHost = "go";
|
||||
urlShortenerPort = "80";
|
||||
};
|
||||
}
|
25
lass/2configs/reaktor-krebs.nix
Normal file
25
lass/2configs/reaktor-krebs.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
krebs.Reaktor.krebs = {
|
||||
nickname = "Reaktor|krebs";
|
||||
channels = [
|
||||
"#krebs"
|
||||
"#nixos-wiki"
|
||||
];
|
||||
extraEnviron = {
|
||||
REAKTOR_HOST = "irc.freenode.org";
|
||||
};
|
||||
plugins = with pkgs.ReaktorPlugins; [
|
||||
sed-plugin
|
||||
wiki-todo-add
|
||||
wiki-todo-done
|
||||
wiki-todo-show
|
||||
];
|
||||
};
|
||||
services.nginx.virtualHosts."lassul.us".locations."/wiki-todo".extraConfig = ''
|
||||
default_type "text/plain";
|
||||
alias /var/lib/Reaktor/state/wiki-todo;
|
||||
'';
|
||||
}
|
|
@ -107,7 +107,6 @@ in {
|
|||
(sync-remote "painload" "https://github.com/krebscode/painload")
|
||||
(sync-remote "Reaktor" "https://github.com/krebscode/Reaktor")
|
||||
(sync-remote "nixos-wiki" "https://github.com/Mic92/nixos-wiki.wiki.git")
|
||||
(sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
|
||||
(sync-retiolum "go")
|
||||
(sync-retiolum "much")
|
||||
(sync-retiolum "newsbot-js")
|
||||
|
|
|
@ -14,7 +14,9 @@ let
|
|||
! ref https://github.com/muennich/urxvt-perls
|
||||
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
|
||||
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
|
||||
URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select
|
||||
${optionalString (hasAttr "browser" config.lass)
|
||||
"URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select"
|
||||
}
|
||||
URxvt.url-select.underline: true
|
||||
URxvt.keysym.M-u: perl:url-select:select_next
|
||||
URxvt.keysym.M-Escape: perl:keyboard-select:activate
|
||||
|
|
|
@ -6,7 +6,7 @@ with import <stockholm/lib>;
|
|||
options.lass.hosts = mkOption {
|
||||
type = types.attrsOf types.host;
|
||||
default =
|
||||
filterAttrs (_: host: host.owner.name == "lass" && host.managed)
|
||||
filterAttrs (_: host: host.owner.name == "lass" && host.ci)
|
||||
config.krebs.hosts;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -31,6 +31,16 @@ let
|
|||
type = types.str;
|
||||
default = "default";
|
||||
};
|
||||
pppDefaults = mkOption {
|
||||
type = types.str;
|
||||
default = ''
|
||||
noipdefault
|
||||
usepeerdns
|
||||
defaultroute
|
||||
persist
|
||||
noauth
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs-1509 = import (pkgs.fetchFromGitHub {
|
||||
|
@ -71,7 +81,16 @@ let
|
|||
lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts
|
||||
'';
|
||||
|
||||
environment.wvdial.dialerDefaults = wvdial-defaults;
|
||||
environment.etc = [
|
||||
{
|
||||
source = pkgs.writeText "wvdial.conf" wvdial-defaults;
|
||||
target = "wvdial.conf";
|
||||
}
|
||||
{
|
||||
source = pkgs.writeText "wvdial" cfg.pppDefaults;
|
||||
target = "ppp/peers/wvdial";
|
||||
}
|
||||
];
|
||||
|
||||
systemd.services.umts = {
|
||||
description = "UMTS wvdial Service";
|
||||
|
|
|
@ -98,6 +98,7 @@ myKeyMap =
|
|||
[ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f")
|
||||
, ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
|
||||
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
|
||||
, ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
|
||||
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
|
||||
, ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%")
|
||||
, ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%")
|
||||
|
@ -129,6 +130,11 @@ myKeyMap =
|
|||
, ("M4-S-q", return ())
|
||||
|
||||
, ("M4-w", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
