makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions1 Packages Projects Releases Wiki Activity

Merge branch 'master' of prism.r:stockholm

Browse source
This commit is contained in:
jeschli 2019-01-29 19:17:43 +01:00
parent 06b6454af7 e64bbd8d68
commit 924c8fb748
98 changed files with 1509 additions and 836 deletions
ci.nix
krebs
1systems
hotdog
config.nix
wolf
config.nix
2configs
exim-smarthost.nixnscd-fix.nixreaktor-krebs.nixreaktor-retiolum.nixreaktor2.nix
shack
mobile.mpd.nixympd-top-next.patch
3modules
Reaktor.nixdefault.nixdns.nix
external
default.nix
github-known-hosts.nixhosts.nixper-user.nixreaktor2.nixretiolum-hosts.nixtinc.nix
5pkgs
default.nix
haskell
blessings.nixmuch.nixreaktor2.nix
simple
Reaktor
default.nixplugins.nix
scripts
random-emoji.shrandom-issue.shsed-plugin.pyshack-correct.sh
much
default.nix
reaktor2-plugins.nix
krops.nixnixpkgs.json
lass
1systems
blue
source.nix
mors
config.nix
prism
config.nixphysical.nix
yellow
config.nix
2configs
baseX.nixdefault.nixexim-smarthost.nixgames.nixgc.nixhardening.nixmail.nixradio.nixreaktor-coders.nix
websites
domsen.nixlassulus.nix
3modules
default.nix
xserver
default.nixxserver.conf.nix
5pkgs/custom/xmonad-lass
default.nix
makefu
0tests/data/secrets
nixos-community
1systems
cake
config.nixhardware-config.nix
gum
config.nixhardware-config.nixsource.nix
x
config.nix
2configs
bgt
download.binaergewitter.de.nix
bureautomation
default.nixhass.nix
default.nix
deployment
owncloud.nix
dict.nix
gui
base.nix
home-manager
cli.nixdesktop.nixzsh.nix
hw
malduino_elite.nix
printer.nix
remote-build
aarch64-community.nix
tools
android-pentest.nixdev.nix
virtualisation
virtualbox.nix
zsh-user.nix
5pkgs
baidudl
default.nix
default.nix
krops.nixnixpkgs.json
submodules
krops
tv
1systems/xu
config.nix
2configs
backup.nixdefault.nixgitrepos.nixhtop.nixmail-client.nix
xserver
Xmodmap.nixxkiller.nix
3modules
default.nix
ejabberd
default.nix
nixpkgs-overlays.nixslock.nix
5pkgs
default.nix
simple
q
default.nix
xkiller.nix

2
ci.nix
View file

@ -16,6 +16,6 @@ let
ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
build = host: owner:
((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-tmp";});
((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";});
in mapAttrs (n: h: build n h.owner.name) ci-systems

4
krebs/1systems/hotdog/config.nix
View file

@ -12,8 +12,8 @@
<stockholm/krebs/2configs/buildbot-stockholm.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/reaktor-retiolum.nix>
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/krebs/2configs/nscd-fix.nix>
<stockholm/krebs/2configs/reaktor2.nix>
<stockholm/krebs/2configs/repo-sync.nix>
];

1
krebs/1systems/wolf/config.nix
View file

@ -161,6 +161,7 @@ in
users.extraUsers.root.openssh.authorizedKeys.keys = [
config.krebs.users.ulrich.pubkey
config.krebs.users.raute.pubkey
config.krebs.users.makefu-omo.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
];

50
krebs/2configs/exim-smarthost.nix Normal file
View file

@ -0,0 +1,50 @@
with import <stockholm/lib>;
{ config, ... }: let
format = from: to: {
inherit from;
# TODO assert is-retiolum-mail-address to;
to = concatMapStringsSep "," (getAttr "mail") (toList to);
};
in {
krebs.exim-smarthost.internet-aliases =
mapAttrsToList format (with config.krebs.users; let
brain-ml = [
lass
makefu
tv
];
eloop-ml = spam-ml ++ [ ciko ];
spam-ml = [
lass
makefu
tv
];
ciko.mail = "ciko@slash16.net";
in {
"anmeldung@eloop.org" = eloop-ml;
"brain@krebsco.de" = brain-ml;
"cfp@eloop.org" = eloop-ml;
"kontakt@eloop.org" = eloop-ml;
"root@eloop.org" = eloop-ml;
"youtube@eloop.org" = eloop-ml;
"eloop2016@krebsco.de" = eloop-ml;
"eloop2017@krebsco.de" = eloop-ml;
"postmaster@krebsco.de" = spam-ml; # RFC 822
"lass@krebsco.de" = lass;
"makefu@krebsco.de" = makefu;
"spam@krebsco.de" = spam-ml;
"tv@krebsco.de" = tv;
# XXX These are no internet aliases
# XXX exim-retiolum hosts should be able to relay to retiolum addresses
"lass@retiolum" = lass;
"makefu@retiolum" = makefu;
"spam@retiolum" = spam-ml;
"tv@retiolum" = tv;
"lass@r" = lass;
"makefu@r" = makefu;
"spam@r" = spam-ml;
"tv@r" = tv;
});
}

24
krebs/2configs/nscd-fix.nix Normal file
View file

@ -0,0 +1,24 @@
with import <stockholm/lib>;
{ pkgs, ... }: let
enable = versionOlderThan "19.03";
versionOlderThan = v:
compareVersions
(versions.majorMinor version)
(versions.majorMinor v)
== -1;
warning = ''
Using custom services.nscd.config because
https://github.com/NixOS/nixpkgs/pull/50316
'';
in
optionalAttrs enable (trace warning {
services.nscd.enable = mkForce true;
services.nscd.config = mkForce (readFile (pkgs.fetchurl {
url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf;
sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs";
}));
})

30
krebs/2configs/reaktor-krebs.nix
View file

@ -1,30 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
krebs.Reaktor.krebs = {
nickname = "Reaktor|krebs";
channels = [
"#krebs"
"#nixos-wiki"
];
extraEnviron = {
REAKTOR_HOST = "irc.freenode.org";
REAKTOR_NICKSERV_PASSWORD = "/var/lib/Reaktor/reaktor_nickserv_password";
};
plugins = with pkgs.ReaktorPlugins; [
sed-plugin
task-add
task-delete
task-done
task-list
] ++
(attrValues (todo "agenda"))
;
};
krebs.secret.files.nix-serve-key = {
path = "/var/lib/Reaktor/reaktor_nickserv_password";
owner.name = "Reaktor";
source-path = toString <secrets> + "/reaktor_nickserv_password";
};
}

21
krebs/2configs/reaktor-retiolum.nix
View file

@ -1,21 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
krebs.Reaktor.retiolum = {
nickname = "Reaktor|lass";
channels = [ "#noise" "#xxx" ];
extraEnviron = {
REAKTOR_HOST = "irc.r";
};
plugins = with pkgs.ReaktorPlugins; [
sed-plugin
task-add
task-delete
task-done
task-list
] ++
(attrValues (todo "agenda"))
;
};
}

152
krebs/2configs/reaktor2.nix Normal file
View file

@ -0,0 +1,152 @@
with import <stockholm/lib>;
{ config, pkgs, ... }:
let
#for shared state directory
stateDir = config.krebs.reaktor2.r.stateDir;
generators = pkgs.reaktor2-plugins.generators;
hooks = pkgs.reaktor2-plugins.hooks;
commands = pkgs.reaktor2-plugins.commands;
task = name: let
rcFile = builtins.toFile "taskrc" ''
confirmation=no
'';
in {
pattern = "^${name}-([a-z]+)(?::\\s*(.*))?";
activate = "match";
command = 1;
arguments = [2];
env.TASKDATA = "${stateDir}/${name}";
commands = {
add.filename = pkgs.writeDash "${name}-task-add" ''
${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$1"
'';
list.filename = pkgs.writeDash "${name}-task-list" ''
${pkgs.taskwarrior}/bin/task rc:${rcFile} export \
| ${pkgs.jq}/bin/jq -r '
.[] | select(.id != 0) | "\(.id) \(.description)"
'
'';
delete.filename = pkgs.writeDash "${name}-task-delete" ''
${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$1"
'';
done.filename = pkgs.writeDash "${name}-task-done" ''
${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$1"
'';
};
};
systemPlugin = {
plugin = "system";
config = {
workdir = stateDir;
hooks.JOIN = [
{
activate = "always";
command = {
filename =
"${pkgs.Reaktor.src}/reaktor/commands/tell-on_join";
env = {
PATH = makeBinPath [
pkgs.coreutils # XXX env, touch
pkgs.jq # XXX sed
pkgs.utillinux # XXX flock
];
state_file = "${stateDir}/tell.json";
};
};
}
];
hooks.PRIVMSG = [
{
pattern = "^bier bal(ance)*$";
activate = "match";
command = {
env = {
state_file = "${stateDir}/ledger";
};
filename = pkgs.writeDash "bier-balance" ''
${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
| ${pkgs.coreutils}/bin/tail +2 \
| ${pkgs.miller}/bin/mlr --icsv --opprint cat
'';
};
}
{
pattern = ''^(\S+)\s+([+-][1-9][0-9]*)\s+(\S+)$'';
activate = "match";
arguments = [1 2 3];
command = {
env = {
# TODO; get state as argument
state_file = "${stateDir}/ledger";
};
filename = pkgs.writeDash "ledger-add" ''
set -x
tonick=$1
amt=$2
unit=$3
printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
'';
};
}
hooks.sed
(generators.command_hook {
inherit (commands) hello random-emoji nixos-version stockholm-issue;
tell = {
filename =
"${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg";
env = {
PATH = makeBinPath [
pkgs.coreutils # XXX date, env
pkgs.jq # XXX sed
pkgs.utillinux # XXX flock
];
state_file = "${stateDir}/tell.txt";
};
};
})
(task "agenda")
];
};
};
in {
krebs.reaktor2 = {
freenode = {
hostname = "irc.freenode.org";
nick = "reaktor2|krebs";
plugins = [
{
plugin = "register";
config = {
channels = [
"#krebs"
];
};
}
systemPlugin
];
username = "reaktor2";
};
r = {
nick = "reaktor2|krebs";
plugins = [
{
plugin = "register";
config = {
channels = [
"#noise"
"#xxx"
];
};
}
systemPlugin
];
username = "reaktor2";
};
};
}

5
krebs/2configs/shack/mobile.mpd.nix
View file

@ -1,5 +1,8 @@
{lib,pkgs, ... }:
let
pkg = lib.overrideDerivation pkgs.ympd (old: {
patches = [ ./ympd-top-next.patch ];
});
mpdHost = "mpd.shack";
ympd = name: port: let
webPort = 10000 + port;
@ -7,7 +10,7 @@ let
systemd.services."ympd-${name}" = {
description = "mpd for ${name}";
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody";
serviceConfig.ExecStart = "${pkg}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody";
};
services.nginx.virtualHosts."mobile.${name}.mpd.shack" = {
serverAliases = [

16
krebs/2configs/shack/ympd-top-next.patch Normal file
View file

@ -0,0 +1,16 @@
diff --git a/htdocs/index.html b/htdocs/index.html
index ed77279..eaf92b6 100644
--- a/htdocs/index.html
+++ b/htdocs/index.html
@@ -76,6 +76,11 @@
<div class="col-md-10 col-xs-12">
<div class="notifications top-right"></div>
+
+ <ul class="pager">
+ <li id="prev" class="page-btn hide"><a href="">Previous</a></li>
+ <li id="next" class="page-btn"><a href="">Next</a></li>
+ </ul>
<div class="panel panel-primary">
<!-- Default panel contents -->

