makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse source
This commit is contained in:
tv 2017-12-14 10:17:40 +01:00
parent bd63530db1 04f7ae22d6
commit b5f1febe68
60 changed files with 1425 additions and 159 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
jeschli/1systems/reagenzglas/.source.nix.swp Normal file
View file

Binary file not shown.

146
jeschli/1systems/reagenzglas/config.nix Normal file
View file

@ -0,0 +1,146 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
<stockholm/jeschli>
./hardware-configuration.nix
];
# Use the GRUB 2 boot loader.
# boot.loader.grub.enable = true;
# boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Define on which hard drive you want to install Grub.
# boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538844584d30"; # or "nodev" for efi only
boot.initrd.luks.devices = [
{
name = "root";
device = "/dev/disk/by-id/wwn-0x5002538844584d30-part2";
preLVM = true;
allowDiscards = true;
}
];
networking.hostName = "reaganzglas"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true;
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
nixpkgs.config.allowUnfree = true;
environment.shellAliases = { n = "nix-shell"; };
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
environment.systemPackages = with pkgs; [
# system helper
ag
curl
copyq
dmenu
git
i3lock
keepass
networkmanagerapplet
rsync
terminator
tmux
wget
rxvt_unicode
# editors
emacs
# internet
thunderbird
chromium
google-chrome
# programming languages
go
gcc
ghc
python35
python35Packages.pip
# go tools
golint
gotools
# dev tools
gnumake
# document viewer
zathura
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01 markus@reaganzglas"
];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "us";
services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.windowManager.xmonad.enable = true;
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.extraUsers.jeschli = {
isNormalUser = true;
uid = 1000;
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.03"; # Did you read the comment?
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
'';
};
krebs.build.host = config.krebs.hosts.reagenzglas;
hardware.bluetooth.enable = true;
}

33
jeschli/1systems/reagenzglas/hardware-configuration.nix Normal file
View file

@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/09130cf7-b71b-42ab-9fa3-cb3c745f1fc9";
fsType = "ext4";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/8bee50b3-5733-4373-a966-388def141774";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/DA40-AC19";
fsType = "vfat";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 8;
# powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

4
jeschli/1systems/reagenzglas/source.nix Normal file
View file

@ -0,0 +1,4 @@
import <stockholm/jeschli/source.nix> {
name = "reagenzglas";
secure = true;
}

102
jeschli/2configs/copy-vim.nix Normal file
View file

@ -0,0 +1,102 @@
{ config, pkgs, ... }:
# let
# customPlugins.ultisnips = pkgs.vimUtils.buildVimPlugin {
# name = "ultisnips";
# src = pkgs.fetchFromGitHub {
# owner = "SirVer";
# repo = "ultisnips";
# rev = "3.1";
# sha256 = "0p9d91h9pm0nx0d77lqsgv6158q052cyj4nm1rd6zvbay9bkkf8b";
# };
# };
#
let
customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin {
name = "vim-javascript";
src = pkgs.fetchFromGitHub {
owner = "pangloss";
repo = "vim-javascript";
rev = "1.2.5.1";
sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7";
};
};
customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin {
name = "vim-jsx";
src = pkgs.fetchFromGitHub {
owner = "mxw";
repo = "vim-jsx";
rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a";
sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a";
};
};
in {
# {
environment.systemPackages = [
(pkgs.vim_configurable.customize {
name = "vim";
vimrcConfig.customRC = ''
:imap jk <Esc>
:vmap v v
:map gr :GoRun<Enter>
:nnoremap <S-TAB> :bnext<CR>
:nnoremap <C-TAB> <c-w><c-w>
set autowrite
set number
set ruler
noremap x "_x
set clipboard=unnamedplus
let g:jsx_ext_required = 0
let g:go_list_type = "quickfix"
let g:go_test_timeout = '10s'
let g:go_fmt_command = "goimports"
let g:go_snippet_case_type = "camelcase"
let g:go_highlight_types = 1
let g:go_highlight_fields = 1
let g:go_highlight_functions = 1
let g:go_highlight_methods = 1
let g:go_highlight_extra_types = 1
autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
let g:rehash256 = 1
let g:molokai_original = 1
colorscheme molokai
let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck']
let g:go_metalinter_autosave = 1
" let g:go_metalinter_autosave_enabled = ['vet', 'golint']
" let g:go_def_mode = 'godef'
" let g:go_decls_includes = "func,type"
" Trigger configuration. Do not use <tab> if you use https://github.com/Valloric/YouCompleteMe.
let g:UltiSnipsExpandTrigger="<c-e>"
let g:UltiSnipsJumpForwardTrigger="<c-t>"
let g:UltiSnipsJumpBackwardTrigger="<c-q>"
" If you want :UltiSnipsEdit to split your window.
let g:UltiSnipsEditSplit="vertical"
if has('persistent_undo') "check if your vim version supports it
set undofile "turn on the feature
set undodir=$HOME/.vim/undo "directory where the undo files will be stored
endif
'';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
vimrcConfig.vam.pluginDictionaries = [
{ names = [ "undotree" "molokai" ]; } # wanted: fatih/molokai
# vim-nix handles indentation better but does not perform sanity
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
{ names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode
{ names = [ "vim-javascript" ]; ft_regex = "^js\$"; }
{ names = [ "vim-jsx" ]; ft_regex = "^js\$"; }
{ names = [ "UltiSnips" ]; ft_regex = "^go\$"; }
];
})
];
}

66
jeschli/2configs/default.nix Normal file
View file

@ -0,0 +1,66 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
./vim.nix
./retiolum.nix
{
environment.variables = {
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
};
}
];
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
#stockholm
git
gnumake
jq
parallel
proot
populate
#style
most
rxvt_unicode.terminfo
#monitoring tools
htop
iotop
#network
iptables
iftop
#stuff for dl
aria2
#neat utils
file
kpaste
krebspaste
mosh
pciutils
psmisc
# q
# rs
tmux
untilport
usbutils
# logify
goify
#unpack stuff
p7zip
unzip
unrar
(pkgs.writeDashBin "sshn" ''
${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
'')
];
krebs.enable = true;
}

22
jeschli/2configs/retiolum.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
{
krebs.tinc.retiolum = {
enable = true;
connectTo = [
"prism"
"gum"
"ni"
"dishfire"
];
};
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
environment.systemPackages = [
pkgs.tinc
];
}

