Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2020-10-23 21:02:02 +02:00
commit e8b6cc0587
No known key found for this signature in database
GPG key ID: 36F7711F3FC0F225
85 changed files with 1013 additions and 340 deletions

View file

@ -10,7 +10,7 @@
{
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
nixpkgs-unstable.git = {
url = "https://github.com/nixos/nixpkgs-channels";
url = "https://github.com/nixos/nixpkgs";
ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
};
secrets = if test then {

View file

@ -137,6 +137,7 @@ in {
systemPlugin
];
username = "reaktor2";
port = "6697";
};
r = {
nick = "reaktor2|krebs";

View file

@ -18,12 +18,15 @@ with import <stockholm/lib>;
in {
hosts = mapAttrs hostDefaults {
catullus = {
toum = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.3";
aliases = [ "catullus.r" ];
aliases = [
"toum.r"
"toum.kmein.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2tRtskPP6391+ZX9xzsx
@ -48,7 +51,10 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.2.4";
aliases = [ "wilde.r" ];
aliases = [
"wilde.r"
"wilde.kmein.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtz/MY5OSxJqrEMv6Iwjk
@ -100,6 +106,7 @@ in {
ip4.addr = "10.243.2.1";
aliases = [
"homeros.r"
"homeros.kmein.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
@ -221,6 +228,32 @@ in {
wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ=";
};
};
rtjure = {
owner = config.krebs.users.rtjure;
nets = {
retiolum = {
ip4.addr = "10.243.122.122";
aliases = [
"rtjure.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA3YkPPsO3WDGrXyOBdAxxP1MNNuPa19Gx1pA73FKv0gnfp4wYyjwl
sc9A0C5yr741+LhJNqfkUT9Vb7dE2PZcEcAxZ6Vk9FBkkCWHGVyMfeqeK/hTuYqk
FKGNPcGWCKZDM6CYSNYr2PW3ER8xMrQP9VSvHk1smdqr8cj3wWJ8TRtUmHzkvPZc
C4bgrLDiQ8uev5VCt4POilrnjfcBNzgOFxWZ5uneTwM6tLhOj9uaylJEtDbW2XrF
ocm8cGrYkS4c1x77mz/eYfJUJQFhTVGp29QTIiIHglP7W67LLq4qMvREvRhGTovd
AT4KUOEXRgcPzHhbcVNeu2/ekKGHAubpjFfqxW7Y9zRTOXeSwyDnVbh+jg/VBGIV
2BQZnUqNSQIHVeHQCoI3ugdSsqK5Gf1z9cKqpeNfwo+JK72NTC+nH2d5ypRksTzv
VoTrFrv0P2qtKkhI79zY3ezw3HjCf6osKz9/EAYgzGH1Ix4WD3jjc1gqePiHYYlL
EQV4HkwmarmMNrNA8qRDhKCTK4G7CS6btOcSsCM3y1lYbkubaOncIACSWIJ1uAMJ
SEY30YYtOw2PPWstaWdy8MMZK8/MAXGEkt10OBpai7AdFZq8Oyz6xmLpgVIsWPbt
UI8BvkKmFhMU2EHKUbe0qe5M1r218dsrOjPk99QI99iazMG34hyxQB8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
scardanelli = {
owner = config.krebs.users.kmein;
nets = {
@ -228,6 +261,7 @@ in {
ip4.addr = "10.243.2.2";
aliases = [
"scardanelli.r"
"scardanelli.kmein.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
@ -477,6 +511,8 @@ in {
mail = "macxylo@gmail.com";
pubkey = ssh-for "raute";
};
rtjure = {
};
sokratess = {
};
ulrich = {

View file

@ -485,5 +485,28 @@ in {
};
};
};
doctor = {
owner = config.krebs.users.mic92;
nets = rec {
retiolum = {
addrs = [
config.krebs.hosts.doctor.nets.retiolum.ip4.addr
config.krebs.hosts.doctor.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.186";
aliases = [ "doctor.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAx0zdjPX9C0fBQR+8kdlsBTuMr4KxWhqw4ARqW02oSGKJxY+D57oO
ORVfjBhrvIiZJfXaY0M+/n+M4Bvt4r5ol3N1NxkT7vc0bAbz9Kk/0M8dlspNoSO9
WW+mITVfxg/DgzDegjj4TOrsWC1jBjo4PVrvA+PnxZC4VucnqZZ55JHWAk/mPtzs
PUc3mkn3e9pwwrJMQRy7qg9fbatljHCb/fJoDk6DiQP4ZRE/pCf4OYCx7huHibsd
EMp7y5QJySmKwJ/XsS6yiHeYXLFwWvfReja/IRFL4RiDSW+6ES4PTEXxoLVDpqgv
KF44qim4UBabCMTPVtZcU3Rr+ufBALKJCwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
};
}

View file

@ -95,6 +95,7 @@ in {
};
wiregrill = {
via = internet;
ip4.addr = "10.244.1.103";
ip6.addr = w6 "1";
aliases = [
"prism.w"
@ -104,6 +105,7 @@ in {
subnets = [
(krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
(krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR
"10.244.1.0/24"
];
};
};
@ -196,6 +198,7 @@ in {
};
wiregrill = {
ip6.addr = w6 "50da";
ip4.addr = "10.244.1.4";
aliases = [
"shodan.w"
];
@ -554,6 +557,7 @@ in {
phone = {
nets = {
wiregrill = {
ip4.addr = "10.244.1.13";
ip6.addr = w6 "a";
aliases = [
"phone.w"

