makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'lass/master'

Browse source
This commit is contained in:
makefu 2017-01-25 23:23:29 +01:00
parent 7e1bd2729e 89c5b22129
commit bf40573696
No known key found for this signature in database
GPG key ID: 36F7711F3FC0F225
63 changed files with 2533 additions and 388 deletions

214
krebs/3modules/Reaktor.nix
View file

@ -3,99 +3,88 @@
with import <stockholm/lib>;
let
ReaktorConfig = pkgs.writeText "config.py" ''
${if (isString cfg.overrideConfig ) then ''
# Overriden Config
${cfg.overrideConfig}
'' else ""}
## Extra Config
${concatStringsSep "\n" (map (plug: plug.config) cfg.plugins)}
${cfg.extraConfig}
'';
cfg = config.krebs.Reaktor;
workdir = "/var/lib/Reaktor";
out = {
options.krebs.Reaktor = api;
config = lib.mkIf cfg.enable imp;
config = imp;
};
api = {
enable = mkOption {
default = false;
description = ''
Start Reaktor at system boot
'';
};
api = mkOption {
default = {};
type = with types; attrsOf (submodule ({ options = {
nickname = mkOption {
default = config.krebs.build.host.name + "|r";
type = types.string;
description = ''
The nick name of the irc bot.
Defaults to {hostname}|r
'';
};
nickname = mkOption {
default = config.krebs.build.host.name + "|r";
type = types.string;
description = ''
The nick name of the irc bot.
Defaults to {hostname}|r
'';
};
overrideConfig = mkOption {
default = null;
type = types.nullOr types.str;
description = ''
configuration to be used instead of default ones.
Reaktor default cfg can be retrieved via `reaktor get-config`
'';
};
plugins = mkOption {
default = [pkgs.ReaktorPlugins.nixos-version];
};
extraConfig = mkOption {
default = "";
type = types.string;
description = ''
configuration appended to the default or overridden configuration
'';
};
overrideConfig = mkOption {
default = null;
type = types.nullOr types.str;
description = ''
configuration to be used instead of default ones.
Reaktor default cfg can be retrieved via `reaktor get-config`
'';
};
workdir = mkOption {
default = "/var/lib/Reaktor";
type = types.str;
description = ''
Reaktor working directory
'';
};
extraEnviron = mkOption {
default = {};
type = types.attrsOf types.str;
description = ''
Environment to be provided to the service, can be:
REAKTOR_HOST
REAKTOR_PORT
REAKTOR_STATEDIR
plugins = mkOption {
default = [pkgs.ReaktorPlugins.nixos-version];
};
debug and nickname can be set separately via the Reaktor api
'';
};
channels = mkOption {
default = [ "#krebs" ];
type = types.listOf types.str;
description = ''
Channels the Reaktor should connect to at startup.
'';
};
debug = mkOption {
default = false;
description = ''
Reaktor debug output
'';
};
extraConfig = mkOption {
default = "";
type = types.string;
description = ''
configuration appended to the default or overridden configuration
'';
};
extraEnviron = mkOption {
default = {};
type = types.attrsOf types.str;
description = ''
Environment to be provided to the service, can be:
REAKTOR_HOST
REAKTOR_PORT
REAKTOR_STATEDIR
debug and nickname can be set separately via the Reaktor api
'';
};
channels = mkOption {
default = [ "#krebs" ];
type = types.listOf types.str;
description = ''
Channels the Reaktor should connect to at startup.
'';
};
debug = mkOption {
default = false;
description = ''
Reaktor debug output
'';
};
};}));
};
imp = {
# TODO get user per configured bot
# TODO get home from api
# for reaktor get-config
users.extraUsers = singleton rec {
name = "Reaktor";
uid = genid name;
description = "Reaktor user";
home = cfg.workdir;
home = workdir;
createHome = true;
};
@ -104,39 +93,52 @@ let
# gid = config.ids.gids.Reaktor;
#};
systemd.services.Reaktor = {
path = with pkgs; [
utillinux #flock for tell_on-join
git # for nag
python # for caps
];
description = "Reaktor IRC Bot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
REAKTOR_NICKNAME = cfg.nickname;
REAKTOR_DEBUG = (if cfg.debug then "True" else "False");
REAKTOR_CHANNELS = lib.concatStringsSep "," cfg.channels;
state_dir = cfg.workdir;
} // cfg.extraEnviron;
serviceConfig= {
ExecStartPre = pkgs.writeScript "Reaktor-init" ''
#! /bin/sh
${if (isString cfg.overrideConfig) then
''cp ${ReaktorConfig} /tmp/config.py''
else
''(${pkgs.Reaktor}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/config.py''
}
systemd.services = mapAttrs' (name: botcfg:
let
ReaktorConfig = pkgs.writeText "config.py" ''
${if (isString botcfg.overrideConfig ) then ''
# Overriden Config
${botcfg.overrideConfig}
'' else ""}
## Extra Config
${concatStringsSep "\n" (map (plug: plug.config) botcfg.plugins)}
${botcfg.extraConfig}
'';
ExecStart = "${pkgs.Reaktor}/bin/reaktor run /tmp/config.py";
PrivateTmp = "true";
User = "Reaktor";
Restart = "always";
RestartSec= "30" ;
in nameValuePair "Reaktor-${name}" {
path = with pkgs; [
utillinux #flock for tell_on-join
git # for nag
python # for caps
];
description = "Reaktor IRC Bot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
REAKTOR_NICKNAME = botcfg.nickname;
REAKTOR_DEBUG = (if botcfg.debug then "True" else "False");
REAKTOR_CHANNELS = lib.concatStringsSep "," botcfg.channels;
state_dir = workdir;
} // botcfg.extraEnviron;
serviceConfig= {
ExecStartPre = pkgs.writeScript "Reaktor-init" ''
#! /bin/sh
${if (isString botcfg.overrideConfig) then
''cp ${ReaktorConfig} /tmp/reaktor-${name}-config.py''
else
''(${pkgs.Reaktor}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/reaktor-${name}-config.py''
}
'';
ExecStart = "${pkgs.Reaktor}/bin/reaktor run /tmp/reaktor-${name}-config.py";
PrivateTmp = "true";
User = "Reaktor";
Restart = "always";
RestartSec= "30" ;
};
};
}
) cfg;
};
in

3
krebs/3modules/default.nix
View file

@ -93,6 +93,7 @@ let
{ krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; }
{ krebs = import ./mv { inherit config; }; }
{ krebs = import ./nin { inherit config; }; }
{ krebs = import ./shared { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
{
@ -200,7 +201,7 @@ let
})
//
# GitHub's IPv4 address range is 192.30.252.0/22
# Refs https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/
# Refs https://help.github.com/articles/github-s-ip-addresses/
# 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses)
# Because line length is limited by OPENSSH_LINE_MAX (= 8192),
# we split each /24 into its own entry.

1
krebs/3modules/exim-smarthost.nix
View file

@ -2,7 +2,6 @@
with import <stockholm/lib>;
let
indent = replaceChars ["\n"] ["\n "];
cfg = config.krebs.exim-smarthost;
out = {

2
krebs/3modules/fetchWallpaper.nix
View file

@ -45,7 +45,7 @@ let
mkdir -p ${shell.escape cfg.stateDir}
cd ${shell.escape cfg.stateDir}
curl -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper
(curl -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
'';

8
krebs/3modules/git.nix
View file

@ -339,9 +339,11 @@ let
description = "Git repository hosting user";
shell = "/bin/sh";
openssh.authorizedKeys.keys =
mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
(filterAttrs (_: user: isString user.pubkey)
config.krebs.users);
unique
(sort lessThan
(map (makeAuthorizedKey git-ssh-command)
(filter (user: isString user.pubkey)
(concatMap (getAttr "user") cfg.rules))));
};
};

2
krebs/3modules/nginx.nix
View file

@ -129,8 +129,6 @@ let
};
};
indent = replaceChars ["\n"] ["\n "];
to-acme = { server-names, ssl, ... }:
optionalAttrs ssl.acmeEnable {
email = "lassulus@gmail.com";

65
krebs/3modules/nin/default.nix Normal file
View file

@ -0,0 +1,65 @@
{ config, ... }:
with import <stockholm/lib>;
{
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.nin) {
hiawatha = {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.132.96";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
aliases = [
"hiawatha.retiolum"
"hiawatha.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
};
onondaga = {
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.132.55";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
aliases = [
"onondaga.retiolum"
"onondaga.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR
OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu
htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH
xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO
kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn
hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO";
};
};
users = {
nin = {
mail = "nin@hiawatha.retiolum";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
};
};
}

2
krebs/3modules/tv/default.nix
View file

@ -85,7 +85,7 @@ with import <stockholm/lib>;
};
nets = {
internet = {
ip4.addr = "45.62.237.203";
ip4.addr = "64.137.177.226";
aliases = [
"cd.i"
"cd.krebsco.de"

10
krebs/4lib/infest/prepare.sh
View file

@ -143,10 +143,10 @@ prepare_common() {(
mkdir -p /mnt/boot
if mount | grep -Fq ' on /boot type '; then
bootdev=$(mount | grep " on /boot type " | sed 's/ .*//')
mount $bootdev /mnt/boot
bootpart=$(mount | grep ' on /boot type ' | sed 's/ .*//')
mount $bootpart /mnt/boot
else
mount --bind /boot/ /mnt/boot
mount --bind /boot /mnt/boot
fi
fi
@ -155,10 +155,12 @@ prepare_common() {(
# prepare install directory
#
rootpart=$(mount | grep " on / type" | sed 's/ .*//')
rootpart=$(mount | grep ' on / type ' | sed 's/ .*//')
mkdir -p /mnt/etc/nixos
mkdir -m 0555 -p /mnt/var/empty
mkdir -p /mnt/var/src
touch /mnt/var/src/.populate
if ! mount | grep -Fq "$rootpart on /mnt/root type "; then
mkdir -p /mnt/root

12
krebs/5pkgs/Reaktor/plugins.nix
View file

@ -116,4 +116,16 @@ rec {
commands.insert(0,titlebot_cmd('clear'))
'';
};
url-title = (buildSimpleReaktorPlugin "url-title" {
pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)$$";
path = with pkgs; [ curl perl ];
script = pkgs.writeDash "lambda-pl" ''
if [ "$#" -gt 0 ]; then
curl -SsL --max-time 5 "$1" |
perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)(?: - youtube)?\s*<\/title/si'
fi
'';
});
}

13
krebs/5pkgs/bepasty-client-cli/default.nix
View file

@ -1,17 +1,18 @@
{ lib, pkgs, pythonPackages, fetchurl, ... }:
{ lib, pkgs, pythonPackages, fetchFromGitHub, ... }:
with pythonPackages; buildPythonPackage rec {
name = "bepasty-client-cli-${version}";
version = "0.3.0";
name = "bepasty-client-cli";
propagatedBuildInputs = [
python_magic
click
requests2
];
src = fetchurl {
url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz";
sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw";
src = fetchFromGitHub {
owner = "bepasty";
repo = "bepasty-client-cli";
rev = "4b7135ba8ba1e17501de08ad7b6aca73c0d949d2";
sha256 = "1svchyk9zai1vip9ppm12jm7wfjbdr9ijhgcd2n10xh73jrn9cnc";
};
meta = {

