From 55df7c1df55aaa8dc3f48ae83dbd87ce4d3057ba Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 22 Mar 2016 17:40:59 +0100
Subject: [PATCH 001/135] l 1 mors: remove broken pythonenv container
---
lass/1systems/mors.nix | 33 ---------------------------------
lass/2configs/base.nix | 1 +
2 files changed, 1 insertion(+), 33 deletions(-)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 1f7a13c56..9b5c92ff3 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -98,39 +98,6 @@
# { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
# ];
#}
- {
- containers.pythonenv = {
- config = {
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
-
- environment = {
- systemPackages = with pkgs; [
- git
- libxml2
- libxslt
- libzip
- python27Full
- python27Packages.buildout
- stdenv
- zlib
- ];
-
- pathsToLink = [ "/include" ];
-
- shellInit = ''
- # help pip to find libz.so when building lxml
- export LIBRARY_PATH=/var/run/current-system/sw/lib
- # ditto for header files, e.g. sqlite
- export C_INCLUDE_PATH=/var/run/current-system/sw/include
- '';
- };
-
- };
- };
- }
{
services.mysql = {
enable = true;
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 8017d4270..a50df128e 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -88,6 +88,7 @@ with config.krebs.lib;
environment.systemPackages = with pkgs; [
#stockholm
git
+ gnumake
jq
parallel
proot
From 780ba9bd1197191d9a6a9bf156683fafaac385b7 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 23 Mar 2016 13:44:21 +0100
Subject: [PATCH 002/135] l 2 base: fix hashedPasswords path
---
lass/2configs/base.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index a50df128e..30ab90997 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -10,7 +10,7 @@ with config.krebs.lib;
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
- (import /root/secrets/hashedPasswords.nix);
+ (import <secrets/hashedPasswords.nix>);
}
{
users.extraUsers = {
From e7c6d97f7cfd743f1dc6ad5cf4883daebc20d5ca Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 23 Mar 2016 13:44:41 +0100
Subject: [PATCH 003/135] l 2 downloading: add uriel to authorized_keys
---
lass/2configs/downloading.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 115cb8b61..ccd751413 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -20,6 +20,7 @@ in {
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
+ config.krebs.users.lass-uriel.pubkey
];
};
From 18d0cc3048243d15cf6108ccd05d62390ecf5503 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 23 Mar 2016 13:45:06 +0100
Subject: [PATCH 004/135] l 2 websites domsen: add domsen user
---
lass/2configs/websites/domsen.nix | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 109c216c0..895146d25 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -1,6 +1,8 @@
{ config, pkgs, ... }:
-{
+let
+ inherit (config.krebs.lib) genid;
+in {
imports = [
../../3modules/static_nginx.nix
../../3modules/owncloud_nginx.nix
@@ -26,6 +28,15 @@
rootPassword = toString (<secrets/mysql_rootPassword>);
};
+ users.users.domsen = {
+ uid = genid "domsen";
+ description = "maintenance acc for domsen";
+ home = "/home/domsen";
+ useDefaultShell = true;
+ extraGroups = [ "nginx" ];
+ createHome = true;
+ };
+
#lass.wordpress = {
# "ubikmedia.de" = {
# };
From c4350d4f28b3a021791b70d104848f3419ffc498 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 00:18:51 +0200
Subject: [PATCH 005/135] l 1 prism: add new mount for o.ubikmedia.de
---
lass/1systems/prism.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 4d40c8d59..9eb1d54d3 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -79,6 +79,10 @@ in {
device = "/dev/pool/download";
};
+ fileSystems."/srv/http/o.ubikmedia.de" = {
+ device = "/dev/pool/owncloud-ubik";
+ };
+
}
{
sound.enable = false;
From fae50b203d7d3211eec1221fb07f97416edc729c Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 00:36:22 +0200
Subject: [PATCH 006/135] l 1 prism: update JuiceSSH key
---
lass/1systems/prism.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 9eb1d54d3..db4f1f606 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -123,7 +123,7 @@ in {
}
{
users.users.chat.openssh.authorizedKeys.keys = [
- "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH"
+ "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBQjn/3n283RZkBs2CFqbpukyQ3zkLIjewRpKttPa5d4PUiT7/vOlutWH5EP4BxXQSoeZStx8D2alGjxfK+nfDvRJGGofpm23cN4j4i24Fcam1y1H7wqRXO1qbz5AB3qPg== JuiceSSH"
config.krebs.users.lass-uriel.pubkey
];
}
From 38e5cc513cabd4a145bb78db71aa7387bb4278fa Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 00:36:38 +0200
Subject: [PATCH 007/135] l 1 prism: allow https in iptables
---
lass/1systems/prism.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index db4f1f606..4f6770c38 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -136,7 +136,8 @@ in {
../2configs/websites/domsen.nix
];
krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
{
From 5268f22ee99672a2185b959231208a23fd24f073 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 00:43:33 +0200
Subject: [PATCH 008/135] l 2 fastpoke-pages: remove file
---
lass/1systems/cloudkrebs.nix | 1 -
lass/2configs/fastpoke-pages.nix | 101 -------------------------------
2 files changed, 102 deletions(-)
delete mode 100644 lass/2configs/fastpoke-pages.nix
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index 98f509050..fb949ce33 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -11,7 +11,6 @@ in {
../2configs/os-templates/CAC-CentOS-7-64bit.nix
../2configs/base.nix
../2configs/retiolum.nix
- ../2configs/fastpoke-pages.nix
../2configs/git.nix
../2configs/realwallpaper.nix
{
diff --git a/lass/2configs/fastpoke-pages.nix b/lass/2configs/fastpoke-pages.nix
deleted file mode 100644
index bf6ea8952..000000000
--- a/lass/2configs/fastpoke-pages.nix
+++ /dev/null
@@ -1,101 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-let
- createStaticPage = domain:
- {
- krebs.nginx.servers."${domain}" = {
- server-names = [
- "${domain}"
- "www.${domain}"
- ];
- locations = [
- (nameValuePair "/" ''
- root /var/lib/http/${domain};
- '')
- ];
- };
- #networking.extraHosts = ''
- # 10.243.206.102 ${domain}
- #'';
- users.extraUsers = {
- ${domain} = {
- name = domain;
- home = "/var/lib/http/${domain}";
- createHome = true;
- };
- };
- };
-
-in {
- imports = map createStaticPage [
- "habsys.de"
- "pixelpocket.de"
- "karlaskop.de"
- "ubikmedia.de"
- "apanowicz.de"
- ];
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
- ];
- };
- };
-
-
- krebs.nginx = {
- enable = true;
- servers = {
- #"habsys.de" = {
- # server-names = [
- # "habsys.de"
- # "www.habsys.de"
- # ];
- # locations = [
- # (nameValuePair "/" ''
- # root /var/lib/http/habsys.de;
- # '')
- # ];
- #};
-
- #"karlaskop.de" = {
- # server-names = [
- # "karlaskop.de"
- # "www.karlaskop.de"
- # ];
- # locations = [
- # (nameValuePair "/" ''
- # root /var/lib/http/karlaskop.de;
- # '')
- # ];
- #};
-
- #"pixelpocket.de" = {
- # server-names = [
- # "pixelpocket.de"
- # "www.karlaskop.de"
- # ];
- # locations = [
- # (nameValuePair "/" ''
- # root /var/lib/http/karlaskop.de;
- # '')
- # ];
- #};
-
- };
- };
-
- #services.postgresql = {
- # enable = true;
- #};
-
- #config.services.vsftpd = {
- # enable = true;
- # userlistEnable = true;
- # userlistFile = pkgs.writeFile "vsftpd-userlist" ''
- # '';
- #};
-}
From 5a85d6b6964a0906df0d562b03415217f50aa17d Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 14:14:19 +0200
Subject: [PATCH 009/135] l 1 dishfire: add mount for /srv/http
---
lass/1systems/dishfire.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index c7d016cd3..7043809a5 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -26,6 +26,11 @@
fsType = "ext4";
};
+ fileSystems."/srv/http" = {
+ device = "/dev/pool/srv_http";
+ fsType = "ext4";
+ };
+
fileSystems."/boot" = {
device = "/dev/vda1";
fsType = "ext4";
From 76be13147a300e9449ab826e009f4c61b9330b60 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 14:14:43 +0200
Subject: [PATCH 010/135] l 2 base: nixpkgs rev 40c586b -> e781a82
---
lass/2configs/base.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 30ab90997..77646a03e 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -55,7 +55,7 @@ with config.krebs.lib;
stockholm = "/home/lass/stockholm";
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "40c586b7ce2c559374df435f46d673baf711c543";
+ rev = "e781a8257b4312f6b138c7d0511c77d8c06ed819";
dev = "/home/lass/src/nixpkgs";
};
} // optionalAttrs config.krebs.build.host.secure {
From b8b7ba2890d658081c59bd3d5e2f143f825e47e7 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 14:16:07 +0200
Subject: [PATCH 011/135] l 1 mors: remove old test cases
---
lass/1systems/mors.nix | 74 ------------------------------------------
1 file changed, 74 deletions(-)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 9b5c92ff3..4fa8e412d 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -33,71 +33,6 @@
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
];
}
- {
- #static-nginx-test
- imports = [
- ../3modules/static_nginx.nix
- ];
- lass.staticPage."testserver.de" = {
- #sslEnable = true;
- #certificate = "${toString <secrets>}/testserver.de/server.cert";
- #certificate_key = "${toString <secrets>}/testserver.de/server.pem";
- ssl = {
- enable = true;
- certificate = "${toString <secrets>}/testserver.de/server.cert";
- certificate_key = "${toString <secrets>}/testserver.de/server.pem";
- };
- };
- networking.extraHosts = ''
- 10.243.0.2 testserver.de
- '';
- }
- #{
- # #wordpress-test
- # #imports = singleton (sitesGenerators.createWordpress "testserver.de");
- # imports = [
- # ../3modules/wordpress_nginx.nix
- # ];
- # lass.wordpress."testserver.de" = {
- # multiSite = {
- # "1" = "testserver.de";
- # "2" = "bla.testserver.de";
- # };
- # };
-
- # services.mysql = {
- # enable = true;
- # package = pkgs.mariadb;
- # rootPassword = "<secrets>/mysql_rootPassword";
- # };
- # networking.extraHosts = ''
- # 10.243.0.2 testserver.de
- # '';
- # krebs.iptables.tables.filter.INPUT.rules = [
- # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- # ];
- #}
- #{
- # #owncloud-test
- # #imports = singleton (sitesGenerators.createWordpress "testserver.de");
- # imports = [
- # ../3modules/owncloud_nginx.nix
- # ];
- # lass.owncloud."owncloud-test.de" = {
- # };
-
- # #services.mysql = {
- # # enable = true;
- # # package = pkgs.mariadb;
- # # rootPassword = "<secrets>/mysql_rootPassword";
- # #};
- # networking.extraHosts = ''
- # 10.243.0.2 owncloud-test.de
- # '';
- # krebs.iptables.tables.filter.INPUT.rules = [
- # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- # ];
- #}
{
services.mysql = {
enable = true;
@@ -125,15 +60,6 @@
networking.wireless.enable = true;
- networking.extraHosts = ''
- 213.239.205.240 wohnprojekt-rhh.de
- 213.239.205.240 karlaskop.de
- 213.239.205.240 makeup.apanowicz.de
- 213.239.205.240 pixelpocket.de
- 213.239.205.240 reich-gebaeudereinigung.de
- 213.239.205.240 o.ubikmedia.de
- '';
-
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
From c9529ca1e781f023c1280dd96cb589a2c198177a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 14:16:21 +0200
Subject: [PATCH 012/135] l 2 base: add unpackers to pkgs
---
lass/2configs/base.nix | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 77646a03e..88bb3ff60 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -85,6 +85,8 @@ with config.krebs.lib;
MANPAGER=most
'';
+ nixpkgs.config.allowUnfree = true;
+
environment.systemPackages = with pkgs; [
#stockholm
git
@@ -109,6 +111,11 @@ with config.krebs.lib;
#neat utils
krebspaste
+
+ #unpack stuff
+ p7zip
+ unzip
+ unrar
];
programs.bash = {
From d5ccc03a5cc8d30443d81ff4aba7a613c198d268 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 14:16:47 +0200
Subject: [PATCH 013/135] l 2 games: add user to loot group
---
lass/2configs/games.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 6043a8759..0eec97922 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -13,7 +13,7 @@ in {
name = "games";
description = "user playing games";
home = "/home/games";
- extraGroups = [ "audio" "video" "input" ];
+ extraGroups = [ "audio" "video" "input" "loot" ];
createHome = true;
useDefaultShell = true;
};
From 9113a203848d9ceab57fd9c1e891066f96443e6e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 14:17:09 +0200
Subject: [PATCH 014/135] l 2 newsbot-js: remove times feed
---
lass/2configs/newsbot-js.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix
index d7c68bd7d..636b44395 100644
--- a/lass/2configs/newsbot-js.nix
+++ b/lass/2configs/newsbot-js.nix
@@ -154,7 +154,6 @@ let
telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news
the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news
tigsource|http://www.tigsource.com/feed/|#news
- times|http://www.thetimes.co.uk/tto/news/rss|#news
tinc|http://tinc-vpn.org/news/index.rss|#news
topix_b|http://www.topix.com/rss/wire/de/berlin|#news
torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news
From e907a52246bd206eddd2a48c92f63215ff37a53a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 14:17:30 +0200
Subject: [PATCH 015/135] l 2 pass: remove obsolete startGnuPGAgent
---
lass/2configs/pass.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix
index 33eca0a17..610887621 100644
--- a/lass/2configs/pass.nix
+++ b/lass/2configs/pass.nix
@@ -6,5 +6,4 @@
gnupg1
];
- services.xserver.startGnuPGAgent = true;
}
From b517ea29707efc6677fe8c0e7ff6dadff4de3c3d Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 14:21:19 +0200
Subject: [PATCH 016/135] l 4: add website helper functions
---
lass/4lib/default.nix | 127 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 125 insertions(+), 2 deletions(-)
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix
index a751a2995..d45313894 100644
--- a/lass/4lib/default.nix
+++ b/lass/4lib/default.nix
@@ -1,10 +1,133 @@
-{ lib, ... }:
+{ lib, pkgs, ... }:
with lib;
-{
+rec {
getDefaultGateway = ip:
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
+ manageCert = domain:
+ {
+ security.acme = {
+ certs."${domain}" = {
+ email = "lassulus@gmail.com";
+ webroot = "/var/lib/acme/challenges/${domain}";
+ plugins = [
+ "account_key.json"
+ "cert.pem"
+ "key.pem"
+ "fullchain.pem"
+ ];
+ group = "nginx";
+ allowKeysForGroup = true;
+ };
+ };
+
+ krebs.nginx.servers."${domain}" = {
+ locations = [
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/${domain}/;
+ '')
+ ];
+ };
+ };
+
+ ssl = domain:
+ {
+ imports = [
+ ( manageCert domain )
+ ( activateACME domain )
+ ];
+ };
+
+ activateACME = domain:
+ {
+ krebs.nginx.servers."${domain}" = {
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/${domain}/cert.pem";
+ certificate_key = "/var/lib/acme/${domain}/key.pem";
+ };
+ };
+ };
+
+ servePage = domain:
+ {
+ krebs.nginx.servers."${domain}" = {
+ server-names = [
+ "${domain}"
+ "www.${domain}"
+ ];
+ locations = [
+ (nameValuePair "/" ''
+ root /srv/http/${domain};
+ '')
+ ];
+ };
+ };
+
+ serveOwncloud = domain:
+ {
+ krebs.nginx.servers."${domain}" = {
+ server-names = [
+ "${domain}"
+ "www.${domain}"
+ ];
+ locations = [
+ (nameValuePair "/" ''
+ # The following 2 rules are only needed with webfinger
+ rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+ rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+
+ rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
+ rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
+
+ rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
+
+ try_files $uri $uri/ /index.php;
+ '')
+ (nameValuePair "~ \.php$" ''
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ include ${pkgs.nginx}/conf/fastcgi.conf;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
+ '')
+ ];
+ extraConfig = ''
+ root /srv/http/${domain}/;
+ #index index.php;
+ access_log /tmp/nginx_acc.log;
+ error_log /tmp/nginx_err.log;
+
+ # set max upload size
+ client_max_body_size 10G;
+ fastcgi_buffers 64 4K;
+
+ rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
+ rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
+ rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
+
+ error_page 403 /core/templates/403.php;
+ error_page 404 /core/templates/404.php;
+ '';
+ };
+ services.phpfpm.poolConfigs."${domain}" = ''
+ listen = /srv/http/${domain}/phpfpm.pool
+ user = nginx
+ group = nginx
+ pm = dynamic
+ pm.max_children = 5
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 3
+ listen.owner = nginx
+ listen.group = nginx
+ # errors to journal
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ catch_workers_output = yes
+ '';
+ };
+
}
From 7af3dfe9bf367f02619881c47060b4645d12f71e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 14:21:39 +0200
Subject: [PATCH 017/135] l 2 websites: use helper functions
---
lass/2configs/websites/domsen.nix | 40 +++++++++-------
lass/2configs/websites/fritz.nix | 48 ++++++++++++-------
lass/2configs/websites/wohnprojekt-rhh.de.nix | 20 +++++---
3 files changed, 68 insertions(+), 40 deletions(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 895146d25..173e87864 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -1,27 +1,33 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
let
inherit (config.krebs.lib) genid;
+ inherit (import ../../4lib { inherit lib pkgs; })
+ manageCert
+ activateACME
+ ssl
+ servePage
+ serveOwncloud;
+
in {
imports = [
- ../../3modules/static_nginx.nix
- ../../3modules/owncloud_nginx.nix
- ../../3modules/wordpress_nginx.nix
+ ( ssl "reich-gebaeudereinigung.de" )
+ ( servePage "reich-gebaeudereinigung.de" )
+
+ ( servePage "karlaskop.de" )
+ ( manageCert "karlaskop.de" )
+
+ ( servePage "makeup.apanowicz.de" )
+ ( manageCert "makeup.apanowicz.de" )
+
+ ( servePage "pixelpocket.de" )
+ ( manageCert "pixelpocket.de" )
+
+ ( ssl "o.ubikmedia.de" )
+ ( serveOwncloud "o.ubikmedia.de" )
+
];
- lass.staticPage = {
- "karlaskop.de" = {};
- "makeup.apanowicz.de" = {};
- "pixelpocket.de" = {};
- "reich-gebaeudereinigung.de" = {};
- };
-
- lass.owncloud = {
- "o.ubikmedia.de" = {
- instanceid = "oc8n8ddbftgh";
- };
- };
-
services.mysql = {
enable = true;
package = pkgs.mariadb;
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 073f3de14..16a240d7c 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -1,23 +1,39 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
-{
+let
+ inherit (import ../../4lib { inherit lib pkgs; })
+ manageCert
+ activateACME
+ ssl
+ servePage
+ serveOwncloud;
+in {
imports = [
- ../../3modules/static_nginx.nix
- ../../3modules/owncloud_nginx.nix
- ../../3modules/wordpress_nginx.nix
- ];
+ ( manageCert "biostase.de" )
+ ( servePage "biostase.de" )
- lass.staticPage = {
- "biostase.de" = {};
- "gs-maubach.de" = {};
- "spielwaren-kern.de" = {};
- "societyofsimtech.de" = {};
- "ttf-kleinaspach.de" = {};
- "edsn.de" = {};
- "eab.berkeley.edu" = {};
- "habsys.de" = {};
- };
+ ( manageCert "gs-maubach.de" )
+ ( servePage "gs-maubach.de" )
+
+ ( manageCert "spielwaren-kern.de" )
+ ( servePage "spielwaren-kern.de" )
+
+ ( manageCert "societyofsimtech.de" )
+ ( servePage "societyofsimtech.de" )
+
+ ( manageCert "ttf-kleinaspach.de" )
+ ( servePage "ttf-kleinaspach.de" )
+
+ ( manageCert "edsn.de" )
+ ( servePage "edsn.de" )
+
+ ( manageCert "eab.berkeley.edu" )
+ ( servePage "eab.berkeley.edu" )
+
+ ( manageCert "habsys.de" )
+ ( servePage "habsys.de" )
+ ];
#lass.owncloud = {
# "o.ubikmedia.de" = {
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
index ac784d4c7..4e3eb071a 100644
--- a/lass/2configs/websites/wohnprojekt-rhh.de.nix
+++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix
@@ -1,14 +1,20 @@
-{ config, ... }:
+{ config, pkgs, lib, ... }:
-{
+let
+ inherit (config.krebs.lib) genid;
+ inherit (import ../../4lib { inherit lib pkgs; })
+ manageCert
+ activateACME
+ ssl
+ servePage
+ serveOwncloud;
+
+in {
imports = [
- ../../3modules/static_nginx.nix
+ ( ssl "wohnprojekt-rhh.de" )
+ ( servePage "wohnprojekt-rhh.de" )
];
- lass.staticPage = {
- "wohnprojekt-rhh.de" = {};
- };
-
users.users.laura = {
home = "/srv/http/wohnprojekt-rhh.de";
createHome = true;
From ed37b759286a1989ee3830b0268134a177303d23 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 21:20:35 +0200
Subject: [PATCH 018/135] l 4: update owncloud config to solve errors
---
lass/4lib/default.nix | 100 ++++++++++++++++++++++++++++++------------
1 file changed, 73 insertions(+), 27 deletions(-)
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix
index d45313894..4d3adfd1d 100644
--- a/lass/4lib/default.nix
+++ b/lass/4lib/default.nix
@@ -74,43 +74,89 @@ rec {
"${domain}"
"www.${domain}"
];
- locations = [
- (nameValuePair "/" ''
- # The following 2 rules are only needed with webfinger
- rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
- rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
-
- rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
- rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
-
- rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
-
- try_files $uri $uri/ /index.php;
- '')
- (nameValuePair "~ \.php$" ''
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- include ${pkgs.nginx}/conf/fastcgi.conf;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
- '')
- ];
extraConfig = ''
- root /srv/http/${domain}/;
- #index index.php;
- access_log /tmp/nginx_acc.log;
- error_log /tmp/nginx_err.log;
+ # Add headers to serve security related headers
+ add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+ add_header X-Content-Type-Options nosniff;
+ add_header X-Frame-Options "SAMEORIGIN";
+ add_header X-XSS-Protection "1; mode=block";
+ add_header X-Robots-Tag none;
+ # Path to the root of your installation
+ root /srv/http/${domain}/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
- rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
- rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
- rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
+ # Disable gzip to avoid the removal of the ETag header
+ gzip off;
+ # Uncomment if your server is build with the ngx_pagespeed module
+ # This module is currently not supported.
