diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix
index d87003ac2..a70f1ef5d 100644
--- a/krebs/3modules/Reaktor.nix
+++ b/krebs/3modules/Reaktor.nix
@@ -3,99 +3,88 @@
with import <stockholm/lib>;
let
- ReaktorConfig = pkgs.writeText "config.py" ''
- ${if (isString cfg.overrideConfig ) then ''
- # Overriden Config
- ${cfg.overrideConfig}
- '' else ""}
- ## Extra Config
- ${concatStringsSep "\n" (map (plug: plug.config) cfg.plugins)}
- ${cfg.extraConfig}
- '';
cfg = config.krebs.Reaktor;
+ workdir = "/var/lib/Reaktor";
+
out = {
options.krebs.Reaktor = api;
- config = lib.mkIf cfg.enable imp;
+ config = imp;
};
- api = {
- enable = mkOption {
- default = false;
- description = ''
- Start Reaktor at system boot
- '';
- };
+ api = mkOption {
+ default = {};
+ type = with types; attrsOf (submodule ({ options = {
- nickname = mkOption {
- default = config.krebs.build.host.name + "|r";
- type = types.string;
- description = ''
- The nick name of the irc bot.
- Defaults to {hostname}|r
- '';
- };
+ nickname = mkOption {
+ default = config.krebs.build.host.name + "|r";
+ type = types.string;
+ description = ''
+ The nick name of the irc bot.
+ Defaults to {hostname}|r
+ '';
+ };
- overrideConfig = mkOption {
- default = null;
- type = types.nullOr types.str;
- description = ''
- configuration to be used instead of default ones.
- Reaktor default cfg can be retrieved via `reaktor get-config`
- '';
- };
- plugins = mkOption {
- default = [pkgs.ReaktorPlugins.nixos-version];
- };
- extraConfig = mkOption {
- default = "";
- type = types.string;
- description = ''
- configuration appended to the default or overridden configuration
- '';
- };
+ overrideConfig = mkOption {
+ default = null;
+ type = types.nullOr types.str;
+ description = ''
+ configuration to be used instead of default ones.
+ Reaktor default cfg can be retrieved via `reaktor get-config`
+ '';
+ };
- workdir = mkOption {
- default = "/var/lib/Reaktor";
- type = types.str;
- description = ''
- Reaktor working directory
- '';
- };
- extraEnviron = mkOption {
- default = {};
- type = types.attrsOf types.str;
- description = ''
- Environment to be provided to the service, can be:
- REAKTOR_HOST
- REAKTOR_PORT
- REAKTOR_STATEDIR
+ plugins = mkOption {
+ default = [pkgs.ReaktorPlugins.nixos-version];
+ };
- debug and nickname can be set separately via the Reaktor api
- '';
- };
- channels = mkOption {
- default = [ "#krebs" ];
- type = types.listOf types.str;
- description = ''
- Channels the Reaktor should connect to at startup.
- '';
- };
- debug = mkOption {
- default = false;
- description = ''
- Reaktor debug output
- '';
- };
+ extraConfig = mkOption {
+ default = "";
+ type = types.string;
+ description = ''
+ configuration appended to the default or overridden configuration
+ '';
+ };
+
+ extraEnviron = mkOption {
+ default = {};
+ type = types.attrsOf types.str;
+ description = ''
+ Environment to be provided to the service, can be:
+ REAKTOR_HOST
+ REAKTOR_PORT
+ REAKTOR_STATEDIR
+
+ debug and nickname can be set separately via the Reaktor api
+ '';
+ };
+
+ channels = mkOption {
+ default = [ "#krebs" ];
+ type = types.listOf types.str;
+ description = ''
+ Channels the Reaktor should connect to at startup.
+ '';
+ };
+
+ debug = mkOption {
+ default = false;
+ description = ''
+ Reaktor debug output
+ '';
+ };
+ };}));
};
imp = {
+ # TODO get user per configured bot
+ # TODO get home from api
# for reaktor get-config
users.extraUsers = singleton rec {
name = "Reaktor";
uid = genid name;
description = "Reaktor user";
- home = cfg.workdir;
+ home = workdir;
createHome = true;
};
@@ -104,39 +93,52 @@ let
# gid = config.ids.gids.Reaktor;
#};
- systemd.services.Reaktor = {
- path = with pkgs; [
- utillinux #flock for tell_on-join
- git # for nag
- python # for caps
- ];
- description = "Reaktor IRC Bot";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
- environment = {
- GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
- REAKTOR_NICKNAME = cfg.nickname;
- REAKTOR_DEBUG = (if cfg.debug then "True" else "False");
- REAKTOR_CHANNELS = lib.concatStringsSep "," cfg.channels;
- state_dir = cfg.workdir;
-
- } // cfg.extraEnviron;
- serviceConfig= {
- ExecStartPre = pkgs.writeScript "Reaktor-init" ''
- #! /bin/sh
- ${if (isString cfg.overrideConfig) then
- ''cp ${ReaktorConfig} /tmp/config.py''
- else
- ''(${pkgs.Reaktor}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/config.py''
- }
+ systemd.services = mapAttrs' (name: botcfg:
+ let
+ ReaktorConfig = pkgs.writeText "config.py" ''
+ ${if (isString botcfg.overrideConfig ) then ''
+ # Overriden Config
+ ${botcfg.overrideConfig}
+ '' else ""}
+ ## Extra Config
+ ${concatStringsSep "\n" (map (plug: plug.config) botcfg.plugins)}
+ ${botcfg.extraConfig}
'';
- ExecStart = "${pkgs.Reaktor}/bin/reaktor run /tmp/config.py";
- PrivateTmp = "true";
- User = "Reaktor";
- Restart = "always";
- RestartSec= "30" ;
+ in nameValuePair "Reaktor-${name}" {
+ path = with pkgs; [
+ utillinux #flock for tell_on-join
+ git # for nag
+ python # for caps
+ ];
+ description = "Reaktor IRC Bot";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ environment = {
+ GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ REAKTOR_NICKNAME = botcfg.nickname;
+ REAKTOR_DEBUG = (if botcfg.debug then "True" else "False");
+ REAKTOR_CHANNELS = lib.concatStringsSep "," botcfg.channels;
+ state_dir = workdir;
+
+ } // botcfg.extraEnviron;
+ serviceConfig= {
+ ExecStartPre = pkgs.writeScript "Reaktor-init" ''
+ #! /bin/sh
+ ${if (isString botcfg.overrideConfig) then
+ ''cp ${ReaktorConfig} /tmp/reaktor-${name}-config.py''
+ else
+ ''(${pkgs.Reaktor}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/reaktor-${name}-config.py''
+ }
+ '';
+ ExecStart = "${pkgs.Reaktor}/bin/reaktor run /tmp/reaktor-${name}-config.py";
+ PrivateTmp = "true";
+ User = "Reaktor";
+ Restart = "always";
+ RestartSec= "30" ;
};
- };
+ }
+ ) cfg;
+
};
in
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index bf09b7424..4b17c4abd 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -93,6 +93,7 @@ let
{ krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; }
{ krebs = import ./mv { inherit config; }; }
+ { krebs = import ./nin { inherit config; }; }
{ krebs = import ./shared { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
{
@@ -200,7 +201,7 @@ let
})
//
# GitHub's IPv4 address range is 192.30.252.0/22
- # Refs https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/
+ # Refs https://help.github.com/articles/github-s-ip-addresses/
# 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses)
# Because line length is limited by OPENSSH_LINE_MAX (= 8192),
# we split each /24 into its own entry.
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index c96b14723..bda563f8d 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -2,7 +2,6 @@
with import <stockholm/lib>;
let
- indent = replaceChars ["\n"] ["\n "];
cfg = config.krebs.exim-smarthost;
out = {
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index 94bcbed9d..aed5f595c 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -45,7 +45,7 @@ let
mkdir -p ${shell.escape cfg.stateDir}
cd ${shell.escape cfg.stateDir}
- curl -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper
+ (curl -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
'';
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 164831846..a08dbb32c 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -339,9 +339,11 @@ let
description = "Git repository hosting user";
shell = "/bin/sh";
openssh.authorizedKeys.keys =
- mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
- (filterAttrs (_: user: isString user.pubkey)
- config.krebs.users);
+ unique
+ (sort lessThan
+ (map (makeAuthorizedKey git-ssh-command)
+ (filter (user: isString user.pubkey)
+ (concatMap (getAttr "user") cfg.rules))));
};
};
diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix
index 933c2e513..b28e97e37 100644
--- a/krebs/3modules/nginx.nix
+++ b/krebs/3modules/nginx.nix
@@ -129,8 +129,6 @@ let
};
};
- indent = replaceChars ["\n"] ["\n "];
-
to-acme = { server-names, ssl, ... }:
optionalAttrs ssl.acmeEnable {
email = "lassulus@gmail.com";
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
new file mode 100644
index 000000000..3231c0e23
--- /dev/null
+++ b/krebs/3modules/nin/default.nix
@@ -0,0 +1,65 @@
+{ config, ... }:
+
+with import <stockholm/lib>;
+
+{
+ hosts = mapAttrs (_: setAttr "owner" config.krebs.users.nin) {
+ hiawatha = {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.132.96";
+ ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
+ aliases = [
+ "hiawatha.retiolum"
+ "hiawatha.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
+ Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
+ iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
+ UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
+ lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
+ yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
+ };
+ onondaga = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.132.55";
+ ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
+ aliases = [
+ "onondaga.retiolum"
+ "onondaga.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR
+ OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu
+ htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH
+ xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO
+ kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn
+ hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO";
+ };
+
+ };
+ users = {
+ nin = {
+ mail = "nin@hiawatha.retiolum";
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
+ };
+ };
+}
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index d44c322aa..1220143a7 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -85,7 +85,7 @@ with import <stockholm/lib>;
};
nets = {
internet = {
- ip4.addr = "45.62.237.203";
+ ip4.addr = "64.137.177.226";
aliases = [
"cd.i"
"cd.krebsco.de"
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
index e265b0e67..3f5d66431 100644
--- a/krebs/4lib/infest/prepare.sh
+++ b/krebs/4lib/infest/prepare.sh
@@ -143,10 +143,10 @@ prepare_common() {(
mkdir -p /mnt/boot
if mount | grep -Fq ' on /boot type '; then
- bootdev=$(mount | grep " on /boot type " | sed 's/ .*//')
- mount $bootdev /mnt/boot
+ bootpart=$(mount | grep ' on /boot type ' | sed 's/ .*//')
+ mount $bootpart /mnt/boot
else
- mount --bind /boot/ /mnt/boot
+ mount --bind /boot /mnt/boot
fi
fi
@@ -155,10 +155,12 @@ prepare_common() {(
# prepare install directory
#
- rootpart=$(mount | grep " on / type" | sed 's/ .*//')
+ rootpart=$(mount | grep ' on / type ' | sed 's/ .*//')
mkdir -p /mnt/etc/nixos
mkdir -m 0555 -p /mnt/var/empty
+ mkdir -p /mnt/var/src
+ touch /mnt/var/src/.populate
if ! mount | grep -Fq "$rootpart on /mnt/root type "; then
mkdir -p /mnt/root
diff --git a/krebs/5pkgs/Reaktor/plugins.nix b/krebs/5pkgs/Reaktor/plugins.nix
index a483db32c..d4774dd69 100644
--- a/krebs/5pkgs/Reaktor/plugins.nix
+++ b/krebs/5pkgs/Reaktor/plugins.nix
@@ -116,4 +116,16 @@ rec {
commands.insert(0,titlebot_cmd('clear'))
'';
};
+
+ url-title = (buildSimpleReaktorPlugin "url-title" {
+ pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)$$";
+ path = with pkgs; [ curl perl ];
+ script = pkgs.writeDash "lambda-pl" ''
+ if [ "$#" -gt 0 ]; then
+ curl -SsL --max-time 5 "$1" |
+ perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)(?: - youtube)?\s*<\/title/si'
+ fi
+ '';
+ });
+
}
diff --git a/krebs/5pkgs/bepasty-client-cli/default.nix b/krebs/5pkgs/bepasty-client-cli/default.nix
index 990f99af6..c58e637b3 100644
--- a/krebs/5pkgs/bepasty-client-cli/default.nix
+++ b/krebs/5pkgs/bepasty-client-cli/default.nix
@@ -1,17 +1,18 @@
-{ lib, pkgs, pythonPackages, fetchurl, ... }:
+{ lib, pkgs, pythonPackages, fetchFromGitHub, ... }:
with pythonPackages; buildPythonPackage rec {
- name = "bepasty-client-cli-${version}";
- version = "0.3.0";
+ name = "bepasty-client-cli";
propagatedBuildInputs = [
python_magic
click
requests2
];
- src = fetchurl {
- url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz";
- sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw";
+ src = fetchFromGitHub {
+ owner = "bepasty";
+ repo = "bepasty-client-cli";
+ rev = "4b7135ba8ba1e17501de08ad7b6aca73c0d949d2";
+ sha256 = "1svchyk9zai1vip9ppm12jm7wfjbdr9ijhgcd2n10xh73jrn9cnc";
};
meta = {
diff --git a/krebs/5pkgs/kapacitor/default.nix b/krebs/5pkgs/kapacitor/default.nix
new file mode 100644
index 000000000..804826941
--- /dev/null
+++ b/krebs/5pkgs/kapacitor/default.nix
@@ -0,0 +1,23 @@
+{ stdenv, lib, fetchFromGitHub, buildGoPackage }:
+
+buildGoPackage rec {
+ name = "kapacitor-${version}";
+ version = "1.0.0";
+
+ goPackagePath = "github.com/influxdata/kapacitor";
+
+ src = fetchFromGitHub {
+ owner = "influxdata";
+ repo = "kapacitor";
+ rev = "v${version}";
+ sha256 = "14l9bhj6qdif79s4dyqqbnjgj3m4iarvw0ckld1wdhpdgvl8w9qh";
+ };
+
+ meta = with lib; {
+ description = "Open source framework for processing, monitoring, and alerting on time series data";
+ license = licenses.mit;
+ homepage = https://influxdata.com/time-series-platform/kapacitor/;
+ maintainers = with maintainers; [offline];
+ platforms = with platforms; linux;
+ };
+}
diff --git a/krebs/5pkgs/telegraf/default.nix b/krebs/5pkgs/telegraf/default.nix
new file mode 100644
index 000000000..996c839ac
--- /dev/null
+++ b/krebs/5pkgs/telegraf/default.nix
@@ -0,0 +1,27 @@
+{ lib, buildGoPackage, fetchFromGitHub }:
+
+buildGoPackage rec {
+ name = "telegraf-${version}";
+ version = "1.1.2";
+
+ goPackagePath = "github.com/influxdata/telegraf";
+
+ excludedPackages = "test";
+
+ src = fetchFromGitHub {
+ owner = "influxdata";
+ repo = "telegraf";
+ rev = "${version}";
+ sha256 = "0dgrbdyz261j28wcq636125ha4xmfgh4y9shlg8m1y6jqdqd2zf2";
+ };
+
+ goDeps = ./. + builtins.toPath "/deps-${version}.nix";
+
+ meta = with lib; {
+ description = "The plugin-driven server agent for collecting & reporting metrics.";
+ license = licenses.mit;
+ homepage = https://www.influxdata.com/time-series-platform/telegraf/;
+ maintainers = with maintainers; [ mic92 roblabla ];
+ platforms = platforms.linux;
+ };
+}
diff --git a/krebs/5pkgs/telegraf/deps-1.1.2.nix b/krebs/5pkgs/telegraf/deps-1.1.2.nix
new file mode 100644
index 000000000..b62ae44db
--- /dev/null
+++ b/krebs/5pkgs/telegraf/deps-1.1.2.nix
@@ -0,0 +1,588 @@
+# This file was generated by go2nix.
