makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'lass/master'

Browse source
This commit is contained in:
makefu 2019-02-05 22:31:39 +01:00
parent 80c2ab739d 932d11ed93
commit a9ec59e87d
No known key found for this signature in database
GPG key ID: 36F7711F3FC0F225
17 changed files with 270 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
krebs/2configs/reaktor2.nix
View file

@ -61,7 +61,7 @@ let
];
hooks.PRIVMSG = [
{
pattern = "^bier bal(ance)*$";
pattern = "^bier bal(an(ce)?)?$";
activate = "match";
command = {
env = {
@ -134,6 +134,7 @@ in {
};
r = {
nick = "reaktor2|krebs";
sendDelaySec = null;
plugins = [
{
plugin = "register";

54
krebs/3modules/external/default.nix vendored
View file

@ -16,7 +16,33 @@ with import <stockholm/lib>;
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
in {
hosts = mapAttrs hostDefaults {
catullus = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.3";
aliases = [ "catullus.r" ];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2tRtskPP6391+ZX9xzsx
CUotXuqYucYmnUbrRSIlxASVqTmAf3nDOE5EDBBcTdSwnb02JcJW4Zh7+BGgMxjF
GxDPs6ETI28mHK+6rp8TOkMnyDb5mtSGVZPvKJU9fFOt6aAX1J1BzTfwtHtVQq7K
WBzdpeKXlw4dIQ6K6SGmPIPpEh9pE1Xb+GuVljCXKxGJFbW40dmh2ZdadO7umBDu
vRk08jT9/BUnUP6KrZlvyePnG38z6srMrVU+XAHu5D2qZ9y+QIp3kw7Y5JUrNXc7
9q9P9TYx15GiIz2mSJKcLVmkLRebsaqdV7dBibPbfdGE+NB+F1FYPGDdW4cnonon
DzzjGm/FDfOCXEnSkYGQDBWpfd/8AWum1xGJxJCPNBJElGE2o5jDWo4Y1b9gHP0M
vARm8AOK8R1pQ7BP+pNMO0gGw2NDrtWiWpTeZ7SqXmZAZ/Gmyen9X+/fowcbTyDH
b9joIuMQeOtxbUV2JprZIdit9NBFSZq/7Re/GBUwjGBm3LabIXFNGKZovx/f9lf8
r5tVs4SPauiKzZS0K1Gz1NSq+3OXaY5EwVrBUXptYqRT7uyhVloOPRUsqRFeB0Fn
Y5xOpDJ0UiJxgFbdH5Vb81D/VjNO9Q4nZib8wSEuLrYLHGoceQPX4+Ov9IdhIL4B
BMTCaF+VCWC5PCLr0e61KqMCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
dpdkm = {
owner = config.krebs.users.Mic92;
nets = rec {
@ -176,32 +202,6 @@ in {
};
};
};
kruck = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.29.201";
aliases = [
"kruck.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
qubasa = {
owner = config.krebs.users.qubasa;
nets = {
@ -419,8 +419,6 @@ in {
mail = "joerg@thalheim.io";
pubkey = ssh-for "Mic92";
};
palo = {
};
qubasa = {
mail = "luis.nixos@gmail.com";
};

81
krebs/3modules/external/palo.nix vendored Normal file
View file

@ -0,0 +1,81 @@
with import <stockholm/lib>;
{ config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = false;
external = true;
monitoring = false;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr =
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill.ip6.addr =
(krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
});
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
in {
hosts = mapAttrs hostDefaults {
pepe = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.1";
tinc.port = 720;
aliases = [ "pepe.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
kruck = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.3";
tinc.port = 720;
aliases = [ "kruck.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
schasch = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.2";
tinc.port = 720;
aliases = [ "schasch.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
workhorse = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.5";
tinc.port = 720;
aliases = [ "workhorse.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
workout = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.4";
tinc.port = 720;
aliases = [ "workout.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
};
users = {
palo = {
};
};
}

13
krebs/3modules/external/tinc/palo.pub vendored Normal file
View file

@ -0,0 +1,13 @@
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE
8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4
oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/
ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD
ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ
ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu
MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL
rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo
sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1
EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH
yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ==
-----END RSA PUBLIC KEY-----

