Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2018-11-30 23:19:32 +01:00
commit b8db729338
No known key found for this signature in database
GPG key ID: 36F7711F3FC0F225
21 changed files with 488 additions and 218 deletions

View file

@ -24,8 +24,9 @@ import Control.Monad.Extra (whenJustM)
import Graphics.X11.ExtraTypes.XF86 import Graphics.X11.ExtraTypes.XF86
import Text.Read (readEither) import Text.Read (readEither)
import XMonad import XMonad
import System.IO (hPutStrLn, stderr)
import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv) import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv)
import System.Exit (exitFailure)
import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile) import System.Posix.Process (executeFile)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
, removeEmptyWorkspace) , removeEmptyWorkspace)
@ -66,12 +67,14 @@ myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
main :: IO () main :: IO ()
main = getArgs >>= \case main = getArgs >>= \case
["--shutdown"] -> sendShutdownEvent [] -> mainNoArgs
_ -> mainNoArgs ["--shutdown"] -> shutdown
args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure
mainNoArgs :: IO () mainNoArgs :: IO ()
mainNoArgs = do mainNoArgs = do
workspaces0 <- getWorkspaces0 workspaces0 <- getWorkspaces0
handleShutdownEvent <- newShutdownEventHandler
xmonad xmonad
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 } -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
-- urgencyConfig { remindWhen = Every 1 } -- urgencyConfig { remindWhen = Every 1 }

View file

@ -644,47 +644,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
}; };
cabal = {
cores = 2;
nets = rec {
retiolum = {
ip4.addr = "10.243.1.4";
ip6.addr = "42::1:4";
aliases = [
"cabal.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A
SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj
rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK
qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e
LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq
rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3
6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE
fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v
yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A
kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR
KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi
TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U
oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs
TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw
3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD
rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ
4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf
luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py
w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG
09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1
K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g
ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
};
red = { red = {
monitoring = false; monitoring = false;
cores = 1; cores = 1;
@ -716,6 +675,36 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
}; };
yellow = {
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.0.14";
ip6.addr = "42:0:0:0:0:0:0:14";
aliases = [
"yellow.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP
MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY
b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU
Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd
OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP
vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6
C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp
Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU
52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg
zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p
DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ
Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje ";
};
blue = { blue = {
cores = 1; cores = 1;
nets = { nets = {