373
jeschli/2configs/vim.nix Normal file
View file

@ -0,0 +1,373 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
out = {
environment.systemPackages = [
(hiPrio vim)
pkgs.python35Packages.flake8
];
environment.etc.vimrc.source = vimrc;
environment.variables.EDITOR = mkForce "vim";
environment.variables.VIMINIT = ":so /etc/vimrc";
};
vimrc = pkgs.writeText "vimrc" ''
set nocompatible
set autoindent
set backspace=indent,eol,start
set backup
set backupdir=${dirs.backupdir}/
set directory=${dirs.swapdir}//
set hlsearch
set incsearch
set mouse=a
set ruler
set pastetoggle=<INS>
set runtimepath=${extra-runtimepath},$VIMRUNTIME
set shortmess+=I
set showcmd
set showmatch
set ttimeoutlen=0
set undodir=${dirs.undodir}
set undofile
set undolevels=1000000
set undoreload=1000000
set viminfo='20,<1000,s100,h,n${files.viminfo}
set visualbell
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
set wildmenu
set wildmode=longest,full
set title
set titleold=
set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
set et ts=2 sts=2 sw=2
filetype plugin indent on
set t_Co=256
colorscheme hack
syntax on
au Syntax * syn match Garbage containedin=ALL /\s\+$/
\ | syn match TabStop containedin=ALL /\t\+/
\ | syn keyword Todo containedin=ALL TODO
au BufRead,BufNewFile *.hs so ${hs.vim}
au BufRead,BufNewFile *.nix so ${nix.vim}
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
"Syntastic config
let g:syntastic_python_checkers=['flake8']
let g:syntastic_python_flake8_post_args='--ignore=E501'
nmap <esc>q :buffer
nmap <M-q> :buffer
cnoremap <C-A> <Home>
noremap <C-c> :q<cr>
vnoremap < <gv
vnoremap > >gv
nnoremap <esc>[5^ :tabp<cr>
nnoremap <esc>[6^ :tabn<cr>
nnoremap <esc>[5@ :tabm -1<cr>
nnoremap <esc>[6@ :tabm +1<cr>
nnoremap <f1> :tabp<cr>
nnoremap <f2> :tabn<cr>
inoremap <f1> <esc>:tabp<cr>
inoremap <f2> <esc>:tabn<cr>
" <C-{Up,Down,Right,Left>
noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
noremap <esc>Od <nop> | noremap! <esc>Od <nop>
" <[C]S-{Up,Down,Right,Left>
noremap <esc>[a <nop> | noremap! <esc>[a <nop>
noremap <esc>[b <nop> | noremap! <esc>[b <nop>
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
" search with ack
let g:ackprg = 'ag --vimgrep'
cnoreabbrev Ack Ack!
" copy/paste from/to xclipboard
noremap x "_x
set clipboard=unnamedplus
'';
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
pkgs.vimPlugins.ack-vim
pkgs.vimPlugins.Gundo
pkgs.vimPlugins.Syntastic
pkgs.vimPlugins.undotree
pkgs.vimPlugins.vim-go
(pkgs.vimUtils.buildVimPlugin {
name = "file-line-1.0";
src = pkgs.fetchFromGitHub {
owner = "bogado";
repo = "file-line";
rev = "1.0";
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
};
})
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "hack";
in {
name = "vim-color-${name}-1.0.2";
destination = "/colors/${name}.vim";
text = /* vim */ ''
set background=dark
hi clear
if exists("syntax_on")
syntax clear
endif
let colors_name = ${toJSON name}
hi Normal ctermbg=235
hi Comment ctermfg=242
hi Constant ctermfg=062
hi Identifier ctermfg=068
hi Function ctermfg=041
hi Statement ctermfg=167
hi PreProc ctermfg=167
hi Type ctermfg=041
hi Delimiter ctermfg=251
hi Special ctermfg=062
hi Garbage ctermbg=088
hi TabStop ctermbg=016
hi Todo ctermfg=174 ctermbg=NONE
hi NixCode ctermfg=148
hi NixData ctermfg=149
hi NixQuote ctermfg=150
hi diffNewFile ctermfg=207
hi diffFile ctermfg=207
hi diffLine ctermfg=207
hi diffSubname ctermfg=207
hi diffAdded ctermfg=010
hi diffRemoved ctermfg=009
'';
})))
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "vim";
in {
name = "vim-syntax-${name}-1.0.0";
destination = "/syntax/${name}.vim";
text = /* vim */ ''
${concatMapStringsSep "\n" (s: /* vim */ ''
syn keyword vimColor${s} ${s}
\ containedin=ALLBUT,vimComment,vimLineComment
hi vimColor${s} ctermfg=${s}
'') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
'';
})))
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "showsyntax";
in {
name = "vim-plugin-${name}-1.0.0";
destination = "/plugin/${name}.vim";
text = /* vim */ ''
if exists('g:loaded_showsyntax')
finish
endif
let g:loaded_showsyntax = 0
fu! ShowSyntax()
let id = synID(line("."), col("."), 1)
let name = synIDattr(id, "name")
let transName = synIDattr(synIDtrans(id),"name")
if name != transName
let name .= " (" . transName . ")"
endif
echo "Syntax: " . name
endfu
command! -n=0 -bar ShowSyntax :call ShowSyntax()
'';
})))
];
dirs = {
backupdir = "$HOME/.cache/vim/backup";
swapdir = "$HOME/.cache/vim/swap";
undodir = "$HOME/.cache/vim/undo";
};
files = {
viminfo = "$HOME/.cache/vim/info";
};
mkdirs = let
dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
in assert out != ""; out;
alldirs = attrValues dirs ++ map dirOf (attrValues files);
in unique (sort lessThan alldirs);
vim = pkgs.symlinkJoin {
name = "vim";
paths = [
(pkgs.writeDashBin "vim" ''
set -efu
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
exec ${pkgs.vim}/bin/vim "$@"
'')
pkgs.vim
];
};
hs.vim = pkgs.writeText "hs.vim" ''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
hi link ConId Identifier
hi link VarId Identifier
hi link hsDelimiter Delimiter
'';
nix.vim = pkgs.writeText "nix.vim" ''
setf nix
" Ref <nix/src/libexpr/lexer.l>
syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
syn match NixINT /\<[0-9]\+\>/
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
syn region NixSTRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
syn region NixIND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
syn match NixOther /[():/;=.,?\[\]]/
syn match NixCommentMatch /\(^\|\s\)#.*/
syn region NixCommentRegion start="/\*" end="\*/"
hi link NixCode Statement
hi link NixData Constant
hi link NixComment Comment
hi link NixCommentMatch NixComment
hi link NixCommentRegion NixComment
hi link NixID NixCode
hi link NixINT NixData
hi link NixPATH NixData
hi link NixHPATH NixData
hi link NixSPATH NixData
hi link NixURI NixData
hi link NixSTRING NixData
hi link NixIND_STRING NixData
hi link NixEnter NixCode
hi link NixOther NixCode
hi link NixQuote NixData
syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
syn cluster nix_ind_strings contains=NixIND_STRING
syn cluster nix_strings contains=NixSTRING
${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
startAlts = filter isString [
''/\* ${lang} \*/''
extraStart
];
sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
in /* vim */ ''
syn include @nix_${lang}_syntax syntax/${lang}.vim
unlet b:current_syntax
syn match nix_${lang}_sigil
\ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
\ transparent
syn region nix_${lang}_region_STRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn region nix_${lang}_region_IND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn cluster nix_ind_strings
\ add=nix_${lang}_region_IND_STRING
syn cluster nix_strings
\ add=nix_${lang}_region_STRING
syn cluster nix_has_dollar_curly
\ add=@nix_${lang}_syntax
'') {
c = {};
cabal = {};
haskell = {};
sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
vim.extraStart =
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
})}
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
syn clear shVarAssign
syn region nixINSIDE_DOLLAR_CURLY
\ matchgroup=NixEnter
\ start="[$]{"
\ end="}"
\ contains=TOP
\ containedin=@nix_has_dollar_curly
\ transparent
syn region nix_inside_curly
\ matchgroup=NixEnter
\ start="{"
\ end="}"
\ contains=TOP
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
\ transparent
syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
\ containedin=@nix_ind_strings
\ contained
syn match NixQuote /\\./he=s+1
\ containedin=@nix_strings
\ contained
syn sync fromstart
let b:current_syntax = "nix"
set isk=@,48-57,_,192-255,-,'
'';
in
out