+ #pagespeed off;
+
+ index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
+
+ rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
+ rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;
+
+ # The following 2 rules are only needed for the user_webfinger app.
+ # Uncomment it if you're planning to use this app.
+ rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+ rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
'';
+ locations = [
+ (nameValuePair "/robots.txt" ''
+ allow all;
+ log_not_found off;
+ access_log off;
+ '')
+ (nameValuePair "~ ^/(build|tests|config|lib|3rdparty|templates|data)/" ''
+ deny all;
+ '')
+
+ (nameValuePair "~ ^/(?:autotest|occ|issue|indie|db_|console)" ''
+ deny all;
+ '')
+
+ (nameValuePair "/" ''
+ rewrite ^/remote/(.*) /remote.php last;
+ rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
+ try_files $uri $uri/ =404;
+ '')
+
+ (nameValuePair "~ \.php(?:$|/)" ''
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ include ${pkgs.nginx}/conf/fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param HTTPS on;
+ fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
+ fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
+ fastcgi_intercept_errors on;
+ '')
+
+ # Adding the cache control header for js and css files
+ # Make sure it is BELOW the location ~ \.php(?:$|/) { block
+ (nameValuePair "~* \.(?:css|js)$" ''
+ add_header Cache-Control "public, max-age=7200";
+ # Add headers to serve security related headers
+ add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+ add_header X-Content-Type-Options nosniff;
+ add_header X-Frame-Options "SAMEORIGIN";
+ add_header X-XSS-Protection "1; mode=block";
+ add_header X-Robots-Tag none;
+ # Optional: Don't log access to assets
+ access_log off;
+ '')
+
+ # Optional: Don't log access to other assets
+ (nameValuePair "~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$" ''
+ access_log off;
+ '')
+ ];
};
services.phpfpm.poolConfigs."${domain}" = ''
listen = /srv/http/${domain}/phpfpm.pool
From c60d7637bd84ab0fc34798f68544d02c34da88c9 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 11 Apr 2016 16:43:25 +0200
Subject: [PATCH 019/135] l 1 mors: /mnt/backup is now /bku
---
lass/1systems/mors.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 4fa8e412d..0d8db212a 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -99,7 +99,7 @@
fsType = "ext4";
};
- "/mnt/backups" = {
+ "/bku" = {
device = "/dev/big/backups";
fsType = "ext4";
};
From 375277a3c67102fc887b7b67837c8977035d8227 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 11 Apr 2016 16:43:52 +0200
Subject: [PATCH 020/135] l 1 prism: new fileschema for better backups
---
lass/1systems/prism.nix | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 80dd8c4e9..09a802b53 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -77,8 +77,16 @@ in {
device = "/dev/pool/download";
};
- fileSystems."/srv/http/o.ubikmedia.de" = {
- device = "/dev/pool/owncloud-ubik";
+ fileSystems."/srv/http" = {
+ device = "/dev/pool/http";
+ };
+
+ fileSystems."/srv/o.ubikmedia.de-data" = {
+ device = "/dev/pool/owncloud-ubik-data";
+ };
+
+ fileSystems."/bku" = {
+ device = "/dev/pool/bku";
};
}
From 0a5f8b64b2b34e7d24ee9e7573eebd7937341e01 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 11 Apr 2016 16:47:06 +0200
Subject: [PATCH 021/135] l 1 uriel: add /bku
---
lass/1systems/uriel.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 4e4eca21f..8bb2348e6 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -47,6 +47,11 @@ with builtins;
fsType = "ext4";
};
+ "/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
+
"/boot" = {
device = "/dev/sda1";
};
From 1773a9cd92ca2c0d78ba55c9ba16f7580cde388e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 11 Apr 2016 16:49:52 +0200
Subject: [PATCH 022/135] l 4: add more helpers for wordpress hosting
---
lass/4lib/default.nix | 80 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 80 insertions(+)
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix
index 4d3adfd1d..e089f022c 100644
--- a/lass/4lib/default.nix
+++ b/lass/4lib/default.nix
@@ -33,6 +33,34 @@ rec {
};
};
+ manageCerts = domains:
+ let
+ domain = head domains;
+ in {
+ security.acme = {
+ certs."${domain}" = {
+ email = "lassulus@gmail.com";
+ webroot = "/var/lib/acme/challenges/${domain}";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ ];
+ group = "nginx";
+ allowKeysForGroup = true;
+ extraDomains = genAttrs domains (_: null);
+ };
+ };
+
+ krebs.nginx.servers."${domain}" = {
+ locations = [
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/${domain}/;
+ '')
+ ];
+ };
+ };
+
ssl = domain:
{
imports = [
@@ -176,4 +204,56 @@ rec {
'';
};
+ serveWordpress = domains:
+ let
+ domain = head domains;
+
+ in {
+ krebs.nginx.servers."${domain}" = {
+ server-names = domains;
+ extraConfig = ''
+ root /srv/http/${domain}/;
+ index index.php;
+ access_log /tmp/nginx_acc.log;
+ error_log /tmp/nginx_err.log;
+ error_page 404 /404.html;
+ error_page 500 502 503 504 /50x.html;
+ '';
+ locations = [
+ (nameValuePair "/" ''
+ try_files $uri $uri/ /index.php?$args;
+ '')
+ (nameValuePair "~ \.php$" ''
+ fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
+ include ${pkgs.nginx}/conf/fastcgi.conf;
+ '')
+ (nameValuePair "~ /\\." ''
+ deny all;
+ '')
+ #Directives to send expires headers and turn off 404 error logging.
+ (nameValuePair "~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$" ''
+ access_log off;
+ log_not_found off;
+ expires max;
+ '')
+ ];
+ };
+ services.phpfpm.poolConfigs."${domain}" = ''
+ listen = /srv/http/${domain}/phpfpm.pool
+ user = nginx
+ group = nginx
+ pm = dynamic
+ pm.max_children = 5
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 3
+ listen.owner = nginx
+ listen.group = nginx
+ # errors to journal
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ catch_workers_output = yes
+ '';
+ };
+
}
From a638c4eecd55420e3a579763561e4cfa672d1cd5 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 11 Apr 2016 16:50:22 +0200
Subject: [PATCH 023/135] l 2 websites domsen: serve wordpress
---
lass/2configs/websites/domsen.nix | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 173e87864..b02f31629 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -4,28 +4,32 @@ let
inherit (config.krebs.lib) genid;
inherit (import ../../4lib { inherit lib pkgs; })
manageCert
+ manageCerts
activateACME
ssl
servePage
- serveOwncloud;
+ serveOwncloud
+ serveWordpress;
in {
imports = [
( ssl "reich-gebaeudereinigung.de" )
( servePage "reich-gebaeudereinigung.de" )
- ( servePage "karlaskop.de" )
( manageCert "karlaskop.de" )
+ ( servePage "karlaskop.de" )
- ( servePage "makeup.apanowicz.de" )
( manageCert "makeup.apanowicz.de" )
+ ( servePage "makeup.apanowicz.de" )
- ( servePage "pixelpocket.de" )
( manageCert "pixelpocket.de" )
+ ( servePage "pixelpocket.de" )
( ssl "o.ubikmedia.de" )
( serveOwncloud "o.ubikmedia.de" )
+ ( manageCerts [ "ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
+ ( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
];
services.mysql = {
From 72e46878ea759f8909c90d2f5f293bfb8f3a6104 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 11 Apr 2016 16:50:49 +0200
Subject: [PATCH 024/135] l 2 websites: activate sqlBackups
---
lass/2configs/websites/domsen.nix | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index b02f31629..cbda7b99e 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -38,6 +38,15 @@ in {
rootPassword = toString (<secrets/mysql_rootPassword>);
};
+ services.mysqlBackup = {
+ enable = true;
+ databases = [
+ "ubikmedia_de"
+ "o_ubikmedia_de"
+ ];
+ location = "/bku/sql_dumps";
+ };
+
users.users.domsen = {
uid = genid "domsen";
description = "maintenance acc for domsen";
From 2723a1fcd85ccaf9fea6faa6ec51358f706b8883 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 11 Apr 2016 16:51:12 +0200
Subject: [PATCH 025/135] l 2 websites domsen: add apcu to phpfpm
---
lass/2configs/websites/domsen.nix | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index cbda7b99e..1b62bd977 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -56,10 +56,13 @@ in {
createHome = true;
};
- #lass.wordpress = {
- # "ubikmedia.de" = {
- # };
- #};
-
+ services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
+ options = ''
+ extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ '';
+ } ''
+ cat ${pkgs.php}/etc/php-recommended.ini > $out
+ echo "$options" >> $out
+ '';
}
From 4bd4e58baa56635f08661a7a5c1dfe9f59a719a7 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 11 Apr 2016 16:51:49 +0200
Subject: [PATCH 026/135] l 2: add backups.nix
---
lass/2configs/backups.nix | 63 +++++++++++++++++++++++++++++++++++++++
1 file changed, 63 insertions(+)
create mode 100644 lass/2configs/backups.nix
diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix
new file mode 100644
index 000000000..c3275aece
--- /dev/null
+++ b/lass/2configs/backups.nix
@@ -0,0 +1,63 @@
+{ config, lib, ... }:
+with config.krebs.lib;
+{
+
+ krebs.backup.plans = {
+ } // mapAttrs (_: recursiveUpdate {
+ snapshots = {
+ daily = { format = "%Y-%m-%d"; retain = 7; };
+ weekly = { format = "%YW%W"; retain = 4; };
+ monthly = { format = "%Y-%m"; retain = 12; };
+ yearly = { format = "%Y"; };
+ };
+ }) {
+ prism-chat-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; };
+ startAt = "03:00";
+ };
+ prism-chat-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
+ startAt = "03:00";
+ };
+ mors-home-uriel = {
+ method = "push";
+ src = { host = config.krebs.hosts.mors; path = "/home"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; };
+ startAt = "04:00";
+ };
+ uriel-home-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.uriel; path = "/home"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/uriel-home"; };
+ startAt = "04:00";
+ };
+ prism-http-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; };
+ startAt = "04:30";
+ };
+ prism-http-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
+ startAt = "04:30";
+ };
+ prism-sql-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; };
+ startAt = "05:00";
+ };
+ prism-sql-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
+ startAt = "05:00";
+ };
+ };
+}
From 84c7ba200a02dff803023388d54e2dea8e16ae2f Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 11 Apr 2016 16:52:15 +0200
Subject: [PATCH 027/135] l 2 base: import backups.nix
---
lass/2configs/base.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 88bb3ff60..ad5df26e8 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -7,6 +7,7 @@ with config.krebs.lib;
../2configs/zsh.nix
../2configs/mc.nix
../2configs/retiolum.nix
+ ./backups.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
From 8f20cf974e334157a241dee5ad729eb5708637ee Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 11 Apr 2016 16:52:43 +0200
Subject: [PATCH 028/135] l 4: use fullchain.pem as certificate
---
lass/4lib/default.nix | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix
index e089f022c..22a8c3c6e 100644
--- a/lass/4lib/default.nix
+++ b/lass/4lib/default.nix
@@ -15,7 +15,6 @@ rec {
webroot = "/var/lib/acme/challenges/${domain}";
plugins = [
"account_key.json"
- "cert.pem"
"key.pem"
"fullchain.pem"
];
@@ -74,7 +73,7 @@ rec {
krebs.nginx.servers."${domain}" = {
ssl = {
enable = true;
- certificate = "/var/lib/acme/${domain}/cert.pem";
+ certificate = "/var/lib/acme/${domain}/fullchain.pem";
certificate_key = "/var/lib/acme/${domain}/key.pem";
};
};
From 7023d4141044d9de656f0d52e39650466d709728 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 12 Apr 2016 15:09:08 +0200
Subject: [PATCH 029/135] k 3 iptables: allow REDIRECT target
---
krebs/3modules/iptables.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index 9596229de..4b99873a1 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -20,6 +20,7 @@ let
flatten
length
hasAttr
+ hasPrefix
mkEnableOption
mkOption
mkIf
@@ -123,7 +124,7 @@ let
buildRule = tn: cn: rule:
#target validation test:
- assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}")));
+ assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target;
#predicate validation test:
#maybe use iptables-test
From a1d80db7cc499bb9a850250357b0921fa61f5a59 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 12 Apr 2016 15:09:56 +0200
Subject: [PATCH 030/135] l 2 base: remove helios from authorized_keys(root)
---
lass/2configs/base.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index ad5df26e8..d83e53772 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -19,7 +19,6 @@ with config.krebs.lib;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-uriel.pubkey
- config.krebs.users.lass-helios.pubkey
];
};
mainUser = {
From be6bfb17365046486abdd3af01f05b0cb99331ea Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 12 Apr 2016 15:11:31 +0200
Subject: [PATCH 031/135] l 2 base: redirect internet ssh port to 45621
---
lass/2configs/base.nix | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index d83e53772..4a4468300 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -173,6 +173,13 @@ with config.krebs.lib;
krebs.iptables = {
enable = true;
tables = {
+ nat.PREROUTING.rules = [
+ { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
+ { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
+ ];
+ nat.OUTPUT.rules = [
+ { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
+ ];
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
From 4f04085d5239e2c688a370706f9007edd0a0d5bb Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 12 Apr 2016 15:16:17 +0200
Subject: [PATCH 032/135] l 2: add exim-retiolum.nix
---
lass/2configs/exim-retiolum.nix | 14 ++++++++++++++
1 file changed, 14 insertions(+)
create mode 100644 lass/2configs/exim-retiolum.nix
diff --git a/lass/2configs/exim-retiolum.nix b/lass/2configs/exim-retiolum.nix
new file mode 100644
index 000000000..ea2f553b8
--- /dev/null
+++ b/lass/2configs/exim-retiolum.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+{
+ krebs.exim-retiolum.enable = true;
+ krebs.setuid.sendmail = {
+ filename = "${pkgs.exim}/bin/exim";
+ mode = "4111";
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
+ ];
+}
From 6da220c50848843a4d6e546a8639d0a573bf210b Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 12 Apr 2016 15:16:40 +0200
Subject: [PATCH 033/135] l 2: add exim-smarthost configuration
---
lass/2configs/exim-smarthost.nix | 49 ++++++++++++++++++++++++++++++++
1 file changed, 49 insertions(+)
create mode 100644 lass/2configs/exim-smarthost.nix
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
new file mode 100644
index 000000000..7f838a316
--- /dev/null
+++ b/lass/2configs/exim-smarthost.nix
@@ -0,0 +1,49 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+{
+ krebs.exim-smarthost = {
+ enable = true;
+ #dkim = [
+ # { domain = "lassul.us"; }
+ #];
+ sender_domains = [
+ "lassul.us"
+ ];
+ relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+ config.krebs.hosts.mors
+ config.krebs.hosts.uriel
+ config.krebs.hosts.helios
+ ];
+ internet-aliases = with config.krebs.users; [
+ { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
+ { from = "lass@lassul.us"; to = lass.mail; }
+ { from = "lassulus@lassul.us"; to = lass.mail; }
+ { from = "test@lassul.us"; to = lass.mail; }
+ ];
+ system-aliases = [
+ { from = "mailer-daemon"; to = "postmaster"; }
+ { from = "postmaster"; to = "root"; }
+ { from = "nobody"; to = "root"; }
+ { from = "hostmaster"; to = "root"; }
+ { from = "usenet"; to = "root"; }
+ { from = "news"; to = "root"; }
+ { from = "webmaster"; to = "root"; }
+ { from = "www"; to = "root"; }
+ { from = "ftp"; to = "root"; }
+ { from = "abuse"; to = "root"; }
+ { from = "noc"; to = "root"; }
+ { from = "security"; to = "root"; }
+ { from = "root"; to = "lass"; }
+ ];
+ };
+
+ krebs.setuid.sendmail = {
+ filename = "${pkgs.exim}/bin/exim";
+ mode = "4111";
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
+ ];
+}
From 3d8689494f994a6849b1815b98dcbd027f59b1c6 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 12 Apr 2016 15:16:58 +0200
Subject: [PATCH 034/135] l 2 base: remove exim & sendmail stuff
---
lass/2configs/base.nix | 5 -----
1 file changed, 5 deletions(-)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 4a4468300..8c6078ba5 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -45,7 +45,6 @@ with config.krebs.lib;
krebs = {
enable = true;
search-domain = "retiolum";
- exim-retiolum.enable = true;
build = {
user = config.krebs.users.lass;
source = mapAttrs (_: mkDefault) ({
@@ -153,10 +152,6 @@ with config.krebs.lib;
'';
};
- security.setuidPrograms = [
- "sendmail"
- ];
-
services.openssh = {
enable = true;
hostKeys = [
From fa039a83d8c2d5f2756856794461ac9795a6ee11 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 12 Apr 2016 15:17:42 +0200
Subject: [PATCH 035/135] l 1 *: import exim config from l 2 exim-*
---
lass/1systems/cloudkrebs.nix | 1 +
lass/1systems/dishfire.nix | 1 +
lass/1systems/echelon.nix | 1 +
lass/1systems/helios.nix | 1 +
lass/1systems/mors.nix | 1 +
lass/1systems/prism.nix | 1 +
lass/1systems/uriel.nix | 1 +
7 files changed, 7 insertions(+)
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index 636d6a855..82c172050 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -9,6 +9,7 @@ in {
../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
../2configs/base.nix
+ ../2configs/exim-retiolum.nix
../2configs/retiolum.nix
../2configs/git.nix
../2configs/realwallpaper.nix
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index 7043809a5..04ebca588 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -5,6 +5,7 @@
../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/base.nix
+ ../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/websites/fritz.nix
{
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index 80611ee80..e2fa1c5f4 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -9,6 +9,7 @@ in {
../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
../2configs/base.nix
+ ../2configs/exim-retiolum.nix
../2configs/retiolum.nix
../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index cc98c2c5b..0c7c0d8e3 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -5,6 +5,7 @@ with builtins;
imports = [
../.
../2configs/baseX.nix
+ ../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/programs.nix
../2configs/git.nix
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 0d8db212a..18f86ef91 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -4,6 +4,7 @@
imports = [
../.
../2configs/baseX.nix
+ ../2configs/exim-retiolum.nix
../2configs/programs.nix
../2configs/bitcoin.nix
../2configs/browsers.nix
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 09a802b53..e1743c997 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -6,6 +6,7 @@ in {
imports = [
../.
../2configs/base.nix
+ ../2configs/exim-smarthost.nix
../2configs/downloading.nix
../2configs/git.nix
../2configs/ts3.nix
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 8bb2348e6..92996c181 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -5,6 +5,7 @@ with builtins;
imports = [
../.