View file

@ -77,7 +77,190 @@ let
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh"; ExecStart = pkgs.writeDash "generate-wallpaper" ''
set -xeuf
# usage: getimg FILENAME URL
fetch() {
echo "fetch $1"
curl -LsS -z "$1" -o "$1" "$2"
}
# usage: check_type FILENAME TYPE
check_type() {
if ! file -ib "$1" | grep -q "^$2/"; then
echo "$1 is not of type $2" >&2
rm "$1"
return 1
fi
}
# usage: image_size FILENAME
image_size() {
identify "$1" | awk '{print$3}'
}
# usage: make_mask DST SRC MASK
make_layer() {
if needs_rebuild "$@"; then
echo "make $1 (apply mask)" >&2
convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1"
fi
}
# usage: flatten DST HILAYER LOLAYER
flatten() {
if needs_rebuild "$@"; then
echo "make $1 (flatten)" >&2
composite "$2" "$3" "$1"
fi
}
# usage: needs_rebuild DST SRC...
needs_rebuild() {
a="$1"
shift
if ! test -e "$a"; then
#echo " $a does not exist" >&2
result=0
else
result=1
for b; do
if test "$b" -nt "$a"; then
#echo " $b is newer than $a" >&2
result=0
fi
done
fi
#case $result in
# 0) echo "$a needs rebuild" >&2;;
#esac
return $result
}
main() {
cd ${cfg.workingDir}
# fetch source images in parallel
fetch nightmap-raw.jpg \
${cfg.nightmap} &
fetch daymap-raw.png \
${cfg.daymap} &
fetch clouds-raw.jpg \
${cfg.cloudmap} &
fetch marker.json \
${cfg.marker} &
wait
check_type nightmap-raw.jpg image
check_type daymap-raw.png image
check_type clouds-raw.jpg image
in_size=2048x1024
xplanet_out_size=1466x1200
out_geometry=1366x768+100+160
nightsnow_color='#0c1a49' # nightmap
for raw in \
nightmap-raw.jpg \
daymap-raw.png \
clouds-raw.jpg \
;
do
normal=''${raw%-raw.*}.png
if needs_rebuild $normal $raw; then
echo "make $normal; normalize $raw" >&2
convert $raw -scale $in_size $normal
fi
done
# create nightmap-fullsnow
if needs_rebuild nightmap-fullsnow.png; then
convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png
fi
# extract daymap-snowmask from daymap-final
if needs_rebuild daymap-snowmask.png daymap.png; then
convert daymap.png -threshold 95% daymap-snowmask.png
fi
# extract nightmap-lightmask from nightmap
if needs_rebuild nightmap-lightmask.png nightmap.png; then
convert nightmap.png -threshold 25% nightmap-lightmask.png
fi
# create layers
make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png
make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png
# apply layers
flatten nightmap-lightsnowlayer.png \
nightmap-lightlayer.png \
nightmap-snowlayer.png
flatten nightmap-final.png \
nightmap-lightsnowlayer.png \
nightmap.png
# create marker file from json
if [ -s marker.json ]; then
jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file
fi
# make all unmodified files as final
for normal in \
daymap.png \
clouds.png \
;
do
final=''${normal%.png}-final.png
needs_rebuild $final &&
ln $normal $final
done
# rebuild every time to update shadow
xplanet --num_times 1 --geometry $xplanet_out_size \
--output xplanet-output.png --projection merc \
-config ${pkgs.writeText "xplanet.config" ''
[earth]
"Earth"
map=daymap-final.png
night_map=nightmap-final.png
cloud_map=clouds-final.png
cloud_threshold=10
shade=15
''}
xplanet --num_times 1 --geometry $xplanet_out_size \
--output xplanet-krebs-output.png --projection merc \
-config ${pkgs.writeText "xplanet-krebs.config" ''
[earth]
"Earth"
map=daymap-final.png
night_map=nightmap-final.png
cloud_map=clouds-final.png
cloud_threshold=10
marker_file=marker_file
shade=15
''}
# trim xplanet output
if needs_rebuild realwallpaper.png xplanet-output.png; then
convert xplanet-output.png -crop $out_geometry \
realwallpaper-tmp.png
mv realwallpaper-tmp.png realwallpaper.png
fi
if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then
convert xplanet-krebs-output.png -crop $out_geometry \
realwallpaper-krebs-tmp.png
mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png
fi
}
main "$@"
'';
User = "realwallpaper"; User = "realwallpaper";
}; };
}; };

View file

@ -1,16 +1,16 @@
{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xft, X11-xshape { mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft
, xmonad, xmonad-contrib , X11-xshape, xmonad, xmonad-contrib
}: }:
mkDerivation rec { mkDerivation rec {
pname = "xmonad-stockholm"; pname = "xmonad-stockholm";
version = "1.2.0"; version = "1.3.0";
src = fetchgit { src = fetchgit {
url = http://cgit.ni.krebsco.de/xmonad-stockholm; url = http://cgit.ni.krebsco.de/xmonad-stockholm;
rev = "refs/tags/v${version}"; rev = "refs/tags/v1.3.0";
sha256 = "13mvmh3kk9a79l1nii028p0n7l95pb78wz9c4j42l90m02mg6cis"; sha256 = "1np5126wn67y0a1r60rnkq828s0w9zjnvai4b8zy3yc02xlkrjm9";
}; };
libraryHaskellDepends = [ libraryHaskellDepends = [
base containers X11 X11-xft X11-xshape xmonad xmonad-contrib base containers filepath unix X11 X11-xft X11-xshape xmonad xmonad-contrib
]; ];
license = stdenv.lib.licenses.mit; license = stdenv.lib.licenses.mit;
} }