23
krebs/5pkgs/kapacitor/default.nix Normal file
View file

@ -0,0 +1,23 @@
{ stdenv, lib, fetchFromGitHub, buildGoPackage }:
buildGoPackage rec {
name = "kapacitor-${version}";
version = "1.0.0";
goPackagePath = "github.com/influxdata/kapacitor";
src = fetchFromGitHub {
owner = "influxdata";
repo = "kapacitor";
rev = "v${version}";
sha256 = "14l9bhj6qdif79s4dyqqbnjgj3m4iarvw0ckld1wdhpdgvl8w9qh";
};
meta = with lib; {
description = "Open source framework for processing, monitoring, and alerting on time series data";
license = licenses.mit;
homepage = https://influxdata.com/time-series-platform/kapacitor/;
maintainers = with maintainers; [offline];
platforms = with platforms; linux;
};
}

27
krebs/5pkgs/telegraf/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ lib, buildGoPackage, fetchFromGitHub }:
buildGoPackage rec {
name = "telegraf-${version}";
version = "1.1.2";
goPackagePath = "github.com/influxdata/telegraf";
excludedPackages = "test";
src = fetchFromGitHub {
owner = "influxdata";
repo = "telegraf";
rev = "${version}";
sha256 = "0dgrbdyz261j28wcq636125ha4xmfgh4y9shlg8m1y6jqdqd2zf2";
};
goDeps = ./. + builtins.toPath "/deps-${version}.nix";
meta = with lib; {
description = "The plugin-driven server agent for collecting & reporting metrics.";
license = licenses.mit;
homepage = https://www.influxdata.com/time-series-platform/telegraf/;
maintainers = with maintainers; [ mic92 roblabla ];
platforms = platforms.linux;
};
}

