diff --git a/default.nix b/default.nix
index cab55d40a..5ae8e399e 100644
--- a/default.nix
+++ b/default.nix
@@ -13,10 +13,7 @@ import <nixpkgs/nixos/lib/eval-config.nix> {
(attrNames (filterAttrs (_: eq "directory") (readDir (<stockholm> + "/${ns}/1systems"))))
(name: let
config = import (<stockholm> + "/${ns}/1systems/${name}/config.nix");
- source = import (<stockholm> + "/${ns}/1systems/${name}/source.nix");
in import <nixpkgs/nixos/lib/eval-config.nix> {
modules = [ config ];
- } // {
- inherit source;
});
}
diff --git a/jeschli/1systems/bolide/source.nix b/jeschli/1systems/bolide/source.nix
deleted file mode 100644
index 0bd7af50f..000000000
--- a/jeschli/1systems/bolide/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/jeschli/source.nix> {
- name = "bolide";
- secure = true;
-}
diff --git a/jeschli/1systems/brauerei/source.nix b/jeschli/1systems/brauerei/source.nix
deleted file mode 100644
index 61978768e..000000000
--- a/jeschli/1systems/brauerei/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/jeschli/source.nix> {
- name = "brauerei";
- secure = true;
-}
diff --git a/jeschli/1systems/enklave/source.nix b/jeschli/1systems/enklave/source.nix
deleted file mode 100644
index 4f9f37be7..000000000
--- a/jeschli/1systems/enklave/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/jeschli/source.nix> {
- name = "enklave";
-}
diff --git a/jeschli/1systems/reagenzglas/.source.nix.swp b/jeschli/1systems/reagenzglas/.source.nix.swp
deleted file mode 100644
index 8c1a75f39..000000000
Binary files a/jeschli/1systems/reagenzglas/.source.nix.swp and /dev/null differ
diff --git a/jeschli/1systems/reagenzglas/source.nix b/jeschli/1systems/reagenzglas/source.nix
deleted file mode 100644
index 7543de6b9..000000000
--- a/jeschli/1systems/reagenzglas/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/jeschli/source.nix> {
- name = "reagenzglas";
- secure = true;
-}
diff --git a/jeschli/source.nix b/jeschli/source.nix
deleted file mode 100644
index fc1413ee4..000000000
--- a/jeschli/source.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-with import <stockholm/lib>;
-host@{ name, secure ? false, override ? {} }: let
- builder = if getEnv "dummy_secrets" == "true"
- then "buildbot"
- else "jeschli";
- _file = <stockholm> + "/jeschli/1systems/${name}/source.nix";
- pkgs = import <nixpkgs> {
- overlays = map import [
- <stockholm/krebs/5pkgs>
- <stockholm/submodules/nix-writers/pkgs>
- ];
- };
-in
- evalSource (toString _file) [
- {
- nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
- nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
- secrets.file = getAttr builder {
- buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>;
- jeschli = "${getEnv "HOME"}/secrets/${name}";
- };
- stockholm.file = toString <stockholm>;
- stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
- }
- override
- ]
diff --git a/krebs/0tests/deploy.nix b/krebs/0tests/deploy.nix
index d96963500..5fae60ecc 100644
--- a/krebs/0tests/deploy.nix
+++ b/krebs/0tests/deploy.nix
@@ -44,11 +44,6 @@ let
exec >&2
source=${pkgs.writeJSON "source.json" populate-source}
LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source"
- # TODO: make deploy work
- #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \
- # --force-populate \
- # --source=${./data/test-source.nix} \
- # --system=server \
'';
minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> {
modules = [
diff --git a/krebs/1systems/hotdog/source.nix b/krebs/1systems/hotdog/source.nix
deleted file mode 100644
index 0fa61b20f..000000000
--- a/krebs/1systems/hotdog/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "hotdog";
-}
diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix
deleted file mode 100644
index 91a998de7..000000000
--- a/krebs/1systems/onebutton/source.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-with import <stockholm/lib>;
-let
- pkgs = import <nixpkgs> {};
- nixpkgs = builtins.fetchTarball {
- url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz;
- };
-in import <stockholm/krebs/source.nix> {
- name = "onebutton";
- override.nixpkgs = mkForce {
- file = toString nixpkgs;
- };
-
-}
diff --git a/krebs/1systems/puyak/source.nix b/krebs/1systems/puyak/source.nix
deleted file mode 100644
index a21651899..000000000
--- a/krebs/1systems/puyak/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "puyak";
-}
diff --git a/krebs/1systems/test-all-krebs-modules/source.nix b/krebs/1systems/test-all-krebs-modules/source.nix
deleted file mode 100644
index 66fdaa773..000000000
--- a/krebs/1systems/test-all-krebs-modules/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "test-all-krebs-modules";
-}
diff --git a/krebs/1systems/test-arch/source.nix b/krebs/1systems/test-arch/source.nix
deleted file mode 100644
index bff9d4325..000000000
--- a/krebs/1systems/test-arch/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "test-arch";
-}
diff --git a/krebs/1systems/test-centos6/source.nix b/krebs/1systems/test-centos6/source.nix
deleted file mode 100644
index 3693bbb29..000000000
--- a/krebs/1systems/test-centos6/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "test-centos6";
-}
diff --git a/krebs/1systems/test-centos7/source.nix b/krebs/1systems/test-centos7/source.nix
deleted file mode 100644
index 44230f08d..000000000
--- a/krebs/1systems/test-centos7/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "test-centos7";
-}
diff --git a/krebs/1systems/test-failing/source.nix b/krebs/1systems/test-failing/source.nix
deleted file mode 100644
index 60b77a0a0..000000000
--- a/krebs/1systems/test-failing/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "test-failing";
-}
diff --git a/krebs/1systems/test-minimal-deploy/source.nix b/krebs/1systems/test-minimal-deploy/source.nix
deleted file mode 100644
index 032ab12bb..000000000
--- a/krebs/1systems/test-minimal-deploy/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "test-minimal-deploy";
-}
diff --git a/krebs/1systems/wolf/source.nix b/krebs/1systems/wolf/source.nix
deleted file mode 100644
index c292bfa62..000000000
--- a/krebs/1systems/wolf/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "wolf";
-}
diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix
index 0aa9288ec..d10fb7203 100644
--- a/krebs/2configs/buildbot-stockholm.nix
+++ b/krebs/2configs/buildbot-stockholm.nix
@@ -1,47 +1,11 @@
-{ config, pkgs, ... }: with import <stockholm/lib>;
+{ config, ... }: with import <stockholm/lib>;
-let
-
- hostname = config.networking.hostName;
-
- sourceRepos = [
- "http://cgit.enklave.r/stockholm"
- "http://cgit.gum.r/stockholm"
- "http://cgit.hotdog.r/stockholm"
- "http://cgit.ni.r/stockholm"
- "http://cgit.prism.r/stockholm"
- ];
-
- # usage: build USER HOST
- # This executable is meant to be run with <stockholm> as working directory.
- # USER is expected to be a subdirectory of the working directory.
- build = pkgs.writeDash "build" ''
- set -efu
-
- user=$1
- host=$2
-
- result=$(nix-build \
- --argstr name "$host" \
- --argstr target "$HOME"/stockholm-build \
- --attr test \
- --no-build-output \
- --no-out-link \
- --show-trace \
- "$user"/krops.nix \
- )
-
- exec "$result"
- '';
-
-
-in
{
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts.build = {
- serverAliases = [ "build.${hostname}.r" ];
+ serverAliases = [ "build.${config.networking.hostName}.r" ];
locations."/".extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
@@ -49,155 +13,28 @@ in
'';
};
};
-
- krebs.buildbot.master = {
- slaves = {
- testslave = "lasspass";
- };
- change_source.stockholm = concatMapStrings (repo: ''
- cs.append(
- changes.GitPoller(
- "${repo}",
- workdir='stockholm${elemAt(splitString "." repo) 1}', branches=True,
- project='stockholm',
- pollinterval=10
- )
- )
- '') sourceRepos;
- scheduler = {
- auto-scheduler = ''
- sched.append(
- schedulers.SingleBranchScheduler(
- change_filter=util.ChangeFilter(branch_re=".*"),
- treeStableTimer=60,
- name="build-all-branches",
- builderNames=[
- "hosts",
- ]
- )
- )
- '';
- force-scheduler = ''
- sched.append(
- schedulers.ForceScheduler(
- name="hosts",
- builderNames=[
- "hosts",
- ]
- )
- )
- '';
- };
- builder_pre = ''
- # prepare grab_repo step for stockholm
- grab_repo = steps.Git(
- repourl=util.Property('repository', 'http://cgit.hotdog.r/stockholm'),
- mode='full',
- submodules=True,
- )
- '';
- builder = {
- hosts = ''
- from buildbot import interfaces
- from buildbot.steps.shell import ShellCommand
-
- class StepToStartMoreSteps(ShellCommand):
- def __init__(self, **kwargs):
- ShellCommand.__init__(self, **kwargs)
-
- def addBuildSteps(self, steps_factories):
- for sf in steps_factories:
- step = interfaces.IBuildStepFactory(sf).buildStep()
- step.setBuild(self.build)
- step.setBuildSlave(self.build.slavebuilder.slave)
- step_status = self.build.build_status.addStepWithName(step.name)
- step.setStepStatus(step_status)
- self.build.steps.append(step)
-
- def start(self):
- props = self.build.getProperties()
- hosts = json.loads(props.getProperty('hosts_json'))
- for host in hosts:
- user = hosts[host]['owner']
-
- self.addBuildSteps([steps.ShellCommand(
- name=str(host),
- env={
- "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src",
- "NIX_REMOTE": "daemon",
- },
- command=[
- "${build}", user, host
- ],
- timeout=90001,
- workdir='build', # TODO figure out why we need this?
- )])
-
- ShellCommand.start(self)
-
-
- f = util.BuildFactory()
- f.addStep(grab_repo)
-
- f.addStep(steps.SetPropertyFromCommand(
- env={
- "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src",
- "NIX_REMOTE": "daemon",
- },
- name="get_hosts",
- command=["nix-instantiate", "--json", "--strict", "--eval", "-E", """
- with import <nixpkgs> {};
- let
- eval-config = cfg:
- import <nixpkgs/nixos/lib/eval-config.nix> {
- modules = [
- (import cfg)
- ];
- }
- ;
-
- system = eval-config ./krebs/1systems/hotdog/config.nix; # TODO put a better config here
-
- ci-systems = lib.filterAttrs (_: v: v.ci) system.config.krebs.hosts;
-
- filtered-attrs = lib.mapAttrs ( n: v: {
- owner = v.owner.name;
- }) ci-systems;
-
- in filtered-attrs
- """],
- property="hosts_json"
- ))
- f.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here
-
- bu.append(
- util.BuilderConfig(
- name="hosts",
- slavenames=slavenames,
- factory=f
- )
- )
- '';
- };
+ krebs.ci = {
enable = true;
- web.enable = true;
- irc = {
- enable = true;
- nick = "build|${hostname}";
- server = "irc.r";
- channels = [ "noise" "xxx" ];
- allowForce = true;
+ repos = {
+ disko.urls = [
+ "http://cgit.gum.r/disko"
+ "http://cgit.hotdog.r/disko"
+ "http://cgit.ni.r/disko"
+ "http://cgit.prism.r/disko"
+ ];
+ nix_writers.urls = [
+ "http://cgit.hotdog.r/nix-writers"
+ "http://cgit.ni.r/nix-writers"
+ "http://cgit.prism.r/nix-writers"
+ "https://git.ingolf-wagner.de/krebs/nix-writers.git"
+ ];
+ stockholm.urls = [
+ "http://cgit.enklave.r/stockholm"
+ "http://cgit.gum.r/stockholm"
+ "http://cgit.hotdog.r/stockholm"
+ "http://cgit.ni.r/stockholm"
+ "http://cgit.prism.r/stockholm"
+ ];
};
- extraConfig = ''
- c['buildbotURL'] = "http://build.${hostname}.r/"
- '';
- };
-
- krebs.buildbot.slave = {
- enable = true;
- masterhost = "localhost";
- username = "testslave";
- password = "lasspass";
- packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ];
};
}
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 7b970923d..fafcd72c3 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -49,6 +49,7 @@ with import <stockholm/lib>;
users.mutableUsers = false;
users.extraUsers.root.openssh.authorizedKeys.keys = [
# TODO
+ config.krebs.users.jeschli-brauerei.pubkey
config.krebs.users.lass.pubkey
config.krebs.users.lass-mors.pubkey
config.krebs.users.makefu.pubkey
diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix
index ba3715161..dc2838cae 100644
--- a/krebs/2configs/reaktor-krebs.nix
+++ b/krebs/2configs/reaktor-krebs.nix
@@ -10,6 +10,7 @@ with import <stockholm/lib>;
];
extraEnviron = {
REAKTOR_HOST = "irc.freenode.org";
+ REAKTOR_NICKSERV_PASSWORD = "/var/lib/Reaktor/reaktor_nickserv_password";
};
plugins = with pkgs.ReaktorPlugins; [
sed-plugin
@@ -21,4 +22,9 @@ with import <stockholm/lib>;
(attrValues (todo "agenda"))
;
};
+ krebs.secret.files.nix-serve-key = {
+ path = "/var/lib/Reaktor/reaktor_nickserv_password";
+ owner.name = "Reaktor";
+ source-path = toString <secrets> + "/reaktor_nickserv_password";
+ };
}
diff --git a/krebs/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix
index 90573ca1c..824f59d09 100644
--- a/krebs/2configs/reaktor-retiolum.nix
+++ b/krebs/2configs/reaktor-retiolum.nix
@@ -4,7 +4,7 @@ with import <stockholm/lib>;
{
krebs.Reaktor.retiolum = {
nickname = "Reaktor|lass";
- channels = [ "#xxx" ];
+ channels = [ "#noise" "#xxx" ];
extraEnviron = {
REAKTOR_HOST = "irc.r";
};
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix
index 99a7a55ef..677b6f7b8 100644
--- a/krebs/3modules/Reaktor.nix
+++ b/krebs/3modules/Reaktor.nix
@@ -122,6 +122,7 @@ let
wantedBy = [ "multi-user.target" ];
environment = {
GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ PYTHONPATH = "${pkgs.Reaktor}/lib/python3.6/site-packages";
REAKTOR_NICKNAME = botcfg.nickname;
REAKTOR_DEBUG = (if botcfg.debug then "True" else "False");
REAKTOR_CHANNELS = lib.concatStringsSep "," botcfg.channels;
diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix
index 8f8440eb7..76eb4b136 100644
--- a/krebs/3modules/announce-activation.nix
+++ b/krebs/3modules/announce-activation.nix
@@ -53,7 +53,7 @@ in {
};
};
config = mkIf cfg.enable {
- system.activationScripts.announce-activation = ''
+ system.activationScripts.announce-activation = stringAfter [ "etc" ] ''
${announce-activation}
'';
};
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index a02f3645d..209dbe980 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -82,6 +82,7 @@ let
irc = words.IRC("${cfg.irc.server}", "${cfg.irc.nick}",
channels=${builtins.toJSON cfg.irc.channels},
notify_events={
+ 'started': 1,
'success': 1,
'failure': 1,
'exception': 1,
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index fba585448..544f9c4e0 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -160,8 +160,6 @@ let
# TODO: maybe also prepare buildbot.tac?
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
set -efux
- #remove garbage from old versions
- rm -rf ${workdir}
mkdir -p ${workdir}/info
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
echo ${contact} > ${workdir}/info/admin
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index cf82401d3..16c6d4315 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -26,8 +26,8 @@ let
hostname = config.networking.hostName;
getJobs = pkgs.writeDash "get_jobs" ''
- nix-build --no-out-link ./ci.nix 2>&1 > /dev/null
- nix-instantiate --eval --strict --json ./ci.nix
+ nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null
+ nix-instantiate --quiet -Q --eval --strict --json ./ci.nix
'';
imp = {
@@ -53,9 +53,12 @@ let
nameValuePair name ''
sched.append(
schedulers.SingleBranchScheduler(
- change_filter=util.ChangeFilter(branch_re=".*"),
+ change_filter=util.ChangeFilter(
+ branch_re=".*",
+ project='${name}',
+ ),
treeStableTimer=60,
- name="build-all-branches",
+ name="${name}-all-branches",
builderNames=[
"${name}",
]
@@ -97,6 +100,10 @@ let
command=[
new_steps[new_step]
],
+ env={
+ "NIX_REMOTE": "daemon",
+ "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
+ },
timeout=90001,
workdir='build', # TODO figure out why we need this?