View file

@ -1,24 +0,0 @@
{ stdenv, fetchgit, xplanet, imagemagick, curl, file }:
stdenv.mkDerivation {
name = "realwallpaper";
src = fetchgit {
url = https://github.com/Lassulus/realwallpaper;
rev = "847faebc9b7e87e4bea078e3a2304ec00b4cdfc0";
sha256 = "10zihkwj9vpshlxw2jk67zbsy8g4i8b1y4jzna9fdcsgn7s12jrr";
};
phases = [
"unpackPhase"
"installPhase"
];
buildInputs = [
];
installPhase = ''
mkdir -p $out
cp realwallpaper.sh $out/realwallpaper.sh
'';
}

View file

@ -1,16 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/baseX.nix>
<stockholm/lass/2configs/AP.nix>
<stockholm/lass/2configs/blue-host.nix>
];
krebs.build.host = config.krebs.hosts.cabal;
}

View file

@ -1,12 +0,0 @@
{
imports = [
./config.nix
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0"
'';
}

View file

@ -207,7 +207,6 @@ with import <stockholm/lib>;
RandomizedDelaySec = "2min"; RandomizedDelaySec = "2min";
}; };
} }
<stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix> <stockholm/lass/2configs/minecraft.nix>
{ {
services.taskserver = { services.taskserver = {
@ -338,6 +337,61 @@ with import <stockholm/lib>;
]; ];
} }
{
systemd.services."container@yellow".reloadIfChanged = mkForce false;
containers.yellow = {
config = { ... }: {
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
autoStart = false;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.13";
localAddress = "10.233.2.14";
};
services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = ''
if ($scheme != "https") {
rewrite ^ https://$host$uri permanent;
}
auth_basic "Restricted Content";
auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''
krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
''};
proxy_pass http://10.233.2.14:9091;
'';
users.groups.download = {};
users.users = {
download = {
createHome = true;
group = "download";
name = "download";
home = "/var/download";
useDefaultShell = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
lass-icarus.pubkey
lass-daedalus.pubkey
lass-helios.pubkey
makefu.pubkey
wine-mors.pubkey
];
};
};
system.activationScripts.downloadFolder = ''
mkdir -p /var/download
chmod 775 /var/download
ln -fs /var/lib/containers/yellow/var/download/finished /var/download/finished || :
chown download: /var/download/finished
'';
}
]; ];
krebs.build.host = config.krebs.hosts.prism; krebs.build.host = config.krebs.hosts.prism;

View file

@ -25,6 +25,11 @@
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/download" = {
device = "tank/download";
fsType = "zfs";
};
fileSystems."/var/lib/containers" = { fileSystems."/var/lib/containers" = {
device = "tank/containers"; device = "tank/containers";
fsType = "zfs"; fsType = "zfs";

View file

@ -7,6 +7,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/power-action.nix>
{ {
services.xserver.enable = true; services.xserver.enable = true;
services.xserver.desktopManager.xfce.enable = true; services.xserver.desktopManager.xfce.enable = true;