588
krebs/5pkgs/telegraf/deps-1.1.2.nix Normal file
View file

@ -0,0 +1,588 @@
# This file was generated by go2nix.
[
{
goPackagePath = "github.com/Shopify/sarama";
fetch = {
type = "git";
url = "https://github.com/Shopify/sarama";
rev = "8aadb476e66ca998f2f6bb3c993e9a2daa3666b9";
sha256 = "1ndaddqcll9r22jg9x36acanxv5ds3xwahrm4b6nmmg06670gksv";
};
}
{
goPackagePath = "github.com/Sirupsen/logrus";
fetch = {
type = "git";
url = "https://github.com/Sirupsen/logrus";
rev = "219c8cb75c258c552e999735be6df753ffc7afdc";
sha256 = "04v55846v1535dplldyjhr0yqxl6n1mr4kiy2vz3ragv92xpshr6";
};
}
{
goPackagePath = "github.com/aerospike/aerospike-client-go";
fetch = {
type = "git";
url = "https://github.com/aerospike/aerospike-client-go";
rev = "7f3a312c3b2a60ac083ec6da296091c52c795c63";
sha256 = "05ancqplckvni9xp6xd4bv2pgkfa4v23svfcg27m8xinzi4ry219";
};
}
{
goPackagePath = "github.com/amir/raidman";
fetch = {
type = "git";
url = "https://github.com/amir/raidman";
rev = "53c1b967405155bfc8758557863bf2e14f814687";
sha256 = "08a6zz4akkm7lk02w53vfhkxdf0ikv32x41rc4jyi2qaf0wyw6b4";
};
}
{
goPackagePath = "github.com/aws/aws-sdk-go";
fetch = {
type = "git";
url = "https://github.com/aws/aws-sdk-go";
rev = "13a12060f716145019378a10e2806c174356b857";
sha256 = "09yl85kk2y4ayk44af5rbnkq4vy82vbh2z5ac4vpl2vgv7zyh46h";
};
}
{
goPackagePath = "github.com/beorn7/perks";
fetch = {
type = "git";
url = "https://github.com/beorn7/perks";
rev = "3ac7bf7a47d159a033b107610db8a1b6575507a4";
sha256 = "1qc3l4r818xpvrhshh1sisc5lvl9479qspcfcdbivdyh0apah83r";
};
}
{
goPackagePath = "github.com/cenkalti/backoff";
fetch = {
type = "git";
url = "https://github.com/cenkalti/backoff";
rev = "4dc77674aceaabba2c7e3da25d4c823edfb73f99";
sha256 = "0icf4vrgzksr0g8h6y00rd92h1mym6waf3mbqpf890bkw60gnm0w";
};
}
{
goPackagePath = "github.com/couchbase/go-couchbase";
fetch = {
type = "git";
url = "https://github.com/couchbase/go-couchbase";
rev = "cb664315a324d87d19c879d9cc67fda6be8c2ac1";
sha256 = "1dfw1apwrlfwl7bahb6dy5g9z2vs431l4lpaj3k9bnm13p0awivr";
};
}
{
goPackagePath = "github.com/couchbase/gomemcached";
fetch = {
type = "git";
url = "https://github.com/couchbase/gomemcached";
rev = "a5ea6356f648fec6ab89add00edd09151455b4b2";
sha256 = "00x57qqdv9ciyxiw2y6p4s65sfgi4cs6zi39qlqlw90nh133xnwi";
};
}
{
goPackagePath = "github.com/couchbase/goutils";
fetch = {
type = "git";
url = "https://github.com/couchbase/goutils";
rev = "5823a0cbaaa9008406021dc5daf80125ea30bba6";
sha256 = "15v5ps2i2y2hczwxs2ci4c2w4p3pn3bl7vc5wlaqnc7i14f9285c";
};
}
{
goPackagePath = "github.com/dancannon/gorethink";
fetch = {
type = "git";
url = "https://github.com/dancannon/gorethink";
rev = "e7cac92ea2bc52638791a021f212145acfedb1fc";
sha256 = "0f9gwsqf93qzvfpdwgam7vcfzrrkcj2s9ms4p056kcyxv9snwq3g";
};
}
{
goPackagePath = "github.com/davecgh/go-spew";
fetch = {
type = "git";
url = "https://github.com/davecgh/go-spew";
rev = "5215b55f46b2b919f50a1df0eaa5886afe4e3b3d";
sha256 = "15h9kl73rdbzlfmsdxp13jja5gs7sknvqkpq2qizq3qv3nr1x8dk";
};
}
{
goPackagePath = "github.com/docker/engine-api";
fetch = {
type = "git";
url = "https://github.com/docker/engine-api";
rev = "8924d6900370b4c7e7984be5adc61f50a80d7537";
sha256 = "1klimc3d1a2vfgl14a7js20ricpghq5jzvh8l46kf87ycjwc0q4n";
};
}
{
goPackagePath = "github.com/docker/go-connections";
fetch = {
type = "git";
url = "https://github.com/docker/go-connections";
rev = "f549a9393d05688dff0992ef3efd8bbe6c628aeb";
sha256 = "0k1yf4bimmwxc0qiz997nagfmddbm8nwb0c1q16387m8lgw1gbwg";
};
}
{
goPackagePath = "github.com/docker/go-units";
fetch = {
type = "git";
url = "https://github.com/docker/go-units";
rev = "5d2041e26a699eaca682e2ea41c8f891e1060444";
sha256 = "0hn8xdbaykp046inc4d2mwig5ir89ighma8hk18dfkm8rh1vvr8i";
};
}
{
goPackagePath = "github.com/eapache/go-resiliency";
fetch = {
type = "git";
url = "https://github.com/eapache/go-resiliency";
rev = "b86b1ec0dd4209a588dc1285cdd471e73525c0b3";
sha256 = "1kzv95bh3nidm2cr7iv9lk3s2qiw1i17n8gyl2x6xk6qv8b0bc21";
};
}
{
goPackagePath = "github.com/eapache/queue";
fetch = {
type = "git";
url = "https://github.com/eapache/queue";
rev = "ded5959c0d4e360646dc9e9908cff48666781367";
sha256 = "0inclypw0kln8hsn34c5ww34h0qa9fcqwak93lac5dp59rz5430n";
};
}
{
goPackagePath = "github.com/eclipse/paho.mqtt.golang";
fetch = {
type = "git";
url = "https://github.com/eclipse/paho.mqtt.golang";
rev = "0f7a459f04f13a41b7ed752d47944528d4bf9a86";
sha256 = "13l6mrx9z859r4r7kpa9rsbf4ni7dn6xgz8iyv2xnz53pqffanjh";
};
}
{
goPackagePath = "github.com/go-sql-driver/mysql";
fetch = {
type = "git";
url = "https://github.com/go-sql-driver/mysql";
rev = "1fca743146605a172a266e1654e01e5cd5669bee";
sha256 = "02vbq8j4r3skg3fmiv1wvjqh1542dr515w8f3d42b5lpwc1fsn38";
};
}
{
goPackagePath = "github.com/gobwas/glob";
fetch = {
type = "git";
url = "https://github.com/gobwas/glob";
rev = "49571a1557cd20e6a2410adc6421f85b66c730b5";
sha256 = "16j7pdxajqrl20a737p7kgsngr2f7gkkpgqxxmfkrmgckgkc8cvk";
};
}
{
goPackagePath = "github.com/golang/protobuf";
fetch = {
type = "git";
url = "https://github.com/golang/protobuf";
rev = "552c7b9542c194800fd493123b3798ef0a832032";
sha256 = "1zaw1xxnvgsvfcrv5xkn1f7p87vyh9i6mc44csl11fgc2hvqp6xm";
};
}
{
goPackagePath = "github.com/golang/snappy";
fetch = {
type = "git";
url = "https://github.com/golang/snappy";
rev = "d9eb7a3d35ec988b8585d4a0068e462c27d28380";
sha256 = "0wynarlr1y8sm9y9l29pm9dgflxriiialpwn01066snzjxnpmbyn";
};
}
{
goPackagePath = "github.com/gonuts/go-shellquote";
fetch = {
type = "git";
url = "https://github.com/gonuts/go-shellquote";
rev = "e842a11b24c6abfb3dd27af69a17f482e4b483c2";
sha256 = "19lbz7wl241bsyzsv2ai40b2vnj8c9nl107b6jf9gid3i6h0xydg";
};
}
{
goPackagePath = "github.com/gorilla/context";
fetch = {
type = "git";
url = "https://github.com/gorilla/context";
rev = "1ea25387ff6f684839d82767c1733ff4d4d15d0a";
sha256 = "1nh1nzxcsgd215x4xn59wc4cbqfa8zvhvnnx5p8fkrn4bj1cgak4";
};
}
{
goPackagePath = "github.com/gorilla/mux";
fetch = {
type = "git";
url = "https://github.com/gorilla/mux";
rev = "c9e326e2bdec29039a3761c07bece13133863e1e";
sha256 = "1bplp6v14isjdfpf8328k8bvkn35n451axkxlm822d9h5ccg47g6";
};
}
{
goPackagePath = "github.com/hailocab/go-hostpool";
fetch = {
type = "git";
url = "https://github.com/hailocab/go-hostpool";
rev = "e80d13ce29ede4452c43dea11e79b9bc8a15b478";
sha256 = "05ld4wp3illkbgl043yf8jq9y1ld0zzvrcg8jdij129j50xgfxny";
};
}
{
goPackagePath = "github.com/hashicorp/consul";
fetch = {
type = "git";
url = "https://github.com/hashicorp/consul";
rev = "5aa90455ce78d4d41578bafc86305e6e6b28d7d2";
sha256 = "1xas814kkhwnjg5ghhlkgygcgi5p7h6dczmpbrzzh3yygbfdzxgw";
};
}
{
goPackagePath = "github.com/hpcloud/tail";
fetch = {
type = "git";
url = "https://github.com/hpcloud/tail";
rev = "b2940955ab8b26e19d43a43c4da0475dd81bdb56";
sha256 = "1x266pdfvcymsbdrdsns06qq5qfjb62z6h4512ylhakbm64qkn4s";
};
}
{
goPackagePath = "github.com/influxdata/config";
fetch = {
type = "git";
url = "https://github.com/influxdata/config";
rev = "b79f6829346b8d6e78ba73544b1e1038f1f1c9da";
sha256 = "0k4iywy83n3kq2f58a41rjinj03wp1di67aacpf04p25qmf46c4z";
};
}
{
goPackagePath = "github.com/influxdata/influxdb";
fetch = {
type = "git";
url = "https://github.com/influxdata/influxdb";
rev = "fc57c0f7c635df3873f3d64f0ed2100ddc94d5ae";
sha256 = "07cv1gryp4a84a2acgc8k8alr7jw4jwphf12cby8jjy1br35jrbq";
};
}
{
goPackagePath = "github.com/influxdata/toml";
fetch = {
type = "git";
url = "https://github.com/influxdata/toml";
rev = "af4df43894b16e3fd2b788d01bd27ad0776ef2d0";
sha256 = "1faf51s89sk1z41qfsazmddgwll7jq9xna67k3h3vry86c4vs2j4";
};
}
{
goPackagePath = "github.com/influxdata/wlog";
fetch = {
type = "git";
url = "https://github.com/influxdata/wlog";
rev = "7c63b0a71ef8300adc255344d275e10e5c3a71ec";
sha256 = "04kw4kivxvr3kkmghj3427b1xyhzbhnfr971qfn3lv2vvhs8kpfl";
};
}
{
goPackagePath = "github.com/kardianos/osext";
fetch = {
type = "git";
url = "https://github.com/kardianos/osext";
rev = "29ae4ffbc9a6fe9fb2bc5029050ce6996ea1d3bc";
sha256 = "1mawalaz84i16njkz6f9fd5jxhcbxkbsjnav3cmqq2dncv2hyv8a";
};
}
{
goPackagePath = "github.com/kardianos/service";
fetch = {
type = "git";
url = "https://github.com/kardianos/service";
rev = "5e335590050d6d00f3aa270217d288dda1c94d0a";
sha256 = "1g10qisgywfqj135yyiq63pnbjgr201gz929ydlgyzqq6yk3bn3h";
};
}
{
goPackagePath = "github.com/klauspost/crc32";
fetch = {
type = "git";
url = "https://github.com/klauspost/crc32";
rev = "19b0b332c9e4516a6370a0456e6182c3b5036720";
sha256 = "0fcnsf1m0bzplgp28dz8skza6l7rc65s180x85rzbdl9l3zzi43r";
};
}
{
goPackagePath = "github.com/lib/pq";
fetch = {
type = "git";
url = "https://github.com/lib/pq";
rev = "e182dc4027e2ded4b19396d638610f2653295f36";
sha256 = "1636v3snixapjf7rbjq0xn1sbym7hwckqfla0dm5cr4a5q4fw5cj";
};
}
{
goPackagePath = "github.com/matttproud/golang_protobuf_extensions";
fetch = {
type = "git";
url = "https://github.com/matttproud/golang_protobuf_extensions";
rev = "d0c3fe89de86839aecf2e0579c40ba3bb336a453";
sha256 = "0jkjgpi1s8l9bdbf14fh8050757jqy36kn1l1hxxlb2fjn1pcg0r";
};
}
{
goPackagePath = "github.com/miekg/dns";
fetch = {
type = "git";
url = "https://github.com/miekg/dns";
rev = "cce6c130cdb92c752850880fd285bea1d64439dd";
sha256 = "098gadhfjiijlgq497gbccvf26xrmjvln1fws56m0ljcgszq3jdx";
};
}
{
goPackagePath = "github.com/mreiferson/go-snappystream";
fetch = {
type = "git";
url = "https://github.com/mreiferson/go-snappystream";
rev = "028eae7ab5c4c9e2d1cb4c4ca1e53259bbe7e504";
sha256 = "0jdd5whp74nvg35d9hzydsi3shnb1vrnd7shi9qz4wxap7gcrid6";
};
}
{
goPackagePath = "github.com/naoina/go-stringutil";
fetch = {
type = "git";
url = "https://github.com/naoina/go-stringutil";
rev = "6b638e95a32d0c1131db0e7fe83775cbea4a0d0b";
sha256 = "00831p1wn3rimybk1z8l30787kn1akv5jax5wx743nn76qcmkmc6";
};
}
{
goPackagePath = "github.com/nats-io/nats";
fetch = {
type = "git";
url = "https://github.com/nats-io/nats";
rev = "ea8b4fd12ebb823073c0004b9f09ac8748f4f165";
sha256 = "0i5f6n9k0d2vzdy20sqygmss5j45y72irxsi80grjsh7qkxa6vn1";
};
}
{
goPackagePath = "github.com/nats-io/nuid";
fetch = {
type = "git";
url = "https://github.com/nats-io/nuid";
rev = "a5152d67cf63cbfb5d992a395458722a45194715";
sha256 = "0fphar5bz735wwa7549j31nxnm5a9dyw472gs9zafz0cv7g8np40";
};
}
{
goPackagePath = "github.com/nsqio/go-nsq";
fetch = {
type = "git";
url = "https://github.com/nsqio/go-nsq";
rev = "0b80d6f05e15ca1930e0c5e1d540ed627e299980";
sha256 = "1zi9jazjfzilp2g0xy30dlx9nd9g47cjqrnqxallly97mz9n01xr";
};
}
{
goPackagePath = "github.com/opencontainers/runc";
fetch = {
type = "git";
url = "https://github.com/opencontainers/runc";
rev = "89ab7f2ccc1e45ddf6485eaa802c35dcf321dfc8";
sha256 = "1rnaqcsww7plr430r4ksv9si4l91l25li0bwa1b03g3sn2shirk1";
};
}
{
goPackagePath = "github.com/prometheus/client_golang";
fetch = {
type = "git";
url = "https://github.com/prometheus/client_golang";
rev = "18acf9993a863f4c4b40612e19cdd243e7c86831";
sha256 = "1gyjvwnvgyl0fs4hd2vp5hj1dsafhwb2h55w8zgzdpshvhwrpmhv";
};
}
{
goPackagePath = "github.com/prometheus/client_model";
fetch = {
type = "git";
url = "https://github.com/prometheus/client_model";
rev = "fa8ad6fec33561be4280a8f0514318c79d7f6cb6";
sha256 = "11a7v1fjzhhwsl128znjcf5v7v6129xjgkdpym2lial4lac1dhm9";
};
}
{
goPackagePath = "github.com/prometheus/common";
fetch = {
type = "git";
url = "https://github.com/prometheus/common";
rev = "e8eabff8812b05acf522b45fdcd725a785188e37";
sha256 = "08magd2aw7dqaa8bbv85404zvy120ify61msfpy75az5rdl5anxq";
};
}
{
goPackagePath = "github.com/prometheus/procfs";
fetch = {
type = "git";
url = "https://github.com/prometheus/procfs";
rev = "406e5b7bfd8201a36e2bb5f7bdae0b03380c2ce8";
sha256 = "0yla9hz15pg63394ygs9iiwzsqyv29labl8p424hijwsc9z9nka8";
};
}
{
goPackagePath = "github.com/samuel/go-zookeeper";
fetch = {
type = "git";
url = "https://github.com/samuel/go-zookeeper";
rev = "218e9c81c0dd8b3b18172b2bbfad92cc7d6db55f";
sha256 = "1v0m6wn83v4pbqz6hs7z1h5hbjk7k6npkpl7icvcxdcjd7rmyjp2";
};
}
{
goPackagePath = "github.com/shirou/gopsutil";
fetch = {
type = "git";
url = "https://github.com/shirou/gopsutil";
rev = "4d0c402af66c78735c5ccf820dc2ca7de5e4ff08";
sha256 = "1wkp7chzpz6brq2y0k2mvsf0iaknns279wfsjn5gm6gvih49lqni";
};
}
{
goPackagePath = "github.com/soniah/gosnmp";
fetch = {
type = "git";
url = "https://github.com/soniah/gosnmp";
rev = "3fe3beb30fa9700988893c56a63b1df8e1b68c26";
sha256 = "0a0vlxx1plqj9fi863wd8ajbzl705wgma4qk75v949azgn1yx9ib";
};
}
{
goPackagePath = "github.com/streadway/amqp";
fetch = {
type = "git";
url = "https://github.com/streadway/amqp";
rev = "b4f3ceab0337f013208d31348b578d83c0064744";
sha256 = "1whcg2l6w2q7xrkk8q5y95i90ckq72bpgksii9ibrpyixbx7p5xp";
};
}
{
goPackagePath = "github.com/stretchr/testify";
fetch = {
type = "git";
url = "https://github.com/stretchr/testify";
rev = "1f4a1643a57e798696635ea4c126e9127adb7d3c";
sha256 = "0nam9d68rn8ha8ldif22kkgv6k6ph3y88fp26159wdrs63ca3bzl";
};
}
{
goPackagePath = "github.com/vjeantet/grok";
fetch = {
type = "git";
url = "https://github.com/vjeantet/grok";
rev = "83bfdfdfd1a8146795b28e547a8e3c8b28a466c2";
sha256 = "03zdcg9gy482gbasa7sw4cpw1k1n3dr2q06q80qnkqn268p7hp80";
};
}
{
goPackagePath = "github.com/wvanbergen/kafka";
fetch = {
type = "git";
url = "https://github.com/wvanbergen/kafka";
rev = "46f9a1cf3f670edec492029fadded9c2d9e18866";
sha256 = "1czmbilprffdbwnrq4wcllaqknbq91l6p0ni6b55fkaggnwck694";
};
}
{
goPackagePath = "github.com/wvanbergen/kazoo-go";
fetch = {
type = "git";
url = "https://github.com/wvanbergen/kazoo-go";
rev = "0f768712ae6f76454f987c3356177e138df258f8";
sha256 = "1paaayg03nknbnl3kdl0ybqv4llz7iwry7f29i0bh9srb6c87x16";
};
}
{
goPackagePath = "github.com/yuin/gopher-lua";
fetch = {
type = "git";
url = "https://github.com/yuin/gopher-lua";
rev = "bf3808abd44b1e55143a2d7f08571aaa80db1808";
sha256 = "02m7ly5yzc3snvxlfl9j4ggwd7v0kpvy3pqgqbfr7scdjxdap4nm";
};
}
{
goPackagePath = "github.com/zensqlmonitor/go-mssqldb";
fetch = {
type = "git";
url = "https://github.com/zensqlmonitor/go-mssqldb";
rev = "ffe5510c6fa5e15e6d983210ab501c815b56b363";
sha256 = "079x8ms8lv5p6253ppaxva37k6w04xnd38y8763rr2giswxqzlkl";
};
}
{
goPackagePath = "golang.org/x/crypto";
fetch = {
type = "git";
url = "https://go.googlesource.com/crypto";
rev = "c197bcf24cde29d3f73c7b4ac6fd41f4384e8af6";
sha256 = "1y2bbghi594m8p4pcm9pwrzql06179xj6zvhaghwcc6y0l48rbgp";
};
}
{
goPackagePath = "golang.org/x/net";
fetch = {
type = "git";
url = "https://go.googlesource.com/net";
rev = "6acef71eb69611914f7a30939ea9f6e194c78172";
sha256 = "1fcsv50sbq0lpzrhx3m9jw51wa255fsbqjwsx9iszq4d0gysnnvc";
};
}
{
goPackagePath = "golang.org/x/text";
fetch = {
type = "git";
url = "https://go.googlesource.com/text";
rev = "a71fd10341b064c10f4a81ceac72bcf70f26ea34";
sha256 = "1igxqrgnnb6983fl0yck0xal2hwnkcgbslr7cxyrg7a65vawd0q1";
};
}
{
goPackagePath = "gopkg.in/dancannon/gorethink.v1";
fetch = {
type = "git";
url = "https://gopkg.in/dancannon/gorethink.v1";
rev = "7d1af5be49cb5ecc7b177bf387d232050299d6ef";
sha256 = "0036hcadshka19bcqmq4mm9ssl9qhsx1n96lj1y24mh9g1api8fi";
};
}
{
goPackagePath = "gopkg.in/fatih/pool.v2";
fetch = {
type = "git";
url = "https://gopkg.in/fatih/pool.v2";
rev = "cba550ebf9bce999a02e963296d4bc7a486cb715";
sha256 = "1jlrakgnpvhi2ny87yrsj1gyrcncfzdhypa9i2mlvvzqlj4r0dn0";
};
}
{
goPackagePath = "gopkg.in/mgo.v2";
fetch = {
type = "git";
url = "https://gopkg.in/mgo.v2";
rev = "d90005c5262a3463800497ea5a89aed5fe22c886";
sha256 = "1z81k6mnfk07hkrkw31l16qycyiwa6wzyhysmywgkh58sm5dc9m7";
};
}
{
goPackagePath = "gopkg.in/yaml.v2";
fetch = {
type = "git";
url = "https://gopkg.in/yaml.v2";
rev = "a83829b6f1293c91addabc89d0571c246397bbf4";
sha256 = "1m4dsmk90sbi17571h6pld44zxz7jc4lrnl4f27dpd1l8g5xvjhh";
};
}
]