View file

@ -35,30 +35,30 @@ N6p/mTAfwLHrgKEDY+YLLqaogdZ0O7wL+jgrL6fuKqALuIJqO/6FBVXfyR5rvUGs
8R9rdy39x0NkWdyt+I0kXf50cWVi/tSi47HGYJpc1JSjFOfLjpQihij+nWlMnaF4
bpeJBUYx5FZlIou4a7+aRsPQC7P58tcMSFR7gKlomBacBQoVkf8iZ6ml0aWRTZnr
s2XOGn7h6A4AoeLr1i4U8XkJGHatunhvhXJTPHk0QZvgfq92gQc3IdUAEQEAAYkE
cgQYAQoAJhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJdok2SAhsCBQkB4TOAAkAJ
EGZXvoqNHugHwXQgBBkBCgAdFiEEVAotn4qIhqe83vdsfheGip18nM8FAl2iTZIA
CgkQfheGip18nM9DVxAAuqX7iztddbttkIfN65R5XJPjz7NRg0AI8G+1qnkvF3c2
ufNjL++BJSvlbi/2ov92S+0CPF08E4kDsHjA/JM782D6lDfSZltW4YBBqkJZdtiP
ElcIqIhM6EX7fs3Ag/RjUVPb4tYkH20xcNhyl+0RdBuSvR0+KOXXBfoNmsyQM4/h
UKiWW3vGOZOBmYPNcvAQcMs+p4D5JHQcOyxgtXyiXU/VxvUWI7cH6I7daRDTFR3L
4zXoIrRwqEgxIqof2Zm4smoHDLfXxGQrcjj6eKkn/gt/T7qYxnhcG5guS2DwIay5
c7xV1xuB7pDgM1On56heD21DI4vtXXnTkjo7/6hsw2e6TBcn295fEekvBupYVwaz
efBSlr2f3xxlDvd35D5tWZRVGspzxO15DcTaTglOeNtRnYGRwHwE/tiJ0G0uwGfv
aI0xeexuhnTfvEkpJ4SJ/iMl+FpOw7I35H7mz8MrRNMjtR+Es8gzuw7hNErmbh0S
LZvddoPnqt9kF8ayA1iz1X9KiBkkj3EbvI99jYjdDDm5lsxCZKLSX4r9Mp236K6D
MGlifRN2AfdXziXhPABQkKE5m7kcn1gALn9Mcg5HgeXTdxan6QP35ygDtmNldJGE
P+AWAZ4RwaFK8P3/oqQ/8XhnkwH5n2SPd8WQqnldvrtajUzUegvJUstLS5B1TFQl
Ug/9EV4nuVrGU0uFQLFKLzCXAxWGQPwFwJW4XI4SfhHzyXm8nuJLAKJunxxYni9z
7bIe297hNCMLh8VwW6WkGCz4v9BfURE1jUEPeuu0biCHxa+U8vd1l/CIgAYbNTgj
8eNsN6hV4X9fpGaW0YjDtGSkl1FMC+4YLXm8xRHzdM0RpZpRMaUKSuAYJzi21LGa
QyhdrTn77RvbkeFu0I3b8If5QLTFxLTkAM2IwfyHd7ytlhl6vxHaUwh8djop9jjc
Ty+bSyEjEIZyR+buj3CVUiheQXWw6rGFdR/TLGERWMf6rYF/fuXp5s6jmRCPmB0d
7iX3WkZ6XvjW6wuM9TaBhK3PixPHcHss8uwhtg7+WeVqRAr4VWTFxTIy60vacDvL
5Sskqas4JWnYxfuFpm60IDnBS2kkHM07O+PY2x4S5o+7S0qT9RPtcvqVtAp8eont
2ovc9fXn4UpbeENFeytwed65QrFYDLGlNtq66iO2kp2mX/sFk634TUZ04vyz6nut
senoOofrZefND2uhzJ8pyJkYWTWBsmGitn0JPSBxbIil7PSDBbqEdHE/fD6QnOdw
dmDrFJUdcDzwdBDlmn80VOmooyR8pfrH5u6wKfNZ9xBjVsh1z6lWQbuBgXtltTtE
5rJJvZ7Pawt8nmb+UW0WxCL3TsWCG3sq1MV8ryU/9l0hTEK5Ag0EXaJN1gEQANML
cgQYAQoAJgIbAhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY99AkDB
dCAEGQEKAB0WIQRUCi2fioiGp7ze92x+F4aKnXyczwUCXaJNkgAKCRB+F4aKnXyc
z0NXEAC6pfuLO111u22Qh83rlHlck+PPs1GDQAjwb7WqeS8Xdza582Mv74ElK+Vu
L/ai/3ZL7QI8XTwTiQOweMD8kzvzYPqUN9JmW1bhgEGqQll22I8SVwioiEzoRft+
zcCD9GNRU9vi1iQfbTFw2HKX7RF0G5K9HT4o5dcF+g2azJAzj+FQqJZbe8Y5k4GZ
g81y8BBwyz6ngPkkdBw7LGC1fKJdT9XG9RYjtwfojt1pENMVHcvjNegitHCoSDEi
qh/ZmbiyagcMt9fEZCtyOPp4qSf+C39PupjGeFwbmC5LYPAhrLlzvFXXG4HukOAz
U6fnqF4PbUMji+1dedOSOjv/qGzDZ7pMFyfb3l8R6S8G6lhXBrN58FKWvZ/fHGUO
93fkPm1ZlFUaynPE7XkNxNpOCU5421GdgZHAfAT+2InQbS7AZ+9ojTF57G6GdN+8
SSknhIn+IyX4Wk7DsjfkfubPwytE0yO1H4SzyDO7DuE0SuZuHRItm912g+eq32QX
xrIDWLPVf0qIGSSPcRu8j32NiN0MObmWzEJkotJfiv0ynbforoMwaWJ9E3YB91fO
JeE8AFCQoTmbuRyfWAAuf0xyDkeB5dN3FqfpA/fnKAO2Y2V0kYQ/4BYBnhHBoUrw
/f+ipD/xeGeTAfmfZI93xZCqeV2+u1qNTNR6C8lSy0tLkHVMVAkQZle+io0e6Afj
AQ/+Lzh1018ILwq/IvV57GrjsYp2lBlcp2n/jZ5KlCVpVPsYjkGT+e2XYvcloPBK
IXzkHr88/U4iyJGJeIC+a/pYJ6RpR6EzPb1kDB2i0kGbZinoxZwix0b4wvkMoSbT
KDMkZYEIe0/v6CEU3mCbE9gnNWhPSF+XwXYxNyFNfMqaSqx4mjC6LAuFZA4AgqHB
uGudBgeIQ+sP8zJTSHKtePgK1JgAMYPGUHgfJHE3tcMDxMgKr2x3PN1Z6/YH/ifZ
wq1oUFPbB0LGZhkwrSDzgIya5FBoBfnawAwbh562LRuphHdqk+wBYigfFBztbmQx
MqtA6pmH+k8vNUq6QY/CbZfvcpkRAAR1ib2QaZYXTlq7jqb+nLM9EbACxj9651SQ
D7u4ShvPtxqFf+mv/4eHYx2akBIIUQYAf5OYGnE3E0kqiuK4qHKgt1NI5z1mSd9D
duWIuoRbBUrApTKsHgwtMxNrNVioGIE1dTRuu56drhwY2ZPyzVtSb7q/hRU/a3UZ
5S6EsrmDGIIlAHrgKfKfuerESE5VzN1Nn3QHpfjwX+gq51cosTqlRiu4oMesPk31
ZmPcuG6H/m7nGagX9+l00sDsqISqMG4lZCJAFa020OS/g6V3q6LCqggky6+4sQTG
5HB8jGba2tXMSQfBQEtDFve6agiRTw8z1V8s1gPCMmPhsLi5Ag0EXaJN1gEQANML
yxoeknGlTtkG640UP5ZkUEojwXxlni3v2dpWEaEJO9yqvkELCWum5pRz+iDzoDFS
lUPnP3YKVFkLbAlk56abIAQ6VK7wkOSHCw1F7LlCY830bRkgGJ8/b8us9KpET6Am
ei7OGYVtqNBUodEJi6XkH5q9RLQeVR+7ynt0LTAxO/mMFYc3nhccrhadubhh5rTd
@ -69,19 +69,19 @@ qfwnT2M6m8P4OS1sAHv5vDDYXezB0WrJNstYvhtHhi4ctuolBuwOb7nyIBlZovhk
5/6IAFmoUprfGHOuttEcPTRDGv737cR1cYaz5QMuz2svNU3ivI/tYfIQwMAjv84A
ZN2wl63QkghYo/dm9a5Ex78CNwZD/z7HOE3zD+Rd0C9/hXLpVVhN0mKmDzgJHPUo
VDk//P3YgzM+dtUWWPJ1FfaTz2543V9MwVWUJQj0DIgl4noLHX3wkd/d4gYGAhlW
kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYWIQTb
zXV4RgabOS6pQB1mV76KjR7oBwUCXaJN1gIbDAUJAeEzgAAKCRBmV76KjR7oB4ke
D/94TykloLIX2yjqUgsIbzPNH4Q+wzXYAUwhPaY9WlRsnwMJdoWxLVvMDF44JxKj
nzUi5UctaeI2GylLv5G2na5/trRnvIAQq0IyMCz7+mQwSDcZL1UgWpoljRnKbPYs
dYSS1t7LLjP9So4YXeHlAu6tKfF5XkUvB8yfcpupPF+mhfIGPMDRPMBuO3GovpNk
Gutgrzo3dttRr5b4lwFv6uZBw906b5dgKf82nC3zhvJ0q45VFPmBvriCMHdCzR+E
i6Lv06/xSe/ksY2m2Ma16M5n/cvPdl0NFMSwPz/VctEbWV+HoIJs/swW3l5xSV1f
06GQ9h+kaTlF7UUaXWqgiKaOBpvjgVhg88AUwxbpkH/BN1MJ3ww3XAk8gyI7AW0P
60Xzj0q8zlKxYWxaDWCrBc0yCfC0ulChetVGGaJ9WWRVu2ZjPLwHoZmwEpevSrNc
0UmO4jtB/5ojCzTI+l5lLHDLYjAZFDvA2qaLfgs5roQvEaGxW9MDpuz10AclrUfV
u6UikxdivbYssVA0/ytdiIDmITONY6kNL3PLSA7Ki/N3oz4s5WpPFUOBL3wPmpW/
MXq/d/GvzbgjXHHWdPKrC3sz12/R+PUzr+dTQeJR72eW+6QQqAEmEhS8xfffjsvQ
z3unfvv/4c/mVInpnGBuQXNFYbZxgEsFxbzVavnwppvAirkCDQRdok4KARAAyG97
kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYCGwwW
IQTbzXV4RgabOS6pQB1mV76KjR7oBwUCX4l2DwUJBamPOQAKCRBmV76KjR7oB/Ds
D/96TGfHa6BW1v2kUyHUKmpdk62UhZz49nTsOu1JeMI2cDMLkKaPyeKLsRpzV2qc
OoG1dal7dgjtzKsWdz0HxrrbEs0rBJO4xOmg12Sv9fttTocTt2bQMe3d20Vihbi+
NDEx2PeyncYulDd8PNfDkh8vWUJQoThqimXoVARwKNuH2oDytGceIp+BZLOH8HRz
0ESH9nCAGw3gVX6vQPtjbMgoIXHAnAJkIe2boyyUHu2ZmD6CGjxGSSICMzShcDvN
kcyPKG5BbOGRpbehaMcOOiGH0NsudUPOsyxQt90bP/U+WHPhvOTGk0PqGaOf8QDE
saGlChd3wVK+uCGl60szcxQsbgzlEQVUG3tTW4QGfzL3XK5bHvuGj03Vb45005Y4
6UCUP4ZkEYDsw1Hrn5bkPOP/Pc8Sz1MQt+nw1U3QXbHLxLb8fB82B6oDMakHPgaw
73HxYwbaXDswBb6BVTc86RmXRH1+StObDiJp+h16EqdsSyp15tSM80GRf1KaNKxc
MA4N7/i7j9M/z2fKWT7vTAGdcg8vhZH0MDQ9vRmYsuQZtoNieZVXnyQ/ILAgPhiL
pdyPffQV0BpWKd68C8kEhoMP0D3h6Uj88ZOuapyOCvsrBvR7SQOVh+L+KMjh1Xgx
WvPJuoU4Jox4og85/Gz0Ui8EROYyHg5yqPqsBBmz6h8F7rkCDQRdok4KARAAyG97
rjKhP8Uie1i/16SekDo+GkpodBmvhrZiZdwg75YxriHhgioe2AKKmQItOdZOY+mV
qMA63FmByDlPodHmQnrIAn/gr7p5V3lM+l0oVTI8maPO39iT7Nh6W/rv4ni8eMBk
L6P2cPPaTpcv76qWl/WcMiEflPNSAFaxyIapq04rafthcIILWmOBbQ+liMn9YT7a
@ -92,18 +92,18 @@ pKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm64rKyYS8RIilqTCmIHnpoSIq3n1wOlMV
X4sB4N4CfAZRAbI9LZfx1QEYn0dst9+mCDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh
81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN
6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BPg6qZH7JeMnlOZXXOg8K5VcLkiGuL1brO
Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJhYhBNvN
dXhGBps5LqlAHWZXvoqNHugHBQJdok4KAhsgBQkB4TOAAAoJEGZXvoqNHugHSVkP
/iEIS7oVZuXBRYCv6GSfrS7b8h5NH8TFiu89sl3B0aRjRXhcsCgutFHVa4ztJqjF
rzuzmZ/6dlZ2F/LGu1Qzgu8Vd3VNFTuxanUE5W82mFqTcYij1G2HjN0gBoOhscl3
Oy5zsYfP4gyB3pypPujcqhKfFxxW4V7HK8CvspQ6Anh8TrrAobM7b5gREm3BUvl+
VH7ErYLy13XkH2dNhUeAY2lNLLBbftwBE3RDFtaT9on/e4FZycgtfOM9fXOqdNXk
EQW4fXBoazWWYXXcVMro0+KTpITjXdX9F613C9xwLEATS8OVIDxQZFuyrl1r/Dty
keEn2OKi1RVdZhW7aV09ckKKeH1X/89850WDQatrsREjLXfJBJU94XKwekFC0wsw
uUJkyf5tb/FbAQg8fTMLhVv1D+IqkEISSwr3JmRZXqDEAYqCZHHWqnRrB8mm6eoB
vI93yMV1bkxb2/aI4xBtGKhPzfLIiiV5PevmnDOq08htU/Jr6VGhW+Wm1/qnHmPw
JE1J+yH8NHJQ6NemztSomK8K9J23zgJfgb24Eztc8zIBcNb2CWJ9BgkSYy1BLFy4
gsfSx3i91GdfsjMpBL7o4/rjdlJGbt76k18dSyWJEdtwYYKwGYvNes21GwbZ/aOx
z8vpeBc06aBx5UOb4Y22HNfG9hDfuuDhGP7Kl0b0LIqq
=U2Jf
Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJgIbIBYh
BNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY8FAAoJEGZXvoqNHugHuLUP
+gJ01mSEs3+0jriWqg7V+Q59rulMVrUdV2mjBtzz3gvF9PLiEnVEl7EgGdLpVIr/
Wr9QIiUnS1NNrDz8oeDf54Q+OXtQOiczGClK+yWSm/CM02+HATFws66umAl4GQ4X
qAJwdSDDKIHCP1/0VqXNQUOWW0GCCGCAdn55u4pf+B1rmkA3cWhN51SvAriA/YcG
qmyJZgXO+qZOPWNHxNUdgq9lVEO132dhDzH1b9ufnvQMDxF2V681fQ7E3zWEJZZb
YLRB4jrSz8oxipGRGKgDLiR7lyQ/xRU161jSawblBTcIRXK9c4hv178xQWAInMjt
Hst4YCpvclG26ypZLCzvw6swfnXf3A6Q4A8pZQVvogWZ01dlgofwHm8qlYxT7wSq
eicOu3FkSHD8vNwkXnMLqxwkFr4BcSefzCiXulyMcb3h67ZfXAYAFGrrR581vGEt
Xy+xfXK5PqBX7CWEl3Vs2an9whEncZuv1I9iyXDUmGP7Y373JjqNtpS2GMMPA73k
nB7eI/zpVS5qoxUlqw35Pldvt+L4E3hvrvE7iZE3w4lB9WUyY1OnSRDU10l2rqWt
Ptyk3LE2ed5hz5I+gy8/RsXrAooMBXIGV/GJrhye45wf5F/XQqPulnj38sKhmrQC
QTubPgJwG/kTpNdrA3YukE3E7T5ejaGTT2n5nKat6bj7
=h9fX
-----END PGP PUBLIC KEY BLOCK-----