../2configs/baseX.nix
+ ../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/games.nix
../2configs/pass.nix
From 1b717d487791ce6874caa439461d4deeb942a835 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 12 Apr 2016 16:32:58 +0200
Subject: [PATCH 036/135] l 2 exim-smarthost: activate DKIM
---
lass/2configs/exim-smarthost.nix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 7f838a316..f1c682416 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -5,9 +5,9 @@ with config.krebs.lib;
{
krebs.exim-smarthost = {
enable = true;
- #dkim = [
- # { domain = "lassul.us"; }
- #];
+ dkim = [
+ { domain = "lassul.us"; }
+ ];
sender_domains = [
"lassul.us"
];
From 4382ba5b9ddad77a1e0f44b5ff88862678a5d33e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 13 Apr 2016 16:27:41 +0200
Subject: [PATCH 037/135] l 1 dishfire: add /bku mount
---
lass/1systems/dishfire.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index 04ebca588..532ccb29a 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -36,6 +36,10 @@
device = "/dev/vda1";
fsType = "ext4";
};
+ fileSystems."/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
}
{
networking.dhcpcd.allowInterfaces = [
From 8a8d2c8ec979b30901e69cb6a0d063968b5c42b6 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 13 Apr 2016 16:29:13 +0200
Subject: [PATCH 038/135] l 1 mors: disable test dbs
---
lass/1systems/mors.nix | 40 +++++++++++++++++++++-------------------
1 file changed, 21 insertions(+), 19 deletions(-)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 18f86ef91..6e89b2957 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -34,26 +34,28 @@
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
];
}
+ #{
+ # services.mysql = {
+ # enable = true;
+ # package = pkgs.mariadb;
+ # rootPassword = "<secrets>/mysql_rootPassword";
+ # };
+ #}
+ #{
+ # services.elasticsearch = {
+ # enable = true;
+ # plugins = [
+ # # pkgs.elasticsearchPlugins.elasticsearch_kopf
+ # ];
+ # };
+ #}
+ #{
+ # services.postgresql = {
+ # enable = true;
+ # package = pkgs.postgresql;
+ # };
+ #}
{
- services.mysql = {
- enable = true;
- package = pkgs.mariadb;
- rootPassword = "<secrets>/mysql_rootPassword";
- };
- }
- {
- services.elasticsearch = {
- enable = true;
- plugins = [
- # pkgs.elasticsearchPlugins.elasticsearch_kopf
- ];
- };
- }
- {
- services.postgresql = {
- enable = true;
- package = pkgs.postgresql;
- };
}
];
From 40ce314996762fe286a5f8d27873cd0ae9fab145 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 13 Apr 2016 16:29:52 +0200
Subject: [PATCH 039/135] l 2 exim-smarthost: add outlook@lassul.us
---
lass/2configs/exim-smarthost.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index f1c682416..e1aa29c49 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -21,6 +21,7 @@ with config.krebs.lib;
{ from = "lass@lassul.us"; to = lass.mail; }
{ from = "lassulus@lassul.us"; to = lass.mail; }
{ from = "test@lassul.us"; to = lass.mail; }
+ { from = "outlook@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
From 4c4ac83e1fb21611e947c40d612d51bbab91257e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 13 Apr 2016 16:30:17 +0200
Subject: [PATCH 040/135] l 2 backups: more backups
---
lass/2configs/backups.nix | 98 ++++++++++++++++++++++++++-------------
1 file changed, 67 insertions(+), 31 deletions(-)
diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix
index c3275aece..ca9ff20a1 100644
--- a/lass/2configs/backups.nix
+++ b/lass/2configs/backups.nix
@@ -11,23 +11,77 @@ with config.krebs.lib;
yearly = { format = "%Y"; };
};
}) {
- prism-chat-uriel = {
+ dishfire-http-prism = {
method = "pull";
- src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
- dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; };
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
startAt = "03:00";
};
+ dishfire-http-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; };
+ startAt = "03:05";
+ };
+ dishfire-http-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-http"; };
+ startAt = "03:10";
+ };
+ dishfire-sql-prism = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
+ startAt = "03:15";
+ };
+ dishfire-sql-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; };
+ startAt = "03:20";
+ };
+ dishfire-sql-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-sql"; };
+ startAt = "03:25";
+ };
prism-chat-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
- startAt = "03:00";
+ startAt = "03:30";
};
- mors-home-uriel = {
- method = "push";
- src = { host = config.krebs.hosts.mors; path = "/home"; };
- dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; };
- startAt = "04:00";
+ prism-chat-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; };
+ startAt = "03:35";
+ };
+ prism-sql-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
+ startAt = "03:40";
+ };
+ prism-sql-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; };
+ startAt = "03:45";
+ };
+ prism-http-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
+ startAt = "03:50";
+ };
+ prism-http-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; };
+ startAt = "03:55";
};
uriel-home-mors = {
method = "pull";
@@ -35,28 +89,10 @@ with config.krebs.lib;
dst = { host = config.krebs.hosts.mors; path = "/bku/uriel-home"; };
startAt = "04:00";
};
- prism-http-uriel = {
- method = "pull";
- src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
- dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; };
- startAt = "04:30";
- };
- prism-http-mors = {
- method = "pull";
- src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
- dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
- startAt = "04:30";
- };
- prism-sql-uriel = {
- method = "pull";
- src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
- dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; };
- startAt = "05:00";
- };
- prism-sql-mors = {
- method = "pull";
- src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
- dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
+ mors-home-uriel = {
+ method = "push";
+ src = { host = config.krebs.hosts.mors; path = "/home"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; };
startAt = "05:00";
};
};
From de6e888da9ed85ebbe35fa23569fbd8617734798 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 13 Apr 2016 16:32:04 +0200
Subject: [PATCH 041/135] l websites: use lists in helpers
---
lass/2configs/websites/domsen.nix | 22 ++++----
lass/2configs/websites/fritz.nix | 39 +++++++-------
lass/2configs/websites/wohnprojekt-rhh.de.nix | 9 ++--
lass/4lib/default.nix | 53 +++++--------------
4 files changed, 48 insertions(+), 75 deletions(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 1b62bd977..caaee96bb 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -13,22 +13,22 @@ let
in {
imports = [
- ( ssl "reich-gebaeudereinigung.de" )
- ( servePage "reich-gebaeudereinigung.de" )
+ ( ssl [ "reich-gebaeudereinigung.de" ])
+ ( servePage [ "reich-gebaeudereinigung.de" ])
- ( manageCert "karlaskop.de" )
- ( servePage "karlaskop.de" )
+ ( manageCerts [ "karlaskop.de" ])
+ ( servePage [ "karlaskop.de" ])
- ( manageCert "makeup.apanowicz.de" )
- ( servePage "makeup.apanowicz.de" )
+ ( ssl [ "makeup.apanowicz.de" ])
+ ( servePage [ "makeup.apanowicz.de" ])
- ( manageCert "pixelpocket.de" )
- ( servePage "pixelpocket.de" )
+ ( manageCerts [ "pixelpocket.de" ])
+ ( servePage [ "pixelpocket.de" ])
- ( ssl "o.ubikmedia.de" )
- ( serveOwncloud "o.ubikmedia.de" )
+ ( ssl [ "o.ubikmedia.de" ])
+ ( serveOwncloud [ "o.ubikmedia.de" ])
- ( manageCerts [ "ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
+ ( ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
];
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 16a240d7c..7a35ba75b 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -2,37 +2,40 @@
let
inherit (import ../../4lib { inherit lib pkgs; })
- manageCert
+ manageCerts
activateACME
ssl
servePage
- serveOwncloud;
+ serveWordpress;
in {
imports = [
- ( manageCert "biostase.de" )
- ( servePage "biostase.de" )
+ #( manageCerts [ "biostase.de" ])
+ #( servePage [ "biostase.de" ])
- ( manageCert "gs-maubach.de" )
- ( servePage "gs-maubach.de" )
+ #( manageCerts [ "gs-maubach.de" ])
+ #( servePage [ "gs-maubach.de" ])
- ( manageCert "spielwaren-kern.de" )
- ( servePage "spielwaren-kern.de" )
+ #( manageCerts [ "spielwaren-kern.de" ])
+ #( servePage [ "spielwaren-kern.de" ])
- ( manageCert "societyofsimtech.de" )
- ( servePage "societyofsimtech.de" )
+ #( manageCerts [ "societyofsimtech.de" ])
+ #( servePage [ "societyofsimtech.de" ])
- ( manageCert "ttf-kleinaspach.de" )
- ( servePage "ttf-kleinaspach.de" )
+ #( manageCerts [ "ttf-kleinaspach.de" ])
+ #( servePage [ "ttf-kleinaspach.de" ])
- ( manageCert "edsn.de" )
- ( servePage "edsn.de" )
+ #( manageCerts [ "edsn.de" ])
+ #( servePage [ "edsn.de" ])
- ( manageCert "eab.berkeley.edu" )
- ( servePage "eab.berkeley.edu" )
+ #( manageCerts [ "eab.berkeley.edu" ])
+ #( servePage [ "eab.berkeley.edu" ])
- ( manageCert "habsys.de" )
- ( servePage "habsys.de" )
+ ( manageCerts [ "eastuttgart.de" ])
+ ( serveWordpress [ "eastuttgart.de" ])
+
+ ( manageCerts [ "habsys.de" ])
+ ( servePage [ "habsys.de" ])
];
#lass.owncloud = {
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
index 4e3eb071a..858054531 100644
--- a/lass/2configs/websites/wohnprojekt-rhh.de.nix
+++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix
@@ -3,16 +3,13 @@
let
inherit (config.krebs.lib) genid;
inherit (import ../../4lib { inherit lib pkgs; })
- manageCert
- activateACME
ssl
- servePage
- serveOwncloud;
+ servePage;
in {
imports = [
- ( ssl "wohnprojekt-rhh.de" )
- ( servePage "wohnprojekt-rhh.de" )
+ ( ssl [ "wohnprojekt-rhh.de" ])
+ ( servePage [ "wohnprojekt-rhh.de" ])
];
users.users.laura = {
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix
index 22a8c3c6e..7949154a0 100644
--- a/lass/4lib/default.nix
+++ b/lass/4lib/default.nix
@@ -7,31 +7,6 @@ rec {
getDefaultGateway = ip:
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
- manageCert = domain:
- {
- security.acme = {
- certs."${domain}" = {
- email = "lassulus@gmail.com";
- webroot = "/var/lib/acme/challenges/${domain}";
- plugins = [
- "account_key.json"
- "key.pem"
- "fullchain.pem"
- ];
- group = "nginx";
- allowKeysForGroup = true;
- };
- };
-
- krebs.nginx.servers."${domain}" = {
- locations = [
- (nameValuePair "/.well-known/acme-challenge" ''
- root /var/lib/acme/challenges/${domain}/;
- '')
- ];
- };
- };
-
manageCerts = domains:
let
domain = head domains;
@@ -60,11 +35,11 @@ rec {
};
};
- ssl = domain:
+ ssl = domains:
{
imports = [
- ( manageCert domain )
- ( activateACME domain )
+ ( manageCerts domains )
+ ( activateACME (head domains) )
];
};
@@ -79,13 +54,12 @@ rec {
};
};
- servePage = domain:
- {
+ servePage = domains:
+ let
+ domain = head domains;
+ in {
krebs.nginx.servers."${domain}" = {
- server-names = [
- "${domain}"
- "www.${domain}"
- ];
+ server-names = domains;
locations = [
(nameValuePair "/" ''
root /srv/http/${domain};
@@ -94,13 +68,12 @@ rec {
};
};
- serveOwncloud = domain:
- {
+ serveOwncloud = domains:
+ let
+ domain = head domains;
+ in {
krebs.nginx.servers."${domain}" = {
- server-names = [
- "${domain}"
- "www.${domain}"
- ];
+ server-names = domains;
extraConfig = ''
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
From 54ec57b51126991409ef2f77b1652496ffc8560f Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 13 Apr 2016 16:32:55 +0200
Subject: [PATCH 042/135] k 3 l: change ssh port to 45621
---
krebs/3modules/lass/default.nix | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index b4686894e..adca66dad 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -12,6 +12,7 @@ with config.krebs.lib;
aliases = [
"dishfire.internet"
];
+ ssh.port = 45621;
};
retiolum = {
via = internet;
@@ -44,6 +45,7 @@ with config.krebs.lib;
aliases = [
"echelon.internet"
];
+ ssh.port = 45621;
};
retiolum = {
via = internet;
@@ -79,6 +81,7 @@ with config.krebs.lib;
aliases = [
"prism.internet"
];
+ ssh.port = 45621;
};
retiolum = {
via = internet;
@@ -143,6 +146,7 @@ with config.krebs.lib;
aliases = [
"cloudkrebs.internet"
];
+ ssh.port = 45621;
};
retiolum = {
via = internet;
@@ -174,6 +178,7 @@ with config.krebs.lib;
gg23 = {
ip4.addr = "10.23.1.12";
aliases = ["uriel.gg23"];
+ ssh.port = 45621;
};
retiolum = {
ip4.addr = "10.243.81.176";
@@ -205,6 +210,7 @@ with config.krebs.lib;
gg23 = {
ip4.addr = "10.23.1.11";
aliases = ["mors.gg23"];
+ ssh.port = 45621;
};
retiolum = {
ip4.addr = "10.243.0.2";
From c9c10168082f648b2d5c25355f55ab4dce885135 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 13 Apr 2016 16:33:25 +0200
Subject: [PATCH 043/135] l 2 websites fritz: activate mysql & mysqlBackup
---
lass/2configs/websites/fritz.nix | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 7a35ba75b..c022dfbe2 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -38,6 +38,20 @@ in {
( servePage [ "habsys.de" ])
];
+ services.mysql = {
+ enable = true;
+ package = pkgs.mariadb;
+ rootPassword = toString (<secrets/mysql_rootPassword>);
+ };
+
+ services.mysqlBackup = {
+ enable = true;
+ databases = [
+ "eastuttgart_de"
+ ];
+ location = "/bku/sql_dumps";
+ };
+
#lass.owncloud = {
# "o.ubikmedia.de" = {
# instanceid = "oc8n8ddbftgh";
From 6a009982af81f6591ee026c7f866008a17d4d8f8 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 13 Apr 2016 16:34:02 +0200
Subject: [PATCH 044/135] l 4: also serve dotfiles in serveWordpress
---
lass/4lib/default.nix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix
index 7949154a0..30cbced49 100644
--- a/lass/4lib/default.nix
+++ b/lass/4lib/default.nix
@@ -199,9 +199,9 @@ rec {
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
include ${pkgs.nginx}/conf/fastcgi.conf;
'')
- (nameValuePair "~ /\\." ''
- deny all;
- '')
+ #(nameValuePair "~ /\\." ''
+ # deny all;
+ #'')
#Directives to send expires headers and turn off 404 error logging.
(nameValuePair "~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$" ''
access_log off;
From f0863085c7f865069e0d49a99488734abe044c6a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 13 Apr 2016 16:37:26 +0200
Subject: [PATCH 045/135] l 5: add mk_sql_pair
---
lass/5pkgs/default.nix | 1 +
lass/5pkgs/mk_sql_pair/default.nix | 19 +++++++++++++++++++
2 files changed, 20 insertions(+)
create mode 100644 lass/5pkgs/mk_sql_pair/default.nix
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 0c9dd94ca..e113af91f 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -8,6 +8,7 @@
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
};
+ mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
xmonad-lass =
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
diff --git a/lass/5pkgs/mk_sql_pair/default.nix b/lass/5pkgs/mk_sql_pair/default.nix
new file mode 100644
index 000000000..a9f0d2797
--- /dev/null
+++ b/lass/5pkgs/mk_sql_pair/default.nix
@@ -0,0 +1,19 @@
+{ pkgs, ... }:
+
+pkgs.writeScriptBin "mk_sql_pair" ''
+ #!/bin/sh
+
+ name=$1
+ password=$2
+
+ if [ $# -ne 2 ]; then
+ echo '$1=name, $2=password'
+ exit 23;
+ fi
+
+ cat <<EOF
+ create database $name;
+ create user $name;
+ grant all on $name.* to $name@'localhost' identified by '$password';
+ EOF
+''
From 5509ed22635da7c304911e33b552b9c572f966cd Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 13 Apr 2016 16:40:33 +0200
Subject: [PATCH 046/135] l 5: add urban
---
lass/5pkgs/default.nix | 1 +
lass/5pkgs/urban/default.nix | 21 +++++++++++++++++++++
2 files changed, 22 insertions(+)
create mode 100644 lass/5pkgs/urban/default.nix
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index e113af91f..1dacf6c7a 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -10,6 +10,7 @@
};
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
+ urban = pkgs.callPackage ./urban/default.nix {};
xmonad-lass =
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
pkgs.haskellPackages.callPackage src {};
diff --git a/lass/5pkgs/urban/default.nix b/lass/5pkgs/urban/default.nix
new file mode 100644
index 000000000..fb8adaed9
--- /dev/null
+++ b/lass/5pkgs/urban/default.nix
@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+
+pkgs.writeScriptBin "urban" ''
+ #!/bin/sh
+ set -euf
+ term=$1
+ curl -LsS 'http://www.urbandictionary.com/define.php?term='"$term" \
+ | sed 's/<\/\?a\>[^>]*>//g' \
+ | sed 's/<\([^>]*\)>/\n<\1\n/g' \
+ | grep . \
+ | sed -n '/<div class=.meaning./,/<\/div/p' \
+ | sed 's/<div class=.meaning./-----/' \
+ | grep -v '^</div\>' \
+ | grep -v '^<br\>' \
+ | sed '
+ s/"/"/g
+ s/'/'\'''/g
+ s/>/>/g
+ s/</>/g
+ '
+''
From 7cd2fe545b80507c6b5393b6e47f19ed4dfb312f Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 13 Apr 2016 16:47:47 +0200
Subject: [PATCH 047/135] l 1 mors: add some pkgs
---
lass/1systems/mors.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 6e89b2957..bdc9c3242 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -189,6 +189,9 @@
get
teamspeak_client
hashPassword
+ urban
+ mk_sql_pair
+ skype
];
#TODO: fix this shit
From 9717e5a2e0cb5b0bf9fae0ec62423af30ecd2051 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 13 Apr 2016 16:48:00 +0200
Subject: [PATCH 048/135] l 1 dishfire: add mk_sql_pair pkg
---
lass/1systems/dishfire.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index 532ccb29a..4e3b84bd0 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -50,6 +50,11 @@
{
sound.enable = false;
}
+ {
+ environment.systemPackages = with pkgs; [
+ mk_sql_pair
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.dishfire;
From 2e8743934061ecb8019c34ee4b1010238e158bf1 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 13 Apr 2016 16:48:32 +0200
Subject: [PATCH 049/135] l 5 acronym: refactor code
---
lass/5pkgs/acronym/default.nix | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/lass/5pkgs/acronym/default.nix b/lass/5pkgs/acronym/default.nix
index 53d5d015a..9f6f95587 100644
--- a/lass/5pkgs/acronym/default.nix
+++ b/lass/5pkgs/acronym/default.nix
@@ -1,13 +1,16 @@
{ pkgs, ... }:
pkgs.writeScriptBin "acronym" ''
+
#! ${pkgs.bash}/bin/bash
acro=$1
curl -s http://www.acronymfinder.com/$acro.html \
- | grep 'class="result-list__body__rank"' \
- | sed 's/.*title="\([^"]*\)".*/\1/' \
- | sed 's/^.* - //' \
- | sed "s/'/'/g"
+ | grep 'class="result-list__body__rank"' \
+ | sed '
+ s/.*title="\([^"]*\)".*/\1/
+ s/^.* - //
+ s/'/'\'''/g
+ '
''
From 3b2cb2a3f73ad58c489ae854f829d5a4bf723e17 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 15 Apr 2016 14:39:03 +0200
Subject: [PATCH 050/135] l 2: base.nix -> default.nix
---
lass/1systems/cloudkrebs.nix | 2 +-
lass/1systems/dishfire.nix | 2 +-
lass/1systems/echelon.nix | 2 +-
lass/1systems/prism.nix | 2 +-
lass/2configs/baseX.nix | 2 +-
lass/2configs/{base.nix => default.nix} | 0
6 files changed, 5 insertions(+), 5 deletions(-)
rename lass/2configs/{base.nix => default.nix} (100%)
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index 82c172050..1bfb11502 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -8,7 +8,7 @@ in {
imports = [
../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
+ ../2configs/default.nix
../2configs/exim-retiolum.nix
../2configs/retiolum.nix
../2configs/git.nix
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index 4e3b84bd0..dd1d1e541 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -4,7 +4,7 @@
imports = [
../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- ../2configs/base.nix
+ ../2configs/default.nix
../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/websites/fritz.nix
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index e2fa1c5f4..97734a7bd 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -8,7 +8,7 @@ in {
imports = [
../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
+ ../2configs/default.nix
../2configs/exim-retiolum.nix
../2configs/retiolum.nix
../2configs/realwallpaper-server.nix
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index e1743c997..6b674a10f 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -5,7 +5,7 @@ let
in {
imports = [
../.