5
krebs/3modules/Reaktor.nix
View file

@ -113,10 +113,11 @@ let
'';
in nameValuePair "Reaktor-${name}" {
path = with pkgs; [
utillinux #flock for tell_on-join
git # for nag
jq # for tell
python # for caps
];
utillinux # flock for tell
];
description = "Reaktor IRC Bot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];

145
krebs/3modules/default.nix
View file

@ -18,14 +18,17 @@ let
./charybdis.nix
./ci.nix
./current.nix
./dns.nix
./exim.nix
./exim-retiolum.nix
./exim-smarthost.nix
./fetchWallpaper.nix
./github-hosts-sync.nix
./github-known-hosts.nix
./git.nix
./go.nix
./hidden-ssh.nix
./hosts.nix
./htgen.nix
./iana-etc.nix
./iptables.nix
@ -39,8 +42,10 @@ let
./per-user.nix
./power-action.nix
./Reaktor.nix
./reaktor2.nix
./realwallpaper.nix
./retiolum-bootstrap.nix
./retiolum-hosts.nix
./rtorrent.nix
./secret.nix
./setuid.nix
@ -58,28 +63,10 @@ let
api = {
enable = mkEnableOption "krebs";
dns = {
providers = mkOption {
type = with types; attrsOf str;
};
};
hosts = mkOption {
type = with types; attrsOf host;
default = {};
};
users = mkOption {
type = with types; attrsOf user;
};
# XXX is there a better place to define search-domain?
# TODO search-domains :: listOf hostname
search-domain = mkOption {
type = types.hostname;
default = "r";
};
sitemap = mkOption {
default = {};
type = types.attrsOf types.sitemap.entry;
@ -125,6 +112,8 @@ let
w = "hosts";
};
krebs.dns.search-domain = mkDefault "r";
krebs.users = {
krebs = {
home = "/krebs";
@ -137,93 +126,6 @@ let
};
};
networking.extraHosts = let
domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers);
check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
in concatStringsSep "\n" (flatten (
mapAttrsToList (hostname: host:
mapAttrsToList (netname: net:
let
aliases = longs ++ shorts;
longs = filter check net.aliases;
shorts = let s = ".${cfg.search-domain}"; in
map (removeSuffix s) (filter (hasSuffix s) longs);
in
optionals
(aliases != [])
(map (addr: "${addr} ${toString aliases}") net.addrs)
) (filterAttrs (name: host: host.aliases != []) host.nets)
) cfg.hosts
));
# TODO dedup with networking.extraHosts
nixpkgs.config.packageOverrides = oldpkgs:
let
domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers);
check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
in
{
retiolum-hosts = oldpkgs.writeText "retiolum-hosts" ''
${concatStringsSep "\n" (flatten (
map (host:
let
net = host.nets.retiolum;
aliases = longs;
longs = filter check net.aliases;
in
optionals
(aliases != [])
(map (addr: "${addr} ${toString aliases}") net.addrs)
) (filter (host: hasAttr "retiolum" host.nets)
(attrValues cfg.hosts))))}
'';
};
krebs.exim-smarthost.internet-aliases = let
format = from: to: {
inherit from;
# TODO assert is-retiolum-mail-address to;
to = concatMapStringsSep "," (getAttr "mail") (toList to);
};
in mapAttrsToList format (with config.krebs.users; let
brain-ml = [
lass
makefu
tv
];
eloop-ml = spam-ml ++ [ ciko ];
spam-ml = [
lass
makefu
tv
];
ciko.mail = "ciko@slash16.net";
in {
"anmeldung@eloop.org" = eloop-ml;
"brain@krebsco.de" = brain-ml;
"cfp@eloop.org" = eloop-ml;
"kontakt@eloop.org" = eloop-ml;
"root@eloop.org" = eloop-ml;
"youtube@eloop.org" = eloop-ml;
"eloop2016@krebsco.de" = eloop-ml;
"eloop2017@krebsco.de" = eloop-ml;
"postmaster@krebsco.de" = spam-ml; # RFC 822
"lass@krebsco.de" = lass;
"makefu@krebsco.de" = makefu;
"spam@krebsco.de" = spam-ml;
"tv@krebsco.de" = tv;
# XXX These are no internet aliases
# XXX exim-retiolum hosts should be able to relay to retiolum addresses
"lass@retiolum" = lass;
"makefu@retiolum" = makefu;
"spam@retiolum" = spam-ml;
"tv@retiolum" = tv;
"lass@r" = lass;
"makefu@r" = makefu;
"spam@r" = spam-ml;
"tv@r" = tv;
});
services.openssh.hostKeys =
let inherit (config.krebs.build.host.ssh) privkey; in
mkIf (privkey != null) (mkForce [privkey]);
@ -238,31 +140,6 @@ let
};
})
//
{
github = {
hostNames = [
"github.com"
# List generated with
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
"192.30.252.*"
"192.30.253.*"
"192.30.254.*"
"192.30.255.*"
"185.199.108.*"
"185.199.109.*"
"185.199.110.*"
"185.199.111.*"
"13.229.188.59"
"13.250.177.223"
"18.194.104.89"
"18.195.85.27"
"35.159.8.160"
"52.74.223.119"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
}
//
mapAttrs
(name: host: {
hostNames =
@ -272,8 +149,8 @@ let
let
longs = net.aliases;
shorts =
map (removeSuffix ".${cfg.search-domain}")
(filter (hasSuffix ".${cfg.search-domain}")
map (removeSuffix ".${cfg.dns.search-domain}")
(filter (hasSuffix ".${cfg.dns.search-domain}")
longs);
add-port = a:
if net.ssh.port != 22
@ -297,8 +174,8 @@ let
(concatMap (host: attrValues host.nets)
(mapAttrsToList
(_: host: recursiveUpdate host
(optionalAttrs (hasAttr config.krebs.search-domain host.nets) {
nets."" = host.nets.${config.krebs.search-domain} // {
(optionalAttrs (hasAttr cfg.dns.search-domain host.nets) {
nets."" = host.nets.${cfg.dns.search-domain} // {
aliases = [host.name];
addrs = [];
};

12
krebs/3modules/dns.nix Normal file
View file

@ -0,0 +1,12 @@
with import <stockholm/lib>;
{
options = {
krebs.dns.providers = mkOption {
type = types.attrsOf types.str;
};
krebs.dns.search-domain = mkOption {
type = types.hostname;
};
};
}

53
krebs/3modules/external/default.nix vendored
View file

@ -84,8 +84,8 @@ in {
nets = rec {
internet = {
# eve.thalheim.io
ip4.addr = "188.68.39.17";
ip6.addr = "2a03:4000:13:31e::1";
ip4.addr = "95.216.112.61";
ip6.addr = "2a01:4f9:2b:1605::1";
aliases = [ "eve.i" ];
};
retiolum = {
@ -141,6 +141,29 @@ in {
};
};
};
idontcare = {
owner = config.krebs.users.Mic92;
nets = rec {
retiolum = {
addrs = [
config.krebs.hosts.idontcare.nets.retiolum.ip4.addr
config.krebs.hosts.idontcare.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.177";
aliases = [ "idontcare.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAxmmbQLVXcnCU9Vg9TCoJxfq/RyNfzaTj8XJsn4Kpo3CvQOwFzL6O
qZnbG55WjPjPumuFgtUdHA/G8mgtrTVaIRbVE9ck2l2wWFzMWxORzuvDbMh5xP8A
OW2Z2qjlH6O9GTBCzpYyHuyBWCjtiN4x9zEqxkIsBARKOylAoy3zQIiiQF0d72An
lqKFi9vYUU90zo9rP8BTzx2ZsEWb28xhHUlwf1+vgaOHI1jI99gnr12dVYl/i/Hb
O28gDUogfpP/5pWFAHJ+53ZscHo8/Y7imjiKgGXmOHywoXOsKQ67M6ROEU/0xPnw
jKmq2p7zTJk2mDhphjePi5idd5yKNX5Q3wIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
justraute = {
owner = config.krebs.users.raute; # laptop
nets = {
@ -344,6 +367,30 @@ in {
};
};
};
matchbox = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.176";
aliases = [ "matchbox.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m
VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w
nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u
TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE
TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1
yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO
4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4
Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/
bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4
nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
/vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
miaoski = {
owner = config.krebs.users.miaoski;
nets = {
@ -369,7 +416,7 @@ in {
pubkey = ssh-for "kmein";
};
Mic92 = {
mail = "joerg@higgsboson.tk";
mail = "joerg@thalheim.io";
pubkey = ssh-for "Mic92";
};
palo = {

40
krebs/3modules/github-known-hosts.nix Normal file
View file

@ -0,0 +1,40 @@
{
services.openssh.knownHosts.github = {
hostNames = [
"github.com"
# List generated with
# curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R .
"192.30.252.*"
"192.30.253.*"
"192.30.254.*"
"192.30.255.*"
"185.199.108.*"
"185.199.109.*"
"185.199.110.*"
"185.199.111.*"
"140.82.112.*"
"140.82.113.*"
"140.82.114.*"
"140.82.115.*"
"140.82.116.*"
"140.82.117.*"
"140.82.118.*"
"140.82.119.*"
"140.82.120.*"
"140.82.121.*"
"140.82.122.*"
"140.82.123.*"
"140.82.124.*"
"140.82.125.*"
"140.82.126.*"
"140.82.127.*"
"13.229.188.59"
"13.250.177.223"
"18.194.104.89"
"18.195.85.27"
"35.159.8.160"
"52.74.223.119"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
}

35
krebs/3modules/hosts.nix Normal file
View file

@ -0,0 +1,35 @@
with import <stockholm/lib>;
{ config, ... }: let
# TODO dedup functions with ./retiolum-hosts.nix
check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
in {
options = {
krebs.hosts = mkOption {
default = {};
type = types.attrsOf types.host;
};
};
config = {
networking.hosts =
filterAttrs
(_name: value: value != [])
(zipAttrsWith
(_: concatLists)
(concatMap
(host:
concatMap
(net: let
aliases = longs ++ shorts;
longs = filter check net.aliases;
shorts = let s = ".${config.krebs.dns.search-domain}"; in
map (removeSuffix s) (filter (hasSuffix s) longs);
in
map (addr: { ${addr} = aliases; }) net.addrs)
(attrValues host.nets))
(attrValues config.krebs.hosts)));
};
}

2
krebs/3modules/per-user.nix
View file

@ -13,7 +13,7 @@ in {
});
default = {};
};
config = {
config = mkIf (cfg != {}) {
environment = {
etc =
mapAttrs'