View file

@ -48,7 +48,7 @@ let
};
urlShortenerHost = mkOption {
type = types.str;
default = "go";
default = "go.r";
description = "what server to use for url shortening, host";
};
urlShortenerPort = mkOption {

View file

@ -3,6 +3,14 @@ with import <stockholm/lib>;
cfg = config.krebs.secret;
in {
options.krebs.secret = {
directory = mkOption {
default = toString <secrets>;
type = types.absolute-pathname;
};
file = mkOption {
default = relpath: "${cfg.directory}/${relpath}";
readOnly = true;
};
files = mkOption {
type = with types; attrsOf secret-file;
default = {};

View file

@ -52,7 +52,7 @@ in {
'';
};
};
ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.privkey.path = config.krebs.secret.file "ssh.id_rsa";
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
};
au = {
@ -79,7 +79,7 @@ in {
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsqDuhGJpjpqNv4QmjoOhcODObrPyY3GHLvtVkgXV0g root@au";
};
mu = {
@ -103,7 +103,7 @@ in {
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu";
};
ni = {
@ -177,7 +177,7 @@ in {
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic";
};
wu = {
@ -203,7 +203,7 @@ in {
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
};
querel = {
@ -262,7 +262,7 @@ in {
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
};
zu = {

View file

@ -118,7 +118,7 @@ let
type = types.bool;
};
timeout = mkOption {
default = 100;
default = 200;
description = ''
Maximum time in milliseconds allowed for the flameshot daemon to
react.

View file

@ -104,7 +104,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MOD10C1_E_SNOW') &
fetch_older_days 7 chlora-raw.jpg $(get_neo_url \
'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MY1DMM_CHLORA') &
fetch_older_days 3 fire-raw.jpg $(get_neo_url \
fetch_older_days 7 fire-raw.jpg $(get_neo_url \
'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MOD14A1_E_FIRE') &
# regular fetches

View file

@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
"date": "2020-08-20T19:08:02+02:00",
"sha256": "1ak7jqx94fjhc68xh1lh35kh3w3ndbadprrb762qgvcfb8351x8v",
"url": "https://github.com/NixOS/nixpkgs",
"rev": "007126eef72271480cb7670e19e501a1ad2c1ff2",
"date": "2020-10-20T10:30:15+10:00",
"sha256": "1rfvw560vp2wn3dxdhqn1rk1fgk0ak9lnqm2dqpnsrkl4b8ay9mq",
"fetchSubmodules": false
}

View file

@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "42674051d12540d4a996504990c6ea3619505953",
"date": "2020-09-06T21:21:08-04:00",
"sha256": "1hz1n1hghilgzk4zlya498xm5lvhsf0r5b49yii7q86h3616fhwy",
"url": "https://github.com/NixOS/nixpkgs",
"rev": "7c2a362b58a1c2ba72d24aa3869da3b1a91d39e1",
"date": "2020-10-20T09:32:31+02:00",
"sha256": "0gl4xndyahasa9dv5mi3x9w8s457wl2xh9lcldizcn1irjvkrzs4",
"fetchSubmodules": false
}

View file

@ -2,7 +2,7 @@
dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs-channels \
--url https://github.com/NixOS/nixpkgs \
--rev refs/heads/nixos-unstable' \
> $dir/nixpkgs-unstable.json
newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')

View file

@ -2,7 +2,7 @@
dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs-channels \
--url https://github.com/NixOS/nixpkgs \
--rev refs/heads/nixos-20.03' \
> $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')

View file

@ -17,27 +17,6 @@ with import <stockholm/lib>;
networking.nameservers = [ "1.1.1.1" ];
services.restic.backups = genAttrs [
"daedalus"
"icarus"
"littleT"
"prism"
"shodan"
"skynet"
] (dest: {
initialize = true;
extraOptions = [
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
];
repository = "sftp:backup@${dest}.r:/backups/blue";
passwordFile = (toString <secrets>) + "/restic/${dest}";
timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
paths = [
"/home/"
"/var/lib"
];
});
time.timeZone = "Europe/Berlin";
users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
}

View file

@ -18,6 +18,7 @@ with import <stockholm/lib>;
gitAndTools.hub
nix-review
firefox
ag
];
services.openssh.forwardX11 = true;

View file

@ -126,8 +126,6 @@ with import <stockholm/lib>;
remmina
transmission
iodine
macchanger
dpass

View file

@ -23,7 +23,7 @@
services.udev.extraRules = ''
SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:4f:42:35", NAME="et0"
SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:37:15:d9", NAME="et0"
'';
#TODO activationScripts seem broken, fix them!

View file

@ -272,9 +272,9 @@ with import <stockholm/lib>;
resolveLocalQueries = false;
extraConfig= ''
listen-address=42:1:ce16::1
listen-address=42:1:ce16::1,10.244.1.103
except-interface=lo
interface=wg0
interface=wiregrill
'';
};
}
@ -284,7 +284,10 @@ with import <stockholm/lib>;
];
}
{
services.murmur.enable = true;
services.murmur = {
enable = true;
bandwidth = 10000000;
};
services.murmur.registerName = "lassul.us";
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}

View file

@ -55,6 +55,16 @@
fsType = "zfs";
};
fileSystems."/var/realwallpaper/archive" = {
device = "tank/wallpaper";
fsType = "zfs";
};
fileSystems."/home/xanf" = {
device = "/dev/disk/by-id/wwn-0x500a07511becb076";
fsType = "ext4";
};
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

View file

@ -10,7 +10,7 @@
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.devices.lusksroot.device = "/dev/sda2";
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
};

7
lass/1systems/wizard/run-vm.sh Executable file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p nixos-generators
set -efu
WD=$(dirname "$0")
nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f vm-nogui --run

View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
{
imports = [
./default.nix
./config.nix
];
virtualisation.emptyDiskImages = [
8000

View file

@ -41,22 +41,6 @@
displayManager.lightdm.autoLogin.user = "lass";
};
services.syncthing.declarative = {
folders = {
the_playlist = {
path = "/home/lass/tmp/the_playlist";
devices = [ "mors" "phone" "prism" "xerxes" ];
};
};
};
krebs.permown = {
"/home/lass/tmp/the_playlist" = {
owner = "lass";
group = "syncthing";
umask = "0007";
};
};
boot.blacklistedKernelModules = [ "xpad" ];
systemd.services.xboxdrv = {
wantedBy = [ "multi-user.target" ];
@ -93,7 +77,15 @@
};
};
hardware.bluetooth.enable = true;
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
# config.General.Disable = "Headset";
extraConfig = ''
[General]
Disable = Headset
'';
};
hardware.pulseaudio.package = pkgs.pulseaudioFull;
# hardware.pulseaudio.configFile = pkgs.writeText "default.pa" ''
# load-module module-bluetooth-policy

View file

@ -172,7 +172,7 @@ with import <stockholm/lib>;
client
dev tun
proto udp
remote 89.249.65.83 1194
remote 185.230.127.27 1194
resolv-retry infinite
remote-random
nobind
@ -195,7 +195,6 @@ with import <stockholm/lib>;
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ

View file

@ -72,10 +72,11 @@ in {
git-preview
gnome3.dconf
iodine
libarchive
lm_sensors
ncdu
nix-index
nix-review
nixpkgs-review
nmap
pavucontrol
ponymix
@ -92,6 +93,8 @@ in {
xsel
zathura
(pkgs.writeDashBin "screenshot" ''
set -efu
${pkgs.flameshot-once}/bin/flameshot-once
${pkgs.klem}/bin/klem
'')