)])
@@ -121,7 +128,7 @@ let
},
name="get_steps",
command=["${getJobs}"],
- property="steps_json"
+ extract_fn=lambda rc, stdout, stderr: { 'steps_json': stdout },
))
f_${name}.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here
@@ -141,7 +148,7 @@ let
enable = true;
nick = "build|${hostname}";
server = "irc.r";
- channels = [ "noise" ];
+ channels = [ "xxx" "noise" ];
allowForce = true;
};
extraConfig = ''
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 82ae3b02e..41b701cd0 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -182,6 +182,11 @@ let
to = concatMapStringsSep "," (getAttr "mail") (toList to);
};
in mapAttrsToList format (with config.krebs.users; let
+ brain-ml = [
+ lass
+ makefu
+ tv
+ ];
eloop-ml = spam-ml ++ [ ciko ];
spam-ml = [
lass
@@ -191,6 +196,7 @@ let
ciko.mail = "ciko@slash16.net";
in {
"anmeldung@eloop.org" = eloop-ml;
+ "brain@krebsco.de" = brain-ml;
"cfp@eloop.org" = eloop-ml;
"kontakt@eloop.org" = eloop-ml;
"root@eloop.org" = eloop-ml;
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index e6eb3d287..889ee2817 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -129,6 +129,8 @@ in {
"graphite.shack"
"acng.shack"
"drivedroid.shack"
+ "mobile.lounge.mpd.shack"
+ "lounge.mpd.wolf.shack"
];
};
retiolum = {
@@ -138,6 +140,7 @@ in {
"wolf.r"
"build.wolf.r"
"cgit.wolf.r"
+ "lounge.mpd.wolf.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 9630d7a7f..454f9bc65 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -1,7 +1,9 @@
{ config, ... }:
with import <stockholm/lib>;
-
+## generate keys with:
+# tinc generate-keys
+# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
{
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
cake = rec {
@@ -29,6 +31,32 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake";
};
+ crapi = rec { # raspi1
+ cores = 1;
+ ci = false;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.136.237";
+ ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee2";
+ aliases = [
+ "crapi.r"
+ ];
+ tinc.pubkey = ''
+ Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66
+ OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L
+ R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk
+ OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME
+ di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl
+ bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi";
+ };
drop = rec {
ci = true;
cores = 1;
@@ -298,6 +326,13 @@ with import <stockholm/lib>;
-----END RSA PUBLIC KEY-----
'';
};
+ #wiregrill = {
+ # ip6.addr = "42:4200:0000:0000:0000:0000:0000:a4db";
+ # aliases = [
+ # "x.w"
+ # ];
+ # wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
+ #};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x";
@@ -457,8 +492,6 @@ with import <stockholm/lib>;
ip6.addr = "42:f9f0::10";
aliases = [
"omo.r"
- "logs.makefu.r"
- "stats.makefu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -525,7 +558,9 @@ with import <stockholm/lib>;
"krebsco.de" = ''
cache.euer IN A ${nets.internet.ip4.addr}
cache.gum IN A ${nets.internet.ip4.addr}
+ graph IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
+ iso.euer IN A ${nets.internet.ip4.addr}
'';
};
cores = 8;
@@ -537,13 +572,24 @@ with import <stockholm/lib>;
"nextgum.i"
];
};
+ #wiregrill = {
+ # via = internet;
+ # ip6.addr = "42:4200:0000:0000:0000:0000:0000:70d3";
+ # aliases = [
+ # "gum.w"
+ # ];
+ # wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
+ #};
retiolum = {
via = internet;
ip4.addr = "10.243.0.213";
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
aliases = [
"nextgum.r"
+ "graph.r"
"cache.gum.r"
+ "logs.makefu.r"
+ "stats.makefu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -579,7 +625,6 @@ with import <stockholm/lib>;
boot.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
mon.euer IN A ${nets.internet.ip4.addr}
- graph IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
photostore IN A ${nets.internet.ip4.addr}
@@ -604,7 +649,6 @@ with import <stockholm/lib>;
"o.gum.r"
"tracker.makefu.r"
- "graph.r"
"search.makefu.r"
"wiki.makefu.r"
"wiki.gum.r"
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix
index 02176ec4a..3ba598a45 100644
--- a/krebs/3modules/setuid.nix
+++ b/krebs/3modules/setuid.nix
@@ -58,7 +58,7 @@ let
};
};
config.activate = let
- src = pkgs.execve config.name {
+ src = pkgs.exec config.name {
inherit (config) envp filename;
};
dst = "${wrapperDir}/${config.name}";
diff --git a/krebs/5pkgs/simple/Reaktor/default.nix b/krebs/5pkgs/simple/Reaktor/default.nix
index 6989bb02b..a9566087f 100644
--- a/krebs/5pkgs/simple/Reaktor/default.nix
+++ b/krebs/5pkgs/simple/Reaktor/default.nix
@@ -1,8 +1,8 @@
-{ lib, pkgs,python3Packages,fetchurl, ... }:
+{ lib, pkgs, python3Packages, fetchFromGitHub, ... }:
python3Packages.buildPythonPackage rec {
name = "Reaktor-${version}";
- version = "0.5.1";
+ version = "0.6.0";
doCheck = false;
@@ -10,9 +10,11 @@ python3Packages.buildPythonPackage rec {
python3Packages.docopt
python3Packages.requests
];
- src = fetchurl {
- url = "https://pypi.python.org/packages/source/R/Reaktor/Reaktor-${version}.tar.gz";
- sha256 = "0dn9r0cyxi1sji2pnybsrc4hhaaq7hmf235nlgkrxqlsdb7y6n6n";
+ src = fetchFromGitHub {
+ owner = "krebs";
+ repo = "Reaktor";
+ rev = version;
+ sha256 = "0nsnv1rixmlg5wkb74b4f5bycb42b9rp4b14hijh558hbsa1b9am";
};
meta = {
homepage = http://krebsco.de/;
diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix
index 92a270ef3..6f59ad1de 100644
--- a/krebs/5pkgs/simple/Reaktor/plugins.nix
+++ b/krebs/5pkgs/simple/Reaktor/plugins.nix
@@ -120,7 +120,7 @@ rec {
url-title = (buildSimpleReaktorPlugin "url-title" {
pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$";
path = with pkgs; [ curl perl ];
- script = pkgs.writePython3 "url-title" [ "beautifulsoup4" "lxml" ] ''
+ script = pkgs.writePython3 "url-title" { deps = with pkgs.python3Packages; [ beautifulsoup4 lxml ]; } ''
import cgi
import sys
import urllib.request
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
index 51ac7a071..ecb03917b 100644
--- a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
+++ b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
@@ -8,9 +8,19 @@ import shelve
from os import environ
from os.path import join
from sys import argv
+from time import sleep
import re
-d = shelve.open(join(environ['state_dir'], 'sed-plugin.shelve'), writeback=True)
+# try to open the shelve file until it succeeds
+while True:
+ try:
+ d = shelve.open(
+ join(environ['state_dir'], 'sed-plugin.shelve'),
+ writeback=True
+ )
+ break
+ except: # noqa: E722
+ sleep(0.2)
usr = environ['_from']
diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix
index 4fae6256d..665b36ab4 100644
--- a/krebs/5pkgs/simple/buildbot-classic/default.nix
+++ b/krebs/5pkgs/simple/buildbot-classic/default.nix
@@ -2,7 +2,7 @@
python2Packages.buildPythonApplication rec {
name = "buildbot-classic-${version}";
- version = "0.8.17";
+ version = "0.8.18";
namePrefix = "";
patches = [];
@@ -10,7 +10,7 @@ python2Packages.buildPythonApplication rec {
owner = "krebs";
repo = "buildbot-classic";
rev = version;
- sha256 = "0yn0n37rs2bhz9q0simnvyzz5sfrpqhbdm6pdj6qk7sab4y6xbq8";
+ sha256 = "0b4y3n9zd2gdy8xwk1vpvs4n9fbg72vi8mx4ydgijwngcmdqkjmq";
};
postUnpack = "sourceRoot=\${sourceRoot}/master";
diff --git a/krebs/5pkgs/simple/krebspaste/default.nix b/krebs/5pkgs/simple/krebspaste/default.nix
index 31ad12780..a11c8c90a 100644
--- a/krebs/5pkgs/simple/krebspaste/default.nix
+++ b/krebs/5pkgs/simple/krebspaste/default.nix
@@ -1,6 +1,6 @@
{ writeDashBin, bepasty-client-cli }:
-# TODO use `execve` instead?
+# TODO use `pkgs.exec` instead?
writeDashBin "krebspaste" ''
exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" | sed '$ s/$/\/+inline/g'
''
diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix
deleted file mode 100644
index c973386d6..000000000
--- a/krebs/5pkgs/simple/stockholm/default.nix
+++ /dev/null
@@ -1,230 +0,0 @@
-{ pkgs }: let
-
- stockholm-dir = ../../../..;
-
- lib = import (stockholm-dir + "/lib");
-
- #
- # high level commands
- #
-
- cmds.deploy = pkgs.withGetopt {
- force-populate = { default = /* sh */ "false"; switch = true; };
- quiet = { default = /* sh */ "false"; switch = true; };
- source_file = {
- default = /* sh */ "$user/1systems/$system/source.nix";
- long = "source";
- };
- system = {};
- target.default = /* sh */ "$system";
- user.default = /* sh */ "$LOGNAME";
- } (opts: pkgs.writeDash "stockholm.deploy" ''
- set -efu
-
- . ${init.env}
- . ${init.proxy "deploy" opts}
-
- # Use system's nixos-rebuild, which is not self-contained
- export PATH=/run/current-system/sw/bin
- exec ${utils.with-whatsupnix} \
- nixos-rebuild switch \
- --show-trace \
- -I "$target_path"
- '');
-
- cmds.get-version = pkgs.writeDash "get-version" ''
- set -efu
- hostname=''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)}
- version=git.$(${pkgs.git}/bin/git describe --always --dirty)
- case $version in (*-dirty)
- version=$version@$hostname
- esac
- date=$(${pkgs.coreutils}/bin/date +%y.%m)
- echo "$date.$version"
- '';
-
- cmds.install = pkgs.withGetopt {
- force-populate = { default = /* sh */ "false"; switch = true; };
- quiet = { default = /* sh */ "false"; switch = true; };
- source_file = {
- default = /* sh */ "$user/1systems/$system/source.nix";
- long = "source";
- };
- system = {};
- target = {};
- user.default = /* sh */ "$LOGNAME";
- } (opts: pkgs.writeBash "stockholm.install" ''
- set -efu
-
- . ${init.env}
-
- if \test "''${using_proxy-}" != true; then
- ${pkgs.openssh}/bin/ssh \
- -o StrictHostKeyChecking=no \
- -o UserKnownHostsFile=/dev/null \
- "$target_user@$target_host" -p "$target_port" \
- env target_path=$(${pkgs.quote}/bin/quote "$target_path") \
- sh -s prepare \
- < ${stockholm-dir + "/krebs/4lib/infest/prepare.sh"}
- # TODO inline prepare.sh?
- fi
-
- . ${init.proxy "install" opts}
-
- # these variables get defined by nix-shell (i.e. nix-build) from
- # XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0),
- # which only exists on / and not at /mnt.
- export NIX_BUILD_TOP=/tmp
- export TEMPDIR=/tmp
- export TEMP=/tmp
- export TMPDIR=/tmp
- export TMP=/tmp
- export XDG_RUNTIME_DIR=/tmp
-
- export NIXOS_CONFIG="$target_path/nixos-config"
-
- cd
- exec nixos-install
- '');
-
- cmds.test = pkgs.withGetopt {
- force-populate = { default = /* sh */ "false"; switch = true; };
- quiet = { default = /* sh */ "false"; switch = true; };
- source_file = {
- default = /* sh */ "$user/1systems/$system/source.nix";
- long = "source";
- };
- system = {};
- target = {};
- user.default = /* sh */ "$LOGNAME";
- } (opts: pkgs.writeDash "stockholm.test" /* sh */ ''
- set -efu
-
- export dummy_secrets=true
-
- . ${init.env}
- . ${init.proxy "test" opts}
-
- exec ${utils.build} config.system.build.toplevel
- '');
-
- #
- # low level commands
- #
-
- # usage: get-source SOURCE_FILE
- cmds.get-source = pkgs.writeDash "stockholm.get-source" ''
- set -efu
- exec ${pkgs.nix}/bin/nix-instantiate \
- --eval \
- --json \
- --readonly-mode \
- --show-trace \
- --strict \
- "$1"
- '';
-
- # usage: parse-target [--default=TARGET] TARGET
- # TARGET = [USER@]HOST[:PORT][/PATH]
- cmds.parse-target = pkgs.withGetopt {
- default_target = {
- long = "default";
- short = "d";
- };
- } (opts: pkgs.writeDash "stockholm.parse-target" ''
- set -efu
- target=$1; shift
- for arg; do echo "$0: bad argument: $arg" >&2; done
- if \test $# != 0; then exit 2; fi
- exec ${pkgs.jq}/bin/jq \
- -enr \
- --arg default_target "$default_target" \
- --arg target "$target" \
- -f ${pkgs.writeText "stockholm.parse-target.jq" ''
- def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | {
- user: .captures[0].string,
- host: .captures[1].string,
- port: .captures[2].string,
- path: .captures[3].string,
- };
- def sanitize: with_entries(select(.value != null));
- ($default_target | parse) + ($target | parse | sanitize) |
- . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) }
- ''}
- '');
-
- init.env = pkgs.writeText "init.env" /* sh */ ''
-
- export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
-
- export quiet
- export system
- export target
- export user
-
- default_target=root@$system:22/var/src
-
- export target_object="$(
- ${cmds.parse-target} "$target" -d "$default_target"
- )"
- export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)"
- export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)"
- export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)"
- export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)"
- export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)"
- '';
-
- init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ ''
- if \test "''${using_proxy-}" != true; then
-
- source=$(${cmds.get-source} "$source_file")
- qualified_target=$target_user@$target_host:$target_port$target_path
- if \test "$force_populate" = true; then
- echo "$source" | ${pkgs.populate}/bin/populate --force "$qualified_target"
- else
- echo "$source" | ${pkgs.populate}/bin/populate "$qualified_target"
- fi
-
- if \test "$target_local" != true; then
- exec ${pkgs.openssh}/bin/ssh \
- "$target_user@$target_host" -p "$target_port" \
- cd "$target_path/stockholm" \; \
- NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \
- nix-shell --run "$(${pkgs.quote}/bin/quote "
- ${lib.concatStringsSep " " (lib.mapAttrsToList
- (name: opt: /* sh */
- "${opt.varname}=\$(${pkgs.quote}/bin/quote ${opt.ref})")
- opts
- )} \
- using_proxy=true \
- ${lib.shell.escape command} \
- $WITHGETOPT_ORIG_ARGS \
- ")"
- fi
- fi
- '';
-
- utils.build = pkgs.writeDash "utils.build" ''
- set -efu
- ${utils.with-whatsupnix} \
- ${pkgs.nix}/bin/nix-build \
- --no-out-link \
- --show-trace \
- -E "with import <stockholm>; $1" \
- -I "$target_path" \
- '';
-
- utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" ''
- set -efu
- if \test "$quiet" = true; then
- "$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix
- else
- exec "$@"
- fi
- '';
-
-in
-
- pkgs.write "stockholm" (lib.mapAttrs' (name: link:
- lib.nameValuePair "/bin/${name}" { inherit link; }
- ) cmds)
diff --git a/krebs/5pkgs/simple/syncthing-device-id.nix b/krebs/5pkgs/simple/syncthing-device-id.nix
new file mode 100644
index 000000000..9533800fd
--- /dev/null
+++ b/krebs/5pkgs/simple/syncthing-device-id.nix
@@ -0,0 +1,49 @@
+{ openssl, writePython2Bin }:
+
+writePython2Bin "syncthing-device-id" {
+ flakeIgnore = [
+ "E226"
+ "E302"
+ "E305"
+ "E501"
+ "F401"
+ ];
+} /* python */ ''
+ import base64
+ import hashlib
+ import subprocess
+ import sys
+
+ B32ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'
+
+ def luhn_checksum(data, alphabet=B32ALPHABET):
+ n = len(alphabet)
+ number = tuple(alphabet.index(i) for i in reversed(data))
+ result = (sum(number[::2]) +
+ sum(sum(divmod(i * 2, n)) for i in number[1::2])) % n
+ return alphabet[-result]
+
+ def main(incert):
+ der_data = subprocess.check_output([
+ '${openssl}/bin/openssl',
+ 'x509',
+ '-outform',
+ 'DER',
+ ], stdin=incert)
+ data_hash = hashlib.sha256(der_data)
+ b32_hash = base64.b32encode(data_hash.digest()).decode('ascii')
+
+ result = b32_hash.upper().rstrip('=')
+ blocks = [result[pos:pos+13] for pos in range(0, len(result), 13)]
+ result = '''.join(block + luhn_checksum(block) for block in blocks)
+
+ blocks = [result[pos:pos+7] for pos in range(0, len(result), 7)]
+ print('-'.join(blocks))
+
+ if __name__ == '__main__':
+ import argparse
+ parser = argparse.ArgumentParser(description='Generate syncthing ID from certificate')
+ parser.add_argument('incert', type=argparse.FileType('rb'), help='Certificate path')
+ args = parser.parse_args()
+ main(**vars(args))
+''
diff --git a/krebs/krops.nix b/krebs/krops.nix
index 5378d6fb0..864cc8066 100644
--- a/krebs/krops.nix
+++ b/krebs/krops.nix
@@ -2,7 +2,7 @@
krops = builtins.fetchGit {
url = https://cgit.krebsco.de/krops/;
- rev = "4e466eaf05861b47365c5ef46a31a188b70f3615";
+ rev = "c46166d407c7d246112f13346621a3fbdb25889e";
};
lib = import "${krops}/lib";
@@ -18,7 +18,7 @@
stockholm.file = toString ../.;
stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" ''
set -efu
- cd $HOME/stockholm
+ cd ${lib.escapeShellArg krebs-source.stockholm.file}
V=$(${pkgs.coreutils}/bin/date +%y.%m)
if test -d .git; then
V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index a9a0f6634..a3612fa7a 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "a37638d46706610d12c9747614fd1b8f8d35ad48",
- "date": "2018-08-30T21:03:26+02:00",
- "sha256": "0rsdkk4z7pkqr2mw0pq7i6fkqs7gbi5kral3c8smm9bw104sn8v7",
+ "rev": "d16a7abceb72aac85e0deb8c45fbcb7127baf628",
+ "date": "2018-09-20T18:31:51-05:00",
+ "sha256": "0byf6rlwwy70v2sdfmv7mnwd0kvxmlq0pi8ijghg0mcfhcqibgh7",
"fetchSubmodules": true
}
diff --git a/krebs/source.nix b/krebs/source.nix
deleted file mode 100644
index 5b86e89c6..000000000
--- a/krebs/source.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-with import <stockholm/lib>;