71
krebs/3modules/reaktor2.nix Normal file
View file

@ -0,0 +1,71 @@
with import <stockholm/lib>;
{ config, pkgs, ... }: {
options.krebs.reaktor2 = mkOption {
default = {};
type = types.attrsOf (types.submodule (self: let
name = self.config._module.args.name;
in {
options = {
nick = mkOption {
default = name;
# TODO types.irc.nickname
type = types.str;
};
hostname = mkOption {
default = "irc.r";
type = types.hostname;
};
port = mkOption {
default = "6667";
# TODO type = types.service-name
};
plugins = mkOption {
default = [];
type = types.listOf types.attrs;
};
stateDir = mkOption {
default = "/var/lib/${self.config.username}";
readOnly = true;
type = types.absolute-pathname;
};
systemd-service-name = mkOption {
default = "reaktor2${optionalString (name != "default") "-${name}"}";
type = types.filename;
};
username = mkOption {
default = self.config.systemd-service-name;
type = types.username;
};
useTLS = mkOption {
default = self.config.port == "6697";
type = types.bool;
};
};
}));
};
config = {
systemd.services = flip mapAttrs' config.krebs.reaktor2 (_: cfg:
nameValuePair cfg.systemd-service-name {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.username;
Group = "reaktor2";
DynamicUser = true;
StateDirectory = cfg.username;
ExecStart = let
configFile = pkgs.writeJSON configFileName configValue;
configFileName = "${cfg.systemd-service-name}.config.json";
configValue = recursiveUpdate {
logTime = false;
} (removeAttrs cfg ["_module"]);
in "${pkgs.reaktor2}/bin/reaktor ${configFile}";
Restart = "always";
RestartSec = "30";
};
}
);
};
}

28
krebs/3modules/retiolum-hosts.nix Normal file
View file

@ -0,0 +1,28 @@
with import <stockholm/lib>;
{ config, ... }: let
# TODO dedup functions with ./hosts.nix
check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
in {
nixpkgs.config.packageOverrides = super: {
retiolum-hosts =
super.writeText "retiolum-hosts" ''
${
concatStringsSep
"\n"
(flatten
(map
(host: let
net = host.nets.retiolum;
aliases = longs;
longs = filter check net.aliases;
in
optionals
(aliases != [])
(map (addr: "${addr} ${toString aliases}") net.addrs))
(filter (host: hasAttr "retiolum" host.nets)
(attrValues config.krebs.hosts))))
}
'';
};
}

1
krebs/3modules/tinc.nix
View file

@ -27,6 +27,7 @@ let
"tinc.conf" = pkgs.writeText "${netname}-tinc.conf" ''
Name = ${tinc.config.host.name}
Interface = ${netname}
Broadcast = no
${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo}
PrivateKeyFile = ${tinc.config.privkey.path}
Port = ${toString tinc.config.host.nets.${netname}.tinc.port}

2
krebs/5pkgs/default.nix
View file

@ -22,6 +22,8 @@ foldl' mergeAttrs {}
};
});
reaktor2 = self.haskellPackages.reaktor2;
ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {};
# https://github.com/proot-me/PRoot/issues/106

4
krebs/5pkgs/haskell/blessings.nix
View file

@ -7,8 +7,8 @@ with import <stockholm/lib>;
sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
};
"18.09" = {
version = "1.2.0";
sha256 = "03hz43ixww0h4fwxqrlrlvmj3pxswhb50ijaapwjz8457il2r300";
version = "2.1.0";
sha256 = "0wc8v48bb0bkvypc0j6imvnf8xc8572hykk9sgjhzf2w0ggqxv5d";
};
}.${versions.majorMinor nixpkgsVersion};

9
krebs/5pkgs/simple/much/cabal.nix → krebs/5pkgs/haskell/much.nix
View file

@ -8,11 +8,12 @@
}:
mkDerivation {
pname = "much";
version = "1.1.0";
version = "1.2.0";
src = fetchgit {
url = "http://cgit.ni.krebsco.de/much";
sha256 = "1325554zymr1dd0clj8c5ygl70c791csvs0hz33jcfr6b8wysdrl";
rev = "dfec37d848e11c00d9b7f03295af1fc7b0e83ef5";
url = "https://cgit.krebsco.de/much";
sha256 = "0gfvppi8acylz0q7xh8dkm3dj676d4sc1m1gxwp663bkn4748873";
rev = "8fc4fbb5bb7781626da8f63cd8df8bb0f554cfe7";
fetchSubmodules = true;
};
isLibrary = false;
isExecutable = true;

27
krebs/5pkgs/haskell/reaktor2.nix Normal file
View file

@ -0,0 +1,27 @@
{ mkDerivation, aeson, async, attoparsec, base, blessings
, bytestring, containers, data-default, fetchgit, filepath
, hashable, lens, lens-aeson, network, network-simple
, network-simple-tls, pcre-light, process, random, stdenv
, string-conversions, stringsearch, text, time, transformers
, unagi-chan, unix, unordered-containers, vector
}:
mkDerivation {
pname = "reaktor2";
version = "0.2.1";
src = fetchgit {
url = "https://cgit.krebsco.de/reaktor2";
sha256 = "0wg76wlzfi893rl0lzhfs6bkpdcvwvgl6mpnz6w7r8f7znr4a9vr";
rev = "0e199f7a357a4c5973e5837ec67699cf224ca69c";
fetchSubmodules = true;
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
aeson async attoparsec base blessings bytestring containers
data-default filepath hashable lens lens-aeson network
network-simple network-simple-tls pcre-light process random
string-conversions stringsearch text time transformers unagi-chan
unix unordered-containers vector
];
license = stdenv.lib.licenses.mit;
}

6
krebs/5pkgs/simple/Reaktor/default.nix
View file

@ -2,7 +2,7 @@
python3Packages.buildPythonPackage rec {
name = "Reaktor-${version}";
version = "0.6.2";
version = "0.7.0";
doCheck = false;
@ -13,8 +13,8 @@ python3Packages.buildPythonPackage rec {
src = fetchFromGitHub {
owner = "krebs";
repo = "Reaktor";
rev = version;
sha256 = "0h8pj0x9b5fnxddwrc0f63rxd3275v5phmjc0fv4kiwlzvbcxj6m";
rev = "v${version}";
sha256 = "12yy06vk0smjs0rmahrn2kd4bcdh1yjw1fz6rifw6nmgx889d9hj";
};
meta = {
homepage = http://krebsco.de/;

68
krebs/5pkgs/simple/Reaktor/plugins.nix
View file

@ -146,58 +146,36 @@ rec {
'';
});
taskrcFile = builtins.toFile "taskrc" ''
confirmation=no
'';
task-add = buildSimpleReaktorPlugin "task-add" {
pattern = "^task-add: (?P<args>.*)$$";
script = pkgs.writeDash "task-add" ''
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} add "$*"
'';
};
task-list = buildSimpleReaktorPlugin "task-list" {
pattern = "^task-list";
script = pkgs.writeDash "task-list" ''
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"'
'';
};
task-delete = buildSimpleReaktorPlugin "task-delete" {
pattern = "^task-delete: (?P<args>.*)$$";
script = pkgs.writeDash "task-delete" ''
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} delete "$*"
'';
};
task-done = buildSimpleReaktorPlugin "task-done" {
pattern = "^task-done: (?P<args>.*)$$";
script = pkgs.writeDash "task-done" ''
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} done "$*"
'';
};
todo = name: {
add = buildSimpleReaktorPlugin "${name}-add" {
task = name: let
rcFile = builtins.toFile "taskrc" ''
confirmation=no
'';
in {
add = buildSimpleReaktorPlugin "${name}-task-add" {
pattern = "^${name}-add: (?P<args>.*)$$";
script = pkgs.writeDash "${name}-add" ''
echo "$*" >> ${name}-todo
echo "added ${name} todo"
TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$*"
'';
};
delete = buildSimpleReaktorPlugin "${name}-delete" {
list = buildSimpleReaktorPlugin "task-list" {
pattern = "^${name}-list";
script = pkgs.writeDash "task-list" ''
TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"'
'';
};
delete = buildSimpleReaktorPlugin "task-delete" {
pattern = "^${name}-delete: (?P<args>.*)$$";
script = pkgs.writeDash "${name}-delete" ''
${pkgs.gnugrep}/bin/grep -Fvxe "$*" ${name}-todo > ${name}-todo.tmp
${pkgs.coreutils}/bin/mv ${name}-todo.tmp ${name}-todo
echo "removed ${name} todo: $*"
script = pkgs.writeDash "task-delete" ''
TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$*"
'';
};
show = buildSimpleReaktorPlugin "${name}-show" {
pattern = "^${name}-show$";
script = pkgs.writeDash "${name}-show" ''
${pkgs.coreutils}/bin/cat ${name}-todo
done = buildSimpleReaktorPlugin "task-done" {
pattern = "^${name}-done: (?P<args>.*)$$";
script = pkgs.writeDash "task-done" ''
TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$*"
'';
};
};

2
krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh Normal file → Executable file
View file

@ -1,5 +1,5 @@
#!/bin/sh
curl http://emojicons.com/random -s | \
curl -sS http://emojicons.com/random | \
grep data-text | \
sed -n 's/.*>\(.*\)<\/textarea>/\1/p' | \
head -n 1 | \

0
krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh Normal file → Executable file
View file

2
krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py Normal file → Executable file
View file

@ -46,7 +46,7 @@ if is_regex(line):
print('to many lines, skipped')
else:
if last.strip() != ret.strip():
print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip()))
print("\x02{}\x02 meant: {}".format(usr, ret.strip()))
if ret:
d[usr] = ret

0
krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh Normal file → Executable file
View file

3
krebs/5pkgs/simple/much/default.nix
View file

@ -1,3 +0,0 @@
{ haskellPackages, ... }:
haskellPackages.callPackage ./cabal.nix {}

106
krebs/5pkgs/simple/reaktor2-plugins.nix Normal file
View file

@ -0,0 +1,106 @@
with import <stockholm/lib>;
{ lib, pkgs, ... }:
rec {
generators = {
command_hook = commands: {
pattern =
"^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$";
command = 1;
arguments = [2];
commands = commands;
};
};
commands = {
hello = {
filename = "${pkgs.Reaktor.src}/reaktor/commands/hello";
};
random-emoji = {
filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh>;
env = {
PATH = makeBinPath (with pkgs; [ coreutils gnused gnugrep xmlstarlet wget ]);
};
};
nixos-version = {
filename = pkgs.writeDash "nixos-version" ''
. /etc/os-release
echo "$PRETTY_NAME"
'';
};
stockholm-issue = {
filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh>;
env = {
PATH = makeBinPath (with pkgs; [ coreutils git gnused haskellPackages.lentil ]);
origin = "http://cgit.gum/stockholm";
state_dir = "/tmp/stockholm-issue";
};
};
};
hooks = {
sed = {
activate = "always";
pattern = "^(.*)$";
arguments = [1];
command = {
env = {
PATH = makeBinPath (with pkgs; [ gnused ]);
state_dir = "/tmp";
};
filename = pkgs.writeDash "sed-plugin" ''
set -efu
exec ${pkgs.python3}/bin/python \
${<stockholm/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py>} "$@"
'';
};
};
shack-correct = {
activate = "match";
pattern = "^(.*Shack.*)$";
arguments = [1];
command.filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh>;
};
url-title = {
#pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$";
pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$";
activate = "match";
arguments = [1];
command = {
filename = pkgs.writePython3 "url-title" { deps = with pkgs.python3Packages; [ beautifulsoup4 lxml ]; } ''
import cgi
import sys
import urllib.request
from bs4 import BeautifulSoup
try:
req = urllib.request.Request(sys.argv[1])
req.add_header('user-agent', 'Reaktor-url-title')
resp = urllib.request.urlopen(req)
if resp.headers['content-type'].find('text/html') >= 0:
soup = BeautifulSoup(resp.read(16000), "lxml")
title = soup.find('title').string
if len(title.split('\n')) > 5:
title = '\n'.join(title.split('\n')[:5])
print(title[:450])
else:
cd_header = resp.headers['content-disposition']
print(cgi.parse_header(cd_header)[1]['filename'])
except: # noqa: E722
pass
'';
};
};
};
}