4
krebs/3modules/reaktor2.nix
View file

@ -33,6 +33,10 @@ with import <stockholm/lib>;
default = "reaktor2${optionalString (name != "default") "-${name}"}";
type = types.filename;
};
sendDelaySec = mkOption {
default = 0.7;
type = types.nullOr types.float;
};
username = mkOption {
default = self.config.systemd-service-name;
type = types.username;

6
krebs/5pkgs/haskell/reaktor2.nix
View file

@ -7,11 +7,11 @@
}:
mkDerivation {
pname = "reaktor2";
version = "0.2.1";
version = "0.2.2";
src = fetchgit {
url = "https://cgit.krebsco.de/reaktor2";
sha256 = "0wg76wlzfi893rl0lzhfs6bkpdcvwvgl6mpnz6w7r8f7znr4a9vr";
rev = "0e199f7a357a4c5973e5837ec67699cf224ca69c";
sha256 = "1kyr5i5zdzvc7fcyac1i1yvi88kcxafrgp8p79c1b9l4g9sjnv78";
rev = "9f4e2644188f985d7cd806c13e2c0dee1688b9f0";
fetchSubmodules = true;
};
isLibrary = false;

14
krebs/krops.nix
View file

@ -9,13 +9,19 @@
krebs-source = { test ? false }: rec {
nixpkgs = if test then {
derivation = ''
with import <nixpkgs> {};
derivation = let
rev = (lib.importJSON ./nixpkgs.json).rev;
sha256 = (lib.importJSON ./nixpkgs.json).sha256;
in ''
with import (builtins.fetchTarball {
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
sha256 = "${sha256}";
}) {};
pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
rev = "${(lib.importJSON ./nixpkgs.json).rev}";
sha256 = "${(lib.importJSON ./nixpkgs.json).sha256}";
rev = "${rev}";
sha256 = "${sha256}";
}
'';
} else {

14
lass/1systems/blue/source.nix
View file

@ -1,13 +1,19 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
derivation = ''
with import <nixpkgs> {};
derivation = let
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
in ''
with import (builtins.fetchTarball {
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
sha256 = "${sha256}";
}) {};
pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}";
sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}";
rev = "${rev}";
sha256 = "${sha256}";
}
'';
};

1
lass/1systems/mors/config.nix
View file

@ -36,6 +36,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/hardening.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain

11
lass/2configs/hardening.nix Normal file
View file

@ -0,0 +1,11 @@
{ pkgs, lib, ... }:
with lib;
{
security.chromiumSuidSandbox.enable = true;
security.lockKernelModules = false;
boot.kernel.sysctl."user.max_user_namespaces" = 63414;
imports = [
<nixpkgs/nixos/modules/profiles/hardened.nix>
];
}

61
lass/2configs/radio.nix
View file

@ -170,32 +170,45 @@ in {
};
};
krebs.Reaktor.playlist = {
nickname = "the_playlist|r";
channels = [
"#the_playlist"
"#krebs"
];
extraEnviron = {
REAKTOR_HOST = "irc.freenode.org";
};
plugins = with pkgs.ReaktorPlugins; [
(buildSimpleReaktorPlugin "skip" {
script = "${skip_track}/bin/skip_track";
pattern = "^skip$";
})
(buildSimpleReaktorPlugin "current" {
script = "${print_current}/bin/print_current";
pattern = "^current$";
})
(buildSimpleReaktorPlugin "suggest" {
script = "${pkgs.writeDash "suggest" ''
echo "$@" >> $HOME/playlist_suggest
''}";
pattern = "^suggest: (?P<args>.*)$";
})
krebs.reaktor2.the_playlist = {
hostname = "irc.freenode.org";
port = "6697";
useTLS = true;
nick = "the_playlist";
plugins = [
{
plugin = "register";
config = {
channels = [
"#the_playlist"
"#krebs"
];
};
}
{
plugin = "system";
config = {
workdir = config.krebs.reaktor2.the_playlist.stateDir;
hooks.PRIVMSG = [
{
activate = "match";
pattern = ''!([^ ]+)(?:\s*(.*))?'';
command = 1;
arguments = [2];
commands = {
skip.filename = "${skip_track}/bin/skip_track";
current.filename = "${print_current}/bin/print_current";
suggest.filename = pkgs.writeDash "suggest" ''
echo "$@" >> playlist_suggest
'';
};
}
];
};
}
];
};
services.nginx = {
enable = true;
virtualHosts."radio.lassul.us" = {