-host@{ name, secure ? false, override ? {} }: let
- builder = if getEnv "dummy_secrets" == "true"
- then "buildbot"
- else "krebs";
- _file = <stockholm> + "/krebs/1systems/${name}/source.nix";
- pkgs = import <nixpkgs> {
- overlays = map import [
- <stockholm/krebs/5pkgs>
- <stockholm/submodules/nix-writers/pkgs>
- ];
- };
-in
- evalSource (toString _file) [
- {
- nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
- secrets = getAttr builder {
- buildbot.file = toString <stockholm/krebs/0tests/data/secrets>;
- krebs.pass = {
- dir = "${getEnv "HOME"}/brain";
- name = "krebs-secrets/${name}";
- };
- };
- stockholm.file = toString <stockholm>;
- stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
- nixpkgs = (import ./krops.nix { name = ""; }).krebs-source.nixpkgs;
- }
- override
- ]
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
deleted file mode 100644
index d8b979812..000000000
--- a/lass/1systems/blue/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/lass/source.nix> {
- name = "blue";
- secure = true;
-}
diff --git a/lass/1systems/cabal/source.nix b/lass/1systems/cabal/source.nix
deleted file mode 100644
index 5d9507f3d..000000000
--- a/lass/1systems/cabal/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/lass/source.nix> {
- name = "cabal";
- secure = true;
-}
diff --git a/lass/1systems/daedalus/source.nix b/lass/1systems/daedalus/source.nix
deleted file mode 100644
index a15ac80c2..000000000
--- a/lass/1systems/daedalus/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/lass/source.nix> {
- name = "daedalus";
- secure = true;
-}
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index d54bd3e9e..1957c8ba4 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -16,6 +16,7 @@
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/wine.nix>
+ <stockholm/lass/2configs/blue-host.nix>
];
krebs.build.host = config.krebs.hosts.icarus;
diff --git a/lass/1systems/icarus/source.nix b/lass/1systems/icarus/source.nix
deleted file mode 100644
index 5b46a44f3..000000000
--- a/lass/1systems/icarus/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/lass/source.nix> {
- name = "icarus";
- secure = true;
-}
diff --git a/lass/1systems/littleT/source.nix b/lass/1systems/littleT/source.nix
deleted file mode 100644
index a86b8fd10..000000000
--- a/lass/1systems/littleT/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/lass/source.nix> {
- name = "littleT";
- secure = true;
-}
diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix
deleted file mode 100644
index a9dfa2eb6..000000000
--- a/lass/1systems/mors/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/lass/source.nix> {
- name = "mors";
- secure = true;
-}
diff --git a/lass/1systems/prism/source.nix b/lass/1systems/prism/source.nix
deleted file mode 100644
index 3dbd6c52b..000000000
--- a/lass/1systems/prism/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-with import <stockholm/lib>;
-import <stockholm/lass/source.nix> {
- name = "prism";
-}
diff --git a/lass/1systems/red/source.nix b/lass/1systems/red/source.nix
deleted file mode 100644
index f2bad743c..000000000
--- a/lass/1systems/red/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/lass/source.nix> {
- name = "red";
- secure = true;
-}
diff --git a/lass/1systems/shodan/source.nix b/lass/1systems/shodan/source.nix
deleted file mode 100644
index be24ae2d5..000000000
--- a/lass/1systems/shodan/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/lass/source.nix> {
- name = "shodan";
-}
diff --git a/lass/1systems/skynet/source.nix b/lass/1systems/skynet/source.nix
deleted file mode 100644
index 2aa627f5c..000000000
--- a/lass/1systems/skynet/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/lass/source.nix> {
- name = "skynet";
- secure = true;
-}
diff --git a/lass/1systems/uriel/source.nix b/lass/1systems/uriel/source.nix
deleted file mode 100644
index 11d6e1c34..000000000
--- a/lass/1systems/uriel/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/lass/source.nix> {
- name = "uriel";
-}
diff --git a/lass/1systems/xerxes/source.nix b/lass/1systems/xerxes/source.nix
deleted file mode 100644
index d256b885b..000000000
--- a/lass/1systems/xerxes/source.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-with import <stockholm/lib>;
-import <stockholm/lass/source.nix> {
- name = "xerxes";
- secure = true;
-}
diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
index 16c63ff38..68f2256cf 100644
--- a/lass/2configs/blue.nix
+++ b/lass/2configs/blue.nix
@@ -11,6 +11,8 @@ with (import <stockholm/lib>);
environment.systemPackages = with pkgs; [
ag
+ brain
+ dic
nmap
git-preview
];
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 300637ff8..97def9df3 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -34,6 +34,10 @@ let
rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo {
+ Reaktor = {
+ cgit.desc = "Reaktor IRC bot";
+ cgit.section = "software";
+ };
buildbot-classic = {
cgit.desc = "fork of buildbot";
cgit.section = "software";
@@ -54,6 +58,10 @@ let
cgit.desc = "take a rss feed and a timeout and print it to stdout";
cgit.section = "software";
};
+ nix-writers = {
+ cgit.desc = "high level writers for nix";
+ cgit.section = "software";
+ };
nixpkgs = {
cgit.desc = "nixpkgs fork";
cgit.section = "configuration";
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index a83d51f1d..fb7ae01b6 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -131,6 +131,30 @@ in {
};
};
+ systemd.services.radio-recent = let
+ recentlyPlayed = pkgs.writeDash "recentlyPlayed" ''
+ LIMIT=1000 #how many tracks to keep in the history
+ HISTORY_FILE=/tmp/played
+ while :; do
+ ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null
+ ${pkgs.mpc_cli}/bin/mpc current -f %file%
+ done | while read track; do
+ echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE"
+ echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
+ done
+ '';
+ in {
+ description = "radio recently played";
+ after = [ "mpd.service" "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ ExecStart = recentlyPlayed;
+ };
+ };
+
krebs.Reaktor.playlist = {
nickname = "the_playlist|r";
channels = [
@@ -157,27 +181,40 @@ in {
})
];
};
- services.nginx.virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let
- html = pkgs.writeText "index.html" ''
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="utf-8">
- <title>lassulus playlist</title>
- </head>
- <body>
- <div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
- <iframe src="https://kiwiirc.com/client/irc.freenode.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
- </div>
- <div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
- <audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>
- </div>
- <!-- page content -->
- </body>
- </html>
+ services.nginx = {
+ enable = true;
+ virtualHosts."radio.lassul.us" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/".extraConfig = ''
+ proxy_pass http://localhost:8000;
+ '';
+ locations."/recent".extraConfig = ''
+ alias /tmp/played;
+ '';
+ };
+ virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let
+ html = pkgs.writeText "index.html" ''
+ <!DOCTYPE html>
+ <html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <title>lassulus playlist</title>
+ </head>
+ <body>
+ <div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
+ <iframe src="https://kiwiirc.com/client/irc.freenode.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
+ </div>
+ <div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
+ <audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>
+ </div>
+ <!-- page content -->
+ </body>
+ </html>
+ '';
+ in ''
+ default_type "text/html";
+ alias ${html};
'';
- in ''
- default_type "text/html";
- alias ${html};
- '';
+ };
}
diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 9365582b8..44d8984d7 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -65,7 +65,7 @@ with import <stockholm/lib>;
})
(buildSimpleReaktorPlugin "random-unicorn-porn" {
pattern = "^!rup$$";
- script = pkgs.writePython2 "rup" [] ''
+ script = pkgs.writePython2 "rup" {} ''
t1 = """
_.
;=',_ ()
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 8f24fb212..4c29831a2 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -91,7 +91,7 @@ in {
script = pkgs.writeBash "test" ''
echo "hello world"
'';
- #script = pkgs.execve "ddate-wrapper" {
+ #script = pkgs.exec "ddate-wrapper" {
# filename = "${pkgs.ddate}/bin/ddate";
# argv = [];
#};
diff --git a/lass/source.nix b/lass/source.nix
deleted file mode 100644
index 49f919faf..000000000
--- a/lass/source.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-with import <stockholm/lib>;
-host@{ name, secure ? false, override ? {} }: let
- builder = if getEnv "dummy_secrets" == "true"
- then "buildbot"
- else "lass";
- _file = <stockholm> + "/lass/1systems/${name}/source.nix";
- pkgs = import <nixpkgs> {
- overlays = map import [
- <stockholm/krebs/5pkgs>
- <stockholm/submodules/nix-writers/pkgs>
- ];
- };
-in
- evalSource (toString _file) [
- {
- nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
- nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
- secrets = getAttr builder {
- buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
- lass.pass = {
- dir = "${getEnv "HOME"}/.password-store";
- name = "hosts/${name}";
- };
- };
- stockholm.file = toString <stockholm>;
- stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
- }
- override
- ]
diff --git a/makefu/0tests/data/secrets/mqtt/hass b/makefu/0tests/data/secrets/mqtt/hass
new file mode 100644
index 000000000..e69de29bb
diff --git a/makefu/0tests/data/secrets/mqtt/sensor b/makefu/0tests/data/secrets/mqtt/sensor
new file mode 100644
index 000000000..e69de29bb
diff --git a/makefu/0tests/data/secrets/mqtt/stats b/makefu/0tests/data/secrets/mqtt/stats
new file mode 100644
index 000000000..e69de29bb
diff --git a/makefu/1systems/crapi/README b/makefu/1systems/crapi/README
new file mode 100644
index 000000000..9278c764a
--- /dev/null
+++ b/makefu/1systems/crapi/README
@@ -0,0 +1,4 @@
+1. flash arm6 image from https://www.cs.helsinki.fi/u/tmtynkky/nixos-arm/installer/ to sdcard
+2. passwd; systemctl start sshd; mkdir /var/src ; touch /var/src/.populate
+3. "environment.systemPackages = [ pkgs.rsync pkgs.git ];" in /etc/nixos/configuration.nix
+5. nixos-rebuild switch --fast --option binary-caches http://nixos-arm.dezgeg.me/channel --option binary-cache-public-keys nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%
diff --git a/makefu/1systems/crapi/config.nix b/makefu/1systems/crapi/config.nix
new file mode 100644
index 000000000..d96b872d5
--- /dev/null
+++ b/makefu/1systems/crapi/config.nix
@@ -0,0 +1,46 @@
+{ config, pkgs, lib, ... }:
+{
+ # :l <nixpkgs>
+ # builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
+ imports = [
+ <stockholm/makefu>
+ <stockholm/makefu/2configs>
+ <stockholm/makefu/2configs/tinc/retiolum.nix>
+ <stockholm/makefu/2configs/save-diskspace.nix>
+
+ ];
+ krebs.build.host = config.krebs.hosts.crapi;
+ # NixOS wants to enable GRUB by default
+ boot.loader.grub.enable = false;
+
+ # Enables the generation of /boot/extlinux/extlinux.conf
+ boot.loader.generic-extlinux-compatible.enable = true;
+
+ boot.kernelPackages = pkgs.linuxPackages_rpi;
+
+ nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
+ nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
+
+ fileSystems = {
+ "/boot" = {
+ device = "/dev/disk/by-label/NIXOS_BOOT";
+ fsType = "vfat";
+ };
+ "/" = {
+ device = "/dev/disk/by-label/NIXOS_SD";
+ fsType = "ext4";
+ };
+ };
+
+ system.activationScripts.create-swap = ''
+ if [ ! -e /swapfile ]; then
+ fallocate -l 2G /swapfile
+ mkswap /swapfile
+ fi
+ '';
+ swapDevices = [ { device = "/swapfile"; size = 2048; } ];
+
+ nix.package = lib.mkForce pkgs.nixStable;
+ services.openssh.enable = true;
+
+}
diff --git a/makefu/1systems/crapi/source.nix b/makefu/1systems/crapi/source.nix
new file mode 100644
index 000000000..4a4359ee6
--- /dev/null
+++ b/makefu/1systems/crapi/source.nix
@@ -0,0 +1,3 @@
+{
+ arm6 = true;
+}
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 351844482..36af23bb5 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -74,14 +74,8 @@ in {
<stockholm/makefu/2configs/syncthing.nix>
# <stockholm/makefu/2configs/opentracker.nix>
- <stockholm/makefu/2configs/hub.nix>
- { # ncdc
- environment.systemPackages = [ pkgs.ncdc ];
- networking.firewall = {
- allowedUDPPorts = [ 51411 ];
- allowedTCPPorts = [ 51411 ];
- };
- }
+ <stockholm/makefu/2configs/dcpp/hub.nix>
+ <stockholm/makefu/2configs/dcpp/client.nix>
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/logging/client.nix>
@@ -103,55 +97,7 @@ in {
# locations."/".proxyPass = "http://localhost:5000";
# };
#}
- { # wireguard server
-
- # opkg install wireguard luci-proto-wireguard
-
- # TODO: networking.nat
-
- # boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
- # conf.all.proxy_arp =1
- networking.firewall = {
- allowedUDPPorts = [ 51820 ];
- extraCommands = ''
- iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
- '';
- };
-
- networking.wireguard.interfaces.wg0 = {
- ips = [ "10.244.0.1/24" ];
- listenPort = 51820;
- privateKeyFile = (toString <secrets>) + "/wireguard.key";
- allowedIPsAsRoutes = true;
- peers = [
- {
- # x
- allowedIPs = [ "10.244.0.2/32" ];
- publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
- }
- {
- # vbob
- allowedIPs = [ "10.244.0.3/32" ];
- publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
- }
- {
- # x-test
- allowedIPs = [ "10.244.0.4/32" ];
- publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
- }
- {
- # work-router
- allowedIPs = [ "10.244.0.5/32" ];
- publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
- }
- {
- # workr
- allowedIPs = [ "10.244.0.6/32" ];
- publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
- }
- ];
- };
- }
+ <stockholm/makefu/2configs/wireguard/server.nix>
{ # iperf3
networking.firewall.allowedUDPPorts = [ 5201 ];
networking.firewall.allowedTCPPorts = [ 5201 ];
diff --git a/makefu/1systems/hardware/tsp-disk.json b/makefu/1systems/hardware/tsp-disk.json
new file mode 100644
index 000000000..5a4bd26ab
--- /dev/null
+++ b/makefu/1systems/hardware/tsp-disk.json
@@ -0,0 +1,23 @@
+{
+ "type": "devices",
+ "content": {
+ "sda": {
+ "type": "table",
+ "format": "msdos",
+ "partitions": [
+ { "type": "partition",
+ "part-type": "primary",
+ "start": "1M",
+ "end": "100%",
+ "bootable": true,
+ "content": {
+ "type": "filesystem",
+ "format": "ext4",
+ "mountpoint": "/"
+ }
+ }
+ ]
+ }
+ }
+}
+
diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix
index f863321bd..34a75dbd3 100644
--- a/makefu/1systems/iso/config.nix
+++ b/makefu/1systems/iso/config.nix
@@ -11,6 +11,7 @@ with import <stockholm/lib>;
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
krebs.build.host = config.krebs.hosts.iso;
+ isoImage.isoBaseName = lib.mkForce "stockholm";
krebs.hidden-ssh.enable = true;
environment.systemPackages = with pkgs; [
aria2
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 109877bf1..be49db024 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -4,55 +4,23 @@
{ config, pkgs, lib, ... }:
let
- toMapper = id: "/media/crypt${builtins.toString id}";
- byid = dev: "/dev/disk/by-id/" + dev;
- keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
- rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904";
- rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2";
- primaryInterface = "enp2s0";
- firetv = "192.168.1.238";
- # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
- # cryptsetup luksAddKey $dev tmpkey
- # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
- # mkfs.xfs /dev/mapper/crypt0 -L crypt0
-
- # omo Chassis:
- # __FRONT_
- # |* d0 |
- # | |
- # |* d1 |
- # | |
- # |* d3 |
- # | |
- # |* |
- # |* d2 |
- # | * |
- # | * |
- # |_______|
- # cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
- cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV";
- cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
- cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
- cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4";
- # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
- # all physical disks
-
- # TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
- dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ];
- allDisks = [ rootDisk ] ++ dataDisks;
+ primaryInterface = config.makefu.server.primary-itf;
in {
imports =
[
+ #./hw/omo.nix
+ ./hw/tsp.nix
<stockholm/makefu>
- # TODO: unlock home partition via ssh
- <stockholm/makefu/2configs/fs/sda-crypto-root.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/backup.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
- <stockholm/makefu/2configs/smart-monitor.nix>
+ # <stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/mail-client.nix>
<stockholm/makefu/2configs/mosh.nix>
+ <stockholm/makefu/2configs/tools/core.nix>
+ <stockholm/makefu/2configs/tools/desktop.nix>
<stockholm/makefu/2configs/tools/mobility.nix>