+[
+ {
+ goPackagePath = "github.com/Shopify/sarama";
+ fetch = {
+ type = "git";
+ url = "https://github.com/Shopify/sarama";
+ rev = "8aadb476e66ca998f2f6bb3c993e9a2daa3666b9";
+ sha256 = "1ndaddqcll9r22jg9x36acanxv5ds3xwahrm4b6nmmg06670gksv";
+ };
+ }
+ {
+ goPackagePath = "github.com/Sirupsen/logrus";
+ fetch = {
+ type = "git";
+ url = "https://github.com/Sirupsen/logrus";
+ rev = "219c8cb75c258c552e999735be6df753ffc7afdc";
+ sha256 = "04v55846v1535dplldyjhr0yqxl6n1mr4kiy2vz3ragv92xpshr6";
+ };
+ }
+ {
+ goPackagePath = "github.com/aerospike/aerospike-client-go";
+ fetch = {
+ type = "git";
+ url = "https://github.com/aerospike/aerospike-client-go";
+ rev = "7f3a312c3b2a60ac083ec6da296091c52c795c63";
+ sha256 = "05ancqplckvni9xp6xd4bv2pgkfa4v23svfcg27m8xinzi4ry219";
+ };
+ }
+ {
+ goPackagePath = "github.com/amir/raidman";
+ fetch = {
+ type = "git";
+ url = "https://github.com/amir/raidman";
+ rev = "53c1b967405155bfc8758557863bf2e14f814687";
+ sha256 = "08a6zz4akkm7lk02w53vfhkxdf0ikv32x41rc4jyi2qaf0wyw6b4";
+ };
+ }
+ {
+ goPackagePath = "github.com/aws/aws-sdk-go";
+ fetch = {
+ type = "git";
+ url = "https://github.com/aws/aws-sdk-go";
+ rev = "13a12060f716145019378a10e2806c174356b857";
+ sha256 = "09yl85kk2y4ayk44af5rbnkq4vy82vbh2z5ac4vpl2vgv7zyh46h";
+ };
+ }
+ {
+ goPackagePath = "github.com/beorn7/perks";
+ fetch = {
+ type = "git";
+ url = "https://github.com/beorn7/perks";
+ rev = "3ac7bf7a47d159a033b107610db8a1b6575507a4";
+ sha256 = "1qc3l4r818xpvrhshh1sisc5lvl9479qspcfcdbivdyh0apah83r";
+ };
+ }
+ {
+ goPackagePath = "github.com/cenkalti/backoff";
+ fetch = {
+ type = "git";
+ url = "https://github.com/cenkalti/backoff";
+ rev = "4dc77674aceaabba2c7e3da25d4c823edfb73f99";
+ sha256 = "0icf4vrgzksr0g8h6y00rd92h1mym6waf3mbqpf890bkw60gnm0w";
+ };
+ }
+ {
+ goPackagePath = "github.com/couchbase/go-couchbase";
+ fetch = {
+ type = "git";
+ url = "https://github.com/couchbase/go-couchbase";
+ rev = "cb664315a324d87d19c879d9cc67fda6be8c2ac1";
+ sha256 = "1dfw1apwrlfwl7bahb6dy5g9z2vs431l4lpaj3k9bnm13p0awivr";
+ };
+ }
+ {
+ goPackagePath = "github.com/couchbase/gomemcached";
+ fetch = {
+ type = "git";
+ url = "https://github.com/couchbase/gomemcached";
+ rev = "a5ea6356f648fec6ab89add00edd09151455b4b2";
+ sha256 = "00x57qqdv9ciyxiw2y6p4s65sfgi4cs6zi39qlqlw90nh133xnwi";
+ };
+ }
+ {
+ goPackagePath = "github.com/couchbase/goutils";
+ fetch = {
+ type = "git";
+ url = "https://github.com/couchbase/goutils";
+ rev = "5823a0cbaaa9008406021dc5daf80125ea30bba6";
+ sha256 = "15v5ps2i2y2hczwxs2ci4c2w4p3pn3bl7vc5wlaqnc7i14f9285c";
+ };
+ }
+ {
+ goPackagePath = "github.com/dancannon/gorethink";
+ fetch = {
+ type = "git";
+ url = "https://github.com/dancannon/gorethink";
+ rev = "e7cac92ea2bc52638791a021f212145acfedb1fc";
+ sha256 = "0f9gwsqf93qzvfpdwgam7vcfzrrkcj2s9ms4p056kcyxv9snwq3g";
+ };
+ }
+ {
+ goPackagePath = "github.com/davecgh/go-spew";
+ fetch = {
+ type = "git";
+ url = "https://github.com/davecgh/go-spew";
+ rev = "5215b55f46b2b919f50a1df0eaa5886afe4e3b3d";
+ sha256 = "15h9kl73rdbzlfmsdxp13jja5gs7sknvqkpq2qizq3qv3nr1x8dk";
+ };
+ }
+ {
+ goPackagePath = "github.com/docker/engine-api";
+ fetch = {
+ type = "git";
+ url = "https://github.com/docker/engine-api";
+ rev = "8924d6900370b4c7e7984be5adc61f50a80d7537";
+ sha256 = "1klimc3d1a2vfgl14a7js20ricpghq5jzvh8l46kf87ycjwc0q4n";
+ };
+ }
+ {
+ goPackagePath = "github.com/docker/go-connections";
+ fetch = {
+ type = "git";
+ url = "https://github.com/docker/go-connections";
+ rev = "f549a9393d05688dff0992ef3efd8bbe6c628aeb";
+ sha256 = "0k1yf4bimmwxc0qiz997nagfmddbm8nwb0c1q16387m8lgw1gbwg";
+ };
+ }
+ {
+ goPackagePath = "github.com/docker/go-units";
+ fetch = {
+ type = "git";
+ url = "https://github.com/docker/go-units";
+ rev = "5d2041e26a699eaca682e2ea41c8f891e1060444";
+ sha256 = "0hn8xdbaykp046inc4d2mwig5ir89ighma8hk18dfkm8rh1vvr8i";
+ };
+ }
+ {
+ goPackagePath = "github.com/eapache/go-resiliency";
+ fetch = {
+ type = "git";
+ url = "https://github.com/eapache/go-resiliency";
+ rev = "b86b1ec0dd4209a588dc1285cdd471e73525c0b3";
+ sha256 = "1kzv95bh3nidm2cr7iv9lk3s2qiw1i17n8gyl2x6xk6qv8b0bc21";
+ };
+ }
+ {
+ goPackagePath = "github.com/eapache/queue";
+ fetch = {
+ type = "git";
+ url = "https://github.com/eapache/queue";
+ rev = "ded5959c0d4e360646dc9e9908cff48666781367";
+ sha256 = "0inclypw0kln8hsn34c5ww34h0qa9fcqwak93lac5dp59rz5430n";
+ };
+ }
+ {
+ goPackagePath = "github.com/eclipse/paho.mqtt.golang";
+ fetch = {
+ type = "git";
+ url = "https://github.com/eclipse/paho.mqtt.golang";
+ rev = "0f7a459f04f13a41b7ed752d47944528d4bf9a86";
+ sha256 = "13l6mrx9z859r4r7kpa9rsbf4ni7dn6xgz8iyv2xnz53pqffanjh";
+ };
+ }
+ {
+ goPackagePath = "github.com/go-sql-driver/mysql";
+ fetch = {
+ type = "git";
+ url = "https://github.com/go-sql-driver/mysql";
+ rev = "1fca743146605a172a266e1654e01e5cd5669bee";
+ sha256 = "02vbq8j4r3skg3fmiv1wvjqh1542dr515w8f3d42b5lpwc1fsn38";
+ };
+ }
+ {
+ goPackagePath = "github.com/gobwas/glob";
+ fetch = {
+ type = "git";
+ url = "https://github.com/gobwas/glob";
+ rev = "49571a1557cd20e6a2410adc6421f85b66c730b5";
+ sha256 = "16j7pdxajqrl20a737p7kgsngr2f7gkkpgqxxmfkrmgckgkc8cvk";
+ };
+ }
+ {
+ goPackagePath = "github.com/golang/protobuf";
+ fetch = {
+ type = "git";
+ url = "https://github.com/golang/protobuf";
+ rev = "552c7b9542c194800fd493123b3798ef0a832032";
+ sha256 = "1zaw1xxnvgsvfcrv5xkn1f7p87vyh9i6mc44csl11fgc2hvqp6xm";
+ };
+ }
+ {
+ goPackagePath = "github.com/golang/snappy";
+ fetch = {
+ type = "git";
+ url = "https://github.com/golang/snappy";
+ rev = "d9eb7a3d35ec988b8585d4a0068e462c27d28380";
+ sha256 = "0wynarlr1y8sm9y9l29pm9dgflxriiialpwn01066snzjxnpmbyn";
+ };
+ }
+ {
+ goPackagePath = "github.com/gonuts/go-shellquote";
+ fetch = {
+ type = "git";
+ url = "https://github.com/gonuts/go-shellquote";
+ rev = "e842a11b24c6abfb3dd27af69a17f482e4b483c2";
+ sha256 = "19lbz7wl241bsyzsv2ai40b2vnj8c9nl107b6jf9gid3i6h0xydg";
+ };
+ }
+ {
+ goPackagePath = "github.com/gorilla/context";
+ fetch = {
+ type = "git";
+ url = "https://github.com/gorilla/context";
+ rev = "1ea25387ff6f684839d82767c1733ff4d4d15d0a";
+ sha256 = "1nh1nzxcsgd215x4xn59wc4cbqfa8zvhvnnx5p8fkrn4bj1cgak4";
+ };
+ }
+ {
+ goPackagePath = "github.com/gorilla/mux";
+ fetch = {
+ type = "git";
+ url = "https://github.com/gorilla/mux";
+ rev = "c9e326e2bdec29039a3761c07bece13133863e1e";
+ sha256 = "1bplp6v14isjdfpf8328k8bvkn35n451axkxlm822d9h5ccg47g6";
+ };
+ }
+ {
+ goPackagePath = "github.com/hailocab/go-hostpool";
+ fetch = {
+ type = "git";
+ url = "https://github.com/hailocab/go-hostpool";
+ rev = "e80d13ce29ede4452c43dea11e79b9bc8a15b478";
+ sha256 = "05ld4wp3illkbgl043yf8jq9y1ld0zzvrcg8jdij129j50xgfxny";
+ };
+ }
+ {
+ goPackagePath = "github.com/hashicorp/consul";
+ fetch = {
+ type = "git";
+ url = "https://github.com/hashicorp/consul";
+ rev = "5aa90455ce78d4d41578bafc86305e6e6b28d7d2";
+ sha256 = "1xas814kkhwnjg5ghhlkgygcgi5p7h6dczmpbrzzh3yygbfdzxgw";
+ };
+ }
+ {
+ goPackagePath = "github.com/hpcloud/tail";
+ fetch = {
+ type = "git";
+ url = "https://github.com/hpcloud/tail";
+ rev = "b2940955ab8b26e19d43a43c4da0475dd81bdb56";
+ sha256 = "1x266pdfvcymsbdrdsns06qq5qfjb62z6h4512ylhakbm64qkn4s";
+ };
+ }
+ {
+ goPackagePath = "github.com/influxdata/config";
+ fetch = {
+ type = "git";
+ url = "https://github.com/influxdata/config";
+ rev = "b79f6829346b8d6e78ba73544b1e1038f1f1c9da";
+ sha256 = "0k4iywy83n3kq2f58a41rjinj03wp1di67aacpf04p25qmf46c4z";
+ };
+ }
+ {
+ goPackagePath = "github.com/influxdata/influxdb";
+ fetch = {
+ type = "git";
+ url = "https://github.com/influxdata/influxdb";
+ rev = "fc57c0f7c635df3873f3d64f0ed2100ddc94d5ae";
+ sha256 = "07cv1gryp4a84a2acgc8k8alr7jw4jwphf12cby8jjy1br35jrbq";
+ };
+ }
+ {
+ goPackagePath = "github.com/influxdata/toml";
+ fetch = {
+ type = "git";
+ url = "https://github.com/influxdata/toml";
+ rev = "af4df43894b16e3fd2b788d01bd27ad0776ef2d0";
+ sha256 = "1faf51s89sk1z41qfsazmddgwll7jq9xna67k3h3vry86c4vs2j4";
+ };
+ }
+ {
+ goPackagePath = "github.com/influxdata/wlog";
+ fetch = {
+ type = "git";
+ url = "https://github.com/influxdata/wlog";
+ rev = "7c63b0a71ef8300adc255344d275e10e5c3a71ec";
+ sha256 = "04kw4kivxvr3kkmghj3427b1xyhzbhnfr971qfn3lv2vvhs8kpfl";
+ };
+ }
+ {
+ goPackagePath = "github.com/kardianos/osext";
+ fetch = {
+ type = "git";
+ url = "https://github.com/kardianos/osext";
+ rev = "29ae4ffbc9a6fe9fb2bc5029050ce6996ea1d3bc";
+ sha256 = "1mawalaz84i16njkz6f9fd5jxhcbxkbsjnav3cmqq2dncv2hyv8a";
+ };
+ }
+ {
+ goPackagePath = "github.com/kardianos/service";
+ fetch = {
+ type = "git";
+ url = "https://github.com/kardianos/service";
+ rev = "5e335590050d6d00f3aa270217d288dda1c94d0a";
+ sha256 = "1g10qisgywfqj135yyiq63pnbjgr201gz929ydlgyzqq6yk3bn3h";
+ };
+ }
+ {
+ goPackagePath = "github.com/klauspost/crc32";
+ fetch = {
+ type = "git";
+ url = "https://github.com/klauspost/crc32";
+ rev = "19b0b332c9e4516a6370a0456e6182c3b5036720";
+ sha256 = "0fcnsf1m0bzplgp28dz8skza6l7rc65s180x85rzbdl9l3zzi43r";
+ };
+ }
+ {
+ goPackagePath = "github.com/lib/pq";
+ fetch = {
+ type = "git";
+ url = "https://github.com/lib/pq";
+ rev = "e182dc4027e2ded4b19396d638610f2653295f36";
+ sha256 = "1636v3snixapjf7rbjq0xn1sbym7hwckqfla0dm5cr4a5q4fw5cj";