30
lass/1systems/icarus.nix
View file

@ -14,15 +14,6 @@ with import <stockholm/lib>;
../2configs/fetchWallpaper.nix
../2configs/backups.nix
../2configs/games.nix
#{
# users.extraUsers = {
# root = {
# openssh.authorizedKeys.keys = map readFile [
# ../../krebs/Zpubkeys/uriel.ssh.pub
# ];
# };
# };
#}
];
krebs.build.host = config.krebs.hosts.icarus;
@ -31,20 +22,27 @@ with import <stockholm/lib>;
loader.grub.enable = true;
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
loader.grub.enableCryptodisk = true;
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
};
fileSystems = {
"/" = {
device = "/dev/pool/nix";
device = "/dev/mapper/pool-root";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/boot" = {
device = "/dev/sda1";
"/bku" = {
device = "/dev/mapper/pool-bku";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/home" = {
device = "/dev/mapper/pool-home";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/tmp" = {
device = "tmpfs";
@ -54,7 +52,7 @@ with import <stockholm/lib>;
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
}

7
lass/1systems/mors.nix
View file

@ -256,11 +256,6 @@ with import <stockholm/lib>;
fsType = "ext4";
};
"/bku" = {
device = "/dev/big/backups";
fsType = "ext4";
};
"/home/games/.local/share/Steam" = {
device = "/dev/big/steam";
fsType = "ext4";
@ -289,7 +284,7 @@ with import <stockholm/lib>;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
#TODO activationScripts seem broken, fix them!

156
lass/1systems/prism.nix
View file

@ -12,6 +12,22 @@ let
in {
imports = [
../.
{
networking.interfaces.et0.ip4 = [
{
address = ip;
prefixLength = 24;
}
];
networking.defaultGateway = "213.239.205.225";
networking.nameservers = [
"8.8.8.8"
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
'';
}
../2configs/retiolum.nix
../2configs/exim-smarthost.nix
../2configs/downloading.nix
@ -48,22 +64,6 @@ in {
lock.gid = 10001;
};
}
{
networking.interfaces.et0.ip4 = [
{
address = ip;
prefixLength = 24;
}
];
networking.defaultGateway = "213.239.205.225";
networking.nameservers = [
"8.8.8.8"
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
'';
}
{
boot.loader.grub = {
devices = [
@ -226,6 +226,130 @@ in {
enable = true;
};
}
{
users.users.nin = {
uid = genid "nin";
inherit (config.krebs.users.nin) home;
group = "users";
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
];
extraGroups = [
"libvirtd"
];
};
krebs.git.rules = [
{
user = [ config.krebs.users.nin ];
repo = [ config.krebs.git.repos.stockholm ];
perm = with git; push "refs/heads/nin" [ fast-forward non-fast-forward create delete merge ];
}
];
krebs.repo-sync.repos.stockholm.nin = {
origin.url = "http://cgit.prism/stockholm";
origin.ref = "heads/nin";
mirror.url = "git@${config.networking.hostName}:stockholm";
};
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; }
];
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
];
}
{
krebs.Reaktor.coders = {
nickname = "reaktor-lass";
channels = [ "#coders" ];
extraEnviron = {
REAKTOR_HOST = "irc.hackint.org";
};
plugins = with pkgs.ReaktorPlugins; let
lambdabotflags = ''
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
-XFlexibleInstances -XMultiParamTypeClasses \
-XOverloadedStrings -XFunctionalDependencies \'';
in [
sed-plugin
url-title
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";
script = pkgs.writeDash "lambda-pl" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@pl $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-type" {
pattern = "^@type (?P<args>.*)$$";
script = pkgs.writeDash "lambda-type" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@type $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-let" {
pattern = "^@let (?P<args>.*)$$";
script = pkgs.writeDash "lambda-let" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@let $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-run" {
pattern = "^@run (?P<args>.*)$$";
script = pkgs.writeDash "lambda-run" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@run $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
exec ${pkgs.lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
})
(buildSimpleReaktorPlugin "random-unicorn-porn" {
pattern = "^!rup$$";
script = pkgs.writePython2 "rup" ''
#!${pkgs.python2}/bin/python
t1 = """
_.
;=',_ ()
8===D~~ S" .--`||
sS \__ ||
__.' ( \-->||
_=/ _./-\/ ||
8===D~~ ((\( /-' -'l ||
) |/ \\ (_))
\\ \\
'~ '~
"""
print(t1)
'';
})
(buildSimpleReaktorPlugin "ping" {
pattern = "^!ping (?P<args>.*)$$";
script = pkgs.writeDash "ping" ''
exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
'';
})
];
};
}
];
krebs.build.host = config.krebs.hosts.prism;

8
lass/1systems/shodan.nix
View file

@ -59,17 +59,13 @@ with import <stockholm/lib>;
fileSystems = {
"/" = {
device = "/dev/pool/nix";
fsType = "ext4";
fsType = "btrfs";
};
"/boot" = {
device = "/dev/sda1";
};
"/home/lass" = {
device = "/dev/pool/home-lass";
fsType = "ext4";
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
@ -77,7 +73,7 @@ with import <stockholm/lib>;
};
"/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
fsType = "btrfs";
};
};

9
lass/2configs/baseX.nix
View file

@ -7,12 +7,21 @@ in {
./xserver
./mpv.nix
./power-action.nix
./screenlock.nix
{
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
}
{
krebs.per-user.lass.packages = [
pkgs.sshuttle
];
security.sudo.extraConfig = ''
lass ALL= (root) NOPASSWD:SETENV: ${pkgs.sshuttle}/bin/.sshuttle-wrapped
'';
}
];
users.extraUsers.mainUser.extraGroups = [ "audio" "video" ];

13
lass/2configs/default.nix
View file

@ -9,7 +9,6 @@ with import <stockholm/lib>;
../2configs/mc.nix
../2configs/nixpkgs.nix
../2configs/vim.nix
../2configs/zsh.nix
./backups.nix
{
users.extraUsers =
@ -56,6 +55,12 @@ with import <stockholm/lib>;
SSL_CERT_FILE = ca-bundle;
};
})
{
#for sshuttle
environment.systemPackages = [
pkgs.pythonPackages.python
];
}
];
networking.hostName = config.krebs.build.host.name;
@ -86,8 +91,6 @@ with import <stockholm/lib>;
#why is this on in the first place?
services.nscd.enable = false;
boot.tmpOnTmpfs = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
@ -156,13 +159,17 @@ with import <stockholm/lib>;
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
elif test $UID = 1337; then
PS1='\[\033[1;32m\]\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
else
PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
fi
'';
};

4
lass/2configs/fetchWallpaper.nix
View file

@ -8,5 +8,9 @@ in {
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
url = "prism/wallpaper.png";
};
systemd.services.fetchWallpaper = {
after = [ "xmonad.service" ];
wantedBy = [ "xmonad.service" ];
};
}

3
lass/2configs/git.nix
View file

@ -56,7 +56,8 @@ let
channel = "#retiolum";
server = "ni.r";
verbose = config.krebs.build.host.name == "prism";
branches = [ "master" ];
# TODO define branches in some kind of option per repo
branches = [ "master" "newest" "nin" ];
};
};
};

4
lass/2configs/hfos.nix
View file

@ -7,7 +7,7 @@ with import <stockholm/lib>;
isNormalUser = true;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5NnADMRySix1kcxQwseHfem/SCDmkbvwc+ZZu7HFz4zss1k4Fh1knsukMY83zlno8p/8bBPWyixLTxuZHNy26af8GP95bvV3brnpRmrijkE4dOlpd+wvPcIyTKNunJvMzNDP/ry9g2GczEZKGWvQZudq/nI54HaCaRWM2kzEMEg8Rr9SGlZEKo8B+8HGVsz1a8USOnm8dqYP9dmfLdpy/s+7yWJSPh8wokvWeOOrahirOhO99ZfXm2gcdHqSKvbD2+4EYEm5w8iFrbYBT2wZ3u9ZOiooL/JuEBBdnDrcqZqeaTw0vOdKPvkUP8/rzRjvIwSkynMSD8fixpdGRNeIB riot@lagrange"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
config.krebs.users.lass.pubkey
];
};
@ -21,12 +21,14 @@ with import <stockholm/lib>;
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 22"; target = "DNAT --to-destination 192.168.122.208:22"; }
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 25"; target = "DNAT --to-destination 192.168.122.208:25"; }
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 80"; target = "DNAT --to-destination 192.168.122.208:1080"; }
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
];
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
];