+ { environment.systemPackages = [ pkgs.esniper ]; }
# <stockholm/makefu/2configs/disable_v6.nix>
#<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix>
@@ -68,16 +36,17 @@ in {
# logs to influx
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf>
- <stockholm/makefu/2configs/stats/telegraf/europastats.nix>
+ # <stockholm/makefu/2configs/stats/telegraf/europastats.nix>
+ <stockholm/makefu/2configs/stats/telegraf/hamstats.nix>
<stockholm/makefu/2configs/stats/arafetch.nix>
# services
<stockholm/makefu/2configs/syncthing.nix>
- <stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/deployment/google-muell.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/bluetooth-mpd.nix>
+ <stockholm/makefu/2configs/deployment/homeautomation>
{
hardware.pulseaudio.systemWide = true;
makefu.mpd.musicDirectory = "/media/cryptX/music";
@@ -99,75 +68,10 @@ in {
# Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix>
- { # ncdc
- environment.systemPackages = [ pkgs.ncdc ];
- networking.firewall = {
- allowedUDPPorts = [ 51411 ];
- allowedTCPPorts = [ 51411 ];
- };
- }
- {
- systemd.services.firetv = {
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- User = "nobody";
- ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
- };
- };
- nixpkgs.config.permittedInsecurePackages = [
- "homeassistant-0.65.5"
- ];
- services.home-assistant = {
- config = {
- homeassistant = {
- name = "Home"; time_zone = "Europe/Berlin";
- latitude = "48.7687";
- longitude = "9.2478";
- };
- media_player = [
- { platform = "kodi";
- host = firetv;
- }
- { platform = "firetv";
- # assumes python-firetv running
- }
- ];
- sensor = [
- { platform = "luftdaten";
- name = "Ditzingen";
- sensorid = "663";
- monitored_conditions = [ "P1" "P2" ];
- }
- # https://www.home-assistant.io/cookbook/automation_for_rainy_days/
- { platform = "darksky";
- api_key = "c73619e6ea79e553a585be06aacf3679";
- language = "de";
- monitored_conditions = [ "summary" "icon"
- "nearest_storm_distance" "precip_probability"
- "precip_intensity"
- "temperature" # "temperature_high" "temperature_low"
- "hourly_summary"
- "uv_index" ];
- units = "si" ;
- update_interval = {
- days = 0;
- hours = 0;
- minutes = 10;
- seconds = 0;
- };
- }
- ];
- frontend = { };
- http = { };
- };
- enable = true;
- #configDir = "/var/lib/hass";
- };
- }
+
];
- makefu.full-populate = true;
- makefu.server.primary-itf = primaryInterface;
- krebs.rtorrent = {
+ makefu.full-populate = true;
+ krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) {
downloadDir = lib.mkForce "/media/cryptX/torrent";
extraConfig = ''
upload_rate = 200
@@ -178,18 +82,6 @@ in {
members = [ "makefu" "misa" ];
};
networking.firewall.trustedInterfaces = [ primaryInterface ];
- # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
- # tcp:80 - nginx for sharing files
- # tcp:655 udp:655 - tinc
- # tcp:8111 - graphite
- # tcp:8112 - pyload
- # tcp:9090 - sabnzbd
- # tcp:9200 - elasticsearch
- # tcp:5601 - kibana
- networking.firewall.allowedUDPPorts = [ 655 ];
- networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 8112 9200 9090 ];
-
- # services.openssh.allowSFTP = false;
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
services.sabnzbd.enable = true;
@@ -199,90 +91,11 @@ in {
enable = true;
servedir = "/media/cryptX/emu/ps3";
};
- # HDD Array stuff
- services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
- makefu.snapraid = {
- enable = true;
- # TODO: 3 is not protected
- disks = map toMapper [ 0 1 ];
- parity = toMapper 2;
- };
-
- # TODO create folders in /media
- system.activationScripts.createCryptFolders = ''
- ${lib.concatMapStringsSep "\n"
- (d: "install -m 755 -d " + (toMapper d) )
- [ 0 1 2 "X" ]}
- '';
- environment.systemPackages = with pkgs;[
- mergerfs # hard requirement for mount
- wol # wake up filepimp
- f3
- ];
- fileSystems = let
- cryptMount = name:
- { "/media/${name}" = {
- device = "/dev/mapper/${name}"; fsType = "xfs";
- options = [ "nofail" ];
- };};
- in cryptMount "crypt0"
- // cryptMount "crypt1"
- // cryptMount "crypt2"
- // cryptMount "crypt3"
- // { "/media/cryptX" = {
- device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]);
- fsType = "mergerfs";
- noCheck = true;
- options = [ "defaults" "allow_other" "nofail" "nonempty" ];
- };
- };
-
- powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
- ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
- ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
- ${pkgs.hdparm}/sbin/hdparm -y ${disk}
- '') allDisks);
-
- # crypto unlocking
- boot = {
- initrd.luks = {
- devices = let
- usbkey = name: device: {
- inherit name device keyFile;
- keyFileSize = 4096;
- allowDiscards = true;
- };
- in [
- (usbkey "luksroot" rootPartition)
- (usbkey "crypt0" cryptDisk0)
- (usbkey "crypt1" cryptDisk1)
- (usbkey "crypt2" cryptDisk2)
- (usbkey "crypt3" cryptDisk3)
- ];
- };
- loader.grub.device = lib.mkForce rootDisk;
-
- initrd.availableKernelModules = [
- "ahci"
- "ohci_pci"
- "ehci_pci"
- "pata_atiixp"
- "firewire_ohci"
- "usb_storage"
- "usbhid"
- ];
-
- kernelModules = [ "kvm-intel" ];
- extraModulePackages = [ ];
- };
users.users.misa = {
uid = 9002;
name = "misa";
};
- # hardware.enableAllFirmware = true;
- hardware.enableRedistributableFirmware = true;
- hardware.cpu.intel.updateMicrocode = true;
zramSwap.enable = true;
@@ -290,23 +103,23 @@ in {
nickname = "Reaktor|shack";
workdir = "/var/lib/Reaktor/shack";
channels = [ "#shackspace" ];
- plugins = with pkgs.ReaktorPlugins;[
- shack-correct
- # stockholm-issue
- sed-plugin
- random-emoji ];
+ plugins = with pkgs.ReaktorPlugins;
+ [ shack-correct
+ # stockholm-issue
+ sed-plugin
+ random-emoji ];
};
krebs.Reaktor.reaktor-bgt = {
nickname = "Reaktor|bgt";
workdir = "/var/lib/Reaktor/bgt";
channels = [ "#binaergewitter" ];
- plugins = with pkgs.ReaktorPlugins;[
- titlebot
- # stockholm-issue
- nixos-version
- shack-correct
- sed-plugin
- random-emoji ];
+ plugins = with pkgs.ReaktorPlugins;
+ [ titlebot
+ # stockholm-issue
+ nixos-version
+ shack-correct
+ sed-plugin
+ random-emoji ];
};
krebs.build.host = config.krebs.hosts.omo;
diff --git a/makefu/1systems/omo/hw/omo.nix b/makefu/1systems/omo/hw/omo.nix
new file mode 100644
index 000000000..1b618a486
--- /dev/null
+++ b/makefu/1systems/omo/hw/omo.nix
@@ -0,0 +1,117 @@
+{ config, pkgs, lib, ... }:
+let
+ toMapper = id: "/media/crypt${builtins.toString id}";
+ byid = dev: "/dev/disk/by-id/" + dev;
+ keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
+ rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904";
+ rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2";
+ primaryInterface = "enp2s0";
+ # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
+ # cryptsetup luksAddKey $dev tmpkey
+ # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
+ # mkfs.xfs /dev/mapper/crypt0 -L crypt0
+
+ # omo Chassis:
+ # __FRONT_
+ # |* d0 |
+ # | |
+ # |* d1 |
+ # | |
+ # |* d3 |
+ # | |
+ # |* |
+ # |* d2 |
+ # | * |
+ # | * |
+ # |_______|
+ # cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
+ cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV";
+ cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
+ cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
+ cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4";
+ # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
+ # all physical disks
+
+ # TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
+ dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ];
+ allDisks = [ rootDisk ] ++ dataDisks;
+in {
+ imports =
+ [ # TODO: unlock home partition via ssh
+ <stockholm/makefu/2configs/fs/sda-crypto-root.nix> ];
+ makefu.server.primary-itf = primaryInterface;
+ system.activationScripts.createCryptFolders = ''
+ ${lib.concatMapStringsSep "\n"
+ (d: "install -m 755 -d " + (toMapper d) )
+ [ 0 1 2 "X" ]}
+ '';
+
+ makefu.snapraid = {
+ enable = true;
+ # TODO: 3 is not protected
+ disks = map toMapper [ 0 1 ];
+ parity = toMapper 2;
+ };
+ fileSystems = let
+ cryptMount = name:
+ { "/media/${name}" = {
+ device = "/dev/mapper/${name}"; fsType = "xfs";
+ options = [ "nofail" ];
+ };};
+ in cryptMount "crypt0"
+ // cryptMount "crypt1"
+ // cryptMount "crypt2"
+ // cryptMount "crypt3"
+ // { "/media/cryptX" = {
+ device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]);
+ fsType = "mergerfs";
+ noCheck = true;
+ options = [ "defaults" "allow_other" "nofail" "nonempty" ];
+ };
+ };
+
+ powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
+ ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
+ ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
+ ${pkgs.hdparm}/sbin/hdparm -y ${disk}
+ '') allDisks);
+
+ # crypto unlocking
+ boot = {
+ initrd.luks = {
+ devices = let
+ usbkey = name: device: {
+ inherit name device keyFile;
+ keyFileSize = 4096;
+ allowDiscards = true;
+ };
+ in [
+ (usbkey "luksroot" rootPartition)
+ (usbkey "crypt0" cryptDisk0)
+ (usbkey "crypt1" cryptDisk1)
+ (usbkey "crypt2" cryptDisk2)
+ (usbkey "crypt3" cryptDisk3)
+ ];
+ };
+ loader.grub.device = lib.mkForce rootDisk;
+
+ initrd.availableKernelModules = [
+ "ahci"
+ "ohci_pci"
+ "ehci_pci"
+ "pata_atiixp"
+ "firewire_ohci"
+ "usb_storage"
+ "usbhid"
+ ];
+
+ kernelModules = [ "kvm-intel" ];
+ extraModulePackages = [ ];
+ };
+ environment.systemPackages = with pkgs;[
+ mergerfs # hard requirement for mount
+ ];
+ hardware.enableRedistributableFirmware = true;
+ hardware.cpu.intel.updateMicrocode = true;
+}
+
diff --git a/makefu/1systems/omo/hw/tsp-tools.nix b/makefu/1systems/omo/hw/tsp-tools.nix
new file mode 100644
index 000000000..6579edd9d
--- /dev/null
+++ b/makefu/1systems/omo/hw/tsp-tools.nix
@@ -0,0 +1,11 @@
+let
+ disko = import (builtins.fetchGit {
+ url = https://cgit.lassul.us/disko/;
+ rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe";
+ });
+
+ cfg = builtins.fromJSON (builtins.readFile ../../hardware/tsp-disk.json);
+in ''
+${disko.create cfg}
+${disko.mount cfg}
+''
diff --git a/makefu/1systems/omo/hw/tsp.nix b/makefu/1systems/omo/hw/tsp.nix
new file mode 100644
index 000000000..a289fadce
--- /dev/null
+++ b/makefu/1systems/omo/hw/tsp.nix
@@ -0,0 +1,41 @@
+{ pkgs, ... }:
+with builtins;
+let
+ disko = import (builtins.fetchGit {
+ url = https://cgit.lassul.us/disko/;
+ rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe";
+ });
+ cfg = fromJSON (readFile ../../hardware/tsp-disk.json);
+ # primaryInterface = "enp1s0";
+ primaryInterface = "wlp2s0";
+ rootDisk = "/dev/sda"; # TODO same as disko uses
+in {
+ imports = [
+ (disko.config cfg)
+ ];
+ makefu.server.primary-itf = primaryInterface;
+ boot = {
+ loader.grub.device = rootDisk;
+
+ initrd.availableKernelModules = [
+ "ahci"
+ "ohci_pci"
+ "ehci_pci"
+ "pata_atiixp"
+ "firewire_ohci"
+ "usb_storage"
+ "usbhid"
+ ];
+
+ kernelModules = [ "kvm-intel" ];
+ };
+ networking.wireless.enable = true;
+ hardware.enableRedistributableFirmware = true;
+ hardware.cpu.intel.updateMicrocode = true;
+ services.logind.lidSwitch = "ignore";
+ services.logind.lidSwitchDocked = "ignore";
+ services.logind.extraConfig = ''
+ HandleSuspendKey = ignore
+ '';
+ powerManagement.enable = false;
+}
diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix
index c2cd23d1e..2f289d500 100644
--- a/makefu/1systems/sdev/config.nix
+++ b/makefu/1systems/sdev/config.nix
@@ -6,13 +6,13 @@
[ # Include the results of the hardware scan.
<stockholm/makefu>
- # <stockholm/makefu/2configs/hw/vbox-guest.nix>
- { # until virtualbox-image is fixed
- imports = [
- <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
- ];
- boot.loader.grub.device = "/dev/sda";
- }
+ <stockholm/makefu/2configs/hw/vbox-guest.nix>
+ #{ # until virtualbox-image is fixed
+ # imports = [
+ # <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
+ # ];
+ # boot.loader.grub.device = lib.mkForce "/dev/sda";
+ #}
<stockholm/makefu/2configs/main-laptop.nix>
# <secrets/extra-hosts.nix>
diff --git a/makefu/1systems/shack-autoinstall/config.nix b/makefu/1systems/shack-autoinstall/config.nix
new file mode 100644
index 000000000..d53c411c0
--- /dev/null
+++ b/makefu/1systems/shack-autoinstall/config.nix
@@ -0,0 +1,49 @@
+{ config, pkgs, lib, ... }:
+
+with import <stockholm/lib>;
+let
+ disk = "/dev/sda";
+in {
+ imports = [
+ <stockholm/makefu>
+ <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
+ <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+ <stockholm/makefu/2configs/tools/core.nix>
+ ];
+ # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
+ # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
+ krebs.build.host = config.krebs.hosts.iso;
+ krebs.hidden-ssh.enable = true;
+
+ environment.extraInit = ''
+ EDITOR=vim
+ '';
+ # iso-specific
+ boot.kernelParams = [ "copytoram" ];
+
+
+ environment.systemPackages = [
+ pkgs.parted
+ ( pkgs.writeScriptBin "shack-install" ''
+ #! /bin/sh
+ echo "go ahead and try NIX_PATH=/root/.nix-defexpr/channels/ nixos-install"
+ '')
+ ];
+
+ systemd.services.wpa_supplicant.wantedBy = lib.mkForce [ "multi-user.target" ];
+
+ networking.wireless = {
+ enable = true;
+ networks.shack.psk = "welcome2shack";
+ };
+
+
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+ # enable ssh in the iso boot process
+ systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
+}
diff --git a/makefu/1systems/shack-autoinstall/grub-partition.sh b/makefu/1systems/shack-autoinstall/grub-partition.sh
new file mode 100644
index 000000000..c23c89799
--- /dev/null
+++ b/makefu/1systems/shack-autoinstall/grub-partition.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+set -euf
+parted -s ${disk} mklabel msdos
+parted -s ${disk} -- mkpart primary linux-swap 1M 4096M
+parted -s ${disk} -- mkpart primary ext2 4096M 100%
diff --git a/makefu/1systems/shack-autoinstall/shack-config.nix b/makefu/1systems/shack-autoinstall/shack-config.nix
new file mode 100644
index 000000000..9fa54ae32
--- /dev/null
+++ b/makefu/1systems/shack-autoinstall/shack-config.nix
@@ -0,0 +1,231 @@
+{ config, pkgs, lib, ... }:
+
+{
+ imports = [
+ ./hardware-configuration.nix
+ # TODO:
+ ];
+
+ # shacks-specific
+ networking.wireless = {
+ enable = true;
+ networks.shack.psk = "181471eb97eb23f12c6871227bc4a7b13c8f6af56dcc0d0e8b71f4d7a510cb4e";
+ };
+ networking.hostName = "shackbook";
+
+ boot.tmpOnTmpfs = true;
+
+ users.users.shack = {
+ createHome = true;
+ useDefaultShell = true;
+ home = "/home/shack";
+ uid = 9001;
+ packages = with pkgs;[
+ chromium
+ firefox
+ ];
+ extraGroups = [ "audio" "wheel" ];
+ hashedPassword = "$6$KIxlQTLEnKl7cwC$LrmbwZ64Mlm7zqUUZ0EObPJMES3C0mQ6Sw7ynTuXzUo7d9EWg/k5XCGkDHMFvL/Pz19Awcv0knHB1j3dHT6fh/" ;
+ };
+
+ environment.variables = let
+ ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ in {
+ EDITOR = lib.mkForce "vim";
+ CURL_CA_BUNDLE = ca-bundle;
+ GIT_SSL_CAINFO = ca-bundle;
+ SSL_CERT_FILE = ca-bundle;
+ };
+
+ services.printing = {
+ enable = true;
+ # TODO: shack-printer
+ };
+
+
+ environment.systemPackages = with pkgs;[
+ parted
+ ddrescue
+ tmux
+ jq git gnumake htop rxvt_unicode.terminfo
+ (pkgs.vim_configurable.customize {
+ name = "vim";
+ vimrcConfig.customRC = ''
+ set nocompatible
+ syntax on
+ set list
+ set listchars=tab:▸\
+ "set list listchars=tab:>-,trail:.,extends:>
+
+ filetype off
+ filetype plugin indent on
+
+ colorscheme darkblue
+ set background=dark
+
+ set number
+ set relativenumber
+ set mouse=a
+ set ignorecase
+ set incsearch
+ set wildignore=*.o,*.obj,*.bak,*.exe,*.os
+ set textwidth=79
+ set shiftwidth=2
+ set expandtab
+ set softtabstop=2
+ set shiftround
+ set smarttab
+ set tabstop=2
+ set et
+ set autoindent
+ set backspace=indent,eol,start
+
+
+ inoremap <F1> <ESC>
+ nnoremap <F1> <ESC>
+ vnoremap <F1> <ESC>
+
+ nnoremap <F5> :UndotreeToggle<CR>
+ set undodir =~/.vim/undo
+ set undofile
+ "maximum number of changes that can be undone
+ set undolevels=1000000
+ "maximum number lines to save for undo on a buffer reload
+ set undoreload=10000000
+
+ nnoremap <F2> :set invpaste paste?<CR>
+ set pastetoggle=<F2>
+ set showmode
+
+ set showmatch
+ set matchtime=3
+ set hlsearch
+
+ autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red
+
+
+ " save on focus lost
+ au FocusLost * :wa
+
+ autocmd BufRead *.json set filetype=json
+ au BufNewFile,BufRead *.mustache set syntax=mustache
+
+ cnoremap SudoWrite w !sudo tee > /dev/null %
+
+ " create Backup/tmp/undo dirs
+ set backupdir=~/.vim/backup
+ set directory=~/.vim/tmp
+
+ function! InitBackupDir()
+ let l:parent = $HOME . '/.vim/'
+ let l:backup = l:parent . 'backup/'
+ let l:tmpdir = l:parent . 'tmp/'
+ let l:undodir= l:parent . 'undo/'
+
+
+ if !isdirectory(l:parent)
+ call mkdir(l:parent)
+ endif
+ if !isdirectory(l:backup)
+ call mkdir(l:backup)
+ endif
+ if !isdirectory(l:tmpdir)
+ call mkdir(l:tmpdir)
+ endif
+ if !isdirectory(l:undodir)
+ call mkdir(l:undodir)
+ endif
+ endfunction
+ call InitBackupDir()
+
+ augroup Binary
+ " edit binaries in xxd-output, xxd is part of vim
+ au!