+ };
+ }
+ {
+ goPackagePath = "github.com/matttproud/golang_protobuf_extensions";
+ fetch = {
+ type = "git";
+ url = "https://github.com/matttproud/golang_protobuf_extensions";
+ rev = "d0c3fe89de86839aecf2e0579c40ba3bb336a453";
+ sha256 = "0jkjgpi1s8l9bdbf14fh8050757jqy36kn1l1hxxlb2fjn1pcg0r";
+ };
+ }
+ {
+ goPackagePath = "github.com/miekg/dns";
+ fetch = {
+ type = "git";
+ url = "https://github.com/miekg/dns";
+ rev = "cce6c130cdb92c752850880fd285bea1d64439dd";
+ sha256 = "098gadhfjiijlgq497gbccvf26xrmjvln1fws56m0ljcgszq3jdx";
+ };
+ }
+ {
+ goPackagePath = "github.com/mreiferson/go-snappystream";
+ fetch = {
+ type = "git";
+ url = "https://github.com/mreiferson/go-snappystream";
+ rev = "028eae7ab5c4c9e2d1cb4c4ca1e53259bbe7e504";
+ sha256 = "0jdd5whp74nvg35d9hzydsi3shnb1vrnd7shi9qz4wxap7gcrid6";
+ };
+ }
+ {
+ goPackagePath = "github.com/naoina/go-stringutil";
+ fetch = {
+ type = "git";
+ url = "https://github.com/naoina/go-stringutil";
+ rev = "6b638e95a32d0c1131db0e7fe83775cbea4a0d0b";
+ sha256 = "00831p1wn3rimybk1z8l30787kn1akv5jax5wx743nn76qcmkmc6";
+ };
+ }
+ {
+ goPackagePath = "github.com/nats-io/nats";
+ fetch = {
+ type = "git";
+ url = "https://github.com/nats-io/nats";
+ rev = "ea8b4fd12ebb823073c0004b9f09ac8748f4f165";
+ sha256 = "0i5f6n9k0d2vzdy20sqygmss5j45y72irxsi80grjsh7qkxa6vn1";
+ };
+ }
+ {
+ goPackagePath = "github.com/nats-io/nuid";
+ fetch = {
+ type = "git";
+ url = "https://github.com/nats-io/nuid";
+ rev = "a5152d67cf63cbfb5d992a395458722a45194715";
+ sha256 = "0fphar5bz735wwa7549j31nxnm5a9dyw472gs9zafz0cv7g8np40";
+ };
+ }
+ {
+ goPackagePath = "github.com/nsqio/go-nsq";
+ fetch = {
+ type = "git";
+ url = "https://github.com/nsqio/go-nsq";
+ rev = "0b80d6f05e15ca1930e0c5e1d540ed627e299980";
+ sha256 = "1zi9jazjfzilp2g0xy30dlx9nd9g47cjqrnqxallly97mz9n01xr";
+ };
+ }
+ {
+ goPackagePath = "github.com/opencontainers/runc";
+ fetch = {
+ type = "git";
+ url = "https://github.com/opencontainers/runc";
+ rev = "89ab7f2ccc1e45ddf6485eaa802c35dcf321dfc8";
+ sha256 = "1rnaqcsww7plr430r4ksv9si4l91l25li0bwa1b03g3sn2shirk1";
+ };
+ }
+ {
+ goPackagePath = "github.com/prometheus/client_golang";
+ fetch = {
+ type = "git";
+ url = "https://github.com/prometheus/client_golang";
+ rev = "18acf9993a863f4c4b40612e19cdd243e7c86831";
+ sha256 = "1gyjvwnvgyl0fs4hd2vp5hj1dsafhwb2h55w8zgzdpshvhwrpmhv";
+ };
+ }
+ {
+ goPackagePath = "github.com/prometheus/client_model";
+ fetch = {
+ type = "git";
+ url = "https://github.com/prometheus/client_model";
+ rev = "fa8ad6fec33561be4280a8f0514318c79d7f6cb6";
+ sha256 = "11a7v1fjzhhwsl128znjcf5v7v6129xjgkdpym2lial4lac1dhm9";
+ };
+ }
+ {
+ goPackagePath = "github.com/prometheus/common";
+ fetch = {
+ type = "git";
+ url = "https://github.com/prometheus/common";
+ rev = "e8eabff8812b05acf522b45fdcd725a785188e37";
+ sha256 = "08magd2aw7dqaa8bbv85404zvy120ify61msfpy75az5rdl5anxq";
+ };
+ }
+ {
+ goPackagePath = "github.com/prometheus/procfs";
+ fetch = {
+ type = "git";
+ url = "https://github.com/prometheus/procfs";
+ rev = "406e5b7bfd8201a36e2bb5f7bdae0b03380c2ce8";
+ sha256 = "0yla9hz15pg63394ygs9iiwzsqyv29labl8p424hijwsc9z9nka8";
+ };
+ }
+ {
+ goPackagePath = "github.com/samuel/go-zookeeper";
+ fetch = {
+ type = "git";
+ url = "https://github.com/samuel/go-zookeeper";
+ rev = "218e9c81c0dd8b3b18172b2bbfad92cc7d6db55f";
+ sha256 = "1v0m6wn83v4pbqz6hs7z1h5hbjk7k6npkpl7icvcxdcjd7rmyjp2";
+ };
+ }
+ {
+ goPackagePath = "github.com/shirou/gopsutil";
+ fetch = {
+ type = "git";
+ url = "https://github.com/shirou/gopsutil";
+ rev = "4d0c402af66c78735c5ccf820dc2ca7de5e4ff08";
+ sha256 = "1wkp7chzpz6brq2y0k2mvsf0iaknns279wfsjn5gm6gvih49lqni";
+ };
+ }
+ {
+ goPackagePath = "github.com/soniah/gosnmp";
+ fetch = {
+ type = "git";
+ url = "https://github.com/soniah/gosnmp";
+ rev = "3fe3beb30fa9700988893c56a63b1df8e1b68c26";
+ sha256 = "0a0vlxx1plqj9fi863wd8ajbzl705wgma4qk75v949azgn1yx9ib";
+ };
+ }
+ {
+ goPackagePath = "github.com/streadway/amqp";
+ fetch = {
+ type = "git";
+ url = "https://github.com/streadway/amqp";
+ rev = "b4f3ceab0337f013208d31348b578d83c0064744";
+ sha256 = "1whcg2l6w2q7xrkk8q5y95i90ckq72bpgksii9ibrpyixbx7p5xp";
+ };
+ }
+ {
+ goPackagePath = "github.com/stretchr/testify";
+ fetch = {
+ type = "git";
+ url = "https://github.com/stretchr/testify";
+ rev = "1f4a1643a57e798696635ea4c126e9127adb7d3c";
+ sha256 = "0nam9d68rn8ha8ldif22kkgv6k6ph3y88fp26159wdrs63ca3bzl";
+ };
+ }
+ {
+ goPackagePath = "github.com/vjeantet/grok";
+ fetch = {
+ type = "git";
+ url = "https://github.com/vjeantet/grok";
+ rev = "83bfdfdfd1a8146795b28e547a8e3c8b28a466c2";
+ sha256 = "03zdcg9gy482gbasa7sw4cpw1k1n3dr2q06q80qnkqn268p7hp80";
+ };
+ }
+ {
+ goPackagePath = "github.com/wvanbergen/kafka";
+ fetch = {
+ type = "git";
+ url = "https://github.com/wvanbergen/kafka";
+ rev = "46f9a1cf3f670edec492029fadded9c2d9e18866";
+ sha256 = "1czmbilprffdbwnrq4wcllaqknbq91l6p0ni6b55fkaggnwck694";
+ };
+ }
+ {
+ goPackagePath = "github.com/wvanbergen/kazoo-go";
+ fetch = {
+ type = "git";
+ url = "https://github.com/wvanbergen/kazoo-go";
+ rev = "0f768712ae6f76454f987c3356177e138df258f8";
+ sha256 = "1paaayg03nknbnl3kdl0ybqv4llz7iwry7f29i0bh9srb6c87x16";
+ };
+ }
+ {
+ goPackagePath = "github.com/yuin/gopher-lua";
+ fetch = {
+ type = "git";
+ url = "https://github.com/yuin/gopher-lua";
+ rev = "bf3808abd44b1e55143a2d7f08571aaa80db1808";
+ sha256 = "02m7ly5yzc3snvxlfl9j4ggwd7v0kpvy3pqgqbfr7scdjxdap4nm";
+ };
+ }
+ {
+ goPackagePath = "github.com/zensqlmonitor/go-mssqldb";
+ fetch = {
+ type = "git";
+ url = "https://github.com/zensqlmonitor/go-mssqldb";
+ rev = "ffe5510c6fa5e15e6d983210ab501c815b56b363";
+ sha256 = "079x8ms8lv5p6253ppaxva37k6w04xnd38y8763rr2giswxqzlkl";
+ };
+ }
+ {
+ goPackagePath = "golang.org/x/crypto";
+ fetch = {
+ type = "git";
+ url = "https://go.googlesource.com/crypto";
+ rev = "c197bcf24cde29d3f73c7b4ac6fd41f4384e8af6";
+ sha256 = "1y2bbghi594m8p4pcm9pwrzql06179xj6zvhaghwcc6y0l48rbgp";
+ };
+ }
+ {
+ goPackagePath = "golang.org/x/net";
+ fetch = {
+ type = "git";
+ url = "https://go.googlesource.com/net";
+ rev = "6acef71eb69611914f7a30939ea9f6e194c78172";
+ sha256 = "1fcsv50sbq0lpzrhx3m9jw51wa255fsbqjwsx9iszq4d0gysnnvc";
+ };
+ }
+ {
+ goPackagePath = "golang.org/x/text";
+ fetch = {
+ type = "git";
+ url = "https://go.googlesource.com/text";
+ rev = "a71fd10341b064c10f4a81ceac72bcf70f26ea34";
+ sha256 = "1igxqrgnnb6983fl0yck0xal2hwnkcgbslr7cxyrg7a65vawd0q1";
+ };
+ }
+ {
+ goPackagePath = "gopkg.in/dancannon/gorethink.v1";
+ fetch = {
+ type = "git";
+ url = "https://gopkg.in/dancannon/gorethink.v1";
+ rev = "7d1af5be49cb5ecc7b177bf387d232050299d6ef";
+ sha256 = "0036hcadshka19bcqmq4mm9ssl9qhsx1n96lj1y24mh9g1api8fi";
+ };
+ }
+ {
+ goPackagePath = "gopkg.in/fatih/pool.v2";
+ fetch = {
+ type = "git";
+ url = "https://gopkg.in/fatih/pool.v2";
+ rev = "cba550ebf9bce999a02e963296d4bc7a486cb715";
+ sha256 = "1jlrakgnpvhi2ny87yrsj1gyrcncfzdhypa9i2mlvvzqlj4r0dn0";
+ };
+ }
+ {
+ goPackagePath = "gopkg.in/mgo.v2";
+ fetch = {
+ type = "git";
+ url = "https://gopkg.in/mgo.v2";
+ rev = "d90005c5262a3463800497ea5a89aed5fe22c886";
+ sha256 = "1z81k6mnfk07hkrkw31l16qycyiwa6wzyhysmywgkh58sm5dc9m7";
+ };
+ }
+ {
+ goPackagePath = "gopkg.in/yaml.v2";
+ fetch = {
+ type = "git";
+ url = "https://gopkg.in/yaml.v2";
+ rev = "a83829b6f1293c91addabc89d0571c246397bbf4";
+ sha256 = "1m4dsmk90sbi17571h6pld44zxz7jc4lrnl4f27dpd1l8g5xvjhh";
+ };
+ }
+]
diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix
index 3998fc177..b869a67a7 100644
--- a/lass/1systems/icarus.nix
+++ b/lass/1systems/icarus.nix
@@ -14,15 +14,6 @@ with import <stockholm/lib>;
../2configs/fetchWallpaper.nix
../2configs/backups.nix
../2configs/games.nix
- #{
- # users.extraUsers = {
- # root = {
- # openssh.authorizedKeys.keys = map readFile [
- # ../../krebs/Zpubkeys/uriel.ssh.pub
- # ];
- # };
- # };
- #}
];
krebs.build.host = config.krebs.hosts.icarus;
@@ -31,20 +22,27 @@ with import <stockholm/lib>;
loader.grub.enable = true;
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
+ loader.grub.enableCryptodisk = true;
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- #kernelModules = [ "kvm-intel" "msr" ];
};
fileSystems = {
"/" = {
- device = "/dev/pool/nix";
+ device = "/dev/mapper/pool-root";
fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
-
- "/boot" = {
- device = "/dev/sda1";
+ "/bku" = {
+ device = "/dev/mapper/pool-bku";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/home" = {
+ device = "/dev/mapper/pool-home";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/tmp" = {
device = "tmpfs";
@@ -54,7 +52,7 @@ with import <stockholm/lib>;
};
services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
}
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 012bd359f..dde867eb3 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -256,11 +256,6 @@ with import <stockholm/lib>;
fsType = "ext4";
};
- "/bku" = {
- device = "/dev/big/backups";
- fsType = "ext4";
- };
-
"/home/games/.local/share/Steam" = {
device = "/dev/big/steam";
fsType = "ext4";
@@ -289,7 +284,7 @@ with import <stockholm/lib>;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
#TODO activationScripts seem broken, fix them!
