diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 962dbf49c..65972aacc 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -5,7 +5,7 @@
6667 6669
];
- services.charybdis = {
+ krebs.charybdis = {
enable = true;
motd = ''
hello
diff --git a/krebs/3modules/charybdis.nix b/krebs/3modules/charybdis.nix
new file mode 100644
index 000000000..f4a7c1313
--- /dev/null
+++ b/krebs/3modules/charybdis.nix
@@ -0,0 +1,110 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (lib) mkEnableOption mkIf mkOption singleton types;
+ inherit (pkgs) coreutils charybdis;
+ cfg = config.krebs.charybdis;
+
+ configFile = pkgs.writeText "charybdis.conf" ''
+ ${cfg.config}
+ '';
+in
+
+{
+
+ ###### interface
+
+ options = {
+
+ krebs.charybdis = {
+
+ enable = mkEnableOption "Charybdis IRC daemon";
+
+ config = mkOption {
+ type = types.string;
+ description = ''
+ Charybdis IRC daemon configuration file.
+ '';
+ };
+
+ statedir = mkOption {
+ type = types.string;
+ default = "/var/lib/charybdis";
+ description = ''
+ Location of the state directory of charybdis.
+ '';
+ };
+
+ user = mkOption {
+ type = types.string;
+ default = "ircd";
+ description = ''
+ Charybdis IRC daemon user.
+ '';
+ };
+
+ group = mkOption {
+ type = types.string;
+ default = "ircd";
+ description = ''
+ Charybdis IRC daemon group.
+ '';
+ };
+
+ motd = mkOption {
+ type = types.nullOr types.lines;
+ default = null;
+ description = ''
+ Charybdis MOTD text.
+
+ Charybdis will read its MOTD from /etc/charybdis/ircd.motd .
+ If set, the value of this option will be written to this path.
+ '';
+ };
+
+ };
+
+ };
+
+
+ ###### implementation
+
+ config = mkIf cfg.enable (lib.mkMerge [
+ {
+ users.users = singleton {
+ name = cfg.user;
+ description = "Charybdis IRC daemon user";
+ uid = config.ids.uids.ircd;
+ group = cfg.group;
+ };
+
+ users.groups = singleton {
+ name = cfg.group;
+ gid = config.ids.gids.ircd;
+ };
+
+ systemd.services.charybdis = {
+ description = "Charybdis IRC daemon";
+ wantedBy = [ "multi-user.target" ];
+ environment = {
+ BANDB_DBPATH = "${cfg.statedir}/ban.db";
+ };
+ serviceConfig = {
+ ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}";
+ Group = cfg.group;
+ User = cfg.user;
+ PermissionsStartOnly = true; # preStart needs to run with root permissions
+ };
+ preStart = ''
+ ${coreutils}/bin/mkdir -p ${cfg.statedir}
+ ${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir}
+ '';
+ };
+
+ }
+
+ (mkIf (cfg.motd != null) {
+ environment.etc."charybdis/ircd.motd".text = cfg.motd;
+ })
+ ]);
+}
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 6307649e3..8f2e22acf 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -14,6 +14,7 @@ let
./buildbot/master.nix
./buildbot/slave.nix
./build.nix
+ ./charybdis.nix
./ci.nix
./current.nix
./exim.nix
@@ -111,7 +112,6 @@ let
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; }
- { krebs = import ./nin { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
{
krebs.dns.providers = {
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index e2152ea1a..94af67fc7 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -494,6 +494,8 @@ in {
ip6.addr = "42:f9f0::10";
aliases = [
"omo.r"
+ "dcpp.omo.r"
+ "torrent.omo.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -554,7 +556,7 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
};
- nextgum = rec {
+ gum = rec {
ci = true;
extraZones = {
"krebsco.de" = ''
@@ -563,6 +565,23 @@ in {
graph IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
iso.euer IN A ${nets.internet.ip4.addr}
+ wg.euer IN A ${nets.internet.ip4.addr}
+ photostore IN A ${nets.internet.ip4.addr}
+ o.euer IN A ${nets.internet.ip4.addr}
+ mon.euer IN A ${nets.internet.ip4.addr}
+ boot.euer IN A ${nets.internet.ip4.addr}
+ wiki.euer IN A ${nets.internet.ip4.addr}
+ pigstarter IN A ${nets.internet.ip4.addr}
+ cgit.euer IN A ${nets.internet.ip4.addr}
+ git.euer IN A ${nets.internet.ip4.addr}
+ euer IN A ${nets.internet.ip4.addr}
+ share.euer IN A ${nets.internet.ip4.addr}
+ gum IN A ${nets.internet.ip4.addr}
+ wikisearch IN A ${nets.internet.ip4.addr}
+ dl.euer IN A ${nets.internet.ip4.addr}
+ ghook IN A ${nets.internet.ip4.addr}
+ dockerhub IN A ${nets.internet.ip4.addr}
+ io IN NS gum.krebsco.de.
'';
};
cores = 8;
@@ -571,6 +590,7 @@ in {
ip4.addr = "144.76.26.247";
ip6.addr = "2a01:4f8:191:12f6::2";
aliases = [
+ "gum.i"
"nextgum.i"
];
};
@@ -594,6 +614,16 @@ in {
"stats.makefu.r"
"backup.makefu.r"
"dcpp.nextgum.r"
+ "gum.r"
+ "cgit.gum.r"
+ "o.gum.r"
+ "tracker.makefu.r"
+ "search.makefu.r"
+ "wiki.makefu.r"
+ "wiki.gum.r"
+ "blog.makefu.r"
+ "blog.gum.r"
+ "dcpp.gum.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -609,73 +639,7 @@ in {
};
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
-
- gum = rec {
- ci = true;
- cores = 2;
-
- extraZones = {
- "krebsco.de" = ''
- share.euer IN A ${nets.internet.ip4.addr}
- mattermost.euer IN A ${nets.internet.ip4.addr}
- gum IN A ${nets.internet.ip4.addr}
- wikisearch IN A ${nets.internet.ip4.addr}
- pigstarter IN A ${nets.internet.ip4.addr}
- cgit.euer IN A ${nets.internet.ip4.addr}
- euer IN A ${nets.internet.ip4.addr}
- o.euer IN A ${nets.internet.ip4.addr}
- git.euer IN A ${nets.internet.ip4.addr}
- dl.euer IN A ${nets.internet.ip4.addr}
- boot.euer IN A ${nets.internet.ip4.addr}
- wiki.euer IN A ${nets.internet.ip4.addr}
- mon.euer IN A ${nets.internet.ip4.addr}
- ghook IN A ${nets.internet.ip4.addr}
- dockerhub IN A ${nets.internet.ip4.addr}
- photostore IN A ${nets.internet.ip4.addr}
- io IN NS gum.krebsco.de.
- '';
- };
- nets = rec {
- internet = {
- ip4.addr = "185.194.143.140";
- ip6.addr = "2a03:4000:1c:43f::1";
- aliases = [
- "gum.i"
- ];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.0.211";
- ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
- aliases = [
- "gum.r"
- "cgit.gum.r"
- "o.gum.r"
- "tracker.makefu.r"
-
- "search.makefu.r"
- "wiki.makefu.r"
- "wiki.gum.r"
- "blog.makefu.r"
- "blog.gum.r"
- "dcpp.gum.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
- BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
- i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
- 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
- u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
- OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- # configured manually
- # ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
- };
+
shoney = rec {
ci = true;
cores = 1;
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
deleted file mode 100644
index 1531a2c89..000000000
--- a/krebs/3modules/nin/default.nix
+++ /dev/null
@@ -1,111 +0,0 @@
-{ config, ... }:
-
-with import <stockholm/lib>;
-
-{
- hosts = mapAttrs (_: recursiveUpdate {
- owner = config.krebs.users.nin;
- ci = true;
- }) {
- hiawatha = {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.132.96";
- ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
- aliases = [
- "hiawatha.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
- Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
- iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
- UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
- lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
- yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
- };
- axon= {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.134.66";
- ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
- aliases = [
- "axon.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
- glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
- KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
- L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
- VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
- PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
- X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
- m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
- OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
- LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
- /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
- MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
- 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
- ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
- 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
- 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
- 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
- FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
- buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
- hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
- yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
- ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
- };