+ au BufReadPre *.bin let &bin=1
+ au BufReadPost *.bin if &bin | %!xxd
+ au BufReadPost *.bin set ft=xxd | endif
+ au BufWritePre *.bin if &bin | %!xxd -r
+ au BufWritePre *.bin endif
+ au BufWritePost *.bin if &bin | %!xxd
+ au BufWritePost *.bin set nomod | endif
+ augroup END
+ '';
+ vimrcConfig.vam.knownPlugins = pkgs.vimPlugins;
+ vimrcConfig.vam.pluginDictionaries = [
+ { names = [ "undotree" ]; }
+ # vim-nix handles indentation better but does not perform sanity
+ { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
+ ];
+ })
+
+ ];
+ programs.bash = {
+ enableCompletion = true;
+ interactiveShellInit = ''
+ HISTCONTROL='erasedups:ignorespace'
+ HISTSIZE=900001
+ HISTFILESIZE=$HISTSIZE
+ shopt -s checkhash
+ shopt -s histappend histreedit histverify
+ shopt -s no_empty_cmd_completion
+ PS1='\[\e[1;32m\]\w\[\e[0m\] '
+ '';
+ };
+
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+ nix = {
+ package = pkgs.nixUnstable;
+ optimise.automatic = true;
+ useSandbox = true;
+ gc.automatic = true;
+ };
+
+ system.autoUpgrade.enable = true;
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.device = "/dev/sda";
+ fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
+
+
+ # gui and stuff
+ i18n = {
+ consoleFont = "Lat2-Terminus16";
+ consoleKeyMap = "us";
+ defaultLocale = "en_US.UTF-8";
+ };
+
+ fonts = {
+ enableFontDir = true;
+ enableGhostscriptFonts = true;
+ fonts = [ pkgs.terminus_font ];
+ };
+
+ time.timeZone = "Europe/Berlin";
+ services.timesyncd.enable = true;
+
+
+ # GUI
+ hardware.pulseaudio.enable = true;
+ services.xserver = {
+ enable = true;
+ displayManager.auto.enable = true;
+ displayManager.auto.user = "shack";
+
+ desktopManager.xfce.enable = true;
+
+ layout = "us";
+ xkbVariant = "altgr-intl";
+ xkbOptions = "ctrl:nocaps, eurosign:e";
+ };
+
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+}
diff --git a/makefu/1systems/shack-autoinstall/uefi-partition.sh b/makefu/1systems/shack-autoinstall/uefi-partition.sh
new file mode 100644
index 000000000..4566b7dce
--- /dev/null
+++ b/makefu/1systems/shack-autoinstall/uefi-partition.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+set -euf
+p(){
+ parted -s ${disk} -- $@
+}
+p mklabel gpt
+p mkpart primary fat32 1M 551M
+p set 1 boot on
+p mkpart primary linux-swap 51M 4647M
+p mkpart primary ext2 4647M 100%
+udevadm settle
+mkfs.fat -nboot -F32 /dev/sda1
+
+udevadm settle
+mkswap ${disk}2 -L swap
+swapon -L swap
+mkfs.ext4 -L nixos ${disk}3
+mount LABEL=nixos /mnt
+mkdir /mnt/boot
+mount LABEL=boot /mnt/boot
+
+mkdir -p /mnt/etc/nixos
+cp ${./shack-config.nix} /mnt/etc/nixos/configuration.nix
+nixos-generate-config --root /mnt
diff --git a/makefu/1systems/tsp/config.nix b/makefu/1systems/tsp/config.nix
index 680fa2cbc..2921e2bcf 100644
--- a/makefu/1systems/tsp/config.nix
+++ b/makefu/1systems/tsp/config.nix
@@ -8,57 +8,32 @@
[ # Include the results of the hardware scan.
<stockholm/makefu>
<stockholm/makefu/2configs/main-laptop.nix>
- <stockholm/makefu/2configs/tools/all.nix>
- <stockholm/makefu/2configs/fs/sda-crypto-root.nix>
+ # <stockholm/makefu/2configs/tools/all.nix>
+ <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
# hardware specifics are in here
# imports tp-x2x0.nix
- # <stockholm/makefu/2configs/hw/tp-x200.nix>
+ <stockholm/makefu/2configs/hw/tp-x230.nix>
+ <stockholm/makefu/2configs/hw/bluetooth.nix>
+ <stockholm/makefu/2configs/hw/network-manager.nix>
# <stockholm/makefu/2configs/rad1o.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
+
+ <stockholm/makefu/2configs/sshd-totp.nix>
+ {
+ programs.adb.enable = true;
+ }
];
- # not working in vm
krebs.build.host = config.krebs.hosts.tsp;
- boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
- boot.loader.grub.copyKernels = true;
+ boot.loader.grub.device = "/dev/sda";
networking.firewall.allowedTCPPorts = [
25
];
- # acer aspire
- networking.wireless.enable = lib.mkDefault true;
-
- services.xserver.synaptics.enable = true;
-
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
-
- hardware.cpu.intel.updateMicrocode = true;
-
- zramSwap.enable = true;
- zramSwap.numDevices = 2;
-
- services.tlp.enable = true;
- services.tlp.extraConfig = ''
- # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
- START_CHARGE_THRESH_BAT0=67
- STOP_CHARGE_THRESH_BAT0=100
-
-
- CPU_SCALING_GOVERNOR_ON_AC=performance
- CPU_SCALING_GOVERNOR_ON_BAT=ondemand
- CPU_MIN_PERF_ON_AC=0
- CPU_MAX_PERF_ON_AC=100
- CPU_MIN_PERF_ON_BAT=0
- CPU_MAX_PERF_ON_BAT=30
- '';
-
- powerManagement.resumeCommands = ''
- ${pkgs.rfkill}/bin/rfkill unblock all
- '';
-
}
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 54a16a931..66d904512 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -1,14 +1,16 @@
#
#
#
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-
+{ config, pkgs, lib, ... }:
{
imports =
[ # base
<stockholm/makefu>
<stockholm/makefu/2configs/nur.nix>
+ <stockholm/makefu/2configs/home-manager>
+ <stockholm/makefu/2configs/home-manager/desktop.nix>
+ <stockholm/makefu/2configs/home-manager/cli.nix>
+ <stockholm/makefu/2configs/home-manager/mail.nix>
<stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
@@ -43,6 +45,7 @@ with import <stockholm/lib>;
<stockholm/makefu/2configs/mail-client.nix>
<stockholm/makefu/2configs/printer.nix>
<stockholm/makefu/2configs/task-client.nix>
+ # <stockholm/makefu/2configs/syncthing.nix>
# Virtualization
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
@@ -149,4 +152,6 @@ with import <stockholm/lib>;
"/home/makefu/backup/borgun"
"/home/makefu/.mail/"
];
+ services.syncthing.user = lib.mkForce "makefu";
+ services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
}
diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix
index 75af3255b..050fd39f7 100644
--- a/makefu/1systems/x/source.nix
+++ b/makefu/1systems/x/source.nix
@@ -6,5 +6,6 @@
unstable = true;
mic92 = true;
clever_kexec = true;
+ home-manager = true;
# torrent = true;
}
diff --git a/makefu/2configs/dcpp/client.nix b/makefu/2configs/dcpp/client.nix
new file mode 100644
index 000000000..3b27778e5
--- /dev/null
+++ b/makefu/2configs/dcpp/client.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+{ # ncdc
+ environment.systemPackages = [ pkgs.ncdc ];
+ networking.firewall = {
+ allowedUDPPorts = [ 51411 ];
+ allowedTCPPorts = [ 51411 ];
+ };
+}
+
diff --git a/makefu/2configs/hub.nix b/makefu/2configs/dcpp/hub.nix
similarity index 77%
rename from makefu/2configs/hub.nix
rename to makefu/2configs/dcpp/hub.nix
index a121157d4..92977b4c8 100644
--- a/makefu/2configs/hub.nix
+++ b/makefu/2configs/dcpp/hub.nix
@@ -30,6 +30,7 @@ let
'') dict)}
'';
+ uhubDir = "/var/lib/uhub";
in {
users.extraUsers = singleton {
@@ -65,22 +66,31 @@ in {
PrivateTmp = true;
PermissionsStartOnly = true;
ExecStartPre = pkgs.writeDash "uhub-pre" ''
- cp ${toString <secrets/wildcard.krebsco.de.crt>} /tmp/uhub.crt
- cp ${toString <secrets/wildcard.krebsco.de.key>} /tmp/uhub.key
- cp ${toString <secrets/uhub.sql>} /tmp/uhub.sql
- chown uhub /tmp/*
+ cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt
+ cp -f ${toString <secrets/wildcard.krebsco.de.key>} ${uhubDir}/uhub.key
+ if test -d ${uhubDir};then
+ echo "Directory ${uhubDir} already exists, skipping db init"
+ else
+ echo "Copying sql user db"
+ cp ${toString <secrets/uhub.sql>} ${uhubDir}/uhub.sql
+ fi
+ chown -R uhub ${uhubDir}
'';
};
+ users.users.uhub = {
+ home = uhubDir;
+ createHome = true;
+ };
services.uhub = {
enable = true;
port = 1511;
enableTLS = true;
hubConfig = ''
hub_name = "krebshub"
- tls_certificate = /tmp/uhub.crt
- tls_private_key = /tmp/uhub.key
- registered_users_only = true
+ tls_certificate = ${uhubDir}/uhub.crt
+ tls_private_key = ${uhubDir}/uhub.key
+ registered_users_only = true
'';
plugins = {
welcome = {
@@ -93,7 +103,7 @@ in {
};
authSqlite = {
enable = true;
- file = "/tmp/uhub.sql";
+ file = "${uhubDir}/uhub.sql";
};
};
diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix
index d5793f886..4605e8933 100644
--- a/makefu/2configs/deployment/bureautomation/hass.nix
+++ b/makefu/2configs/deployment/bureautomation/hass.nix
@@ -1,48 +1,43 @@
{ pkgs, lib, ... }:
let
- tasmota_plug = name: topic: {
- platform = "mqtt";
- inherit name;
- state_topic = "/bam/${topic}/stat/POWER";
- command_topic = "/bam/${topic}/cmnd/POWER";
- availability_topic = "/bam/${topic}/tele/LWT";
- qos = 1;
- payload_on= "ON";
- payload_off= "OFF";
- payload_available= "Online";
- payload_not_available= "Offline";
- retain= false;
- };
+ tasmota_plug = name: topic:
+ { platform = "mqtt";
+ inherit name;
+ state_topic = "/bam/${topic}/stat/POWER1";
+ command_topic = "/bam/${topic}/cmnd/POWER1";
+ availability_topic = "/bam/${topic}/tele/LWT";
+ payload_on= "ON";
+ payload_off= "OFF";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ };
espeasy_dht22 = name: [
- {
- platform = "mqtt";
- device_class = "temperature";
- state_topic = "/bam/${name}/dht22/Temperature";
- availability_topic = "/bam/${name}/status/LWT";
- payload_available = "Connected";
- payload_not_available = "Connection Lost";
- }
- {
- platform = "mqtt";
- device_class = "humidity";
- state_topic = "/bam/${name}/dht22/Temperature";
- unit_of_measurement = "C";
- availability_topic = "/bam/${name}/status/LWT";
- payload_available = "Connected";
- payload_not_available = "Connection Lost";
- }];
- espeasy_ds18 = name: [
- {
- platform = "mqtt";
- device_class = "temperature";
- state_topic = "/bam/${name}/ds18/Temperature";
- availability_topic = "/bam/${name}/status/LWT";
- payload_available = "Connected";
- payload_not_available = "Connection Lost";
- }
- ];
+ { platform = "mqtt";
+ name = "${name} DHT22 Temperature";
+ device_class = "temperature";
+ state_topic = "/bam/${name}/dht22/Temperature";
+ availability_topic = "/bam/${name}/tele/LWT";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ }
+ { platform = "mqtt";
+ device_class = "humidity";
+ name = "${name} DHT22 Humidity";
+ state_topic = "/bam/${name}/dht22/Humidity";
+ availability_topic = "/bam/${name}/tele/LWT";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ }];
+ espeasy_ds18 = name:
+ { platform = "mqtt";
+ name = "${name} DS18 Temperature";
+ state_topic = "/bam/${name}/ds18/Temperature";
+ availability_topic = "/bam/${name}/tele/LWT";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ };
in {
-
+ networking.firewall.allowedTCPPorts = [ 8123 ];
nixpkgs.config.permittedInsecurePackages = [
"homeassistant-0.65.5"
];
@@ -81,18 +76,19 @@ in {
(tasmota_plug "Pluggy" "plug4")
];
binary_sensor = [
- { # esp_easy
- platform = "mqtt";
+ { platform = "mqtt";
device_class = "motion";
+ name = "Motion";
state_topic = "/bam/easy2/movement/Switch";
payload_on = "1";
payload_off = "0";
- availability_topic = "/bam/easy2/status/LWT";
- payload_available = "Connected";
- payload_not_available = "Connection Lost";
+ availability_topic = "/bam/easy2/tele/LWT";
+ payload_available = "Online";
+ payload_not_available = "Offline";
}
];
sensor =
+ (espeasy_dht22 "easy1") ++
(espeasy_dht22 "easy2") ++
[ (espeasy_ds18 "easy3" )
{ platform = "luftdaten";
diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix
index f23789ee5..235cc1546 100644
--- a/makefu/2configs/deployment/google-muell.nix
+++ b/makefu/2configs/deployment/google-muell.nix
@@ -5,7 +5,10 @@ let
home = "/var/lib/ampel";
sec = "${toString <secrets>}/google-muell.json";
ampelsec = "${home}/google-muell.json";
- esp = "192.168.1.23";
+ cred = "${toString <secrets>}/google-muell-creds.json";
+ # TODO: generate this credential file locally
+ ampelcred = "${home}/google-muell-creds.json";
+ esp = "192.168.8.204";
sleepval = "1800";
in {
users.users.ampel = {
@@ -21,10 +24,10 @@ in {
serviceConfig = {
User = "ampel";
ExecStartPre = pkgs.writeDash "copy-ampel-secrets" ''
- cp ${sec} ${ampelsec}
- chown ampel ${ampelsec}
+ install -m600 -o ampel ${sec} ${ampelsec}
+ install -m600 -o ampel ${cred} ${ampelcred}
'';
- ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}";
+ ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}";
PermissionsStartOnly = true;
Restart = "always";
RestartSec = 10;
diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix
new file mode 100644
index 000000000..f2a3b36e2
--- /dev/null
+++ b/makefu/2configs/deployment/homeautomation/default.nix
@@ -0,0 +1,141 @@
+{ pkgs, config, ... }:
+
+# Ideas:
+## wake-on-lan server
+##
+let
+ firetv = "192.168.1.238";
+ tasmota_plug = name: topic:
+ { platform = "mqtt";
+ inherit name;
+ state_topic = "/ham/${topic}/stat/POWER1";
+ command_topic = "/ham/${topic}/cmnd/POWER1";
+ availability_topic = "/ham/${topic}/tele/LWT";
+ payload_on= "ON";
+ payload_off= "OFF";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ };
+ tasmota_bme = name: topic:
+ [ { platform = "mqtt";
+ name = "${name} Temperatur";
+ state_topic = "/ham/${topic}/tele/SENSOR";
+ value_template = "{{ value_json.BME280.Temperature }}";
+ unit_of_measurement = "°C";
+ }
+ { platform = "mqtt";
+ name = "${name} Luftfeuchtigkeit";
+ state_topic = "/ham/${topic}/tele/SENSOR";
+ value_template = "{{ value_json.BME280.Humidity }}";
+ unit_of_measurement = "%";
+ }
+ { platform = "mqtt";
+ name = "${name} Luftdruck";
+ state_topic = "/ham/${topic}/tele/SENSOR";
+ value_template = "{{ value_json.BME280.Pressure }}";
+ unit_of_measurement = "hPa";
+ }
+ ];
+in {
+ imports = [
+ ./mqtt.nix
+ ];
+ systemd.services.firetv = {
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = "nobody";
+ ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
+ };
+ };
+ nixpkgs.config.permittedInsecurePackages = [
+ "homeassistant-0.65.5"
+ ];
+ services.home-assistant = {
+ config = {
+ homeassistant = {
+ name = "Home"; time_zone = "Europe/Berlin";
+ latitude = "48.7687";
+ longitude = "9.2478";
+ elevation = 247;
+ };
+ discovery = {};
+ conversation = {};
+ history = {};
+ logbook = {};
+ tts = [
+ { platform = "google";}
+ ];
+ sun.elevation = 247;
+ recorder = {};
+ media_player = [
+ { platform = "kodi";
+ host = firetv;
+ }
+ { platform = "firetv";
+ # assumes python-firetv running
+ }
+ ];
+ mqtt = {
+ broker = "localhost";
+ port = 1883;
+ client_id = "home-assistant";
+ username = "hass";
+ password = builtins.readFile <secrets/mqtt/hass>;
+ keepalive = 60;
+ protocol = 3.1;
+ birth_message = {
+ topic = "/ham/hass/tele/LWT";
+ payload = "Online";
+ qos = 1;
+ retain = true;
+ };
+ will_message = {
+ topic = "/ham/hass/tele/LWT";
+ payload = "Offline";
+ qos = 1;
+ retain = true;
+ };
+ };
+ sensor = [
+ { platform = "speedtest";
+ monitored_conditions = [ "ping" "download" "upload" ];
+ }
+ { platform = "luftdaten";
+ name = "Ditzingen";
+ sensorid = "663";
+ monitored_conditions = [ "P1" "P2" ];
+ }