9
jeschli/default.nix Normal file
View file

@ -0,0 +1,9 @@
_:
{
imports = [
../krebs
./2configs
# ./3modules
# ./5pkgs
];
}

22
jeschli/source.nix Normal file
View file

@ -0,0 +1,22 @@
with import <stockholm/lib>;
host@{ name, secure ? false, override ? {} }: let
builder = if getEnv "dummy_secrets" == "true"
then "buildbot"
else "jeschli";
_file = <stockholm> + "/jeschli/1systems/${name}/source.nix";
in
evalSource (toString _file) [
{
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "f9390d6";
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>;
jeschli = "/home/jeschli/secrets/${name}";
};
stockholm.file = toString <stockholm>;
}
override
]

2
krebs/3modules/ci.nix
View file

@ -104,7 +104,7 @@ in
"dummy_secrets": "true",
},
command=[
"nix-shell", "--run", " ".join(["test",
"nix-shell", "-I", "stockholm=.", "--run", " ".join(["test",
"--user={}".format(user),
"--system={}".format(host),
"--force-populate",

1
krebs/3modules/default.nix
View file

@ -61,6 +61,7 @@ let
hosts = mkOption {
type = with types; attrsOf host;
default = {};
};
users = mkOption {

87
krebs/3modules/lass/default.nix
View file

@ -535,6 +535,86 @@ with import <stockholm/lib>;
};
};
};
reagenzglas = {
ci = false;
external = true;
nets = {
retiolum = {
ip4.addr = "10.243.27.27";
ip6.addr = "42::27";
aliases = [
"reagenzglas.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P
bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0
utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO
2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5
hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u
mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW
8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06
aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw
pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu
3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/
lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5
+IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz
9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli
PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0
ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn
GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE
hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2
ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX
vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe
G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44
5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x
Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
xerxes = {
cores = 2;
nets = rec {
retiolum = {
ip4.addr = "10.243.1.3";
ip6.addr = "42::1:3";
aliases = [
"xerxes.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U
MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk
gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W
/EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb
mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO
X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj
+2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim
hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9
3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4
H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5
JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4
hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe
SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo
4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe
vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3
Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO
scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv
jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ
Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u
/Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0
bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ
sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
};
};
users = {
lass = {
@ -563,6 +643,10 @@ with import <stockholm/lib>;
mail = "lass@icarus.r";
pubkey = builtins.readFile ./ssh/icarus.rsa;
};
lass-xerxes = {
mail = "lass@xerxes.r";
pubkey = builtins.readFile ./ssh/xerxes.rsa;
};
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};
@ -583,5 +667,8 @@ with import <stockholm/lib>;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
mail = "joerg@higgsboson.tk";
};
jeschli = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01";
};
};
}