- onondaga = {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.132.55";
- ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
- aliases = [
- "onondaga.r"
- "cgit.onondaga.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR
- OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu
- htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH
- xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO
- kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn
- hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO";
- };
-
- };
- users = {
- nin = {
- mail = "nin@axon.r";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
- };
- nin_h = {
- mail = "nin@hiawatha.r";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
- };
- };
-}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 01479b69c..a9fbae695 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -57,13 +57,6 @@ with import <stockholm/lib>;
config.krebs.users.makefu.pubkey
];
};
- users.users.nin = {
- uid = genid "nin";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.nin.pubkey
- ];
- };
users.extraUsers.dritter = {
uid = genid "dritter";
isNormalUser = true;
@@ -119,7 +112,6 @@ with import <stockholm/lib>;
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
- config.krebs.users.nin.pubkey
];
};
autoStart = true;
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 36af23bb5..3d2cbac6f 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -8,16 +8,21 @@ in {
imports = [
<stockholm/makefu>
./hardware-config.nix
+ {
+ users.users.lass = {
+ uid = 9002;
+ isNormalUser = true;
+ createHome = true;
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = with config.krebs.users; [
+ lass.pubkey
+ makefu.pubkey
+ ];
+ };
+ }
<stockholm/makefu/2configs/headless.nix>
# <stockholm/makefu/2configs/smart-monitor.nix>
- <stockholm/makefu/2configs/git/cgit-retiolum.nix>
- <stockholm/makefu/2configs/backup.nix>
- # <stockholm/makefu/2configs/mattermost-docker.nix>
- # <stockholm/makefu/2configs/disable_v6.nix>
- <stockholm/makefu/2configs/exim-retiolum.nix>
- <stockholm/makefu/2configs/tinc/retiolum.nix>
-
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
@@ -26,83 +31,90 @@ in {
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/sec.nix>
<stockholm/makefu/2configs/zsh-user.nix>
+ <stockholm/makefu/2configs/mosh.nix>
+ # <stockholm/makefu/2configs/gui/xpra.nix>
+
+ # networking
+ <stockholm/makefu/2configs/vpn/openvpn-server.nix>
+ # <stockholm/makefu/2configs/vpn/vpnws/server.nix>
+ #<stockholm/makefu/2configs/dnscrypt/server.nix>
+ <stockholm/makefu/2configs/iodined.nix>
+ # <stockholm/makefu/2configs/backup.nix>
+ <stockholm/makefu/2configs/tinc/retiolum.nix>
+
+ # ci
+ # <stockholm/makefu/2configs/exim-retiolum.nix>
+ <stockholm/makefu/2configs/git/cgit-retiolum.nix>
+ <stockholm/makefu/2configs/shack/gitlab-runner>
+ <stockholm/makefu/2configs/remote-build/slave.nix>
+ <stockholm/makefu/2configs/taskd.nix>
# services
- <stockholm/makefu/2configs/share/gum.nix>
- # <stockholm/makefu/2configs/sabnzbd.nix>
- <stockholm/makefu/2configs/torrent.nix>
- <stockholm/makefu/2configs/mosh.nix>
- # <stockholm/makefu/2configs/retroshare.nix>
+ <stockholm/makefu/2configs/sabnzbd.nix>
+ <stockholm/makefu/2configs/mail/mail.euer.nix>
- # network
+ # sharing
+ <stockholm/makefu/2configs/share/gum.nix>
+ <stockholm/makefu/2configs/torrent.nix>
+ #<stockholm/makefu/2configs/retroshare.nix>
+ ## <stockholm/makefu/2configs/ipfs.nix>
+ #<stockholm/makefu/2configs/syncthing.nix>
+ { # ncdc
+ environment.systemPackages = [ pkgs.ncdc ];
+ networking.firewall = {
+ allowedUDPPorts = [ 51411 ];
+ allowedTCPPorts = [ 51411 ];
+ };
+ }
+ # <stockholm/makefu/2configs/opentracker.nix>
+
+ ## network
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix>
+ <stockholm/makefu/2configs/binary-cache/server.nix>
+ <stockholm/makefu/2configs/backup/server.nix>
<stockholm/makefu/2configs/iodined.nix>
+ <stockholm/makefu/2configs/bitlbee.nix>
+ <stockholm/makefu/2configs/wireguard/server.nix>
- # buildbot
- <stockholm/makefu/2configs/remote-build/slave.nix>
-
- ## Web
- <stockholm/makefu/2configs/nginx/share-download.nix>
- <stockholm/makefu/2configs/nginx/euer.test.nix>
+ # Removed until move: no extra mails
+ <stockholm/makefu/2configs/urlwatch>
+ # Removed until move: avoid letsencrypt ban
+ ### Web
+ #<stockholm/makefu/2configs/nginx/share-download.nix>
+ #<stockholm/makefu/2configs/nginx/euer.test.nix>
<stockholm/makefu/2configs/nginx/euer.mon.nix>
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
<stockholm/makefu/2configs/nginx/euer.blog.nix>
- # <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
- <stockholm/makefu/2configs/nginx/public_html.nix>
- <stockholm/makefu/2configs/nginx/update.connector.one.nix>
+ ## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
+ #<stockholm/makefu/2configs/nginx/public_html.nix>
+ #<stockholm/makefu/2configs/nginx/update.connector.one.nix>
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
+ <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
+ <stockholm/makefu/2configs/nginx/iso.euer.nix>
+ <stockholm/makefu/2configs/shack/events-publisher>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
- # <stockholm/makefu/2configs/deployment/graphs.nix>
+ <stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
- {
- services.taskserver.enable = true;
- services.taskserver.fqdn = config.krebs.build.host.name;
- services.taskserver.listenHost = "::";
- services.taskserver.organisations.home.users = [ "makefu" ];
- networking.firewall.extraCommands = ''
- iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
- ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
- '';
- }
- # <stockholm/makefu/2configs/ipfs.nix>
- <stockholm/makefu/2configs/syncthing.nix>
-
- # <stockholm/makefu/2configs/opentracker.nix>
- <stockholm/makefu/2configs/dcpp/hub.nix>
- <stockholm/makefu/2configs/dcpp/client.nix>
-
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/logging/client.nix>
- # Temporary:
+ # sharing
+ <stockholm/makefu/2configs/dcpp/airdcpp.nix>
+ <stockholm/makefu/2configs/dcpp/hub.nix>
+
+ ## Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
+ <stockholm/makefu/2configs/virtualisation/libvirt.nix>
- #{
- # services.dockerRegistry.enable = true;
- # networking.firewall.allowedTCPPorts = [ 8443 ];
-
- # services.nginx.virtualHosts."euer.krebsco.de" = {
- # forceSSL = true;
- # enableACME = true;
- # extraConfig = ''
- # client_max_body_size 1000M;
- # '';
- # locations."/".proxyPass = "http://localhost:5000";
- # };
- #}
- <stockholm/makefu/2configs/wireguard/server.nix>
- { # iperf3
- networking.firewall.allowedUDPPorts = [ 5201 ];
- networking.firewall.allowedTCPPorts = [ 5201 ];
- }
-
+ # krebs infrastructure services
+ <stockholm/makefu/2configs/stats/server.nix>
];
makefu.dl-dir = "/var/download";
@@ -120,9 +132,7 @@ in {
ListenAddress = ${external-ip} 21031
'';
connectTo = [
- "muhbaasu" "tahoe" "flap" "wry"
- "ni"
- "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
+ "prism" "ni" "enklave" "dishfire" "echelon" "hotdog"
];
};
@@ -137,10 +147,11 @@ in {
environment.systemPackages = with pkgs;[
weechat
bepasty-client-cli
- get
tmux
];
+ # Hardware
+
# Network
networking = {
firewall = {
@@ -179,4 +190,5 @@ in {
};
users.users.makefu.extraGroups = [ "download" "nginx" ];
boot.tmpOnTmpfs = true;
+ state = [ "/home/makefu/.weechat" ];
}
diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix
index a40709169..bfe29b46c 100644
--- a/makefu/1systems/gum/hardware-config.nix
+++ b/makefu/1systems/gum/hardware-config.nix
@@ -1,26 +1,24 @@
{ config, ... }:
let
- external-mac = "2a:c5:6e:d2:fc:7f";
- main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
- external-gw = "185.194.140.1";
+ external-mac = "50:46:5d:9f:63:6b";
+ main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
+ sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
+ external-gw = "144.76.26.225";
# single partition, label "nixos"
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
# static
- external-ip = config.krebs.build.host.nets.internet.ip4.addr;
- external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
+ external-ip = "144.76.26.247";
+ external-ip6 = "2a01:4f8:191:12f6::2";
external-gw6 = "fe80::1";
- external-netmask = 22;
+ external-netmask = 27;
external-netmask6 = 64;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
ext-if = "et0"; # gets renamed on the fly
in {
imports = [
- <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
];
-
makefu.server.primary-itf = ext-if;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
@@ -40,7 +38,62 @@ in {
defaultGateway = external-gw;
};
boot.kernelParams = [ ];
- boot.loader.grub.device = main-disk;