+ # https://www.home-assistant.io/cookbook/automation_for_rainy_days/
+ { platform = "darksky";
+ api_key = "c73619e6ea79e553a585be06aacf3679";
+ language = "de";
+ monitored_conditions = [ "summary" "icon"
+ "nearest_storm_distance" "precip_probability"
+ "precip_intensity"
+ "temperature" # "temperature_high" "temperature_low"
+ "hourly_summary"
+ "uv_index" ];
+ units = "si" ;
+ update_interval = {
+ days = 0;
+ hours = 0;
+ minutes = 10;
+ seconds = 0;
+ };
+ }
+ ] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer");
+ frontend = { };
+ #group = [
+ # { default_view = { view = "yes"; entities = [
+ # "sensor.luftdaten"
+ # ]}
+ #];
+ http = { };
+ switch = [
+ (tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer")
+ ];
+ };
+ enable = true;
+ #configDir = "/var/lib/hass";
+ };
+}
diff --git a/makefu/2configs/deployment/homeautomation/mqtt.nix b/makefu/2configs/deployment/homeautomation/mqtt.nix
new file mode 100644
index 000000000..cd1c328d7
--- /dev/null
+++ b/makefu/2configs/deployment/homeautomation/mqtt.nix
@@ -0,0 +1,24 @@
+{ pkgs, config, ... }:
+{
+ services.mosquitto = {
+ enable = true;
+ host = "0.0.0.0";
+ allowAnonymous = false;
+ checkPasswords = true;
+ # see <host>/mosquitto
+ users.sensor = {
+ hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg==";
+ acl = [ "topic readwrite #" ];
+ };
+ users.hass = {
+ hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA==";
+ acl = [ "topic readwrite #" ];
+ };
+ users.stats = {
+ hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA==";
+ acl = [ "topic read #" ];
+ };
+ };
+ environment.systemPackages = [ pkgs.mosquitto ];
+ # port open via trusted interface
+}
diff --git a/makefu/2configs/fs/single-partition-ext4.nix b/makefu/2configs/fs/single-partition-ext4.nix
index 1970c949f..1655556a5 100644
--- a/makefu/2configs/fs/single-partition-ext4.nix
+++ b/makefu/2configs/fs/single-partition-ext4.nix
@@ -1,5 +1,7 @@
{config, ...}:
{
+ # fdisk /dev/sda
+ # mkfs.ext4 -L nixos /dev/sda1
boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true;
boot.loader.grub.version = 2;
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 61182f6c3..1a7f3d987 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -31,6 +31,7 @@ let
ampel = { };
europastats = { };
arafetch = { };
+ disko = { };
init-stockholm = {
cgit.desc = "Init stuff for stockholm";
};
diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix
new file mode 100644
index 000000000..1efc4d2bf
--- /dev/null
+++ b/makefu/2configs/home-manager/cli.nix
@@ -0,0 +1,12 @@
+{
+ home-manager.users.makefu = {
+ services.gpg-agent = {
+ defaultCacheTtl = 900;
+ maxCacheTtl = 7200;
+ defaultCacheTtlSsh = 3600;
+ maxCacheTtlSsh = 86400;
+ enableSshSupport = true;
+ };
+ programs.fzf.enable = true; # alt-c
+ };
+}
diff --git a/makefu/2configs/home-manager/default.nix b/makefu/2configs/home-manager/default.nix
new file mode 100644
index 000000000..e75ee6262
--- /dev/null
+++ b/makefu/2configs/home-manager/default.nix
@@ -0,0 +1,7 @@
+{
+ imports = [
+ <home-manager/nixos>
+ ];
+ home-manager.users.makefu = {
+ };
+}
diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix
new file mode 100644
index 000000000..c2f854d47
--- /dev/null
+++ b/makefu/2configs/home-manager/desktop.nix
@@ -0,0 +1,31 @@
+{pkgs, ... }: {
+ home-manager.users.makefu = {
+ programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
+ services.network-manager-applet.enable = true;
+ services.blueman-applet.enable = true;
+ services.pasystray.enable = true;
+
+ systemd.user.services.network-manager-applet.Service.Environment = ''
+ XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
+ '';
+ systemd.user.services.clipit = {
+ Unit = {
+ Description = "clipboard manager";
+ After = [ "graphical-session-pre.target" ];
+ PartOf = [ "graphical-session.target" ];
+ };
+
+ Install = {
+ WantedBy = [ "graphical-session.target" ];
+ };
+
+ Service = {
+ Environment = ''
+ XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
+ '';
+ ExecStart = "${pkgs.clipit}/bin/clipit";
+ Restart = "on-abort";
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/home-manager/mail.nix b/makefu/2configs/home-manager/mail.nix
new file mode 100644
index 000000000..ce7ae4f4d
--- /dev/null
+++ b/makefu/2configs/home-manager/mail.nix
@@ -0,0 +1,46 @@
+{
+ home-manager.users.makefu = {
+ accounts.email.accounts.syntaxfehler = {
+ address = "felix.richter@syntax-fehler.de";
+ userName = "Felix.Richter@syntax-fehler.de";
+ imap = {
+ host = "syntax-fehler.de";
+ tls = {
+ enable = true;
+ };
+ };
+ smtp = {
+ host = "syntax-fehler.de";
+ tls = {
+ enable = true;
+ };
+ };
+ msmtp.enable = true;
+ notmuch.enable = true;
+ offlineimap = {
+ enable = true;
+ postSyncHookCommand = "notmuch new";
+ extraConfig.remote = {
+ holdconnectionopen = true;
+ idlefolders = "['INBOX']";
+ };
+ };
+ primary = true;
+ realName = "Felix Richter";
+ passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg";
+ };
+ programs.offlineimap.enable = true;
+ programs.offlineimap.extraConfig = {
+ mbnames = {
+ filename = "~/.mutt/muttrc.mailboxes";
+ header = "'mailboxes '";
+ peritem = "'+%(accountname)s/%(foldername)s'";
+ sep = "' '";
+ footer = "'\\n'";
+ };
+ general = {
+ ui = "TTY.TTYUI";
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix
index 85c3190ff..313ca0147 100644
--- a/makefu/2configs/hw/bluetooth.nix
+++ b/makefu/2configs/hw/bluetooth.nix
@@ -29,11 +29,14 @@
# presumably a2dp Sink
# Enable profile:
## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink
- hardware.bluetooth.extraConfig = '';
- [general]
- Enable=Source,Sink,Media,Socket
- '';
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
- hardware.bluetooth.enable = true;
+ hardware.bluetooth = {
+ enable = true;
+ powerOnBoot = false;
+ extraConfig = ''
+ [general]
+ Enable=Source,Sink,Media,Socket
+ '';
+ };
}
diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix
new file mode 100644
index 000000000..f079d7f41
--- /dev/null
+++ b/makefu/2configs/mail/mail.euer.nix
@@ -0,0 +1,47 @@
+{ config, pkgs, ... }:
+{
+ imports = [
+ (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.1.4/nixos-mailserver-v2.1.4.tar.gz")
+ ];
+
+ mailserver = {
+ enable = true;
+ fqdn = "euer.eloop.org";
+ domains = [ "euer.eloop.org" ];
+ loginAccounts = {
+ "makefu@euer.eloop.org" = {
+ hashedPassword = "$6$5gFFAPnI/c/EHIx$3aHj64p5SX./C.MPb.eBmyLDRdWS1yaoV0s9r3Yexw4UO9URdUkBDgqT7F0Mjgt6.gyYaJ5E50h0Yg7iHtLWI/";
+ aliases = [ "root@euer.eloop.org" ];
+ catchAll = [ "euer.eloop.org" ];
+
+ };
+ };
+ certificateScheme = 3;
+
+ # Enable IMAP and POP3
+ enableImap = true;
+ enablePop3 = false;
+ enableImapSsl = true;
+ enablePop3Ssl = false;
+
+ # Enable the ManageSieve protocol
+ enableManageSieve = true;
+
+ virusScanning = false;
+
+ };
+
+ services.dovecot2.extraConfig = ''
+ ssl_dh = </var/lib/dhparams/dovecot.pem
+ '';
+ # workaround for DH creation
+ # security.dhparams = {
+ # enable = true;
+ # params = {
+ # dovecot = 2048;
+ # };
+ # };
+ # systemd.services.dovecot2.requires = [ "dhparams-gen-dovecot.service" ];
+ # systemd.services.dovecot2.after = [ "dhparams-gen-dovecot.service" ];
+}
+
diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix
index 39c9fdfdd..c56521812 100644
--- a/makefu/2configs/mqtt.nix
+++ b/makefu/2configs/mqtt.nix
@@ -4,6 +4,7 @@
enable = true;
host = "0.0.0.0";
users = {};
+ # TODO: secure that shit
allowAnonymous = true;
};
}
diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix
index c5a7e68af..765fef535 100644
--- a/makefu/2configs/nginx/euer.mon.nix
+++ b/makefu/2configs/nginx/euer.mon.nix
@@ -10,7 +10,12 @@ let
in {
services.nginx = {
enable = mkDefault true;
- virtualHosts."mon.euer.krebsco.de" = {
+ virtualHosts."mon.euer.krebsco.de" = let
+ # flesh_wrap
+ authFile = pkgs.writeText "influx.conf" ''
+ user:$apr1$ZG9oQCum$FhtIe/cl3jf8Sa4zq/BWd1
+ '';
+ in {
forceSSL = true;
enableACME = true;
locations."/" = {
@@ -21,6 +26,17 @@ in {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
+ locations."/influxdb/" = {
+ proxyPass = "http://wbob.r:8086/";
+ extraConfig = ''
+ auth_basic "Needs Autherization to visit";
+ auth_basic_user_file ${authFile};
+ proxy_http_version 1.1;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_redirect off;
+ '';
+ };
};
};
}
diff --git a/makefu/2configs/nginx/iso.euer.nix b/makefu/2configs/nginx/iso.euer.nix
new file mode 100644
index 000000000..701609d4b
--- /dev/null
+++ b/makefu/2configs/nginx/iso.euer.nix
@@ -0,0 +1,43 @@
+{ config, pkgs, ... }:
+let
+ system = builtins.currentSystem; #we can also build for other platforms
+ iso = (import <nixpkgs/nixos/lib/eval-config.nix>
+ { inherit system;
+ modules = [ ../../1systems/iso/config.nix ]; }
+
+ );
+ image = iso.config.system.build.isoImage;
+ name = iso.config.isoImage.isoName;
+
+ drivedroid-cfg = builtins.toJSON [{
+ id = "stockholm";
+ imageUrl = http://krebsco.de/krebs-v2.png;
+ name = "stockholm";
+ tags = [ "hybrid" ];
+ url = http://krebsco.de;
+ releases = [
+ { version = iso.config.system.nixos.label;
+ url = "/stockholm.iso";
+ arch = system; }
+ ];
+ # size = TODO;
+ }];
+ web = pkgs.linkFarm "web" [{
+ name = "drivedroid.json";
+ path = pkgs.writeText "drivedroid.json" drivedroid-cfg; }
+ { name = "stockholm.iso";
+ path = "${image}/iso/${name}"; }
+ ];
+in
+{
+ services.nginx = {
+ virtualHosts = {
+ "iso.euer.krebsco.de" = {
+ enableACME = true;
+ forceSSL = true;
+ root = web;
+ locations."/".index = "drivedroid.json";
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix
index d0881a934..752612342 100644
--- a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix
+++ b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix
@@ -3,7 +3,7 @@
services.nginx = {
enable = lib.mkDefault true;
virtualHosts."misa-felix-hochzeit.ml" = {
- serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ];
+ serverAliases = [ "misa-felix.ml" "www.misa-felix.ml" ];
forceSSL = true;
enableACME = true;
locations = {
diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix
index b6e000a34..89121ffd6 100644
--- a/makefu/2configs/remote-build/slave.nix
+++ b/makefu/2configs/remote-build/slave.nix
@@ -1,11 +1,10 @@
-{
+{config,...}:{
nix.trustedUsers = [ "nixBuild" ];
users.users.nixBuild = {
name = "nixBuild";
useDefaultShell = true;
- # TODO: put this somewhere else
openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild"
+ config.krebs.users.buildbotSlave.pubkey
];
};
}
diff --git a/makefu/2configs/retroshare.nix b/makefu/2configs/retroshare.nix
new file mode 100644
index 000000000..4d2fc6af9
--- /dev/null
+++ b/makefu/2configs/retroshare.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+let
+ port = 9024;
+in {
+ users.users.makefu.packages = [
+ pkgs.retroshare
+ ];
+ networking.firewall.allowedTCPPorts = [ port ];
+ networking.firewall.allowedUDPPorts = [ port ];
+}
diff --git a/makefu/2configs/share/gum-client.nix b/makefu/2configs/share/gum-client.nix
index be9ab026b..db2adfb1c 100644
--- a/makefu/2configs/share/gum-client.nix
+++ b/makefu/2configs/share/gum-client.nix
@@ -17,6 +17,7 @@ in {
"file_mode=0775"
"dir_mode=0775"
"uid=9001"
+ "vers=3"
];
};
diff --git a/makefu/2configs/share/omo-timemachine.nix b/makefu/2configs/share/omo-timemachine.nix
new file mode 100644
index 000000000..18cf0328e
--- /dev/null
+++ b/makefu/2configs/share/omo-timemachine.nix
@@ -0,0 +1,19 @@
+{ pkgs, ... }:
+{
+ services.samba = {
+ # support for timemachine in git
+ package = pkgs.sambaFull;
+ shares = {
+ time_machine = {
+ path = "/media/crypt3/backup/time_machine";
+ "valid users" = "misa";
+ public = "no";
+ writeable = "yes";
+ "force user" = "misa";
+ "fruit:aapl" = "yes";
+ "fruit:time machine" = "yes";
+ "vfs objects" = "catia fruit streams_xattr";
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/stats/external/weather2stats.nix b/makefu/2configs/stats/external/weather2stats.nix
new file mode 100644
index 000000000..870db99a8
--- /dev/null
+++ b/makefu/2configs/stats/external/weather2stats.nix
@@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ pkg = pkgs.stdenv.mkDerivation {
+ name = "aralast-master";
+ src = pkgs.fetchFromGitHub {
+ owner = "makefu";
+ repo = "aralast";
+ rev = "7121598";
+ sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m";
+ };
+ installPhase = ''
+ install -m755 -D aralast.sh $out/bin/aralast
+ '';
+ };
+in {
+ systemd.services.aralast = {
+ description = "periodically fetch aramark";
+ path = [
+ pkgs.curl
+ pkgs.gnugrep
+ pkgs.gnused
+ ];
+ wantedBy = [ "multi-user.target" ];
+ environment = {
+ INFLUX_HOST = "localhost";
+ INFLUX_PORT = "8086";
+ };
+ # every 10 seconds when the cantina is open
+ startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0,15,30,45";
+ serviceConfig = {
+ User = "nobody";
+ ExecStart = "${pkg}/bin/aralast";
+ PrivateTmp = true;
+ };
+ };
+}
diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix
index 7548c733e..c8e768c99 100644
--- a/makefu/2configs/stats/server.nix
+++ b/makefu/2configs/stats/server.nix
@@ -2,11 +2,11 @@
with import <stockholm/lib>;
let
- irc-server = "rc.r";
+ irc-server = "irc.r";
irc-nick = "m-alarm";
collectd-port = 25826;
influx-port = 8086;
- grafana-port = 3000; # TODO nginx forward
+ grafana-port = 3000;
db = "collectd_db";
logging-interface = config.makefu.server.primary-itf;
in {
@@ -72,15 +72,16 @@ in {
iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
- iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
- iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
- iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
+ #iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
+ #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
+ #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
- ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
- ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
- ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
+ #ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
+ #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
+ #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
'';
+ state = [ "/var/lib/grafana/data/grafana.db" ];
}
diff --git a/makefu/2configs/stats/telegraf/hamstats.nix b/makefu/2configs/stats/telegraf/hamstats.nix
new file mode 100644
index 000000000..88c1b6d5d
--- /dev/null
+++ b/makefu/2configs/stats/telegraf/hamstats.nix
@@ -0,0 +1,28 @@
+{ pkgs, ...}:
+
+let
+ genTopic = name: topic: tags: {
+ servers = [ "tcp://localhost:1883" ];
+ username = "stats";
+ password = builtins.readFile <secrets/mqtt/stats>;
+ qos = 0;
+ connection_timeout = "30s";
+ topics = [ topic ];
+ tags = tags;
+ persistent_session = false;
+ name_override = name;
+ data_format = "json";
+ # json_query = tags.sensor; #TODO?