20
krebs/krops.nix
View file

@ -9,15 +9,21 @@
krebs-source = { test ? false }: rec {
nixpkgs = if test then {
file = {
path = toString (pkgs.fetchFromGitHub {
derivation = let
rev = (lib.importJSON ./nixpkgs.json).rev;
sha256 = (lib.importJSON ./nixpkgs.json).sha256;
in ''
with import (builtins.fetchTarball {
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
sha256 = "${sha256}";
}) {};
pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
rev = (lib.importJSON ./nixpkgs.json).rev;
sha256 = (lib.importJSON ./nixpkgs.json).sha256;
});
useChecksum = true;
};
rev = "${rev}";
sha256 = "${sha256}";
}
'';
} else {
git = {
ref = (lib.importJSON ./nixpkgs.json).rev;

6
krebs/nixpkgs.json
View file

@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "b9fa31cea0e119ecf1867af4944ddc2f7633aacd",
"date": "2018-12-22T15:37:52+00:00",
"sha256": "1iqdra7nvcwbydjirjsk71rpzk4ljc0gzqy33fcp8l18y8iwh47k",
"rev": "97e0d53d669cd07f0750a42fd535524b3cdd46d1",
"date": "2019-01-15T00:11:44+01:00",
"sha256": "111xa7qn9142dar29cil4br2mvn8f1rbiy310lkhwl73126fq8dw",
"fetchSubmodules": false
}

17
lass/1systems/blue/source.nix
View file

@ -1,11 +1,20 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
file = toString (pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
derivation = let
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
});
in ''
with import (builtins.fetchTarball {
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
sha256 = "${sha256}";
}) {};
pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
rev = "${rev}";
sha256 = "${sha256}";
}
'';
};
}

2
lass/1systems/mors/config.nix
View file

@ -35,6 +35,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/print.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/hardening.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain

15
lass/1systems/prism/config.nix
View file

@ -36,10 +36,10 @@ with import <stockholm/lib>;
# TODO write function for proxy_pass (ssl/nonssl)
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
{ v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; }
];
}
{
@ -379,6 +379,7 @@ with import <stockholm/lib>;
name = "download";
home = "/var/download";
useDefaultShell = true;
uid = genid "download";
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
@ -420,6 +421,16 @@ with import <stockholm/lib>;
{ predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
];
}
{
nix.trustedUsers = [ "Mic92" ];
users.users.Mic92 = {
uid = genid_uint31 "Mic92";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.Mic92.pubkey
];
};
}
];
krebs.build.host = config.krebs.hosts.prism;

24
lass/1systems/prism/physical.nix
View file

@ -40,6 +40,16 @@
fsType = "zfs";
};
fileSystems."/var/lib/nextcloud" = {
device = "tank/nextcloud";
fsType = "zfs";
};
fileSystems."/var/lib/libvirt" = {
device = "tank/libvirt";
fsType = "zfs";
};
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
@ -53,9 +63,15 @@
defaultGateway = "95.216.1.129";
# Use google's public DNS server
nameservers = [ "8.8.8.8" ];
interfaces.eth0 = {
ipAddress = "95.216.1.150";
prefixLength = 26;
};
interfaces.eth0.ipv4.addresses = [
{
address = "95.216.1.150";
prefixLength = 26;
}
{
address = "95.216.1.130";
prefixLength = 26;
}
];
};
}

92
lass/1systems/yellow/config.nix
View file

@ -88,7 +88,7 @@ with import <stockholm/lib>;
client
dev tun
proto udp
remote 82.102.16.229 1194
remote 89.249.65.83 1194
resolv-retry infinite
remote-random
nobind
@ -103,13 +103,9 @@ with import <stockholm/lib>;
reneg-sec 0
comp-lzo no
explicit-exit-notify 3
remote-cert-tls server
#mute 10000
auth-user-pass ${toString <secrets/nordvpn.txt>}
verb 3
pull
fast-io
@ -118,32 +114,33 @@ with import <stockholm/lib>;
<ca>
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH
Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw
bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y
ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG
A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT
B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2
cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v
cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG
UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny
mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X
+D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT
ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI
583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA
VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT
Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh
MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ
MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy
Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW
EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ
e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW
//DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB
wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB
KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p
lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9
MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
+RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
-----END CERTIFICATE-----
</ca>
key-direction 1
@ -152,23 +149,24 @@ with import <stockholm/lib>;
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
49b2f54c6ee58d2d97331681bb577d55
054f56d92b743c31e80b684de0388702
ad3bf51088cd88f3fac7eb0729f2263c
51d82a6eb7e2ed4ae6dfa65b1ac764d0
b9dedf1379c1b29b36396d64cb6fd6b2
e61f869f9a13001dadc02db171f04c4d
c46d1132c1f31709e7b54a6eabae3ea8
fbd2681363c185f4cb1be5aa42a27c31
21db7b2187fd11c1acf224a0d5a44466
b4b5a3cc34ec0227fe40007e8b379654
f1e8e2b63c6b46ee7ab6f1bd82f57837
92c209e8f25bc9ed493cb5c1d891ae72
7f54f4693c5b20f136ca23e639fd8ea0
865b4e22dd2af43e13e6b075f12427b2
08af9ffd09c56baa694165f57fe2697a
3377fa34aebcba587c79941d83deaf45
e685bdaf659a25a200e2b9e39e51ff03
0fc72cf1ce07232bd8b2be5e6c670143
f51e937e670eee09d4f2ea5a6e4e6996
5db852c275351b86fc4ca892d78ae002
d6f70d029bd79c4d1c26cf14e9588033
cf639f8a74809f29f72b9d58f9b8f5fe
fc7938eade40e9fed6cb92184abb2cc1
0eb1a296df243b251df0643d53724cdb
5a92a1d6cb817804c4a9319b57d53be5
80815bcfcb2df55018cc83fc43bc7ff8
2d51f9b88364776ee9d12fc85cc7ea5b
9741c4f598c485316db066d52db4540e
212e1518a9bd4828219e24b20d88f598
a196c9de96012090e333519ae18d3509
9427e7b372d348d352dc4c85e18cd4b9
3f8a56ddb2e64eb67adfc9b337157ff4
-----END OpenVPN Static key V1-----
</tls-auth>
'';
}

4
lass/2configs/baseX.nix
View file

@ -9,7 +9,6 @@ in {
./power-action.nix
./copyq.nix
./urxvt.nix
./nfs-dl.nix
{
hardware.pulseaudio = {
enable = true;
@ -75,12 +74,11 @@ in {
nmap
pavucontrol
powertop
rxvt_unicode_with-plugins
rxvt_unicode-with-plugins
sxiv
taskwarrior
termite
xclip
xephyrify
xorg.xbacklight
xorg.xhost
xsel

6
lass/2configs/default.nix
View file

@ -2,6 +2,7 @@ with import <stockholm/lib>;
{ config, pkgs, ... }:
{
imports = [
<stockholm/krebs/2configs/nscd-fix.nix>
./binary-cache/client.nix
./gc.nix
./mc.nix
@ -72,7 +73,6 @@ with import <stockholm/lib>;
krebs = {
enable = true;
search-domain = "r";
build.user = config.krebs.users.lass;
};
@ -82,9 +82,6 @@ with import <stockholm/lib>;
services.timesyncd.enable = mkForce true;
#why is this on in the first place?
services.nscd.enable = false;
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
@ -116,6 +113,7 @@ with import <stockholm/lib>;
#network
iptables
iftop
tcpdump
#stuff for dl
aria2

1
lass/2configs/exim-smarthost.nix
View file

@ -96,6 +96,7 @@ with import <stockholm/lib>;
{ from = "nordvpn@lassul.us"; to = lass.mail; }
{ from = "csv-direct@lassul.us"; to = lass.mail; }
{ from = "nintendo@lassul.us"; to = lass.mail; }
{ from = "overleaf@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

1
lass/2configs/games.nix
View file

@ -74,7 +74,6 @@ in {
createHome = true;
useDefaultShell = true;
packages = with pkgs; [
ftb
minecraft
steam-run
dolphinEmu

2
lass/2configs/gc.nix
View file

@ -3,6 +3,6 @@
with import <stockholm/lib>;
{
nix.gc = {
automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer);
automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer);
};
}

11
lass/2configs/hardening.nix Normal file
View file

@ -0,0 +1,11 @@
{ pkgs, lib, ... }:
with lib;
{
security.chromiumSuidSandbox.enable = true;
security.lockKernelModules = false;
boot.kernel.sysctl."user.max_user_namespaces" = 63414;
imports = [
<nixpkgs/nixos/modules/profiles/hardened.nix>
];
}

4
lass/2configs/mail.nix
View file

@ -51,7 +51,7 @@ let
eloop = [ "to:eloop.org" ];
github = [ "to:github@lassul.us" ];
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ];
india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" "to:hackbeach@mail.hackbeach.in" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
lugs = [ "to:lugs@lug-s.org" ];
meetup = [ "to:meetup@lassul.us" ];
@ -225,7 +225,7 @@ in {
msmtp
mutt
pkgs.notmuch
pkgs.much
pkgs.haskellPackages.much
tag-new-mails
tag-old-mails
];

61
lass/2configs/radio.nix
View file

@ -170,32 +170,45 @@ in {
};
};
krebs.Reaktor.playlist = {
nickname = "the_playlist|r";
channels = [
"#the_playlist"
"#krebs"
];
extraEnviron = {
REAKTOR_HOST = "irc.freenode.org";
};
plugins = with pkgs.ReaktorPlugins; [
(buildSimpleReaktorPlugin "skip" {
script = "${skip_track}/bin/skip_track";
pattern = "^skip$";
})
(buildSimpleReaktorPlugin "current" {
script = "${print_current}/bin/print_current";
pattern = "^current$";
})
(buildSimpleReaktorPlugin "suggest" {
script = "${pkgs.writeDash "suggest" ''
echo "$@" >> $HOME/playlist_suggest
''}";
pattern = "^suggest: (?P<args>.*)$";
})
krebs.reaktor2.the_playlist = {
hostname = "irc.freenode.org";
port = "6697";
useTLS = true;
nick = "the_playlist";
plugins = [
{
plugin = "register";
config = {
channels = [
"#the_playlist"
"#krebs"
];
};
}
{
plugin = "system";
config = {
workdir = config.krebs.reaktor2.the_playlist.stateDir;
hooks.PRIVMSG = [
{
activate = "match";
pattern = ''!([^ ]+)(?:\s*(.*))?'';
command = 1;
arguments = [2];
commands = {
skip.filename = "${skip_track}/bin/skip_track";
current.filename = "${print_current}/bin/print_current";
suggest.filename = pkgs.writeDash "suggest" ''
echo "$@" >> playlist_suggest
'';
};
}
];
};
}
];
};
services.nginx = {
enable = true;
virtualHosts."radio.lassul.us" = {