- ../2configs/base.nix
+ ../2configs/default.nix
../2configs/exim-smarthost.nix
../2configs/downloading.nix
../2configs/git.nix
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 6c52240af..1e28fdccc 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -4,7 +4,7 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
imports = [
- ./base.nix
+ ./default.nix
#./urxvt.nix
./xserver
];
diff --git a/lass/2configs/base.nix b/lass/2configs/default.nix
similarity index 100%
rename from lass/2configs/base.nix
rename to lass/2configs/default.nix
From 49dcb0771e2e0f2592e356e22f9b784b7ec1a158 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 15 Apr 2016 16:15:22 +0200
Subject: [PATCH 051/135] l 1 prism: import privoxy config
---
lass/1systems/prism.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 6b674a10f..233ae564c 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -12,6 +12,7 @@ in {
../2configs/ts3.nix
../2configs/bitlbee.nix
../2configs/weechat.nix
+ ../2configs/privoxy-retiolum.nix
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
From 9a8179c39069a290433add4c8829eceb8a726e98 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 15 Apr 2016 16:16:36 +0200
Subject: [PATCH 052/135] l 1 prism: disable tor client mode
---
lass/1systems/prism.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 233ae564c..3eb208935 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -151,7 +151,6 @@ in {
{
services.tor = {
enable = true;
- client.enable = true;
};
}
];
From 3e59f5fb4c9d110d5f91d60c875ca49a414c2a6f Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 15 Apr 2016 16:19:50 +0200
Subject: [PATCH 053/135] l 2 baseX: add xclip to pkgs
---
lass/2configs/baseX.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 1e28fdccc..79fc4744f 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -39,6 +39,7 @@ in {
push
slock
sxiv
+ xclip
xorg.xbacklight
xsel
zathura
From 22a9fcdf8e9c3fa47e4ba6cbad47f4f5b74b57ed Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 19 Apr 2016 12:05:49 +0200
Subject: [PATCH 054/135] 2 buildbot-standalone: make everything work again
---
lass/2configs/buildbot-standalone.nix | 55 ++++++++++++++++++++-------
1 file changed, 42 insertions(+), 13 deletions(-)
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 8c71553fe..604d0728d 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -1,15 +1,16 @@
{ lib, config, pkgs, ... }:
{
- #networking.firewall.allowedTCPPorts = [ 8010 9989 ];
- krebs.buildbot.master = {
+ krebs.buildbot.master = let
+ stockholm-mirror-url = http://cgit.prism/stockholm ;
+ in {
slaves = {
testslave = "lasspass";
};
change_source.stockholm = ''
- stockholm_repo = 'http://cgit.mors/stockholm'
+ stockholm_repo = '${stockholm-mirror-url}'
cs.append(changes.GitPoller(
stockholm_repo,
- workdir='stockholm-poller', branch='master',
+ workdir='stockholm-poller', branches=True,
project='stockholm',
pollinterval=120))
'';
@@ -20,10 +21,12 @@
builderNames=["fast-tests"]))
'';
fast-tests-scheduler = ''
- # test the master real quick
+ # test everything real quick
sched.append(schedulers.SingleBranchScheduler(
- change_filter=util.ChangeFilter(branch="master"),
- name="fast-master-test",
+ ## all branches
+ change_filter=util.ChangeFilter(branch_re=".*"),
+ # treeStableTimer=10,
+ name="fast-all-branches",
builderNames=["fast-tests"]))
'';
};
@@ -38,7 +41,10 @@
deps = [ "gnumake", "jq","nix","rsync" ]
# TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
- nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
+ nixshell = ["nix-shell",
+ "-I", "stockholm=.",
+ "-I", "nixpkgs=/var/src/nixpkgs",
+ "-p" ] + deps + [ "--run" ]
# prepare addShell function
def addShell(factory,**kwargs):
@@ -48,13 +54,26 @@
fast-tests = ''
f = util.BuildFactory()
f.addStep(grab_repo)
- addShell(f,name="mors-eval",env=env,
- command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"])
+ for i in [ "prism", "mors", "echelon" ]:
+ addShell(f,name="populate-{}".format(i),env=env,
+ command=nixshell + \
+ ["{}( make system={} eval.config.krebs.build.populate \
+ | jq -er .)".format("!" if "failing" in i else "",i)])
+
+ addShell(f,name="build-test-minimal",env=env,
+ command=nixshell + \
+ ["nix-instantiate \
+ --show-trace --eval --strict --json \
+ -I nixos-config=./shared/1systems/test-minimal-deploy.nix \
+ -I secrets=. \
+ -A config.system.build.toplevel"]
+ )
bu.append(util.BuilderConfig(name="fast-tests",
slavenames=slavenames,
factory=f))
- '';
+
+ '';
};
enable = true;
web.enable = true;
@@ -72,7 +91,17 @@
masterhost = "localhost";
username = "testslave";
password = "lasspass";
- packages = with pkgs;[ git nix ];
- extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
+ packages = with pkgs;[ git nix gnumake jq rsync ];
+ extraEnviron = {
+ NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix";
+ };
+ };
+ krebs.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 9989"; target = "ACCEPT"; }
+ ];
+ };
};
}
From 6584cf5b92422c525a60dda5f8381fb10ec763bc Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 19 Apr 2016 12:06:13 +0200
Subject: [PATCH 055/135] l 1 prism: import buildbot-standalone
---
lass/1systems/prism.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 3eb208935..2587a8b6e 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -13,6 +13,7 @@ in {
../2configs/bitlbee.nix
../2configs/weechat.nix
../2configs/privoxy-retiolum.nix
+ ../2configs/buildbot-standalone.nix
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
From 3d7b41fb0bfa8e428bebc58eb42b978d784eed15 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 19 Apr 2016 12:06:50 +0200
Subject: [PATCH 056/135] l 2 exim-smarthost: add aidsballs.de mails
---
lass/2configs/exim-smarthost.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index e1aa29c49..2efb6f367 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -10,6 +10,7 @@ with config.krebs.lib;
];
sender_domains = [
"lassul.us"
+ "aidsballs.de"
];
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
config.krebs.hosts.mors
@@ -22,6 +23,8 @@ with config.krebs.lib;
{ from = "lassulus@lassul.us"; to = lass.mail; }
{ from = "test@lassul.us"; to = lass.mail; }
{ from = "outlook@lassul.us"; to = lass.mail; }
+ { from = "steuer@aidsballs.de"; to = lass.mail; }
+ { from = "lass@aidsballs.de"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
From e1140ef7ea4c644707b24911f779c276a14a268e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 19 Apr 2016 13:22:43 +0200
Subject: [PATCH 057/135] l 1 dishfire: open http[s] ports
---
lass/1systems/dishfire.nix | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index dd1d1e541..b5e551952 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -7,7 +7,6 @@
../2configs/default.nix
../2configs/exim-retiolum.nix
../2configs/git.nix
- ../2configs/websites/fritz.nix
{
boot.loader.grub = {
device = "/dev/vda";
@@ -55,6 +54,15 @@
mk_sql_pair
];
}
+ {
+ imports = [
+ ../2configs/websites/fritz.nix
+ ];
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.dishfire;
From 4ee39c0d71bb6a91bb5c64342ede2f5731c9c1e7 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 19 Apr 2016 13:23:12 +0200
Subject: [PATCH 058/135] l 2 websites fritz: manage more habsys domains
---
lass/2configs/websites/fritz.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index c022dfbe2..0eff39908 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -34,8 +34,8 @@ in {
( manageCerts [ "eastuttgart.de" ])
( serveWordpress [ "eastuttgart.de" ])
- ( manageCerts [ "habsys.de" ])
- ( servePage [ "habsys.de" ])
+ ( manageCerts [ "habsys.de" "habsys.eu" ])
+ ( servePage [ "habsys.de" "habsys.eu" ])
];
services.mysql = {
From 2680064f0d6c14204e5ce3796b18bcde633e5f8e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 19 Apr 2016 13:23:38 +0200
Subject: [PATCH 059/135] l 2: add mail.nix
---
lass/2configs/mail.nix | 88 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 88 insertions(+)
create mode 100644 lass/2configs/mail.nix
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
new file mode 100644
index 000000000..ff4dff090
--- /dev/null
+++ b/lass/2configs/mail.nix
@@ -0,0 +1,88 @@
+{ pkgs, ... }:
+
+let
+
+ msmtprc = pkgs.writeText "msmtprc" ''
+ defaults
+ logfile ~/.msmtp.log
+ account prism
+ host prism.r
+ account default: prism
+ '';
+
+ msmtp = pkgs.writeScriptBin "msmtp" ''
+ ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
+ '';
+
+ muttrc = pkgs.writeText "muttrc" ''
+ # notmuch
+ set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir
+ set nm_record = yes
+ set nm_record_tags = "-inbox me archive"
+ set virtual_spoolfile=yes # enable virtual folders
+ set sendmail="msmtp" # enables parsing of outgoing mail
+ set use_from=yes
+ set envelope_from=yes
+
+ set index_format="%4C %Z %?GI?%GI& ? %[%d/%b] %-16.15F %?M?(%3M)& ? %s %> %?g?%g?"
+
+ virtual-mailboxes \
+ "INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\
+ "Unread" "notmuch://?query=tag:unread"\
+ "TODO" "notmuch://?query=tag:TODO"\
+ "Starred" "notmuch://?query=tag:*"\
+ "Archive" "notmuch://?query=tag:archive"\
+ "Sent" "notmuch://?query=tag:sent"\
+ "Junk" "notmuch://?query=tag:junk"
+
+ tag-transforms "junk" "k" \
+ "unread" "u" \
+ "replied" "↻" \
+ "TODO" "T" \
+
+ # notmuch bindings
+ macro index \\\\ "<vfolder-from-query>" # looks up a hand made query
+ macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
+ macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred
+ macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred
+
+
+ #killed
+ bind index d noop
+ bind pager d noop
+
+ bind pager S noop
+ macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
+ macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
+
+ bind index t noop
+ bind pager t noop
+ macro index t "<modify-labels>+TODO\n" # tag as Archived
+
+
+ # sidebar
+ set sidebar_width = 20
+ set sidebar_visible = yes # set to "no" to disable sidebar view at startup
+ color sidebar_new yellow default
+ # sidebar bindings
+ bind index <left> sidebar-prev # got to previous folder in sidebar
+ bind index <right> sidebar-next # got to next folder in sidebar
+ bind index <space> sidebar-open # open selected folder from sidebar
+ # sidebar toggle
+ macro index ,@) "<enter-command> set sidebar_visible=no; macro index ~ ,@( 'Toggle sidebar'<Enter>"
+ macro index ,@( "<enter-command> set sidebar_visible=yes; macro index ~ ,@) 'Toggle sidebar'<Enter>"
+ macro index ~ ,@( 'Toggle sidebar' # toggle the sidebar
+ '';
+
+ mutt = pkgs.writeScriptBin "mutt" ''
+ ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@
+ '';
+
+in {
+ environment.systemPackages = [
+ msmtp
+ mutt
+ pkgs.much
+ pkgs.notmuch
+ ];
+}
From cafbb3102b53c925734dcc48ac30f87e972ee3f4 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 19 Apr 2016 13:23:49 +0200
Subject: [PATCH 060/135] l 1 mors: import mail.nix
---
lass/1systems/mors.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index bdc9c3242..e0efa4cb3 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -27,6 +27,7 @@
../2configs/libvirt.nix
../2configs/fetchWallpaper.nix
../2configs/cbase.nix
+ ../2configs/mail.nix
#../2configs/buildbot-standalone.nix
{
#risk of rain port
From b5f18ab839432b07a88ee34e0e98dc343a50e854 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 19 Apr 2016 13:37:23 +0200
Subject: [PATCH 061/135] l 2 mail: use exec and writeDashBin
---
lass/2configs/mail.nix | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index ff4dff090..e29b6d9b2 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -10,8 +10,8 @@ let
account default: prism
'';
- msmtp = pkgs.writeScriptBin "msmtp" ''
- ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
+ msmtp = pkgs.writeDashBin "msmtp" ''
+ exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
'';
muttrc = pkgs.writeText "muttrc" ''
@@ -74,8 +74,8 @@ let
macro index ~ ,@( 'Toggle sidebar' # toggle the sidebar
'';
- mutt = pkgs.writeScriptBin "mutt" ''
- ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@
+ mutt = pkgs.writeDashBin "mutt" ''
+ exec ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@
'';
in {
From 99d6704398ad24bb42b0dc0a9ca12620caa0220a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 19 Apr 2016 15:44:34 +0200
Subject: [PATCH 062/135] l 1 prism: override nixpkgs for buildbot
---
lass/1systems/prism.nix | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 2587a8b6e..4c0b4e690 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -13,7 +13,16 @@ in {
../2configs/bitlbee.nix
../2configs/weechat.nix
../2configs/privoxy-retiolum.nix
- ../2configs/buildbot-standalone.nix
+ {
+ #we need to use old sqlite for buildbot
+ imports = [
+ ../2configs/buildbot-standalone.nix
+ ];
+ krebs.build.source.nixpkgs = lib.mkForce {
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "0d05f172b27e94d9eea3257f42d7e03371e63acc";
+ };
+ }
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
From 2f99d1f4b7bbc2b6d5f45467d897a65d84f61428 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 19 Apr 2016 16:20:17 +0200
Subject: [PATCH 063/135] k 3 l: update pgp key
---
krebs/3modules/lass/default.pgp | 95 ++++++++++++++++-----------------
1 file changed, 47 insertions(+), 48 deletions(-)
diff --git a/krebs/3modules/lass/default.pgp b/krebs/3modules/lass/default.pgp
index 38e2fa8df..6d985f0e2 100644
--- a/krebs/3modules/lass/default.pgp
+++ b/krebs/3modules/lass/default.pgp
@@ -1,52 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
-mQINBFSZ3/oBEADYvRPoLdDkASIArXyWR5ccugJQURxMDgphAGrvj6qskSkn0chF
-gnc/kcQr4aVTaDFdonSyHjYvspDOZm5BgHAICCu1PL8rkMTGS+vHM5dlwnok6IKy
-e2aLjLPq5sHyp4+Zeq1eHe5TQ1cgN0cPdMMnEHd8GQke21pRQ5Vz79s8qRfWlt1Y
-+OQ5uY/52iZ9qJ11/N4bPPe/Zm63sRTpGw14i8UCgBAsMQOG1XPUX2/IJc1CC9+1
-Ohn/hPCbIdCbwOs7/HFFMRWmV6w4ul9gr7Js0owkWAS8FNOactS2i2SSwdONetKs
-UbCVQ1PubPBZvh2Vij/oUBK5BvfNDR6nRYhOjYbt6PW/Q6bjqGecjnlO98dpcqag
-+8bdl1JY9FpE4RzfuRgAFjVbtNztrmm9t6EuOHGZ5ec34TG9+i02ixh0YTEDK/Yt
-my2MfIbGUbeIYRKJscqgxKkL6nv4x0lOvs8nDiUmqztGdSdTGni+BAWZz3+1xaJH
-DTyQ36qYauBb5FWneRTBeagrDOAvvk/WxS+fMFZpnQovevOQBqxEL62fntikmMFn
-ddPgq7R1VPdivvr+BO8yMI8i45Vn9EzIJR02WAp7oAsT966yzopVT4JLT8++CVPh
-/VBrFID9yRyWjW5IJPsMsOt7z3UJaP08ua0UG4uVqo6dT6IdR8jKKxYdvwARAQAB
-tCBsYXNzdWx1cyA8bGFzc3VsdXNAYWlkc2JhbGxzLmRlPokCPQQTAQoAJwUCVJnf
-+gIbAwUJBaOagAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAyqvthRFEnnviI
-D/95QdNgttsly9CUeHKGfNGlJ2NgDepqob/VR2385q7cXCbFftRIsD0vaWYfsQ87
-kbKs3fpeHz8teKqZtMnXYkPIaSK0TcoaqQtyfkmj+agP2YRSkNYonlmmCiCWkodP
-2VnnmRUSwHcgxS14xsUHh13JXsU5nTHDAdJqOxUX6l6Lxb989h7Q8wTn5SX1XRVd
-0U5P7fNXKvVF34J6uGyWraxQLOqJEEzi82F/61hbI6zVPhxu/R+qmiSqgHIlp0ax
-u+8u3eyDVP1q95AMPaL1GsNYDcSl5njbkEbruSmjVcO99cD1ZLAODFJuaa+h/IvQ
-HoPnFL3hRo0SHt/RimokboJL7nx5jT/0y+FtGuPMVKUqiLApOfoeWeHWVKgMLV/0
-1+O4jEDRMNSIClI2YHdgyuQPBuHkaYXrrpDpJnYDEz2qAiijx+xIAPzifxebuVFV
-NQl/XnXlzTmYrt0GHfCrNZa/ZtsqQqnJSRpydjey+ATGgs+3Oqa6z8lHhYx83ST2
-cGsUmSnzk0TnxXmqwWxb3aGA0kO50atrObWwNXud7n3hu4V0FWwfHXUk8gJxtMN6
-IenjLcI0WyLwSKvTazF6GSgtUhwNgON88eiqLS8CWdop4CEyEUfxFoZeQoS72Yzq
-4pSOYPnbRDcBn2zkYaWyCTmf9qvWbZOu0Sl2lfy9n5LiKrkCDQRUmd/6ARAAq+Mt
-/9LohA9Qnz/GjE504h38G3USXgEV9/ctr2PXkc2onW67u45trLSYLyCK6kDq3VIN
-/3uLt8Pr+IL41NntW1exRtqohVeKI38CCqR5RP9tVxLkyxnpA/SPpSvOjWhyBkph
-MRXYta1+nBHwxSaPcc2e+15pk/cYgg0cTY7Nvgo+wL4bgI+b2OHwwIwRov/t4aim
-0y63OaCG82NqWrX7i2ONaR8RsZ8RHLnC+TyFaoj0mdp+vp4WFwxbqcIq+Vvn1m5j
-gPlkzXK4Yrykp2IULGuj+qZyS043FzZYhbxZoE85zIMtQ5gV/ktaP25+YsU1bwb9
-75FQvdMM827bbOJJ67/l96asQNg1TMzosL8/t9xLPDry4YYu8kRIPZgKWvT0Eg1Q
-AWzWJCXplTdPlhj660OCGuuyv/XJIbhqtBVZhIyR7gs6EZHZ6FHax7F41fEWGgSv
-WVAMrjrnG4XYAyCP1yiW1i7/ogCzKXYvV42tzBFuPcza6jhBnU17w5E7nwYaEWgA
-02Ai7aTK9WDAi8j8emQ8XppU9hqEILSvR5tG4R0YOAUbIUplIpnpf8KcEhNy48ei
-MuhiTJBjPyu7bRJoZXvipNPjqhESGlvrcr1QKuEqPLRcfLo3DOt3zgxBqOZZGHKL
-ckaud05wevMPK09F7taLgwBCHOmAxiMa5NQVjL8AEQEAAYkCJQQYAQoADwUCVJnf
-+gIbDAUJBaOagAAKCRAyqvthRFEnngGYD/wP77ax6yczKT/AHEvqyMMRPigLHIHy
-XIWt8uNKwbn1RTXuH9Nj1rtVuj7ck4jscNwmDYeT52ZDxHQjLHWgAG0CBq6afdBi
-VwLur6M7jv0EwY/SMed+QD1+a59kiO8+difwLDF+Q50lYQ4fmSGsfdQ4Qxesm92r
-Y1Q/xFg1K9MNZbItpzYTE4P+ii4kU5BnWwExX2OEhhlrNUjJhA30HvvUID6bsguq
-Jl7mWnGpS5YYqPxiABNI++TzYXQvP95nWGROvdx2vSPuJ756S8VJ81LL7BmQyQzq
-8S/ciHjmgtgLRyncqqXl1uJBqtK+50vEFHxJrANdDNzD+K4S7+23DpRsmEl/2ECQ
-laGsU6HtYbnr+hc1alE4uNMEN1/a75EFI59BISnUm8jIy1nLhcIXMhFh4JuG7kGk
-2ePa4Gv2DafMR8N0WYPIhP3LIIDP0s9gv2QSA+5BmI9OhZDkz9Ubuut1+PMfWCXm
-aNmF2Bh8puTffsFxGJSiQ4CXDzuNRqMR5wB0OCnB/WAnuZhRAJhXmgR8FJY+EvTN
-PcA1QZIZ0hQGVf8eJ5Gx4W1w2Q6mQCGnCy1XtEkZP0BOP0Or5CMtqP/VSuwaF4wh
-4FLYTOLZ7oDr2ErK/bhnpuoPoUU0y3n7AG/nhtmqenlMPLWB246XnEoJMb6Ar8vW
-It6jrzDh3+COSQ==
-=0gFT
+mQINBFcWQhEBEADwt+hHRZxZx05USejn4x5LVWqqg5I2nIzjwI8pVyBra2AmXaMA
+SAImFk1W6oM35rwYmez6TG8QC7RPRUrMHX2aAdDwJ/VtU/b87q0ICwlMxYUnikg1
+tsHV4kRB7ukm+Rs0ECMqZzjwdlbiEEfQ6VPUrIBzDHeD0idkC82DonZ6xe083klH
+LpO36ckBOtyaoZZspzRu5yB76vsbeviVqsQ9WTQ8GoQk1i6FUbTbtOlvjhtx05Rk
+ic66RrfFSM/ElLe5yA96kZd7m/Sn9WIRwRj3clxnT1vAVpMlpISsTutEQtuG3MDX
+tT3EPVSSZEEcY1xxlJF+u1JZu4QqqtH+nczjshv+z3HZdmGd7OGqmgI8D3Ly/Ufi
+Uyz+ewZbhbgy/XSHqwriUbnMuE9OKxx0LqlQLA59+/icT+upW4TexiHKd6PYeSeJ
+kCxUEAmzqxsnilmwbehQrmmhI7uzxT8YxNGjF5mRJ1zOY55praTMKlp3MOxKvVPn
+EZSyWm/22CuUZZEX0XR6TBgkL71VoGrlaezADzhHu9i5yBwbNCuiE2CYcS5IuDf+
+GkoKGtWeLbXTXccWOaIItSzlVUcJx3D009kTXeLEo2T1RPpz41LMvqWkUlZg4CA1
+zMAcudsXDtXGJEvS3dZAaiUUdASktzNL/ltuW/CXITJ0V7UjmA0pOyLDOQARAQAB
+tBlsYXNzdWx1cyA8bGFzc0BsYXNzdWwudXM+iQI3BBMBCAAhBQJXFkIRAhsDBQsJ
+CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEInoKVKXan5NFVsP/RfU4dychz5eadnN
+/iCybL2eXCkpNbSJaPVqKKmBqY4oDEqK0NekwgOiWXFuFI6BpNyTW5z1a2PaBgF2
+bG5K/k/aGnzUUqH+LhtMCYr90UjJPtsrgi+C5poL4e2EsPN1SASSOSYFtYY1EQCe
+NcYut2foM/PjviJKuS9t/kJxmZn8Vi3+qQKSwys219IQuXqos44aihjnwEL+TR6D
+MgcDCW2QSCqB5kfksjustSihDck8ZkT+nISTrSdZVPzROcyBeswN/UqjOUBZd1p1
+sO7SqDaBnzovRD3G4kyscepPWChnOFCIq9tuE2Mai2QliQ4q1Bn0+8uhLPLG+nQI
+leL/6pFXY9ecjmpqrSAXEysDUgfpiqJzDtv8WC3fY7wl88/ROiHrgF8x5P4PmUMl
+oTfe+BGQar6BNV3rStPsW6Ogm6Mu6WNVXCRIJboM+ev3JdVSGF/ehnmb06EGCIrI
+ahWbMViDSAjOvM92By/RJkP8ADCN2ezvdf86Ubyib5EyRoleu0WHvtO1mLQn0pIP
+cYCGXrnQlkduC7ENS942hLUq976LPH1ZatM26gaN1MKxN03v+6e9E6jtxUH3wWk1
+oDGddTl+zu4fqUxEAA391sPMhp+DTVxXmPKvpnJivKAsL2Hkg0vKQt6VQNEv2Lgm
+G8vdqOcapWLBcddR9d0DpFgkZNQCuQINBFcWQhEBEADgv6HfZQyxuiFpHQbt59s4
+7mA4AmzgjA1GiS73xo16qjwLieKPJWlrgPk4OOwqQpdygZ9LAhH+FIqcGo4wCNKL
+1qiMQeQcFOACvLOfxpv8F1TkOc9IbQUoMPxXEYRK/c0ZtaWpe8dy4QL3tDwS/ovk
+sCZBpvXdpJXDuccfTQ23UPozWKs21JAIKqbO7p5n86VGr0Co07xmBsxOK6ylK8YM
+ftBjugfbxfmFApW2lAsjeDe7J5RY6W5NaeMg/IxTy6wkfoz1UjwtQaRvp1XbWqPz
+Ib+mx8AeRQQXzuVKxS20ZVgazSZHg1PYu9PoKTIWK0NLd68CydcQ4q6F3PjNytFH
+tDM13q5kWmTU0yFy2OWvy4JAq2z02C+Z+/+nffp0ZfsdEeVNm5ZvlDLmOYMWFzDj
+OScYgBYIAvAs3pYV+xl6pxvdTyI3JXed7Q889e36TC3mwUIR4sL+oOfctA7Swzkr
+aU8uMCwIE6ppGsxIcXQt15sUjgM5THXzAQXVkbM8i1x9F0JjP7bFMWcIP1pmqcaO
+6znM2D/wocY+RO3xYj0GLFgRBW2O/pJUWrWHInpO3mrwZeRMGZix5nZH8U6cvfD5
+9SwIVdyKj6sZklcS2JJclBDrAudYUbckAuV7KI1ZWcU4kVS3joYdWcFQO3vOxJW5
+mGXML9roJXeXN664iNBgpQARAQABiQIfBBgBCAAJBQJXFkIRAhsMAAoJEInoKVKX
+an5NGhcP/jkeR/fYPYuYEUWLGBxq2hFhwMssiJ+pwx5Nj+Kh9rLm90LBLCcwBVu0
+ILbaePkPCmin8p9F+AOy11DsWb5lBrlyUqU6+ID9nY/WbNL5ZYl6zIBmuYQ5qFEA
+n5NQD6hLllC6wyOqIeKXrnkvFJMW8+W0aYRQh7hhpAzyJz9gawXWvWY45NhWl3Tm
+S3LfJbA5nM6uZvO0VU7LERgfwTgPSjMwYVQGtktndy9N4Avi1N02l5BEmuZoXwTC
+oQuW6LiAPGE2ztXztyNGnUYUAGMWl22UTezqfU/aOG9Qum+QebwTgBUH4pTgLiV/
+pWxXib517wGkect/0Yd+zcya8lA7x1EzFFMb3i4ToawIz76I2ncIlpC2q31x2nVI
+6fBW4kfu8AR7XW9Yyv+plIuva1AeTf+sMc7FSb5CpOmjjLpUfQ96vZvQwarcEip7
+UmOBoAoFdhtwJotskBOje52AUgDIBWZrIfH1bq7/NjAO73UdR1mJkOpY01qQXkED
+TiLeIBGYqseCbnJNi1PVOVNEOT4Up3/RSjpAu8dBrXKqx7yS8bKlVk3RsIDlgyb4
+rWMc88uBl57YsjSnQN36LN7j0hPpb0TAD1OsPI1pepsKUAPZKA2EAyLXKyQ3oLqN
+DWU4ZWpIi8+RKm3UpWgQ9qN4tuRHvVX/AQjEW1LkhfmR2VIqnrkv
+=fgFG
-----END PGP PUBLIC KEY BLOCK-----
From 90f8f75a2c751efc57679d3c79d77c016062a7d7 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 19 Apr 2016 16:57:56 +0200
Subject: [PATCH 064/135] l 2 mail: add gpg stuff
---
lass/2configs/mail.nix | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index e29b6d9b2..3c7dfcaf6 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -15,6 +15,13 @@ let
'';
muttrc = pkgs.writeText "muttrc" ''
+ # gpg
+ source ${pkgs.mutt-kz}/share/doc/mutt-kz/samples/gpg.rc
+ set pgp_use_gpg_agent = yes
+ set pgp_sign_as = 0x976A7E4D
+ set crypt_autosign = yes
+ set crypt_replyencrypt = yes
+
# notmuch
set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir
set nm_record = yes
From b8aee5d8f5c325f7b3b01201aadbe048aa2e5bda Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 20 Apr 2016 13:58:10 +0200
Subject: [PATCH 065/135] l 2 default: add iftop to pkgs
---
lass/2configs/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 8c6078ba5..2f6ffa18e 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -104,6 +104,7 @@ with config.krebs.lib;
#network
iptables
+ iftop
#stuff for dl
aria2
From 18775d670660df408bb8310daa8b507b3b1a3f87 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 20 Apr 2016 13:59:22 +0200
Subject: [PATCH 066/135] l 3: add mysql-backup
---
lass/3modules/default.nix | 4 +-
lass/3modules/mysql-backup.nix | 86 ++++++++++++++++++++++++++++++++++
2 files changed, 88 insertions(+), 2 deletions(-)
create mode 100644 lass/3modules/mysql-backup.nix
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index f891498c2..71e39d874 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -1,11 +1,11 @@
_:
{
imports = [
- ./xresources.nix
./folderPerms.nix
+ ./mysql-backup.nix
./per-user.nix
./urxvtd.nix
- ./xresources.nix
./wordpress_nginx.nix
+ ./xresources.nix
];
}
diff --git a/lass/3modules/mysql-backup.nix b/lass/3modules/mysql-backup.nix
new file mode 100644
index 000000000..d2ae67171
--- /dev/null
+++ b/lass/3modules/mysql-backup.nix
@@ -0,0 +1,86 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ cfg = config.lass.mysqlBackup;
+
+ out = {
+ options.lass.mysqlBackup = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "mysqlBackup";
+ config = mkOption {
+ type = with types; attrsOf (submodule ({ config, ... }: {
+ options = {
+ name = mkOption {
+ type = types.str;
+ default = config._module.args.name;
+ };
+ startAt = mkOption {
+ type = with types; nullOr str; # TODO systemd.time(7)'s calendar event
+ default = "*-*-* 01:15:00";
+ };
+ user = mkOption {
+ type = str;
+ default = "root";
+ };
+ password = mkOption {
+ type = nullOr str;
+ default = null;
+ description = ''
+ path to a file containing the mysqlPassword for the specified user.