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 854c98f46..d8980a10c 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -12,6 +12,22 @@ let
in {
imports = [
../.
+ {
+ networking.interfaces.et0.ip4 = [
+ {
+ address = ip;
+ prefixLength = 24;
+ }
+ ];
+ networking.defaultGateway = "213.239.205.225";
+ networking.nameservers = [
+ "8.8.8.8"
+ ];
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
+ '';
+
+ }
../2configs/retiolum.nix
../2configs/exim-smarthost.nix
../2configs/downloading.nix
@@ -48,22 +64,6 @@ in {
lock.gid = 10001;
};
}
- {
- networking.interfaces.et0.ip4 = [
- {
- address = ip;
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = "213.239.205.225";
- networking.nameservers = [
- "8.8.8.8"
- ];
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
- '';
-
- }
{
boot.loader.grub = {
devices = [
@@ -226,6 +226,130 @@ in {
enable = true;
};
}
+ {
+ users.users.nin = {
+ uid = genid "nin";
+ inherit (config.krebs.users.nin) home;
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.nin.pubkey
+ ];
+ extraGroups = [
+ "libvirtd"
+ ];
+ };
+ krebs.git.rules = [
+ {
+ user = [ config.krebs.users.nin ];
+ repo = [ config.krebs.git.repos.stockholm ];
+ perm = with git; push "refs/heads/nin" [ fast-forward non-fast-forward create delete merge ];
+ }
+ ];
+ krebs.repo-sync.repos.stockholm.nin = {
+ origin.url = "http://cgit.prism/stockholm";
+ origin.ref = "heads/nin";
+ mirror.url = "git@${config.networking.hostName}:stockholm";
+ };
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; }
+ ];
+ krebs.iptables.tables.filter.FORWARD.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
+ ];
+ }
+ {
+ krebs.Reaktor.coders = {
+ nickname = "reaktor-lass";
+ channels = [ "#coders" ];
+ extraEnviron = {
+ REAKTOR_HOST = "irc.hackint.org";
+ };
+ plugins = with pkgs.ReaktorPlugins; let
+ lambdabotflags = ''
+ -XStandaloneDeriving -XGADTs -XFlexibleContexts \
+ -XFlexibleInstances -XMultiParamTypeClasses \
+ -XOverloadedStrings -XFunctionalDependencies \'';
+ in [
+ sed-plugin
+ url-title
+ (buildSimpleReaktorPlugin "lambdabot-pl" {
+ pattern = "^@pl (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-pl" ''
+ exec ${pkgs.lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@pl $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "lambdabot-type" {
+ pattern = "^@type (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-type" ''
+ exec ${pkgs.lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@type $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "lambdabot-let" {
+ pattern = "^@let (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-let" ''
+ exec ${pkgs.lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@let $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "lambdabot-run" {
+ pattern = "^@run (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-run" ''
+ exec ${pkgs.lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@run $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "lambdabot-kind" {
+ pattern = "^@kind (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-kind" ''
+ exec ${pkgs.lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@kind $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "lambdabot-kind" {
+ pattern = "^@kind (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-kind" ''
+ exec ${pkgs.lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@kind $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "random-unicorn-porn" {
+ pattern = "^!rup$$";
+ script = pkgs.writePython2 "rup" ''
+ #!${pkgs.python2}/bin/python
+ t1 = """
+ _.
+ ;=',_ ()
+ 8===D~~ S" .--`||
+ sS \__ ||
+ __.' ( \-->||
+ _=/ _./-\/ ||
+ 8===D~~ ((\( /-' -'l ||
+ ) |/ \\ (_))
+ \\ \\
+ '~ '~
+ """
+ print(t1)
+ '';
+ })
+ (buildSimpleReaktorPlugin "ping" {
+ pattern = "^!ping (?P<args>.*)$$";
+ script = pkgs.writeDash "ping" ''
+ exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
+ '';
+ })
+ ];
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 095898380..232e91d90 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -59,17 +59,13 @@ with import <stockholm/lib>;
fileSystems = {
"/" = {
device = "/dev/pool/nix";
- fsType = "ext4";
+ fsType = "btrfs";
};
"/boot" = {
device = "/dev/sda1";
};
- "/home/lass" = {
- device = "/dev/pool/home-lass";
- fsType = "ext4";
- };
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
@@ -77,7 +73,7 @@ with import <stockholm/lib>;
};
"/bku" = {
device = "/dev/pool/bku";
- fsType = "ext4";
+ fsType = "btrfs";
};
};
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 1e796015a..e879e8e58 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -7,12 +7,21 @@ in {
./xserver
./mpv.nix
./power-action.nix
+ ./screenlock.nix
{
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
}
+ {
+ krebs.per-user.lass.packages = [
+ pkgs.sshuttle
+ ];
+ security.sudo.extraConfig = ''
+ lass ALL= (root) NOPASSWD:SETENV: ${pkgs.sshuttle}/bin/.sshuttle-wrapped
+ '';
+ }
];
users.extraUsers.mainUser.extraGroups = [ "audio" "video" ];
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 6fea97728..911b7738a 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -9,7 +9,6 @@ with import <stockholm/lib>;
../2configs/mc.nix
../2configs/nixpkgs.nix
../2configs/vim.nix
- ../2configs/zsh.nix
./backups.nix
{
users.extraUsers =
@@ -56,6 +55,12 @@ with import <stockholm/lib>;
SSL_CERT_FILE = ca-bundle;
};
})
+ {
+ #for sshuttle
+ environment.systemPackages = [
+ pkgs.pythonPackages.python
+ ];
+ }
];
networking.hostName = config.krebs.build.host.name;
@@ -86,8 +91,6 @@ with import <stockholm/lib>;
#why is this on in the first place?
services.nscd.enable = false;
- boot.tmpOnTmpfs = true;
- # see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
@@ -156,13 +159,17 @@ with import <stockholm/lib>;
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]\w\[\033[0m\] '
+ PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
elif test $UID = 1337; then
PS1='\[\033[1;32m\]\w\[\033[0m\] '
+ PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
else
PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
+ PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
+ PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
fi
'';
};
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index a724e2e45..cf084ea8f 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -8,5 +8,9 @@ in {
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
url = "prism/wallpaper.png";
};
+ systemd.services.fetchWallpaper = {
+ after = [ "xmonad.service" ];
+ wantedBy = [ "xmonad.service" ];
+ };
}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index ded0922b8..d7ec39f2d 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -56,7 +56,8 @@ let
channel = "#retiolum";
server = "ni.r";
verbose = config.krebs.build.host.name == "prism";
- branches = [ "master" ];
+ # TODO define branches in some kind of option per repo
+ branches = [ "master" "newest" "nin" ];
};
};
};
diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix
index f6f09e226..7d4d544aa 100644
--- a/lass/2configs/hfos.nix
+++ b/lass/2configs/hfos.nix
@@ -7,7 +7,7 @@ with import <stockholm/lib>;
isNormalUser = true;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5NnADMRySix1kcxQwseHfem/SCDmkbvwc+ZZu7HFz4zss1k4Fh1knsukMY83zlno8p/8bBPWyixLTxuZHNy26af8GP95bvV3brnpRmrijkE4dOlpd+wvPcIyTKNunJvMzNDP/ry9g2GczEZKGWvQZudq/nI54HaCaRWM2kzEMEg8Rr9SGlZEKo8B+8HGVsz1a8USOnm8dqYP9dmfLdpy/s+7yWJSPh8wokvWeOOrahirOhO99ZfXm2gcdHqSKvbD2+4EYEm5w8iFrbYBT2wZ3u9ZOiooL/JuEBBdnDrcqZqeaTw0vOdKPvkUP8/rzRjvIwSkynMSD8fixpdGRNeIB riot@lagrange"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
config.krebs.users.lass.pubkey
];
};
@@ -21,12 +21,14 @@ with import <stockholm/lib>;
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 22"; target = "DNAT --to-destination 192.168.122.208:22"; }
+ { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 25"; target = "DNAT --to-destination 192.168.122.208:25"; }
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 80"; target = "DNAT --to-destination 192.168.122.208:1080"; }
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
];
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
];
diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix
index 4a7d0bbcd..ec36fa96a 100644
--- a/lass/2configs/hw/tp-x220.nix
+++ b/lass/2configs/hw/tp-x220.nix
@@ -2,6 +2,9 @@
with import <stockholm/lib>;
{
+ imports = [
+ ../smartd.nix
+ ];
networking.wireless.enable = lib.mkDefault true;
hardware.enableAllFirmware = true;
@@ -36,6 +39,7 @@ with import <stockholm/lib>;
boot = {
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+ kernelParams = [ "acpi_backlight=none" ];
};
hardware.opengl.extraPackages = [
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 6885ef59d..27b7c2439 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -2,7 +2,7 @@
{
krebs.build.source.nixpkgs.git = {
- url = https://github.com/lassulus/nixpkgs;
- ref = "819c1ab486a9c81d6a6b76c759aedece2df39037";
+ url = https://github.com/nixos/nixpkgs;
+ ref = "39098270855c171f0824c09d071b606ae991ff87";
};
}
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 18574471e..6e96f8845 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -60,28 +60,20 @@ in {
musicDirectory = "/home/radio/the_playlist/music";
extraConfig = ''
audio_output {
- type "shout"
- encoding "ogg"
- name "the_playlist"
- host "localhost"
- port "8000"
- mount "/radio.ogg"
+ type "shout"
+ encoding "ogg"
+ name "the_playlist"
+ host "localhost"
+ port "8000"
+ mount "/radio.ogg"
+ password "${source-password}"
+ bitrate "128"
- # This is the source password in icecast.xml
- password "${source-password}"
-
- # Set either quality or bit rate
- # quality "5.0"
- bitrate "128"
-
- format "44100:16:1"
-
- # Optional Parameters
- user "source"
- # description "here is my long description"
- genre "good music"
- } # end of audio_output
+ format "44100:16:2"
+ user "source"
+ genre "good music"
+ }
'';
};
@@ -138,8 +130,7 @@ in {
};
};
- krebs.Reaktor = {
- enable = true;
+ krebs.Reaktor.playlist = {
nickname = "the_playlist|r";
channels = [ "#the_playlist" ];
extraEnviron = {
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index eba40532d..7a7bf95be 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -16,9 +16,9 @@
enable = true;
connectTo = [
"prism"
- "pigstarter"