1
krebs/3modules/lass/ssh/xerxes.rsa Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGjBN0aFs6GxNwMjCvlddbN6+vb6LZuWiWWe+wbAynaGuGbae0TXCLp0/eMNy7fH8poDjpdW9M4mKbBFKOqyG8WJLCPFoQw761tjKl1hccJn0hFSkQAEGKxtfzHlAl/Mz+59yvqNg7/WNSivv41hE7btYltzRy238VQDYFv2eLM7acyxrgGo7tWOtkbpfELj5cM8Qw1j3TF9bGV5pK6IOEtaHbmalS8Iiz77syAu+6E/y6zKBTtGMHI15l6RNJ/Y7A1LM/WwuNL+9dJMYWJFVHy3/4dpaxiioHREiSawUbz9wNHknCrT6vaPCIVVcujhz9Oee1C5UiYUyyfJrFYdlzaTg7FuLNIt2hKMY6NYx1D8/Pwpq1JOsaEfK/K5ytCgaJb115mRevcaUA5s7KYNWHmmZvy08JzCgSM6ZPRtfkQIcha77wVq6DugJ+KgBz+oADQRKiaMrumOMldd0B3q4Oxb71gDTE1XLAbWJnd/0Up1H5GAtZZUUrMUslZiU/23R6SOkyEMLWQTx/KgkWcz8DZLtib5o03uZpfJDVqp2CR+sjmy4x9aa+lSaOzuZP0KRyg+mOKl0o3zL7TNAzrzSCORVBg7nOh+0SPJkDxVRkc6dVY1L3ZOfdm2P/19fhWEr5ECgVrmYYKnDPwWY1iWJlZsiEc3Mj7KB1m44ov0FJg2hiNnydImqcXTCoszp515MBmeHnpqJsqEZuWS8dAnaEiOwZaSKIO1E7lQ7CoP86+eD4yAwLq6fb2tgjHT69LgDMaIha4hMfrO2o4UDVw9OZMfnPtyatI4pxplaQDoQM1p0dej0rZ7uxL1tfoKAyT0UCdtjhxfnNs0x1gOQbML4eGbqyKuyF82eOQRgKRDqH/tParoE4SRBVi7o3s0kILRmXA3ng3n1uhEiGwPTH8JsQ9huM+XOhH8+CzQeg4yb/jCrhsDzvLaW654+ouq9G+kjwqmO4vLNs5eZxfae84rppbS2MJqK1x8rkJixvKBKEfvYJOuDNV+hXyMbToaq8qtGy7cCSq4+UDio3DsSHY0Tpt9e+yEzoOOqFQLQyq6uHv/+u9MY+VADoa4N64U3S2SXul9tE3g6hOAY0F5BYMbxQSuj59kzwghlAmbsyWN2FCmWdsfCQkkZX7wCTj20DtZB/GdVSGNgHGAoU5JZrXKca3A2Yc9hzbYjyNYr0NmQ9NUbkbaOkcYJRIUXtS2OBOHP+FoUkkqL3ieKXR07l5xJbWLzbyVUxN9Zii4Baj5xnDO/RLZPDvTUxbER/0d1orMZztL2EKmfSn4j4uhWqpi04Rg9sWH+WVLAq22EKhAuqcFEOUimjcyZWYKxcAq5Z51NJNBQB7euz55eCJUZkBUYEpNuYr0UDlmBxKB2r6ZWDeNXT7eLxBdwDHCHSqXV7qOG1vMhHtjbbxmQMnkQ4InhO9TdpaN3tj67nGmc6hhgYO4b7NvyL1/pvDPrHrR/3GzkDkwqvt3uESdVdqAJSCk6gFh9V1aGs= lass@xerxes

4
krebs/3modules/makefu/default.nix
View file

@ -107,7 +107,7 @@ with import <stockholm/lib>;
ci = true;
cores = 1;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
# ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
nets = {
internet = {
ip4.addr = "185.215.224.160";
@ -500,7 +500,7 @@ with import <stockholm/lib>;
};
retiolum = {
ip4.addr = "10.243.214.15";
ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
# ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
aliases = [
"wbob.r"
];

1
krebs/3modules/repo-sync.nix
View file

@ -173,6 +173,7 @@ let
REPONAME = "${name}.git";
};
restartIfChanged = false;
serviceConfig = {
Type = "simple";
PermissionsStartOnly = true;

21
krebs/5pkgs/simple/apt-cacher-ng/default.nix
View file

@ -1,21 +0,0 @@
{ stdenv, fetchurl, cmake, doxygen, zlib, openssl, bzip2, pkgconfig, libpthreadstubs }:
stdenv.mkDerivation rec {
name = "apt-cacher-ng-${version}";
version = "2";
src = fetchurl {
url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz";
sha256 = "0bkc3012vinridl5ch46pwnxjalymx4wf6nxax64nm7bdkcj9azf";
};
NIX_LDFLAGS = "-lpthread";
buildInputs = [ doxygen cmake zlib openssl bzip2 pkgconfig libpthreadstubs ];
meta = {
description = "A caching proxy specialized for linux distribution files";
homepage = http://www.unix-ag.uni-kl.de/~bloch/acng/;
license = stdenv.lib.licenses.gpl2;
maintainers = [ stdenv.lib.maintainers.makefu ];
};
}

2
krebs/source.nix
View file

@ -14,6 +14,6 @@ in
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "0c5a587eeba5302ff87e494baefd2f14f4e19bee"; # nixos-17.09 @ 2017-11-10
ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13
};
}

2
lass/1systems/mors/config.nix
View file

@ -179,7 +179,7 @@ with import <stockholm/lib>;
echo 'secrets are crypted' >&2
exit 23
else
exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"'
fi
'';
predeploy = pkgs.writeDash "predeploy" ''

9
lass/1systems/prism/config.nix
View file

@ -287,6 +287,15 @@ in {
}
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/lass/2configs/dcso-dev.nix>
{
krebs.git.rules = [
{
user = [ config.krebs.users.jeschli ];
repo = [ config.krebs.git.repos.stockholm ];
perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ];
}
];
}
];
krebs.build.host = config.krebs.hosts.prism;

40
lass/1systems/xerxes/config.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/hw/gpd-pocket.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/baseX.nix>
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
];
krebs.build.host = config.krebs.hosts.xerxes;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0"
'';
fileSystems."/" = {
device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/16C8-D053";
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358";
fsType = "btrfs";
};
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ];
networking.wireless.enable = true;
}

11
lass/1systems/xerxes/source.nix Normal file
View file

@ -0,0 +1,11 @@
with import <stockholm/lib>;
import <stockholm/lass/source.nix> {
name = "xerxes";
secure = true;
override = {
nixpkgs.git = mkForce {
url = https://github.com/lassulus/nixpkgs;
ref = "3eccd0b";
};
};
}

4
lass/2configs/baseX.nix
View file

@ -112,10 +112,6 @@ in {
xkbOptions = "caps:backspace";
};
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
services.urxvtd.enable = true;
services.xresources.enable = true;
lass.screenlock.enable = true;

2
lass/2configs/br.nix
View file

@ -18,7 +18,7 @@ with import <stockholm/lib>;
netDevices = {
bra = {
model = "MFCL2700DN";
ip = "10.23.42.221";
ip = "10.42.23.221";
};
};
};