+ '';
+ };
+ databases = mkOption {
+ type = listOf str;
+ default = [];
+ };
+ location = mkOption {
+ type = str;
+ default = "/bku/sql_dumps";
+ };
+ };
+ }));
+ description = "configuration for mysqlBackup";
+ };
+ };
+
+ imp = {
+
+ #systemd.timers =
+ # mapAttrs (_: plan: {
+ # wantedBy = [ "timers.target" ];
+ # timerConfig = plan.timerConfig;
+ #}) cfg.config;
+
+ systemd.services =
+ mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" {
+ path = with pkgs; [
+ mysql
+ gzip
+ ];
+ serviceConfig = rec {
+ ExecStart = start plan;
+ SyslogIdentifier = ExecStart.name;
+ Type = "oneshot";
+ User = plan.user;
+ };
+ startAt = plan.startAt;
+ }) cfg.config;
+ };
+
+
+ start = plan: let
+ backupScript = plan: db:
+ "mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz";
+
+ in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" ''
+ ${concatMapStringsSep "\n" (backupScript plan) plan.databases}
+ '';
+
+
+in out
From 20d4383d1f0ed484e402478d92da24d4aed44285 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 20 Apr 2016 13:59:49 +0200
Subject: [PATCH 067/135] l 2 websites: use lass.mysqlBackup
---
lass/2configs/websites/domsen.nix | 10 ++++++++++
lass/2configs/websites/fritz.nix | 18 +++++++-----------
2 files changed, 17 insertions(+), 11 deletions(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index caaee96bb..a6fdad645 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -38,6 +38,16 @@ in {
rootPassword = toString (<secrets/mysql_rootPassword>);
};
+ lass.mysqlBackup = {
+ enable = true;
+ config.domsen = {
+ password = toString (<secrets/mysql_rootPassword>);
+ databases = [
+ "ubikmedia_de"
+ "o_ubikmedia_de"
+ ];
+ };
+ };
services.mysqlBackup = {
enable = true;
databases = [
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 0eff39908..b02c2e878 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -44,12 +44,14 @@ in {
rootPassword = toString (<secrets/mysql_rootPassword>);
};
- services.mysqlBackup = {
+ lass.mysqlBackup = {
enable = true;
- databases = [
- "eastuttgart_de"
- ];
- location = "/bku/sql_dumps";
+ config.fritz = {
+ password = toString (<secrets/mysql_rootPassword>);
+ databases = [
+ "eastuttgart_de"
+ ];
+ };
};
#lass.owncloud = {
@@ -57,10 +59,4 @@ in {
# instanceid = "oc8n8ddbftgh";
# };
#};
-
- #services.mysql = {
- # enable = true;
- # package = pkgs.mariadb;
- # rootPassword = toString (<secrets/mysql_rootPassword>);
- #};
}
From f0291b0f6001f9bf050b1fd4ba0001f46d2911e4 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 20 Apr 2016 16:36:29 +0200
Subject: [PATCH 068/135] l 2: add krebs-pass
---
lass/2configs/krebs-pass.nix | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
create mode 100644 lass/2configs/krebs-pass.nix
diff --git a/lass/2configs/krebs-pass.nix b/lass/2configs/krebs-pass.nix
new file mode 100644
index 000000000..a605bc84b
--- /dev/null
+++ b/lass/2configs/krebs-pass.nix
@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+
+let
+
+ #TODO: tab-completion
+ krebs-pass = pkgs.writeDashBin "krebs-pass" ''
+ PASSWORD_STORE_DIR=$HOME/.krebs-pass \
+ exec ${pkgs.pass}/bin/pass $@
+ '';
+
+ krebs-passmenu = pkgs.writeDashBin "krebs-passmenu" ''
+ PASSWORD_STORE_DIR=$HOME/.krebs-pass \
+ exec ${pkgs.pass}/bin/passmenu $@
+ '';
+
+in {
+ krebs.per-user.lass.packages = [
+ krebs-pass
+ krebs-passmenu
+ ];
+}
From d4cb24edb28d4662b98a7f1dc4bf4ed8b4e89f23 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 20 Apr 2016 16:45:15 +0200
Subject: [PATCH 069/135] l 1 mors: add krebs-pass
---
lass/1systems/mors.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index e0efa4cb3..39225abf5 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -28,6 +28,7 @@
../2configs/fetchWallpaper.nix
../2configs/cbase.nix
../2configs/mail.nix
+ ../2configs/krebs-pass.nix
#../2configs/buildbot-standalone.nix
{
#risk of rain port
From 99b8bfeaec5f3d70148354f128568e15be249b9d Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 25 Apr 2016 15:25:04 +0200
Subject: [PATCH 070/135] l: use i3lock instead of slock
---
lass/2configs/xserver/default.nix | 5 +----
lass/5pkgs/xmonad-lass/Main.hs | 2 +-
2 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index 30afd787e..fbae9741f 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -40,10 +40,6 @@ let
};
};
- security.setuidPrograms = [
- "slock"
- ];
-
systemd.services.display-manager.enable = false;
services.xserver.enable = true;
@@ -96,6 +92,7 @@ let
set -efu
export PATH; PATH=${makeSearchPath "bin" ([
pkgs.rxvt_unicode
+ pkgs.i3lock
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
settle() {(
# Use PATH for a clean journal
diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs
index 503df3be7..4c267359c 100644
--- a/lass/5pkgs/xmonad-lass/Main.hs
+++ b/lass/5pkgs/xmonad-lass/Main.hs
@@ -119,7 +119,7 @@ displaySomeException = displayException
myKeyMap =
- [ ("M4-<F11>", spawn "/var/setuid-wrappers/slock")
+ [ ("M4-<F11>", spawn "i3lock -i /tmp/wallpaper.png -f")
, ("M4-p", spawn "passmenu --type")
--, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"")
, ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
From c53e97a0240c566aa73b257d9e59c0dffa224a68 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 25 Apr 2016 15:25:47 +0200
Subject: [PATCH 071/135] l: clean up xmonad config
---
lass/2configs/xserver/default.nix | 7 +-
lass/5pkgs/xmonad-lass/Main.hs | 148 ++++++------------
.../xmonad-lass/Util/PerWorkspaceConfig.hs | 52 ------
3 files changed, 46 insertions(+), 161 deletions(-)
delete mode 100644 lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index fbae9741f..5b89da093 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -78,12 +78,7 @@ let
# XXX JSON is close enough :)
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
- "cr"
- "gm"
- "ff"
- "IM"
- "mail"
- "stockholm"
+ "dashboard"
]);
};
diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs
index 4c267359c..577dc6fe6 100644
--- a/lass/5pkgs/xmonad-lass/Main.hs
+++ b/lass/5pkgs/xmonad-lass/Main.hs
@@ -5,48 +5,31 @@
module Main where
-
-import Control.Exception
-import Text.Read (readEither)
import XMonad
-import System.IO (hPutStrLn, stderr)
-import System.Environment (getArgs, withArgs, getEnv, getEnvironment)
-import System.Posix.Process (executeFile)
-import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
- , removeEmptyWorkspace)
-import XMonad.Actions.GridSelect
-import XMonad.Actions.CycleWS (toggleWS)
---import XMonad.Actions.CopyWindow ( copy )
-import XMonad.Layout.NoBorders ( smartBorders )
+
import qualified XMonad.StackSet as W
-import Data.Map (Map)
-import qualified Data.Map as Map
--- TODO import XMonad.Layout.WorkspaceDir
-import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
--- import XMonad.Layout.Tabbed
---import XMonad.Layout.MouseResizableTile
-import XMonad.Layout.Reflect (reflectVert)
-import XMonad.Layout.FixedColumn (FixedColumn(..))
-import XMonad.Hooks.Place (placeHook, smart)
-import XMonad.Hooks.FloatNext (floatNextHook)
-import XMonad.Actions.PerWorkspaceKeys (chooseAction)
-import XMonad.Layout.PerWorkspace (onWorkspace)
---import XMonad.Layout.BinarySpacePartition
-import XMonad.Util.EZConfig (additionalKeysP)
-
-import XMonad.Prompt (autoComplete, defaultXPConfig, XPConfig, mkXPrompt)
-import XMonad.Hooks.UrgencyHook (focusUrgent, withUrgencyHook, urgencyBorderColor, BorderUrgencyHook(BorderUrgencyHook))
-import XMonad.Actions.DynamicWorkspaces (addWorkspacePrompt, removeEmptyWorkspace, renameWorkspace, withWorkspace)
-import XMonad.Hooks.FloatNext (floatNext, floatNextHook)
-import XMonad.Prompt.Workspace
+import Control.Exception
+import Data.List (isInfixOf)
+import System.Environment (getArgs, withArgs, getEnv)
+import System.IO (hPutStrLn, stderr)
+import Text.Read (readEither)
import XMonad.Actions.CopyWindow (copy, kill1)
-import qualified Data.Map as M
-import XMonad.Hooks.ManageDocks (avoidStruts, manageDocks, ToggleStruts(ToggleStruts))
-
---import XMonad.Actions.Submap
-import XMonad.Stockholm.Pager
-import XMonad.Stockholm.Rhombus
-import XMonad.Stockholm.Shutdown
+import XMonad.Actions.CycleWS (toggleWS)
+import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
+import XMonad.Actions.DynamicWorkspaces (withWorkspace)
+import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
+import XMonad.Hooks.FloatNext (floatNext)
+import XMonad.Hooks.FloatNext (floatNextHook)
+import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
+import XMonad.Hooks.Place (placeHook, smart)
+import XMonad.Hooks.UrgencyHook (focusUrgent)
+import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
+import XMonad.Layout.FixedColumn (FixedColumn(..))
+import XMonad.Layout.NoBorders ( smartBorders )
+import XMonad.Prompt (autoComplete, searchPredicate, XPConfig)
+import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
+import XMonad.Stockholm.Shutdown (sendShutdownEvent, handleShutdownEvent)
+import XMonad.Util.EZConfig (additionalKeysP)
myTerm :: String
@@ -67,18 +50,12 @@ mainNoArgs :: IO ()
mainNoArgs = do
workspaces0 <- getWorkspaces0
xmonad'
- -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
- -- urgencyConfig { remindWhen = Every 1 }
- -- $ withUrgencyHook borderUrgencyHook "magenta"
- -- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never }
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def
{ terminal = myTerm
, modMask = mod4Mask
, workspaces = workspaces0
, layoutHook = smartBorders $ myLayoutHook
- -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
- --, handleEventHook = handleTimerEvent
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
, startupHook = spawn "echo emit XMonadStartup"
, normalBorderColor = "#1c1c1c"
@@ -118,19 +95,19 @@ displaySomeException :: SomeException -> String
displaySomeException = displayException
+myKeyMap :: [([Char], X ())]
myKeyMap =
[ ("M4-<F11>", spawn "i3lock -i /tmp/wallpaper.png -f")
, ("M4-p", spawn "passmenu --type")
- --, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"")
, ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
, ("<XF86AudioLowerVolume>", spawn "pactl -- set-sink-volume 0 -4%")
, ("<XF86AudioMute>", spawn "pactl -- set-sink-mute 0 toggle")
, ("<XF86AudioMicMute>", spawn "pactl -- set-source-mute 1 toggle")
- , ("<XF86Launch1>", gridselectWorkspace myWSConfig W.view)
+ , ("<XF86Launch1>", gridselectWorkspace gridConfig W.view)
, ("M4-a", focusUrgent)
- , ("M4-S-r", renameWorkspace defaultXPConfig)
- , ("M4-S-a", addWorkspacePrompt defaultXPConfig)
+ , ("M4-S-r", renameWorkspace def)
+ , ("M4-S-a", addWorkspacePrompt def)
, ("M4-S-<Backspace>", removeEmptyWorkspace)
, ("M4-S-c", kill1)
, ("M4-<Esc>", toggleWS)
@@ -139,66 +116,31 @@ myKeyMap =
, ("M4-f", floatNext True)
, ("M4-b", sendMessage ToggleStruts)
- , ("M4-v", withWorkspace myXPConfig (windows . W.view))
- , ("M4-S-v", withWorkspace myXPConfig (windows . W.shift))
- , ("M4-C-v", withWorkspace myXPConfig (windows . copy))
+ , ("M4-v", withWorkspace autoXPConfig (windows . W.view))
+ , ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift))
+ , ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
- -- , (_4 , xK_q ) & \k -> (k, goToSelected myCNConfig { gs_navigate = makeGSNav k } )
- -- , (_4S, xK_q ) & \k -> (k, bringSelected myCNConfig { gs_navigate = makeGSNav k } )
- -- , (_4C, xK_q ) & \k -> (k, withSelectedWindow ( \a -> get >>= \s -> put s { windowset = copyWindow a (W.tag $ W.workspace $ W.current $ windowset s) (windowset s) } ) myCNConfig { gs_navigate = makeGSNav k } )
+ , ("M4-q", windowPromptGoto infixAutoXPConfig)
+ , ("M4-C-q", windowPromptBringCopy infixAutoXPConfig)
- --, ("M4-<F1>", perWorkspaceAction workspaceConfigs)
, ("M4-S-q", return ())
]
-myGSConfig = defaultGSConfig
- { gs_cellheight = 50
+autoXPConfig :: XPConfig
+autoXPConfig = def
+ { autoComplete = Just 5000
+ }
+
+infixAutoXPConfig :: XPConfig
+infixAutoXPConfig = autoXPConfig
+ { searchPredicate = isInfixOf
+ }
+
+gridConfig :: GSConfig WorkspaceId
+gridConfig = def
+ { gs_cellwidth = 50
+ , gs_cellheight = 50
, gs_cellpadding = 2
, gs_navigate = navNSearch
, gs_font = myFont
}
-
-myXPConfig :: XPConfig
-myXPConfig = defaultXPConfig
- { autoComplete = Just 5000
- }
-
-myWSConfig = myGSConfig
- { gs_cellwidth = 50
- }
-
-pagerConfig :: PagerConfig
-pagerConfig = def
- { pc_font = myFont
- , pc_cellwidth = 64
- --, pc_cellheight = 36 -- TODO automatically keep screen aspect
- --, pc_borderwidth = 1
- --, pc_matchcolor = "#f0b000"
- , pc_matchmethod = MatchPrefix
- --, pc_colors = pagerWorkspaceColors
- , pc_windowColors = windowColors
- }
- where
- windowColors _ _ _ True _ = ("#ef4242","#ff2323")
- windowColors wsf m c u wf = do
- let y = defaultWindowColors wsf m c u wf
- if m == False && wf == True
- then ("#402020", snd y)
- else y
-
-wGSConfig :: GSConfig Window
-wGSConfig = def
- { gs_cellheight = 20
- , gs_cellwidth = 192
- , gs_cellpadding = 5
- , gs_font = myFont
- , gs_navigate = navNSearch
- }
-
-�
-(&) :: a -> (a -> c) -> c
-(&) = flip ($)
-
-allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
-allWorkspaceNames ws =
- return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]
diff --git a/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs b/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs
deleted file mode 100644
index bba7c8c60..000000000
--- a/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs
+++ /dev/null
@@ -1,52 +0,0 @@
-module Util.PerWorkspaceConfig
- ( WorkspaceConfig (..)
- , WorkspaceConfigs
- , switchToWorkspace
- , defaultWorkspaceConfig
- , perWorkspaceAction
- , perWorkspaceTermAction
--- , myLayoutHack
- )
-where
-
-import XMonad
-import XMonad.Core (LayoutClass)
-import Control.Monad (when)
-
-import qualified Data.Map as M
-import qualified XMonad.StackSet as W
-
-data WorkspaceConfig l =
- WorkspaceConfig
- { switchAction :: X ()
- , startAction :: X ()
- , keyAction :: X ()
- , termAction :: X ()
- }
-
-type WorkspaceConfigs l = M.Map WorkspaceId (WorkspaceConfig l)
-
-defaultWorkspaceConfig = WorkspaceConfig
- { switchAction = return ()
- , startAction = return ()
- , keyAction = return ()
- , termAction = spawn "urxvtc"
- }
-
-whenLookup wsId cfg a =
- when (M.member wsId cfg) (a $ cfg M.! wsId)
-
-switchToWorkspace :: WorkspaceConfigs l -> WorkspaceId -> X ()
-switchToWorkspace cfg wsId = do
- windows $ W.greedyView wsId
- wins <- gets (W.integrate' . W.stack . W.workspace . W.current . windowset)
- when (null wins) $ whenLookup wsId cfg startAction
- whenLookup wsId cfg switchAction
-
-perWorkspaceAction :: WorkspaceConfigs l -> X ()
-perWorkspaceAction cfg = withWindowSet $ \s -> whenLookup (W.currentTag s) cfg keyAction
-
-perWorkspaceTermAction :: WorkspaceConfigs l -> X ()
-perWorkspaceTermAction cfg = withWindowSet $ \s -> case M.lookup (W.currentTag s) cfg of
- Just x -> termAction x
- _ -> termAction defaultWorkspaceConfig
From 55e6a59afc94136d994e8041390d4ce2fb2ac9df Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 25 Apr 2016 16:31:08 +0200
Subject: [PATCH 072/135] l 5 xmonad-lass: add minimize windows
---
lass/5pkgs/xmonad-lass/Main.hs | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs
index 577dc6fe6..fe39da4f0 100644
--- a/lass/5pkgs/xmonad-lass/Main.hs
+++ b/lass/5pkgs/xmonad-lass/Main.hs
@@ -25,7 +25,9 @@ import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.UrgencyHook (focusUrgent)
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
import XMonad.Layout.FixedColumn (FixedColumn(..))