4
lass/2configs/hw/tp-x220.nix
View file

@ -2,6 +2,9 @@
with import <stockholm/lib>;
{
imports = [
../smartd.nix
];
networking.wireless.enable = lib.mkDefault true;
hardware.enableAllFirmware = true;
@ -36,6 +39,7 @@ with import <stockholm/lib>;
boot = {
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
kernelParams = [ "acpi_backlight=none" ];
};
hardware.opengl.extraPackages = [

4
lass/2configs/nixpkgs.nix
View file

@ -2,7 +2,7 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/lassulus/nixpkgs;
ref = "819c1ab486a9c81d6a6b76c759aedece2df39037";
url = https://github.com/nixos/nixpkgs;
ref = "39098270855c171f0824c09d071b606ae991ff87";
};
}

35
lass/2configs/radio.nix
View file

@ -60,28 +60,20 @@ in {
musicDirectory = "/home/radio/the_playlist/music";
extraConfig = ''
audio_output {
type "shout"
encoding "ogg"
name "the_playlist"
host "localhost"
port "8000"
mount "/radio.ogg"
type "shout"
encoding "ogg"
name "the_playlist"
host "localhost"
port "8000"
mount "/radio.ogg"
password "${source-password}"
bitrate "128"
# This is the source password in icecast.xml
password "${source-password}"
# Set either quality or bit rate
# quality "5.0"
bitrate "128"
format "44100:16:1"
# Optional Parameters
user "source"
# description "here is my long description"
genre "good music"
} # end of audio_output
format "44100:16:2"
user "source"
genre "good music"
}
'';
};
@ -138,8 +130,7 @@ in {
};
};
krebs.Reaktor = {
enable = true;
krebs.Reaktor.playlist = {
nickname = "the_playlist|r";
channels = [ "#the_playlist" ];
extraEnviron = {

4
lass/2configs/retiolum.nix
View file

@ -16,9 +16,9 @@
enable = true;
connectTo = [
"prism"
"pigstarter"
"gum"
"flap"
"ni"
"dishfire"
];
};

17
lass/2configs/screenlock.nix Normal file
View file

@ -0,0 +1,17 @@
{ pkgs, config, ... }:
{
systemd.services.screenlock = {
before = [ "sleep.target" ];
wantedBy = [ "sleep.target" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};
serviceConfig = {
SyslogIdentifier = "screenlock";
ExecStart = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f";
Type = "forking";
User = "lass";
};
};
}

17
lass/2configs/smartd.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
services.smartd = {
enable = true;
devices = [
{
device = "DEVICESCAN";
options = toString [
"-a"
"-m ${config.krebs.users.lass.mail}"
"-s (O/../.././09|S/../.././04|L/../../6/05)"
];
}
];
};
}

167
lass/2configs/vim.nix
View file

@ -5,6 +5,7 @@ let
out = {
environment.systemPackages = [
vim
pkgs.pythonPackages.flake8
];
environment.etc.vimrc.source = vimrc;
@ -13,6 +14,91 @@ let
environment.variables.VIMINIT = ":so /etc/vimrc";
};
vimrc = pkgs.writeText "vimrc" ''
set nocompatible
set autoindent
set backspace=indent,eol,start
set backup
set backupdir=${dirs.backupdir}/
set directory=${dirs.swapdir}//
set hlsearch
set incsearch
set mouse=a
set noruler
set pastetoggle=<INS>
set runtimepath=${extra-runtimepath},$VIMRUNTIME
set shortmess+=I
set showcmd
set showmatch
set ttimeoutlen=0
set undodir=${dirs.undodir}
set undofile
set undolevels=1000000
set undoreload=1000000
set viminfo='20,<1000,s100,h,n${files.viminfo}
set visualbell
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
set wildmenu
set wildmode=longest,full
set title
set titleold=
set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
set et ts=2 sts=2 sw=2
filetype plugin indent on
set t_Co=256
colorscheme hack
syntax on
au Syntax * syn match Garbage containedin=ALL /\s\+$/
\ | syn match TabStop containedin=ALL /\t\+/
\ | syn keyword Todo containedin=ALL TODO
au BufRead,BufNewFile *.hs so ${hs.vim}
au BufRead,BufNewFile *.nix so ${nix.vim}
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
"Syntastic config
let g:syntastic_python_checkers=['flake8']
nmap <esc>q :buffer
nmap <M-q> :buffer
cnoremap <C-A> <Home>
noremap <C-c> :q<cr>
vnoremap < <gv
vnoremap > >gv
nnoremap <esc>[5^ :tabp<cr>
nnoremap <esc>[6^ :tabn<cr>
nnoremap <esc>[5@ :tabm -1<cr>
nnoremap <esc>[6@ :tabm +1<cr>
nnoremap <f1> :tabp<cr>
nnoremap <f2> :tabn<cr>
inoremap <f1> <esc>:tabp<cr>
inoremap <f2> <esc>:tabn<cr>
" <C-{Up,Down,Right,Left>
noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
noremap <esc>Od <nop> | noremap! <esc>Od <nop>
" <[C]S-{Up,Down,Right,Left>
noremap <esc>[a <nop> | noremap! <esc>[a <nop>
noremap <esc>[b <nop> | noremap! <esc>[b <nop>
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
vnoremap u <nop>
'';
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
pkgs.vimPlugins.Gundo
pkgs.vimPlugins.Syntastic
@ -126,87 +212,6 @@ let
exec ${pkgs.vim}/bin/vim "$@"
'';
vimrc = pkgs.writeText "vimrc" ''
set nocompatible
set autoindent
set backspace=indent,eol,start
set backup
set backupdir=${dirs.backupdir}/
set directory=${dirs.swapdir}//
set hlsearch
set incsearch
set mouse=a
set noruler
set pastetoggle=<INS>
set runtimepath=${extra-runtimepath},$VIMRUNTIME
set shortmess+=I
set showcmd
set showmatch
set ttimeoutlen=0
set undodir=${dirs.undodir}
set undofile
set undolevels=1000000
set undoreload=1000000
set viminfo='20,<1000,s100,h,n${files.viminfo}
set visualbell
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
set wildmenu
set wildmode=longest,full
set et ts=2 sts=2 sw=2
filetype plugin indent on
set t_Co=256
colorscheme hack
syntax on
au Syntax * syn match Garbage containedin=ALL /\s\+$/
\ | syn match TabStop containedin=ALL /\t\+/
\ | syn keyword Todo containedin=ALL TODO
au BufRead,BufNewFile *.hs so ${hs.vim}
au BufRead,BufNewFile *.nix so ${nix.vim}
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
"Syntastic config
let g:syntastic_python_checkers=['flake8']
nmap <esc>q :buffer
nmap <M-q> :buffer
cnoremap <C-A> <Home>
noremap <C-c> :q<cr>
vnoremap < <gv
vnoremap > >gv
nnoremap <esc>[5^ :tabp<cr>
nnoremap <esc>[6^ :tabn<cr>
nnoremap <esc>[5@ :tabm -1<cr>
nnoremap <esc>[6@ :tabm +1<cr>
nnoremap <f1> :tabp<cr>
nnoremap <f2> :tabn<cr>
inoremap <f1> <esc>:tabp<cr>
inoremap <f2> <esc>:tabn<cr>
" <C-{Up,Down,Right,Left>
noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
noremap <esc>Od <nop> | noremap! <esc>Od <nop>
" <[C]S-{Up,Down,Right,Left>
noremap <esc>[a <nop> | noremap! <esc>[a <nop>
noremap <esc>[b <nop> | noremap! <esc>[b <nop>
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
vnoremap u <nop>
'';
hs.vim = pkgs.writeText "hs.vim" ''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+

83
lass/2configs/websites/domsen.nix
View file

@ -7,7 +7,6 @@ let
genid_signed
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
ssl
servePage
serveOwncloud
serveWordpress;
@ -25,47 +24,16 @@ let
in {
imports = [
./sqlBackup.nix
(ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(ssl [ "karlaskop.de" "www.karlaskop.de" ])
(servePage [ "karlaskop.de" "www.karlaskop.de" ])
(ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
(servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
(ssl [ "pixelpocket.de" ])
(servePage [ "pixelpocket.de" ])
(ssl [ "o.ubikmedia.de" ])
(serveOwncloud [ "o.ubikmedia.de" ])
(ssl [
"ubikmedia.de"
"aldona.ubikmedia.de"
"apanowicz.de"
"nirwanabluete.de"
"aldonasiech.com"
"360gradvideo.tv"
"ubikmedia.eu"
"facts.cloud"
"youthtube.xyz"
"illucloud.eu"
"illucloud.de"
"illucloud.com"
"www.ubikmedia.de"
"www.aldona.ubikmedia.de"
"www.apanowicz.de"
"www.nirwanabluete.de"
"www.aldonasiech.com"
"www.360gradvideo.tv"
"www.ubikmedia.eu"
"www.facts.cloud"
"www.youthtube.xyz"
"www.illucloud.eu"
"www.illucloud.de"
"www.illucloud.com"
])
(serveWordpress [
"ubikmedia.de"
"apanowicz.de"
@ -88,6 +56,16 @@ in {
"www.illucloud.eu"
"www.illucloud.de"
"www.illucloud.com"
"www.ubikmedia.de"
"aldona2.ubikmedia.de"
"apanowicz.ubikmedia.de"
"cinevita.ubikmedia.de"
"factscloud.ubikmedia.de"
"illucloud.ubikmedia.de"
"joemisch.ubikmedia.de"
"karlaskop.ubikmedia.de"
"nb.ubikmedia.de"
"youthtube.ubikmedia.de"
])
];
@ -134,17 +112,26 @@ in {
'';
internet-aliases = [
{ from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
{ from = "dma@ubikmedia.de"; to = "domsen"; }
{ from = "dma@ubikmedia.eu"; to = "domsen"; }
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
{ from = "jms@ubikmedia.eu"; to = "jms"; }
{ from = "ms@ubikmedia.eu"; to = "ms"; }
{ from = "nrg@ubikmedia.eu"; to = "nrg"; }
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms, nrg"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
];
sender_domains = [
"jla-trading.com"
"ubikmedia.eu"
];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem";
};
users.users.domsen = {
uid = genid "domsen";
uid = genid_signed "domsen";
description = "maintenance acc for domsen";
home = "/home/domsen";
useDefaultShell = true;
@ -153,10 +140,38 @@ in {
};
users.users.jla-trading = {
uid = genid "jla-trading";
uid = genid_signed "jla-trading";
home = "/home/jla-trading";
useDefaultShell = true;
createHome = true;
};
users.users.jms = {
uid = genid_signed "jms";
home = "/home/jms";
useDefaultShell = true;
createHome = true;
};
users.users.ms = {
uid = genid_signed "ms";
home = "/home/ms";
useDefaultShell = true;
createHome = true;
};
users.users.nrg = {
uid = genid_signed "nrg";
home = "/home/nrg";
useDefaultShell = true;
createHome = true;
};
users.users.testuser = {
uid = genid_signed "testuser";
home = "/home/testuser";
useDefaultShell = true;
createHome = true;
};
}