"gum"
- "flap"
+ "ni"
+ "dishfire"
];
};
diff --git a/lass/2configs/screenlock.nix b/lass/2configs/screenlock.nix
new file mode 100644
index 000000000..237127f69
--- /dev/null
+++ b/lass/2configs/screenlock.nix
@@ -0,0 +1,17 @@
+{ pkgs, config, ... }:
+
+{
+ systemd.services.screenlock = {
+ before = [ "sleep.target" ];
+ wantedBy = [ "sleep.target" ];
+ environment = {
+ DISPLAY = ":${toString config.services.xserver.display}";
+ };
+ serviceConfig = {
+ SyslogIdentifier = "screenlock";
+ ExecStart = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f";
+ Type = "forking";
+ User = "lass";
+ };
+ };
+}
diff --git a/lass/2configs/smartd.nix b/lass/2configs/smartd.nix
new file mode 100644
index 000000000..859812bed
--- /dev/null
+++ b/lass/2configs/smartd.nix
@@ -0,0 +1,17 @@
+{ config, pkgs, ... }:
+
+{
+ services.smartd = {
+ enable = true;
+ devices = [
+ {
+ device = "DEVICESCAN";
+ options = toString [
+ "-a"
+ "-m ${config.krebs.users.lass.mail}"
+ "-s (O/../.././09|S/../.././04|L/../../6/05)"
+ ];
+ }
+ ];
+ };
+}
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index bfaae24c8..c3eac8f38 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -5,6 +5,7 @@ let
out = {
environment.systemPackages = [
vim
+ pkgs.pythonPackages.flake8
];
environment.etc.vimrc.source = vimrc;
@@ -13,6 +14,91 @@ let
environment.variables.VIMINIT = ":so /etc/vimrc";
};
+ vimrc = pkgs.writeText "vimrc" ''
+ set nocompatible
+
+ set autoindent
+ set backspace=indent,eol,start
+ set backup
+ set backupdir=${dirs.backupdir}/
+ set directory=${dirs.swapdir}//
+ set hlsearch
+ set incsearch
+ set mouse=a
+ set noruler
+ set pastetoggle=<INS>
+ set runtimepath=${extra-runtimepath},$VIMRUNTIME
+ set shortmess+=I
+ set showcmd
+ set showmatch
+ set ttimeoutlen=0
+ set undodir=${dirs.undodir}
+ set undofile
+ set undolevels=1000000
+ set undoreload=1000000
+ set viminfo='20,<1000,s100,h,n${files.viminfo}
+ set visualbell
+ set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
+ set wildmenu
+ set wildmode=longest,full
+
+ set title
+ set titleold=
+ set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
+
+ set et ts=2 sts=2 sw=2
+
+ filetype plugin indent on
+
+ set t_Co=256
+ colorscheme hack
+ syntax on
+
+ au Syntax * syn match Garbage containedin=ALL /\s\+$/
+ \ | syn match TabStop containedin=ALL /\t\+/
+ \ | syn keyword Todo containedin=ALL TODO
+
+ au BufRead,BufNewFile *.hs so ${hs.vim}
+
+ au BufRead,BufNewFile *.nix so ${nix.vim}
+
+ au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
+
+ "Syntastic config
+ let g:syntastic_python_checkers=['flake8']
+
+ nmap <esc>q :buffer
+ nmap <M-q> :buffer
+
+ cnoremap <C-A> <Home>
+
+ noremap <C-c> :q<cr>
+ vnoremap < <gv
+ vnoremap > >gv
+
+ nnoremap <esc>[5^ :tabp<cr>
+ nnoremap <esc>[6^ :tabn<cr>
+ nnoremap <esc>[5@ :tabm -1<cr>
+ nnoremap <esc>[6@ :tabm +1<cr>
+
+ nnoremap <f1> :tabp<cr>
+ nnoremap <f2> :tabn<cr>
+ inoremap <f1> <esc>:tabp<cr>
+ inoremap <f2> <esc>:tabn<cr>
+
+ " <C-{Up,Down,Right,Left>
+ noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
+ noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
+ noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
+ noremap <esc>Od <nop> | noremap! <esc>Od <nop>
+ " <[C]S-{Up,Down,Right,Left>
+ noremap <esc>[a <nop> | noremap! <esc>[a <nop>
+ noremap <esc>[b <nop> | noremap! <esc>[b <nop>
+ noremap <esc>[c <nop> | noremap! <esc>[c <nop>
+ noremap <esc>[d <nop> | noremap! <esc>[d <nop>
+ vnoremap u <nop>
+ '';
+
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
pkgs.vimPlugins.Gundo
pkgs.vimPlugins.Syntastic
@@ -126,87 +212,6 @@ let
exec ${pkgs.vim}/bin/vim "$@"
'';
- vimrc = pkgs.writeText "vimrc" ''
- set nocompatible
-
- set autoindent
- set backspace=indent,eol,start
- set backup
- set backupdir=${dirs.backupdir}/
- set directory=${dirs.swapdir}//
- set hlsearch
- set incsearch
- set mouse=a
- set noruler
- set pastetoggle=<INS>
- set runtimepath=${extra-runtimepath},$VIMRUNTIME
- set shortmess+=I
- set showcmd
- set showmatch
- set ttimeoutlen=0
- set undodir=${dirs.undodir}
- set undofile
- set undolevels=1000000
- set undoreload=1000000
- set viminfo='20,<1000,s100,h,n${files.viminfo}
- set visualbell
- set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
- set wildmenu
- set wildmode=longest,full
-
- set et ts=2 sts=2 sw=2
-
- filetype plugin indent on
-
- set t_Co=256
- colorscheme hack
- syntax on
-
- au Syntax * syn match Garbage containedin=ALL /\s\+$/
- \ | syn match TabStop containedin=ALL /\t\+/
- \ | syn keyword Todo containedin=ALL TODO
-
- au BufRead,BufNewFile *.hs so ${hs.vim}
-
- au BufRead,BufNewFile *.nix so ${nix.vim}
-
- au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
-
- "Syntastic config
- let g:syntastic_python_checkers=['flake8']
-
- nmap <esc>q :buffer
- nmap <M-q> :buffer
-
- cnoremap <C-A> <Home>
-
- noremap <C-c> :q<cr>
- vnoremap < <gv
- vnoremap > >gv
-
- nnoremap <esc>[5^ :tabp<cr>
- nnoremap <esc>[6^ :tabn<cr>
- nnoremap <esc>[5@ :tabm -1<cr>
- nnoremap <esc>[6@ :tabm +1<cr>
-
- nnoremap <f1> :tabp<cr>
- nnoremap <f2> :tabn<cr>
- inoremap <f1> <esc>:tabp<cr>
- inoremap <f2> <esc>:tabn<cr>
-
- " <C-{Up,Down,Right,Left>
- noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
- noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
- noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
- noremap <esc>Od <nop> | noremap! <esc>Od <nop>
- " <[C]S-{Up,Down,Right,Left>
- noremap <esc>[a <nop> | noremap! <esc>[a <nop>
- noremap <esc>[b <nop> | noremap! <esc>[b <nop>
- noremap <esc>[c <nop> | noremap! <esc>[c <nop>
- noremap <esc>[d <nop> | noremap! <esc>[d <nop>
- vnoremap u <nop>
- '';
-
hs.vim = pkgs.writeText "hs.vim" ''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 2bbfe7333..e79973a66 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -7,7 +7,6 @@ let
genid_signed
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
- ssl
servePage
serveOwncloud
serveWordpress;
@@ -25,47 +24,16 @@ let
in {
imports = [
./sqlBackup.nix
- (ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
- (ssl [ "karlaskop.de" "www.karlaskop.de" ])
(servePage [ "karlaskop.de" "www.karlaskop.de" ])
- (ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
(servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
- (ssl [ "pixelpocket.de" ])
(servePage [ "pixelpocket.de" ])
- (ssl [ "o.ubikmedia.de" ])
(serveOwncloud [ "o.ubikmedia.de" ])
- (ssl [
- "ubikmedia.de"
- "aldona.ubikmedia.de"
- "apanowicz.de"
- "nirwanabluete.de"
- "aldonasiech.com"
- "360gradvideo.tv"
- "ubikmedia.eu"
- "facts.cloud"
- "youthtube.xyz"
- "illucloud.eu"
- "illucloud.de"
- "illucloud.com"
- "www.ubikmedia.de"
- "www.aldona.ubikmedia.de"
- "www.apanowicz.de"
- "www.nirwanabluete.de"
- "www.aldonasiech.com"
- "www.360gradvideo.tv"
- "www.ubikmedia.eu"
- "www.facts.cloud"
- "www.youthtube.xyz"
- "www.illucloud.eu"
- "www.illucloud.de"
- "www.illucloud.com"
- ])
(serveWordpress [
"ubikmedia.de"
"apanowicz.de"
@@ -88,6 +56,16 @@ in {
"www.illucloud.eu"
"www.illucloud.de"
"www.illucloud.com"
+ "www.ubikmedia.de"
+ "aldona2.ubikmedia.de"
+ "apanowicz.ubikmedia.de"
+ "cinevita.ubikmedia.de"
+ "factscloud.ubikmedia.de"
+ "illucloud.ubikmedia.de"
+ "joemisch.ubikmedia.de"
+ "karlaskop.ubikmedia.de"
+ "nb.ubikmedia.de"
+ "youthtube.ubikmedia.de"
])
];
@@ -134,17 +112,26 @@ in {
'';
internet-aliases = [
{ from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
+ { from = "dma@ubikmedia.de"; to = "domsen"; }
+ { from = "dma@ubikmedia.eu"; to = "domsen"; }
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
+ { from = "jms@ubikmedia.eu"; to = "jms"; }
+ { from = "ms@ubikmedia.eu"; to = "ms"; }
+ { from = "nrg@ubikmedia.eu"; to = "nrg"; }
+ { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms, nrg"; }
+
+ { from = "testuser@lassul.us"; to = "testuser"; }
];
sender_domains = [
"jla-trading.com"
+ "ubikmedia.eu"
];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem";
};
users.users.domsen = {
- uid = genid "domsen";
+ uid = genid_signed "domsen";
description = "maintenance acc for domsen";
home = "/home/domsen";
useDefaultShell = true;
@@ -153,10 +140,38 @@ in {
};
users.users.jla-trading = {
- uid = genid "jla-trading";
+ uid = genid_signed "jla-trading";
home = "/home/jla-trading";
useDefaultShell = true;
createHome = true;
};
+
+ users.users.jms = {
+ uid = genid_signed "jms";
+ home = "/home/jms";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
+ users.users.ms = {
+ uid = genid_signed "ms";
+ home = "/home/ms";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
+ users.users.nrg = {
+ uid = genid_signed "nrg";
+ home = "/home/nrg";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
+ users.users.testuser = {
+ uid = genid_signed "testuser";
+ home = "/home/testuser";
+ useDefaultShell = true;
+ createHome = true;
+ };
}
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 00e987116..9bf7e4a9c 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -7,7 +7,6 @@ let
head
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
- ssl
servePage
serveWordpress
;
@@ -29,28 +28,20 @@ in {
imports = [
./sqlBackup.nix
- (ssl [ "radical-dreamers.de" "www.radical-dreamers.de" ])
(serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])
- (ssl [ "gs-maubach.de" "www.gs-maubach.de" ])
(serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ])
- (ssl [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
(serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
- (ssl [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
(servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
- (ssl [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
(serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
- (ssl [ "eastuttgart.de" "www.eastuttgart.de" ])
(serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
- (ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
(servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
- (ssl [ "goldbarrendiebstahl.radical-dreamers.de" ])
(serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
];
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index cfdda05db..024d2eeb2 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -83,6 +83,7 @@ in {
locations."/tinc".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external;
'';
+ # TODO make this work!