45
lass/2configs/browsers.nix
View file

@ -5,19 +5,23 @@ let
mainUser = config.users.extraUsers.mainUser;
browser-select = pkgs.writeScriptBin "browser-select" ''
BROWSER=$(echo -e "${concatStringsSep "\\n" (attrNames config.lass.browser.paths)}" | ${pkgs.dmenu}/bin/dmenu)
browser-select = let
sortedPaths = sort (a: b: a.value.precedence > b.value.precedence)
(mapAttrsToList (name: value: { inherit name value; })
config.lass.browser.paths);
in pkgs.writeScriptBin "browser-select" ''
BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu)
case $BROWSER in
${concatMapStringsSep "\n" (n: ''
${n})
export BIN=${config.lass.browser.paths.${n}}/bin/${n}
${n.name})
export BIN=${n.value.path}/bin/${n.name}
;;
'') (attrNames config.lass.browser.paths)}
'') (sortedPaths)}
esac
$BIN "$@"
'';
createChromiumUser = name: extraGroups:
createChromiumUser = name: extraGroups: precedence:
let
bin = pkgs.writeScriptBin name ''
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
@ -31,7 +35,7 @@ let
useDefaultShell = true;
createHome = true;
};
lass.browser.paths.${name} = bin;
lass.browser.paths.${name}.path = bin;
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
@ -40,10 +44,10 @@ let
];
};
createFirefoxUser = name: extraGroups:
createFirefoxUser = name: extraGroups: precedence:
let
bin = pkgs.writeScriptBin name ''
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@
'';
in {
users.extraUsers.${name} = {
@ -54,7 +58,10 @@ let
useDefaultShell = true;
createHome = true;
};
lass.browser.paths.${name} = bin;
lass.browser.paths.${name} = {
path = bin;
inherit precedence;
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
@ -79,14 +86,24 @@ in {
type = types.path;
};
options.lass.browser.paths = mkOption {
type = with types; attrsOf path;
type = types.attrsOf (types.submodule ({
options = {
path = mkOption {
type = types.path;
};
precedence = mkOption {
type = types.int;
default = 0;
};
};
}));
};
}
( createFirefoxUser "ff" [ "audio" ] )
( createChromiumUser "cr" [ "video" "audio" ] )
( createFirefoxUser "ff" [ "audio" ] 10 )
( createChromiumUser "cr" [ "video" "audio" ] 9 )
( createChromiumUser "gm" [ "video" "audio" ] 8 )
( createChromiumUser "wk" [ "video" "audio" ] )
( createChromiumUser "fb" [ "video" "audio" ] )
( createChromiumUser "gm" [ "video" "audio" ] )
( createChromiumUser "com" [ "video" "audio" ] )
];
}

5
lass/2configs/dcso-dev.nix
View file

@ -15,6 +15,7 @@ in {
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-android.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
];
@ -42,6 +43,10 @@ in {
};
};
krebs.per-user.dev.packages = [
pkgs.go
];
security.sudo.extraConfig = ''
${mainUser.name} ALL=(dev) NOPASSWD: ALL
'';

1
lass/2configs/default.nix
View file

@ -22,6 +22,7 @@ with import <stockholm/lib>;
config.krebs.users.lass.pubkey
config.krebs.users.lass-shodan.pubkey
config.krebs.users.lass-icarus.pubkey
config.krebs.users.lass-xerxes.pubkey
];
};
mainUser = {

1
lass/2configs/exim-smarthost.nix
View file

@ -48,6 +48,7 @@ with import <stockholm/lib>;
{ from = "tomtop@lassul.us"; to = lass.mail; }
{ from = "aliexpress@lassul.us"; to = lass.mail; }
{ from = "business@lassul.us"; to = lass.mail; }
{ from = "payeer@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

2
lass/2configs/games.nix
View file

@ -57,7 +57,7 @@ let
in {
environment.systemPackages = with pkgs; [
dwarf_fortress
(dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; })
doom1
doom2
vdoom1

28
lass/2configs/hw/gpd-pocket.nix Normal file
View file

@ -0,0 +1,28 @@
{ pkgs, ... }:
let
dummy_firmware = pkgs.writeTextFile {
name = "brcmfmac4356-pcie.txt";
text = builtins.readFile ./brcmfmac4356-pcie.txt;
destination = "/lib/firmware/brcm/brcmfmac4356-pcie.txt";
};
in {
#imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
hardware.firmware = [ dummy_firmware ];
hardware.enableRedistributableFirmware = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" "sdhci_pci" ];
boot.kernelPackages = pkgs.linuxPackages_4_14;
boot.kernelParams = [
"fbcon=rotate:1"
];
services.xserver.displayManager.sessionCommands = ''
(sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right)
(sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1)
'';
services.xserver.dpi = 200;
fonts.fontconfig.dpi = 200;
lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola";
lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola";
lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol";
}

5
lass/2configs/hw/x220.nix
View file

@ -29,4 +29,9 @@
options = ["nosuid" "nodev" "noatime"];
};
};
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
}

11
lass/2configs/websites/lassulus.nix
View file

@ -153,15 +153,15 @@ in {
};
security.acme.certs."cgit.lassul.us" = {
email = "lassulus@gmail.com";
webroot = "/var/lib/acme/acme-challenges";
email = "lassulus@lassul.us";
webroot = "/var/lib/acme/acme-challenge";
plugins = [
"account_key.json"
"key.pem"
"fullchain.pem"
"key.pem"
];
group = "nginx";
allowKeysForGroup = true;
user = "nginx";
};
@ -170,6 +170,9 @@ in {
addSSL = true;
sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
locations."/.well-known/acme-challenge".extraConfig = ''
root /var/lib/acme/acme-challenge;
'';
};
users.users.blog = {

2
lass/5pkgs/default.nix
View file

@ -23,7 +23,7 @@
screengrab = pkgs.writeDashBin "screengrab" ''
resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')"
${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :0.0 -s $resolution -c:v huffyuv $1
${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1
'';
};
}

9
lass/5pkgs/xmonad-lass.nix
View file

@ -30,6 +30,7 @@ import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
import XMonad.Actions.DynamicWorkspaces (withWorkspace)
import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
import XMonad.Hooks.EwmhDesktops (ewmh)
import XMonad.Hooks.FloatNext (floatNext)
import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
@ -39,10 +40,10 @@ import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
import XMonad.Layout.NoBorders (smartBorders)
import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Layout.SimpleFloat (simpleFloat)
import XMonad.Stockholm.Shutdown
@ -59,7 +60,7 @@ main = getArgs >>= \case
main' :: IO ()
main' = do
xmonad
xmonad $ ewmh
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def
{ terminal = myTerm
@ -77,7 +78,7 @@ main' = do
myLayoutHook = defLayout
where
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1) ||| simpleFloat
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
myKeyMap :: [([Char], X ())]
myKeyMap =
@ -86,6 +87,8 @@ myKeyMap =
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
, ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type")
, ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
, ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%")
, ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%")

2
lass/source.nix
View file

@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "f9390d6";
ref = "cb751f9";
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