|
||||
|
||||
, ("M4-<F1>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1")
|
||||
, ("M4-<F2>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10")
|
||||
, ("M4-<F3>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
|
||||
, ("M4-<F4>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
|
||||
]
|
||||
|
||||
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
|
||||
|
|
|
@ -1,24 +1,27 @@
|
|||
with import <stockholm/lib>;
|
||||
host@{ name, secure ? false }: let
|
||||
host@{ name, secure ? false, override ? {} }: let
|
||||
builder = if getEnv "dummy_secrets" == "true"
|
||||
then "buildbot"
|
||||
else "lass";
|
||||
_file = <stockholm> + "/lass/1systems/${name}/source.nix";
|
||||
in
|
||||
evalSource (toString _file) {
|
||||
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
|
||||
secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;
|
||||
lass = "/home/lass/secrets/${name}";
|
||||
};
|
||||
stockholm.file = toString <stockholm>;
|
||||
nixpkgs.git = {
|
||||
url = https://cgit.lassul.us/nixpkgs;
|
||||
# nixos-17.03
|
||||
# + copytoram:
|
||||
# 87a4615 & 334ac4f
|
||||
# + acme permissions for groups
|
||||
# fd7a8f1
|
||||
ref = "d9c85b3";
|
||||
};
|
||||
}
|
||||
evalSource (toString _file) [
|
||||
{
|
||||
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
|
||||
nixpkgs.git = {
|
||||
url = http://cgit.lassul.us/nixpkgs;
|
||||
# nixos-17.03
|
||||
# + copytoram:
|
||||
# 87a4615 & 334ac4f
|
||||
# + acme permissions for groups
|
||||
# fd7a8f1
|
||||
ref = "fe46ffc";
|
||||
};
|
||||
secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;
|
||||
lass = "/home/lass/secrets/${name}";
|
||||
};
|
||||
stockholm.file = toString <stockholm>;
|
||||
}
|
||||
override
|
||||
]
|
||||
|
|
|
@ -31,9 +31,20 @@ rec {
|
|||
default = null;
|
||||
};
|
||||
|
||||
managed = mkOption {
|
||||
ci = mkOption {
|
||||
description = ''
|
||||
If true, then the host's configuration is defined in stockholm.
|
||||
If true, then the host wants to be tested by some CI system.
|
||||
See <stockholm/krebs/2configs/buildbot-all.nix>
|
||||
'';
|
||||
type = bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
external = mkOption {
|
||||
description = ''
|
||||
Whether the host is defined externally (in contrast to being defined
|
||||
in <stockholm>). This is useful e.g. when legacy and/or adopted
|
||||
hosts should be part of retiolum or some other component.
|
||||
'';
|
||||
type = bool;
|
||||
default = false;
|
||||
|
|
|
@ -8,18 +8,6 @@ with import <stockholm/lib>;
|
|||
build = {
|
||||
user = config.krebs.users.mv;
|
||||
host = config.krebs.hosts.stro;
|
||||
source = let
|
||||
HOME = getEnv "HOME";
|
||||
host = config.krebs.build.host;
|
||||
in {
|
||||
nixos-config.symlink = "stockholm/mv/1systems/${host.name}.nix";
|
||||
secrets.file = "${HOME}/secrets/${host.name}";
|
||||
stockholm.file = "${HOME}/stockholm";
|
||||
nixpkgs.git = {
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -27,7 +15,7 @@ with import <stockholm/lib>;
|
|||
<secrets>
|
||||
<stockholm/krebs>
|
||||
<stockholm/tv/2configs/audit.nix>
|
||||
<stockholm/tv/2configs/bash.nix>
|
||||
<stockholm/tv/2configs/bash>
|
||||
<stockholm/tv/2configs/exim-retiolum.nix>
|
||||
<stockholm/tv/2configs/hw/x220.nix>
|
||||
<stockholm/tv/2configs/im.nix>
|
||||
|
@ -40,7 +28,6 @@ with import <stockholm/lib>;
|
|||
<stockholm/tv/2configs/xdg.nix>
|
||||
<stockholm/tv/2configs/xserver>
|
||||
<stockholm/tv/3modules>
|
||||
<stockholm/tv/5pkgs>
|
||||
];
|
||||
|
||||
boot.kernel.sysctl = {