View file

@ -0,0 +1,132 @@
with import <stockholm/lib>;
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs>
<stockholm/lass/2configs/retiolum.nix>
];
krebs.build.host = config.krebs.hosts.yellow;
system.activationScripts.downloadFolder = ''
mkdir -p /var/download
chown download:download /var/download
chmod 775 /var/download
'';
users.users.download = { uid = genid "download"; };
users.groups.download.members = [ "transmission" ];
users.users.transmission.group = mkForce "download";
systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ];
services.transmission = {
enable = true;
settings = {
download-dir = "/var/download/finished";
incomplete-dir = "/var/download/incoming";
incomplete-dir-enable = true;
umask = "002";
rpc-whitelist-enabled = false;
rpc-host-whitelist-enabled = false;
};
};
krebs.iptables = {
enable = true;
tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
];
};
services.nginx.enable = true;
services.openvpn.servers.nordvpn.config = ''
client
dev tun
proto udp
remote 82.102.16.229 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no
explicit-exit-notify 3
remote-cert-tls server
#mute 10000
auth-user-pass ${toString <secrets/nordvpn.txt>}
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH
Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw
bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y
ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG
A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT
B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2
cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v
cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG
UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny
mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X
+D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT
ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI
583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA
VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT
Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh
MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ
MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy
Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW
EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ
e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW
//DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB
wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB
KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p
lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
49b2f54c6ee58d2d97331681bb577d55
054f56d92b743c31e80b684de0388702
ad3bf51088cd88f3fac7eb0729f2263c
51d82a6eb7e2ed4ae6dfa65b1ac764d0
b9dedf1379c1b29b36396d64cb6fd6b2
e61f869f9a13001dadc02db171f04c4d
c46d1132c1f31709e7b54a6eabae3ea8
fbd2681363c185f4cb1be5aa42a27c31
21db7b2187fd11c1acf224a0d5a44466
b4b5a3cc34ec0227fe40007e8b379654
f1e8e2b63c6b46ee7ab6f1bd82f57837
92c209e8f25bc9ed493cb5c1d891ae72
7f54f4693c5b20f136ca23e639fd8ea0
865b4e22dd2af43e13e6b075f12427b2
08af9ffd09c56baa694165f57fe2697a
3377fa34aebcba587c79941d83deaf45
-----END OpenVPN Static key V1-----
</tls-auth>
'';
}

View file

@ -0,0 +1,8 @@
{
imports = [
./config.nix
];
boot.isContainer = true;
networking.useDHCP = false;
environment.variables.NIX_REMOTE = "daemon";
}

View file

@ -126,6 +126,12 @@ in {
restartIfChanged = false; restartIfChanged = false;
}; };
nixpkgs.config.packageOverrides = super: {
dmenu = pkgs.writeDashBin "dmenu" ''
${pkgs.fzfmenu}/bin/fzfmenu "$@"
'';
};
krebs.xresources.enable = true; krebs.xresources.enable = true;
lass.screenlock.enable = true; lass.screenlock.enable = true;
} }

View file

@ -1,65 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
users.extraUsers = {
download = {
name = "download";
home = "/var/download";
createHome = true;
useDefaultShell = true;
extraGroups = [
"download"
];
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
lass-icarus.pubkey
lass-daedalus.pubkey
lass-helios.pubkey
makefu.pubkey
wine-mors.pubkey
];
};
transmission = {
extraGroups = [
"download"
];
};
};
users.extraGroups = {
download = {
members = [
"download"
"transmission"
];
};
};
krebs.rtorrent = {
enable = true;
web = {
enable = true;
port = 9091;
basicAuth = import <secrets/torrent-auth>;
};
rutorrent.enable = true;
enableXMLRPC = true;
listenPort = 51413;
downloadDir = "/var/download/finished";
# dump old torrents into watch folder to have them re-added
watchDir = "/var/download/watch";
};
krebs.iptables = {
enable = true;
tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
];
};
}

View file

@ -93,6 +93,7 @@ with import <stockholm/lib>;
{ from = "neocron@lassul.us"; to = lass.mail; } { from = "neocron@lassul.us"; to = lass.mail; }
{ from = "osmocom@lassul.us"; to = lass.mail; } { from = "osmocom@lassul.us"; to = lass.mail; }
{ from = "lesswrong@lassul.us"; to = lass.mail; } { from = "lesswrong@lassul.us"; to = lass.mail; }
{ from = "nordvpn@lassul.us"; to = lass.mail; }
]; ];
system-aliases = [ system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; } { from = "mailer-daemon"; to = "postmaster"; }

View file

@ -66,22 +66,6 @@ in {
locations."/tinc".extraConfig = '' locations."/tinc".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external; alias ${config.krebs.tinc_graphs.workingDir}/external;
''; '';
locations."/urlaubyay2018".extraConfig = ''
autoindex on;
alias /srv/http/lassul.us-media/india2018;
auth_basic "Restricted Content";
auth_basic_user_file ${pkgs.writeText "pics-user-pass" ''
paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0
''};
'';
locations."/heilstadt".extraConfig = ''
autoindex on;
alias /srv/http/lassul.us-media/grabowsee2018;
auth_basic "Restricted Content";
auth_basic_user_file ${pkgs.writeText "pics-user-pass" ''
c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0
''};
'';
locations."/krebspage".extraConfig = '' locations."/krebspage".extraConfig = ''
default_type "text/html"; default_type "text/html";
alias ${pkgs.krebspage}/index.html; alias ${pkgs.krebspage}/index.html;