35
makefu/1systems/gum/config.nix
View file

@ -46,7 +46,7 @@ in {
# services
<stockholm/makefu/2configs/share/gum.nix>
<stockholm/makefu/2configs/sabnzbd.nix>
# <stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/iodined.nix>
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
@ -65,6 +65,8 @@ in {
<stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
{
services.taskserver.enable = true;
services.taskserver.fqdn = config.krebs.build.host.name;
@ -84,13 +86,40 @@ in {
# Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
#{
# services.dockerRegistry.enable = true;
# networking.firewall.allowedTCPPorts = [ 8443 ];
# services.nginx.virtualHosts."euer.krebsco.de" = {
# forceSSL = true;
# enableACME = true;
# extraConfig = ''
# client_max_body_size 1000M;
# '';
# locations."/".proxyPass = "http://localhost:5000";
# };
#}
{ # wireguard server
networking.firewall.allowedUDPPorts = [ 51820 ];
#networking.wireguard.interfaces.wg0 = {
# ips = [ "10.244.0.1/24" ];
# privateKeyFile = (toString <secrets>) + "/wireguard.key";
# allowedIPsAsRoutes = true;
# peers = [{
# allowedIPs = [ "0.0.0.0/0" "::/0" ];
# publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
# }];
#};
}
];
makefu.dl-dir = "/var/download";
services.openssh.hostKeys = [
{ bits = 4096; path = <secrets/ssh_host_rsa_key>; type = "rsa"; }
{ path = <secrets/ssh_host_ed25519_key>; type = "ed25519"; } ];
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
###### stable
services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
krebs.build.host = config.krebs.hosts.gum;

1
makefu/1systems/omo/config.nix
View file

@ -61,6 +61,7 @@ in {
# logs to influx
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf>
<stockholm/makefu/2configs/stats/telegraf/europastats.nix>
# services
<stockholm/makefu/2configs/syncthing.nix>

2
makefu/1systems/tsp/config.nix
View file

@ -32,6 +32,8 @@
# acer aspire
networking.wireless.enable = lib.mkDefault true;
services.xserver.synaptics.enable = true;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;

46
makefu/1systems/wbob/config.nix
View file

@ -3,6 +3,7 @@ let
rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115";
datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F";
user = config.makefu.gui.user;
primaryIP = "192.168.8.11";
in {
imports =
@ -10,16 +11,18 @@ in {
<stockholm/makefu>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/tools/core-gui.nix>
<stockholm/makefu/2configs/tools/extra-gui.nix>
<stockholm/makefu/2configs/tools/media.nix>
<stockholm/makefu/2configs/disable_v6.nix>
# <stockholm/makefu/2configs/tools/core-gui.nix>
# <stockholm/makefu/2configs/tools/extra-gui.nix>
# <stockholm/makefu/2configs/tools/media.nix>
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/deployment/led-fader.nix>
# <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/gui/studio-virtual.nix>
# <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
# <stockholm/makefu/2configs/audio/realtime-audio.nix>
@ -27,6 +30,41 @@ in {
# Services
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/share/wbob.nix>
<stockholm/makefu/2configs/stats/telegraf>
<stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
<stockholm/makefu/2configs/deployment/bureautomation>
(let
collectd-port = 25826;
influx-port = 8086;
grafana-port = 3000; # TODO nginx forward
db = "collectd_db";
logging-interface = "enp0s25";
in {
services.grafana.enable = true;
services.grafana.addr = "0.0.0.0";
services.influxdb.enable = true;
services.influxdb.extraConfig = {
meta.hostname = config.krebs.build.host.name;
# meta.logging-enabled = true;
http.bind-address = ":${toString influx-port}";
admin.bind-address = ":8083";
collectd = [{
enabled = true;
typesdb = "${pkgs.collectd}/share/collectd/types.db";
database = db;
bind-address = ":${toString collectd-port}";
}];
};
networking.firewall.extraCommands = ''
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
'';
})
# temporary
# <stockholm/makefu/2configs/temp/rst-issue.nix>

2
makefu/1systems/wbob/source.nix
View file

@ -1,4 +1,4 @@
import <stockholm/makefu/source.nix> {
name="wbob";
musnix = true;
# musnix = true;
}

48
makefu/2configs/deployment/bgt/hidden_service.nix Normal file
View file

@ -0,0 +1,48 @@
{ pkgs, lib, ... }:
with lib;
let
name = "bgt_cyberwar_hidden_service";
sec = (toString <secrets>) + "/";
secdir = sec + name;
srvdir = "/var/lib/tor/onion/";
basedir = srvdir + name;
hn = builtins.readFile (secdir + "/hostname");
in
{
systemd.services.prepare-hidden-service = {
wantedBy = [ "local-fs.target" ];
before = [ "tor.service" ];
serviceConfig = {
ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
#!/bin/sh
set -euf
if ! test -d "${basedir}" ;then
mkdir -p "${srvdir}"
cp -r "${secdir}" "${srvdir}"
chown -R tor:tor "${srvdir}"
chmod -R 700 "${basedir}"
else
echo "not overwriting ${basedir}"
fi
'';
Type = "oneshot";
RemainAfterExit = "yes";
TimeoutSec = "0";
};
};
services.nginx.virtualHosts."${hn}".locations."/" = {
proxyPass = "https://blog.binaergewitter.de";
extraConfig = ''
proxy_set_header Host blog.binaergewitter.de;
proxy_ssl_server_name on;
'';
};
services.tor = {
enable = true;
hiddenServices."${name}".map = [
{ port = "80"; }
# { port = "443"; toHost = "blog.binaergewitter.de"; }
];
};
}

41
makefu/2configs/deployment/bureautomation/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ pkgs, lib, ... }:
with lib;
let
port = 3001;
runit = pkgs.writeDash "runit" ''
set -xeuf
PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin
name=''${1?must provide name as first arg}
state=''${2?must provide state as second arg}
# val=''${3?must provide val as third arg}
# we ignore non-alerting events
test $state = alerting || exit 0
echo $name - $state
curl 'http://bauarbeiterlampe/ay?o=1'
sleep 5
curl 'http://bauarbeiterlampe/ay?o=1'
'';
in {
services.logstash = {
package = pkgs.logstash5;
enable = true;
inputConfig = ''
http {
port => ${toString port}
host => "127.0.0.1"
}
'';
filterConfig = ''
'';
outputConfig = ''
stdout { codec => json }
exec { command => "${runit} '%{ruleName}' '%{state}'" }
'';
extraSettings = ''
path.plugins: [ "${pkgs.logstash-output-exec}" ]
'';
};
}