|
||||
|
@ -124,13 +111,13 @@ with import <stockholm/lib>;
|
|||
|
||||
nix = {
|
||||
binaryCaches = ["https://cache.nixos.org"];
|
||||
# TODO check if both are required:
|
||||
chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
|
||||
requireSignedBinaryCaches = true;
|
||||
useChroot = true;
|
||||
# TODO check if both are required:
|
||||
sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ];
|
||||
useSandbox = true;
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = false;
|
||||
nixpkgs.config.packageOverrides = import <stockholm/tv/5pkgs> pkgs;
|
||||
|
||||
users = {
|
||||
defaultUserShell = "/run/current-system/sw/bin/bash";
|
3
mv/1systems/stro/source.nix
Normal file
3
mv/1systems/stro/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/mv/source.nix> {
|
||||
name = "stro";
|
||||
}
|
8
mv/dummy_secrets/default.nix
Normal file
8
mv/dummy_secrets/default.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.mv.pubkey
|
||||
];
|
||||
};
|
||||
}
|
3
mv/dummy_secrets/ssh.ed25519
Normal file
3
mv/dummy_secrets/ssh.ed25519
Normal file
|
@ -0,0 +1,3 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
dummy
|
||||
-----END OPENSSH PRIVATE KEY-----
|
23
mv/source.nix
Normal file
23
mv/source.nix
Normal file
|
@ -0,0 +1,23 @@
|
|||
with import <stockholm/lib>;
|
||||
host@{ name, override ? {} }: let
|
||||
builder = if getEnv "dummy_secrets" == "true"
|
||||
then "buildbot"
|
||||
else "mv";
|
||||
_file = <stockholm> + "/mv/1systems/${name}/source.nix";
|
||||
in
|
||||
evalSource (toString _file) [
|
||||
{
|
||||
nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
|
||||
nixpkgs.git = {
|
||||
# nixos-17.03
|
||||
ref = mkDefault "56da88a298a6f549701a10bb12072804a1ebfbd5";
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
};
|
||||
secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/mv/dummy_secrets>;
|
||||
mv = "/home/mv/secrets/${name}";
|
||||
};
|
||||
stockholm.file = toString <stockholm>;
|
||||
}
|
||||
override
|
||||
]
|
15
shell.nix
15
shell.nix
|
@ -9,6 +9,7 @@ let
|
|||
# usage: deploy
|
||||
# [--force-populate]
|
||||
# [--quiet]
|
||||
# [--source=PATH]
|
||||
# --system=SYSTEM
|
||||
# [--target=TARGET]
|
||||
# [--user=USER]
|
||||
|
@ -20,6 +21,7 @@ let
|
|||
\test -n "''${quiet-}" || quiet=false
|
||||
\test -n "''${target-}" || target=$system
|
||||
\test -n "''${user-}" || user=$LOGNAME
|
||||
\test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix
|
||||
. ${init.env}
|
||||
. ${init.proxy}
|
||||
|
||||
|
@ -29,6 +31,7 @@ let
|
|||
# usage: install
|
||||
# [--force-populate]
|
||||
# [--quiet]
|
||||
# [--source=PATH]
|
||||
# --system=SYSTEM
|
||||
# --target=TARGET
|
||||
# [--user=USER]
|
||||
|
@ -39,6 +42,7 @@ let
|
|||
. ${init.args}
|
||||
\test -n "''${quiet-}" || quiet=false
|
||||
\test -n "''${user-}" || user=$LOGNAME
|
||||
\test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix
|
||||
. ${init.env}
|
||||
|
||||
if \test "''${using_proxy-}" != true; then
|
||||
|
@ -76,6 +80,7 @@ let
|
|||
# usage: test
|
||||
# [--force-populate]
|
||||
# [--quiet]
|
||||
# [--source=PATH]
|
||||
# --system=SYSTEM
|
||||
# --target=TARGET
|
||||
# [--user=USER]
|
||||
|
@ -88,6 +93,7 @@ let
|
|||
. ${init.args}
|
||||
\test -n "''${quiet-}" || quiet=false
|
||||
\test -n "''${user-}" || user=$LOGNAME
|
||||
\test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix
|
||||
. ${init.env}
|
||||
. ${init.proxy}
|
||||
|
||||
|
@ -160,14 +166,16 @@ let
|
|||
init.args = pkgs.writeText "init.args" /* sh */ ''
|
||||