View file

@ -25,6 +25,8 @@ import Control.Monad.Extra (whenJustM)
import Data.List (isInfixOf) import Data.List (isInfixOf)
import Data.Monoid (Endo) import Data.Monoid (Endo)
import System.Environment (getArgs, lookupEnv) import System.Environment (getArgs, lookupEnv)
import System.Exit (exitFailure)
import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile) import System.Posix.Process (executeFile)
import XMonad.Actions.CopyWindow (copy, kill1) import XMonad.Actions.CopyWindow (copy, kill1)
import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.CycleWS (toggleWS)
@ -36,7 +38,7 @@ import XMonad.Hooks.EwmhDesktops (ewmh)
import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNext)
import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
import XMonad.Hooks.Place (placeHook, smart) import XMonad.Hooks.ManageHelpers (composeOne, doCenterFloat, (-?>))
import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (focusUrgent)
import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.FixedColumn (FixedColumn(..))
@ -49,7 +51,7 @@ import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Util.NamedWindows (getName) import XMonad.Util.NamedWindows (getName)
import XMonad.Util.Run (safeSpawn) import XMonad.Util.Run (safeSpawn)
import XMonad.Stockholm.Shutdown (handleShutdownEvent, sendShutdownEvent) import XMonad.Stockholm.Shutdown (newShutdownEventHandler, shutdown)
import XMonad.Stockholm.Pager (defaultWindowColors, pager, MatchMethod(MatchPrefix), PagerConfig(..)) import XMonad.Stockholm.Pager (defaultWindowColors, pager, MatchMethod(MatchPrefix), PagerConfig(..))
data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show) data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
@ -69,18 +71,20 @@ myFont = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"
main :: IO () main :: IO ()
main = getArgs >>= \case main = getArgs >>= \case
["--shutdown"] -> sendShutdownEvent [] -> main'
_ -> main' ["--shutdown"] -> shutdown
args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure
main' :: IO () main' :: IO ()
main' = do main' = do
handleShutdownEvent <- newShutdownEventHandler
xmonad $ ewmh xmonad $ ewmh
$ withUrgencyHook LibNotifyUrgencyHook $ withUrgencyHook LibNotifyUrgencyHook
$ def $ def
{ terminal = myTerm { terminal = myTerm
, modMask = mod4Mask , modMask = mod4Mask
, layoutHook = smartBorders $ myLayoutHook , layoutHook = smartBorders $ myLayoutHook
, manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks , manageHook = floatHooks <+> floatNextHook
, startupHook = , startupHook =
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
(\path -> forkFile path [] Nothing) (\path -> forkFile path [] Nothing)
@ -95,13 +99,12 @@ myLayoutHook = defLayout
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat) defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
floatHooks :: Query (Endo WindowSet) floatHooks :: Query (Endo WindowSet)
floatHooks = composeAll . concat $ floatHooks = composeOne
[ [ title =? t --> doFloat | t <- myTitleFloats] [ className =? "Pinentry" -?> doCenterFloat
, [ className =? c --> doFloat | c <- myClassFloats ] ] , title =? "fzfmenu" -?> doCenterFloat
where , title =? "glxgears" -?> doCenterFloat
myTitleFloats = [] , resource =? "Dialog" -?> doFloat
myClassFloats = ["Pinentry"] -- for gpg passphrase entry ]
myKeyMap :: [([Char], X ())] myKeyMap :: [([Char], X ())]
myKeyMap = myKeyMap =
@ -159,6 +162,9 @@ myKeyMap =
, ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") , ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
, ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") , ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
, ("M4-<F9>", spawn "${pkgs.redshift}/bin/redshift -O 4000 -g 0.9:0.8:0.8")
, ("M4-<F10>", spawn "${pkgs.redshift}/bin/redshift -x")
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
, ("M4-s", spawn "${pkgs.knav}/bin/knav") , ("M4-s", spawn "${pkgs.knav}/bin/knav")