9
lass/2configs/websites/fritz.nix
View file

@ -7,7 +7,6 @@ let
head
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
ssl
servePage
serveWordpress
;
@ -29,28 +28,20 @@ in {
imports = [
./sqlBackup.nix
(ssl [ "radical-dreamers.de" "www.radical-dreamers.de" ])
(serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])
(ssl [ "gs-maubach.de" "www.gs-maubach.de" ])
(serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ])
(ssl [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
(serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
(ssl [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
(servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
(ssl [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
(serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
(ssl [ "eastuttgart.de" "www.eastuttgart.de" ])
(serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
(ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
(servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
(ssl [ "goldbarrendiebstahl.radical-dreamers.de" ])
(serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
];

9
lass/2configs/websites/lassulus.nix
View file

@ -83,6 +83,7 @@ in {
locations."/tinc".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external;
'';
# TODO make this work!
locations."= /ddate".extraConfig = let
script = pkgs.writeBash "test" ''
echo "hello world"
@ -100,6 +101,14 @@ in {
fastcgi_param SCRIPT_NAME ${script};
'';
locations."/init".extraConfig = let
initscript = pkgs.init.override {
pubkey = config.krebs.users.lass.pubkey;
};
in ''
alias ${initscript};
'';
enableSSL = true;
extraConfig = "listen 80;";
sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem";

35
lass/2configs/xserver/default.nix
View file

@ -2,6 +2,24 @@
with import <stockholm/lib>;
let
user = config.krebs.build.user;
copyqConfig = pkgs.writeDash "copyq-config" ''
${pkgs.copyq}/bin/copyq config check_clipboard true
${pkgs.copyq}/bin/copyq config check_selection true
${pkgs.copyq}/bin/copyq config copy_clipboard true
${pkgs.copyq}/bin/copyq config copy_selection true
${pkgs.copyq}/bin/copyq config activate_closes true
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
${pkgs.copyq}/bin/copyq config clipboard_tab &clipboard
${pkgs.copyq}/bin/copyq config disable_tray true
${pkgs.copyq}/bin/copyq config hide_tabs true
${pkgs.copyq}/bin/copyq config hide_toolbar true
${pkgs.copyq}/bin/copyq config item_popup_interval true
${pkgs.copyq}/bin/copyq config maxitems 1000
${pkgs.copyq}/bin/copyq config move true
${pkgs.copyq}/bin/copyq config text_wrap true
'';
in {
environment.systemPackages = [
@ -109,4 +127,21 @@ in {
User = user.name;
};
};
systemd.services.copyq = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};
serviceConfig = {
SyslogIdentifier = "copyq";
ExecStart = "${pkgs.copyq}/bin/copyq";
ExecStartPost = copyqConfig;
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
}

2
lass/2configs/zsh.nix
View file

@ -118,5 +118,5 @@
fi
'';
};
users.users.${config.krebs.build.user.name}.shell = "/run/current-system/sw/bin/zsh";
users.users.mainUser.shell = "/run/current-system/sw/bin/zsh";
}

2
lass/3modules/default.nix
View file

@ -9,5 +9,7 @@ _:
./urxvtd.nix
./usershadow.nix
./xresources.nix
./kapacitor.nix
./telegraf.nix
];
}

221
lass/3modules/kapacitor.nix Normal file
View file

@ -0,0 +1,221 @@
{ config, lib, pkgs, ... }:
with builtins;
with lib;
let
cfg = config.lass.kapacitor;
out = {
options.lass.kapacitor = api;
config = mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "kapacitor";
dataDir = mkOption {
type = types.str;
default = "/var/lib/kapacitor";
};
user = mkOption {
type = types.str;
default = "kapacitor";
};
config = mkOption {
type = types.str;
#TODO: find a good default
default = ''
hostname = "localhost"
data_dir = "${cfg.dataDir}"
[http]
bind-address = ":9092"
auth-enabled = false
log-enabled = true
write-tracing = false
pprof-enabled = false
https-enabled = false
https-certificate = "/etc/ssl/kapacitor.pem"
shutdown-timeout = "10s"
shared-secret = ""
[replay]
dir = "${cfg.dataDir}/replay"
[storage]
boltdb = "${cfg.dataDir}/kapacitor.db"
[task]
dir = "${cfg.dataDir}/tasks"
snapshot-interval = "1m0s"
[[influxdb]]
enabled = true
name = "default"
default = false
urls = ["http://localhost:8086"]
username = ""
password = ""
ssl-ca = ""
ssl-cert = ""
ssl-key = ""
insecure-skip-verify = false
timeout = "0s"
disable-subscriptions = false
subscription-protocol = "http"
udp-bind = ""
udp-buffer = 1000
udp-read-buffer = 0
startup-timeout = "5m0s"
subscriptions-sync-interval = "1m0s"
[influxdb.subscriptions]
[influxdb.excluded-subscriptions]
_kapacitor = ["autogen"]
[logging]
file = "STDERR"
level = "INFO"
[collectd]
enabled = false
bind-address = ":25826"
database = "collectd"
retention-policy = ""
batch-size = 5000
batch-pending = 10
batch-timeout = "10s"
read-buffer = 0
typesdb = "/usr/share/collectd/types.db"
[opentsdb]
enabled = false
bind-address = ":4242"
database = "opentsdb"
retention-policy = ""
consistency-level = "one"
tls-enabled = false
certificate = "/etc/ssl/influxdb.pem"
batch-size = 1000
batch-pending = 5
batch-timeout = "1s"
log-point-errors = true
[smtp]
enabled = false
host = "localhost"
port = 25
username = ""
password = ""
no-verify = false
global = false
state-changes-only = false
from = ""
idle-timeout = "30s"
[opsgenie]
enabled = false
api-key = ""
url = "https://api.opsgenie.com/v1/json/alert"
recovery_url = "https://api.opsgenie.com/v1/json/alert/note"
global = false
[victorops]
enabled = false
api-key = ""
routing-key = ""
url = "https://alert.victorops.com/integrations/generic/20131114/alert"
global = false
[pagerduty]
enabled = false
url = "https://events.pagerduty.com/generic/2010-04-15/create_event.json"
service-key = ""
global = false
[sensu]
enabled = false
addr = ""
source = "Kapacitor"
[slack]
enabled = false
url = ""
channel = ""
global = false
state-changes-only = false
[telegram]
enabled = false
url = "https://api.telegram.org/bot"
token = ""
chat-id = ""
parse-mode = ""
disable-web-page-preview = false
disable-notification = false
global = false
state-changes-only = false
[hipchat]
enabled = false
url = ""
token = ""
room = ""
global = false
state-changes-only = false
[alerta]
enabled = false
url = ""
token = ""
environment = ""
origin = ""
[reporting]
enabled = true
url = "https://usage.influxdata.com"
[stats]
enabled = true
stats-interval = "10s"
database = "_kapacitor"
retention-policy = "autogen"
timing-sample-rate = 0.1
timing-movavg-size = 1000
[udf]
[deadman]
interval = "10s"
threshold = 0.0
id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'"
message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL."
global = false
[talk]
enabled = false
url = ""
author_name = ""
'';
description = "configuration kapacitor is started with";
};
};
configFile = pkgs.writeText "kapacitor.conf" cfg.config;
imp = {
systemd.services.kapacitor = {
description = "kapacitor";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
serviceConfig = {
Restart = "always";
ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}";
};
};
};
in out

67
lass/3modules/telegraf.nix Normal file
View file

@ -0,0 +1,67 @@
{ config, lib, pkgs, ... }:
with builtins;
with lib;
let
cfg = config.lass.telegraf;
out = {
options.lass.telegraf = api;
config = mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "telegraf";
dataDir = mkOption {
type = types.str;
default = "/var/lib/telegraf";
};
user = mkOption {
type = types.str;
default = "telegraf";
};
config = mkOption {
type = types.str;
#TODO: find a good default
default = ''
[agent]
interval = "1s"
[outputs]
# Configuration to send data to InfluxDB.
[outputs.influxdb]
urls = ["http://localhost:8086"]
database = "kapacitor_example"
user_agent = "telegraf"
# Collect metrics about cpu usage
[cpu]
percpu = false
totalcpu = true
drop = ["cpu_time"]
'';
description = "configuration telegraf is started with";
};
};
configFile = pkgs.writeText "telegraf.conf" cfg.config;
imp = {
systemd.services.telegraf = {
description = "telegraf";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
serviceConfig = {
Restart = "always";
ExecStart = "${pkgs.telegraf}/bin/telegraf -config ${configFile}";
};
};
};
in out

7
lass/3modules/usershadow.nix
View file

@ -22,10 +22,13 @@
environment.systemPackages = [ usershadow ];
lass.usershadow.path = "${usershadow}";
security.pam.services.sshd.text = ''
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
auth required pam_permit.so
account required pam_permit.so
auth required pam_env.so envfile=${config.system.build.pamEnvironment}
auth sufficient pam_exec.so quiet expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
auth sufficient pam_unix.so likeauth try_first_pass
session required pam_env.so envfile=${config.system.build.pamEnvironment}
session required pam_permit.so
session required pam_loginuid.so
'';
security.pam.services.dovecot2.text = ''

3
lass/5pkgs/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }:
{ pkgs, ... }@args:
{
nixpkgs.config.packageOverrides = rec {
@ -11,6 +11,7 @@
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
};
init = pkgs.callPackage ./init/default.nix args;
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
pop = pkgs.callPackage ./pop/default.nix {};