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
- boot.kernelModules = [ "kvm-intel" ];
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.devices = [ main-disk ];
+ boot.initrd.kernelModules = [ "dm-raid" ];
+ boot.initrd.availableKernelModules = [
+ "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
+ "xhci_pci" "ehci_pci" "ahci" "sd_mod"
+ ];
+ boot.kernelModules = [ "kvm-intel" ];
+ hardware.enableRedistributableFirmware = true;
+ fileSystems."/" = {
+ device = "/dev/mapper/nixos-root";
+ fsType = "ext4";
+ };
+ fileSystems."/var/lib" = {
+ device = "/dev/mapper/nixos-lib";
+ fsType = "ext4";
+ };
+ fileSystems."/var/download" = {
+ device = "/dev/mapper/nixos-download";
+ fsType = "ext4";
+ };
+ fileSystems."/var/lib/borgbackup" = {
+ device = "/dev/mapper/nixos-backup";
+ fsType = "ext4";
+ };
+ fileSystems."/boot" = {
+ device = "/dev/sda2";
+ fsType = "vfat";
+ };
+ # parted -s -a optimal "$disk" \
+ # mklabel gpt \
+ # mkpart no-fs 0 1024KiB \
+ # set 1 bios_grub on \
+ # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
+ # mkpart primary 1025MiB 100%
+ # parted -s -a optimal "/dev/sdb" \
+ # mklabel gpt \
+ # mkpart primary 1M 100%
+
+ #mkfs.vfat /dev/sda2
+ #pvcreate /dev/sda3
+ #pvcreate /dev/sdb1
+ #vgcreate nixos /dev/sda3 /dev/sdb1
+ #lvcreate -L 120G -m 1 -n root nixos
+ #lvcreate -L 50G -m 1 -n lib nixos
+ #lvcreate -L 100G -n download nixos
+ #lvcreate -L 100G -n backup nixos
+ #mkfs.ext4 /dev/mapper/nixos-root
+ #mkfs.ext4 /dev/mapper/nixos-lib
+ #mkfs.ext4 /dev/mapper/nixos-download
+ #mkfs.ext4 /dev/mapper/nixos-borgbackup
+ #mount /dev/mapper/nixos-root /mnt
+ #mkdir /mnt/boot
+ #mount /dev/sda2 /mnt/boot
+ #mkdir -p /mnt/var/src
+ #touch /mnt/var/src/.populate
+
}
diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt
new file mode 100644
index 000000000..30276b7db
--- /dev/null
+++ b/makefu/1systems/gum/rescue.txt
@@ -0,0 +1,11 @@
+mount /dev/mapper/nixos-root /mnt
+mount /dev/sda2 /mnt/boot
+
+chroot-prepare /mnt
+chroot /mnt /bin/sh
+
+journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub)
+
+export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin
+/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate
+/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild
diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix
index 1e36c6e87..6940498f1 100644
--- a/makefu/1systems/gum/source.nix
+++ b/makefu/1systems/gum/source.nix
@@ -1,5 +1,5 @@
{
- name="gum";
+ name="nextgum";
torrent = true;
clever_kexec = true;
}
diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix
deleted file mode 100644
index 64516fa98..000000000
--- a/makefu/1systems/nextgum/config.nix
+++ /dev/null
@@ -1,253 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- external-ip = config.krebs.build.host.nets.internet.ip4.addr;
- ext-if = config.makefu.server.primary-itf;
-in {
- imports = [
- <stockholm/makefu>
- ./hardware-config.nix
- ./transfer-config.nix
- <stockholm/makefu/2configs/headless.nix>
- # <stockholm/makefu/2configs/smart-monitor.nix>
-
- # Security
- <stockholm/makefu/2configs/sshd-totp.nix>
-
- # Tools
- <stockholm/makefu/2configs/tools/core.nix>
- <stockholm/makefu/2configs/tools/dev.nix>
- <stockholm/makefu/2configs/tools/sec.nix>
- <stockholm/makefu/2configs/zsh-user.nix>
- <stockholm/makefu/2configs/mosh.nix>
- <stockholm/makefu/2configs/gui/xpra.nix>
-
- <stockholm/makefu/2configs/git/cgit-retiolum.nix>
- <stockholm/makefu/2configs/backup.nix>
- # <stockholm/makefu/2configs/exim-retiolum.nix>
- <stockholm/makefu/2configs/tinc/retiolum.nix>
-
- # services
- <stockholm/makefu/2configs/sabnzbd.nix>
- <stockholm/makefu/2configs/mail/mail.euer.nix>
-
- # sharing
- <stockholm/makefu/2configs/share/gum.nix>
- <stockholm/makefu/2configs/torrent.nix>
- #<stockholm/makefu/2configs/retroshare.nix>
- ## <stockholm/makefu/2configs/ipfs.nix>
- #<stockholm/makefu/2configs/syncthing.nix>
- { # ncdc
- environment.systemPackages = [ pkgs.ncdc ];
- networking.firewall = {
- allowedUDPPorts = [ 51411 ];
- allowedTCPPorts = [ 51411 ];
- };
- }
- # <stockholm/makefu/2configs/opentracker.nix>
-
- ## network
- <stockholm/makefu/2configs/vpn/openvpn-server.nix>
- # <stockholm/makefu/2configs/vpn/vpnws/server.nix>
- <stockholm/makefu/2configs/dnscrypt/server.nix>
- <stockholm/makefu/2configs/binary-cache/server.nix>
- <stockholm/makefu/2configs/iodined.nix>
- <stockholm/makefu/2configs/bitlbee.nix>
-
- ## buildbot
- <stockholm/makefu/2configs/remote-build/slave.nix>
-
- # Removed until move: no extra mails
- <stockholm/makefu/2configs/urlwatch>
- # Removed until move: avoid double-update of domain
- # <stockholm/makefu/2configs/hub.nix>
- # Removed until move: avoid letsencrypt ban
- ### Web
- #<stockholm/makefu/2configs/nginx/share-download.nix>
- #<stockholm/makefu/2configs/nginx/euer.test.nix>
- #<stockholm/makefu/2configs/nginx/euer.mon.nix>
- #<stockholm/makefu/2configs/nginx/euer.wiki.nix>
- #<stockholm/makefu/2configs/nginx/euer.blog.nix>
- ## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
- #<stockholm/makefu/2configs/nginx/public_html.nix>
- #<stockholm/makefu/2configs/nginx/update.connector.one.nix>
- #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
- <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
- <stockholm/makefu/2configs/nginx/iso.euer.nix>
- <stockholm/makefu/2configs/deployment/events-publisher>
-
- #<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
- #<stockholm/makefu/2configs/deployment/graphs.nix>
- #<stockholm/makefu/2configs/deployment/owncloud.nix>
- #<stockholm/makefu/2configs/deployment/boot-euer.nix>
- #<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
-
- {
- services.taskserver.enable = true;
- services.taskserver.fqdn = config.krebs.build.host.name;
- services.taskserver.listenHost = "::";
- services.taskserver.organisations.home.users = [ "makefu" ];
- networking.firewall.extraCommands = ''
- iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
- ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
- '';
- }
-
-
- <stockholm/makefu/2configs/stats/client.nix>
- <stockholm/makefu/2configs/dcpp/airdcpp.nix>
- # <stockholm/makefu/2configs/logging/client.nix>
-
- ## Temporary:
- # <stockholm/makefu/2configs/temp/rst-issue.nix>
- <stockholm/makefu/2configs/virtualisation/docker.nix>
- <stockholm/makefu/2configs/virtualisation/libvirt.nix>
-
- #{
- # services.dockerRegistry.enable = true;
- # networking.firewall.allowedTCPPorts = [ 8443 ];
-
- # services.nginx.virtualHosts."euer.krebsco.de" = {
- # forceSSL = true;
- # enableACME = true;
- # extraConfig = ''
- # client_max_body_size 1000M;
- # '';
- # locations."/".proxyPass = "http://localhost:5000";
- # };
- #}
- { # wireguard server
-
- # opkg install wireguard luci-proto-wireguard
-
- # TODO: networking.nat
-
- # boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
- # conf.all.proxy_arp =1
- networking.firewall = {
- allowedUDPPorts = [ 51820 ];
- extraCommands = ''
- iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
- '';
- };
-
- networking.wireguard.interfaces.wg0 = {
- ips = [ "10.244.0.1/24" ];
- listenPort = 51820;
- privateKeyFile = (toString <secrets>) + "/wireguard.key";
- allowedIPsAsRoutes = true;
- peers = [
- {
- # x
- allowedIPs = [ "10.244.0.2/32" ];
- publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
- }
- {
- # vbob
- allowedIPs = [ "10.244.0.3/32" ];
- publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
- }
- {
- # x-test
- allowedIPs = [ "10.244.0.4/32" ];
- publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
- }
- {
- # work-router
- allowedIPs = [ "10.244.0.5/32" ];
- publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
- }
- {
- # workr
- allowedIPs = [ "10.244.0.6/32" ];
- publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
- }
- ];
- };
- }
- { # iperf3
- networking.firewall.allowedUDPPorts = [ 5201 ];
- networking.firewall.allowedTCPPorts = [ 5201 ];
- }
-
- # krebs infrastructure services
- <stockholm/makefu/2configs/stats/server.nix>
- ];
- makefu.dl-dir = "/var/download";
-
- services.openssh.hostKeys = [
- { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
- { path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
- ###### stable
- services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
- krebs.build.host = config.krebs.hosts.gum;
-
- krebs.tinc.retiolum = {
- extraConfig = ''
- ListenAddress = ${external-ip} 53
- ListenAddress = ${external-ip} 655
- ListenAddress = ${external-ip} 21031
- '';
- connectTo = [
- "muhbaasu" "tahoe" "flap" "wry"
- "ni"
- "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
- ];
- };
-
-
- # access
- users.users = {
- root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
- makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
- };
-
- # Chat
- environment.systemPackages = with pkgs;[
- weechat
- bepasty-client-cli
- tmux
- ];
-
- # Hardware
-
- # Network
- networking = {
- firewall = {
- allowPing = true;
- logRefusedConnections = false;
- allowedTCPPorts = [
- # smtp
- 25
- # http
- 80 443
- # httptunnel
- 8080 8443
- # tinc
- 655
- # tinc-shack
- 21032
- # tinc-retiolum
- 21031
- # taskserver
- 53589
- # temp vnc
- 18001
- # temp reverseshell
- 31337
- ];
- allowedUDPPorts = [
- # tinc
- 655 53
- # tinc-retiolum
- 21031
- # tinc-shack
- 21032
- ];
- };
- nameservers = [ "8.8.8.8" ];
- };
- users.users.makefu.extraGroups = [ "download" "nginx" ];
- boot.tmpOnTmpfs = true;
-}
diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix
deleted file mode 100644
index bfe29b46c..000000000
--- a/makefu/1systems/nextgum/hardware-config.nix
+++ /dev/null
@@ -1,99 +0,0 @@
-{ config, ... }:
-let
- external-mac = "50:46:5d:9f:63:6b";
- main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
- sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
- external-gw = "144.76.26.225";
- # single partition, label "nixos"
- # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
-
-
- # static
- external-ip = "144.76.26.247";
- external-ip6 = "2a01:4f8:191:12f6::2";
- external-gw6 = "fe80::1";
- external-netmask = 27;
- external-netmask6 = 64;
- internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
- ext-if = "et0"; # gets renamed on the fly
-in {
- imports = [
- ];
- makefu.server.primary-itf = ext-if;
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
- '';
- networking = {
- interfaces."${ext-if}" = {
- ipv4.addresses = [{
- address = external-ip;
- prefixLength = external-netmask;
- }];
- ipv6.addresses = [{
- address = external-ip6;
- prefixLength = external-netmask6;
- }];
- };
- defaultGateway6 = external-gw6;
- defaultGateway = external-gw;
- };
- boot.kernelParams = [ ];
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.devices = [ main-disk ];
- boot.initrd.kernelModules = [ "dm-raid" ];
- boot.initrd.availableKernelModules = [
- "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
- "xhci_pci" "ehci_pci" "ahci" "sd_mod"
- ];
- boot.kernelModules = [ "kvm-intel" ];
- hardware.enableRedistributableFirmware = true;
- fileSystems."/" = {
- device = "/dev/mapper/nixos-root";
- fsType = "ext4";
- };
- fileSystems."/var/lib" = {
- device = "/dev/mapper/nixos-lib";
- fsType = "ext4";
- };
- fileSystems."/var/download" = {
- device = "/dev/mapper/nixos-download";
- fsType = "ext4";
- };
- fileSystems."/var/lib/borgbackup" = {
- device = "/dev/mapper/nixos-backup";
- fsType = "ext4";
- };
- fileSystems."/boot" = {
- device = "/dev/sda2";
- fsType = "vfat";
- };
- # parted -s -a optimal "$disk" \
- # mklabel gpt \
- # mkpart no-fs 0 1024KiB \
- # set 1 bios_grub on \
- # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
- # mkpart primary 1025MiB 100%
- # parted -s -a optimal "/dev/sdb" \
- # mklabel gpt \
- # mkpart primary 1M 100%
-
- #mkfs.vfat /dev/sda2
- #pvcreate /dev/sda3
- #pvcreate /dev/sdb1
- #vgcreate nixos /dev/sda3 /dev/sdb1
- #lvcreate -L 120G -m 1 -n root nixos
- #lvcreate -L 50G -m 1 -n lib nixos
- #lvcreate -L 100G -n download nixos
- #lvcreate -L 100G -n backup nixos
- #mkfs.ext4 /dev/mapper/nixos-root
- #mkfs.ext4 /dev/mapper/nixos-lib
- #mkfs.ext4 /dev/mapper/nixos-download
- #mkfs.ext4 /dev/mapper/nixos-borgbackup
- #mount /dev/mapper/nixos-root /mnt
- #mkdir /mnt/boot
- #mount /dev/sda2 /mnt/boot
- #mkdir -p /mnt/var/src
- #touch /mnt/var/src/.populate
-
-}
diff --git a/makefu/1systems/nextgum/source.nix b/makefu/1systems/nextgum/source.nix
deleted file mode 100644
index 6940498f1..000000000
--- a/makefu/1systems/nextgum/source.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- name="nextgum";
- torrent = true;
- clever_kexec = true;
-}
diff --git a/makefu/1systems/nextgum/transfer-config.nix b/makefu/1systems/nextgum/transfer-config.nix
deleted file mode 100644
index 92df60195..000000000
--- a/makefu/1systems/nextgum/transfer-config.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ config, lib, ... }:
-# configuration which is only required for the time of the transfer
-{
- krebs.tinc.retiolum.connectTo = [ "gum" ];
- krebs.build.host = lib.mkForce config.krebs.hosts.nextgum;
-}
-
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index be49db024..9eb8cbf49 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -8,11 +8,11 @@ let
in {
imports =
[
- #./hw/omo.nix
- ./hw/tsp.nix
+ ./hw/omo.nix
+ #./hw/tsp.nix
<stockholm/makefu>
<stockholm/makefu/2configs/zsh-user.nix>
- <stockholm/makefu/2configs/backup.nix>
+ <stockholm/makefu/2configs/backup/state.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
# <stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/mail-client.nix>
@@ -25,6 +25,22 @@ in {
#<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix>
<stockholm/makefu/2configs/share/omo.nix>
+ <stockholm/makefu/2configs/dcpp/airdcpp.nix>
+ { krebs.airdcpp.dcpp.shares = let
+ d = path: "/media/cryptX/${path}";
+ in {
+ emu.path = d "emu";
+ audiobooks.path = lib.mkForce (d "audiobooks");
+ incoming.path = lib.mkForce (d "torrent");
+ anime.path = d "anime";
+ };
+ krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp";
+ }
+ {
+ # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
+ #services.sabnzbd.enable = true;
+ #systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ }
# <stockholm/makefu/2configs/share/omo-timemachine.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
@@ -41,12 +57,22 @@ in {
<stockholm/makefu/2configs/stats/arafetch.nix>
# services
- <stockholm/makefu/2configs/syncthing.nix>
+ {
+ services.nginx.enable = true;
+ networking.firewall.allowedTCPPorts = [ 80 ];
+ }
+ # <stockholm/makefu/2configs/syncthing.nix>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/deployment/google-muell.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/bluetooth-mpd.nix>
<stockholm/makefu/2configs/deployment/homeautomation>
+ {
+ makefu.ps3netsrv = {
+ enable = true;
+ servedir = "/media/cryptX/emu/ps3";
+ };
+ }
{
hardware.pulseaudio.systemWide = true;
makefu.mpd.musicDirectory = "/media/cryptX/music";
@@ -74,7 +100,7 @@ in {
krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) {
downloadDir = lib.mkForce "/media/cryptX/torrent";
extraConfig = ''
- upload_rate = 200
+ upload_rate = 500
'';
};
users.groups.share = {
@@ -83,14 +109,7 @@ in {
};
networking.firewall.trustedInterfaces = [ primaryInterface ];
- # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
- services.sabnzbd.enable = true;
- systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
- makefu.ps3netsrv = {
- enable = true;
- servedir = "/media/cryptX/emu/ps3";
- };
users.users.misa = {
uid = 9002;
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index e1d66a2f9..24a3dddc6 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -11,10 +11,10 @@ in {
<stockholm/makefu>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/tools/core.nix>
- <stockholm/makefu/2configs/disable_v6.nix>
- # <stockholm/makefu/2configs/tools/core-gui.nix>
- # <stockholm/makefu/2configs/tools/extra-gui.nix>
- # <stockholm/makefu/2configs/tools/media.nix>
+ # <stockholm/makefu/2configs/disable_v6.nix>
+ <stockholm/makefu/2configs/tools/core-gui.nix>
+ <stockholm/makefu/2configs/tools/extra-gui.nix>
+ <stockholm/makefu/2configs/tools/media.nix>
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix>
@@ -33,9 +33,6 @@ in {
<stockholm/makefu/2configs/share/wbob.nix>
<stockholm/makefu/2configs/bluetooth-mpd.nix>
- {
- users.users.makefu.extraGroups = [ "pulse" ];
- }
# Sensors
<stockholm/makefu/2configs/stats/telegraf>
@@ -46,10 +43,11 @@ in {
<stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
-
+ { environment.systemPackages = [ pkgs.vlc ]; }
<stockholm/makefu/2configs/deployment/bureautomation>
+ <stockholm/makefu/2configs/deployment/bureautomation/mpd.nix>
<stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
(let
collectd-port = 25826;
@@ -174,20 +172,4 @@ in {
fsType = "ext4";
};
};
-
- # DualHead on NUC
- # TODO: update synergy package with these extras (username)
- # TODO: add crypto layer
- systemd.services."synergy-client" = {
- environment.DISPLAY = ":0";
- serviceConfig.User = user;
- };
-
- services.synergy = {
- client = {
- enable = true;
- screenName = "wbob";
- serverAddress = "x.r";
- };
- };
}
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 66d904512..5a4eea2e4 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -15,7 +15,7 @@
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
- <stockholm/makefu/2configs/laptop-backup.nix>