+import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
import XMonad.Layout.NoBorders ( smartBorders )
+import XMonad.Operations (withFocused)
import XMonad.Prompt (autoComplete, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
import XMonad.Stockholm.Shutdown (sendShutdownEvent, handleShutdownEvent)
@@ -65,7 +67,7 @@ mainNoArgs = do
myLayoutHook = defLayout
where
- defLayout = (avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1
+ defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1)
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
@@ -120,6 +122,9 @@ myKeyMap =
, ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift))
, ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
+ , ("M4-m", withFocused minimizeWindow)
+ , ("M4-S-m", sendMessage RestoreNextMinimizedWin)
+
, ("M4-q", windowPromptGoto infixAutoXPConfig)
, ("M4-C-q", windowPromptBringCopy infixAutoXPConfig)
From 42b649ddfc0cd24078a8da334e15e8184dddc491 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 25 Apr 2016 16:31:37 +0200
Subject: [PATCH 073/135] l 5 xmonad-lass: show xmonad state on resume
---
lass/5pkgs/xmonad-lass/Main.hs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs
index fe39da4f0..2415b9d83 100644
--- a/lass/5pkgs/xmonad-lass/Main.hs
+++ b/lass/5pkgs/xmonad-lass/Main.hs
@@ -75,7 +75,7 @@ xmonad' conf = do
path <- getEnv "XMONAD_STATE"
try (readFile path) >>= \case
Right content -> do
- hPutStrLn stderr ("resuming from " ++ path)
+ hPutStrLn stderr ("resuming from " ++ path ++ "; state = " ++ show content)
withArgs ("--resume" : lines content) (xmonad conf)
Left e -> do
hPutStrLn stderr (displaySomeException e)
From 842970689be67f4ee8f830ede48aa701b2b17402 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 25 Apr 2016 17:04:09 +0200
Subject: [PATCH 074/135] l 2 backups: backup prism bitlbee
---
lass/2configs/backups.nix | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix
index ca9ff20a1..81dd14ebd 100644
--- a/lass/2configs/backups.nix
+++ b/lass/2configs/backups.nix
@@ -47,6 +47,18 @@ with config.krebs.lib;
dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-sql"; };
startAt = "03:25";
};
+ prism-bitlbee-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; };
+ startAt = "03:25";
+ };
+ prism-bitlbee-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-bitlbee"; };
+ startAt = "03:25";
+ };
prism-chat-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
From 0266f17bdd9f197234465143de5e558cb6990556 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 25 Apr 2016 17:24:54 +0200
Subject: [PATCH 075/135] l 5 xmonad-lass: style & warnings
---
lass/5pkgs/xmonad-lass/Main.hs | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs
index 2415b9d83..1385be33c 100644
--- a/lass/5pkgs/xmonad-lass/Main.hs
+++ b/lass/5pkgs/xmonad-lass/Main.hs
@@ -26,8 +26,7 @@ import XMonad.Hooks.UrgencyHook (focusUrgent)
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
-import XMonad.Layout.NoBorders ( smartBorders )
-import XMonad.Operations (withFocused)
+import XMonad.Layout.NoBorders (smartBorders)
import XMonad.Prompt (autoComplete, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
import XMonad.Stockholm.Shutdown (sendShutdownEvent, handleShutdownEvent)
From a8dc3819fe4946d3e998bb4e048ef166ccf40e08 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 25 Apr 2016 17:37:06 +0200
Subject: [PATCH 076/135] l 2 websites fritz: enable ssl
---
lass/2configs/websites/fritz.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index b02c2e878..632aa1e89 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -31,10 +31,10 @@ in {
#( manageCerts [ "eab.berkeley.edu" ])
#( servePage [ "eab.berkeley.edu" ])
- ( manageCerts [ "eastuttgart.de" ])
+ ( ssl [ "eastuttgart.de" ])
( serveWordpress [ "eastuttgart.de" ])
- ( manageCerts [ "habsys.de" "habsys.eu" ])
+ ( ssl [ "habsys.de" "habsys.eu" ])
( servePage [ "habsys.de" "habsys.eu" ])
];
From e2683844b48cfc1c2e37bc5c3cb116d6782eb593 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 25 Apr 2016 17:57:32 +0200
Subject: [PATCH 077/135] l 5 xmonad-lass: use wallpaper from /var/lib/..
---
lass/5pkgs/xmonad-lass/Main.hs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs
index 1385be33c..277034240 100644
--- a/lass/5pkgs/xmonad-lass/Main.hs
+++ b/lass/5pkgs/xmonad-lass/Main.hs
@@ -98,7 +98,7 @@ displaySomeException = displayException
myKeyMap :: [([Char], X ())]
myKeyMap =
- [ ("M4-<F11>", spawn "i3lock -i /tmp/wallpaper.png -f")
+ [ ("M4-<F11>", spawn "i3lock -i /var/lib/wallpaper/wallpaper -f")
, ("M4-p", spawn "passmenu --type")
, ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
, ("<XF86AudioLowerVolume>", spawn "pactl -- set-sink-volume 0 -4%")
From 558eede973a0c14e93daa695e2d9a595091d14e4 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 27 Apr 2016 01:31:26 +0200
Subject: [PATCH 078/135] k 3 fetchWallpaper: use writeDash
---
krebs/3modules/fetchWallpaper.nix | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index 53fe0839d..e6bb06a95 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -40,9 +40,7 @@ let
};
};
- fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" ''
- #! ${pkgs.bash}/bin/bash
-
+ fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
mkdir -p ${shell.escape cfg.stateDir}
curl -s -o ${shell.escape cfg.stateDir}/wallpaper -z ${shell.escape cfg.stateDir}/wallpaper ${shell.escape cfg.url}
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
From 64f493ccbf31f824d0c60821546644d6e0b3d842 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 27 Apr 2016 12:45:08 +0200
Subject: [PATCH 079/135] l 2 pass: install pass only for lass
---
lass/2configs/pass.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix
index 610887621..5bd2f2f7f 100644
--- a/lass/2configs/pass.nix
+++ b/lass/2configs/pass.nix
@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
- environment.systemPackages = with pkgs; [
+ krebs.per-user.lass.packages = with pkgs; [
pass
gnupg1
];
From 2067d4efe941439d8ead5a452b20e96905bea020 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 27 Apr 2016 12:47:31 +0200
Subject: [PATCH 080/135] l 1 helios: mount /bku
---
lass/1systems/helios.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index 0c7c0d8e3..2437d4c6d 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -53,6 +53,11 @@ with builtins;
"/boot" = {
device = "/dev/sda1";
};
+
+ "/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
};
#services.udev.extraRules = ''
From 85a8e38057d3b9aaa2efb8eb39f2360a066bf898 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 27 Apr 2016 12:47:53 +0200
Subject: [PATCH 081/135] l 2 backups: add helios backup plans
---
lass/2configs/backups.nix | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix
index 81dd14ebd..7d3046d43 100644
--- a/lass/2configs/backups.nix
+++ b/lass/2configs/backups.nix
@@ -107,5 +107,29 @@ with config.krebs.lib;
dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; };
startAt = "05:00";
};
+ dishfire-http-helios = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-http"; };
+ startAt = "12:00";
+ };
+ dishfire-sql-helios = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-sql"; };
+ startAt = "12:15";
+ };
+ prism-sql-helios = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.helios; path = "/bku/prism-sql_dumps"; };
+ startAt = "12:30";
+ };
+ prism-http-helios = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.helios; path = "/bku/prism-http"; };
+ startAt = "12:45";
+ };
};
}
From e5a82d2a2bf7f21f88c06c6e01647cddb92e063e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 27 Apr 2016 12:48:50 +0200
Subject: [PATCH 082/135] l 1 helios: import fetchWallpaper
---
lass/1systems/helios.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index 2437d4c6d..97f03870c 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -10,6 +10,7 @@ with builtins;
../2configs/programs.nix
../2configs/git.nix
../2configs/pass.nix
+ ../2configs/fetchWallpaper.nix
#{
# users.extraUsers = {
# root = {
From ee438ee8b638feb286d229f0df3fb7592afddde6 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 27 Apr 2016 12:49:21 +0200
Subject: [PATCH 083/135] l 1 helios: import backups
---
lass/1systems/helios.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index 97f03870c..bc210c995 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -11,6 +11,7 @@ with builtins;
../2configs/git.nix
../2configs/pass.nix
../2configs/fetchWallpaper.nix
+ ../2configs/backups.nix
#{
# users.extraUsers = {
# root = {
From 6e85a853cbbf0179e24ef13b19fa409779b4fb77 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 27 Apr 2016 12:49:47 +0200
Subject: [PATCH 084/135] l 2 websites fritz: activate new domains
---
lass/2configs/websites/fritz.nix | 37 ++++++++++++++------------------
1 file changed, 16 insertions(+), 21 deletions(-)
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 632aa1e89..e35615040 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -10,26 +10,23 @@ let
in {
imports = [
- #( manageCerts [ "biostase.de" ])
- #( servePage [ "biostase.de" ])
+ ( manageCerts [ "biostase.de" "www.biostase.de" ])
+ #( serveWordpress [ "biostase.de" "www.biostase.de" ])
- #( manageCerts [ "gs-maubach.de" ])
- #( servePage [ "gs-maubach.de" ])
+ ( manageCerts [ "radical-dreamers.de" ])
+ ( serveWordpress [ "radical-dreamers.de" ])
- #( manageCerts [ "spielwaren-kern.de" ])
- #( servePage [ "spielwaren-kern.de" ])
+ ( manageCerts [ "gs-maubach.de" ])
+ ( serveWordpress [ "gs-maubach.de" ])
- #( manageCerts [ "societyofsimtech.de" ])
- #( servePage [ "societyofsimtech.de" ])
+ ( manageCerts [ "spielwaren-kern.de" ])
+ ( serveWordpress [ "spielwaren-kern.de" ])
- #( manageCerts [ "ttf-kleinaspach.de" ])
- #( servePage [ "ttf-kleinaspach.de" ])
+ ( manageCerts [ "familienpraxis-korntal.de" ])
+ ( servePage [ "familienpraxis-korntal.de" ])
- #( manageCerts [ "edsn.de" ])
- #( servePage [ "edsn.de" ])
-
- #( manageCerts [ "eab.berkeley.edu" ])
- #( servePage [ "eab.berkeley.edu" ])
+ ( manageCerts [ "ttf-kleinaspach.de" ])
+ ( serveWordpress [ "ttf-kleinaspach.de" ])
( ssl [ "eastuttgart.de" ])
( serveWordpress [ "eastuttgart.de" ])
@@ -49,14 +46,12 @@ in {
config.fritz = {
password = toString (<secrets/mysql_rootPassword>);
databases = [
+ "biostase_de"
"eastuttgart_de"
+ "radical_dreamers_de"
+ "spielwaren_kern_de"
+ "ttf_kleinaspach_de"
];
};
};
-
- #lass.owncloud = {
- # "o.ubikmedia.de" = {
- # instanceid = "oc8n8ddbftgh";
- # };
- #};
}
From 468be84c69e0b0fcdfd9388ef67f3f352b0c2e0d Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 27 Apr 2016 12:51:07 +0200
Subject: [PATCH 085/135] l 2 xserver: add pulseaudioLight to pkgs
---
lass/2configs/xserver/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index 5b89da093..2252e3e4e 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -88,6 +88,7 @@ let
export PATH; PATH=${makeSearchPath "bin" ([
pkgs.rxvt_unicode
pkgs.i3lock
+ pkgs.pulseaudioLight
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
settle() {(
# Use PATH for a clean journal
From 1cc4fb02187f51dd0bec89bf53b8d88e6bae8ebe Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 27 Apr 2016 12:51:47 +0200
Subject: [PATCH 086/135] l: add brightness controls to xmonad
---
lass/2configs/xserver/default.nix | 1 +
lass/5pkgs/xmonad-lass/Main.hs | 2 ++
2 files changed, 3 insertions(+)
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index 2252e3e4e..e775a575d 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -89,6 +89,7 @@ let
pkgs.rxvt_unicode
pkgs.i3lock
pkgs.pulseaudioLight
+ pkgs.xorg.xbacklight
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
settle() {(
# Use PATH for a clean journal
diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs
index 277034240..3b9f22c18 100644
--- a/lass/5pkgs/xmonad-lass/Main.hs
+++ b/lass/5pkgs/xmonad-lass/Main.hs
@@ -105,6 +105,8 @@ myKeyMap =
, ("<XF86AudioMute>", spawn "pactl -- set-sink-mute 0 toggle")
, ("<XF86AudioMicMute>", spawn "pactl -- set-source-mute 1 toggle")
, ("<XF86Launch1>", gridselectWorkspace gridConfig W.view)
+ , ("<XF86MonBrightnessUp>", spawn "xbacklight -steps 1 -time 1 -inc 3")
+ , ("<XF86MonBrightnessDown>", spawn "xbacklight -steps 1 -time 1 -dec 3")
, ("M4-a", focusUrgent)
, ("M4-S-r", renameWorkspace def)
From 4b389a3569a14a6a81f4b22d72e676843408b29e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 27 Apr 2016 12:52:16 +0200
Subject: [PATCH 087/135] l 5 mk_sql_pair: fix indent
---
lass/5pkgs/mk_sql_pair/default.nix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lass/5pkgs/mk_sql_pair/default.nix b/lass/5pkgs/mk_sql_pair/default.nix
index a9f0d2797..738a8daf6 100644
--- a/lass/5pkgs/mk_sql_pair/default.nix
+++ b/lass/5pkgs/mk_sql_pair/default.nix
@@ -12,8 +12,8 @@ pkgs.writeScriptBin "mk_sql_pair" ''
fi
cat <<EOF
- create database $name;
- create user $name;
- grant all on $name.* to $name@'localhost' identified by '$password';
+ create database $name;
+ create user $name;
+ grant all on $name.* to $name@'localhost' identified by '$password';
EOF
''
From 14ff4fdd21346e8ebcf93dabed76b4b9a50b09b0 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 27 Apr 2016 12:53:06 +0200
Subject: [PATCH 088/135] l 5 xmonad-lass: remove unused code
---
lass/5pkgs/xmonad-lass/Main.hs | 3 ---
1 file changed, 3 deletions(-)
diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs
index 3b9f22c18..ddf7b4e6e 100644
--- a/lass/5pkgs/xmonad-lass/Main.hs
+++ b/lass/5pkgs/xmonad-lass/Main.hs
@@ -36,9 +36,6 @@ import XMonad.Util.EZConfig (additionalKeysP)
myTerm :: String
myTerm = "urxvtc"
-myRootTerm :: String
-myRootTerm = "urxvtc -name root-urxvt -e su -"
-
myFont :: String
myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
From 8014c485507bcf32c52ffe179b25b6b45e705afd Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 27 Apr 2016 12:53:59 +0200
Subject: [PATCH 089/135] l 5 xmonad-lass: change GridSelect size
---
lass/5pkgs/xmonad-lass/Main.hs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs
index ddf7b4e6e..d7c66bf4d 100644
--- a/lass/5pkgs/xmonad-lass/Main.hs
+++ b/lass/5pkgs/xmonad-lass/Main.hs
@@ -141,8 +141,8 @@ infixAutoXPConfig = autoXPConfig
gridConfig :: GSConfig WorkspaceId
gridConfig = def
- { gs_cellwidth = 50
- , gs_cellheight = 50
+ { gs_cellwidth = 100
+ , gs_cellheight = 30
, gs_cellpadding = 2
, gs_navigate = navNSearch
, gs_font = myFont
From d811a50f7cc7c491a4ed2748161d308c848e3875 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 27 Apr 2016 13:07:32 +0200
Subject: [PATCH 090/135] l 2 exim-*: remove redundant setuid code
---
lass/2configs/exim-retiolum.nix | 4 ----
lass/2configs/exim-smarthost.nix | 5 -----
2 files changed, 9 deletions(-)
diff --git a/lass/2configs/exim-retiolum.nix b/lass/2configs/exim-retiolum.nix
index ea2f553b8..c07b6c15a 100644
--- a/lass/2configs/exim-retiolum.nix
+++ b/lass/2configs/exim-retiolum.nix
@@ -4,10 +4,6 @@ with config.krebs.lib;
{
krebs.exim-retiolum.enable = true;
- krebs.setuid.sendmail = {
- filename = "${pkgs.exim}/bin/exim";
- mode = "4111";
- };
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
];
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 2efb6f367..384e22366 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -42,11 +42,6 @@ with config.krebs.lib;
{ from = "root"; to = "lass"; }
];
};
-
- krebs.setuid.sendmail = {
- filename = "${pkgs.exim}/bin/exim";
- mode = "4111";
- };
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
];
From 9feebcc90271ef765e4d381026038187a0edd3b7 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 28 Apr 2016 21:33:24 +0200
Subject: [PATCH 091/135] l 2 xserver: sleep in xmonad-stop
---
lass/2configs/xserver/default.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index e775a575d..474181c0f 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -108,7 +108,8 @@ let
xmonad-stop = pkgs.writeScriptBin "xmonad-stop" ''
#! /bin/sh
- exec ${pkgs.xmonad-lass}/bin/xmonad --shutdown
+ ${pkgs.xmonad-lass}/bin/xmonad --shutdown
+ ${pkgs.coreutils}/bin/sleep 2s
'';
xserver-environment = {
From d22a4a59641e26895711ff1795e6c1a7495ed6ff Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 28 Apr 2016 21:39:56 +0200
Subject: [PATCH 092/135] l 2 xserver: restart xmonad on change again
---
lass/2configs/xserver/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index 474181c0f..980c922fd 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -48,7 +48,7 @@ let
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = xmonad-environment;
- restartIfChanged = false;
+ restartIfChanged = true;
serviceConfig = {
ExecStart = "${xmonad-start}/bin/xmonad";
ExecStop = "${xmonad-stop}/bin/xmonad-stop";
From d73ad6b0547c23155e6168fba54ef01c1ff9f4fc Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 28 Apr 2016 22:55:18 +0200
Subject: [PATCH 093/135] l 2: add mpv.nix (with delete.lua)
---
lass/2configs/mpv.nix | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
create mode 100644 lass/2configs/mpv.nix
diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix
new file mode 100644
index 000000000..71f1409e0
--- /dev/null
+++ b/lass/2configs/mpv.nix
@@ -0,0 +1,30 @@
+{ pkgs, ... }:
+
+let
+
+ mpv-config = pkgs.writeText "mpv-config" ''
+ script=${deleteCurrentFile}
+ '';
+ mpv = pkgs.writeDashBin "mpv" ''
+ exec ${pkgs.mpv}/bin/mpv --no-config --include=${mpv-config} $@
+ '';
+
+ deleteCurrentFile = pkgs.writeText "delete.lua" ''
+ deleted_tmp = "./.graveyard"
+
+ -- Delete the current track by moving it to the `deleted_tmp` location.
+ function delete_current_track()
+ track = mp.get_property("path")
+ os.execute("mkdir -p '" .. deleted_tmp .. "'")
+ os.execute("mv '" .. track .. "' '" .. deleted_tmp .. "'")
+ print("'" .. track .. "' deleted.")
+ end
+
+ mp.add_key_binding("D", "delete_current_track", delete_current_track)
+ '';
+
+in {
+ krebs.per-user.lass.packages = [
+ mpv
+ ];
+}
From db78aedf799868d81c987546d0163fdf9f871061 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 28 Apr 2016 22:56:02 +0200
Subject: [PATCH 094/135] l 2: use mpv.nix instead of systemWide mpv
---
lass/2configs/baseX.nix | 2 +-
lass/2configs/programs.nix | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 79fc4744f..0a30f84c0 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -7,6 +7,7 @@ in {
./default.nix
#./urxvt.nix
./xserver
+ ./mpv.nix
];
users.extraUsers.mainUser.extraGroups = [ "audio" ];
@@ -44,7 +45,6 @@ in {
xsel
zathura
- mpv
mpv-poll
yt-next
#window manager stuff
diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix
index e4840383f..6cf23deaf 100644
--- a/lass/2configs/programs.nix
+++ b/lass/2configs/programs.nix
@@ -8,7 +8,6 @@
htop
i3lock
mosh
- mpv
pass
pavucontrol
pv
From 413901423926eda89ed5d908d20b421b367996c5 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 4 May 2016 17:17:48 +0200
Subject: [PATCH 095/135] l: lass.per-user -> krebs.per-user
---
lass/2configs/browsers.nix | 4 +--
lass/3modules/default.nix | 1 -
lass/3modules/per-user.nix | 53 --------------------------------------
3 files changed, 2 insertions(+), 56 deletions(-)
delete mode 100644 lass/3modules/per-user.nix
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 47a16d4cb..9e9d15ec4 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -14,7 +14,7 @@ let
useDefaultShell = true;
createHome = true;
};
- lass.per-user.${name}.packages = packages;
+ krebs.per-user.${name}.packages = packages;
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
@@ -35,7 +35,7 @@ let
useDefaultShell = true;
createHome = true;
};
- lass.per-user.${name}.packages = packages;
+ krebs.per-user.${name}.packages = packages;
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 71e39d874..40f18336e 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -3,7 +3,6 @@ _:
imports = [
./folderPerms.nix
./mysql-backup.nix
- ./per-user.nix
./urxvtd.nix
./wordpress_nginx.nix
./xresources.nix
diff --git a/lass/3modules/per-user.nix b/lass/3modules/per-user.nix
deleted file mode 100644
index f8d357ce2..000000000
--- a/lass/3modules/per-user.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-let
- cfg = config.lass.per-user;
-
- out = {
- options.lass.per-user = api;
- config = imp;
- };
-
- api = mkOption {
- type = with types; attrsOf (submodule {
- options = {
- packages = mkOption {
- type = listOf path;
- default = [];
- };
- };
- });
- default = {};
- };
-
- imp = {
- #
- # TODO only shellInit and use well-known paths
- #
- environment.shellInit = ''
- if test -e ${user-profiles}/"$LOGNAME"; then
- . ${user-profiles}/"$LOGNAME"
- fi
- '';
- environment.interactiveShellInit = ''
- if test -e ${user-profiles}/"$LOGNAME"; then
- . ${user-profiles}/"$LOGNAME"
- fi
- '';
- environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
- };
-
- user-profiles = pkgs.runCommand "user-profiles" {} ''
- mkdir $out
- ${concatStrings (mapAttrsToList (logname: { packages, ... }: ''
- cat > $out/${logname} <<\EOF
- ${optionalString (length packages > 0) (
- let path = makeSearchPath "bin" packages; in
- ''export PATH="$PATH":${escapeShellArg path}''
- )}
- EOF
- '') cfg)}
- '';
-
-in out
From e4aea49d657a20f8ce4b2c29ade0d0336231699b Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 4 May 2016 17:19:57 +0200
Subject: [PATCH 096/135] l 1 mors: remove skype from pkgs
---
lass/1systems/mors.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 39225abf5..e12c8321f 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -193,7 +193,6 @@
hashPassword
urban
mk_sql_pair
- skype
];
#TODO: fix this shit
From 22627e6ce73a03fcb909da532bc0ce982d350ad2 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 4 May 2016 17:20:15 +0200
Subject: [PATCH 097/135] l 2 default: add psmisc to pkgs
---
lass/2configs/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 2f6ffa18e..c03e966d5 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -111,6 +111,7 @@ with config.krebs.lib;
#neat utils
krebspaste
+ psmisc
#unpack stuff
p7zip
From 4d5dadc8e53f8060e13605c5a93658052d8c2378 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 4 May 2016 17:21:09 +0200
Subject: [PATCH 098/135] l 2 mpv: refactor, add "mark as good" key
---
lass/2configs/mpv.nix | 27 +++++++++++++++++++++++----
1 file changed, 23 insertions(+), 4 deletions(-)
diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix
index 71f1409e0..ff5698e4e 100644
--- a/lass/2configs/mpv.nix
+++ b/lass/2configs/mpv.nix
@@ -1,15 +1,34 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
let
mpv-config = pkgs.writeText "mpv-config" ''
- script=${deleteCurrentFile}
+ script=${lib.concatStringsSep "," [
+ good
+ delete
+ ]}
'';
mpv = pkgs.writeDashBin "mpv" ''
- exec ${pkgs.mpv}/bin/mpv --no-config --include=${mpv-config} $@
+ exec ${pkgs.mpv}/bin/mpv --no-config --include=${mpv-config} "$@"
'';
- deleteCurrentFile = pkgs.writeText "delete.lua" ''
+ moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
+ tmp_dir = "${dir}"
+
+ function move_current_track_${key}()
+ track = mp.get_property("path")
+ os.execute("mkdir -p '" .. tmp_dir .. "'")
+ os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
+ print("moved '" .. track .. "' to " .. tmp_dir)
+ end
+
+ mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
+ '';
+
+ good = moveToDir "G" "./.good";
+ delete = moveToDir "D" "./.graveyard";
+
+ deleteCurrentTrack = pkgs.writeText "delete.lua" ''
deleted_tmp = "./.graveyard"
-- Delete the current track by moving it to the `deleted_tmp` location.