View file

@ -0,0 +1,33 @@
{ pkgs, ... }:
pkgs.writeDashBin "fzfmenu" ''
set -efu
PROMPT=">"
for i in "$@"
do
case $i in
-p)
PROMPT="$2"
shift
shift
break
;;
*)
echo "Unknown option $1"
shift
;;
esac
done
INPUT=$(${pkgs.coreutils}/bin/cat)
OUTPUT="$(${pkgs.coreutils}/bin/mktemp)"
${pkgs.rxvt_unicode}/bin/urxvt \
-name fzfmenu -title fzfmenu \
-e ${pkgs.dash}/bin/dash -c \
"echo \"$INPUT\" | ${pkgs.fzf}/bin/fzf \
--history=/dev/null \
--no-sort \
--prompt=\"$PROMPT\" \
> \"$OUTPUT\"" 2>/dev/null
${pkgs.coreutils}/bin/cat "$OUTPUT"
${pkgs.coreutils}/bin/rm "$OUTPUT"
''

View file

@ -101,7 +101,7 @@ in {
"\${XMONAD_DATA_DIR}" "\${XMONAD_DATA_DIR}"
]}"; ]}";
ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem}"; ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem}";
ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem} --shutdown $MAINPID"; ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem} --shutdown";
User = cfg.user.name; User = cfg.user.name;
WorkingDirectory = cfg.user.home; WorkingDirectory = cfg.user.home;
}; };

View file

@ -19,10 +19,7 @@ pkgs.writeHaskellPackage "xmonad-tv" {
module Main where module Main where
import System.IO.Error (isDoesNotExistError, tryIOError)
import System.Exit (exitFailure) import System.Exit (exitFailure)
import Control.Monad (forever)
import Control.Concurrent (threadDelay)
import Control.Exception import Control.Exception
import Control.Monad.Extra (whenJustM) import Control.Monad.Extra (whenJustM)
@ -32,8 +29,6 @@ import XMonad
import System.IO (hPutStrLn, stderr) import System.IO (hPutStrLn, stderr)
import System.Environment (getArgs, getEnv, getEnvironment, lookupEnv) import System.Environment (getArgs, getEnv, getEnvironment, lookupEnv)
import System.Posix.Process (executeFile) import System.Posix.Process (executeFile)
import System.Posix.Signals (nullSignal, signalProcess)
import System.Posix.Types (ProcessID)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
, removeEmptyWorkspace) , removeEmptyWorkspace)
import XMonad.Actions.GridSelect import XMonad.Actions.GridSelect
@ -65,26 +60,13 @@ myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
main :: IO () main :: IO ()
main = getArgs >>= \case main = getArgs >>= \case
[] -> mainNoArgs [] -> mainNoArgs
["--shutdown", pidArg] -> mainShutdown (read pidArg) ["--shutdown"] -> shutdown
args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure
mainShutdown :: ProcessID -> IO ()
mainShutdown pid = do
sendShutdownEvent
hPutStrLn stderr ("waiting for: " <> show pid)
result <- tryIOError (waitProcess pid)
if isSuccess result
then hPutStrLn stderr ("result: " <> show result <> " [AKA success^_^]")
else hPutStrLn stderr ("result: " <> show result)
where
isSuccess = either isDoesNotExistError (const False)
waitProcess :: ProcessID -> IO ()
waitProcess pid = forever (signalProcess nullSignal pid >> threadDelay 10000)
mainNoArgs :: IO () mainNoArgs :: IO ()
mainNoArgs = do mainNoArgs = do
workspaces0 <- getWorkspaces0 workspaces0 <- getWorkspaces0
handleShutdownEvent <- newShutdownEventHandler
xmonad xmonad
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def $ def