+ <stockholm/makefu/2configs/backup/state.nix>
# <stockholm/makefu/2configs/dnscrypt/client.nix>
<stockholm/makefu/2configs/avahi.nix>
@@ -74,6 +74,7 @@
<stockholm/makefu/2configs/hw/network-manager.nix>
<stockholm/makefu/2configs/hw/stk1160.nix>
<stockholm/makefu/2configs/hw/irtoy.nix>
+ <stockholm/makefu/2configs/hw/switch.nix>
<stockholm/makefu/2configs/hw/bluetooth.nix>
# <stockholm/makefu/2configs/hw/rad1o.nix>
<stockholm/makefu/2configs/hw/smartcard.nix>
@@ -83,11 +84,11 @@
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
- {
- programs.adb.enable = true;
- }
+ { programs.adb.enable = true; }
# temporary
+ { services.redis.enable = true; }
<stockholm/makefu/2configs/pyload.nix>
+ # <stockholm/makefu/2configs/dcpp/airdcpp.nix>
# <stockholm/makefu/2configs/nginx/rompr.nix>
# <stockholm/makefu/2configs/lanparty/lancache.nix>
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
@@ -121,13 +122,11 @@
];
makefu.server.primary-itf = "wlp3s0";
- makefu.full-populate = true;
nixpkgs.config.allowUnfree = true;
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
- networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
networking.firewall.allowedUDPPorts = [ 665 26061 ];
networking.firewall.trustedInterfaces = [ "vboxnet0" ];
@@ -144,14 +143,25 @@
# avoid full boot dir
boot.loader.grub.configurationLimit = 3;
- environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
+ environment.systemPackages = [ pkgs.passwdqc-utils ];
# environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
state = [
"/home/makefu/stockholm"
- "/home/makefu/backup/borgun"
- "/home/makefu/.mail/"
+ "/home/makefu/.ssh/"
+ "/home/makefu/.zsh_history"
+ "/home/makefu/.bash_history"
+ "/home/makefu/.zshrc"
+ "/home/makefu/bin"
+ "/home/makefu/.gnupg"
+ "/home/makefu/.imapfilter"
+ "/home/makefu/.mutt"
+ "/home/makefu/docs"
+ "/home/makefu/.password-store"
+ "/home/makefu/.secrets-pass"
+ "/home/makefu/autosync/Database.kdb"
];
+
services.syncthing.user = lib.mkForce "makefu";
services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
}
diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix
deleted file mode 100644
index a4d02af6b..000000000
--- a/makefu/2configs/backup.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-let
- # preparation:
- # mkdir -p defaultBackupDir/host.name/src
- # as root on omo:
- # ssh-copy-id root@src
- startAt = "0,6,12,18:00";
- defaultBackupServer = config.krebs.hosts.omo;
- defaultBackupDir = "/home/backup";
- defaultPull = host: src: {
- method = "pull";
- src = {
- inherit host;
- path = src;
- };
- dst = {
- host = defaultBackupServer;
- path = "${defaultBackupDir}/${host.name}${src}";
- };
- startAt = "0,6,12,18:00";
- snapshots = {
- hourly = { format = "%Y-%m-%dT%H"; retain = 4; };
- daily = { format = "%Y-%m-%d"; retain = 7; };
- weekly = { format = "%YW%W"; retain = 4; };
- monthly = { format = "%Y-%m"; retain = 12; };
- yearly = { format = "%Y"; };
- };
- };
-in {
- krebs.backup.plans = {
- # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
- gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
- gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )//
- {
- dst.path = "/media/cryptX/backup/gum/var-download";
- dst.host = defaultBackupServer;
- startAt = "19:00";
- };
- gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )//
- {
- dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de";
- dst.host = defaultBackupServer;
-
- startAt = "05:00";
- };
- # wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/";
- };
- environment.systemPackages = [
- pkgs.borgbackup
- ];
-}
diff --git a/makefu/2configs/backup/server.nix b/makefu/2configs/backup/server.nix
new file mode 100644
index 000000000..f157e715f
--- /dev/null
+++ b/makefu/2configs/backup/server.nix
@@ -0,0 +1,11 @@
+{lib, ... }:
+let
+ hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh );
+in {
+ # TODO: for all enabled machines
+ services.borgbackup.repos = lib.genAttrs hosts (host: {
+ authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ];
+ path = "/var/lib/borgbackup/${host}";
+ user = "borg-${host}";
+ }) ;
+}
diff --git a/makefu/2configs/backup/ssh/gum.pub b/makefu/2configs/backup/ssh/gum.pub
new file mode 100644
index 000000000..ed203d544
--- /dev/null
+++ b/makefu/2configs/backup/ssh/gum.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x
diff --git a/makefu/2configs/backup/ssh/nextgum.pub b/makefu/2configs/backup/ssh/nextgum.pub
new file mode 100644
index 000000000..52d56d956
--- /dev/null
+++ b/makefu/2configs/backup/ssh/nextgum.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x
diff --git a/makefu/2configs/backup/ssh/omo.pub b/makefu/2configs/backup/ssh/omo.pub
new file mode 100644
index 000000000..053b4da87
--- /dev/null
+++ b/makefu/2configs/backup/ssh/omo.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x
diff --git a/makefu/2configs/backup/ssh/x.pub b/makefu/2configs/backup/ssh/x.pub
new file mode 100644
index 000000000..fe894df33
--- /dev/null
+++ b/makefu/2configs/backup/ssh/x.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x
diff --git a/makefu/2configs/backup/state.nix b/makefu/2configs/backup/state.nix
new file mode 100644
index 000000000..1143708bf
--- /dev/null
+++ b/makefu/2configs/backup/state.nix
@@ -0,0 +1,25 @@
+{ config, ... }:
+# back up all state
+let
+ sec = toString <secrets>;
+ sshkey = sec + "/borg.priv";
+ phrase = sec + "/borg.pw";
+in
+{
+ services.borgbackup.jobs.state = {
+ repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:.";
+ paths = config.state;
+ encryption = {
+ mode = "repokey";
+ passCommand = "cat ${phrase}";
+ };
+ environment.BORG_RSH = "ssh -i ${sshkey}";
+ prune.keep =
+ { daily = 7;
+ weekly = 4;
+ monthly = -1; # Keep at least one archive for each month
+ };
+ compression = "auto,lzma";
+ startAt = "daily";
+ };
+}
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
index 890652285..f63dbefd8 100644
--- a/makefu/2configs/bepasty-dual.nix
+++ b/makefu/2configs/bepasty-dual.nix
@@ -32,6 +32,11 @@ in {
"paste.${config.krebs.build.host.name}"
"paste.r"
];
+ extraConfig = ''
+ if ( $server_addr = "${external-ip}" ) {
+ return 403;
+ }
+ '';
};
defaultPermissions = "admin,list,create,read,delete";
secretKeyFile = secKey;
diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix
index b59d3ce10..e007b6072 100644
--- a/makefu/2configs/bluetooth-mpd.nix
+++ b/makefu/2configs/bluetooth-mpd.nix
@@ -57,6 +57,8 @@ in {
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-switch-on-connect
+ load-module module-equalizer-sink
+ load-module module-dbus-protocol
#load-module module-bluez5-device
#load-module module-bluez5-discover
'';
diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix
index fe05effd9..ad62babc3 100644
--- a/makefu/2configs/dcpp/airdcpp.nix
+++ b/makefu/2configs/dcpp/airdcpp.nix
@@ -44,5 +44,6 @@
'';
};
-
+ state = map (f: "${config.krebs.airdcpp.stateDir}/${f}")
+ [ "Favorites.xml" "DCPlusPlus.xml" "WebServer.xml" "Recents.xml" "IgnoredUsers.xml" ];
}
diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix
index 4605e8933..443484a34 100644
--- a/makefu/2configs/deployment/bureautomation/hass.nix
+++ b/makefu/2configs/deployment/bureautomation/hass.nix
@@ -11,6 +11,11 @@ let
payload_available= "Online";
payload_not_available= "Offline";
};
+ tasmota_stecki = name: topic:
+ ( tasmota_plug name topic) //
+ { state_topic = "/bam/${topic}/stat/POWER";
+ command_topic = "/bam/${topic}/cmnd/POWER";
+ };
espeasy_dht22 = name: [
{ platform = "mqtt";
name = "${name} DHT22 Temperature";
@@ -38,9 +43,6 @@ let
};
in {
networking.firewall.allowedTCPPorts = [ 8123 ];
- nixpkgs.config.permittedInsecurePackages = [
- "homeassistant-0.65.5"
- ];
services.home-assistant = {
enable = true;
@@ -48,6 +50,9 @@ in {
homeassistant = {
name = "Bureautomation";
time_zone = "Europe/Berlin";
+ latitude = "48.8265";
+ longitude = "9.0676";
+ elevation = 303;
};
mqtt = {
@@ -72,7 +77,7 @@ in {
switch = [
(tasmota_plug "Bauarbeiterlampe" "plug")
(tasmota_plug "Blitzdings" "plug2")
- (tasmota_plug "Fernseher" "plug3")
+ (tasmota_stecki "Fernseher" "fernseher")
(tasmota_plug "Pluggy" "plug4")
];
binary_sensor = [
@@ -96,26 +101,140 @@ in {
sensorid = "5341";
monitored_conditions = [ "P1" "P2" ];
}
- { platform = "influxdb";
- queries = [
- { name = "mean value of feinstaub P1";
- where = '' "node" = 'esp8266-1355142' '';
- measurement = "feinstaub";
- database = "telegraf";
- field = "P1";
- }
- { name = "mean value of feinstaub P2";
- where = '' "node" = 'esp8266-1355142' '';
- measurement = "feinstaub";
- database = "telegraf";
- field = "P2";
- }
- ];
+
+ { platform = "darksky";
+ api_key = lib.removeSuffix "\n"