180
lass/2configs/reaktor-coders.nix
View file

@ -1,99 +1,93 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
krebs.Reaktor.coders = {
nickname = "Reaktor|lass";
channels = [ "#coders" "#germany" "#panthermoderns" ];
extraEnviron = {
REAKTOR_HOST = "irc.hackint.org";
};
plugins = with pkgs.ReaktorPlugins; let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
}) {}).lambdabot;
lambdabotflags = ''
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
-XFlexibleInstances -XMultiParamTypeClasses \
-XOverloadedStrings -XFunctionalDependencies \'';
in [
sed-plugin
url-title
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";
script = pkgs.writeDash "lambda-pl" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@pl $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-type" {
pattern = "^@type (?P<args>.*)$$";
script = pkgs.writeDash "lambda-type" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@type $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-let" {
pattern = "^@let (?P<args>.*)$$";
script = pkgs.writeDash "lambda-let" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@let $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-run" {
pattern = "^@run (?P<args>.*)$$";
script = pkgs.writeDash "lambda-run" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@run $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
})
(buildSimpleReaktorPlugin "ping" {
pattern = "^!ping (?P<args>.*)$$";
script = pkgs.writeDash "ping" ''
exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1
'';
})
(buildSimpleReaktorPlugin "google" {
pattern = "^!g (?P<args>.*)$$";
script = pkgs.writeDash "google" ''
exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \
${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"'
'';
})
(buildSimpleReaktorPlugin "blockchain" {
pattern = ".*[Bb]lockchain.*$$";
script = pkgs.writeDash "blockchain" ''
exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline'
'';
})
(buildSimpleReaktorPlugin "shrug" {
pattern = "^!shrug$";
script = pkgs.writeDash "shrug" ''
exec echo '¯\_()_/¯'
'';
})
(buildSimpleReaktorPlugin "flip" {
pattern = "^!flip$";
script = pkgs.writeDash "shrug" ''
exec echo '(°° '
'';
})
let
hooks = pkgs.reaktor2-plugins.hooks;
in {
krebs.reaktor2.coders = {
hostname = "irc.hackint.org";
port = "9999";
useTLS = true;
nick = "reaktor2|lass";
plugins = [
{
plugin = "register";
config = {
channels = [
"#coders"
"#germany"
"#panthermoderns"
];
};
}
{
plugin = "system";
config = {
workdir = config.krebs.reaktor2.coders.stateDir;
hooks.PRIVMSG = [
hooks.sed
hooks.url-title
{
activate = "match";
pattern = ''@([^ ]+) (.*)$'';
command = 1;
arguments = [2];
env.HOME = config.krebs.reaktor2.coders.stateDir;
commands = let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
}) {}).lambdabot;
lambdabotWrapper = pkgs.writeDash "lambdabot.wrapper" ''
exec ${lambdabot}/bin/lambdabot \
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
-XFlexibleInstances -XMultiParamTypeClasses \
-XOverloadedStrings -XFunctionalDependencies \
-e "$@"
'';
in {
pl.filename = pkgs.writeDash "lambdabot-pl" ''
${lambdabotWrapper} "@pl $1"
'';
type.filename = pkgs.writeDash "lambdabot-type" ''
${lambdabotWrapper} "@type $1"
'';
"let".filename = pkgs.writeDash "lambdabot-let" ''
${lambdabotWrapper} "@let $1"
'';
run.filename = pkgs.writeDash "lambdabot-run" ''
${lambdabotWrapper} "@run $1"
'';
kind.filename = pkgs.writeDash "lambdabot-kind" ''
${lambdabotWrapper} "@kind $1"
'';
};
}
{
activate = "match";
pattern = ''!([^ ]+)(?:\s*(.*))?'';
command = 1;
arguments = [2];
commands = {
ping.filename = pkgs.writeDash "ping" ''
exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1
'';
google.filename = pkgs.writeDash "google" ''
exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \
${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"'
'';
shrug.filename = pkgs.writeDash "shrug" ''
exec echo '¯\_()_/¯'
'';
table.filename = pkgs.writeDash "table" ''
exec echo '(°° '
'';
};
}
];
};
}
];
};
}

38
lass/2configs/websites/domsen.nix
View file

@ -88,6 +88,20 @@ in {
file_uploads = on
'';
services.nextcloud = {
enable = true;
hostName = "o.xanf.org";
config = {
adminpassFile = toString <secrets> + "/nextcloud_pw";
};
#https = true;
nginx.enable = true;
};
services.nginx.virtualHosts."o.xanf.org" = {
enableACME = true;
forceSSL = true;
};
# MAIL STUFF
# TODO: make into its own module
services.dovecot2 = {
@ -141,6 +155,13 @@ in {
ssl_key = "/var/lib/acme/lassul.us/key.pem";
};
users.users.UBIK-SFTP = {
uid = genid_uint31 "UBIK-SFTP";
home = "/home/UBIK-SFTP";
useDefaultShell = true;
createHome = true;
};
users.users.xanf = {
uid = genid_uint31 "xanf";
home = "/home/xanf";
@ -213,5 +234,22 @@ in {
createHome = true;
};
services.restic.backups.domsen = {
initialize = true;
extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
passwordFile = toString <secrets> + "/domsen_backup_pw";
paths = [
"/srv/http"
"/home/domsen/Mail"
"/home/ms/Mail"
"/home/klabusterbeere/Mail"
"/home/jms/Mail"
"/home/bruno/Mail"
"/home/akayguen/Mail"
"/backups/sql_dumps"
];
};
}

3
lass/2configs/websites/lassulus.nix
View file

@ -101,6 +101,9 @@ in {
locations."/pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
'';
locations."/pub1".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
'';
};
security.acme.certs."cgit.lassul.us" = {

1
lass/3modules/default.nix
View file

@ -14,6 +14,5 @@ _:
./umts.nix
./usershadow.nix
./xjail.nix
./xserver
];
}

103
lass/3modules/xserver/default.nix
View file

@ -1,103 +0,0 @@
{ config, pkgs, ... }@args:
with import <stockholm/lib>;
let
out = {
options.lass.xserver = api;
config = mkIf cfg.enable imp;
};
user = config.krebs.build.user;
cfg = config.lass.xserver;
xcfg = config.services.xserver;
api = {
enable = mkEnableOption "lass xserver";
};
imp = {
services.xserver = {
enable = true;
display = 11;
tty = 11;
};
systemd.services.display-manager.enable = false;
systemd.services.xmonad = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString xcfg.display}";
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${xcfg.displayManager.sessionCommands}
if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
fi
export DBUS_SESSION_BUS_ADDRESS
${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
wait
'';
XMONAD_DATA_DIR = "/tmp";
};
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
User = user.name;
WorkingDirectory = user.home;
};
};
systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = {
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
++ concatLists (catAttrs "libPath" xcfg.drivers));
};
serviceConfig = {
SyslogIdentifier = "xserver";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString xcfg.display}"
"vt${toString xcfg.tty}"
"-config ${import ./xserver.conf.nix args}"
"-logfile /dev/null -logverbose 0 -verbose 3"
"-nolisten tcp"
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
(optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
];
User = user.name;
};
};
krebs.xresources.resources.dpi = ''
${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"}
'';
systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
};
in out

40
lass/3modules/xserver/xserver.conf.nix
View file

@ -1,40 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.services.xserver;
in
pkgs.stdenv.mkDerivation {
name = "xserver.conf";
xfs = optionalString (cfg.useXFS != false)
''FontPath "${toString cfg.useXFS}"'';
inherit (cfg) config;
buildCommand =
''
echo 'Section "Files"' >> $out
echo $xfs >> $out
for i in ${toString config.fonts.fonts}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString cfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo 'EndSection' >> $out
echo "$config" >> $out
'';
}

3
lass/5pkgs/custom/xmonad-lass/default.nix
View file

@ -41,6 +41,7 @@ import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize)
import XMonad.Layout.NoBorders (smartBorders)
import XMonad.Layout.MouseResizableTile (mouseResizableTile)
import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
@ -93,7 +94,7 @@ main' = do
myLayoutHook = defLayout
where
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile)
floatHooks :: Query (Endo WindowSet)
floatHooks = composeOne

0
makefu/0tests/data/secrets/nixos-community Normal file
View file

38
makefu/1systems/cake/config.nix
View file

@ -2,6 +2,7 @@
{
imports = [
<stockholm/makefu>
./hardware-config.nix
<stockholm/makefu/2configs/tools/core.nix>
# configure your hw:
# <stockholm/makefu/2configs/save-diskspace.nix>
@ -11,43 +12,10 @@
tinc.retiolum.enable = true;
build.host = config.krebs.hosts.cake;
};
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" ];
programs.info.enable = false;
programs.man.enable = false;
documentation.info.enable = false;
documentation.man.enable = false;
services.nixosManual.enable = false;
boot.tmpOnTmpfs = lib.mkForce false;
sound.enable = false;
hardware.enableRedistributableFirmware = true;
hardware.firmware = [
(pkgs.stdenv.mkDerivation {
name = "broadcom-rpi3-rest";
src = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/54bab3d/brcm80211/brcm/brcmfmac43430-sdio.txt";
sha256 = "19bmdd7w0xzybfassn7x4rb30l70vynnw3c80nlapna2k57xwbw7";
};
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/lib/firmware/brcm
cp $src $out/lib/firmware/brcm/brcmfmac43430-sdio.txt
'';
})
];
networking.wireless.enable = true;
# File systems configuration for using the installer's partition layout
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
}

42
makefu/1systems/cake/hardware-config.nix Normal file
View file

@ -0,0 +1,42 @@
{ pkgs, lib, ... }:
{
# raspi3
boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ];
boot.loader.grub.enable = false;
boot.loader.raspberryPi.enable = true;
boot.loader.raspberryPi.version = 3;
boot.loader.raspberryPi.uboot.enable = true;
boot.loader.raspberryPi.uboot.configurationLimit = 3;
boot.loader.raspberryPi.firmwareConfig = ''
gpu_mem=32
arm_freq=1350
core_freq=500
over_voltage=4
disable_splash=1
# bye bye warranty
force_turbo=1
'';
boot.loader.generationsDir.enable = lib.mkDefault false;
boot.tmpOnTmpfs = lib.mkForce false;
boot.cleanTmpDir = true;
hardware.enableRedistributableFirmware = true;
## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747
# boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelPackages = pkgs.linuxPackages_latest;
environment.systemPackages = [ pkgs.raspberrypi-tools ];
networking.wireless.enable = true;
# File systems configuration for using the installer's partition layout
swapDevices = [ { device = "/var/swap"; size = 2048; } ];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
}

5
makefu/1systems/gum/config.nix
View file

@ -22,6 +22,8 @@ in {
};
}
<stockholm/makefu/2configs/support-nixos.nix>
<stockholm/makefu/2configs/home-manager>
<stockholm/makefu/2configs/home-manager/cli.nix>
# <stockholm/makefu/2configs/stats/client.nix>
<stockholm/makefu/2configs/stats/netdata-server.nix>
@ -123,8 +125,7 @@ in {
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
# <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/iso.euer.nix>
<stockholm/krebs/2configs/cache.nsupdate.info.nix>
# <stockholm/makefu/2configs/nginx/iso.euer.nix>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>

2
makefu/1systems/gum/hardware-config.nix
View file

@ -34,7 +34,7 @@ in {
prefixLength = external-netmask6;
}];
};
defaultGateway6 = external-gw6;
defaultGateway6 = { address = external-gw6; interface = ext-if; };
defaultGateway = external-gw;
};
boot.kernelParams = [ ];

1
makefu/1systems/gum/source.nix
View file

@ -2,4 +2,5 @@
name="gum";
torrent = true;
clever_kexec = true;
home-manager = true;
}