locations."= /ddate".extraConfig = let
script = pkgs.writeBash "test" ''
echo "hello world"
@@ -100,6 +101,14 @@ in {
fastcgi_param SCRIPT_NAME ${script};
'';
+ locations."/init".extraConfig = let
+ initscript = pkgs.init.override {
+ pubkey = config.krebs.users.lass.pubkey;
+ };
+ in ''
+ alias ${initscript};
+ '';
+
enableSSL = true;
extraConfig = "listen 80;";
sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem";
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index 53c8f9444..cba4db766 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -2,6 +2,24 @@
with import <stockholm/lib>;
let
user = config.krebs.build.user;
+
+ copyqConfig = pkgs.writeDash "copyq-config" ''
+ ${pkgs.copyq}/bin/copyq config check_clipboard true
+ ${pkgs.copyq}/bin/copyq config check_selection true
+ ${pkgs.copyq}/bin/copyq config copy_clipboard true
+ ${pkgs.copyq}/bin/copyq config copy_selection true
+
+ ${pkgs.copyq}/bin/copyq config activate_closes true
+ ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
+ ${pkgs.copyq}/bin/copyq config clipboard_tab &clipboard
+ ${pkgs.copyq}/bin/copyq config disable_tray true
+ ${pkgs.copyq}/bin/copyq config hide_tabs true
+ ${pkgs.copyq}/bin/copyq config hide_toolbar true
+ ${pkgs.copyq}/bin/copyq config item_popup_interval true
+ ${pkgs.copyq}/bin/copyq config maxitems 1000
+ ${pkgs.copyq}/bin/copyq config move true
+ ${pkgs.copyq}/bin/copyq config text_wrap true
+ '';
in {
environment.systemPackages = [
@@ -109,4 +127,21 @@ in {
User = user.name;
};
};
+
+ systemd.services.copyq = {
+ wantedBy = [ "multi-user.target" ];
+ requires = [ "xserver.service" ];
+ environment = {
+ DISPLAY = ":${toString config.services.xserver.display}";
+ };
+ serviceConfig = {
+ SyslogIdentifier = "copyq";
+ ExecStart = "${pkgs.copyq}/bin/copyq";
+ ExecStartPost = copyqConfig;
+ Restart = "always";
+ RestartSec = "2s";
+ StartLimitBurst = 0;
+ User = user.name;
+ };
+ };
}
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index 442a1d4d9..4d33aa79d 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -118,5 +118,5 @@
fi
'';
};
- users.users.${config.krebs.build.user.name}.shell = "/run/current-system/sw/bin/zsh";
+ users.users.mainUser.shell = "/run/current-system/sw/bin/zsh";
}
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index b169fea40..2bf2df8b3 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -9,5 +9,7 @@ _:
./urxvtd.nix
./usershadow.nix
./xresources.nix
+ ./kapacitor.nix
+ ./telegraf.nix
];
}
diff --git a/lass/3modules/kapacitor.nix b/lass/3modules/kapacitor.nix
new file mode 100644
index 000000000..8524c8198
--- /dev/null
+++ b/lass/3modules/kapacitor.nix
@@ -0,0 +1,221 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+
+let
+ cfg = config.lass.kapacitor;
+
+ out = {
+ options.lass.kapacitor = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "kapacitor";
+ dataDir = mkOption {
+ type = types.str;
+ default = "/var/lib/kapacitor";
+ };
+ user = mkOption {
+ type = types.str;
+ default = "kapacitor";
+ };
+ config = mkOption {
+ type = types.str;
+ #TODO: find a good default
+ default = ''
+ hostname = "localhost"
+ data_dir = "${cfg.dataDir}"
+
+ [http]
+ bind-address = ":9092"
+ auth-enabled = false
+ log-enabled = true
+ write-tracing = false
+ pprof-enabled = false
+ https-enabled = false
+ https-certificate = "/etc/ssl/kapacitor.pem"
+ shutdown-timeout = "10s"
+ shared-secret = ""
+
+ [replay]
+ dir = "${cfg.dataDir}/replay"
+
+ [storage]
+ boltdb = "${cfg.dataDir}/kapacitor.db"
+
+ [task]
+ dir = "${cfg.dataDir}/tasks"
+ snapshot-interval = "1m0s"
+
+ [[influxdb]]
+ enabled = true
+ name = "default"
+ default = false
+ urls = ["http://localhost:8086"]
+ username = ""
+ password = ""
+ ssl-ca = ""
+ ssl-cert = ""
+ ssl-key = ""
+ insecure-skip-verify = false
+ timeout = "0s"
+ disable-subscriptions = false
+ subscription-protocol = "http"
+ udp-bind = ""
+ udp-buffer = 1000
+ udp-read-buffer = 0
+ startup-timeout = "5m0s"
+ subscriptions-sync-interval = "1m0s"
+ [influxdb.subscriptions]
+ [influxdb.excluded-subscriptions]
+ _kapacitor = ["autogen"]
+
+ [logging]
+ file = "STDERR"
+ level = "INFO"
+
+ [collectd]
+ enabled = false
+ bind-address = ":25826"
+ database = "collectd"
+ retention-policy = ""
+ batch-size = 5000
+ batch-pending = 10
+ batch-timeout = "10s"
+ read-buffer = 0
+ typesdb = "/usr/share/collectd/types.db"
+
+ [opentsdb]
+ enabled = false
+ bind-address = ":4242"
+ database = "opentsdb"
+ retention-policy = ""
+ consistency-level = "one"
+ tls-enabled = false
+ certificate = "/etc/ssl/influxdb.pem"
+ batch-size = 1000
+ batch-pending = 5
+ batch-timeout = "1s"
+ log-point-errors = true
+
+ [smtp]
+ enabled = false
+ host = "localhost"
+ port = 25
+ username = ""
+ password = ""
+ no-verify = false
+ global = false
+ state-changes-only = false
+ from = ""
+ idle-timeout = "30s"
+
+ [opsgenie]
+ enabled = false
+ api-key = ""
+ url = "https://api.opsgenie.com/v1/json/alert"
+ recovery_url = "https://api.opsgenie.com/v1/json/alert/note"
+ global = false
+
+ [victorops]
+ enabled = false
+ api-key = ""
+ routing-key = ""
+ url = "https://alert.victorops.com/integrations/generic/20131114/alert"
+ global = false
+
+ [pagerduty]
+ enabled = false
+ url = "https://events.pagerduty.com/generic/2010-04-15/create_event.json"
+ service-key = ""
+ global = false
+
+ [sensu]
+ enabled = false
+ addr = ""
+ source = "Kapacitor"
+
+ [slack]
+ enabled = false
+ url = ""
+ channel = ""
+ global = false
+ state-changes-only = false
+
+ [telegram]
+ enabled = false
+ url = "https://api.telegram.org/bot"
+ token = ""
+ chat-id = ""
+ parse-mode = ""
+ disable-web-page-preview = false
+ disable-notification = false
+ global = false
+ state-changes-only = false
+
+ [hipchat]
+ enabled = false
+ url = ""
+ token = ""
+ room = ""
+ global = false
+ state-changes-only = false
+
+ [alerta]
+ enabled = false
+ url = ""
+ token = ""
+ environment = ""
+ origin = ""
+
+ [reporting]
+ enabled = true
+ url = "https://usage.influxdata.com"
+
+ [stats]
+ enabled = true
+ stats-interval = "10s"
+ database = "_kapacitor"
+ retention-policy = "autogen"
+ timing-sample-rate = 0.1
+ timing-movavg-size = 1000
+
+ [udf]
+
+ [deadman]
+ interval = "10s"
+ threshold = 0.0
+ id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'"
+ message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL."
+ global = false
+
+ [talk]
+ enabled = false
+ url = ""
+ author_name = ""
+ '';
+ description = "configuration kapacitor is started with";
+ };
+ };
+
+ configFile = pkgs.writeText "kapacitor.conf" cfg.config;
+
+ imp = {
+
+ systemd.services.kapacitor = {
+ description = "kapacitor";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ Restart = "always";
+ ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}";
+ };
+ };
+ };
+
+in out
diff --git a/lass/3modules/telegraf.nix b/lass/3modules/telegraf.nix
new file mode 100644
index 000000000..64b323460
--- /dev/null
+++ b/lass/3modules/telegraf.nix
@@ -0,0 +1,67 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+
+let
+ cfg = config.lass.telegraf;
+
+ out = {
+ options.lass.telegraf = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "telegraf";
+ dataDir = mkOption {
+ type = types.str;
+ default = "/var/lib/telegraf";
+ };
+ user = mkOption {
+ type = types.str;
+ default = "telegraf";
+ };
+ config = mkOption {
+ type = types.str;
+ #TODO: find a good default
+ default = ''
+ [agent]
+ interval = "1s"
+
+ [outputs]
+
+ # Configuration to send data to InfluxDB.
+ [outputs.influxdb]
+ urls = ["http://localhost:8086"]
+ database = "kapacitor_example"
+ user_agent = "telegraf"
+
+ # Collect metrics about cpu usage
+ [cpu]
+ percpu = false
+ totalcpu = true
+ drop = ["cpu_time"]
+ '';
+ description = "configuration telegraf is started with";
+ };
+ };
+
+ configFile = pkgs.writeText "telegraf.conf" cfg.config;
+
+ imp = {
+
+ systemd.services.telegraf = {
+ description = "telegraf";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ Restart = "always";
+ ExecStart = "${pkgs.telegraf}/bin/telegraf -config ${configFile}";
+ };
+ };
+ };
+
+in out
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
index c0be053ab..fc9e63e31 100644
--- a/lass/3modules/usershadow.nix
+++ b/lass/3modules/usershadow.nix
@@ -22,10 +22,13 @@
environment.systemPackages = [ usershadow ];
lass.usershadow.path = "${usershadow}";
security.pam.services.sshd.text = ''
- auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
- auth required pam_permit.so
account required pam_permit.so
+ auth required pam_env.so envfile=${config.system.build.pamEnvironment}
+ auth sufficient pam_exec.so quiet expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
+ auth sufficient pam_unix.so likeauth try_first_pass
+ session required pam_env.so envfile=${config.system.build.pamEnvironment}
session required pam_permit.so
+ session required pam_loginuid.so
'';
security.pam.services.dovecot2.text = ''
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 0beda7481..e47e3126a 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, ... }@args:
{
nixpkgs.config.packageOverrides = rec {
@@ -11,6 +11,7 @@
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
};
+ init = pkgs.callPackage ./init/default.nix args;
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
pop = pkgs.callPackage ./pop/default.nix {};
diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix
new file mode 100644
index 000000000..b484d2c38
--- /dev/null
+++ b/lass/5pkgs/init/default.nix
@@ -0,0 +1,143 @@
+{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "pool", luksmap ? "luksmap", keyfile ? "/root/keyfile", ... }:
+
+with lib;
+
+pkgs.writeText "init" ''
+ #! /bin/sh
+ # usage: curl xu/~tv/init | sh
+ set -efu
+ # TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version)
+ # install at tmp location
+
+
+ case $(cat /proc/cmdline) in
+ *' root=LABEL=NIXOS_ISO '*) :;;
+ *) echo Error: unknown operating system >&2; exit 1;;
+ esac
+
+ keyfile=${keyfile}
+
+ disk=${disk}
+
+ luksdev=${disk}2
+ luksmap=/dev/mapper/${luksmap}
+
+ vgname=${vgname}
+
+ rootdev=/dev/mapper/${vgname}-root
+ homedev=/dev/mapper/${vgname}-home
+ bkudev=/dev/mapper/${vgname}-bku
+
+ #
+ #generate keyfile
+ #
+
+ if ! test -e "$keyfile"; then
+ dd if=/dev/urandom bs=512 count=2048 of=$keyfile
+ fi
+
+ #
+ # partitioning
+ #
+
+ # http://en.wikipedia.org/wiki/GUID_Partition_Table
+ # undo:
+ # dd if=/dev/zero bs=512 count=34 of=/dev/sda
+ # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
+ if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
+ parted -a optimal "$disk" \
+ mklabel gpt \
+ mkpart no-fs 0 1024KiB \
+ set 1 bios_grub on \
+ mkpart primary 1025KiB 100%
+ fi
+
+ if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then
+ echo zonk2
+ exit 23
+ fi
+
+ if ! cryptsetup isLuks "$luksdev"; then
+ # aes xts-plain64
+ cryptsetup luksFormat "$luksdev" "$keyfile" \
+ -h sha512 \
+ --iter-time 5000
+ fi
+
+ if ! test -e "$luksmap"; then
+ cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" \
+ --key-file "$keyfile"
+ fi
+ # cryptsetup close
+
+ if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
+ pvcreate "$luksmap"
+ fi
+
+ if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi
+
+ lvchange -a y /dev/mapper/"$vgname"
+
+ if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi
+ if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi
+ if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi
+
+ # lvchange -a n "$vgname"
+
+
+ #
+ # formatting
+ #
+
+ if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
+ mkfs.btrfs "$rootdev"
+ fi
+
+ if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then
+ mkfs.btrfs "$homedev"
+ fi
+
+ if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then
+ mkfs.btrfs "$bkudev"
+ fi
+
+
+ if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
+ mount "$rootdev" /mnt
+ fi
+ if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then
+ mkdir -m 0000 -p /mnt/home
+ mount "$homedev" /mnt/home
+ fi
+ if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then
+ mkdir -m 0000 -p /mnt/bku
+ mount "$bkudev" /mnt/bku
+ fi
+
+ # umount -R /mnt
+
+ #
+ # dependencies for stockholm
+ #
+
+ nix-env -iA nixos.git
+
+ mkdir -p /mnt/var/src
+ touch /mnt/var/src/.populate
+
+ #
+ # print all the infos
+ #
+
+ parted "$disk" print
+ lsblk "$disk"
+
+ key='${pubkey}'
+ if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then
+ mkdir -p /root/.ssh
+ echo "$key" > /root/.ssh/authorized_keys
+ fi
+ systemctl start sshd
+ ip route
+ echo READY.
+''
diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index ec3ad82af..cf8eaf058 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -114,10 +114,10 @@ myKeyMap =
[ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f")
, ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
- , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 +4%")
- , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 -4%")
- , ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute 0 toggle")
- , ("<XF86AudioMicMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-source-mute 1 toggle")
+ , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
+ , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%")
+ , ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%")
+ , ("<XF86MonBrightnessUp>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -inc 1")
, ("<XF86Launch1>", gridselectWorkspace gridConfig W.view)
, ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill")
@@ -144,6 +144,8 @@ myKeyMap =
, ("M4-C-q", windowPromptBringCopy infixAutoXPConfig)
, ("M4-S-q", return ())
+
+ , ("M4-w", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
]
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
diff --git a/lib/default.nix b/lib/default.nix
index 2b12fa4bf..7e61c9413 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -39,6 +39,8 @@ let
string = toJSON x; # close enough
}.${type} or reject;
+ indent = replaceChars ["\n"] ["\n "];
+
};
in
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 0c3676c8b..971676b79 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -32,8 +32,7 @@
};
};
- krebs.Reaktor = {
- enable = true;
+ krebs.Reaktor.debug = {
debug = true;
extraEnviron = {
REAKTOR_HOST = "ni.r";
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index 03114c0e6..9fd329d10 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -32,10 +32,9 @@ in {
krebs.build.host = config.krebs.hosts.wry;
- krebs.Reaktor = {
+ krebs.Reaktor.reaktor = {
nickname = "Reaktor|bot";
channels = [ "#krebs" "#shackspace" "#binaergewitter" ];
- enable = true;
plugins = with pkgs.ReaktorPlugins;[
titlebot
# stockholm-issue
diff --git a/nin/1systems/hiawatha.nix b/nin/1systems/hiawatha.nix
new file mode 100644
index 000000000..6fa8a3388
--- /dev/null
+++ b/nin/1systems/hiawatha.nix
@@ -0,0 +1,122 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+ imports = [
+ ../.
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ../2configs/retiolum.nix
+ ];
+
+ krebs.build.host = config.krebs.hosts.hiawatha;
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e";
+ fsType = "ext4";
+ };
+
+ fileSystems."/tmp" =
+ { device = "tmpfs";
+ fsType = "tmpfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010";
+ fsType = "ext2";
+ };
+
+ boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+
+ swapDevices = [ ];
+
+ nix.maxJobs = lib.mkDefault 4;
+ # Use the GRUB 2 boot loader.
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ # Define on which hard drive you want to install Grub.
+ boot.loader.grub.device = "/dev/sda";
+
+ # Enable the OpenSSH daemon.