143
lass/5pkgs/init/default.nix Normal file
View file

@ -0,0 +1,143 @@
{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "pool", luksmap ? "luksmap", keyfile ? "/root/keyfile", ... }:
with lib;
pkgs.writeText "init" ''
#! /bin/sh
# usage: curl xu/~tv/init | sh
set -efu
# TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version)
# install at tmp location
case $(cat /proc/cmdline) in
*' root=LABEL=NIXOS_ISO '*) :;;
*) echo Error: unknown operating system >&2; exit 1;;
esac
keyfile=${keyfile}
disk=${disk}
luksdev=${disk}2
luksmap=/dev/mapper/${luksmap}
vgname=${vgname}
rootdev=/dev/mapper/${vgname}-root
homedev=/dev/mapper/${vgname}-home
bkudev=/dev/mapper/${vgname}-bku
#
#generate keyfile
#
if ! test -e "$keyfile"; then
dd if=/dev/urandom bs=512 count=2048 of=$keyfile
fi
#
# partitioning
#
# http://en.wikipedia.org/wiki/GUID_Partition_Table
# undo:
# dd if=/dev/zero bs=512 count=34 of=/dev/sda
# TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
parted -a optimal "$disk" \
mklabel gpt \
mkpart no-fs 0 1024KiB \
set 1 bios_grub on \
mkpart primary 1025KiB 100%
fi
if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then
echo zonk2
exit 23
fi
if ! cryptsetup isLuks "$luksdev"; then
# aes xts-plain64
cryptsetup luksFormat "$luksdev" "$keyfile" \
-h sha512 \
--iter-time 5000
fi
if ! test -e "$luksmap"; then
cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" \
--key-file "$keyfile"
fi
# cryptsetup close
if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
pvcreate "$luksmap"
fi
if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi
lvchange -a y /dev/mapper/"$vgname"
if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi
if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi
if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi
# lvchange -a n "$vgname"
#
# formatting
#
if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
mkfs.btrfs "$rootdev"
fi
if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then
mkfs.btrfs "$homedev"
fi
if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then
mkfs.btrfs "$bkudev"
fi
if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
mount "$rootdev" /mnt
fi
if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then
mkdir -m 0000 -p /mnt/home
mount "$homedev" /mnt/home
fi
if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then
mkdir -m 0000 -p /mnt/bku
mount "$bkudev" /mnt/bku
fi
# umount -R /mnt
#
# dependencies for stockholm
#
nix-env -iA nixos.git
mkdir -p /mnt/var/src
touch /mnt/var/src/.populate
#
# print all the infos
#
parted "$disk" print
lsblk "$disk"
key='${pubkey}'
if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then
mkdir -p /root/.ssh
echo "$key" > /root/.ssh/authorized_keys
fi
systemctl start sshd
ip route
echo READY.
''

10
lass/5pkgs/xmonad-lass.nix
View file

@ -114,10 +114,10 @@ myKeyMap =
[ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f")
, ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 +4%")
, ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 -4%")
, ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute 0 toggle")
, ("<XF86AudioMicMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-source-mute 1 toggle")
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
, ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%")
, ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%")
, ("<XF86MonBrightnessUp>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -inc 1")
, ("<XF86Launch1>", gridselectWorkspace gridConfig W.view)
, ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill")
@ -144,6 +144,8 @@ myKeyMap =
, ("M4-C-q", windowPromptBringCopy infixAutoXPConfig)
, ("M4-S-q", return ())
, ("M4-w", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
]
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()

2
lib/default.nix
View file

@ -39,6 +39,8 @@ let
string = toJSON x; # close enough
}.${type} or reject;
indent = replaceChars ["\n"] ["\n "];
};
in

3
makefu/1systems/pnp.nix
View file

@ -32,8 +32,7 @@
};
};
krebs.Reaktor = {
enable = true;
krebs.Reaktor.debug = {
debug = true;
extraEnviron = {
REAKTOR_HOST = "ni.r";

3
makefu/1systems/wry.nix
View file

@ -32,10 +32,9 @@ in {
krebs.build.host = config.krebs.hosts.wry;
krebs.Reaktor = {
krebs.Reaktor.reaktor = {
nickname = "Reaktor|bot";
channels = [ "#krebs" "#shackspace" "#binaergewitter" ];
enable = true;
plugins = with pkgs.ReaktorPlugins;[
titlebot
# stockholm-issue

122
nin/1systems/hiawatha.nix Normal file
View file

@ -0,0 +1,122 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
with lib;
{
imports = [
../.
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
../2configs/retiolum.nix
];
krebs.build.host = config.krebs.hosts.hiawatha;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e";
fsType = "ext4";
};
fileSystems."/tmp" =
{ device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010";
fsType = "ext2";
};
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda";
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
fileSystems."/home/nin/.local/share/Steam" = {
device = "/dev/fam/steam";
};
# nin config
time.timeZone = "Europe/Berlin";
services.xserver.enable = true;
networking.networkmanager.enable = true;
#networking.wireless.enable = true;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
hardware.bluetooth.enable = true;
hardware.opengl.driSupport32Bit = true;
#nixpkgs.config.steam.java = true;
environment.systemPackages = with pkgs; [
firefox
steam
thunderbird
vim
git
hexchat
networkmanagerapplet
python
virtmanager
libvirt
];
nixpkgs.config = {
allowUnfree = true;
firefox = {
enableGoogleTalkPlugin = true;
enableAdobeFlash = true;
};
};
#services.logind.extraConfig = "HandleLidSwitch=ignore";
services.xserver.synaptics = {
enable = true;
};
services.xserver.desktopManager.xfce = let
xbindConfig = pkgs.writeText "xbindkeysrc" ''
"${pkgs.pass}/bin/passmenu --type"
Control + p
'';
in {
enable = true;
extraSessionCommands = ''
${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
'';
};
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
}

83
nin/1systems/onondaga.nix Normal file
View file

@ -0,0 +1,83 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
{
imports = [
../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/retiolum.nix
../2configs/weechat.nix
];
krebs.build.host = config.krebs.hosts.onondaga;
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda";
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
# environment.systemPackages = with pkgs; [
# wget
# ];
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.kdm.enable = true;
# services.xserver.desktopManager.kde4.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.extraUsers.guest = {
# isNormalUser = true;
# uid = 1000;
# };
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "16.09";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/7238cc6e-4bea-4e52-9408-32d8aa05abff";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/5e923175-854b-4bcf-97c8-f3a91806fa22";
fsType = "ext2";
};
nix.maxJobs = lib.mkDefault 1;
}

169
nin/2configs/default.nix Normal file
View file

@ -0,0 +1,169 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
../2configs/nixpkgs.nix
../2configs/vim.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
(import <secrets/hashedPasswords.nix>);
}
{
users.users = {
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
];
};
nin = {
name = "nin";
uid = 1337;
home = "/home/nin";
group = "users";
createHome = true;
useDefaultShell = true;
extraGroups = [
"audio"
"fuse"
];
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
];
};
};
}
{
environment.variables = {
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
};
}
(let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
environment.variables = {
CURL_CA_BUNDLE = ca-bundle;
GIT_SSL_CAINFO = ca-bundle;
SSL_CERT_FILE = ca-bundle;
};
})
];
networking.hostName = config.krebs.build.host.name;
nix.maxJobs = config.krebs.build.host.cores;
krebs = {
enable = true;
search-domain = "retiolum";
build = {
user = config.krebs.users.nin;
source = let inherit (config.krebs.build) host; in {
nixos-config.symlink = "stockholm/nin/1systems/${host.name}.nix";
secrets.file = "/home/nin/secrets/${host.name}";
stockholm.file = getEnv "PWD";
};
};
};
nix.useSandbox = true;
users.mutableUsers = false;
services.timesyncd.enable = true;
#why is this on in the first place?
services.nscd.enable = false;
boot.tmpOnTmpfs = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
EDITOR=vim
MANPAGER=most
'';
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
#stockholm
git
gnumake
jq
proot
populate
p7zip
unzip
unrar
hashPassword
];
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
HISTSIZE=65536
HISTFILESIZE=$HISTSIZE
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
'';
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]$PWD\[\033[0m\] '
elif test $UID = 1337; then
PS1='\[\033[1;32m\]$PWD\[\033[0m\] '
else
PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] '
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
fi
'';
};
services.openssh = {
enable = true;
hostKeys = [
# XXX bits here make no science
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
krebs.iptables = {
enable = true;
tables = {
nat.PREROUTING.rules = [
{ predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
];
nat.OUTPUT.rules = [
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
];
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
];
};
};
networking.dhcpcd.extraConfig = ''
noipv4ll
'';
}

8
nin/2configs/nixpkgs.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "6b28bd0daf00b8e5e370a04347844cb8614138ff";
};
}

28
nin/2configs/retiolum.nix Normal file
View file

@ -0,0 +1,28 @@
{ ... }:
{
krebs.iptables = {
tables = {
filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
{ predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
];
};
};
krebs.tinc.retiolum = {
enable = true;
connectTo = [
"prism"
"pigstarter"
"gum"
"flap"
];
};
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
}