5
makefu/1systems/x/config.nix
View file

@ -14,10 +14,12 @@
<stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
<stockholm/makefu/2configs/dict.nix>
<stockholm/makefu/2configs/backup/state.nix>
# <stockholm/makefu/2configs/dnscrypt/client.nix>
<stockholm/makefu/2configs/avahi.nix>
<stockholm/makefu/2configs/support-nixos.nix>
# Debugging
# <stockholm/makefu/2configs/disable_v6.nix>
@ -64,11 +66,12 @@
<stockholm/makefu/2configs/tor.nix>
<stockholm/makefu/2configs/vpn/vpngate.nix>
# <stockholm/makefu/2configs/buildbot-standalone.nix>
# <stockholm/makefu/2configs/remote-build/master.nix>
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
<stockholm/makefu/2configs/hw/malduino_elite.nix>
# <stockholm/makefu/2configs/hw/tpm.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>

30
makefu/2configs/bgt/download.binaergewitter.de.nix
View file

@ -3,6 +3,8 @@
with import <stockholm/lib>;
let
ident = (builtins.readFile ./auphonic.pub);
bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log";
bgterror = "/var/spool/nginx/logs/binaergewitter.error.log";
in {
services.openssh = {
allowSFTP = true;
@ -21,6 +23,19 @@ in {
useDefaultShell = true;
openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
};
services.logrotate = {
enable = true;
config = ''
${bgtaccess} ${bgterror} {
rotate 5
weekly
create 600 nginx nginx
postrotate
${pkgs.systemd}/bin/systemctl reload nginx
endscript
}
'';
};
services.nginx = {
enable = lib.mkDefault true;
recommendedGzipSettings = true;
@ -29,10 +44,21 @@ in {
serverAliases = [ "dl2.binaergewitter.de" ];
root = "/var/www/binaergewitter";
extraConfig = ''
access_log /var/spool/nginx/logs/binaergewitter.access.log combined;
error_log /var/spool/nginx/logs/binaergewitter.error.log error;
access_log ${bgtaccess} combined;
error_log ${bgterror} error;
autoindex on;
'';
};
};
environment.etc."netdata/python.d/web_log.conf".text = ''
nginx_log3:
name: 'nginx'
path: '/var/spool/nginx/logs/access.log'
nginx_log4:
name: 'bgt'
path: '${bgtaccess}'
'';
users.users.netdata.extraGroups = [ "nginx" ];
}

7
makefu/2configs/bureautomation/default.nix
View file

@ -5,7 +5,7 @@ let
port = 3001;
runit = pkgs.writeDash "runit" ''
set -xeuf
PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin
PATH=${pkgs.mosquitto}/bin:${pkgs.coreutils}/bin
name=''${1?must provide name as first arg}
state=''${2?must provide state as second arg}
# val=''${3?must provide val as third arg}
@ -14,9 +14,10 @@ let
test $state = alerting || exit 0
echo $name - $state
curl 'http://bauarbeiterlampe/ay?o=1'
topic=plug
mosquitto_pub -t /bam/$topic/cmnd/POWER -m ON
sleep 5
curl 'http://bauarbeiterlampe/ay?o=1'
mosquitto_pub -t /bam/$topic/cmnd/POWER -m OFF
'';
in {
services.logstash = {

114
makefu/2configs/bureautomation/hass.nix
View file

@ -1,20 +1,50 @@
{ pkgs, lib, ... }:
let
tasmota_plug = name: topic:
tasmota_rgb = name: topic:
# LED WS2812b
# effect_state_topic: "stat/led/Scheme"
# effect_command_topic: "cmnd/led/Scheme"
# effect_value_template: "{{ value_json.Scheme }}"
{ platform = "mqtt";
inherit name;
state_topic = "/bam/${topic}/stat/POWER1";
command_topic = "/bam/${topic}/cmnd/POWER1";
retain = false;
qos = 1;
optimistic = false;
# state
# TODO: currently broken, will not use the custom state topic
state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
# brightness
brightness_state_topic = "/bam/${topic}/stat/Dimmer";
brightness_command_topic = "/bam/${topic}/cmnd/Dimmer";
brightness_value_template = "{{ value_json.Dimmer }}";
brightness_scale = 100;
# color
rgb_state_topic = "/bam/${topic}/stat/Color";
rgb_command_topic = "/bam/${topic}/cmnd/Color2";
rgb_command_mode = "hex";
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
# effects
effect_state_topic = "/bam/${topic}/stat/Scheme";
effect_command_topic = "/bam/${topic}/cmnd/Scheme";
effect_value_template = "{{ value_json.Scheme }}";
effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ];
};
tasmota_plug = name: topic:
{ platform = "mqtt";
inherit name;
state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
};
tasmota_stecki = name: topic:
( tasmota_plug name topic) //
{ state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
};
espeasy_dht22 = name: [
{ platform = "mqtt";
@ -77,8 +107,12 @@ in {
switch = [
(tasmota_plug "Bauarbeiterlampe" "plug")
(tasmota_plug "Blitzdings" "plug2")
(tasmota_stecki "Fernseher" "fernseher")
(tasmota_plug "Pluggy" "plug4")
(tasmota_plug "Fernseher" "plug3")
(tasmota_plug "Feuer" "plug4")
(tasmota_plug "Nachtlicht" "plug5")
];
light = [
(tasmota_rgb "Status Felix" "status1")
];
binary_sensor = [
{ platform = "mqtt";
@ -174,12 +208,16 @@ in {
};
automation = [
"automation.turn_off_fernseher_10_minutes_after_last_movement"
"automation.turn_off_nachtlicht_on_sunrise"
"automation.turn_on_nachtlicht_on_motion_and_dusk"
];
switches = [
"switch.bauarbeiterlampe"
"switch.blitzdings"
"switch.fernseher"
"switch.pluggy"
"switch.feuer"
"switch.nachtlicht"
"light.status_felix"
];
camera = [
"camera.Baumarkt"
@ -212,11 +250,55 @@ in {
};
action = {
service = "homeassistant.turn_on";
entity_id = [ "switch.fernseher" "switch.blitzdings" ];
entity_id = [
"switch.fernseher"
"switch.feuer"
"light.status_felix"
];
};
}
{
alias = "Turn off Nachtlicht on sunrise";
trigger =
{
platform = "sun";
event = "sunrise";
};
action =
{
service = "homeassistant.turn_off";
entity_id = [ "switch.nachtlicht" ];
};
}
{
alias = "Turn on Nachtlicht on motion and dusk";
trigger =
{
platform = "state";
entity_id = "binary_sensor.motion";
to = "on";
};
condition = # 'when dark'
{
condition = "or";
conditions = [
{ condition = "sun";
after = "sunset";
after_offset = "-00:45:00"; # on dusk
}
{ condition = "sun";
before = "sunrise";
}
];
};
action =
{
service = "homeassistant.turn_on";
entity_id = [ "switch.nachtlicht" ];
};
}
{ alias = "Turn off Fernseher 10 minutes after last movement";
trigger = [
trigger = [
{ # trigger when movement was detected at the time
platform = "state";
entity_id = "binary_sensor.motion";
@ -231,7 +313,11 @@ in {
];
action = {
service = "homeassistant.turn_off";
entity_id = [ "switch.fernseher" "switch.blitzdings" ];
entity_id = [
"switch.fernseher"
"switch.feuer"
"light.status_felix"
];
};
condition =
{ condition = "and";

3
makefu/2configs/default.nix
View file

@ -36,7 +36,6 @@ with import <stockholm/lib>;
enable = true;
dns.providers.lan = "hosts";
search-domain = "r";
build.user = config.krebs.users.makefu;
};
@ -85,5 +84,5 @@ with import <stockholm/lib>;
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
environment.pathsToLink = [ "/share" ];
}

1
makefu/2configs/deployment/owncloud.nix
View file

@ -169,6 +169,7 @@ in {
( serveCloud [ "o.euer.krebsco.de" ] )
];
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.redis.enable = true;
services.mysql = {
enable = false;

5
makefu/2configs/dict.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs, ... }:
{
services.dictd.enable = true;
services.dictd.DBs = with pkgs.dictdDBs; [ wiktionary wordnet deu2eng eng2deu ];
}

1
makefu/2configs/gui/base.nix
View file

@ -28,6 +28,7 @@ in
windowManager = {
awesome.enable = true;
awesome.noArgb = true;
awesome.luaModules = [ pkgs.luaPackages.vicious ];
default = "awesome";
};

30
makefu/2configs/home-manager/cli.nix
View file

@ -1,4 +1,5 @@
{pkgs, ... }: {
imports = [ ./zsh.nix ];
home-manager.users.makefu = {
services.gpg-agent = {
enable = true;
@ -9,7 +10,34 @@
enableSshSupport = true;
enableScDaemon = true;
};
programs.fzf.enable = true; # alt-c
programs.direnv = {
stdlib = ''
use_nix() {
local cache=".direnv.$(nixos-version --hash)"
if [[ ! -e "$cache" ]] || \
[[ "$HOME/.direnvrc" -nt "$cache" ]] || \
[[ ".envrc" -nt "$cache" ]] || \
[[ "default.nix" -nt "$cache" ]] || \
[[ "shell.nix" -nt "$cache" ]];
then
local tmp="$(mktemp "$${cache}.tmp-XXXXXXXX")"
trap "rm -rf '$tmp' >/dev/null" EXIT
nix-shell --show-trace "$@" --run 'direnv dump' > "$tmp" && \
mv "$tmp" "$cache"
fi
direnv_load cat "$cache"
if [[ $# = 0 ]]; then
watch_file default.nix
watch_file shell.nix
rm direnv.* 2>/dev/null
fi
}
'';
enableZshIntegration = true;
};
};
services.udev.packages = [
pkgs.libu2f-host

9
makefu/2configs/home-manager/desktop.nix
View file

@ -1,11 +1,14 @@
{ pkgs, lib, ... }:
{ pkgs, lib, ... }:
{
users.users.makefu.packages = with pkgs;[ bat direnv clipit ];
home-manager.users.makefu = {
systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/run/current-system/sw/share:${pkgs.networkmanagerapplet}/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
programs.firefox.enable = true;
programs.obs-studio.enable = true;
xdg.enable = true;
services.network-manager-applet.enable = true;
systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
services.blueman-applet.enable = true;
services.pasystray.enable = true;
systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) );
@ -34,7 +37,7 @@
};
Service = {
Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
Environment = ''XDG_DATA_DIRS=/run/current-system/sw/share:${pkgs.clipit}/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
ExecStart = "${pkgs.clipit}/bin/clipit";
Restart = "on-abort";
};