+ (builtins.readFile <secrets/hass/darksky.apikey>);
+ language = "de";
+ monitored_conditions = [ "summary" "icon"
+ "nearest_storm_distance" "precip_probability"
+ "precip_intensity"
+ "temperature" # "temperature_high" "temperature_low"
+ "apparent_temperature"
+ "hourly_summary" # next 24 hours text
+ "minutely_summary"
+ "humidity"
+ "pressure"
+ "uv_index" ];
+ units = "si" ;
+ update_interval = {
+ days = 0;
+ hours = 0;
+ minutes = 30;
+ seconds = 0;
+ };
+ }
+ #{ platform = "influxdb";
+ # queries = [
+ # { name = "mean value of feinstaub P1";
+ # where = '' "node" = 'esp8266-1355142' '';
+ # measurement = "feinstaub";
+ # database = "telegraf";
+ # field = "P1";
+ # }
+ # { name = "mean value of feinstaub P2";
+ # where = '' "node" = 'esp8266-1355142' '';
+ # measurement = "feinstaub";
+ # database = "telegraf";
+ # field = "P2";
+ # }
+ # ];
+ #}
+ ];
+ camera = [
+ { name = "Baumarkt";
+ platform = "generic";
+ still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt
+ }
+ { name = "Autobahn Heilbronn";
+ platform = "generic";
+ still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ;
+ }
+ { name = "Autobahn Singen";
+ platform = "generic";
+ still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ;
}
];
frontend = { };
http = { };
- feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
+ conversation = {};
+ history = {};
+ logbook = {};
+ tts = [ { platform = "google";} ];
+ recorder = {};
+ group =
+ { default_view =
+ { view = "yes";
+ entities = [
+ "group.sensors"
+ "group.outside"
+ "group.switches"
+ "group.automation"
+ "group.camera"
+ ];
+ };
+ automation = [
+ "automation.turn_off_fernseher_10_minutes_after_last_movement"
+ ];
+ switches = [
+ "switch.bauarbeiterlampe"
+ "switch.blitzdings"
+ "switch.fernseher"
+ "switch.pluggy"
+ ];
+ camera = [
+ "camera.Baumarkt"
+ "camera.Autobahn_Heilbronn"
+ "camera.Autobahn_Singen"
+ ];
+ sensors = [
+ "binary_sensor.motion"
+ "sensor.easy2_dht22_humidity"
+ "sensor.easy2_dht22_temperature"
+ ];
+ outside = [
+ "sensor.ditzingen_pm10"
+ "sensor.ditzingen_pm25"
+ "sensor.dark_sky_temperature"
+ "sensor.dark_sky_humidity"
+ "sensor.dark_sky_pressure"
+ "sensor.dark_sky_hourly_summary"
+ "sensor.dark_sky_minutely_summary"
+ ];
+ };
+ # only for automation
+ # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
+ automation = [
+ { alias = "Turn on Fernseher on movement";
+ trigger = {
+ platform = "state";
+ entity_id = "binary_sensor.motion";
+ to = "on";
+ };
+ action = {
+ service= "homeassistant.turn_on";
+ entity_id= "switch.fernseher";
+ };
+ }
+ { alias = "Turn off Fernseher 10 minutes after last movement";
+ trigger = {
+ platform = "state";
+ entity_id = "binary_sensor.motion";
+ to = "off";
+ for.minutes = 10;
+ };
+ action = {
+ service= "homeassistant.turn_off";
+ entity_id= "switch.fernseher";
+ };
+ condition = [{
+ condition = "time";
+ before = "06:30:00"; #only turn off between 6:30 and 18:00
+ after = "18:00:00";
+ weekday = [ "mon" "tue" "wed" "thu" "fri" ];
+ }];
+ }
+ ];
};
};
}
diff --git a/makefu/2configs/deployment/bureautomation/home.nix b/makefu/2configs/deployment/bureautomation/home.nix
deleted file mode 100644
index 28edb6af2..000000000
--- a/makefu/2configs/deployment/bureautomation/home.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ pkgs, lib, ... }:
-let
- firetv = "192.168.1.238";
-in {
- systemd.services.firetv = {
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- User = "nobody";
- ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
- };
- };
- services.home-assistant = {
- #panel_iframe:
- #configurator:
- # title: Configurator
- # icon: mdi:wrench
- # url: http://hassio.local:3218
- # sensor:
- # - platform: random
- enable = true;
- config = {
- homeassistant = {
- name = "Bureautomation";
- time_zone = "Europe/Berlin";
- };
- panel_iframe = {
- euer_blog = {
- title = "Euer Blog";
- icon = "mdi:wrench";
- url = "https://euer.krebsco.de";
- };
- };
- media_player = [
- { platform = "kodi";
- host = firetv;
- }
- { platform = "firetv";
- # assumes python-firetv running
- }
- ];
- sensor = [
- {
- platform = "luftdaten";
- name = "Shack 1";
- sensorid = "50";
- monitored_conditions = [ "P1" "P2" ];
- }
- {
- platform = "luftdaten";
- name = "Shack 2";
- sensorid = "658";
- monitored_conditions = [ "P1" "P2" ];
- }
- {
- platform = "luftdaten";
- name = "Ditzingen";
- sensorid = "5341";
- monitored_conditions = [ "P1" "P2" ];
- }
- { platform = "random"; }
- ];
- frontend = { };
- http = { };
- feedreader.urls = [ "https://nixos.org/blogs.xml" ];
- };
- };
-}
diff --git a/makefu/2configs/deployment/bureautomation/mpd.nix b/makefu/2configs/deployment/bureautomation/mpd.nix
new file mode 100644
index 000000000..1f5acb357
--- /dev/null
+++ b/makefu/2configs/deployment/bureautomation/mpd.nix
@@ -0,0 +1,9 @@
+{lib,pkgs, ... }:
+
+{
+ systemd.services."ympd-wbob" = {
+ description = "mpd ";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host localhost --port 6600 --webport 8866 --user nobody";
+ };
+}
diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix
index bde9892cd..e7dc54dd0 100644
--- a/makefu/2configs/deployment/graphs.nix
+++ b/makefu/2configs/deployment/graphs.nix
@@ -6,11 +6,6 @@ let
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
hn = config.krebs.build.host.name;
in {
- krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
- if ( $server_addr = "${external-ip}" ) {
- return 403;
- }
- '';
krebs.tinc_graphs = {
enable = true;
nginx = {
diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix
index f2a3b36e2..94799b11d 100644
--- a/makefu/2configs/deployment/homeautomation/default.nix
+++ b/makefu/2configs/deployment/homeautomation/default.nix
@@ -1,9 +1,60 @@
-{ pkgs, config, ... }:
+{ pkgs, lib, config, ... }:
# Ideas:
## wake-on-lan server
##
let
+ tasmota_rgb = name: topic:
+# LED WS2812b
+# effect_state_topic: "stat/led/Scheme"
+# effect_command_topic: "cmnd/led/Scheme"
+# effect_value_template: "{{ value_json.Scheme }}"
+ { platform = "mqtt";
+ inherit name;
+ retain = false;
+ qos = 1;
+ optimistic = false;
+ # state
+ # TODO: currently broken, will not use the custom state topic
+ #state_topic = "/ham/${topic}/stat/POWER";
+ state_topic = "/ham/${topic}/stat/POWER";
+ command_topic = "/ham/${topic}/cmnd/POWER";
+ availability_topic = "/ham/${topic}/tele/LWT";
+ payload_on= "ON";
+ payload_off= "OFF";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ # brightness
+ brightness_state_topic = "/ham/${topic}/stat/Dimmer";
+ brightness_command_topic = "/ham/${topic}/cmnd/Dimmer";
+ brightness_value_template = "{{ value_json.Dimmer }}";
+ brightness_scale = 100;
+ # color
+ rgb_state_topic = "/ham/${topic}/stat/Color";
+ rgb_command_topic = "/ham/${topic}/cmnd/Color2";
+ rgb_command_mode = "hex";
+ rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
+ # effects
+ effect_state_topic = "/ham/${topic}/stat/Scheme";
+ effect_command_topic = "/ham/${topic}/cmnd/Scheme";
+ effect_value_template = "{{ value_json.Scheme }}";
+ effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ];
+};
+ # switchmode 1 - also toggle power
+ # switchtopic flurlicht
+ tasmota_motion = name: topic:
+ { platform = "mqtt";
+ device_class = "motion";
+ inherit name;
+ # TODO: currently broken, will not use the custom state topic
+ state_topic = "/ham/${topic}/stat/POWER";
+ payload_on = "ON";
+ payload_off = "OFF";
+ availability_topic = "/ham/${topic}/tele/LWT";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ };
+
firetv = "192.168.1.238";
tasmota_plug = name: topic:
{ platform = "mqtt";
@@ -36,20 +87,31 @@ let
unit_of_measurement = "hPa";
}
];
+ tasmota_am2301 = name: topic:
+ [ { platform = "mqtt";
+ name = "${name} Temperatur";
+ state_topic = "/ham/${topic}/tele/SENSOR";
+ value_template = "{{ value_json.AM2301.Temperature }}";
+ unit_of_measurement = "°C";
+ }
+ { platform = "mqtt";
+ name = "${name} Luftfeuchtigkeit";
+ state_topic = "/ham/${topic}/tele/SENSOR";
+ value_template = "{{ value_json.AM2301.Humidity }}";
+ unit_of_measurement = "%";
+ }
+ ];
in {
imports = [
./mqtt.nix
];
- systemd.services.firetv = {
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- User = "nobody";
- ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
- };
- };
- nixpkgs.config.permittedInsecurePackages = [
- "homeassistant-0.65.5"
- ];
+ #systemd.services.firetv = {
+ # wantedBy = [ "multi-user.target" ];
+ # serviceConfig = {
+ # User = "nobody";
+ # ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
+ # };
+ #};
services.home-assistant = {
config = {
homeassistant = {
@@ -58,7 +120,7 @@ in {
longitude = "9.2478";
elevation = 247;
};
- discovery = {};
+ #discovery = {};