+ services.openssh.enable = true;
+
+ # Enable CUPS to print documents.
+ # services.printing.enable = true;
+
+ fileSystems."/home/nin/.local/share/Steam" = {
+ device = "/dev/fam/steam";
+ };
+
+ # nin config
+ time.timeZone = "Europe/Berlin";
+ services.xserver.enable = true;
+
+ networking.networkmanager.enable = true;
+ #networking.wireless.enable = true;
+
+ hardware.pulseaudio = {
+ enable = true;
+ systemWide = true;
+ };
+
+ hardware.bluetooth.enable = true;
+
+ hardware.opengl.driSupport32Bit = true;
+
+ #nixpkgs.config.steam.java = true;
+
+ environment.systemPackages = with pkgs; [
+ firefox
+ steam
+ thunderbird
+ vim
+ git
+ hexchat
+ networkmanagerapplet
+ python
+ virtmanager
+ libvirt
+ ];
+
+ nixpkgs.config = {
+
+ allowUnfree = true;
+
+ firefox = {
+ enableGoogleTalkPlugin = true;
+ enableAdobeFlash = true;
+ };
+ };
+
+ #services.logind.extraConfig = "HandleLidSwitch=ignore";
+
+ services.xserver.synaptics = {
+ enable = true;
+ };
+
+
+ services.xserver.desktopManager.xfce = let
+ xbindConfig = pkgs.writeText "xbindkeysrc" ''
+ "${pkgs.pass}/bin/passmenu --type"
+ Control + p
+ '';
+ in {
+ enable = true;
+ extraSessionCommands = ''
+ ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
+ '';
+ };
+
+ # The NixOS release to be compatible with for stateful data such as databases.
+ system.stateVersion = "17.03";
+
+}
diff --git a/nin/1systems/onondaga.nix b/nin/1systems/onondaga.nix
new file mode 100644
index 000000000..59f26c46b
--- /dev/null
+++ b/nin/1systems/onondaga.nix
@@ -0,0 +1,83 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ ../.
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ ../2configs/retiolum.nix
+ ../2configs/weechat.nix
+ ];
+
+ krebs.build.host = config.krebs.hosts.onondaga;
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ # boot.loader.grub.efiSupport = true;
+ # boot.loader.grub.efiInstallAsRemovable = true;
+ # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+ # Define on which hard drive you want to install Grub.
+ boot.loader.grub.device = "/dev/sda";
+
+ # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+
+ # Select internationalisation properties.
+ # i18n = {
+ # consoleFont = "Lat2-Terminus16";
+ # consoleKeyMap = "us";
+ # defaultLocale = "en_US.UTF-8";
+ # };
+
+ # Set your time zone.
+ time.timeZone = "Europe/Amsterdam";
+
+ # List packages installed in system profile. To search by name, run:
+ # $ nix-env -qaP | grep wget
+ # environment.systemPackages = with pkgs; [
+ # wget
+ # ];
+
+ # List services that you want to enable:
+
+ # Enable the OpenSSH daemon.
+ services.openssh.enable = true;
+
+ # Enable CUPS to print documents.
+ # services.printing.enable = true;
+
+ # Enable the X11 windowing system.
+ # services.xserver.enable = true;
+ # services.xserver.layout = "us";
+ # services.xserver.xkbOptions = "eurosign:e";
+
+ # Enable the KDE Desktop Environment.
+ # services.xserver.displayManager.kdm.enable = true;
+ # services.xserver.desktopManager.kde4.enable = true;
+
+ # Define a user account. Don't forget to set a password with ‘passwd’.
+ # users.extraUsers.guest = {
+ # isNormalUser = true;
+ # uid = 1000;
+ # };
+
+ # The NixOS release to be compatible with for stateful data such as databases.
+ system.stateVersion = "16.09";
+
+ boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/7238cc6e-4bea-4e52-9408-32d8aa05abff";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/5e923175-854b-4bcf-97c8-f3a91806fa22";
+ fsType = "ext2";
+ };
+
+ nix.maxJobs = lib.mkDefault 1;
+
+}
diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix
new file mode 100644
index 000000000..e181a6041
--- /dev/null
+++ b/nin/2configs/default.nix
@@ -0,0 +1,169 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+ imports = [
+ ../2configs/nixpkgs.nix
+ ../2configs/vim.nix
+ {
+ users.extraUsers =
+ mapAttrs (_: h: { hashedPassword = h; })
+ (import <secrets/hashedPasswords.nix>);
+ }
+ {
+ users.users = {
+ root = {
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.nin.pubkey
+ ];
+ };
+ nin = {
+ name = "nin";
+ uid = 1337;
+ home = "/home/nin";
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ extraGroups = [
+ "audio"
+ "fuse"
+ ];
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.nin.pubkey
+ ];
+ };
+ };
+ }
+ {
+ environment.variables = {
+ NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
+ };
+ }
+ (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
+ environment.variables = {
+ CURL_CA_BUNDLE = ca-bundle;
+ GIT_SSL_CAINFO = ca-bundle;
+ SSL_CERT_FILE = ca-bundle;
+ };
+ })
+ ];
+
+ networking.hostName = config.krebs.build.host.name;
+ nix.maxJobs = config.krebs.build.host.cores;
+
+ krebs = {
+ enable = true;
+ search-domain = "retiolum";
+ build = {
+ user = config.krebs.users.nin;
+ source = let inherit (config.krebs.build) host; in {
+ nixos-config.symlink = "stockholm/nin/1systems/${host.name}.nix";
+ secrets.file = "/home/nin/secrets/${host.name}";
+ stockholm.file = getEnv "PWD";
+ };
+ };
+ };
+
+ nix.useSandbox = true;
+
+ users.mutableUsers = false;
+
+ services.timesyncd.enable = true;
+
+ #why is this on in the first place?
+ services.nscd.enable = false;
+
+ boot.tmpOnTmpfs = true;
+ # see tmpfiles.d(5)
+ systemd.tmpfiles.rules = [
+ "d /tmp 1777 root root - -"
+ ];
+
+ # multiple-definition-problem when defining environment.variables.EDITOR
+ environment.extraInit = ''
+ EDITOR=vim
+ MANPAGER=most
+ '';
+
+ nixpkgs.config.allowUnfree = true;
+
+ environment.systemPackages = with pkgs; [
+ #stockholm
+ git
+ gnumake
+ jq
+ proot
+ populate
+ p7zip
+ unzip
+ unrar
+ hashPassword
+ ];
+
+ programs.bash = {
+ enableCompletion = true;
+ interactiveShellInit = ''
+ HISTCONTROL='erasedups:ignorespace'
+ HISTSIZE=65536
+ HISTFILESIZE=$HISTSIZE
+
+ shopt -s checkhash
+ shopt -s histappend histreedit histverify
+ shopt -s no_empty_cmd_completion
+ complete -d cd
+ '';
+ promptInit = ''
+ if test $UID = 0; then
+ PS1='\[\033[1;31m\]$PWD\[\033[0m\] '
+ elif test $UID = 1337; then
+ PS1='\[\033[1;32m\]$PWD\[\033[0m\] '
+ else
+ PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] '
+ fi
+ if test -n "$SSH_CLIENT"; then
+ PS1='\[\033[35m\]\h'" $PS1"
+ fi
+ '';
+ };
+
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ # XXX bits here make no science
+ { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+
+ krebs.iptables = {
+ enable = true;
+ tables = {
+ nat.PREROUTING.rules = [
+ { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
+ { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
+ ];
+ nat.OUTPUT.rules = [
+ { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
+ ];
+ filter.INPUT.policy = "DROP";
+ filter.FORWARD.policy = "DROP";
+ filter.INPUT.rules = [
+ { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
+ { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+ { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
+ { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
+ { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
+ { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
+ { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
+ ];
+ };
+ };
+
+ networking.dhcpcd.extraConfig = ''
+ noipv4ll
+ '';
+}
diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix
new file mode 100644
index 000000000..9d73afbe0
--- /dev/null
+++ b/nin/2configs/nixpkgs.nix
@@ -0,0 +1,8 @@
+{ ... }:
+
+{
+ krebs.build.source.nixpkgs.git = {
+ url = https://github.com/nixos/nixpkgs;
+ ref = "6b28bd0daf00b8e5e370a04347844cb8614138ff";
+ };
+}
diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix
new file mode 100644
index 000000000..821e3cc00
--- /dev/null
+++ b/nin/2configs/retiolum.nix
@@ -0,0 +1,28 @@
+{ ... }:
+
+{
+
+ krebs.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
+ ];
+ };
+ };
+
+ krebs.tinc.retiolum = {
+ enable = true;
+ connectTo = [
+ "prism"
+ "pigstarter"
+ "gum"
+ "flap"
+ ];
+ };
+
+ nixpkgs.config.packageOverrides = pkgs: {
+ tinc = pkgs.tinc_pre;
+ };
+}
diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix
new file mode 100644
index 000000000..101a80cc0
--- /dev/null
+++ b/nin/2configs/vim.nix
@@ -0,0 +1,354 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ out = {
+ environment.systemPackages = [
+ vim
+ pkgs.pythonPackages.flake8
+ ];
+
+ environment.etc.vimrc.source = vimrc;
+
+ environment.variables.EDITOR = mkForce "vim";
+ environment.variables.VIMINIT = ":so /etc/vimrc";
+ };
+
+ vimrc = pkgs.writeText "vimrc" ''
+ set nocompatible
+
+ set autoindent
+ set backspace=indent,eol,start
+ set backup
+ set backupdir=${dirs.backupdir}/
+ set directory=${dirs.swapdir}//
+ set hlsearch
+ set incsearch
+ set laststatus=2
+ set mouse=a
+ set noruler
+ set pastetoggle=<INS>
+ set runtimepath=${extra-runtimepath},$VIMRUNTIME
+ set shortmess+=I
+ set showcmd
+ set showmatch
+ set ttimeoutlen=0
+ set undodir=${dirs.undodir}
+ set undofile
+ set undolevels=1000000
+ set undoreload=1000000
+ set viminfo='20,<1000,s100,h,n${files.viminfo}
+ set visualbell
+ set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
+ set wildmenu
+ set wildmode=longest,full
+
+ set et ts=2 sts=2 sw=2
+
+ filetype plugin indent on
+
+ set t_Co=256
+ colorscheme hack
+ syntax on
+
+ au Syntax * syn match Garbage containedin=ALL /\s\+$/
+ \ | syn match TabStop containedin=ALL /\t\+/
+ \ | syn keyword Todo containedin=ALL TODO
+
+ au BufRead,BufNewFile *.hs so ${hs.vim}
+
+ au BufRead,BufNewFile *.nix so ${nix.vim}
+
+ au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
+
+ "Syntastic config
+ let g:syntastic_python_checkers=['flake8']
+
+ nmap <esc>q :buffer
+ nmap <M-q> :buffer
+
+ cnoremap <C-A> <Home>
+
+ noremap <C-c> :q<cr>
+ vnoremap < <gv
+ vnoremap > >gv
+
+ nnoremap <esc>[5^ :tabp<cr>
+ nnoremap <esc>[6^ :tabn<cr>
+ nnoremap <esc>[5@ :tabm -1<cr>
+ nnoremap <esc>[6@ :tabm +1<cr>
+
+ nnoremap <f1> :tabp<cr>
+ nnoremap <f2> :tabn<cr>
+ inoremap <f1> <esc>:tabp<cr>
+ inoremap <f2> <esc>:tabn<cr>
+
+ " <C-{Up,Down,Right,Left>
+ noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
+ noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
+ noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
+ noremap <esc>Od <nop> | noremap! <esc>Od <nop>
+ " <[C]S-{Up,Down,Right,Left>
+ noremap <esc>[a <nop> | noremap! <esc>[a <nop>
+ noremap <esc>[b <nop> | noremap! <esc>[b <nop>
+ noremap <esc>[c <nop> | noremap! <esc>[c <nop>
+ noremap <esc>[d <nop> | noremap! <esc>[d <nop>
+ vnoremap u <nop>
+ '';
+
+ extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
+ pkgs.vimPlugins.Syntastic
+ pkgs.vimPlugins.undotree
+ pkgs.vimPlugins.airline
+ (pkgs.vimUtils.buildVimPlugin {
+ name = "file-line-1.0";
+ src = pkgs.fetchgit {
+ url = git://github.com/bogado/file-line;
+ rev = "refs/tags/1.0";
+ sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
+ };
+ })
+ ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+ name = "hack";
+ in {
+ name = "vim-color-${name}-1.0.2";
+ destination = "/colors/${name}.vim";
+ text = /* vim */ ''
+ set background=dark
+ hi clear
+ if exists("syntax_on")
+ syntax clear
+ endif
+
+ let colors_name = ${toJSON name}
+
+ hi Normal ctermbg=235
+ hi Comment ctermfg=242
+ hi Constant ctermfg=062
+ hi Identifier ctermfg=068
+ hi Function ctermfg=041
+ hi Statement ctermfg=167
+ hi PreProc ctermfg=167
+ hi Type ctermfg=041
+ hi Delimiter ctermfg=251
+ hi Special ctermfg=062
+
+ hi Garbage ctermbg=088
+ hi TabStop ctermbg=016
+ hi Todo ctermfg=174 ctermbg=NONE
+
+ hi NixCode ctermfg=148
+ hi NixData ctermfg=149
+ hi NixQuote ctermfg=150
+
+ hi diffNewFile ctermfg=207
+ hi diffFile ctermfg=207
+ hi diffLine ctermfg=207
+ hi diffSubname ctermfg=207
+ hi diffAdded ctermfg=010
+ hi diffRemoved ctermfg=009
+ '';
+ })))
+ ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+ name = "vim";
+ in {
+ name = "vim-syntax-${name}-1.0.0";
+ destination = "/syntax/${name}.vim";
+ text = /* vim */ ''