args=$(${pkgs.utillinux}/bin/getopt -n "$command" -s sh \
|
||||
-o Qs:t:u: \
|
||||
-l force-populate,quiet,system:,target:,user: \
|
||||
-l force-populate,quiet,source:,system:,target:,user: \
|
||||
-- "$@")
|
||||
if \test $? != 0; then exit 1; fi
|
||||
eval set -- "$args"
|
||||
force_populate=false
|
||||
source_file=
|
||||
while :; do case $1 in
|
||||
--force-populate) force_populate=true; shift;;
|
||||
--force-populate) force_populate=true; shift;;
|
||||
-Q|--quiet) quiet=true; shift;;
|
||||
--source) source_file=$2; shift 2;;
|
||||
-s|--system) system=$2; shift 2;;
|
||||
-t|--target) target=$2; shift 2;;
|
||||
-u|--user) user=$2; shift 2;;
|
||||
|
@ -196,7 +204,6 @@ let
|
|||
init.proxy = pkgs.writeText "init.proxy" /* sh */ ''
|
||||
if \test "''${using_proxy-}" != true; then
|
||||
|
||||
source_file=$user/1systems/$system/source.nix
|
||||
source=$(get-source "$source_file")
|
||||
qualified_target=$target_user@$target_host:$target_port$target_path
|
||||
if \test "$force_populate" = true; then
|
||||
|
@ -269,7 +276,7 @@ in pkgs.stdenv.mkDerivation {
|
|||
name = "stockholm";
|
||||
shellHook = /* sh */ ''
|
||||
export OLD_PATH="$PATH"
|
||||
export NIX_PATH=stockholm=$PWD:nixpkgs=${toString <nixpkgs>}
|
||||
export NIX_PATH=stockholm=${toString ./.}:nixpkgs=${toString <nixpkgs>}
|
||||
if test -e /nix/var/nix/daemon-socket/socket; then
|
||||
export NIX_REMOTE=daemon
|
||||
fi
|
||||
|
|
|
@ -15,9 +15,9 @@ with import <stockholm/lib>;
|
|||
tv.x0vncserver.enable = true;
|
||||
|
||||
# hardware configuration
|
||||
boot.initrd.luks.devices = [
|
||||
{ name = "vgmu1"; device = "/dev/sda2"; }
|
||||
];
|
||||
boot.initrd.luks.devices.muca = {
|
||||
device = "/dev/disk/by-uuid/a8796bb3-6c03-4ddf-b2e4-c2e44c51d352";
|
||||
};
|
||||
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ];
|
||||
boot.initrd.availableKernelModules = [ "ahci" ];
|
||||
boot.kernelModules = [ "fbcon" "kvm-intel" ];
|
||||
|
@ -25,16 +25,17 @@ with import <stockholm/lib>;
|
|||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/vgmu1/nixroot";
|
||||
fsType = "ext4";
|
||||
options = [ "defaults" "noatime" ];
|
||||
device = "/dev/mapper/muvga-root";
|
||||
fsType = "btrfs";
|
||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||
};
|
||||
"/home" = {
|
||||
device = "/dev/vgmu1/home";
|
||||
options = [ "defaults" "noatime" ];
|
||||
device = "/dev/mapper/muvga-home";
|
||||
fsType = "btrfs";
|
||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
device = "/dev/disk/by-uuid/DC38-F165";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -51,18 +52,19 @@ with import <stockholm/lib>;
|
|||
networking.networkmanager.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
chromium
|
||||
firefoxWrapper
|
||||
gimp
|
||||
iptables
|
||||
kdeApplications.l10n.de.qt5
|
||||
libreoffice
|
||||
pidginotr
|
||||
pidgin-with-plugins
|
||||
skype
|
||||
slock
|
||||
tinc_pre
|
||||
iptables
|
||||
vim
|
||||
gimp
|
||||
xsane
|
||||
firefoxWrapper
|
||||
chromium
|
||||
skype
|
||||
libreoffice
|
||||
pidgin-with-plugins
|
||||
pidginotr
|
||||
|
||||
#foomatic_filters
|
||||
#gutenprint
|
||||
|
|
|
@ -3,8 +3,7 @@
|
|||
<link rel="shortcut icon" href="favicon2.png" type="image/png">
|
||||
<i>This page intentionally left blank.</i>
|
||||
<!--
|
||||
Ok, it's not blank, here are the cookies (bots welcome):
|
||||
mailto:tomislav@viljetic.de
|
||||
https://github.com/4z3
|
||||
irc://freenode.net/#krebs
|
||||
irc://freenode.net/krebs
|
||||
-->
|
||||
|
|
Loading…
Reference in a new issue