28
makefu/2configs/deployment/led-fader.nix
View file

@ -1,27 +1,25 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, buildPythonPackage, ... }:
with import <stockholm/lib>;
let
mq = "192.168.8.11";
pkg = pkgs.stdenv.mkDerivation {
pkg = pkgs.python3Packages.buildPythonPackage {
name = "ampel-master";
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
rev = "07a6791de368e16cc0864d2676fd255eba522cee";
sha256 = "1jxjapvkfglvgapy7gjbr1nra3ay418nvz70bvypcmv7wc8d4h8q";
rev = "531741b";
sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c";
};
buildInputs = [
(pkgs.python35.withPackages (pythonPackages: with pythonPackages; [
propagatedBuildInputs = with pkgs.python3Packages; [
docopt
paho-mqtt
]))
requests
pytz
influxdb
httplib2
google_api_python_client
];
installPhase = ''
install -m755 -D fade.py $out/bin/fade.py
install -m755 -D ampel.py $out/bin/ampel
install -m755 -D times.json $out/share/times.json
'';
};
in {
systemd.services.led-fader = {
@ -34,7 +32,9 @@ in {
serviceConfig = {
# User = "nobody"; # need a user with permissions to run nix-shell
ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2";
ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json";
ExecStart = "${pkg}/bin/ampel 4";
Restart = "always";
RestartSec = 10;
PrivateTmp = true;
};
};

6
makefu/2configs/deployment/scrape/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./elkstack.nix
./selenium.nix
];
}

65
makefu/2configs/deployment/scrape/selenium.nix Normal file
View file

@ -0,0 +1,65 @@
{config, pkgs, lib, ...}:
with <stockholm/lib>;
let
selenium-pw = <secrets/selenium-vncpasswd>;
in {
services.jenkinsSlave.enable = true;
users.users.selenium = {
uid = genid "selenium";
extraGroups = [ "plugdev" ];
};
fonts.enableFontDir = true;
# networking.firewall.allowedTCPPorts = [ 5910 ];
systemd.services.selenium-X11 =
{
description = "X11 vnc for selenium";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.xorg.xorgserver pkgs.tightvnc pkgs.dwm ];
environment =
{
DISPLAY = ":10";
};
script = ''
set -ex
[ -e /tmp/.X10-lock ] && ( set +e ; chmod u+w /tmp/.X10-lock ; rm /tmp/.X10-lock )
[ -e /tmp/.X11-unix/X10 ] && ( set +e ; chmod u+w /tmp/.X11-unix/X10 ; rm /tmp/.X11-unix/X10 )
mkdir -p ~/.vnc
cp -f ${selenium-pw} ~/.vnc/passwd
chmod go-rwx ~/.vnc/passwd
echo > ~/.vnc/xstartup
chmod u+x ~/.vnc/xstartup
vncserver $DISPLAY -geometry 1280x1024 -depth 24 -name jenkins -ac
dwm
'';
preStop = ''
vncserver -kill $DISPLAY
'';
serviceConfig = {
User = "selenium";
};
};
systemd.services.selenium-server =
{
description = "selenium-server";
wantedBy = [ "multi-user.target" ];
requires = [ "selenium-X11.service" ];
path = [ pkgs.chromium
pkgs.firefoxWrapper ];
environment =
{
DISPLAY = ":10";
};
script = ''
${pkgs.selenium-server-standalone}/bin/selenium-server -Dwebdriver.enable.native.events=1
'';
serviceConfig = {
User = "selenium";
};
};
}

18
makefu/2configs/share/omo.nix
View file

@ -30,24 +30,18 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
usenet = {
path = "/media/crypt0/usenet/dst";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
pyload = {
path = "/media/crypt0/pyload";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
crypt0 = {
path = "/media/crypt0";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
crypX-games = {
path = "/media/cryptX/games";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
media-rw = {
path = "/media/";
"read only" = "no";

38
makefu/2configs/share/wbob.nix Normal file
View file

@ -0,0 +1,38 @@
{config, ... }:{
networking.firewall.allowedUDPPorts = [ 137 138 ];
networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
description = "smb guest user";
home = "/home/share";
createHome = true;
};
services.samba = {
enable = true;
enableNmbd = true;
shares = {
incoming = {
path = "/data/incoming";
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
data = {
path = "/data/";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
};
extraConfig = ''
guest account = smbguest
map to guest = bad user
# disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
'';
};
}

19
makefu/2configs/stats/telegraf/airsensor.nix Normal file
View file

@ -0,0 +1,19 @@
{ pkgs, ...}:
{
services.udev.extraRules = ''
SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input"
'';
users.users.telegraf.extraGroups = [ "input" ];
services.telegraf.extraConfig.inputs.exec = [
{
commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"];
timeout = "10s";
data_format = "value";
data_type = "integer";
name_override = "airquality";
interval = "10s";
tags.unit="VOC";
}
];
}

3
makefu/2configs/stats/telegraf/default.nix
View file

@ -2,9 +2,6 @@
let
url = "http://localhost:8086";
in {
imports = [
./europastats.nix
];
services.telegraf = {
enable = true;
extraConfig = {

2
makefu/2configs/tools/dev.nix
View file

@ -13,10 +13,12 @@
esptool
cac-api
cac-panel
krebszones
ovh-zone
whatsupnix
brain
gen-oath-safe
cdrtools
stockholm
];
}

1
makefu/2configs/tools/extra-gui.nix
View file

@ -14,5 +14,6 @@
saleae-logic
arduino-user-env
gitAndTools.gitFull
signal-desktop
];
}

1
makefu/2configs/tools/games.nix
View file

@ -7,5 +7,6 @@
users.users.makefu.packages = with pkgs; [
games-user-env
wine
pkg2zip
];
}

15
makefu/2configs/zsh-user.nix
View file

@ -8,11 +8,12 @@ in
users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh";
programs.zsh= {
enable = true;
enableCompletion = false ; #manually at the end
enableCompletion = true ; #manually at the end
interactiveShellInit = ''
HISTSIZE=900001
HISTFILESIZE=$HISTSIZE
SAVEHIST=$HISTSIZE
HISTFILE=$HOME/.zsh_history
setopt HIST_IGNORE_ALL_DUPS
setopt HIST_IGNORE_SPACE
@ -65,13 +66,15 @@ in
zle -N fzf-file-widget
bindkey '^T' fzf-file-widget
# Auto-Completion
for p in ''${(z)NIX_PROFILES}; do
fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions)
done
autoload -U compinit && compinit
compdef _pass brain
zstyle ':completion::complete:brain::' prefix "$HOME/brain"
# ctrl-x ctrl-e
autoload -U edit-command-line
zle -N edit-command-line
bindkey '^xe' edit-command-line
bindkey '^x^e' edit-command-line
'';
promptInit = ''