View file

@ -49,54 +49,54 @@ in {
};
systemd.services = builtins.listToAttrs (map (host:
let
in nameValuePair "sync-blue-${host}" {
bindsTo = [ "container@blue.service" ];
wantedBy = [ "container@blue.service" ];
# ssh needed for rsync
path = [ pkgs.openssh ];
serviceConfig = {
Restart = "always";
RestartSec = 10;
ExecStart = pkgs.writeDash "sync-blue-${host}" ''
set -efu
#make sure blue is running
/run/wrappers/bin/ping -c1 blue.r > /dev/null
#systemd.services = builtins.listToAttrs (map (host:
# let
# in nameValuePair "sync-blue-${host}" {
# bindsTo = [ "container@blue.service" ];
# wantedBy = [ "container@blue.service" ];
# # ssh needed for rsync
# path = [ pkgs.openssh ];
# serviceConfig = {
# Restart = "always";
# RestartSec = 10;
# ExecStart = pkgs.writeDash "sync-blue-${host}" ''
# set -efu
# #make sure blue is running
# /run/wrappers/bin/ping -c1 blue.r > /dev/null
#make sure the container is unlocked
${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
# #make sure the container is unlocked
# ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
#make sure our target is reachable
${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null
# #make sure our target is reachable
# ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null
#start sync
${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" ''
settings {
nodaemon = true,
inotifyMode = "CloseWrite or Modify",
}
sync {
default.rsyncssh,
source = "/var/lib/containers/.blue",
host = "${host}.r",
targetdir = "/var/lib/containers/.blue",
rsync = {
archive = true,
owner = true,
group = true,
};
ssh = {
binary = "${pkgs.openssh}/bin/ssh";
identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa",
},
}
''}
'';
};
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
}
) remote_hosts);
# #start sync
# ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" ''
# settings {
# nodaemon = true,
# inotifyMode = "CloseWrite or Modify",
# }
# sync {
# default.rsyncssh,
# source = "/var/lib/containers/.blue",
# host = "${host}.r",
# targetdir = "/var/lib/containers/.blue",
# rsync = {
# archive = true,
# owner = true,
# group = true,
# };
# ssh = {
# binary = "${pkgs.openssh}/bin/ssh";
# identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa",
# },
# }
# ''}
# '';
# };
# unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
# }
#) remote_hosts);
environment.systemPackages = [
(pkgs.writeDashBin "start-blue" ''

View file

@ -26,6 +26,8 @@ with (import <stockholm/lib>);
{ predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";}
{ predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";}
{ predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";}
{ predicate = "-i retiolum -p tcp --dport imap"; target = "ACCEPT";}
{ predicate = "-i wiregrill -p tcp --dport imap"; target = "ACCEPT";}
];
systemd.services.chat = let
@ -64,4 +66,9 @@ with (import <stockholm/lib>);
ExecStop = "${tmux} kill-session -t IM";
};
};
services.dovecot2 = {
enable = true;
mailLocation = "maildir:~/Maildir";
};
}

View file

@ -44,7 +44,15 @@ with import <stockholm/lib>;
config.krebs.users.lass-yubikey.pubkey
];
};
nix = {
isNormalUser = true;
uid = genid_uint31 "nix";
openssh.authorizedKeys.keys = [
config.krebs.hosts.mors.ssh.pubkey
];
};
};
nix.trustedUsers = ["nix"];
}
{
environment.variables = {
@ -212,4 +220,7 @@ with import <stockholm/lib>;
networking.dhcpcd.extraConfig = ''
noipv4ll
'';
# use 24:00 time format, the default got sneakily changed around 20.03
i18n.defaultLocale = mkDefault "C.UTF-8";
}

View file

@ -2,8 +2,6 @@
to = concatStringsSep "," [
"lass@blue.r"
"lass@xerxes.r"
"lass@mors.r"
];
mails = [
@ -110,6 +108,12 @@
"auschein@lassul.us"
"tleech@lassul.us"
"durstexpress@lassul.us"
"acme@lassul.us"
"antstore@lassul.us"
"openweather@lassul.us"
"lobsters@lassul.us"
"rewe@lassul.us"
"spotify@lassul.us"
];
in {

View file

@ -4,5 +4,6 @@ with import <stockholm/lib>;
{
nix.gc = {
automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer);
options = "--delete-older-than 15d";
};
}

View file

@ -58,6 +58,10 @@ let
cgit.desc = "url shortener";
cgit.section = "software";
};
grib2json-bin = {
cgit.desc = "build jar of grib2json";
cgit.section = "deployment";
};
krebspage = {
cgit.desc = "homepage of krebs";
cgit.section = "configuration";

View file

@ -1,38 +1,44 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
let
cname = "green";
cryfs = pkgs.cryfs.overrideAttrs (old: {
patches = [
(pkgs.writeText "file_mode.patch" ''
--- a/src/cryfs/filesystem/CryNode.cpp
+++ b/src/cryfs/filesystem/CryNode.cpp
@@ -171,7 +171,7 @@ CryNode::stat_info CryNode::stat() const {
result.uid = fspp::uid_t(getuid());
result.gid = fspp::gid_t(getgid());
#endif
- result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag();
+ result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag().addGroupReadFlag().addGroupExecFlag().addOtherReadFlag().addOtherExecFlag();;
result.size = fsblobstore::DirBlob::DIR_LSTAT_SIZE;
//TODO If possible without performance loss, then for a directory, st_nlink should return number of dir entries (including "." and "..")
result.nlink = 1;
'')
] ++ old.patches;
});
in {
imports = [
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/syncthing.nix>
{ #hack for already defined
systemd.services."container@green".reloadIfChanged = mkForce false;
systemd.services."container@green".preStart = ''
${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q ' on /var/lib/containers/green '
'';
systemd.services."container@green".postStop = ''
set -x
${pkgs.umount}/bin/umount /var/lib/containers/green
ls -la /dev/mapper/control
${pkgs.devicemapper}/bin/dmsetup ls
${pkgs.cryptsetup}/bin/cryptsetup -v luksClose /var/lib/sync-containers/green.img
'';
}
];
services.syncthing.declarative.folders."/var/lib/sync-containers".devices = [ "icarus" "skynet" "littleT" "shodan" ];
krebs.permown."/var/lib/sync-containers" = {
owner = "root";
group = "syncthing";
umask = "0007";
};
programs.fuse.userAllowOther = true;
system.activationScripts.containerPermissions = ''
mkdir -p /var/lib/containers
chmod 711 /var/lib/containers
'';
services.syncthing.declarative.folders."/var/lib/sync-containers/${cname}".devices = [ "icarus" "skynet" "littleT" "shodan" ];
# krebs.permown."/var/lib/sync-containers/${cname}" = {
# owner = "root";
# group = "syncthing";
# umask = "0007";
# };
containers.green = {
systemd.services."container@green".reloadIfChanged = mkForce false;
containers.${cname} = {
config = { ... }: {
environment.systemPackages = [
pkgs.git
@ -42,41 +48,52 @@ with import <stockholm/lib>;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
system.activationScripts.fuse = {
text = ''
${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229
'';
deps = [];
};
};
allowedDevices = [
{ modifier = "rwm"; node = "/dev/fuse"; }
];
autoStart = false;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.15";
localAddress = "10.233.2.16";
hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs
localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs
};
environment.systemPackages = [
(pkgs.writeDashBin "start-green" ''
set -fu
CONTAINER='green'
IMAGE='/var/lib/sync-containers/green.img'
(pkgs.writeDashBin "start-${cname}" ''
set -euf
${pkgs.cryptsetup}/bin/cryptsetup status "$CONTAINER" >/dev/null
if [ "$?" -ne 0 ]; then
${pkgs.cryptsetup}/bin/cryptsetup luksOpen "$IMAGE" "$CONTAINER"
mkdir -p /var/lib/containers/${cname}/var/state
chown ${config.services.syncthing.user}: /var/lib/containers/${cname}/var/state
if ! ${pkgs.mount}/bin/mount | grep -q '^cryfs@/var/lib/sync-containers/${cname} on /var/lib/containers/${cname}/var/state '; then
/run/wrappers/bin/sudo -u "${config.services.syncthing.user}" \
${cryfs}/bin/cryfs /var/lib/sync-containers/${cname} /var/lib/containers/${cname}/var/state -o allow_other -o default_permissions
fi
mkdir -p /var/lib/containers/"$CONTAINER"
${pkgs.mount}/bin/mount | grep -q " on /var/lib/containers/"$CONTAINER" "
if [ "$?" -ne 0 ]; then
${pkgs.mount}/bin/mount -o sync /dev/mapper/"$CONTAINER" /var/lib/containers/"$CONTAINER"
fi
STATE=$(${pkgs.nixos-container}/bin/nixos-container status "$CONTAINER")
STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${cname})
if [ "$STATE" = 'down' ]; then
${pkgs.nixos-container}/bin/nixos-container start "$CONTAINER"
fi
ping -c1 green.r
if [ "$?" -ne 0 ]; then
${pkgs.nixos-container}/bin/nixos-container run green -- nixos-rebuild -I /var/src switch
${pkgs.nixos-container}/bin/nixos-container start ${cname}
fi
if ! ping -c1 -q -w5 ${cname}.r && [ -d /var/lib/containers/${cname}/var/src ]; then
${pkgs.nixos-container}/bin/nixos-container run ${cname} -- ${pkgs.writeDash "deploy-${cname}" ''
mkdir -p /var/state/var_src
ln -sf state/var_Src /var/src
nixos-rebuild -I /var/src switch
''}
fi
'')
(pkgs.writeDashBin "stop-${cname}" ''
set -euf
${pkgs.nixos-container}/bin/nixos-container stop ${cname}
${cryfs}/bin/cryfs-unmount /var/lib/containers/${cname}/var/state
'')
];
}

View file

@ -23,6 +23,7 @@ with import ./lib.nix { inherit lib; };
# extraComponents = [ "hue" ];
};
configWritable = true;
lovelaceConfigWritable = true;
};
lass.hass.config = let

View file

@ -5,4 +5,35 @@ with import ../lib.nix { inherit lib; };
lass.hass.config = lib.mkMerge [
(lightswitch switches.dimmer.bett lights.bett)
];
lass.hass.love = {
resources = [{
url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map";
type = "js";
}];
views = [{
title = "bett";
cards = [
{
type = "markdown";
title = "hello world";
content = "This is just a test";
}
{
type = "light";
entity = "light.${lights.bett}";
}
{
type = "custom:light-entity-card";
entity = "light.${lights.bett}";
}
{
type = "history-graph";
entities = [
"light.${lights.bett}"
];
}
];
}];
};
}