+ ${concatMapStringsSep "\n" (s: /* vim */ ''
+ syn keyword vimColor${s} ${s}
+ \ containedin=ALLBUT,vimComment,vimLineComment
+ hi vimColor${s} ctermfg=${s}
+ '') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
+ '';
+ })))
+ ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+ name = "showsyntax";
+ in {
+ name = "vim-plugin-${name}-1.0.0";
+ destination = "/plugin/${name}.vim";
+ text = /* vim */ ''
+ if exists('g:loaded_showsyntax')
+ finish
+ endif
+ let g:loaded_showsyntax = 0
+
+ fu! ShowSyntax()
+ let id = synID(line("."), col("."), 1)
+ let name = synIDattr(id, "name")
+ let transName = synIDattr(synIDtrans(id),"name")
+ if name != transName
+ let name .= " (" . transName . ")"
+ endif
+ echo "Syntax: " . name
+ endfu
+
+ command! -n=0 -bar ShowSyntax :call ShowSyntax()
+ '';
+ })))
+ ];
+
+ dirs = {
+ backupdir = "$HOME/.cache/vim/backup";
+ swapdir = "$HOME/.cache/vim/swap";
+ undodir = "$HOME/.cache/vim/undo";
+ };
+ files = {
+ viminfo = "$HOME/.cache/vim/info";
+ };
+
+ mkdirs = let
+ dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
+ in assert out != ""; out;
+ alldirs = attrValues dirs ++ map dirOf (attrValues files);
+ in unique (sort lessThan alldirs);
+
+ vim = pkgs.writeDashBin "vim" ''
+ set -efu
+ (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
+ exec ${pkgs.vim}/bin/vim "$@"
+ '';
+
+
+ hs.vim = pkgs.writeText "hs.vim" ''
+ syn region String start=+\[[[:alnum:]]*|+ end=+|]+
+
+ hi link ConId Identifier
+ hi link VarId Identifier
+ hi link hsDelimiter Delimiter
+ '';
+
+ nix.vim = pkgs.writeText "nix.vim" ''
+ setf nix
+
+ " Ref <nix/src/libexpr/lexer.l>
+ syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
+ syn match NixINT /\<[0-9]\+\>/
+ syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
+ syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
+ syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
+ syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
+ syn region NixSTRING
+ \ matchgroup=NixSTRING
+ \ start='"'
+ \ skip='\\"'
+ \ end='"'
+ syn region NixIND_STRING
+ \ matchgroup=NixIND_STRING
+ \ start="'''"
+ \ skip="'''\('\|[$]\|\\[nrt]\)"
+ \ end="'''"
+
+ syn match NixOther /[():/;=.,?\[\]]/
+
+ syn match NixCommentMatch /\(^\|\s\)#.*/
+ syn region NixCommentRegion start="/\*" end="\*/"
+
+ hi link NixCode Statement
+ hi link NixData Constant
+ hi link NixComment Comment
+
+ hi link NixCommentMatch NixComment
+ hi link NixCommentRegion NixComment
+ hi link NixID NixCode
+ hi link NixINT NixData
+ hi link NixPATH NixData
+ hi link NixHPATH NixData
+ hi link NixSPATH NixData
+ hi link NixURI NixData
+ hi link NixSTRING NixData
+ hi link NixIND_STRING NixData
+
+ hi link NixEnter NixCode
+ hi link NixOther NixCode
+ hi link NixQuote NixData
+
+ syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
+ syn cluster nix_ind_strings contains=NixIND_STRING
+ syn cluster nix_strings contains=NixSTRING
+
+ ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
+ startAlts = filter isString [
+ ''/\* ${lang} \*/''
+ extraStart
+ ];
+ sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
+ in /* vim */ ''
+ syn include @nix_${lang}_syntax syntax/${lang}.vim
+ unlet b:current_syntax
+
+ syn match nix_${lang}_sigil
+ \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
+ \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
+ \ transparent
+
+ syn region nix_${lang}_region_STRING
+ \ matchgroup=NixSTRING
+ \ start='"'
+ \ skip='\\"'
+ \ end='"'
+ \ contained
+ \ contains=@nix_${lang}_syntax
+ \ transparent
+
+ syn region nix_${lang}_region_IND_STRING
+ \ matchgroup=NixIND_STRING
+ \ start="'''"
+ \ skip="'''\('\|[$]\|\\[nrt]\)"
+ \ end="'''"
+ \ contained
+ \ contains=@nix_${lang}_syntax
+ \ transparent
+
+ syn cluster nix_ind_strings
+ \ add=nix_${lang}_region_IND_STRING
+
+ syn cluster nix_strings
+ \ add=nix_${lang}_region_STRING
+
+ syn cluster nix_has_dollar_curly
+ \ add=@nix_${lang}_syntax
+ '') {
+ c = {};
+ cabal = {};
+ haskell = {};
+ sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
+ vim.extraStart =
+ ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
+ })}
+
+ " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
+ syn clear shVarAssign
+
+ syn region nixINSIDE_DOLLAR_CURLY
+ \ matchgroup=NixEnter
+ \ start="[$]{"
+ \ end="}"
+ \ contains=TOP
+ \ containedin=@nix_has_dollar_curly
+ \ transparent
+
+ syn region nix_inside_curly
+ \ matchgroup=NixEnter
+ \ start="{"
+ \ end="}"
+ \ contains=TOP
+ \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
+ \ transparent
+
+ syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
+ \ containedin=@nix_ind_strings
+ \ contained
+
+ syn match NixQuote /\\./he=s+1
+ \ containedin=@nix_strings
+ \ contained
+
+ syn sync fromstart
+
+ let b:current_syntax = "nix"
+
+ set isk=@,48-57,_,192-255,-,'
+ '';
+in
+out
diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix
new file mode 100644
index 000000000..6c0fb313e
--- /dev/null
+++ b/nin/2configs/weechat.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (import <stockholm/lib>) genid;
+in {
+ krebs.per-user.chat.packages = with pkgs; [
+ mosh
+ weechat
+ tmux
+ ];
+
+ users.extraUsers.chat = {
+ home = "/home/chat";
+ uid = genid "chat";
+ useDefaultShell = true;
+ createHome = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.nin.pubkey
+ ];
+ };
+}
diff --git a/nin/default.nix b/nin/default.nix
new file mode 100644
index 000000000..c31d6d949
--- /dev/null
+++ b/nin/default.nix
@@ -0,0 +1,7 @@
+_:
+{
+ imports = [
+ ../krebs
+ ./2configs
+ ];
+}
diff --git a/shared/1systems/test-all-krebs-modules.nix b/shared/1systems/test-all-krebs-modules.nix
index 0bfcff685..b42968cfb 100644
--- a/shared/1systems/test-all-krebs-modules.nix
+++ b/shared/1systems/test-all-krebs-modules.nix
@@ -9,7 +9,7 @@ in {
enable = true;
build.user = config.krebs.users.shared;
build.host = config.krebs.hosts.test-all-krebs-modules;
- Reaktor.enable = true;
+ Reaktor.test = {};
apt-cacher-ng.enable = true;
backup.enable = true;
bepasty.enable = true;
diff --git a/tv/1systems/alnus.nix b/tv/1systems/alnus.nix
index bc6e3a6d8..4bc0318e8 100644
--- a/tv/1systems/alnus.nix
+++ b/tv/1systems/alnus.nix
@@ -22,10 +22,6 @@ with import <stockholm/lib>;
devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
};
};
- loader = {
- efi.canTouchEfiVariables = true;
- gummiboot.enable = true;
- };
};
environment.systemPackages = with pkgs; [
@@ -62,7 +58,7 @@ with import <stockholm/lib>;
krebs.build = {
host = config.krebs.hosts.alnus;
user = mkForce config.krebs.users.dv;
- source.nixpkgs.git.ref = mkForce "d7450443c42228832c68fba203a7c15cfcfb264e";
+ source.nixpkgs.git.ref = mkForce "e924319cb6c74aa2a9c943eddeb0caef79db01bc";
};
networking.networkmanager.enable = true;
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 108006f34..b718d19b8 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -16,11 +16,11 @@ with import <stockholm/lib>;
networking = {
interfaces.enp2s1.ip4 = singleton {
address = let
- addr = "45.62.237.203";
+ addr = "64.137.177.226";
in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr;
prefixLength = 24;
};
- defaultGateway = "45.62.237.1";
+ defaultGateway = "64.137.177.1";
nameservers = ["8.8.8.8"];
};
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index d5be57bb8..a9d7e94eb 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -23,7 +23,6 @@ with import <stockholm/lib>;
# stockholm
gnumake
hashPassword
- haskellPackages.lentil
parallel
# root
@@ -47,7 +46,6 @@ with import <stockholm/lib>;
p7zip
push
qrencode
- texLive
tmux
#ack
@@ -116,18 +114,23 @@ with import <stockholm/lib>;
boot.initrd.luks = {
cryptoModules = [ "aes" "sha512" "xts" ];
devices = [
- { name = "home"; device = "/dev/vg840/enchome"; preLVM = false; }
+ { name = "wuca"; device = "/dev/sda2"; }
];
};
fileSystems = {
"/" = {
- device = "/dev/mapper/vg840-wuroot";
+ device = "/dev/mapper/wuvga-root";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/bku" = {
+ device = "/dev/mapper/wuvga-bku";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/home" = {
- device = "/dev/mapper/home";
+ device = "/dev/mapper/wuvga-home";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
@@ -174,5 +177,5 @@ with import <stockholm/lib>;
KERNEL=="hpet", GROUP="audio"
'';
- services.virtualboxHost.enable = true;
+ virtualisation.virtualbox.host.enable = true;
}
diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix
index 7c91b1cf1..5cc86cfdd 100644
--- a/tv/2configs/backup.nix
+++ b/tv/2configs/backup.nix
@@ -46,12 +46,6 @@ with import <stockholm/lib>;
dst = { host = config.krebs.hosts.zu; path = "/bku/xu-home"; };
startAt = "06:20";
};
- xu-pull-cd-ejabberd = {
- method = "pull";
- src = { host = config.krebs.hosts.cd; path = "/var/ejabberd"; };
- dst = { host = config.krebs.hosts.xu; path = "/bku/cd-ejabberd"; };
- startAt = "07:00";
- };
xu-pull-cd-home = {
method = "pull";
src = { host = config.krebs.hosts.cd; path = "/home"; };
@@ -76,12 +70,6 @@ with import <stockholm/lib>;
dst = { host = config.krebs.hosts.xu; path = "/bku/zu-home"; };
startAt = "05:00";
};
- zu-pull-cd-ejabberd = {
- method = "pull";
- src = { host = config.krebs.hosts.cd; path = "/var/ejabberd"; };
- dst = { host = config.krebs.hosts.zu; path = "/bku/cd-ejabberd"; };
- startAt = "06:00";
- };
zu-pull-cd-home = {
method = "pull";
src = { host = config.krebs.hosts.cd; path = "/home"; };
diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index 48d738365..9ccb0a057 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -2,9 +2,9 @@
with import <stockholm/lib>;
-let
+let {
- out = {
+ body = {
krebs.git = {
enable = true;
cgit = {
@@ -123,4 +123,4 @@ let
perm = fetch;
};
-in out
+}
diff --git a/tv/2configs/hw/w110er.nix b/tv/2configs/hw/w110er.nix
index aa8292441..787bfc6e9 100644
--- a/tv/2configs/hw/w110er.nix
+++ b/tv/2configs/hw/w110er.nix
@@ -12,9 +12,11 @@
boot.initrd.availableKernelModules = [ "ahci" ];
boot.kernelModules = [ "kvm-intel" ];
- boot.loader.gummiboot.enable = true;
+ boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
+ hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
+
networking.wireless.enable = true;
nix = {
@@ -31,10 +33,6 @@
HandleSuspendKey=ignore
'';
- services.xserver = {
- vaapiDrivers = [ pkgs.vaapiIntel ];
- };
-
system.activationScripts.powertopTunables = ''
echo 1 > /sys/module/snd_hda_intel/parameters/power_save
echo 1500 > /proc/sys/vm/dirty_writeback_centisecs
diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix
index b34590908..6e11e0251 100644
--- a/tv/2configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
@@ -47,7 +47,7 @@ with import <stockholm/lib>;
#http://hackage.haskell.org/package/web-page
# ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github*
- https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/
+ https://help.github.com/articles/github-s-ip-addresses/
# <stockholm/tv/2configs/xserver/xserver.conf.nix>
# is derived from `configFile` in:
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index cc59a95a5..1ffafe9c9 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -1,8 +1,8 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
-let
- out = {
+let {
+ body = {
environment.systemPackages = [
vim
];
@@ -411,5 +411,4 @@ let
catch /^Vim\%((\a\+)\)\=:E484/
endtry
'';
-in
-out
+}
diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix
index 7276726ca..803ed6fbf 100644
--- a/tv/3modules/iptables.nix
+++ b/tv/3modules/iptables.nix
@@ -1,10 +1,10 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
-let
+let {
cfg = config.tv.iptables;
- out = {
+ body = {
options.tv.iptables = api;
config = lib.mkIf cfg.enable imp;
};
@@ -146,14 +146,4 @@ let
)}
COMMIT
'';
-in out
-
-#let
-# cfg = config.tv.iptables;
-# arg' = arg // { inherit cfg; };
-#in
-#
-#{
-# options.tv.iptables = import ./options.nix arg';
-# config = lib.mkIf cfg.enable (import ./config.nix arg');
-#}
+}