354
nin/2configs/vim.nix Normal file
View file

@ -0,0 +1,354 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
out = {
environment.systemPackages = [
vim
pkgs.pythonPackages.flake8
];
environment.etc.vimrc.source = vimrc;
environment.variables.EDITOR = mkForce "vim";
environment.variables.VIMINIT = ":so /etc/vimrc";
};
vimrc = pkgs.writeText "vimrc" ''
set nocompatible
set autoindent
set backspace=indent,eol,start
set backup
set backupdir=${dirs.backupdir}/
set directory=${dirs.swapdir}//
set hlsearch
set incsearch
set laststatus=2
set mouse=a
set noruler
set pastetoggle=<INS>
set runtimepath=${extra-runtimepath},$VIMRUNTIME
set shortmess+=I
set showcmd
set showmatch
set ttimeoutlen=0
set undodir=${dirs.undodir}
set undofile
set undolevels=1000000
set undoreload=1000000
set viminfo='20,<1000,s100,h,n${files.viminfo}
set visualbell
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
set wildmenu
set wildmode=longest,full
set et ts=2 sts=2 sw=2
filetype plugin indent on
set t_Co=256
colorscheme hack
syntax on
au Syntax * syn match Garbage containedin=ALL /\s\+$/
\ | syn match TabStop containedin=ALL /\t\+/
\ | syn keyword Todo containedin=ALL TODO
au BufRead,BufNewFile *.hs so ${hs.vim}
au BufRead,BufNewFile *.nix so ${nix.vim}
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
"Syntastic config
let g:syntastic_python_checkers=['flake8']
nmap <esc>q :buffer
nmap <M-q> :buffer
cnoremap <C-A> <Home>
noremap <C-c> :q<cr>
vnoremap < <gv
vnoremap > >gv
nnoremap <esc>[5^ :tabp<cr>
nnoremap <esc>[6^ :tabn<cr>
nnoremap <esc>[5@ :tabm -1<cr>
nnoremap <esc>[6@ :tabm +1<cr>
nnoremap <f1> :tabp<cr>
nnoremap <f2> :tabn<cr>
inoremap <f1> <esc>:tabp<cr>
inoremap <f2> <esc>:tabn<cr>
" <C-{Up,Down,Right,Left>
noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
noremap <esc>Od <nop> | noremap! <esc>Od <nop>
" <[C]S-{Up,Down,Right,Left>
noremap <esc>[a <nop> | noremap! <esc>[a <nop>
noremap <esc>[b <nop> | noremap! <esc>[b <nop>
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
vnoremap u <nop>
'';
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
pkgs.vimPlugins.Syntastic
pkgs.vimPlugins.undotree
pkgs.vimPlugins.airline
(pkgs.vimUtils.buildVimPlugin {
name = "file-line-1.0";
src = pkgs.fetchgit {
url = git://github.com/bogado/file-line;
rev = "refs/tags/1.0";
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
};
})
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "hack";
in {
name = "vim-color-${name}-1.0.2";
destination = "/colors/${name}.vim";
text = /* vim */ ''
set background=dark
hi clear
if exists("syntax_on")
syntax clear
endif
let colors_name = ${toJSON name}
hi Normal ctermbg=235
hi Comment ctermfg=242
hi Constant ctermfg=062
hi Identifier ctermfg=068
hi Function ctermfg=041
hi Statement ctermfg=167
hi PreProc ctermfg=167
hi Type ctermfg=041
hi Delimiter ctermfg=251
hi Special ctermfg=062
hi Garbage ctermbg=088
hi TabStop ctermbg=016
hi Todo ctermfg=174 ctermbg=NONE
hi NixCode ctermfg=148
hi NixData ctermfg=149
hi NixQuote ctermfg=150
hi diffNewFile ctermfg=207
hi diffFile ctermfg=207
hi diffLine ctermfg=207
hi diffSubname ctermfg=207
hi diffAdded ctermfg=010
hi diffRemoved ctermfg=009
'';
})))
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "vim";
in {
name = "vim-syntax-${name}-1.0.0";
destination = "/syntax/${name}.vim";
text = /* vim */ ''
${concatMapStringsSep "\n" (s: /* vim */ ''
syn keyword vimColor${s} ${s}
\ containedin=ALLBUT,vimComment,vimLineComment
hi vimColor${s} ctermfg=${s}
'') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
'';
})))
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "showsyntax";
in {
name = "vim-plugin-${name}-1.0.0";
destination = "/plugin/${name}.vim";
text = /* vim */ ''
if exists('g:loaded_showsyntax')
finish
endif
let g:loaded_showsyntax = 0
fu! ShowSyntax()
let id = synID(line("."), col("."), 1)
let name = synIDattr(id, "name")
let transName = synIDattr(synIDtrans(id),"name")
if name != transName
let name .= " (" . transName . ")"
endif
echo "Syntax: " . name
endfu
command! -n=0 -bar ShowSyntax :call ShowSyntax()
'';
})))
];
dirs = {
backupdir = "$HOME/.cache/vim/backup";
swapdir = "$HOME/.cache/vim/swap";
undodir = "$HOME/.cache/vim/undo";
};
files = {
viminfo = "$HOME/.cache/vim/info";
};
mkdirs = let
dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
in assert out != ""; out;
alldirs = attrValues dirs ++ map dirOf (attrValues files);
in unique (sort lessThan alldirs);
vim = pkgs.writeDashBin "vim" ''
set -efu
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
exec ${pkgs.vim}/bin/vim "$@"
'';
hs.vim = pkgs.writeText "hs.vim" ''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
hi link ConId Identifier
hi link VarId Identifier
hi link hsDelimiter Delimiter
'';
nix.vim = pkgs.writeText "nix.vim" ''
setf nix
" Ref <nix/src/libexpr/lexer.l>
syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
syn match NixINT /\<[0-9]\+\>/
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
syn region NixSTRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
syn region NixIND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
syn match NixOther /[():/;=.,?\[\]]/
syn match NixCommentMatch /\(^\|\s\)#.*/
syn region NixCommentRegion start="/\*" end="\*/"
hi link NixCode Statement
hi link NixData Constant
hi link NixComment Comment
hi link NixCommentMatch NixComment
hi link NixCommentRegion NixComment
hi link NixID NixCode
hi link NixINT NixData
hi link NixPATH NixData
hi link NixHPATH NixData
hi link NixSPATH NixData
hi link NixURI NixData
hi link NixSTRING NixData
hi link NixIND_STRING NixData
hi link NixEnter NixCode
hi link NixOther NixCode
hi link NixQuote NixData
syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
syn cluster nix_ind_strings contains=NixIND_STRING
syn cluster nix_strings contains=NixSTRING
${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
startAlts = filter isString [
''/\* ${lang} \*/''
extraStart
];
sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
in /* vim */ ''
syn include @nix_${lang}_syntax syntax/${lang}.vim
unlet b:current_syntax
syn match nix_${lang}_sigil
\ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
\ transparent
syn region nix_${lang}_region_STRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn region nix_${lang}_region_IND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn cluster nix_ind_strings
\ add=nix_${lang}_region_IND_STRING
syn cluster nix_strings
\ add=nix_${lang}_region_STRING
syn cluster nix_has_dollar_curly
\ add=@nix_${lang}_syntax
'') {
c = {};
cabal = {};
haskell = {};
sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
vim.extraStart =
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
})}
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
syn clear shVarAssign
syn region nixINSIDE_DOLLAR_CURLY
\ matchgroup=NixEnter
\ start="[$]{"
\ end="}"
\ contains=TOP
\ containedin=@nix_has_dollar_curly
\ transparent
syn region nix_inside_curly
\ matchgroup=NixEnter
\ start="{"
\ end="}"
\ contains=TOP
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
\ transparent
syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
\ containedin=@nix_ind_strings
\ contained
syn match NixQuote /\\./he=s+1
\ containedin=@nix_strings
\ contained
syn sync fromstart
let b:current_syntax = "nix"
set isk=@,48-57,_,192-255,-,'
'';
in
out

21
nin/2configs/weechat.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
let
inherit (import <stockholm/lib>) genid;
in {
krebs.per-user.chat.packages = with pkgs; [
mosh
weechat
tmux
];
users.extraUsers.chat = {
home = "/home/chat";
uid = genid "chat";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
];
};
}

7
nin/default.nix Normal file
View file

@ -0,0 +1,7 @@
_:
{
imports = [
../krebs
./2configs
];
}

2
shared/1systems/test-all-krebs-modules.nix
View file

@ -9,7 +9,7 @@ in {
enable = true;
build.user = config.krebs.users.shared;
build.host = config.krebs.hosts.test-all-krebs-modules;
Reaktor.enable = true;
Reaktor.test = {};
apt-cacher-ng.enable = true;
backup.enable = true;
bepasty.enable = true;

6
tv/1systems/alnus.nix
View file

@ -22,10 +22,6 @@ with import <stockholm/lib>;
devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
};
};
loader = {
efi.canTouchEfiVariables = true;
gummiboot.enable = true;
};
};
environment.systemPackages = with pkgs; [
@ -62,7 +58,7 @@ with import <stockholm/lib>;
krebs.build = {
host = config.krebs.hosts.alnus;
user = mkForce config.krebs.users.dv;
source.nixpkgs.git.ref = mkForce "d7450443c42228832c68fba203a7c15cfcfb264e";
source.nixpkgs.git.ref = mkForce "e924319cb6c74aa2a9c943eddeb0caef79db01bc";
};
networking.networkmanager.enable = true;

4
tv/1systems/cd.nix
View file

@ -16,11 +16,11 @@ with import <stockholm/lib>;
networking = {
interfaces.enp2s1.ip4 = singleton {
address = let
addr = "45.62.237.203";
addr = "64.137.177.226";
in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr;
prefixLength = 24;
};
defaultGateway = "45.62.237.1";
defaultGateway = "64.137.177.1";
nameservers = ["8.8.8.8"];
};

15
tv/1systems/wu.nix
View file

@ -23,7 +23,6 @@ with import <stockholm/lib>;
# stockholm
gnumake
hashPassword
haskellPackages.lentil
parallel
# root
@ -47,7 +46,6 @@ with import <stockholm/lib>;
p7zip
push
qrencode
texLive
tmux
#ack
@ -116,18 +114,23 @@ with import <stockholm/lib>;
boot.initrd.luks = {
cryptoModules = [ "aes" "sha512" "xts" ];
devices = [
{ name = "home"; device = "/dev/vg840/enchome"; preLVM = false; }
{ name = "wuca"; device = "/dev/sda2"; }
];
};
fileSystems = {
"/" = {
device = "/dev/mapper/vg840-wuroot";
device = "/dev/mapper/wuvga-root";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/bku" = {
device = "/dev/mapper/wuvga-bku";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/home" = {
device = "/dev/mapper/home";
device = "/dev/mapper/wuvga-home";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
@ -174,5 +177,5 @@ with import <stockholm/lib>;
KERNEL=="hpet", GROUP="audio"
'';
services.virtualboxHost.enable = true;
virtualisation.virtualbox.host.enable = true;
}

12
tv/2configs/backup.nix
View file

@ -46,12 +46,6 @@ with import <stockholm/lib>;
dst = { host = config.krebs.hosts.zu; path = "/bku/xu-home"; };
startAt = "06:20";
};
xu-pull-cd-ejabberd = {
method = "pull";
src = { host = config.krebs.hosts.cd; path = "/var/ejabberd"; };
dst = { host = config.krebs.hosts.xu; path = "/bku/cd-ejabberd"; };
startAt = "07:00";
};
xu-pull-cd-home = {
method = "pull";
src = { host = config.krebs.hosts.cd; path = "/home"; };
@ -76,12 +70,6 @@ with import <stockholm/lib>;
dst = { host = config.krebs.hosts.xu; path = "/bku/zu-home"; };
startAt = "05:00";
};
zu-pull-cd-ejabberd = {
method = "pull";
src = { host = config.krebs.hosts.cd; path = "/var/ejabberd"; };
dst = { host = config.krebs.hosts.zu; path = "/bku/cd-ejabberd"; };
startAt = "06:00";
};
zu-pull-cd-home = {
method = "pull";
src = { host = config.krebs.hosts.cd; path = "/home"; };

6
tv/2configs/git.nix
View file

@ -2,9 +2,9 @@
with import <stockholm/lib>;
let
let {
out = {
body = {
krebs.git = {
enable = true;
cgit = {
@ -123,4 +123,4 @@ let
perm = fetch;
};
in out
}

8
tv/2configs/hw/w110er.nix
View file

@ -12,9 +12,11 @@
boot.initrd.availableKernelModules = [ "ahci" ];
boot.kernelModules = [ "kvm-intel" ];
boot.loader.gummiboot.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
networking.wireless.enable = true;
nix = {
@ -31,10 +33,6 @@
HandleSuspendKey=ignore
'';
services.xserver = {
vaapiDrivers = [ pkgs.vaapiIntel ];
};
system.activationScripts.powertopTunables = ''
echo 1 > /sys/module/snd_hda_intel/parameters/power_save
echo 1500 > /proc/sys/vm/dirty_writeback_centisecs

2
tv/2configs/urlwatch.nix
View file

@ -47,7 +47,7 @@ with import <stockholm/lib>;
#http://hackage.haskell.org/package/web-page
# ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github*
https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/
https://help.github.com/articles/github-s-ip-addresses/
# <stockholm/tv/2configs/xserver/xserver.conf.nix>
# is derived from `configFile` in:

7
tv/2configs/vim.nix
View file

@ -1,8 +1,8 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
out = {
let {
body = {
environment.systemPackages = [
vim
];
@ -411,5 +411,4 @@ let
catch /^Vim\%((\a\+)\)\=:E484/
endtry
'';
in
out
}

16
tv/3modules/iptables.nix
View file

@ -1,10 +1,10 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
let {
cfg = config.tv.iptables;
out = {
body = {
options.tv.iptables = api;
config = lib.mkIf cfg.enable imp;
};
@ -146,14 +146,4 @@ let
)}
COMMIT
'';
in out
#let
# cfg = config.tv.iptables;
# arg' = arg // { inherit cfg; };
#in
#
#{
# options.tv.iptables = import ./options.nix arg';
# config = lib.mkIf cfg.enable (import ./config.nix arg');
#}
}