View file

@ -5,7 +5,7 @@
];
boot = {
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ];
initrd.luks.devices.luksroot.device = "/dev/sda3";
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
extraModulePackages = [
@ -47,9 +47,10 @@
services.logind.lidSwitchDocked = "ignore";
services.tlp.enable = true;
services.tlp.extraConfig = ''
START_CHARGE_THRESH_BAT0=80
STOP_CHARGE_THRESH_BAT0=95
'';
#services.tlp.extraConfig = ''
# START_CHARGE_THRESH_BAT0=80
# STOP_CHARGE_THRESH_BAT0=95
#'';
services.xserver.dpi = 80;
}

View file

@ -107,10 +107,12 @@ let
set mailcap_path = ${mailcap}
# notmuch
set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir
set folder="$HOME/Maildir"
set nm_default_uri = "notmuch://$HOME/Maildir"
set nm_record = yes
set nm_record_tags = "-inbox me archive"
set virtual_spoolfile=yes # enable virtual folders
set spoolfile = +Inbox
set virtual_spoolfile = yes
set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail
@ -132,8 +134,8 @@ let
# V
''} %r |"
virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox"
virtual-mailboxes "Unread" "notmuch://?query=tag:unread"
virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox"
${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)}
virtual-mailboxes "TODO" "notmuch://?query=tag:TODO"
virtual-mailboxes "Starred" "notmuch://?query=tag:*"
@ -200,9 +202,15 @@ let
macro pager ] ,@1 'Toggle indexbar
# sidebar
set sidebar_divider_char = ''
set sidebar_delim_chars = "/"
set sidebar_short_path
set sidebar_folder_indent
set sidebar_visible = yes
set sidebar_format = '%B%?F? [%F]?%* %?N?%N/? %?S?%S?'
set sidebar_width = 20
set sidebar_visible = yes # set to "no" to disable sidebar view at startup
color sidebar_new yellow default
color sidebar_new yellow red
# sidebar bindings
bind index <left> sidebar-prev # got to previous folder in sidebar
bind index <right> sidebar-next # got to next folder in sidebar
@ -229,7 +237,6 @@ in {
mutt
pkgs.notmuch
pkgs.muchsync
pkgs.haskellPackages.much
tag-new-mails
tag-old-mails
];

View file

@ -80,7 +80,7 @@ let
name = "mpv";
paths = [
(pkgs.writeDashBin "mpv" ''
exec ${pkgs.mpv}/bin/mpv --no-config --script=${autosub} "$@"
exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@"
'')
pkgs.mpv
];

View file

@ -7,7 +7,17 @@ with import <stockholm/lib>;
locations."/".extraConfig = ''
client_max_body_size 4G;
proxy_set_header Host $host;
proxy_pass http://localhost:9081;
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port};
'';
locations."/image".extraConfig = /* nginx */ ''
client_max_body_size 40M;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
proxy_pass_header Server;
'';
};
services.nginx.virtualHosts."p.krebsco.de" = {
@ -19,21 +29,36 @@ with import <stockholm/lib>;
return 403;
}
proxy_set_header Host $host;
proxy_pass http://localhost:9081;
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port};
'';
locations."/image".extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
proxy_pass_header Server;
'';
};
krebs.htgen.paste = {
port = 9081;
script = toString [
"PATH=${makeBinPath [
pkgs.nix
pkgs.file
]}:$PATH"
"STATEDIR=$HOME"
". ${pkgs.htgen}/examples/paste"
];
};
krebs.htgen.imgur = {
port = 7771;
script = /* sh */ ''
(. ${pkgs.htgen-imgur}/bin/htgen-imgur)
'';
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";}
{ predicate = "-i retiolum -p tcp --dport 9081"; target = "ACCEPT";}
];
}

View file

@ -12,7 +12,16 @@ let
music_dir = "/home/radio/music";
add_random = pkgs.writeDashBin "add_random" ''
${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" | grep -v '/other/' | grep '\.ogg$' | shuf -n1 | sed 's,${music_dir}/,,')"
${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" \
| grep -Ev '/other/|/.graveyard/' \
| grep '\.ogg$' \
| shuf -n1 \
| sed 's,${music_dir}/,,' \
)"
'';
get_current_track_position = pkgs.writeDash "get_current_track_position" ''
${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }'
'';
skip_track = pkgs.writeBashBin "skip_track" ''
@ -28,8 +37,8 @@ let
${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$music_dir"/"$current_track"
echo skipping: "$track_infos" skip_count: "$skip_count"
else
mkdir -p "$music_dir"/.graveyard/
mv "$music_dir"/"$current_track" "$music_dir"/.graveyard/
mkdir -p "$music_dir"/the_playlist/.graveyard/
mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/.graveyard/
echo killing: "$track_infos"
fi
${pkgs.mpc_cli}/bin/mpc -q next
@ -62,10 +71,18 @@ let
print_current_json = pkgs.writeDashBin "print_current_json" ''
${pkgs.jq}/bin/jq -n -c \
--arg name "$(${pkgs.mpc_cli}/bin/mpc current)" \
--arg artist "$(${pkgs.mpc_cli}/bin/mpc current -f %artist%)" \
--arg title "$(${pkgs.mpc_cli}/bin/mpc current -f %title%)" \
--arg filename "$(${pkgs.mpc_cli}/bin/mpc current -f %file%)" \
--arg position "$(${get_current_track_position})" \
--arg length "$(${pkgs.mpc_cli}/bin/mpc current -f %time%)" \
--arg youtube "$(${track_youtube_link})" '{
name: $name,
artist: $artist,
title: $title,
filename: $filename,
position: $position,
length: $length,
youtube: $youtube
}'
'';
@ -193,7 +210,7 @@ in {
timeLeft () {
playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
currentTime=$(${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
currentTime=$(${get_current_track_position})
expr ''${playlistDuration:-0} - ''${currentTime:-0}
}
@ -221,9 +238,11 @@ in {
${pkgs.mpc_cli}/bin/mpc idle player > /dev/null
${pkgs.mpc_cli}/bin/mpc current -f %file%
done | while read track; do
listeners=$(${pkgs.curl}/bin/curl 'http://localhost:8000/status-json.xsl' \
| ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add')
echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE"
echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
${write_to_irc} "playing: $track"
${write_to_irc} "playing: $track listeners: $listeners"
done
'';
in {

View file

@ -13,7 +13,11 @@
nixpkgs.config.steam.java = true;
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
users.users.games.packages = [ pkgs.steam ];
users.users.games.packages = [ (pkgs.steam.override {
extraPkgs = p: with p; [
gnutls # needed for Halo MCC
];
}) ];
#ports for inhome streaming
krebs.iptables = {

View file

@ -31,5 +31,6 @@ in {
owner = "lass";
group = "syncthing";
umask = "0002";
keepGoing = true;
};
}

View file

@ -26,6 +26,7 @@ in {
./default.nix
./sqlBackup.nix
(servePage [ "aldonasiech.com" "www.aldonasiech.com" ])
(servePage [ "apanowicz.de" "www.apanowicz.de" ])
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [
"freemonkey.art"
@ -34,7 +35,6 @@ in {
(serveOwncloud [ "o.ubikmedia.de" ])
(serveWordpress [
"ubikmedia.de"
"apanowicz.de"
"nirwanabluete.de"
"ubikmedia.eu"
"youthtube.xyz"
@ -42,7 +42,6 @@ in {
"weirdwednesday.de"
"jarugadesign.de"
"www.apanowicz.de"
"www.nirwanabluete.de"
"www.ubikmedia.eu"
"www.youthtube.xyz"
@ -52,7 +51,6 @@ in {
"www.jarugadesign.de"
"aldona2.ubikmedia.de"
"apanowicz.ubikmedia.de"
"cinevita.ubikmedia.de"
"factscloud.ubikmedia.de"
"illucloud.ubikmedia.de"
@ -93,6 +91,7 @@ in {
services.nextcloud = {
enable = true;
hostName = "o.xanf.org";
package = pkgs.nextcloud18;
config = {
adminpassFile = toString <secrets> + "/nextcloud_pw";
overwriteProtocol = "https";
@ -107,6 +106,10 @@ in {
# MAIL STUFF
# TODO: make into its own module
# workaround for android 7
security.acme.certs."lassul.us".keyType = "rsa4096";
services.dovecot2 = {
enable = true;
mailLocation = "maildir:~/Mail";
@ -131,18 +134,16 @@ in {
server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
'';
internet-aliases = [
{ from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
{ from = "dma@ubikmedia.de"; to = "domsen"; }
{ from = "dma@ubikmedia.eu"; to = "domsen"; }
{ from = "mail@habsys.de"; to = "domsen"; }
{ from = "mail@habsys.eu"; to = "domsen"; }
{ from = "hallo@apanowicz.de"; to = "domsen"; }
{ from = "bruno@apanowicz.de"; to = "bruno"; }
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
{ from = "jms@ubikmedia.eu"; to = "jms"; }
{ from = "ms@ubikmedia.eu"; to = "ms"; }
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
{ from = "akayguen@freemonkey.art"; to ="akayguen"; }
{ from = "bui@freemonkey.art"; to ="bui"; }
{ from = "kontakt@alewis.de"; to ="klabusterbeere"; }
{ from = "hallo@jarugadesign.de"; to ="kasia"; }
@ -153,9 +154,14 @@ in {
"jla-trading.com"
"ubikmedia.eu"
"ubikmedia.de"
"apanowicz.de"
"alewis.de"
"jarugadesign.de"
];
dkim = [
{ domain = "ubikmedia.eu"; }
{ domain = "apanowicz.de"; }
];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem";
};

View file

@ -61,7 +61,7 @@ in {
pubkey = config.krebs.users.lass.pubkey;
};
in ''
alias ${initscript};
alias ${initscript}/bin/init;
'';
locations."= /blue.pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
@ -69,6 +69,9 @@ in {
locations."= /mors.pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
'';
locations."= /yubi.pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pubkey};
'';
};
security.acme.certs."cgit.lassul.us" = {