From ba5ea161f24a66f957c541abfe419bee3aea9982 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 9 May 2016 11:14:34 +0200
Subject: [PATCH 099/135] k 3 l: update echelon ip
---
krebs/3modules/lass/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index adca66dad..d36f35bd6 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -41,7 +41,7 @@ with config.krebs.lib;
cores = 2;
nets = rec {
internet = {
- ip4.addr = "162.252.241.33";
+ ip4.addr = "104.167.115.184";
aliases = [
"echelon.internet"
];
From 640886ed7f2ffd932948b74edd388ace7a4efe66 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 9 May 2016 11:15:02 +0200
Subject: [PATCH 100/135] l 1 cloudkrebs: import privoxy-retiolum
---
lass/1systems/cloudkrebs.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index 1bfb11502..5aa35f5a7 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -13,6 +13,7 @@ in {
../2configs/retiolum.nix
../2configs/git.nix
../2configs/realwallpaper.nix
+ ../2configs/privoxy-retiolum.nix
{
networking.interfaces.enp2s1.ip4 = [
{
From 3df6f0f98f120c991a18fbe2b906c64bc528366b Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 May 2016 00:20:26 +0200
Subject: [PATCH 101/135] l 2 exim-smarthost: redir wordpress.ubikmedia.de
---
lass/2configs/exim-smarthost.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 384e22366..84a57205b 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -25,6 +25,7 @@ with config.krebs.lib;
{ from = "outlook@lassul.us"; to = lass.mail; }
{ from = "steuer@aidsballs.de"; to = lass.mail; }
{ from = "lass@aidsballs.de"; to = lass.mail; }
+ { from = "wordpress@ubikmedia.de"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
From d4b67a1fed34a1256de1930598a0f6be42e89df1 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 May 2016 00:22:22 +0200
Subject: [PATCH 102/135] l 2 websites domsen: use msmtp as sendmail
---
lass/2configs/websites/domsen.nix | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index a6fdad645..001e339a4 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -1,7 +1,10 @@
{ config, pkgs, lib, ... }:
let
- inherit (config.krebs.lib) genid;
+ inherit (config.krebs.lib)
+ genid
+ readFile
+ ;
inherit (import ../../4lib { inherit lib pkgs; })
manageCert
manageCerts
@@ -11,6 +14,16 @@ let
serveOwncloud
serveWordpress;
+ msmtprc = pkgs.writeText "msmtprc" ''
+ account prism
+ host localhost
+ account default: prism
+ '';
+
+ sendmail = pkgs.writeDash "msmtp" ''
+ exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
+ '';
+
in {
imports = [
( ssl [ "reich-gebaeudereinigung.de" ])
@@ -66,13 +79,10 @@ in {
createHome = true;
};
- services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
- options = ''
- extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
- '';
- } ''
- cat ${pkgs.php}/etc/php-recommended.ini > $out
- echo "$options" >> $out
+ services.phpfpm.phpIni = pkgs.writeText "php.ini" ''
+ ${readFile "${pkgs.php}/etc/php-recommended.ini"}
+ extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ sendmail_path = ${sendmail} -t
'';
}
From abf23d13053c9c28b4081c37385a7c863c0187d2 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 17 May 2016 11:46:09 +0200
Subject: [PATCH 103/135] k 3 l: update echelon ip
---
krebs/3modules/lass/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index d36f35bd6..d88261a82 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -41,7 +41,7 @@ with config.krebs.lib;
cores = 2;
nets = rec {
internet = {
- ip4.addr = "104.167.115.184";
+ ip4.addr = "104.233.79.118";
aliases = [
"echelon.internet"
];
From 1f3840bedc2ec40be704bbbff9acb615784b967f Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 17 May 2016 11:46:32 +0200
Subject: [PATCH 104/135] l 1 cloudkrebs: serve realwallpaper
---
lass/1systems/cloudkrebs.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index 5aa35f5a7..a3cc9d7b3 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -13,6 +13,7 @@ in {
../2configs/retiolum.nix
../2configs/git.nix
../2configs/realwallpaper.nix
+ ../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix
{
networking.interfaces.enp2s1.ip4 = [
From 0faab43d096053b455b7cb03518d47088ab98acf Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 17 May 2016 11:47:07 +0200
Subject: [PATCH 105/135] l 1 helios: add /home lv
---
lass/1systems/helios.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index bc210c995..10b00de47 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -56,6 +56,11 @@ with builtins;
device = "/dev/sda1";
};
+ "/home" = {
+ device = "/dev/pool/home";
+ fsType = "ext4";
+ };
+
"/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
From 163ee84e61333d7c376b54dc5498c65e8b287a30 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 17 May 2016 11:47:56 +0200
Subject: [PATCH 106/135] l 2 fetchWallpaper: get wallpaper from cloudkrebs
---
lass/2configs/fetchWallpaper.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index 9c27706cb..f3b65e816 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -5,7 +5,7 @@ let
in {
krebs.fetchWallpaper = {
enable = true;
- url = "echelon/wallpaper.png";
+ url = "cloudkrebs/wallpaper.png";
};
}
From 127507ccc702bc04140d2585bc01bdb38b7b026d Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 19 May 2016 21:11:16 +0200
Subject: [PATCH 107/135] k 3 l: add shodan
---
krebs/3modules/lass/default.nix | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index d88261a82..dddbe881b 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -263,6 +263,33 @@ with config.krebs.lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7";
};
+ shodan = {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.4";
+ ip6.addr = "42:0:0:0:0:0:0:50d4";
+ aliases = [
+ "shodan.retiolum"
+ "shodan.r"
+ "cgit.shodan.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT
+ YYZgM2lBkYcDN3/LdGaFFKrQQSGiF90oXA2wFqPuIfycx+1+TENGCzF8pExwbTd7
+ ROSVnISbghXYDgr3TqkjpPmnM+piFKymMDBGhxWuy1bw1AUfvRzhQwPAvtjB4VvF
+ 7AVN/Z9dAZ/LLmYfYq7fL8V7PzQNvR+f5DP6+Eubx0xCuyuo63bWuGgp3pqKupx4
+ xsixtMQPuqMBvOUo0SBCCPa9a+6I8dSwqAmKWM5BhmNlNCRDi37mH/m96av7SIiZ
+ V29hwypVnmLoJEFiDzPMCdiH9wJNpHuHuQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
+ };
};
users = {
From 88e53970c12594d79cc4e617e5ecd99f27067ece Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 19 May 2016 21:16:45 +0200
Subject: [PATCH 108/135] k 3 per-user: use new symlinkJoin interface
---
krebs/3modules/per-user.nix | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix
index 13da5c4c3..93a7d2293 100644
--- a/krebs/3modules/per-user.nix
+++ b/krebs/3modules/per-user.nix
@@ -26,7 +26,10 @@ let
environment = {
etc = flip mapAttrs' cfg (name: { packages, ... }: {
name = "per-user/${name}";
- value.source = pkgs.symlinkJoin "per-user.${name}" packages;
+ value.source = pkgs.symlinkJoin {
+ name = "per-user.${name}";
+ paths = packages;
+ };
});
profiles = ["/etc/per-user/$LOGNAME"];
};
From 7fdef91d42eecafd57d2f2bc207e6519cc77f941 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 19 May 2016 21:19:17 +0200
Subject: [PATCH 109/135] l 2 xserver: add urxvt to lass' pkgs
---
lass/2configs/xserver/default.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index 980c922fd..ee7440c95 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -40,6 +40,10 @@ let
};
};
+ krebs.per-user.lass.packages = [
+ pkgs.rxvt_unicode_with-plugins
+ ];
+
systemd.services.display-manager.enable = false;
services.xserver.enable = true;
From b047ba85232ca330834bc43dd91f33abb7c6ef4e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 19 May 2016 21:20:31 +0200
Subject: [PATCH 110/135] l 2 xserver: use pkgs.xorg.xorgserver.out
---
lass/2configs/xserver/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index ee7440c95..80c947a7b 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -127,7 +127,7 @@ let
xserver = pkgs.writeScriptBin "xserver" ''
#! /bin/sh
set -efu
- exec ${pkgs.xorg.xorgserver}/bin/X \
+ exec ${pkgs.xorg.xorgserver.out}/bin/X \
:${toString config.services.xserver.display} \
vt${toString config.services.xserver.tty} \
-config ${import ./xserver.conf.nix args} \
From 98ea195b12870042326f76b2182f64a65eb7e978 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 19 May 2016 23:04:22 +0200
Subject: [PATCH 111/135] l 2 vim: remove unused vim plugins
---
lass/2configs/vim.nix | 5 -----
1 file changed, 5 deletions(-)
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index b40227c61..8295d9d49 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -147,13 +147,8 @@ in {
vimrcConfig.vam.pluginDictionaries = [
{ names = [
"brogrammer"
- "commentary"
- "extradite"
"file-line"
- "fugitive"
"Gundo"
- "mustang2"
- "unimpaired"
]; }
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
];
From f46b3153c0c85883c9b3a98291f6d440f83bd717 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 19 May 2016 23:55:29 +0200
Subject: [PATCH 112/135] symlinkJoin: compat
---
krebs/5pkgs/default.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index bcc894b2c..2f9049516 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -36,6 +36,11 @@ with config.krebs.lib;
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
+ # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
+ symlinkJoin = { name, paths, ... }@args: let
+ x = pkgs.symlinkJoin args;
+ in if typeOf x != "lambda" then x else pkgs.symlinkJoin name paths;
+
test = {
infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};
};
From 83fd4722516b6179ead9e6dcac4a42c5dd2ab296 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 20 May 2016 00:01:28 +0200
Subject: [PATCH 113/135] buildbot sqlalclchemy_migrate_0_7: disable check
---
krebs/5pkgs/default.nix | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index 2f9049516..c96e71538 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -36,6 +36,14 @@ with config.krebs.lib;
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
+ buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> {
+ inherit (pkgs.pythonPackages) twisted jinja2;
+ dateutil = pkgs.pythonPackages.dateutil_1_5;
+ sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override {
+ doCheck = false;
+ });
+ };
+
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
symlinkJoin = { name, paths, ... }@args: let
x = pkgs.symlinkJoin args;
From 4425e51f8eb87b4801a851e092eb048af1067192 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 20 May 2016 00:01:43 +0200
Subject: [PATCH 114/135] l 3: add ejabberd
---
lass/3modules/default.nix | 1 +
lass/3modules/ejabberd/config.nix | 93 ++++++++++++++++++++++++++++++
lass/3modules/ejabberd/default.nix | 57 ++++++++++++++++++
3 files changed, 151 insertions(+)
create mode 100644 lass/3modules/ejabberd/config.nix
create mode 100644 lass/3modules/ejabberd/default.nix
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 40f18336e..380d83a91 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -1,6 +1,7 @@
_:
{
imports = [
+ ./ejabberd
./folderPerms.nix
./mysql-backup.nix
./urxvtd.nix
diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix
new file mode 100644
index 000000000..9a4882644
--- /dev/null
+++ b/lass/3modules/ejabberd/config.nix
@@ -0,0 +1,93 @@
+{ config, ... }: with config.krebs.lib; let
+ cfg = config.lass.ejabberd;
+
+ # XXX this is a placeholder that happens to work the default strings.
+ toErlang = builtins.toJSON;
+in toFile "ejabberd.conf" ''
+ {loglevel, 3}.
+ {hosts, ${toErlang cfg.hosts}}.
+ {listen,
+ [
+ {5222, ejabberd_c2s, [
+ starttls,
+ {certfile, ${toErlang cfg.certfile}},
+ {access, c2s},
+ {shaper, c2s_shaper},
+ {max_stanza_size, 65536}
+ ]},
+ {5269, ejabberd_s2s_in, [
+ {shaper, s2s_shaper},
+ {max_stanza_size, 131072}
+ ]},
+ {5280, ejabberd_http, [
+ captcha,
+ http_bind,
+ http_poll,
+ web_admin
+ ]}
+ ]}.
+ {s2s_use_starttls, required}.
+ {s2s_certfile, ${toErlang cfg.s2s_certfile}}.
+ {auth_method, internal}.
+ {shaper, normal, {maxrate, 1000}}.
+ {shaper, fast, {maxrate, 50000}}.
+ {max_fsm_queue, 1000}.
+ {acl, local, {user_regexp, ""}}.
+ {access, max_user_sessions, [{10, all}]}.
+ {access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
+ {access, local, [{allow, local}]}.
+ {access, c2s, [{deny, blocked},
+ {allow, all}]}.
+ {access, c2s_shaper, [{none, admin},
+ {normal, all}]}.
+ {access, s2s_shaper, [{fast, all}]}.
+ {access, announce, [{allow, admin}]}.
+ {access, configure, [{allow, admin}]}.
+ {access, muc_admin, [{allow, admin}]}.
+ {access, muc_create, [{allow, local}]}.
+ {access, muc, [{allow, all}]}.
+ {access, pubsub_createnode, [{allow, local}]}.
+ {access, register, [{allow, local}]}.
+ {language, "en"}.
+ {modules,
+ [
+ {mod_adhoc, []},
+ {mod_announce, [{access, announce}]},
+ {mod_blocking,[]},
+ {mod_caps, []},
+ {mod_configure,[]},
+ {mod_disco, []},
+ {mod_irc, []},
+ {mod_http_bind, []},
+ {mod_last, []},
+ {mod_muc, [
+ {access, muc},
+ {access_create, muc_create},
+ {access_persistent, muc_create},
+ {access_admin, muc_admin}
+ ]},
+ {mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
+ {mod_ping, []},
+ {mod_privacy, []},
+ {mod_private, []},
+ {mod_pubsub, [
+ {access_createnode, pubsub_createnode},
+ {ignore_pep_from_offline, true},
+ {last_item_cache, false},
+ {plugins, ["flat", "hometree", "pep"]}
+ ]},
+ {mod_register, [
+ {welcome_message, {"Welcome!",
+ "Hi.\nWelcome to this XMPP server."}},
+ {ip_access, [{allow, "127.0.0.0/8"},
+ {allow, "0.0.0.0/0"}]},
+ {access, register}
+ ]},
+ {mod_roster, []},
+ {mod_shared_roster,[]},
+ {mod_stats, []},
+ {mod_time, []},
+ {mod_vcard, []},
+ {mod_version, []}
+ ]}.
+''
diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix
new file mode 100644
index 000000000..c68f32ef0
--- /dev/null
+++ b/lass/3modules/ejabberd/default.nix
@@ -0,0 +1,57 @@
+{ config, lib, pkgs, ... }@args: with config.krebs.lib; let
+ cfg = config.lass.ejabberd;
+in {
+ options.lass.ejabberd = {
+ enable = mkEnableOption "lass.ejabberd";
+ certfile = mkOption {
+ type = types.str;
+ };
+ hosts = mkOption {
+ type = with types; listOf str;
+ };
+ pkgs.ejabberdctl = mkOption {
+ type = types.package;
+ default = pkgs.writeDashBin "ejabberdctl" ''
+ set -efu
+ export SPOOLDIR=${shell.escape cfg.user.home}
+ export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
+ exec ${pkgs.ejabberd}/bin/ejabberdctl \
+ --logs ${shell.escape cfg.user.home} \
+ --spool ${shell.escape cfg.user.home} \
+ "$@"
+ '';
+ };
+ s2s_certfile = mkOption {
+ type = types.str;
+ default = cfg.certfile;
+ };
+ user = mkOption {
+ type = types.user;
+ default = {
+ name = "ejabberd";
+ home = "/var/ejabberd";
+ };
+ };
+ };
+ config = lib.mkIf cfg.enable {
+ environment.systemPackages = [ cfg.pkgs.ejabberdctl ];
+
+ systemd.services.ejabberd = {
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = "yes";
+ PermissionsStartOnly = "true";
+ SyslogIdentifier = "ejabberd";
+ User = cfg.user.name;
+ ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start";
+ };
+ };
+
+ users.users.${cfg.user.name} = {
+ inherit (cfg.user) home name uid;
+ createHome = true;
+ };
+ };
+}
From ac35c00c0454842b20146fad4be16fce628b6816 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 20 May 2016 00:02:10 +0200
Subject: [PATCH 115/135] l 1 prism: remove nixpkgs override
---
lass/1systems/prism.nix | 4 ----
1 file changed, 4 deletions(-)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 4c0b4e690..e69fc545f 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -18,10 +18,6 @@ in {
imports = [
../2configs/buildbot-standalone.nix
];
- krebs.build.source.nixpkgs = lib.mkForce {
- url = https://github.com/NixOS/nixpkgs;
- rev = "0d05f172b27e94d9eea3257f42d7e03371e63acc";
- };
}
{
users.extraGroups = {
From 3c4c71436ade88ec1e6e74bd8af4b4d77a03884e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 20 May 2016 00:02:29 +0200
Subject: [PATCH 116/135] l 1 prism: start ejabberd & acme
---
lass/1systems/prism.nix | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index e69fc545f..406acda5b 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -2,6 +2,10 @@
let
ip = config.krebs.build.host.nets.internet.ip4.addr;
+
+ inherit (import ../../4lib { inherit lib pkgs; })
+ manageCerts;
+
in {
imports = [
../.
@@ -159,6 +163,38 @@ in {
enable = true;
};
}
+ {
+ security.acme = {
+ certs."lassul.us" = {
+ email = "lass@lassul.us";
+ webroot = "/var/lib/acme/challenges/lassul.us";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ "full.pem"
+ ];
+ user = "ejabberd";
+ };
+ };
+ krebs.nginx.servers."lassul.us" = {
+ server-names = [ "lassul.us" ];
+ locations = [
+ (lib.nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/lassul.us/;
+ '')
+ ];
+ };
+ lass.ejabberd = {
+ enable = true;
+ hosts = [ "lassul.us" ];
+ certfile = "/var/lib/acme/lassul.us/full.pem";
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.prism;
From 8e095afefce800a60cdd0cd574dd66058c080a4b Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 20 May 2016 00:03:48 +0200
Subject: [PATCH 117/135] l 2 nixpkgs: e781a82 -> d541e0d
---
lass/2configs/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index c03e966d5..29938e35c 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -54,7 +54,7 @@ with config.krebs.lib;
stockholm = "/home/lass/stockholm";
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "e781a8257b4312f6b138c7d0511c77d8c06ed819";
+ rev = "d541e0dc1c05f5514bf30f8039e687adddb45616";
dev = "/home/lass/src/nixpkgs";
};
} // optionalAttrs config.krebs.build.host.secure {
From f91168618f04e6fb49aa5530af12e28c4fbdefe6 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 20 May 2016 00:05:31 +0200
Subject: [PATCH 118/135] l 2 git: add xmonad-stockholm repo
---
lass/2configs/git.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 0aab298c7..9ec0f1e1f 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -35,6 +35,7 @@ let
newsbot-js = {};
kimsufi-check = {};
realwallpaper = {};
+ xmonad-stockholm = {};
};
restricted-repos = mapAttrs make-restricted-repo (
From 0fd95b3228ac1ba7e4e18e4207691ce401471e6a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 20 May 2016 00:06:11 +0200
Subject: [PATCH 119/135] l 2 websites domsen: use pgpfpm.phpOptions
---
lass/2configs/websites/domsen.nix | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 001e339a4..f31fccd51 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -79,8 +79,7 @@ in {
createHome = true;
};
- services.phpfpm.phpIni = pkgs.writeText "php.ini" ''
- ${readFile "${pkgs.php}/etc/php-recommended.ini"}
+ services.phpfpm.phpOptions = ''
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
sendmail_path = ${sendmail} -t
'';
From 3fea8d651f49ac6a57f99bc6b49a5689e3c74fd8 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 20 May 2016 00:12:43 +0200
Subject: [PATCH 120/135] l: add untilport
---
lass/2configs/default.nix | 1 +
lass/5pkgs/default.nix | 1 +
lass/5pkgs/untilport/default.nix | 18 ++++++++++++++++++
3 files changed, 20 insertions(+)
create mode 100644 lass/5pkgs/untilport/default.nix
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 29938e35c..e38503f1a 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -112,6 +112,7 @@ with config.krebs.lib;
#neat utils
krebspaste
psmisc
+ untilport
#unpack stuff
p7zip
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 1dacf6c7a..467867f63 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -10,6 +10,7 @@
};
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
+ untilport = pkgs.callPackage ./untilport/default.nix {};
urban = pkgs.callPackage ./urban/default.nix {};
xmonad-lass =
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
diff --git a/lass/5pkgs/untilport/default.nix b/lass/5pkgs/untilport/default.nix
new file mode 100644
index 000000000..61bcc2b89
--- /dev/null
+++ b/lass/5pkgs/untilport/default.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+
+pkgs.writeDashBin "untilport" ''
+ set -euf
+
+ usage() {
+ echo 'untiport $target $port'
+ echo 'Sleeps until the destinated port is reachable.'