46
lass/2configs/reaktor-coders.nix
View file

@ -32,6 +32,7 @@ in {
pattern = ''@([^ ]+) (.*)$'';
command = 1;
arguments = [2];
env.HOME = config.krebs.reaktor2.coders.stateDir;
commands = let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
@ -46,36 +47,21 @@ in {
-e "$@"
'';
in {
pl = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-pl" ''
${lambdabotWrapper} "@pl $1"
'';
};
type = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-type" ''
${lambdabotWrapper} "@type $1"
'';
};
"let" = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-let" ''
${lambdabotWrapper} "@let $1"
'';
};
run = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-run" ''
${lambdabotWrapper} "@run $1"
'';
};
kind = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-kind" ''
${lambdabotWrapper} "@kind $1"
'';
};
pl.filename = pkgs.writeDash "lambdabot-pl" ''
${lambdabotWrapper} "@pl $1"
'';
type.filename = pkgs.writeDash "lambdabot-type" ''
${lambdabotWrapper} "@type $1"
'';
"let".filename = pkgs.writeDash "lambdabot-let" ''
${lambdabotWrapper} "@let $1"
'';
run.filename = pkgs.writeDash "lambdabot-run" ''
${lambdabotWrapper} "@run $1"
'';
kind.filename = pkgs.writeDash "lambdabot-kind" ''
${lambdabotWrapper} "@kind $1"
'';
};
}
{

3
lass/5pkgs/custom/xmonad-lass/default.nix
View file

@ -41,6 +41,7 @@ import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize)
import XMonad.Layout.NoBorders (smartBorders)
import XMonad.Layout.MouseResizableTile (mouseResizableTile)
import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
@ -93,7 +94,7 @@ main' = do
myLayoutHook = defLayout
where
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile)
floatHooks :: Query (Endo WindowSet)
floatHooks = composeOne

2
submodules/krops

@ -1 +1 @@
Subproject commit 61b5ef3b8e7e4d601db67a20f14a5022e9de8398
Subproject commit 5b8fb8dc0ee14672d7fd533bd98635b8725dbb29

6
tv/5pkgs/override/default.nix Normal file
View file

@ -0,0 +1,6 @@
with import <stockholm/lib>;
self: super: {
rxvt_unicode = self.callPackage ./rxvt_unicode {
rxvt_unicode = super.rxvt_unicode;
};
}

6
tv/5pkgs/override/rxvt_unicode/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ rxvt_unicode }:
rxvt_unicode.overrideAttrs (old: {
patches = old.patches ++ [
./finish-running-selection.patch
];
})

41
tv/5pkgs/override/rxvt_unicode/finish-running-selection.patch Normal file
View file

@ -0,0 +1,41 @@
diff --git a/src/rxvttoolkit.h b/src/rxvttoolkit.h
index 56c9a3f..429055d 100644
--- a/src/rxvttoolkit.h
+++ b/src/rxvttoolkit.h
@@ -384,6 +384,7 @@ struct rxvt_selection
{
rxvt_selection (rxvt_display *disp, int selnum, Time tm, Window win, Atom prop, rxvt_term *term);
void run ();
+ void finish (char *data = 0, unsigned int len = 0);
~rxvt_selection ();
rxvt_term *term; // terminal to paste to, may be 0
@@ -404,7 +405,6 @@ private:
void timer_cb (ev::timer &w, int revents); ev::timer timer_ev;
void x_cb (XEvent &xev); xevent_watcher x_ev;
- void finish (char *data = 0, unsigned int len = 0);
void stop ();
bool request (Atom target, int selnum);
void handle_selection (Window win, Atom prop, bool delete_prop);
diff --git a/src/screen.C b/src/screen.C
index 9eb375a..77e7109 100644
--- a/src/screen.C
+++ b/src/screen.C
@@ -2736,11 +2736,11 @@ rxvt_term::paste (char *data, unsigned int len) NOTHROW
void
rxvt_term::selection_request (Time tm, int selnum) NOTHROW
{
- if (!selection_req)
- {
- selection_req = new rxvt_selection (display, selnum, tm, vt, xa[XA_VT_SELECTION], this);
- selection_req->run ();
- }
+ if (selection_req)
+ selection_req->finish ();
+
+ selection_req = new rxvt_selection (display, selnum, tm, vt, xa[XA_VT_SELECTION], this);
+ selection_req->run ();
}
/* ------------------------------------------------------------------------- */