View file

@ -14,8 +14,7 @@ in {
];
createHome = true;
packages = [
pkgs.wine
pkgs.winetricks
pkgs.wineMinimal
];
};
};

View file

@ -122,14 +122,15 @@
case $TERM in
(*xterm* | *rxvt*)
function precmd {
PROMPT_EVALED="$(print -P $TITLE)"
PROMPT_EVALED=$(print -P "$TITLE")
echo -ne "\033]0;$$ $PROMPT_EVALED\007"
}
# This is seen while the shell waits for a command to complete.
function preexec {
PROMPT_EVALED="$(print -P $TITLE)"
echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
}
# This seems broken for some reason
# # This is seen while the shell waits for a command to complete.
# function preexec {
# PROMPT_EVALED=$(print -P "$TITLE")
# echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
# }
;;
esac
'';

View file

@ -22,6 +22,22 @@ in {
};
in valueType;
};
love = mkOption {
default = {};
type = with lib.types; let
valueType = nullOr (oneOf [
bool
int
float
str
(attrsOf valueType)
(listOf valueType)
]) // {
description = "Yaml value";
emptyValue.value = {};
};
in valueType;
};
};
config =
@ -29,6 +45,7 @@ in {
mkIf (cfg.config != {})
{
services.home-assistant.config = cfg.config;
# services.home-assistant.lovelaceConfig = cfg.love;
};
}

View file

@ -19,6 +19,8 @@ import System.Environment (getArgs, lookupEnv)
import System.Exit (exitFailure)
import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile)
import Data.Ratio
import XMonad.Actions.CopyWindow (copy, copyToAll, kill1)
import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
@ -29,14 +31,17 @@ import XMonad.Hooks.EwmhDesktops (ewmh)
import XMonad.Hooks.FloatNext (floatNext)
import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
import XMonad.Hooks.ManageHelpers (composeOne, doCenterFloat, (-?>))
import XMonad.Hooks.ManageHelpers (doCenterFloat, doRectFloat, (-?>))
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.UrgencyHook (focusUrgent)
import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Grid (Grid(..))
import XMonad.Layout.Minimize (minimize)
import XMonad.Layout.NoBorders (smartBorders)
import XMonad.Layout.MouseResizableTile (mouseResizableTile)
import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.ManageHook (composeAll)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
import XMonad.Util.EZConfig (additionalKeysP)
@ -76,7 +81,7 @@ main' = do
{ terminal = myTerm
, modMask = mod4Mask
, layoutHook = smartBorders $ myLayoutHook
, manageHook = floatHooks <+> floatNextHook
, manageHook = floatHooks
, startupHook =
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
(\path -> forkFile path [] Nothing)
@ -88,14 +93,17 @@ main' = do
myLayoutHook = defLayout
where
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile)
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid)
floatHooks :: Query (Endo WindowSet)
floatHooks = composeOne
[ className =? "Pinentry" -?> doCenterFloat
, title =? "fzfmenu" -?> doCenterFloat
, title =? "glxgears" -?> doCenterFloat
, resource =? "Dialog" -?> doFloat
floatHooks = composeAll
[ className =? "Pinentry" --> doCenterFloat
, title =? "fzfmenu" --> doCenterFloat
, title =? "glxgears" --> doCenterFloat
, resource =? "Dialog" --> doFloat
, title =? "Upload to Imgur" -->
doRectFloat (W.RationalRect 0 0 (1 % 8) (1 % 8))
, placeHook (smart (1,0))
, floatNextHook
]
myKeyMap :: [([Char], X ())]
@ -105,7 +113,6 @@ myKeyMap =
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("M4-S-p", spawn "${pkgs.otpmenu}/bin/otpmenu")
, ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
, ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type")
, ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons")
, ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")

View file

@ -29,6 +29,6 @@ writeDashBin "emoticons" ''
data=$(${coreutils}/bin/cat ${emoticons})
emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//')
${xdotool}/bin/xdotool type -- "$emoticon"
${xdotool}/bin/xdotool type --clearmodifiers -- "$emoticon"
exit 0
''

View file

@ -2,10 +2,10 @@
with lib;
pkgs.writeScript "init" ''
pkgs.writeScriptBin "init" ''
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p jq parted libxfs
set -efu
#! nix-shell -i bash -p cryptsetup gptfdisk jq libxfs
set -xefuo pipefail
disk=$1
@ -14,12 +14,12 @@ pkgs.writeScript "init" ''
exit 2
fi
bootdev="$disk"2
luksdev="$disk"3
luksmap=/dev/mapper/${luksmap}
vgname=${vgname}
bootdev=/dev/sda2
rootdev=/dev/mapper/${vgname}-root
homedev=/dev/mapper/${vgname}-home
@ -35,15 +35,13 @@ pkgs.writeScript "init" ''
# dd if=/dev/zero bs=512 count=34 of=/dev/sda
# TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
parted -s -a optimal "$disk" \
mklabel gpt \
mkpart no-fs 0 1024KiB \
set 1 bios_grub on \
mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
mkpart primary 1025MiB 100%
sgdisk -og "$disk"
sgdisk -n 1:2048:4095 -c 1:"BIOS Boot Partition" -t 1:ef02 "$disk"
sgdisk -n 2:4096:+1G -c 2:"EFI System Partition" -t 2:ef00 "$disk"
sgdisk -n 3:0:0 -c 3:"LUKS container" -t 3:8300 "$disk"
fi
if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then
if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = "LUKS container"; then
echo zonk2
exit 23
fi
@ -58,7 +56,6 @@ pkgs.writeScript "init" ''
if ! test -e "$luksmap"; then
echo "$lukspw" | cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" -
fi
# cryptsetup close
if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
pvcreate "$luksmap"
@ -68,11 +65,7 @@ pkgs.writeScript "init" ''
lvchange -a y /dev/mapper/"$vgname"
if ! test -e "$rootdev"; then lvcreate -L 7G -n root "$vgname"; fi
if ! test -e "$homedev"; then lvcreate -L 100M -n home "$vgname"; fi
# lvchange -a n "$vgname"
if ! test -e "$rootdev"; then lvcreate -L 3G -n root "$vgname"; fi
#
# formatting
@ -82,35 +75,23 @@ pkgs.writeScript "init" ''
mkfs.vfat "$bootdev"
fi
if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
if ! test "$(blkid -o value -s TYPE "$rootdev")" = xfs; then
mkfs.xfs "$rootdev"
fi
if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then
mkfs.xfs "$homedev"
fi
if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
mkdir -p /mnt
mount "$rootdev" /mnt
fi
if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
mkdir -m 0000 -p /mnt/boot
mount "$bootdev" /mnt/boot
fi
if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then
mkdir -m 0000 -p /mnt/home
mount "$homedev" /mnt/home
fi
# umount -R /mnt
#
# dependencies for stockholm
#
nix-env -iA nixos.git
# TODO: get sentinal file from target_path
mkdir -p /mnt/var/src
touch /mnt/var/src/.populate
@ -119,7 +100,7 @@ pkgs.writeScript "init" ''
# print all the infos
#
parted "$disk" print
gdisk -l "$disk"
lsblk "$disk"
echo READY.

7
lass/5pkgs/init/run-vm.sh Executable file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p nixos-generators
set -efu
WD=$(dirname "$0")
nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f vm-nogui --run

13
lass/5pkgs/init/test.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, pkgs, ... }:
{
virtualisation.emptyDiskImages = [
8000
];
virtualisation.memorySize = 1500;
boot.tmpOnTmpfs = true;
environment.systemPackages = [
(pkgs.callPackage ./default.nix {})
];
services.mingetty.autologinUser = lib.mkForce "root";
}

11
lass/5pkgs/init/test.sh Executable file
View file

@ -0,0 +1,11 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p nixos-generators
set -xefu
WD=$(realpath $(dirname "$0"))
TMPDIR=$(mktemp -d)
cd "$TMPDIR"
nixos-generate -c "$WD"/test.nix -f vm-nogui --run "$@"
cd -
rm -r "$TMPDIR"

View file

@ -11,8 +11,9 @@
{
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
nixpkgs-unstable.git = {
url = "https://github.com/nixos/nixpkgs-channels";
url = "https://github.com/nixos/nixpkgs";
ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
shallow = true;
};
secrets = if test then {
file = toString ./2configs/tests/dummy-secrets;

View file

@ -60,13 +60,17 @@ let
}.${typeOf x};
mapNixDir1 = f: dirPath:
let
toPackageName = name:
if test "^[0-9].*" name then "_${name}" else name;
in
listToAttrs
(map
(relPath: let
name = removeSuffix ".nix" relPath;
path = dirPath + "/${relPath}";
in
nameValuePair name (f path))
nameValuePair (toPackageName name) (f path))
(filter
(name: name != "default.nix" && !hasPrefix "." name)
(attrNames (readDir dirPath))));

View file

@ -116,6 +116,10 @@ rec {
type = listOf hostname;
default = [];
};
mac = mkOption {
type = nullOr str;
default = null;
};
ip4 = mkOption {
type = nullOr (submodule {
options = {

View file

@ -48,7 +48,7 @@
}
(lib.mkIf (host-src.unstable) {
nixpkgs-unstable.git = {
url = "https://github.com/nixos/nixpkgs-channels";
url = "https://github.com/nixos/nixpkgs";
ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
};
})

View file

@ -3,6 +3,7 @@
./disks.nix
<stockholm/tv>
<stockholm/tv/2configs/hw/x220.nix>
<stockholm/tv/2configs/ppp.nix>
<stockholm/tv/2configs/retiolum.nix>
];