126
makefu/2configs/home-manager/zsh.nix Normal file
View file

@ -0,0 +1,126 @@
{ pkgs, ... }:
{
imports = [
{ #direnv
home-manager.users.makefu.home.packages = [ pkgs.direnv ];
home-manager.users.makefu.home.file.".direnvrc".text = ''
use_nix() {
local path="$(nix-instantiate --find-file nixpkgs)"
if [ -f "$${path}/.version-suffix" ]; then
local version="$(< $path/.version-suffix)"
elif [ -f "$path/.version" ]; then
local version="$(< $path/.version)"
else
local version="$(< $(< $path/.git/HEAD))"
fi
local cache=".direnv/cache-''${version:-unknown}"
if [[ ! -e "$cache" ]] || \
[[ "$HOME/.direnvrc" -nt "$cache" ]] || \
[[ .envrc -nt "$cache" ]] || \
[[ default.nix -nt "$cache" ]] || \
[[ shell.nix -nt "$cache" ]];
then
[ -d .direnv ] || mkdir .direnv
local tmp=$(nix-shell --show-trace "$@" \
--run "\"$direnv\" dump bash")
echo "$tmp" > "$cache"
fi
local path_backup=$PATH term_backup=$TERM
direnv_load cat "$cache"
export PATH=$PATH:$path_backup TERM=$term_backup
if [[ $# = 0 ]]; then
watch_file default.nix
watch_file shell.nix
fi
}
'';
home-manager.users.makefu.programs.zsh.initExtra = ''
nixify() {
if [ ! -e ./.envrc ]; then
echo "use nix" > .envrc
direnv allow
fi
if [ ! -e default.nix ]; then
cat > default.nix <<'EOF'
with import <nixpkgs> {};
stdenv.mkDerivation {
name = "env";
buildInputs = [
bashInteractive
];
}
EOF
''${EDITOR:-vim} default.nix
fi
}
eval "$(direnv hook zsh)"
'';
}
{ # bat
home-manager.users.makefu.home.packages = [ pkgs.bat ];
home-manager.users.makefu.programs.zsh.shellAliases = {
cat = "bat";
catn = "${pkgs.coreutils}/bin/cat";
};
}
];
environment.pathsToLink = [ "/share/zsh" ];
home-manager.users.makefu = {
programs.fzf.enable = false; # alt-c
programs.zsh = {
enable = true;
enableAutosuggestions = false;
enableCompletion = true;
oh-my-zsh.enable = false;
history = {
size = 900001;
save = 900001;
ignoreDups = true;
extended = true;
share = true;
};
sessionVariables = {
TERM = "rxvt-unicode-256color";
LANG = "en_US.UTF8";
LS_COLORS = ":di=1;31:";
EDITOR = "vim";
};
shellAliases = {
lsl = "ls -lAtr";
t = "task";
xo = "mimeopen";
nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
};
initExtra = ''
bindkey -e
# shift-tab
bindkey '^[[Z' reverse-menu-complete
bindkey "\e[3~" delete-char
zstyle ':completion:*' menu select
setopt HIST_IGNORE_ALL_DUPS
setopt HIST_IGNORE_SPACE
setopt HIST_FIND_NO_DUPS
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
compdef _pass brain
zstyle ':completion::complete:brain::' prefix "$HOME/brain"
compdef _pass secrets
zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
# ctrl-x ctrl-e
autoload -U edit-command-line
zle -N edit-command-line
bindkey '^xe' edit-command-line
bindkey '^x^e' edit-command-line
'';
};
};
}

15
makefu/2configs/hw/malduino_elite.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
{
services.udev.extraRules = ''
ACTION!="add|change", GOTO="mm_usb_device_blacklist_local_end"
SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_local_end"
ENV{DEVTYPE}!="usb_device", GOTO="mm_usb_device_blacklist_local_end"
ATTRS{idVendor}=="1b4f" ATTRS{idProduct}=="9204", ENV{ID_MM_DEVICE_IGNORE}="1"
ATTRS{idVendor}=="1b4f" ATTRS{idProduct}=="9203", ENV{ID_MM_DEVICE_IGNORE}="1"
LABEL="mm_usb_device_blacklist_local_end"
'';
}

3
makefu/2configs/printer.nix
View file

@ -6,7 +6,8 @@ in {
services.printing = {
enable = true;
drivers = with pkgs; [
samsungUnifiedLinuxDriver
# samsungUnifiedLinuxDriver
splix # scx 3200
cups-dymo # dymo labelwriter
foo2zjs # magicolor 1690mf
cups-zj-58

15
makefu/2configs/remote-build/aarch64-community.nix Normal file
View file

@ -0,0 +1,15 @@
{
nix = {
distributedBuilds = true;
buildMachines = [
{
hostName = "aarch64.nixos.community";
maxJobs = 64;
sshKey = toString <secrets/nixos-community>;
sshUser = "makefu";
system = "aarch64-linux";
supportedFeatures = [ "big-parallel" ];
}
];
};
}

1
makefu/2configs/tools/android-pentest.nix
View file

@ -1,6 +1,7 @@
{ pkgs, ... }:
{
nixpkgs.config.android_sdk.accept_license = true;
users.users.makefu.packages = with pkgs; [
mitmproxy
nmap

2
makefu/2configs/tools/dev.nix
View file

@ -4,6 +4,7 @@
users.users.makefu.packages = with pkgs;[
python3
python3Packages.pyserial
picocom
python3Packages.virtualenv
# embedded
gi
@ -22,6 +23,7 @@
cdrtools
# nix related
nix-index
nix-review
# git-related
tig
];

5
makefu/2configs/virtualisation/virtualbox.nix
View file

@ -2,8 +2,7 @@
{
virtualisation.virtualbox.host.enable = true;
nixpkgs.config.virtualbox.enableExtensionPack = true;
virtualisation.virtualbox.host.enableHardening = false;
virtualisation.virtualbox.host.enableExtensionPack = true;
# virtualisation.virtualbox.host.enableHardening = false;
users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ];
}

82
makefu/2configs/zsh-user.nix
View file

@ -1,83 +1,11 @@
{ config, lib, pkgs, ... }:
##
with import <stockholm/lib>;
let
mainUser = config.krebs.build.user.name;
in
{
users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh";
programs.zsh= {
enable = true;
enableCompletion = true ; #manually at the end
interactiveShellInit = ''
HISTSIZE=900001
HISTFILESIZE=$HISTSIZE
SAVEHIST=$HISTSIZE
HISTFILE=$HOME/.zsh_history
setopt HIST_IGNORE_ALL_DUPS
setopt HIST_IGNORE_SPACE
setopt HIST_FIND_NO_DUPS
bindkey -e
# shift-tab
bindkey '^[[Z' reverse-menu-complete
bindkey "\e[3~" delete-char
zstyle ':completion:*' menu select
${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null
GPG_TTY=$(tty)
export GPG_TTY
LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
# fzf
__fsel_fzf() {
local cmd="''${FZF_CTRL_T_COMMAND:-"command find -L . -mindepth 1 \\( -path '*/\\.*' -o -fstype 'sysfs' -o -fstype 'devfs' -o -fstype 'devtmpfs' -o -fstype 'proc' \\) -prune \
-o -type f -print \
-o -type d -print \
-o -type l -print 2> /dev/null | cut -b3-"}"
setopt localoptions pipefail 2> /dev/null
eval "$cmd" | FZF_DEFAULT_OPTS="--height ''${FZF_TMUX_HEIGHT:-40%} --reverse $FZF_DEFAULT_OPTS $FZF_CTRL_T_OPTS" $(__fzfcmd) -m "$@" | while read item; do
echo -n "''${(q)item} "
done
local ret=$?
echo
return $ret
}
__fzf_use_tmux__() {
[ -n "$TMUX_PANE" ] && [ "''${FZF_TMUX:-0}" != 0 ] && [ ''${LINES:-40} -gt 15 ]
}
__fzfcmd() {
__fzf_use_tmux__ &&
echo "fzf-tmux -d''${FZF_TMUX_HEIGHT:-40%}" || echo "fzf"
}
fzf-file-widget() {
LBUFFER="''${LBUFFER}$(__fsel_fzf)"
local ret=$?
zle redisplay
typeset -f zle-line-init >/dev/null && zle zle-line-init
return $ret
}
zle -N fzf-file-widget
bindkey '^T' fzf-file-widget
compdef _pass brain
zstyle ':completion::complete:brain::' prefix "$HOME/brain"
compdef _pass secrets
zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
# ctrl-x ctrl-e
autoload -U edit-command-line
zle -N edit-command-line
bindkey '^xe' edit-command-line
bindkey '^x^e' edit-command-line
'';
enableCompletion = false; #manually at the end
promptInit = ''
RPROMPT=""
@ -93,8 +21,8 @@ in
'';
};
users.users.${mainUser}.packages = [
pkgs.nix-zsh-completions
pkgs.fzf
];
users.users.${mainUser} = {
shell = "/run/current-system/sw/bin/zsh";
packages = [ pkgs.nix-zsh-completions ];
};
}

23
makefu/5pkgs/baidudl/default.nix Normal file
View file

@ -0,0 +1,23 @@
{ stdenv, lib, pkgs, curl, jansson ,fetchFromGitHub, autoreconfHook }:
stdenv.mkDerivation rec {
pname = "baidudl";
version = "2018-01-16";
name = "${pname}-${version}";
src = fetchFromGitHub {
owner = "yzfedora";
repo = "baidudl";
rev = "712f2554a5ef7b2eba5c248d6406a6c535ef47b2";
sha256 = "1nfzalyd9k87q6njdxpg7pa62q6hyfr2vwxwvahaflyp31nlpa0y";
};
nativeBuildInputs = [ autoreconfHook ];
buildInputs = [ curl.dev jansson ];
meta = {
homepage = https://github.com/yzfedora/baidudl;
description = "This is a multi-thread download tool for pan.baidu.com";
license = lib.licenses.gpl3;
};
}

10
makefu/5pkgs/default.nix
View file

@ -21,9 +21,19 @@ with super.lib; with builtins; let
in {
quodlibet = super.pkgs.stdenv.lib.overrideDerivation super.quodlibet (old: {
doCheck = false; # 1 error because of warnings (possibly upstream)
patches = [ ./custom/quodlibet/single-digit-discnumber.patch
./custom/quodlibet/remove-override-warning.patch ];
});
rclone = super.pkgs.stdenv.lib.overrideDerivation super.rclone (old: {
postInstall = old.postInstall + ''
$bin/bin/rclone genautocomplete zsh _rclone
install -D -m644 _rclone $bin/share/zsh/vendor-completions/_rclone
$bin/bin/rclone genautocomplete bash _rclone
install -D -m644 _rclone $bin/etc/bash_completion.d/rclone
'';
});
alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";};

16
makefu/krops.nix
View file

@ -27,15 +27,15 @@
# TODO: we want to track the unstable channel
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
} else {
file = {
path = toString (pkgs.fetchFromGitHub {
derivation = ''
with import <nixpkgs> {};
pkgs.fetchFromGitHub {
owner = "makefu";
repo = "nixpkgs";
rev = nixpkgs-src.rev;
sha256 = nixpkgs-src.sha256;
});
useChecksum = true;
};
rev = "${nixpkgs-src.rev}";
sha256 = "${nixpkgs-src.sha256}";
}
'';
};
nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix";
@ -74,7 +74,7 @@
(lib.mkIf ( host-src.home-manager ) {
home-manager.git = {
url = https://github.com/rycee/home-manager;
ref = "f947faf";
ref = "4aa07c3";
};
})
];

6
makefu/nixpkgs.json
View file

@ -1,7 +1,7 @@
{
"url": "https://github.com/makefu/nixpkgs",
"rev": "9728b2e83406c76efc734ebb1923f23b8e687819",
"date": "2018-11-19T20:36:35+01:00",
"sha256": "0nk75ldppjr6x04hgghgg9vanr1cw4k5xhg699d38g2rpxviz5bp",
"rev": "125873064a6eabd2896833d00aede7778a453fdf",
"date": "2019-01-11T14:24:21+01:00",
"sha256": "1ki50426m9simqvxdzckfgycibz5rdhwl6hzi31i72dqiafl8j6s",
"fetchSubmodules": false
}

2
submodules/krops

@ -1 +1 @@
Subproject commit 61b5ef3b8e7e4d601db67a20f14a5022e9de8398
Subproject commit 5b8fb8dc0ee14672d7fd533bd98635b8725dbb29

6
tv/1systems/xu/config.nix
View file

@ -20,6 +20,7 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/br.nix>
<stockholm/tv/2configs/xp-332.nix>
<stockholm/tv/2configs/xserver>
<stockholm/tv/2configs/xserver/xkiller.nix>
{
environment.systemPackages = with pkgs; [
@ -156,10 +157,5 @@ with import <stockholm/lib>;
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "15.09";
tv.nixpkgs-overlays = {
krebs = "/home/tv/stockholm/krebs/5pkgs";
tv = "/home/tv/stockholm/tv/5pkgs";
};
virtualisation.virtualbox.host.enable = true;
}