+ };
+ hamStat = host:
+ sensor:
+ (genTopic sensor
+ "/ham/${host}/${sensor}/tele/SENSOR"
+ {"host" = host;
+ "scope" = "ham";
+ "sensor" = sensor;
+ } );
+ bme = host: [(hamStat host "BME280")];
+in {
+ services.telegraf.extraConfig.inputs.mqtt_consumer = (bme "schlafzimmer");
+}
diff --git a/makefu/2configs/syncthing.nix b/makefu/2configs/syncthing.nix
index 6b758ea2d..bc7413a0a 100644
--- a/makefu/2configs/syncthing.nix
+++ b/makefu/2configs/syncthing.nix
@@ -1,11 +1,17 @@
-{...}:
+{ config, ... }:
with import <stockholm/lib>; {
services.syncthing = {
enable = true;
openDefaultPorts = true;
- useInotify = true;
group = "download";
};
users.extraGroups.download.gid = genid "download";
+ state = map (x: config.services.syncthing.dataDir + "/" + x) [
+ "key.pem"
+ "cert.pem"
+ "config.xml"
+ "https-cert.pem"
+ "https-key.pem"
+ ];
}
diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix
index c55b94466..98abb2406 100644
--- a/makefu/2configs/tinc/retiolum.nix
+++ b/makefu/2configs/tinc/retiolum.nix
@@ -1,7 +1,8 @@
-_:
+{ pkgs, ... }:
{
imports = [
../binary-cache/lass.nix
];
krebs.tinc.retiolum.enable = true;
+ environment.systemPackages = [ pkgs.tinc ];
}
diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix
index 604288904..33e896d4c 100644
--- a/makefu/2configs/tools/core.nix
+++ b/makefu/2configs/tools/core.nix
@@ -3,9 +3,11 @@
# tools i use when actually working with the host.
# package version will now be maintained by nix-rebuild
#
-# essentially `nix-env -q` of the main user
{
environment.systemPackages = with pkgs; [
+ ( pkgs.writeScriptBin "unknow" ''#!/bin/sh
+${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts
+ '')
at_spi2_core
acpi
bc
diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index b652241bd..09ee63498 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -20,9 +20,7 @@
brain
gen-oath-safe
cdrtools
- stockholm
# nix related
- nix-repl
nix-index
# git-related
tig
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index 3d26cc574..1c28eeffd 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -6,6 +6,7 @@
gimp
inkscape
libreoffice
+ quodlibet
# skype
synergy
tdesktop
diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix
index 35faaa29f..a61b6c88e 100644
--- a/makefu/2configs/tools/media.nix
+++ b/makefu/2configs/tools/media.nix
@@ -3,11 +3,14 @@
{
users.users.makefu.packages = with pkgs; [
kodi
- streamripper
- youtube-dl
calibre
vlc
mumble
mplayer
+ quodlibet
+
+ plowshare
+ streamripper
+ youtube-dl
];
}
diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix
index 1993a5212..8a559dbbd 100644
--- a/makefu/2configs/tools/mobility.nix
+++ b/makefu/2configs/tools/mobility.nix
@@ -3,7 +3,11 @@
users.users.makefu.packages = with pkgs;[
go-mtpfs
mosh
+ sshfs
+ rclone
+ exfat
+ (pkgs.callPackage ./secrets.nix {})
];
- boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
+ # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
}
diff --git a/makefu/2configs/tools/secrets.nix b/makefu/2configs/tools/secrets.nix
new file mode 100644
index 000000000..f88618cbc
--- /dev/null
+++ b/makefu/2configs/tools/secrets.nix
@@ -0,0 +1,12 @@
+{ pass, write, writeDash, ... }:
+
+write "secrets" {
+ "/bin/secrets".link = writeDash "brain" ''
+ PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \
+ exec ${pass}/bin/pass $@
+ '';
+ "/bin/secretsmenu".link = writeDash "secretsmenu" ''
+ PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \
+ exec ${pass}/bin/passmenu $@
+ '';
+}
diff --git a/makefu/2configs/wireguard/server.nix b/makefu/2configs/wireguard/server.nix
new file mode 100644
index 000000000..e38fa05cb
--- /dev/null
+++ b/makefu/2configs/wireguard/server.nix
@@ -0,0 +1,52 @@
+{ config, ... }:
+let
+ ext-if = config.makefu.server.primary-itf;
+in { # wireguard server
+
+ # opkg install wireguard luci-proto-wireguard
+
+ # TODO: networking.nat
+
+ # boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+ # conf.all.proxy_arp =1
+ networking.firewall = {
+ allowedUDPPorts = [ 51820 ];
+ extraCommands = ''
+ iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
+ '';
+ };
+
+ networking.wireguard.interfaces.wg0 = {
+ ips = [ "10.244.0.1/24" ];
+ listenPort = 51820;
+ privateKeyFile = (toString <secrets>) + "/wireguard.key";
+ allowedIPsAsRoutes = true;
+ peers = [
+ {
+ # x
+ allowedIPs = [ "10.244.0.2/32" ];
+ publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
+ }
+ {
+ # vbob
+ allowedIPs = [ "10.244.0.3/32" ];
+ publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
+ }
+ {
+ # x-test
+ allowedIPs = [ "10.244.0.4/32" ];
+ publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
+ }
+ {
+ # work-router
+ allowedIPs = [ "10.244.0.5/32" ];
+ publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
+ }
+ {
+ # workr
+ allowedIPs = [ "10.244.0.6/32" ];
+ publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
+ }
+ ];
+ };
+}
diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix
index 6be078f6a..23ae572da 100644
--- a/makefu/2configs/zsh-user.nix
+++ b/makefu/2configs/zsh-user.nix
@@ -68,6 +68,8 @@ in
compdef _pass brain
zstyle ':completion::complete:brain::' prefix "$HOME/brain"
+ compdef _pass secrets
+ zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
# ctrl-x ctrl-e
autoload -U edit-command-line
diff --git a/makefu/3modules/airdcpp.nix b/makefu/3modules/airdcpp.nix
new file mode 100644
index 000000000..5250ee67a
--- /dev/null
+++ b/makefu/3modules/airdcpp.nix
@@ -0,0 +1,210 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>; #genid
+let
+ cfg = config.makefu.airdcpp;
+
+ out = {
+ options.makefu.airdcpp = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = with types;{
+ enable = mkEnableOption "airdcpp";
+
+ package = mkOption {
+ type = package;
+ default = pkgs.airdcpp-webclient;
+ };
+
+ user = mkOption {
+ description = ''
+ user which will run udpt. if kept default a new user will be created
+ '';
+ type = str;
+ default = "airdcpp";
+ };
+ extraGroups = mkOption {
+ description = ''extra groups for the user (only for default user)'';
+ type = listOf str;
+ default = [];
+ example = [ "nginx" ];
+ };
+
+ stateDir = mkOption {
+ description = ''
+ directory for storing state (pid,config)
+ '';
+ type = str;
+ default = "/var/lib/airdcpp";
+ };
+ dcpp = {
+ Nick = mkOption {
+ description = ''
+ Nick Name for connection
+ '';
+ type = str;
+ default = "kevin";
+ };
+ InPort = mkOption {
+ description = "Input Port";
+ type = int;
+ default = 16849;
+ };
+ UDPPort = mkOption {
+ description = "UDP open Port";
+ type = int;
+ default = 16849;
+ };
+ TLSPort = mkOption {
+ description = "TLS open Port";
+ type = int;
+ default = 16869;
+ };
+ DownloadSpeed = mkOption {
+ description = "Total Download Speed in Mbps/s";
+ type = str;
+ default = "100";
+ };
+ UploadSpeed = mkOption {
+ description = "Total Upload Speed in Mbp/s";
+ type = str;
+ default = "100";
+ };
+ shares = mkOption {
+ default = {};
+ type = attrsOf (submodule ( { config, ... }: {
+ options = {
+ path = mkOption {
+ description = "path to the share";
+ type = str;
+ };
+ incoming = mkOption {
+ description = "incoming";
+ type = bool;
+ default = false;
+ };
+ };
+ }));
+ };
+ initialConfigFile = mkOption {
+ description = ''
+ path inital DCPlusPlus.xml configuration if none exists
+ '';
+ type = nullOr path;
+ default = null;
+ };
+ };
+ web = {
+ port = mkOption {
+ description = ''web-ui port
+
+ NOTE: once the initial config had been written to the state directory it will not be replaced
+ '';
+ type = int;
+ default = 5600;
+ };
+ initialConfigFile = mkOption {
+ description = ''
+ path inital WebServer.xml configuration if none exists
+ '';
+ type = nullOr path;
+ default = null;
+ };
+ # TODO: tlsPort
+ users = mkOption {
+ type = attrsOf (submodule ( { config, ... }: {
+ options = {
+ password = mkOption {
+ description = "password of user";
+ type = str;
+ };
+ permissions = mkOption {
+ description = "user permissions";
+ type = str;
+ default = "admin";
+ };
+ };
+ }));
+ };
+ };
+ };
+
+ imp = let
+ genUsers = users: concatMapStringsSep "\n" (user:
+ ''<WebUser Username="${user.name}" Password="${user.password}" LastLogin="0" Permissions="${user.permissions}"/>'' )
+ (mapAttrsToList (name: val: val // { inherit name; }) users);
+ genShares = shares: concatMapStringsSep "\n" (share:
+ ''<Directory Virtual="stockholm" Incoming="${
+ if share.incoming then "1" else "0"
+ }" LastRefreshTime="0">${share.path}</Directory>'' )
+ (mapAttrsToList (name: val: val // { inherit name; }) shares);
+ webConfigFile = if (cfg.web.initialConfigFile == null) then builtins.trace "warning: airdcpp passwords are stored in plain text" pkgs.writeText "initial-config" ''
+ <?xml version="1.0" encoding="utf-8" standalone="yes"?>
+ <WebServer>
+ <Config>
+ <Server Port="${toString cfg.web.port}"/>
+ <TLSServer Port="0" Certificate="" CertificateKey=""/>
+ </Config>
+ <WebUsers>${genUsers cfg.web.users}
+ </WebUsers>
+ </WebServer>
+ '' else cfg.web.initialConfigFile;
+ dcppConfigFile = if (cfg.dcpp.initialConfigFile == null) then pkgs.writeText "initial-config" ''
+ <?xml version="1.0" encoding="utf-8" standalone="yes"?>
+ <DCPlusPlus>
+ <Settings>
+ <Nick type="string">${cfg.dcpp.Nick}</Nick>
+ <ConfigVersion type="string">${cfg.package.version}</ConfigVersion>
+ <InPort type="int">${toString cfg.dcpp.InPort}</InPort>
+ <UDPPort type="int">${toString cfg.dcpp.UDPPort}</UDPPort>
+ <TLSPort type="int">${toString cfg.dcpp.TLSPort}</TLSPort>
+ <ConfigBuildNumber type="int">0</ConfigBuildNumber>
+ <AutoDetectIncomingConnection type="int">0</AutoDetectIncomingConnection>
+ <NoIpOverride type="int">1</NoIpOverride>
+ <WizardRunNew type="int">0</WizardRunNew>
+ <IPUpdate type="int">0</IPUpdate>
+ <AlwaysCCPM type="int">1</AlwaysCCPM>
+ <DownloadSpeed type="string">${cfg.dcpp.DownloadSpeed}</DownloadSpeed>
+ <UploadSpeed type="string">${cfg.dcpp.UploadSpeed}</UploadSpeed>
+ </Settings>
+ <Share Token="0" Name="Default">
+ ${genShares cfg.dcpp.shares}
+ <NoShare/>
+ </Share>
+ <ChatFilterItems/>
+ </DCPlusPlus>
+ '' else cfg.dcpp.initialConfigFile;
+ in {
+ systemd.services.airdcpp = {
+ description = "airdcpp webui";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ restartIfChanged = true;
+ serviceConfig = {
+ Type = "simple";
+ ExecStartPre = pkgs.writeDash "prepare-env" ''
+ d=${cfg.stateDir}/WebServer.xml
+ test -e $d || install -m700 -o${cfg.user} ${webConfigFile} $d
+ d=${cfg.stateDir}/DCPlusPlus.xml
+ test -e $d || install -m700 -o${cfg.user} ${dcppConfigFile} $d
+ '';
+ PermissionsStartOnly = true;
+ ExecStart = "${cfg.package}/bin/airdcppd -c=${cfg.stateDir} -p=${cfg.stateDir}/airdcpp.pid";
+ PrivateTmp = true;
+ WorkingDirectory = cfg.stateDir;
+ User = "${cfg.user}";
+ };
+ };
+ users = lib.mkIf (cfg.user == "airdcpp") {
+ users.airdcpp = {
+ uid = genid "airdcpp";
+ home = cfg.stateDir;
+ createHome = true;
+ inherit (cfg) extraGroups;
+ };
+ groups.airdcpp.gid = genid "airdcpp";
+ };
+ };
+in
+out
+
diff --git a/makefu/5pkgs/airdcpp-webclient/default.nix b/makefu/5pkgs/airdcpp-webclient/default.nix
new file mode 100644
index 000000000..361a7da65
--- /dev/null
+++ b/makefu/5pkgs/airdcpp-webclient/default.nix
@@ -0,0 +1,27 @@
+{ stdenv, fetchurl
+}:
+stdenv.mkDerivation rec {
+ name = "airdcpp-webclient-${version}";
+ version = "2.3.0";
+
+ src = fetchurl {
+ url = http://web-builds.airdcpp.net/stable/airdcpp_2.3.0_webui-2.3.0_64-bit_portable.tar.gz;
+ sha256 = "0yvcl0nc70fghc7vfsgvbpryi5q97arld8adql4way4qa0mdnyv1";
+ };
+
+ phases = [ "unpackPhase" "installPhase" ];
+ installPhase = ''
+ mkdir -p $out/{share,bin}
+ cp -r * $out/share
+ ln -s $out/share/airdcppd $out/bin/
+ '';
+
+ meta = with stdenv.lib; {
+ # to start it: airdcpp -p=<pid-file> -c=<config-store-path (must be writeable)> --configure
+ description = "dcpp client (statically precompiled)";
+ homepage = http://fixme;
+ license = licenses.gpl3;
+ maintainers = with maintainers; [ makefu ];
+ platforms = with platforms; linux;
+ };
+}
diff --git a/makefu/5pkgs/bento4/default.nix b/makefu/5pkgs/bento4/default.nix
index 07c64a101..6f5f1deba 100644
--- a/makefu/5pkgs/bento4/default.nix
+++ b/makefu/5pkgs/bento4/default.nix
@@ -1,5 +1,4 @@
{ stdenv, fetchFromGitHub
-, pkgconfig
, cmake
}:
stdenv.mkDerivation rec {
@@ -13,7 +12,7 @@ stdenv.mkDerivation rec {
sha256 = "1cq6vhrq3n3lc1n454slbc66qdyqam2srxgdhfpyfxbq5c4y06nf";
};
- nativeBuildInputs = [ cmake pkgconfig ];
+ nativeBuildInputs = [ cmake ];
installPhase = ''
mkdir -p $out/{lib,bin}
find -iname '*.so' -exec mv --target-directory="$out/lib" {} \;
diff --git a/makefu/5pkgs/cozy-audiobooks/default.nix b/makefu/5pkgs/cozy-audiobooks/default.nix
index f1d655a0a..870fa8ce2 100644
--- a/makefu/5pkgs/cozy-audiobooks/default.nix
+++ b/makefu/5pkgs/cozy-audiobooks/default.nix
@@ -85,13 +85,9 @@ stdenv.mkDerivation rec {
ninja test
'';
- #preInstall = ''
- # export MESON_INSTALL_PREFIX=$out
- #'';
-
meta = with stdenv.lib; {
description = ''
- Eval nix code from python.
+ A modern audio book player for Linux using GTK+ 3
'';
maintainers = [ maintainers.makefu ];
license = licenses.mit;
diff --git a/makefu/5pkgs/custom/quodlibet/remove-override-warning.patch b/makefu/5pkgs/custom/quodlibet/remove-override-warning.patch
new file mode 100644
index 000000000..0f9d41024
--- /dev/null
+++ b/makefu/5pkgs/custom/quodlibet/remove-override-warning.patch
@@ -0,0 +1,54 @@
+diff --git a/quodlibet/qltk/edittags.py b/quodlibet/quodlibet/qltk/edittags.py
+index 148866ef7..e741b9c3d 100644
+--- a/quodlibet/qltk/edittags.py
++++ b/quodlibet/qltk/edittags.py
+@@ -740,13 +740,6 @@ class EditTags(Gtk.VBox):
+ win.show()
+ all_done = False
+ for song in songs:
+- if not song.valid():
+- win.hide()
+- dialog = OverwriteWarning(self, song)
+- resp = dialog.run()
+- win.show()
+- if resp != OverwriteWarning.RESPONSE_SAVE:
+- break
+
+ changed = False
+ for key, values in iteritems(updated):
+diff --git a/quodlibet/qltk/tagsfrompath.py b/quodlibet/quodlibet/qltk/tagsfrompath.py
+index fd3f0709c..cb5b44f20 100644
+--- a/quodlibet/qltk/tagsfrompath.py
++++ b/quodlibet/qltk/tagsfrompath.py
+@@ -284,13 +284,6 @@ class TagsFromPath(Gtk.VBox):
+ for entry in ((model and itervalues(model)) or []):
+ song = entry.song
+ changed = False
+- if not song.valid():
+- win.hide()
+- dialog = OverwriteWarning(self, song)
+- resp = dialog.run()
+- win.show()
+- if resp != OverwriteWarning.RESPONSE_SAVE:
+- break
+
+ for i, h in enumerate(pattern.headers):
+ text = entry.get_match(h)
+diff --git a/quodlibet/qltk/tracknumbers.py b/quodlibet/quodlibet/qltk/tracknumbers.py
+index 1ab4d0b9a..52f087db4 100644
+--- a/quodlibet/qltk/tracknumbers.py
++++ b/quodlibet/qltk/tracknumbers.py
+@@ -160,13 +160,6 @@ class TrackNumbers(Gtk.VBox):
+ if song.get("tracknumber") == track:
+ win.step()
+ continue
+- if not song.valid():
+- win.hide()
+- dialog = OverwriteWarning(self, song)
+- resp = dialog.run()
+- win.show()
+- if resp != OverwriteWarning.RESPONSE_SAVE:
+- break
+ song["tracknumber"] = track
+ try:
+ song.write()
diff --git a/makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch b/makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch
new file mode 100644
index 000000000..05778fde7
--- /dev/null
+++ b/makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch
@@ -0,0 +1,13 @@
+diff --git a/quodlibet/pattern/_pattern.py b/quodlibet/pattern/_pattern.py
+index fc056d07a..8fb559c6e 100644
+--- a/quodlibet/pattern/_pattern.py
++++ b/quodlibet/pattern/_pattern.py
+@@ -387,7 +387,7 @@ def _number(key, value):
+ elif key == "discnumber":
+ parts = value.split("/")
+ try:
+- return "%02d" % int(parts[0])
++ return "%d" % int(parts[0])
+ except (TypeError, ValueError):
+ return value
+ else:
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 390c13ffe..390aabd73 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -20,6 +20,10 @@ with super.lib; with builtins; let
(filterAttrs (_: eq "directory") (readDir path));
in {
+ quodlibet = super.pkgs.stdenv.lib.overrideDerivation super.quodlibet (old: {
+ patches = [ ./custom/quodlibet/single-digit-discnumber.patch
+ ./custom/quodlibet/remove-override-warning.patch ];
+ });
alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";};
@@ -29,15 +33,6 @@ in {
inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: {
patches = [ ./custom/inkscape/dxf_fix.patch ];
});
- pwqgen-ger = callPackage <stockholm/krebs/5pkgs/simple/passwdqc-utils> {
- wordset-file = super.pkgs.fetchurl {
- urls = [
- https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c
- https://archive.org/download/nixos-stockholm-tarballs/pviar5j1gxiqcf3l34b4n2pil06xc8zf-wordset_4k.c
- ];
- sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";
- };
- };
}
// (mapAttrs (_: flip callPackage {})
diff --git a/makefu/5pkgs/esniper/default.nix b/makefu/5pkgs/esniper/default.nix
new file mode 100644
index 000000000..a6aac5748
--- /dev/null
+++ b/makefu/5pkgs/esniper/default.nix
@@ -0,0 +1,32 @@
+{ stdenv, fetchurl , openssl, curl, coreutils, gawk, bash, which }:
+
+stdenv.mkDerivation rec {
+ name = "${pname}-2-35-0";
+ pname = "esniper";
+ version = "2.35.0";
+ src = fetchurl {
+ url = "mirror://sourceforge/${pname}/${name}.tgz";
+ sha256 = "04iwjb42lw90c03125bjdpnm0fp78dmwf2j35r7mah0nwcrlagd9";
+ };
+
+
+ buildInputs = [ openssl curl ];
+
+ # Add support for CURL_CA_BUNDLE variable.