View file

@ -1,7 +1,7 @@
with import <stockholm/lib>;
{ config, pkgs, ... }: {
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelPackages = mkDefault pkgs.linuxPackages_latest;
boot.tmpOnTmpfs = true;
@ -68,18 +68,13 @@ with import <stockholm/lib>;
];
environment.shellAliases = mkForce {
# alias cal='cal -m3'
gp = "${pkgs.pari}/bin/gp -q";
df = "df -h";
du = "du -h";
# alias grep='grep --color=auto'
# TODO alias cannot contain #\'
# "ps?" = "ps ax | head -n 1;ps ax | fgrep -v ' grep --color=auto ' | grep";
# alias la='ls -lA'
lAtr = "ls -lAtr";
# alias ll='ls -l'
ls = "ls -h --color=auto --group-directories-first";
dmesg = "dmesg -L --reltime";
view = "vim -R";

View file

@ -1,9 +1,25 @@
{ pkgs, ... }: {
# usage: pppd call default
environment.etc."ppp/peers/default".text = ''
/dev/ttyACM2
{ config, pkgs, ... }: let
lib = import <stockholm/lib>;
cfg = {
pin = "@${toString <secrets/o2.pin>}";
ttys.ppp = "/dev/ttyACM0";
ttys.com = "/dev/ttyACM1";
};
in {
assertions = [
{
assertion = config.networking.resolvconf.enable;
message = "ppp configuration needs resolvconf";
}
];
environment.etc."ppp/ip-up".source = pkgs.writeDash "ppp.ip-up" ''
${pkgs.openresolv}/bin/resolvconf -a "$IFNAME" < /etc/ppp/resolv.conf
'';
environment.etc."ppp/ip-down".source = pkgs.writeDash "ppp.ip-down" ''
${pkgs.openresolv}/bin/resolvconf -fd "$IFNAME"
'';
environment.etc."ppp/peers/o2".text = /* sh */ ''
${cfg.ttys.ppp}
921600
crtscts
defaultroute
@ -16,17 +32,53 @@
passive
persist
usepeerdns
connect "${pkgs.ppp}/bin/chat -f ${pkgs.writeText "default.chat" ''
connect "${pkgs.ppp}/bin/chat ''${DEBUG+-v} -Ss -f ${pkgs.writeText "o2.chat" /* sh */ ''
ABORT "BUSY"
ABORT "NO CARRIER"
REPORT CONNECT
"" "ATDT*99#"
CONNECT
"*EMRDY: 1"
ATZ OK
AT+CFUN=1 OK
${cfg.pin} TIMEOUT 2 ERROR-AT-OK
AT+CGDCONT=1,\042IP\042,\042internet\042 OK
ATDT*99***1# CONNECT
''}"
'';
environment.systemPackages = [
pkgs.ppp
users.users.root.packages = [
(pkgs.writeDashBin "connect" ''
# usage:
# connect wlan
# connect wwan [PEERNAME]
set -efu
rfkill_wlan=/sys/class/rfkill/rfkill2
rfkill_wwan=/sys/class/rfkill/rfkill1
case $1 in
wlan)
${pkgs.procps}/bin/pkill pppd || :
echo 0 > "$rfkill_wwan"/state
echo 1 > "$rfkill_wlan"/state
;;
wwan)
name=''${2-o2}
echo 0 > "$rfkill_wlan"/state
echo 1 > "$rfkill_wwan"/state
${pkgs.ppp}/bin/pppd call "$name" updetach
;;
*)
echo "$0: error: bad arguments: $*" >&2
exit 1
esac
'')
(pkgs.writeDashBin "modem-send" ''
# usage: modem-send ATCOMMAND
set -efu
tty=${lib.shell.escape cfg.ttys.com}
exec <"$tty"
printf '%s\r\n' "$1" >"$tty"
${pkgs.gnused}/bin/sed -E '
/^OK\r?$/q
/^ERROR\r?$/q
'
'')
];
}

View file

@ -1,10 +1,22 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
{ config, ... }: let
cfg.host = config.krebs.build.host;
in {
services.openssh = {
enable = true;
};
tv.iptables.input-internet-accept-tcp = singleton "ssh";
tv.iptables.extra.nat.OUTPUT = [
"-o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22"
];
tv.iptables.extra4.nat.PREROUTING = [
"-d ${cfg.host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT"
];
tv.iptables.extra6.nat.PREROUTING = [
"-d ${cfg.host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT"
];
tv.iptables.extra.nat.PREROUTING = [
"-p tcp --dport 22 -j REDIRECT --to-ports 0"
"-p tcp --dport 11423 -j REDIRECT --to-ports 22"
];
}

View file

@ -6,6 +6,19 @@ let
configDir = "/var/empty";
dataDir = "/run/xdg/${cfg.user.name}/xmonad";
user = config.krebs.build.user;
xmonad.pkg = pkgs.haskellPackages.xmonad-tv.overrideAttrs (_: {
au = {
XMONAD_BUILD_SCREEN_WIDTH = 1920;
XMONAD_BUILD_TERM_FONT_WIDTH = 10;
XMONAD_BUILD_TERM_FONT = "xft:Input Mono:size=12:style=Regular";
XMONAD_BUILD_TERM_PADDING = 2;
};
}.${config.krebs.build.host.name} or {
XMONAD_BUILD_SCREEN_WIDTH = 1366;
XMONAD_BUILD_TERM_FONT_WIDTH = 6;
XMONAD_BUILD_TERM_FONT = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
XMONAD_BUILD_TERM_PADDING = 2;
});
};
in {
@ -51,7 +64,7 @@ in {
systemd.services.display-manager.enable = false;
systemd.services.xmonad = let
xmonad = "${pkgs.haskellPackages.xmonad-tv}/bin/xmonad";
xmonad = "${cfg.xmonad.pkg}/bin/xmonad";
xmonad-start = pkgs.writeDash "xmonad-start" ''
${pkgs.coreutils}/bin/mkdir -p "$XMONAD_CACHE_DIR"
${pkgs.coreutils}/bin/mkdir -p "$XMONAD_CONFIG_DIR"

View file

@ -135,15 +135,8 @@ let {
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
${concatMapStringsSep "\n" (rule: "-A PREROUTING ${rule}") [
"! -i retiolum -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0"
"-p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22"
]}
${concatMapStringsSep "\n" (rule: "-A OUTPUT ${rule}") [
"-o lo -p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22"
]}
${formatTable cfg.extra.nat}
${formatTable cfg."extra${toString iptables-version}".nat}
${formatTable cfg.extra.nat}
COMMIT
*filter
:INPUT DROP [0:0]

View file

@ -0,0 +1,10 @@
{ mkDerivation, base, stdenv, template-haskell, text }:
mkDerivation {
pname = "th-env";
version = "1.0.0";
src = ./.;
libraryHaskellDepends = [ base template-haskell text ];
homepage = "https://stackoverflow.com/q/57635686";
license = "unknown";
hydraPlatforms = stdenv.lib.platforms.none;
}

View file

@ -0,0 +1,49 @@
{-# LANGUAGE TemplateHaskell #-}
module THEnv
(
-- * Compile-time configuration
lookupCompileEnv
, lookupCompileEnvExp
, getCompileEnv
, getCompileEnvExp
, fileAsString
) where
import Control.Monad
import qualified Data.Text as T
import qualified Data.Text.IO as T
import Language.Haskell.TH
import Language.Haskell.TH.Syntax (Lift(..))
import System.Environment (getEnvironment)
-- Functions that work with compile-time configuration
-- | Looks up a compile-time environment variable.
lookupCompileEnv :: String -> Q (Maybe String)
lookupCompileEnv key = lookup key `liftM` runIO getEnvironment
-- | Looks up a compile-time environment variable. The result is a TH
-- expression of type @Maybe String@.
lookupCompileEnvExp :: String -> Q Exp
lookupCompileEnvExp = (`sigE` [t| Maybe String |]) . lift <=< lookupCompileEnv
-- We need to explicly type the result so that things like `print Nothing`
-- work.
-- | Looks up an compile-time environment variable and fail, if it's not
-- present.
getCompileEnv :: String -> Q String
getCompileEnv key =
lookupCompileEnv key >>=
maybe (fail $ "Environment variable " ++ key ++ " not defined") return
-- | Looks up an compile-time environment variable and fail, if it's not
-- present. The result is a TH expression of type @String@.
getCompileEnvExp :: String -> Q Exp
getCompileEnvExp = lift <=< getCompileEnv
-- | Loads the content of a file as a string constant expression.
-- The given path is relative to the source directory.
fileAsString :: FilePath -> Q Exp
fileAsString = do
-- addDependentFile path -- works only with template-haskell >= 2.7
stringE . T.unpack . T.strip <=< runIO . T.readFile

View file

@ -0,0 +1,20 @@
name: th-env
version: 1.0.0
-- license: https://creativecommons.org/licenses/by-sa/4.0/
license: OtherLicense
author: https://stackoverflow.com/users/9348482
homepage: https://stackoverflow.com/q/57635686
maintainer: tv <tv@krebsco.de>
build-type: Simple
cabal-version: >=1.10
library
hs-source-dirs: src
build-depends:
base,
template-haskell,
text
exposed-modules:
THEnv
default-language: Haskell2010
ghc-options: -O2 -Wall

View file

@ -1,5 +1,6 @@
{ mkDerivation, base, containers, directory, extra, stdenv, unix
, X11, xmonad, xmonad-contrib, xmonad-stockholm
{ mkDerivation, aeson, base, bytestring, containers, directory
, extra, stdenv, template-haskell, th-env, unix, X11, xmonad
, xmonad-contrib, xmonad-stockholm
}:
mkDerivation {
pname = "xmonad-tv";
@ -8,8 +9,8 @@ mkDerivation {
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
base containers directory extra unix X11 xmonad xmonad-contrib
xmonad-stockholm
aeson base bytestring containers directory extra template-haskell
th-env unix X11 xmonad xmonad-contrib xmonad-stockholm
];
license = stdenv.lib.licenses.mit;
}