4
tv/2configs/backup.nix
View file

@ -60,7 +60,7 @@ with import <stockholm/lib>;
};
xu-pull-ni-ejabberd = {
method = "pull";
src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; };
src = { host = config.krebs.hosts.ni; path = "/var/lib/ejabberd"; };
dst = { host = config.krebs.hosts.xu; path = "/bku/ni-ejabberd"; };
startAt = "07:00";
};
@ -78,7 +78,7 @@ with import <stockholm/lib>;
};
zu-pull-ni-ejabberd = {
method = "pull";
src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; };
src = { host = config.krebs.hosts.ni; path = "/var/lib/ejabberd"; };
dst = { host = config.krebs.hosts.zu; path = "/bku/ni-ejabberd"; };
startAt = "06:00";
};

1
tv/2configs/default.nix
View file

@ -92,7 +92,6 @@ with import <stockholm/lib>;
environment.variables = {
NIX_PATH = mkForce (concatStringsSep ":" [
"secrets=/var/src/stockholm/null"
"nixpkgs-overlays=${config.tv.nixpkgs-overlays}"
"/var/src"
]);
};

3
tv/2configs/gitrepos.nix
View file

@ -67,10 +67,12 @@ let {
cgit.desc = "source code installer";
};
q = {};
reaktor2 = {};
regfish = {};
stockholm = {
cgit.desc = "NixOS configuration";
};
with-ssh = {};
} // mapAttrs (_: recursiveUpdate { cgit.section = "2. Host configurations"; }) {
ni = {
};
@ -102,6 +104,7 @@ let {
nixos-infest = {};
painload = {};
push = {};
Reaktor = {};
with-tmpdir = {};
get = {};
load-env = {};

2
tv/2configs/htop.nix
View file

@ -22,7 +22,7 @@ with import <stockholm/lib>;
highlight_megabytes=1
highlight_threads=1
tree_view=1
header_margin=1
header_margin=0
detailed_cpu_time=0
cpu_count_from_zero=0
update_process_names=0

17
tv/2configs/mail-client.nix
View file

@ -1,13 +1,10 @@
{ pkgs, ... }:
with pkgs;
{
{ pkgs, ... }: {
environment.systemPackages = [
much
msmtp
notmuch
pythonPackages.alot
qprint
w3m
pkgs.haskellPackages.much
pkgs.msmtp
pkgs.notmuch
pkgs.pythonPackages.alot
pkgs.qprint
pkgs.w3m
];
}

1
tv/2configs/xserver/Xmodmap.nix
View file

@ -17,6 +17,7 @@ pkgs.writeText "Xmodmap" ''
keycode 39 = s S ssharp
keycode 33 = p P Greek_pi Greek_PI
keycode 40 = d D Greek_delta Greek_DELTA
keycode 46 = l L Greek_lambda Greek_LAMBDA
keycode 54 = c C cacute Cacute

14
tv/2configs/xserver/xkiller.nix Normal file
View file

@ -0,0 +1,14 @@
{ pkgs, ... }: {
services.acpid.enable = true;
services.acpid.handlers.xkiller = {
action = /* sh */ ''
event=($1)
if test "''${event[2]}" = 00000080; then
${pkgs.systemd}/bin/systemd-cat -t xkiller ${pkgs.xkiller}
fi
'';
event = "button/prog1";
};
}

1
tv/3modules/default.nix
View file

@ -5,7 +5,6 @@
./ejabberd
./hosts.nix
./iptables.nix
./nixpkgs-overlays.nix
./slock.nix
./x0vncserver.nix
];

2
tv/3modules/ejabberd/default.nix
View file

@ -67,7 +67,7 @@ in {
type = types.user;
default = {
name = "ejabberd";
home = "/var/ejabberd";
home = "/var/lib/ejabberd";
};
};
};

23
tv/3modules/nixpkgs-overlays.nix
View file

@ -1,23 +0,0 @@
with import <stockholm/lib>;
{ config, pkgs, ... }: {
options.tv.nixpkgs-overlays = mkOption {
apply = src:
pkgs.runCommand "nixpkgs-overlays" {} ''
mkdir $out
${concatStringsSep "\n" (mapAttrsToList (name: path:
"ln -s ${shell.escape path} $out/${shell.escape name}"
) src)}
'' // {
inherit src;
};
type = types.attrsOf types.absolute-pathname;
};
config = {
tv.nixpkgs-overlays = {
krebs = mkDefault "/var/src/stockholm/krebs/5pkgs";
tv = mkDefault "/var/src/stockholm/tv/5pkgs";
};
};
}

20
tv/3modules/slock.nix
View file

@ -5,10 +5,12 @@ in {
options.tv.slock = {
enable = mkEnableOption "tv.slock";
package = mkOption {
default = pkgs.execBin "slock" rec {
filename = "${pkgs.systemd}/bin/systemctl";
argv = [ filename "start" "slock-${cfg.user.name}.service" ];
};
default = pkgs.writeDashBin "slock" ''
set -efu
display=''${DISPLAY#:}
service=slock-$LOGNAME@$display.service
exec ${pkgs.systemd}/bin/systemctl start "$service"
'';
type = types.package;
};
user = mkOption {
@ -18,16 +20,16 @@ in {
config = mkIf cfg.enable {
security.polkit.extraConfig = /* js */ ''
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "slock-${cfg.user.name}.service" &&
subject.user == ${toJSON cfg.user.name}) {
if (action.id === "org.freedesktop.systemd1.manage-units" &&
subject.user === ${toJSON cfg.user.name} &&
/^slock-${cfg.user.name}@[0-9]+\.service$/.test(action.lookup("unit")) ) {
return polkit.Result.YES;
}
});
'';
systemd.services."slock-${cfg.user.name}" = {
systemd.services."slock-${cfg.user.name}@" = {
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
DISPLAY = ":%I";
LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" {
passAsFile = ["text"];
text = /* c */ ''

6
tv/5pkgs/default.nix
View file

@ -24,6 +24,12 @@ foldl' mergeAttrs {}
"$@"
'';
dhcpcd = overrideDerivation super.dhcpcd (old: {
configureFlags = old.configureFlags ++ [
"--dbdir=/var/lib/dhcpcd"
];
});
gitAndTools = super.gitAndTools // {
inherit (self) diff-so-fancy;
};

61
tv/5pkgs/simple/q/default.nix
View file

@ -14,7 +14,7 @@ let
assert n >= 1;
n * calwidth + (n - 1) * hspace;
pad = ''{
pad = /* sh */ ''{
${pkgs.gnused}/bin/sed '
# rtrim
s/ *$//
@ -31,7 +31,7 @@ let
s/^[ 1-9][0-9]/&/
'
}'';
in ''
in /* sh */ ''
cols=$(${pkgs.ncurses}/bin/tput cols)
${pkgs.coreutils}/bin/paste \
<(if test $cols -ge ${toString (need_width 3)}; then
@ -59,24 +59,24 @@ let
'
'';
q-isodate = ''
q-isodate = /* sh */ ''
${pkgs.coreutils}/bin/date \
'+%Y-%m-%dT%H:%M:%S%:z'
'';
# Singapore's red is #ED2E38
q-sgtdate = ''
q-sgtdate = /* sh */ ''
TZ=Asia/Singapore \
${pkgs.coreutils}/bin/date \
'+%Y-%m-%dT%H:%M:%S%:z'
'';
q-utcdate = ''
q-utcdate = /* sh */ ''
${pkgs.coreutils}/bin/date -u \
'+%Y-%m-%dT%H:%M:%S%:z'
'';
q-gitdir = ''
q-gitdir = /* sh */ ''
if test -d .git; then
#git status --porcelain
branch=$(
@ -87,7 +87,7 @@ let
fi
'';
q-intel_backlight = ''
q-intel_backlight = /* sh */ ''
cd /sys/class/backlight/intel_backlight
</dev/null exec ${pkgs.gawk}/bin/awk '
END {
@ -227,11 +227,11 @@ let
done
'';
q-virtualization = ''
q-virtualization = /* sh */ ''
echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)"
'';
q-wireless = ''
q-wireless = /* sh */ ''
for dev in $(
${pkgs.iw}/bin/iw dev \
| ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
@ -250,7 +250,7 @@ let
done
'';
q-online = ''
q-online = /* sh */ ''
if ${pkgs.curl}/bin/curl -s google.com >/dev/null; then
echo 'online'
else
@ -258,7 +258,7 @@ let
fi
'';
q-thermal_zone = ''
q-thermal_zone = /* sh */ ''
for i in /sys/class/thermal/thermal_zone*; do
type=$(${pkgs.coreutils}/bin/cat $i/type)
temp=$(${pkgs.coreutils}/bin/cat $i/temp)
@ -266,29 +266,26 @@ let
done
'';
q-todo = ''
q-todo = /* sh */ ''
TODO_file=$PWD/TODO
if test -e "$TODO_file"; then
${pkgs.coreutils}/bin/cat "$TODO_file" \
| ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) '
BEGIN { print "remind=0" }
/^[0-9]/{
x = $1
gsub(".", "\\\\&", x)
rest = substr($0, index($0, " "))
rest = $0
sub(" *", "", rest)
gsub(".", "\\\\&", rest)
print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \
echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \
(( remind++ ))"
}
END { print "test $remind = 0 && echo \"nothing to remind\"" }
' \
| {
# bash needed for (( ... ))
${pkgs.bash}/bin/bash
}
${pkgs.jq}/bin/jq -Rrs <"$TODO_file" -f ${pkgs.writeJq "q-todo.jq" ''
split("\n") | map(
(match("^([0-9]+-\\d{2}-\\d{2})\\s+(.*)$").captures | map(.string))
as $captures |
($captures[0] | strptime("%Y-%m-%d") | mktime) as $date |
$captures[1] as $text |
select(now >= $date) |
($text | test("\\[URGENT]"; "i")) as $urgent |
(if $urgent then "38;5;196" else "38;5;208" end) as $sgr |
if $urgent then sub("\\s*\\[URGENT]\\s*"; " "; "i") else . end |
"\u001b[\($sgr)m\(.)\u001b[m"
) |
if length == 0 then "nothing to remind" else .[] end
''}
else
echo "$TODO_file: no such file or directory"
fi

25
tv/5pkgs/simple/xkiller.nix Normal file
View file

@ -0,0 +1,25 @@
{ pkgs }:
pkgs.writeDash "xkiller" ''
set -efu
exec >&2
${pkgs.iproute}/bin/ss -lp src unix:/tmp/.X11-unix/X* |
${pkgs.gnused}/bin/sed -n '
s|.*/tmp/.X11-unix/X\([0-9]\+\)\>.*("X[^"]*",pid=\([0-9]\+\)\>.*|\1 \2|p
' |
while read -r display pid; do
{
exit_code=$(
DISPLAY=:$display ${pkgs.coreutils}/bin/timeout 1 \
${pkgs.xorg.xset}/bin/xset q >/dev/null 2>&1 &&
echo 0 || echo $?
)
if test $exit_code = 124; then
echo "X on display :$display is locked up; killing PID $pid..."
${pkgs.coreutils}/bin/kill -SIGKILL "$pid"
else
echo "X on display :$display is healthy"
fi
} &
done
wait
''