+ echo 'ex: untilport google.de 80 && echo "google is now reachable"'
+ }
+
+
+ if [ $# -ne 2 ]; then
+ usage
+ else
+ until ${pkgs.netcat-openbsd}/bin/nc -z "$@"; do sleep 1; done
+ fi
+''
From 961d1a037dfcf117e0900f8ceff5194e3265df8a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 20 May 2016 00:16:46 +0200
Subject: [PATCH 121/135] l 2 mail: add not working pgp stuff
---
lass/2configs/mail.nix | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 3c7dfcaf6..72d6f987f 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -21,6 +21,21 @@ let
set pgp_sign_as = 0x976A7E4D
set crypt_autosign = yes
set crypt_replyencrypt = yes
+ set crypt_verify_sig = yes
+ set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f"
+
+ macro index \Cv \
+ "<enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \
+ <enter-command> set crypt_verify_sig=yes<enter> \
+ <display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
+ 'Verify PGP signature and open the message'
+
+ macro pager \Cv \
+ "<exit><enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \
+ <enter-command> set crypt_verify_sig=yes<enter> \
+ <display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
+ 'Verify PGP signature'
+
# notmuch
set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir
From ba41135bfde877e619c85b77a2fe631b66a37184 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 20 May 2016 00:17:21 +0200
Subject: [PATCH 122/135] l 1: add shodan
---
lass/1systems/shodan.nix | 57 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 57 insertions(+)
create mode 100644 lass/1systems/shodan.nix
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
new file mode 100644
index 000000000..873a580d9
--- /dev/null
+++ b/lass/1systems/shodan.nix
@@ -0,0 +1,57 @@
+{ config, pkgs, ... }:
+
+with builtins;
+{
+ imports = [
+ ../.
+ ../2configs/baseX.nix
+ ../2configs/exim-retiolum.nix
+ ../2configs/browsers.nix
+ ../2configs/programs.nix
+ ../2configs/fetchWallpaper.nix
+ ../2configs/backups.nix
+ #{
+ # users.extraUsers = {
+ # root = {
+ # openssh.authorizedKeys.keys = map readFile [
+ # ../../krebs/Zpubkeys/uriel.ssh.pub
+ # ];
+ # };
+ # };
+ #}
+ ];
+
+ krebs.build.host = config.krebs.hosts.shodan;
+
+ networking.wireless.enable = true;
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ boot = {
+ loader.grub.enable = true;
+ loader.grub.version = 2;
+ loader.grub.device = "/dev/sda";
+
+ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ #kernelModules = [ "kvm-intel" "msr" ];
+ kernelModules = [ "msr" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/pool/nix";
+ fsType = "ext4";
+ };
+
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+ };
+
+ #services.udev.extraRules = ''
+ # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
+ # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
+ #'';
+}
From 7c8bd6c55182c0329c27fcd25e01ee9a275297de Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 21 May 2016 13:45:48 +0200
Subject: [PATCH 123/135] k 3 l: move pubkeys to seperate files
---
krebs/3modules/lass/default.nix | 9 +++++----
krebs/3modules/lass/{default.pgp => pgp/mors.pgp} | 0
krebs/3modules/lass/ssh/helios.rsa | 1 +
krebs/3modules/lass/ssh/mors.rsa | 1 +
krebs/3modules/lass/ssh/uriel.rsa | 1 +
5 files changed, 8 insertions(+), 4 deletions(-)
rename krebs/3modules/lass/{default.pgp => pgp/mors.pgp} (100%)
create mode 100644 krebs/3modules/lass/ssh/helios.rsa
create mode 100644 krebs/3modules/lass/ssh/mors.rsa
create mode 100644 krebs/3modules/lass/ssh/uriel.rsa
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index dddbe881b..f28d5d4a0 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -294,17 +294,18 @@ with config.krebs.lib;
};
users = {
lass = {
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
mail = "lass@mors.retiolum";
- pgp.pubkeys.default = builtins.readFile ./default.pgp;
+ pubkey = builtins.readFile ./ssh/mors.rsa;
+ pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp;
};
lass-uriel = {
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
mail = "lass@uriel.retiolum";
+ pubkey = builtins.readFile ./ssh/uriel.rsa;
};
lass-helios = {
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios";
mail = "lass@helios.retiolum";
+ pubkey = builtins.readFile ./ssh/helios.rsa;
+ };
};
};
}
diff --git a/krebs/3modules/lass/default.pgp b/krebs/3modules/lass/pgp/mors.pgp
similarity index 100%
rename from krebs/3modules/lass/default.pgp
rename to krebs/3modules/lass/pgp/mors.pgp
diff --git a/krebs/3modules/lass/ssh/helios.rsa b/krebs/3modules/lass/ssh/helios.rsa
new file mode 100644
index 000000000..c2a54b621
--- /dev/null
+++ b/krebs/3modules/lass/ssh/helios.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios
diff --git a/krebs/3modules/lass/ssh/mors.rsa b/krebs/3modules/lass/ssh/mors.rsa
new file mode 100644
index 000000000..172fd2dda
--- /dev/null
+++ b/krebs/3modules/lass/ssh/mors.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors
diff --git a/krebs/3modules/lass/ssh/uriel.rsa b/krebs/3modules/lass/ssh/uriel.rsa
new file mode 100644
index 000000000..015b57837
--- /dev/null
+++ b/krebs/3modules/lass/ssh/uriel.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel
From 41e93449bb78104e8d1525236969a6816d4b28ed Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 21 May 2016 13:46:41 +0200
Subject: [PATCH 124/135] k 3 l: add shodan keys
---
krebs/3modules/lass/default.nix | 4 ++++
krebs/3modules/lass/pgp/shodan.pgp | 30 ++++++++++++++++++++++++++++++
krebs/3modules/lass/ssh/shodan.rsa | 1 +
3 files changed, 35 insertions(+)
create mode 100644 krebs/3modules/lass/pgp/shodan.pgp
create mode 100644 krebs/3modules/lass/ssh/shodan.rsa
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index f28d5d4a0..03e067f35 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -306,6 +306,10 @@ with config.krebs.lib;
mail = "lass@helios.retiolum";
pubkey = builtins.readFile ./ssh/helios.rsa;
};
+ lass-shodan = {
+ mail = "lass@shodan.retiolum";
+ pubkey = builtins.readFile ./ssh/shodan.rsa;
+ pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp;
};
};
}
diff --git a/krebs/3modules/lass/pgp/shodan.pgp b/krebs/3modules/lass/pgp/shodan.pgp
new file mode 100644
index 000000000..543b05b71
--- /dev/null
+++ b/krebs/3modules/lass/pgp/shodan.pgp
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQENBFc/U8EBCADaPobNwlm8oI3cVtDhsdHpW7gyNTloqM1JdUPoJ30kS8xIbKfF
+U+UWEj+/G0hXg3jGpqsYKzCegLcZuvKrLuyWas3nFync/KeWjPpmQWh8h/AQ63gi
+6FjikRS9iDHEnUBqXXymG6JOo9NrGX7viWcPx+rQzvXOFxVYt1JJY+Ki30tSL+0l
+igJBJ+x2qndnlPZE9uyKjYC9+9NlZ04h5WOponTtgIddBlBPhIOAW+f5mBVeWuaK
+8wPBY2z98ZIclwdTohCpBRjs/EAEhN+2djSjyJti2TARceMKV2ZLRoUh6bNqj3xV
+Y4IkDe47dS8rRmH/xj+9odJjtlbFHDmtElcfABEBAAG0HWxhc3NAc2hvZGFuLnIg
+PGxhc3NAc2hvZGFuLnI+iQE3BBMBCAAhBQJXP1PBAhsDBQsJCAcCBhUICQoLAgQW
+AgMBAh4BAheAAAoJECOf1I8qjNLnWCsH/Rr70NVjCpqou5JRJqc9NMYJflH8qUSR
+xxYsVXaLjf1sa5X0qbq1u5EaYQGsdP7qKuLggoom7CGBhG3WZnfhuLi9y2IXAFo8
+RprBmrTmXgpXqm8IrcWMDJUEwhjUn+x1iCnGUfmbUpIdBIj8HsCfDUmg+WT0GflT
+9tfYR0v1vRzK6WWYEobP9abhZdjOHIS8cXDgFVREllKjjOcLzsB23I9g1nlvX3+W
+J7iliC4s1OGvcpw0MHl/1KRpSBXK3we0WTNZLIJXr8W+BvURYxhVfbvgjHuv6K0h
+J0a/me8nkh05pdRLLGL+C8eFjAXALnTIxgiVNGjtXBAR+/HN2//iG665AQ0EVz9T
+wQEIAMsxDQ3Y5SL2gI1EjEuCc6RyTSBmsna9g/wKjzUbcB9zpEN9i85NDRvvfGn6
+ihxI9Z1rvn8zr8MKu9OcZB2XEQDriHUcS4IxnZzdbUIKOtR+1BjZvMKupbw+KHag
+WoeUh+tfb50bEMy/Z6Mp5mLOyXMyyiGS3CHJ6sHUXTub6kuHQnAOqiMsqnegZMcS
+sF+NpSNoSngC060jgh7fl4T8M3Vuv9NKGu9+0J48QR+LFsKe/7LwRQ9HFSH4sPeD
+vQI1BEo4piXthwd6mUHCbish38H77PGO0kKHaJ0HkBu+3tKXP1JJdm9SiN+ypUIB
+FyfLpaWf6pcc/0QX6qE4gL00MI0AEQEAAYkBHwQYAQgACQUCVz9TwQIbDAAKCRAj
+n9SPKozS5w85B/4o2Zf7oLqjNmOu+YE0fNJmbGCETNotNnE/GToiejNAM9B/rYJe
+qjM9/kq0GJKVfKKrBGA0YQy9O847TVW26gPeiEgS7DO1Dl9YiLJJVzUGlOPijTIJ
+A3LmMCLU/M3+a/33HGjm7gYk+aRwqOwHeC+f1pder8InoC3ebWupfcQsWkwTVqZk
+lrLzoywjqQcdjAYFJp1c0ZxXyrgOS4dIGMU+o+DDCyK/ry9UGd3ZacMqDsyWO51A
+iXDMtvVsuxbIP5o3muF9kEX7hx4EF7+MzRI3FjYwlHLNw+v3OVhfOxuPSt71VOiC
+G2aT2z4sz8+qbOIIG3JX99osG6v683lvDUCW
+=s4OM
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/krebs/3modules/lass/ssh/shodan.rsa b/krebs/3modules/lass/ssh/shodan.rsa
new file mode 100644
index 000000000..3ee08ad41
--- /dev/null
+++ b/krebs/3modules/lass/ssh/shodan.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDV+EscrUKgsu6iO94lJQ45o0t9QV88H7RrbLCsysgesQqiCbq0XNJKSrKI4T/o5dBNfoHMi4FSuPsF3YzffvMOWmdluHRBIhDJSDiFaraHr1zu7fHDO8gsUf/a3H3LPHtRRoXQFNsIK5NRLR35WpKt+zG6GK/WLBzb2N4MR3Ym5Qo2OepW3pgMWjjbmiUbGGiao9OWgx5tjjT8PLHIWdoEmJsaE5UnOWebqY+xfkWXMLdzMBPyEdCVwUO7X3Ip0Zk/BJFSqtIHBqQtp+njgeRwfkL2xabge3VGALAnQg5iYXzT8kfzIu/wfaoSdGkdPWxMo80KDiJJlpLj1oC3ABmDj01Hgu9p+g5Em0SFevcenspTii3IvYqdq+eg5+pPny4ki9748t6FlWRsrjrmjdQVVMWbhx42+lsyxIYsdXhwWMqNwTNzvY7Fxy3/8XE14pYWCV5eEll2/hSNfI6AcOoJ0vfHvOXsY6GVMYklXDIFzmiJOpyox+DnTahyUqQ6IcLH73vp9boVK31kf8EC7VDp8ms2ZiXz9nfPYltiUOtKKG0gqg9Jgs7xthpX82WYEp2+PXzPCHWs4WXs3OsUzQ8ykXXD2A7JMVBBv0FaMD4aBsOe7hU20/sO+/J/uuPe5xnpI//uFK4KkYCmDHZcZ3Qzh9CQTISwFvOBbYtRWbDo5w== lass@shodan
From 77dd5eee24ff9a56883ff39fd2a928f59bb02c10 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 21 May 2016 13:47:09 +0200
Subject: [PATCH 125/135] l 2: add radio.nix
---
lass/2configs/radio.nix | 133 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 133 insertions(+)
create mode 100644 lass/2configs/radio.nix
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
new file mode 100644
index 000000000..8cc2a2be7
--- /dev/null
+++ b/lass/2configs/radio.nix
@@ -0,0 +1,133 @@
+{ config, pkgs, ... }:
+let
+ name = "radio";
+ mainUser = config.users.extraUsers.mainUser;
+ inherit (config.krebs.lib) genid;
+
+ admin-password = import <secrets/icecast-admin-pw>;
+ source-password = import <secrets/icecast-source-pw>;
+
+in {
+ users.users = {
+ "${name}" = rec {
+ inherit name;
+ group = name;
+ uid = genid name;
+ description = "radio manager";
+ home = "/home/${name}";
+ useDefaultShell = true;
+ createHome = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
+ };
+ };
+
+ users.groups = {
+ "radio" = {};
+ };
+
+ krebs.per-user.${name}.packages = with pkgs; [
+ ncmpcpp
+ mpc_cli
+ tmux
+ ];
+
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
+ '';
+
+ services.mpd = {
+ enable = true;
+ group = "radio";
+ musicDirectory = "/home/radio/the_playlist/music";
+ extraConfig = ''
+ audio_output {
+ type "shout"
+ encoding "ogg"
+ name "my cool stream"
+ host "localhost"
+ port "8000"
+ mount "/radio.ogg"
+
+ # This is the source password in icecast.xml
+ password "${source-password}"
+
+ # Set either quality or bit rate
+ # quality "5.0"
+ bitrate "128"
+
+ format "44100:16:1"
+
+ # Optional Parameters
+ user "source"
+ # description "here is my long description"
+ # genre "jazz"
+ } # end of audio_output
+
+ '';
+ };
+
+ services.icecast = {
+ enable = true;
+ hostname = "config.krebs.build.host.name";
+ admin.password = admin-password;
+ extraConf = ''
+ <authentication>
+ <source-password>${source-password}</source-password>
+ </authentication>
+ '';
+ };
+
+ krebs.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
+ ];
+ };
+ };
+
+ systemd.timers.radio = {
+ description = "radio autoadder timer";
+ wantedBy = [ "timers.target" ];
+
+ timerConfig = {
+ OnCalendar = "*:*";
+ };
+ };
+
+ systemd.services.radio = let
+ autoAdd = pkgs.writeDash "autoAdd" ''
+ LIMIT=$1 #in secconds
+
+ addRandom () {
+ mpc add "$(mpc ls | shuf -n1)"
+ }
+
+ timeLeft () {
+ playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
+ currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
+ expr ''${playlistDuration:-0} - ''${currentTime:-0}
+ }
+
+ if test $(timeLeft) -le $LIMIT; then
+ addRandom
+ fi
+ '';
+ in {
+ description = "radio playlist autoadder";
+ after = [ "network.target" ];
+
+ path = with pkgs; [
+ gawk
+ mpc_cli
+ ];
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ Restart = "always";
+ ExecStart = "${autoAdd} 100";
+ };
+ };
+}
From 3d9cecb7c4481b10e5e833d62d7c35bb3190c196 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 21 May 2016 13:47:45 +0200
Subject: [PATCH 126/135] l 2 baseX: add nmap to pkgs
---
lass/2configs/baseX.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 0a30f84c0..f918db156 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -34,6 +34,7 @@ in {
dmenu
gitAndTools.qgit
+ nmap
much
pavucontrol
powertop
From 1a0a03a6e5e6001001f37f115834bbfaba555a5b Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 21 May 2016 13:48:46 +0200
Subject: [PATCH 127/135] l 1 mors: remove broken touchpad config
---
lass/1systems/mors.nix | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index e12c8321f..e2ab562fa 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -224,16 +224,4 @@
];
};
};
-
- #touchpad config
- services.xserver.synaptics = {
- enable = true;
- accelFactor = "0.035";
- additionalOptions = ''
- Option "FingerHigh" "60"
- Option "FingerLow" "60"
- '';
- tapButtons = false;
- twoFingerScroll = true;
- };
}
From 6aa93b8c99f6c2433178777bb5a2531efac8bbb2 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 21 May 2016 13:49:12 +0200
Subject: [PATCH 128/135] l 1 shodan: add x220 specific config
---
lass/1systems/shodan.nix | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 873a580d9..6829428ff 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -19,6 +19,25 @@ with builtins;
# };
# };
#}
+ {
+ #x220 config from mors
+ #TODO: make x220 config file (or look in other user dir)
+ hardware.trackpoint = {
+ enable = true;
+ sensitivity = 220;
+ speed = 0;
+ emulateWheel = true;
+ };
+
+ services.xserver = {
+ videoDriver = "intel";
+ vaapiDrivers = [ pkgs.vaapiIntel ];
+ deviceSection = ''
+ Option "AccelMethod" "sna"
+ BusID "PCI:0:2:0"
+ '';
+ };
+ }
];
krebs.build.host = config.krebs.hosts.shodan;
From 7559fbb735ced3a3d6216fdf1bf8ec9e57f25ddb Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 21 May 2016 13:49:31 +0200
Subject: [PATCH 129/135] l 1 prism: import radio.nix
---
lass/1systems/prism.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 406acda5b..aa524720d 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -17,6 +17,7 @@ in {
../2configs/bitlbee.nix
../2configs/weechat.nix
../2configs/privoxy-retiolum.nix
+ ../2configs/radio.nix
{
#we need to use old sqlite for buildbot
imports = [
From 4485965c679916f4b90dc55c7c5c1cd490a4314c Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 21 May 2016 13:50:06 +0200
Subject: [PATCH 130/135] l 2 browsers: add chromium browsers to video group
---
lass/2configs/browsers.nix | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 9e9d15ec4..5c32fa46d 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -59,11 +59,11 @@ in {
imports = [
( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] )
- ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
- ( createChromiumUser "wk" [ "audio" ] [ pkgs.chromium ] )
- ( createChromiumUser "fb" [ "audio" ] [ pkgs.chromium ] )
- ( createChromiumUser "gm" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] )
+ ( createChromiumUser "cr" [ "video" "audio" ] [ pkgs.chromium ] )
+ ( createChromiumUser "wk" [ "video" "audio" ] [ pkgs.chromium ] )
+ ( createChromiumUser "fb" [ "video" "audio" ] [ pkgs.chromium ] )
+ ( createChromiumUser "gm" [ "video" "audio" ] [ pkgs.chromium ] )
];
nixpkgs.config.packageOverrides = pkgs : {
From c7596ab3b400abcb7c4c91793f1b74b36d9525a4 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 21 May 2016 13:50:25 +0200
Subject: [PATCH 131/135] l 2 browsers: remove flash browser
---
lass/2configs/browsers.nix | 11 -----------
1 file changed, 11 deletions(-)
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 5c32fa46d..e230fff43 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -59,20 +59,9 @@ in {
imports = [
( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] )
- ( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] )
( createChromiumUser "cr" [ "video" "audio" ] [ pkgs.chromium ] )
( createChromiumUser "wk" [ "video" "audio" ] [ pkgs.chromium ] )
( createChromiumUser "fb" [ "video" "audio" ] [ pkgs.chromium ] )
( createChromiumUser "gm" [ "video" "audio" ] [ pkgs.chromium ] )
];
-
- nixpkgs.config.packageOverrides = pkgs : {
- flash = pkgs.chromium.override {
- # pulseSupport = true;
- enablePepperFlash = true;
- };
- #chromium = pkgs.chromium.override {
- # pulseSupport = true;
- #};
- };
}
From a6d654ef31d7f832e4cd4774ac22b311f9eae2c1 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 21 May 2016 13:51:06 +0200
Subject: [PATCH 132/135] l 2: add shodan to authorizedKeys
---
lass/2configs/default.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index e38503f1a..ee320b9c9 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -19,6 +19,7 @@ with config.krebs.lib;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-uriel.pubkey
+ config.krebs.users.lass-shodan.pubkey
];
};
mainUser = {
@@ -33,6 +34,7 @@ with config.krebs.lib;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-uriel.pubkey
+ config.krebs.users.lass-shodan.pubkey
];
};
};
From 3c8bf3bf1cba7c08812ce3d27a39b8891acad32f Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 21 May 2016 13:51:22 +0200
Subject: [PATCH 133/135] l 2 downloading: remove unneeded file ending
---
lass/2configs/downloading.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index ccd751413..3639a743a 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -3,7 +3,7 @@
with config.krebs.lib;
let
- rpc-password = import <secrets/transmission-pw.nix>;
+ rpc-password = import <secrets/transmission-pw>;
in {
imports = [
../3modules/folderPerms.nix
From 9740cef28f8e1df956403b49a0856f18189d4084 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 21 May 2016 13:51:57 +0200
Subject: [PATCH 134/135] l 2 weechat: allow connection from shodan
---
lass/2configs/weechat.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
index 98f5df42a..5e14871ac 100644
--- a/lass/2configs/weechat.nix
+++ b/lass/2configs/weechat.nix
@@ -16,6 +16,7 @@ in {
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
+ config.krebs.users.lass-shodan.pubkey
];
};
From 86c16adf7cefac38dcaaf29ea6705e37fe126fe9 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 21 May 2016 13:52:18 +0200
Subject: [PATCH 135/135] l 2 git: add the_playlist repo
---
lass/2configs/git.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 9ec0f1e1f..5cbe46351 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -36,6 +36,7 @@ let
kimsufi-check = {};
realwallpaper = {};
xmonad-stockholm = {};
+ the_playlist = {};
};
restricted-repos = mapAttrs make-restricted-repo (