conversation = {};
history = {};
logbook = {};
@@ -71,16 +133,16 @@ in {
{ platform = "kodi";
host = firetv;
}
- { platform = "firetv";
- # assumes python-firetv running
- }
+ #{ platform = "firetv";
+ # # assumes python-firetv running
+ #}
];
mqtt = {
broker = "localhost";
port = 1883;
client_id = "home-assistant";
username = "hass";
- password = builtins.readFile <secrets/mqtt/hass>;
+ password = lib.removeSuffix "\n" (builtins.readFile <secrets/mqtt/hass>);
keepalive = 60;
protocol = 3.1;
birth_message = {
@@ -96,43 +158,100 @@ in {
retain = true;
};
};
+ binary_sensor = [
+ (tasmota_motion "Flur Bewegung" "flurlicht")
+ ];
sensor = [
- { platform = "speedtest";
- monitored_conditions = [ "ping" "download" "upload" ];
- }
+ # broken
+ #{ platform = "speedtest";
+ # monitored_conditions = [ "ping" "download" "upload" ];
+ #}
{ platform = "luftdaten";
- name = "Ditzingen";
+ name = "Wangen";
sensorid = "663";
monitored_conditions = [ "P1" "P2" ];
}
# https://www.home-assistant.io/cookbook/automation_for_rainy_days/
{ platform = "darksky";
- api_key = "c73619e6ea79e553a585be06aacf3679";
+ api_key = lib.removeSuffix "\n"
+ (builtins.readFile <secrets/hass/darksky.apikey>);
language = "de";
monitored_conditions = [ "summary" "icon"
"nearest_storm_distance" "precip_probability"
"precip_intensity"
- "temperature" # "temperature_high" "temperature_low"
+ "temperature"
+ "apparent_temperature"
"hourly_summary"
+ "humidity"
+ "pressure"
"uv_index" ];
units = "si" ;
update_interval = {
days = 0;
hours = 0;
- minutes = 10;
+ minutes = 30;
seconds = 0;
};
}
- ] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer");
+ ]
+ ++ (tasmota_bme "Schlafzimmer" "schlafzimmer")
+ ++ (tasmota_am2301 "Arbeitszimmer" "arbeitszimmer");
frontend = { };
- #group = [
- # { default_view = { view = "yes"; entities = [
- # "sensor.luftdaten"
- # ]}
- #];
+ group =
+ { default_view =
+ { view = "yes";
+ entities = [
+ "group.flur"
+ "group.schlafzimmer"
+ "group.draussen"
+ "group.wohnzimmer"
+ "group.arbeitszimmer"
+ ];
+ };
+ flur = [
+ "light.flurlicht"
+ "binary_sensor.flur_bewegung"
+ ];
+ wohnzimmer = [
+ "media_player.kodi"
+ ];
+ draussen = [
+ "sensor.dark_sky_temperature"
+ "sensor.dark_sky_hourly_summary"
+ "sensor.wangen_pm10"
+ "sensor.wangen_pm25"
+ ];
+ schlafzimmer = [
+ "sensor.schlafzimmer_temperatur"
+ "sensor.schlafzimmer_luftdruck"
+ "sensor.schlafzimmer_luftfeuchtigkeit"
+ "switch.lichterkette_schlafzimmer"
+ ];
+ arbeitszimmer = [
+ "switch.strom_staubsauger"
+ "sensor.arbeitszimmer_temperatur"
+ "sensor.arbeitszimmer_luftfeuchtigkeit"
+ ];
+ };
http = { };
switch = [
(tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer")
+ (tasmota_plug "Strom Staubsauger" "arbeitszimmer")
+ ];
+ light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ];
+ automation = [
+ { alias = "Staubsauger Strom aus nach 6h";
+ trigger = {
+ platform = "state";
+ entity_id = "switch.strom_staubsauger";
+ to = "on";
+ for.hours = 6;
+ };
+ action = {
+ service= "homeassistant.turn_off";
+ entity_id= "switch.strom_staubsauger";
+ };
+ }
];
};
enable = true;
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 1a7f3d987..4890e4afe 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -41,6 +41,7 @@ let
autosync = { };
fenkins = { };
pass = { };
+ secrets = { };
};
connector-repos = mapAttrs make-priv-repo {
diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix
index 861a9327e..6bcd09826 100644
--- a/makefu/2configs/gui/base.nix
+++ b/makefu/2configs/gui/base.nix
@@ -66,7 +66,7 @@ in
cat |derp <<EOF
XTerm*background: black
XTerm*foreground: white
- XTerm*FaceName : xft:xos4 Terminus:pixelsize=11
+ XTerm*FaceName : xft:Terminus:pixelsize=12
URxvt*termName: rxvt
URxvt*saveLines: 10000
@@ -78,7 +78,7 @@ in
URxvt.background: black
URxvt.urgentOnBell: true
URxvt.visualBell: false
- URxvt.font : xft:xos4 Terminus:size=11
+ URxvt.font : xft:Terminus:size=12
! blue
diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix
index 7db749227..6da1a37e7 100644
--- a/makefu/2configs/gui/wbob-kiosk.nix
+++ b/makefu/2configs/gui/wbob-kiosk.nix
@@ -4,22 +4,38 @@
imports = [
./base.nix
];
- users.users.makefu.packages = [ pkgs.chromium ];
+ users.users.makefu = {
+ packages = [ pkgs.chromium ];
+ extraGroups = [ "audio" "pulse" ];
+ };
services.xserver = {
- layout = lib.mkForce "de";
- xkbVariant = lib.mkForce "";
windowManager = lib.mkForce {
awesome.enable = false;
default = "none";
};
- desktopManager.xfce.enable = true;
+ desktopManager.xfce = {
+ extraSessionCommands = ''
+ ${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms
+ ${pkgs.xlibs.xrandr}/bin/xrandr --output HDMI2 --right-of HDMI1
+ '';
+ enable = true;
+ };
# xrandrHeads = [ "HDMI1" "HDMI2" ];
# prevent screen from turning off, disable dpms
- displayManager.sessionCommands = ''
- xset -display :0 s off -dpms
- xrandr --output HDMI2 --right-of HDMI1
- '';
};
+
+ systemd.services.xset-off = {
+ after = [ "display-manager.service" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms";
+ RemainAfterExit = "yes";
+ TimeoutSec = "5s";
+ RestartSec="5s";
+ Restart = "on-failure";
+ };
+ };
+
}
diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix
index 1efc4d2bf..64aa03bd7 100644
--- a/makefu/2configs/home-manager/cli.nix
+++ b/makefu/2configs/home-manager/cli.nix
@@ -1,12 +1,18 @@
-{
+{pkgs, ... }: {
home-manager.users.makefu = {
services.gpg-agent = {
+ enable = true;
defaultCacheTtl = 900;
maxCacheTtl = 7200;
defaultCacheTtlSsh = 3600;
maxCacheTtlSsh = 86400;
enableSshSupport = true;
+ enableScDaemon = true;
};
programs.fzf.enable = true; # alt-c
};
+ services.udev.packages = [
+ pkgs.libu2f-host
+ pkgs.yubikey-personalization
+ ];
}
diff --git a/makefu/2configs/home-manager/default.nix b/makefu/2configs/home-manager/default.nix
index e75ee6262..2a4574cc8 100644
--- a/makefu/2configs/home-manager/default.nix
+++ b/makefu/2configs/home-manager/default.nix
@@ -4,4 +4,7 @@
];
home-manager.users.makefu = {
};
+ environment.variables = {
+ GTK_DATA_PREFIX = "/run/current-system/sw";
+ };
}
diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix
index c2f854d47..ce98e651a 100644
--- a/makefu/2configs/home-manager/desktop.nix
+++ b/makefu/2configs/home-manager/desktop.nix
@@ -1,31 +1,43 @@
-{pkgs, ... }: {
+{ pkgs, lib, ... }:
+
+{
home-manager.users.makefu = {
programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
+ programs.firefox.enable = true;
services.network-manager-applet.enable = true;
+ systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
services.blueman-applet.enable = true;
services.pasystray.enable = true;
-
- systemd.user.services.network-manager-applet.Service.Environment = ''
- XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
- '';
- systemd.user.services.clipit = {
- Unit = {
- Description = "clipboard manager";
- After = [ "graphical-session-pre.target" ];
- PartOf = [ "graphical-session.target" ];
+ systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) );
+ programs.chromium = {
+ enable = true;
+ extensions = [
+ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
+ "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
+ # "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold
+ "fpnmgdkabkmnadcjpehmlllkndpkmiak" # wayback machine
+ "gcknhkkoolaabfmlnjonogaaifnjlfnp" # foxyproxy
+ "abkfbakhjpmblaafnpgjppbmioombali" # memex
+ "kjacjjdnoddnpbbcjilcajfhhbdhkpgk" # forest
+ ];
};
- Install = {
- WantedBy = [ "graphical-session.target" ];
- };
+ systemd.user.services.clipit = {
+ Unit = {
+ Description = "clipboard manager";
+ After = [ "graphical-session-pre.target" ];
+ PartOf = [ "graphical-session.target" ];
+ };
- Service = {
- Environment = ''
- XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
- '';
- ExecStart = "${pkgs.clipit}/bin/clipit";
- Restart = "on-abort";
+ Install = {
+ WantedBy = [ "graphical-session.target" ];
+ };
+
+ Service = {
+ Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
+ ExecStart = "${pkgs.clipit}/bin/clipit";
+ Restart = "on-abort";
+ };
};
};
- };
}
diff --git a/makefu/2configs/home-manager/mail.nix b/makefu/2configs/home-manager/mail.nix
index ce7ae4f4d..467e0d7a0 100644
--- a/makefu/2configs/home-manager/mail.nix
+++ b/makefu/2configs/home-manager/mail.nix
@@ -1,5 +1,6 @@
{
home-manager.users.makefu = {
+ accounts.email.maildirBasePath = "/home/makefu/Mail";
accounts.email.accounts.syntaxfehler = {
address = "felix.richter@syntax-fehler.de";
userName = "Felix.Richter@syntax-fehler.de";
@@ -27,7 +28,7 @@
};
primary = true;
realName = "Felix Richter";
- passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg";
+ passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.gnupg/mail/syntax-fehler.gpg";