+ # Fix <http://sourceforge.net/p/esniper/bugs/648/>.
+ patches = [ ./find-ca-bundle.patch ];
+
+ postInstall = ''
+ sed <"frontends/snipe" >"$out/bin/snipe" \
+ -e "2i export PATH=\"$out/bin:${stdenv.lib.makeBinPath [ coreutils gawk bash which ]}:\$PATH\""
+ chmod 555 "$out/bin/snipe"
+ '';
+
+ meta = with stdenv.lib; {
+ description = "Simple, lightweight tool for sniping eBay auctions";
+ homepage = http://esniper.sourceforge.net;
+ license = licenses.gpl2;
+ maintainers = with maintainers; [ lovek323 peti ];
+ platforms = platforms.all;
+ };
+}
diff --git a/makefu/5pkgs/esniper/find-ca-bundle.patch b/makefu/5pkgs/esniper/find-ca-bundle.patch
new file mode 100644
index 000000000..e4df272a0
--- /dev/null
+++ b/makefu/5pkgs/esniper/find-ca-bundle.patch
@@ -0,0 +1,26 @@
+diff -ubr '--exclude=*.o' esniper-2-27-0-orig/http.c esniper-2-27-0-patched/http.c
+--- esniper-2-27-0-orig/http.c 2012-02-06 22:04:06.000000000 +0100
++++ esniper-2-27-0-patched/http.c 2012-07-27 10:54:20.893054646 +0200
+@@ -200,6 +200,9 @@
+ int
+ initCurlStuff(void)
+ {
++ /* Path to OpenSSL bundle file. */
++ const char *ssl_capath=NULL;
++
+ /* list for custom headers */
+ struct curl_slist *slist=NULL;
+
+@@ -241,6 +244,12 @@
+ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_COOKIEFILE, "")))
+ return initCurlStuffFailed();
+
++ /* If the environment variable CURL_CA_BUNDLE is set, pass through its
++ * contents to curl. */
++ if ((ssl_capath = getenv("CURL_CA_BUNDLE")))
++ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_CAINFO, ssl_capath)))
++ return initCurlStuffFailed();
++
+ slist = curl_slist_append(slist, "Accept: text/*");
+ slist = curl_slist_append(slist, "Accept-Language: en");
+ slist = curl_slist_append(slist, "Accept-Charset: iso-8859-1,*,utf-8");
diff --git a/makefu/5pkgs/pavumeter/default.nix b/makefu/5pkgs/pavumeter/default.nix
new file mode 100644
index 000000000..b1822530a
--- /dev/null
+++ b/makefu/5pkgs/pavumeter/default.nix
@@ -0,0 +1,30 @@
+{ lib, stdenv, fetchurl, libusb, libtool, autoconf, pkgconfig, git,
+gettext, automake, libxml2
+, autoreconfHook
+, lynx
+, gtkmm2
+, libpulseaudio
+, gnome2
+, libsigcxx
+}:
+stdenv.mkDerivation rec {
+ pname = "pavumeter";
+ name = "${pname}-${version}";
+ version = "0.9.3";
+
+ src = fetchurl {
+ url = "http://0pointer.de/lennart/projects/${pname}/${name}.tar.gz";
+ sha256 = "0yq67w8j8l1xsv8pp37bylax22npd6msbavr6pb25yvyq825i3gx";
+ };
+
+ buildInputs = [ gtkmm2 libpulseaudio gnome2.gnome_icon_theme ];
+ nativeBuildInputs = [ pkgconfig autoreconfHook lynx ];
+
+ meta = {
+ description = "PulseAudio volumene meter";
+ homepage = http://0pointer.de/lennart/projects/pavumeter;
+ license = stdenv.lib.licenses.gpl2;
+ platforms = stdenv.lib.platforms.linux;
+ maintainers = with stdenv.lib.maintainers; [ makefu ];
+ };
+}
diff --git a/makefu/krops.nix b/makefu/krops.nix
index 3838db635..ddb4afece 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -18,17 +18,20 @@
unstable = false; #unstable channel checked out
mic92 = false;
nms = false;
+ arm6 = false;
clever_kexec = false;
+ home-manager = false;
} // import (./. + "/1systems/${name}/source.nix");
source = { test }: lib.evalSource [
{
- # nixos-18.03 @ 2018-08-06
- # + do_sqlite3 ruby: 55a952be5b5
- # + exfat-nofuse bump: ee6a5296a35
+ # nixos-18.09 @ 2018-09-18
# + uhub/sqlite: 5dd7610401747
nixpkgs = if test || host-src.full then {
git.ref = nixpkgs-src.rev;
git.url = nixpkgs-src.url;
+ } else if host-src.arm6 then {
+ # TODO: we want to track the unstable channel
+ symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
} else {
file = "/home/makefu/store/${nixpkgs-src.rev}";
};
@@ -66,6 +69,12 @@
ref = "30fdd53";
};
})
+ (lib.mkIf ( host-src.home-manager ) {
+ home-manager.git = {
+ url = https://github.com/rycee/home-manager;
+ ref = "6eea2a4";
+ };
+ })
];
in {
diff --git a/makefu/source.nix b/makefu/source.nix
deleted file mode 100644
index 82a41886b..000000000
--- a/makefu/source.nix
+++ /dev/null
@@ -1,122 +0,0 @@
-with import <stockholm/lib>;
-host@{ name,
- override ? {}
-, secure ? false
-, full ? false
-, torrent ? false
-, hw ? false
-, musnix ? false
-, python ? false
-, unstable ? false #unstable channel checked out
-, mic92 ? false
-, nms ? false
-, clever_kexec ?false
-}:
-let
- builder = if getEnv "dummy_secrets" == "true"
- then "buildbot"
- else "makefu";
- _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
- pkgs = import <nixpkgs> {
- overlays = map import [
- <stockholm/krebs/5pkgs>
- <stockholm/submodules/nix-writers/pkgs>
- ];
- };
- # TODO: automate updating of this ref + cherry-picks
- ref = "8f991294288"; # nixos-18.03 @ 2018-08-06
- # + do_sqlite3 ruby: 55a952be5b5
- # + exfat-nofuse bump: ee6a5296a35
- # + uhub/sqlite: 5dd7610401747
-
-in
- evalSource (toString _file) [
- {
- nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix";
- # always perform a full populate when buildbot
- nixpkgs = if full || (builder == "buildbot" ) then {
- git = {
- url = https://github.com/makefu/nixpkgs;
- inherit ref;
- };
- } else {
- # right now it is simply extracted revision folder
-
- ## prepare so we do not have to wait for rsync:
- ## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs
- file = "/home/makefu/store/${ref}";
- };
-
- secrets = getAttr builder {
- buildbot.file = toString <stockholm/makefu/0tests/data/secrets>;
- makefu.pass = {
- inherit name;
- dir = "${getEnv "HOME"}/.secrets-pass";
- };
- };
-
-
- stockholm.file = toString <stockholm>;
- stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
- }
- (mkIf ( musnix ) {
- musnix.git = {
- url = https://github.com/musnix/musnix.git;
- ref = "master"; # follow the musnix channel, lets see how this works out
- };
- })
-
- (mkIf ( hw ) {
- nixos-hardware.git = {
- url = https://github.com/nixos/nixos-hardware.git;
- ref = "30fdd53";
- };
- })
-
- (mkIf ( python ) {
- python.git = {
- url = https://github.com/garbas/nixpkgs-python;
- ref = "cac319b7";
- };
- })
-
- (mkIf ( torrent ) {
- torrent-secrets = getAttr builder {
- buildbot.file = toString <stockholm/makefu/0tests/data/secrets>;
- makefu.pass = {
- name = "torrent";
- dir = "${getEnv "HOME"}/.secrets-pass";
- };
- };
- })
-
- (mkIf ( unstable ) {
- nixpkgs-unstable.git = {
- url = https://github.com/nixos/nixpkgs-channels;
- ref = "nixos-unstable";
- };
- })
-
- (mkIf ( mic92 ) {
- mic92.git = {
- url = https://github.com/Mic92/dotfiles/;
- ref = "48a1f49";
- };
- })
-
- (mkIf ( nms ) {
- nms.git = {
- url = https://github.com/r-raymond/nixos-mailserver;
- ref = "v2.1.2";
- };
- })
-
- (mkIf ( clever_kexec ) {
- clever_kexec.git = {
- url = https://github.com/cleverca22/nix-tests;
- ref = "5a670de7f2decfaafc95c34ffeb0f1896662f3d7";
- };
- })
-
- override
- ]
diff --git a/nin/1systems/axon/source.nix b/nin/1systems/axon/source.nix
deleted file mode 100644
index 6a40296da..000000000
--- a/nin/1systems/axon/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/nin/source.nix> {
- name = "axon";
- secure = true;
-}
diff --git a/nin/1systems/hiawatha/source.nix b/nin/1systems/hiawatha/source.nix
deleted file mode 100644
index a4b366b9c..000000000
--- a/nin/1systems/hiawatha/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/nin/source.nix> {
- name = "hiawatha";
- secure = true;
-}
diff --git a/nin/1systems/onondaga/source.nix b/nin/1systems/onondaga/source.nix
deleted file mode 100644
index 60d020222..000000000
--- a/nin/1systems/onondaga/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/nin/source.nix> {
- name = "onondaga";
- secure = true;
-}
diff --git a/nin/source.nix b/nin/source.nix
deleted file mode 100644
index a4bf0a98c..000000000
--- a/nin/source.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-with import <stockholm/lib>;
-host@{ name, secure ? false }: let
- builder = if getEnv "dummy_secrets" == "true"
- then "buildbot"
- else "nin";
- _file = <stockholm> + "/nin/1systems/${name}/source.nix";
- pkgs = import <nixpkgs> {
- overlays = map import [
- <stockholm/krebs/5pkgs>
- <stockholm/submodules/nix-writers/pkgs>
- ];
- };
-in
- evalSource (toString _file) {
- nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix";
- secrets.file = getAttr builder {
- buildbot = toString <stockholm/nin/0tests/dummysecrets>;
- nin = "/home/nin/secrets/${name}";
- };
- stockholm.file = toString <stockholm>;
- stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
- nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
- }
diff --git a/shell.nix b/shell.nix
deleted file mode 100644
index 3695ed3ac..000000000
--- a/shell.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-let
- lib = import ./lib;
- pkgs = import <nixpkgs> {
- overlays = [
- (import ./krebs/5pkgs)
- (import ./submodules/nix-writers/pkgs)
- ];
- };
-
-in pkgs.stdenv.mkDerivation {
- name = "stockholm";
- shellHook = /* sh */ ''
- export NIX_PATH=stockholm=${toString ./.}:nixpkgs=${toString <nixpkgs>}
- if test -e /nix/var/nix/daemon-socket/socket; then
- export NIX_REMOTE=daemon
- fi
- export PATH=${lib.makeBinPath [
- pkgs.stockholm
- ]}''${PATH+:$PATH}
-
- eval "$(declare -F | ${pkgs.gnused}/bin/sed s/declare/unset/)"
- shopt -u no_empty_cmd_completion
- unalias -a
-
- enable -n \
- . [ alias bg bind break builtin caller cd command compgen complete \
- compopt continue dirs disown eval exec false fc fg getopts hash \
- help history jobs kill let local logout mapfile popd printf pushd \
- pwd read readarray readonly shift source suspend test times trap \
- true typeset ulimit umask unalias wait
-
- exitHandler() {
- :
- }
-
- PS1='\[\e[38;5;162m\]\w\[\e[0m\] '
- '';
-}
diff --git a/submodules/nix-writers b/submodules/nix-writers
index 5d7999226..c27a9416e 160000
--- a/submodules/nix-writers
+++ b/submodules/nix-writers
@@ -1 +1 @@
-Subproject commit 5d79992262e8f16a3efa985375be74abea3bb392
+Subproject commit c27a9416e8ee04d708b11b48f8cf1a055c0cc079
diff --git a/tv/1systems/alnus/source.nix b/tv/1systems/alnus/source.nix
deleted file mode 100644
index 9fd2f668c..000000000
--- a/tv/1systems/alnus/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/tv/source.nix> {
- name = "alnus";
- override.nixpkgs.git.ref = "d0f0657ca06cc8cb239cb94f430b53bcdf755887";
-}
diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix
index 6c22971bf..f51366546 100644
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@@ -2,9 +2,7 @@ with import <stockholm/lib>;
{ config, pkgs, ... }: {
imports = [
- <stockholm/krebs>
- <stockholm/tv/2configs>
- <stockholm/tv/3modules>
+ <stockholm/tv>
<stockholm/tv/2configs/exim-retiolum.nix>
<stockholm/tv/2configs/retiolum.nix>
];
@@ -57,6 +55,7 @@ with import <stockholm/lib>;
gimp
iptables
libreoffice
+ plasma-pa
(pkgs.pidgin-with-plugins.override {
plugins = [ pkgs.pidginotr ];
})
diff --git a/tv/1systems/mu/source.nix b/tv/1systems/mu/source.nix
deleted file mode 100644
index 7e148cf36..000000000
--- a/tv/1systems/mu/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/tv/source.nix> {
- name = "mu";
-}
diff --git a/tv/1systems/nomic/source.nix b/tv/1systems/nomic/source.nix
deleted file mode 100644
index f173b65a6..000000000
--- a/tv/1systems/nomic/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/tv/source.nix> {
- name = "nomic";
- secure = true;
-}
diff --git a/tv/1systems/querel/source.nix b/tv/1systems/querel/source.nix
deleted file mode 100644
index 74eab51e4..000000000
--- a/tv/1systems/querel/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/tv/source.nix> {
- name = "querel";
-}
diff --git a/tv/1systems/wu/source.nix b/tv/1systems/wu/source.nix
deleted file mode 100644
index 2e9cdeb8a..000000000
--- a/tv/1systems/wu/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/tv/source.nix> {
- name = "wu";
- secure = true;
-}
diff --git a/tv/1systems/xu/source.nix b/tv/1systems/xu/source.nix
deleted file mode 100644
index 46e1aee90..000000000
--- a/tv/1systems/xu/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/tv/source.nix> {
- name = "xu";
- secure = true;
-}
diff --git a/tv/1systems/zu/source.nix b/tv/1systems/zu/source.nix
deleted file mode 100644
index 7a5c4f523..000000000
--- a/tv/1systems/zu/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/tv/source.nix> {
- name = "zu";
- secure = true;
-}
diff --git a/tv/source.nix b/tv/source.nix
deleted file mode 100644
index c0df06567..000000000
--- a/tv/source.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-with import <stockholm/lib>;
-{ name
-, dummy_secrets ? getEnv "dummy_secrets" == "true"
-, override ? {}
-, secure ? false
-}@host: let
- builder = if dummy_secrets then "buildbot" else "tv";
- _file = <stockholm> + "/tv/1systems/${name}/source.nix";
- pkgs = import <nixpkgs> {
- overlays = map import [
- <stockholm/krebs/5pkgs>
- <stockholm/submodules/nix-writers/pkgs>
- ];
- };
-in
- evalSource (toString _file) [
- {
- nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix";
- nixpkgs.git = {
- ref = mkDefault "7cbf6ca1c84dfc917c1a99524e082fb677501844";
- url = https://github.com/NixOS/nixpkgs;
- };
- secrets.file = getAttr builder {
- buildbot = toString <stockholm/tv/dummy_secrets>;
- tv = "/home/tv/secrets/${name}";
- };
- stockholm.file = toString <stockholm>;
- stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
- }
- (mkIf (builder == "tv") {
- secrets-common.file = "/home/tv/secrets/common";
- })
- (mkIf (builder == "tv" && secure) {
- secrets-master.file = "/home/tv/secrets/master";
- })
- override
- ]