27
makefu/5pkgs/PkgDecrypt/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ stdenv, lib, pkgs, fetchFromGitHub, ... }:
stdenv.mkDerivation rec {
name = "PkgDecrypt-2017-12-01";
rev = "e2f9518";
src = fetchFromGitHub {
owner = "St4rk";
repo = "PkgDecrypt";
inherit rev;
sha256 = "0dk13qamxyny0vc990s06vqddxwwc6xmikb1pkc3rnys98yda29p";
};
installPhase = ''
install -m755 -D pkg_dec $out/bin/pkg_dec
install -m755 -D make_key $out/bin/make_key
'';
buildInputs = with pkgs;[
zlib
];
meta = {
homepage = https://github.com/St4rk/PkgDecrypt;
description = "St4rk's Vita pkg decrypter";
license = lib.licenses.gpl2;
};
}

17
makefu/5pkgs/airsensor-py/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ pkgs, fetchFromGitHub, ... }:
with pkgs.python3Packages;
buildPythonApplication rec {
name = "airsensor-py-${version}";
version = "2017-12-05";
propagatedBuildInputs = [
pyusb
click
];
src = fetchFromGitHub {
owner = "makefu";
repo = "airsensor-py";
rev = "7ac5f185dc848fca1b556e4c0396dd73f6a93995";
sha256 = "0387b025y8kb0zml7916p70hmzc3y18kqh46b9xv5qayljxymq2w";
};
}

2
makefu/5pkgs/default.nix
View file

@ -24,7 +24,7 @@ in {
alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";};
qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { };
inherit (callPackage ./devpi {}) devpi-web devpi-server;
inherit (callPackage ./devpi {}) devpi-web ;
nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {};
inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: {
patches = [ ./custom/inkscape/dxf_fix.patch ];

60
makefu/5pkgs/devpi/default.nix
View file

@ -14,18 +14,6 @@ let
propagatedBuildInputs = with pkgs.python3Packages; [ docutils bleach pygments ];
};
devpi-client = pkgs.python3Packages.buildPythonPackage rec {
name = "devpi-client";
version = "2.7.0";
src = pkgs.fetchurl {
url = "mirror://pypi/d/devpi-client/devpi-client-${version}.tar.gz";
sha256 = "0z7vaf0a66n82mz0vx122pbynjvkhp2mjf9lskgyv09y3bxzzpj3";
};
patches = [ ./py3-fix-encoding.patch ];
buildInputs = with pkgs.python3Packages; [ tox check-manifest pkginfo ];
propagatedBuildInputs = with pkgs.python3Packages; [ devpi-common py ];
};
devpi-web = pkgs.python3Packages.buildPythonPackage rec {
name = "devpi-web";
version = "3.1.1";
@ -37,7 +25,7 @@ let
};
propagatedBuildInputs = with pkgs.python3Packages;
[ devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ];
[ pkgs.devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ];
meta = {
homepage = https://bitbucket.org/hpk42/devpi;
@ -47,53 +35,7 @@ let
};
};
devpi-common-3 = pkgs.python3Packages.buildPythonPackage rec {
name = "devpi-common";
version = "3.0.1";
src = pkgs.fetchurl {
url = "mirror://pypi/d/devpi-common/devpi-common-${version}.tar.gz";
sha256 = "0l3a7iyk596x6pvzg7604lzzi012qszr804fqn6f517zcy1xz23j";
};
propagatedBuildInputs = with pkgs.python3Packages; [ requests py ];
meta = {
homepage = https://bitbucket.org/hpk42/devpi;
description = "Utilities jointly used by devpi-server and devpi-client";
license = licenses.mit;
maintainers = with maintainers; [ lewo makefu ];
};
};
devpi-server = pkgs.python3Packages.buildPythonPackage rec {
name = "devpi-server";
version = "4.1.1";
# original postFixup adds "import sys; sys.argv[0] = 'devpi-server'" to
# `.devpi-server-wrapped` which
# results in "not existing devpi-server: 'devpi-server'"
postFixup = "";
src = pkgs.fetchurl {
url = "mirror://pypi/d/devpi-server/devpi-server-${version}.tar.gz";
sha256 = "1icbn1nw6w0sc5150fr69rlhs0j5ldnnxfzl2qabq2wi0dbar8hf";
};
propagatedBuildInputs = with pkgs.python3Packages;
[ devpi-common-3 execnet itsdangerous pluggy waitress pyramid ];
buildInputs = with pkgs.python3Packages; [ pytest beautifulsoup4 webtest ];
meta = {
homepage = https://bitbucket.org/hpk42/devpi;
description = "Devpi Server";
license = licenses.mit;
maintainers = with maintainers; [ makefu ];
};
};
in {
inherit devpi-server devpi-client;
devpi-web = pkgs.python3.buildEnv.override {
extraLibs = [ devpi-web devpi-server ];
};

29
makefu/5pkgs/pkg2zip/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ stdenv, lib, pkgs, fetchFromGitHub, ... }:
stdenv.mkDerivation rec {
name = "pkg2zip-2017-12-01";
rev = "fccad26";
src = fetchFromGitHub {
owner = "mmozeiko";
repo = "pkg2zip";
inherit rev;
sha256 = "1sq9yx5cbllmc0yyxhvb6c0yq1mkd1mn8njgkkgxz8alw9zwlarp";
};
installPhase = ''
install -m755 -D pkg2zip $out/bin/pkg2zip
install -m755 -D rif2zrif.py $out/bin/rif2zrif
install -m755 -D zrif2rif.py $out/bin/zrif2rif
'';
buildInputs = with pkgs;[
python3
];
meta = {
homepage = https://github.com/St4rk/PkgDecrypt;
description = "St4rk's Vita pkg decrypter";
license = lib.licenses.gpl2;
};
}

1
makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname Normal file
View file

@ -0,0 +1 @@
dickbutt2342.onion

2
makefu/source.nix
View file

@ -11,7 +11,7 @@ let
then "buildbot"
else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
ref = "6778819"; # unstable @ 2017-11-14
ref = "3874de4"; # unstable @ 2017-12-08
# + do_sqlite3 ruby: 55a952be5b5
in