View file

@ -0,0 +1,18 @@
{-# LANGUAGE ScopedTypeVariables #-}
module THEnv.JSON where
import Data.Aeson (eitherDecode,FromJSON)
import Data.ByteString.Lazy.Char8 (pack)
import Language.Haskell.TH.Syntax (Exp,Lift(lift),Q)
import THEnv (getCompileEnv)
import Control.Monad
getCompileEnvJSON :: (FromJSON a) => String -> Q a
getCompileEnvJSON name =
either error (id :: a -> a) . eitherDecode . pack <$> getCompileEnv name
getCompileEnvJSONExp ::
forall proxy a. (FromJSON a, Lift a) => proxy a -> String -> Q Exp
getCompileEnvJSONExp _ =
(lift :: a -> Q Exp) <=< getCompileEnvJSON

View file

@ -1,4 +1,6 @@
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE TypeApplications #-}
module Main (main) where
@ -32,10 +34,23 @@ import XMonad.Stockholm.Pager
import XMonad.Stockholm.Shutdown
import qualified Paths
import THEnv.JSON (getCompileEnvJSONExp)
myFont :: String
myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
myScreenWidth :: Dimension
myScreenWidth =
$(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_SCREEN_WIDTH")
myTermFontWidth :: Dimension
myTermFontWidth =
$(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_TERM_FONT_WIDTH")
myTermPadding :: Dimension
myTermPadding = 2
main :: IO ()
main = getArgs >>= \case
@ -46,7 +61,6 @@ main = getArgs >>= \case
mainNoArgs :: IO ()
mainNoArgs = do
let width = 1366
workspaces0 <- getWorkspaces0
handleShutdownEvent <- newShutdownEventHandler
launch
@ -60,8 +74,9 @@ mainNoArgs = do
smartBorders $
ResizableTall
1
(10 * 6 / width)
((80 * 6 + 2 * (1+1+1))/width) []
(fromIntegral (10 * myTermFontWidth) / fromIntegral myScreenWidth)
(fromIntegral (80 * myTermFontWidth + 2 * (myTermPadding + borderWidth def)) / fromIntegral myScreenWidth)
[]
|||
Full
, manageHook =

View file

@ -9,10 +9,14 @@ cabal-version: >=1.10
executable xmonad
main-is: main.hs
build-depends:
aeson,
base,
bytestring,
containers,
directory,
extra,
template-haskell,
th-env,
unix,
X11,
xmonad,
@ -20,6 +24,7 @@ executable xmonad
xmonad-stockholm
other-modules:
Helpers.Path,
Paths
Paths,
THEnv.JSON
default-language: Haskell2010
ghc-options: -O2 -Wall -threaded

View file

@ -1,5 +1,18 @@
with import <stockholm/lib>;
self: super: {
input-fonts = super.input-fonts.overrideAttrs (old: rec {
src = self.fetchurl {
url = "http://xu.r/~tv/mirrors/input-fonts/Input-Font-2.zip";
sha256 = "1vvipqcflz4ximy7xpqy9idrdpq3a0c490hp5137r2dq03h865y0";
};
outputHash = null;
outputHashAlgo = null;
outputHashMode = null;
});
nix-prefetch-github =
self.python3Packages.callPackage ./nix-prefetch-github.nix {};
rxvt_unicode = self.callPackage ./rxvt_unicode.nix {
rxvt_unicode = super.rxvt_unicode;
};

View file

@ -0,0 +1,47 @@
{ fetchPypi
, lib
, buildPythonPackage
, pythonOlder
, attrs
, click
, effect
, jinja2
, git
, pytestCheckHook
, pytest-black
, pytestcov
, pytest-isort
}:
buildPythonPackage rec {
pname = "nix-prefetch-github";
version = "3.0";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-EN+EbVXUaf+id5UsK4EBm/9k9FYaH79g08kblvW60XA=";
};
propagatedBuildInputs = [
attrs
click
effect
jinja2
];
checkInputs = [ pytestCheckHook pytest-black pytestcov pytest-isort git ];
checkPhase = ''
pytest -m 'not network'
'';
# latest version of isort will cause tests to fail
# ignore tests which are impure
disabledTests = [ "isort" "life" "outputs" "fetch_submodules" ];
meta = with lib; {
description = "Prefetch sources from github";
homepage = "https://github.com/seppeljordan/nix-prefetch-github";
license = licenses.gpl3;
maintainers = with maintainers; [ seppeljordan ];
};
}

View file

@ -0,0 +1,24 @@
--- a/RPi_utils/codesend.cpp
+++ b/RPi_utils/codesend.cpp
@@ -40,18 +40,18 @@ int main(int argc, char *argv[]) {
}
// Change protocol and pulse length accroding to parameters
- int code = atoi(argv[1]);
+ const char *code = argv[1];
if (argc >= 3) protocol = atoi(argv[2]);
if (argc >= 4) pulseLength = atoi(argv[3]);
if (wiringPiSetup () == -1) return 1;
- printf("sending code[%i]\n", code);
+ printf("sending code[%s]\n", code);
RCSwitch mySwitch = RCSwitch();
if (protocol != 0) mySwitch.setProtocol(protocol);
if (pulseLength != 0) mySwitch.setPulseLength(pulseLength);
mySwitch.enableTransmit(PIN);
- mySwitch.send(code, 24);
+ mySwitch.send(code);
return 0;

View file

@ -0,0 +1,42 @@
{ fetchFromGitHub, stdenv
, wiringPi ? WiringPi.wiringPi
, wiringPiDev ? WiringPi.wiringPiDev
, WiringPi ? rpiPackages.WiringPi
, rpiPackages
}:
stdenv.mkDerivation {
pname = "433Utils-RPi_utils";
version = "2018-06-07";
src = fetchFromGitHub (stdenv.lib.importJSON ./src.json);
patches = [
./rc-switch.protocols.patch
./RPi_utils.codesend.codestring.patch
];
buildPhase = ''
runHook postBuild
make -C RPi_utils
runHook preBuild
'';
buildInputs = [
wiringPi
wiringPiDev
];
installPhase = ''
runHook preInstall
mkdir -p $out/bin
for name in send codesend RFSniffer; do
cp RPi_utils/$name $out/bin/
done
runHook postInstall
'';
}

View file

@ -0,0 +1,10 @@
--- a/rc-switch/RCSwitch.cpp
+++ b/rc-switch/RCSwitch.cpp
@@ -78,6 +78,7 @@ static const RCSwitch::Protocol PROGMEM proto[] = {
{ 100, { 30, 71 }, { 4, 11 }, { 9, 6 } }, // protocol 3
{ 380, { 1, 6 }, { 1, 3 }, { 3, 1 } }, // protocol 4
{ 500, { 6, 14 }, { 1, 2 }, { 2, 1 } }, // protocol 5
+ { 136, { 1, 31 }, { 1, 3 }, { 3, 1 } }, // protocol 6
};
enum {

View file

@ -0,0 +1,7 @@
{
"owner": "ninjablocks",
"repo": "433Utils",
"rev": "31c0ea4e158287595a6f6116b6151e72691e1839",
"sha256": "04r2qlkdsz46qgpnbizrfccz1i0qlkb1iqz0jzyq4fzvksqp9dg1",
"fetchSubmodules": true
}

View file

@ -0,0 +1,61 @@
{ fetchFromGitHub, runCommand, stdenv }:
let
generic = name: extraAttrs:
stdenv.mkDerivation ({
pname = "WiringPi-${name}";
version = "2020-09-14";
src = fetchFromGitHub (stdenv.lib.importJSON ./src.json);
buildPhase = ''
runHook postBuild
make -C ${name} all
runHook preBuild
'';
installPhase = ''
runHook preInstall
export DESTDIR=$out
export PREFIX=
export LDCONFIG=true
make -C ${name} install
runHook postInstall
'';
} // extraAttrs);
fakeutils = runCommand "fakeutils-1.0" {} /* sh */ ''
mkdir -p $out/bin
for name in chown chmod; do
touch $out/bin/$name
chmod +x $out/bin/$name
done
'';
in
rec {
wiringPi = generic "wiringPi" {};
wiringPiDev = generic "devLib" {
buildInputs = [
wiringPi
];
};
gpio = generic "gpio" {
preInstall = ''
# fakeutils cannot be buildInputs because they have to override existing
# executables and therefore need to be prepended to the search path.
PATH=${fakeutils}/bin:$PATH
mkdir -p $out/bin
'';
buildInputs = [
wiringPi
wiringPiDev
];
};
}

View file

@ -0,0 +1,6 @@
{
"owner": "WiringPi",
"repo": "WiringPi",
"rev": "5c6bab7d4279e8c0cc890984eaa1a69ff3af1c99",
"sha256": "1jlx7lb3ybwv06b2dpmsr718d0xj85awl1dgdqc607k50kk25mjb"
}

9
tv/5pkgs/rpi/default.nix Normal file
View file

@ -0,0 +1,9 @@
let
lib = import <stockholm/lib>;
in
self: super:
{
rpiPackages = lib.mapNixDir (path: self.callPackage path {}) ./.;
}

View file

@ -0,0 +1,16 @@
# This package is mainly intended for cross-built systems for which we cannot
# or don't want to build pkgs.rxvt_unicode for some reason.
#
# ${./rxvt-unicode-256color.terminfo} was copied from a previously built
# /run/current-system/sw/share/terminfo/r/rxvt-unicode-256color
{ runCommand }:
runCommand "rxvt-unicode-256color-terminfo" {} /* sh */ ''
mkdir -p $out/nix-support
mkdir -p $out/share/terminfo/r
ln -s ${./rxvt-unicode-256color.terminfo} \
$out/share/terminfo/r/rxvt-unicode-256color
echo "$out" >> $out/nix-support/propagated-user-env-packages
''

View file

@ -11,6 +11,7 @@ stdenv.mkDerivation {
installPhase = ''
mkdir -p $out
cp ${./index.html} $out/index.html
convert ${./logo.xpm} $out/favicon.ico
convert ${./logo.xpm} $out/favicon2.png
'';
}

View file

@ -133,8 +133,9 @@ with import <stockholm/lib>;
(writer "Jq")
(writerExt "jq")
];
javascript.extraStart = comment "jq";
javascript.extraStart = comment "js";
lua = {};
markdown.extraStart = writerExt "md";
#nginx = {};
python.extraStart = alts [
(comment "py")

1
tv/dummy_secrets/o2.pin Normal file
View file

@ -0,0 +1 @@
AT