};
programs.offlineimap.enable = true;
programs.offlineimap.extraConfig = {
diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix
index 313ca0147..e556b43c0 100644
--- a/makefu/2configs/hw/bluetooth.nix
+++ b/makefu/2configs/hw/bluetooth.nix
@@ -1,9 +1,7 @@
{ pkgs, ... }:
{ # bluetooth+pulse config
# for blueman-applet
- users.users.makefu.packages = [
- pkgs.blueman
- ];
+ users.users.makefu.packages = [ pkgs.blueman ];
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
@@ -39,4 +37,5 @@
Enable=Source,Sink,Media,Socket
'';
};
+ services.dbus.packages = [ pkgs.blueman ];
}
diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix
index ffc32e0cb..3b9d04549 100644
--- a/makefu/2configs/hw/network-manager.nix
+++ b/makefu/2configs/hw/network-manager.nix
@@ -27,4 +27,7 @@
powersave = true;
scanRandMacAddress = true;
};
+ state = [
+ "/etc/NetworkManager/system-connections" #NM stateful config files
+ ];
}
diff --git a/makefu/2configs/hw/switch.nix b/makefu/2configs/hw/switch.nix
new file mode 100644
index 000000000..d46e8cf3f
--- /dev/null
+++ b/makefu/2configs/hw/switch.nix
@@ -0,0 +1,10 @@
+{ config, lib, pkgs, ... }:
+
+{
+
+ users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "plugdev" ];
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev"
+ '';
+}
diff --git a/makefu/2configs/laptop-backup.nix b/makefu/2configs/laptop-backup.nix
deleted file mode 100644
index 8df7043c8..000000000
--- a/makefu/2configs/laptop-backup.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{config, lib, pkgs, ... }:
-
-{
- systemd.user.services.duply-secrets = {
- description = "run daily secrets backup";
- startAt = "daily";
- serviceConfig = {
- Type = "oneshot";
- ExecStart = "{pkgs.duply}/bin/duply omo-secrets backup";
- };
- };
-}
diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix
index 65d36d9b6..14d1285db 100644
--- a/makefu/2configs/nginx/euer.blog.nix
+++ b/makefu/2configs/nginx/euer.blog.nix
@@ -39,4 +39,5 @@ in {
};
};
};
+ state = [ base-dir ];
}
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index 99533b25c..280622259 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -21,6 +21,7 @@ let
tw-pass-file = "${sec}/tw-pass.ini";
in {
+ state = [ base-dir ];
services.phpfpm = {
# phpfpm does not have an enable option
poolConfigs = {
diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix
index d5fa65ef9..fb1a67358 100644
--- a/makefu/2configs/printer.nix
+++ b/makefu/2configs/printer.nix
@@ -5,11 +5,11 @@ let
in {
services.printing = {
enable = true;
- drivers = [
- pkgs.samsungUnifiedLinuxDriver
- pkgs.cups-dymo # dymo labelwriter
- pkgs.foo2zjs # magicolor 1690mf
- pkgs.zj-58
+ drivers = with pkgs; [
+ samsungUnifiedLinuxDriver
+ cups-dymo # dymo labelwriter
+ foo2zjs # magicolor 1690mf
+ cups-zj-58
];
};
diff --git a/makefu/2configs/rtorrent.nix b/makefu/2configs/rtorrent.nix
deleted file mode 100644
index 9e2990cab..000000000
--- a/makefu/2configs/rtorrent.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-_:
-let
- listenPort = 60123;
- xml-port = 5000;
- authfile = <torrent-secrets/authfile>;
-in {
- makefu.rtorrent = {
- enable = true;
- web = {
- enable = true;
- enableAuth = true;
- inherit authfile;
- };
- rutorrent.enable = true;
- enableXMLRPC = true;
- logLevel = "debug";
- inherit listenPort;
- };
-}
diff --git a/makefu/2configs/deployment/events-publisher/default.nix b/makefu/2configs/shack/events-publisher/default.nix
similarity index 87%
rename from makefu/2configs/deployment/events-publisher/default.nix
rename to makefu/2configs/shack/events-publisher/default.nix
index 37d74c282..531d2525e 100644
--- a/makefu/2configs/deployment/events-publisher/default.nix
+++ b/makefu/2configs/shack/events-publisher/default.nix
@@ -2,8 +2,8 @@
with import <stockholm/lib>;
let
shack-announce = pkgs.callPackage (builtins.fetchTarball {
- url = "https://github.com/makefu/events-publisher/archive/c5218195e6afdc646cb7682d8f355a7ec2b90716.tar.gz";
- sha256 = "0xk74q7gah3l5zy3bkvih3k9fr1hclvf71rm3ixcmslhicl7khav";
+ url = "https://github.com/makefu/events-publisher/archive/670f4d7182a41b6763296e301612499d2986f213.tar.gz";
+ sha256 = "1yf9cb08v4rc6x992yx5lcyn62sm3p8i2b48rsmr4m66xdi4bpnd";
}) {} ;
home = "/var/lib/shackannounce";
user = "shackannounce";
diff --git a/makefu/2configs/shack/gitlab-runner/default.nix b/makefu/2configs/shack/gitlab-runner/default.nix
new file mode 100644
index 000000000..55dc50fa8
--- /dev/null
+++ b/makefu/2configs/shack/gitlab-runner/default.nix
@@ -0,0 +1,31 @@
+
+{
+ systemd.services.gitlab-runner.path = [
+ "/run/wrappers" # /run/wrappers/bin/su
+ "/" # /bin/sh
+ ];
+ services.gitlab-runner = {
+ enable = true;
+ configOptions =
+ { concurrent = 1;
+ runners = [
+ { builds_dir = "";
+ #docker =
+ #{ cache_dir = "";
+ # disable_cache = true;
+ # host = ""; image = "nixos/nix:2.1.3";
+ # privileged = true;
+ #};
+ #executor = "docker";
+ # name = "docker-nix";
+ name = "gum-shell";
+ executor = "shell";
+ environment = [ "PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" ];
+ # generate via `gitlab-runner register`
+ token = import <secrets/shackspace-gitlab-ci-token.nix>;
+ url = "https://git.shackspace.de/";
+ }
+ ];
+ };
+ };
+}
diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix
index 422676b24..c16629cc5 100644
--- a/makefu/2configs/stats/arafetch.nix
+++ b/makefu/2configs/stats/arafetch.nix
@@ -27,12 +27,14 @@ in {
systemd.services.arafetch = {
startAt = "Mon,Wed,Fri 09:15:00";
wantedBy = [ "multi-user.target" ];
+ after = [ "network-online.target" ];
environment = {
OUTDIR = home;
};
path = [ pkg pkgs.git pkgs.wget ];
serviceConfig = {
User = "arafetch";
+ Restart = "always";
WorkingDirectory = home;
PrivateTmp = true;
ExecStart = pkgs.writeDash "start-weekrun" ''
diff --git a/makefu/2configs/taskd.nix b/makefu/2configs/taskd.nix
new file mode 100644
index 000000000..5ca3b9904
--- /dev/null
+++ b/makefu/2configs/taskd.nix
@@ -0,0 +1,11 @@
+{config, ... }:
+{
+ services.taskserver.enable = true;
+ services.taskserver.fqdn = config.krebs.build.host.name;
+ services.taskserver.listenHost = "::";
+ services.taskserver.organisations.home.users = [ "makefu" ];
+ networking.firewall.extraCommands = ''
+ iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
+ ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
+ '';
+}
diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix
index da8a357ae..9dedafdd2 100644
--- a/makefu/2configs/tools/android-pentest.nix
+++ b/makefu/2configs/tools/android-pentest.nix
@@ -9,7 +9,7 @@
dex2jar
apktool
jd-gui
- android-studio
+ # android-studio
jdk
jre
openssl
diff --git a/makefu/2configs/tools/desktop.nix b/makefu/2configs/tools/desktop.nix
index bb14c3eb5..924668803 100644
--- a/makefu/2configs/tools/desktop.nix
+++ b/makefu/2configs/tools/desktop.nix
@@ -3,7 +3,7 @@
{
users.users.makefu.packages = with pkgs; [
taskwarrior
- pass
+ (pass.withExtensions (ext: [ ext.pass-otp ]))
gopass
mutt
weechat
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index 1c28eeffd..3d26cc574 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -6,7 +6,6 @@
gimp
inkscape
libreoffice
- quodlibet
# skype
synergy
tdesktop
diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix
index a61b6c88e..88a7c6882 100644
--- a/makefu/2configs/tools/media.nix
+++ b/makefu/2configs/tools/media.nix
@@ -7,10 +7,12 @@
vlc
mumble
mplayer
- quodlibet
+ quodlibet # exfalso
plowshare
streamripper
youtube-dl
+
+ pulseeffects
];
}
diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix
index 8a559dbbd..11151003d 100644
--- a/makefu/2configs/tools/mobility.nix
+++ b/makefu/2configs/tools/mobility.nix
@@ -7,6 +7,8 @@
rclone
exfat
(pkgs.callPackage ./secrets.nix {})
+
+ opensc pcsctools libu2f-host
];
# boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
diff --git a/makefu/2configs/tools/secrets.nix b/makefu/2configs/tools/secrets.nix
index f88618cbc..7d10983c7 100644
--- a/makefu/2configs/tools/secrets.nix
+++ b/makefu/2configs/tools/secrets.nix
@@ -1,7 +1,7 @@
{ pass, write, writeDash, ... }:
write "secrets" {
- "/bin/secrets".link = writeDash "brain" ''
+ "/bin/secrets".link = writeDash "secrets" ''
PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \
exec ${pass}/bin/pass $@
'';
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
index 3df0ddbfe..ca368dbf0 100644
--- a/makefu/2configs/torrent.nix
+++ b/makefu/2configs/torrent.nix
@@ -3,12 +3,11 @@
with import <stockholm/lib>;
let
- daemon-user = "tor";
basicAuth = import <torrent-secrets/auth.nix>;
peer-port = 51412;
web-port = 8112;
daemon-port = 58846;
- base-dir = config.makefu.dl-dir;
+ base-dir = config.krebs.rtorrent.workDir;
in {
users.users = {
@@ -23,17 +22,6 @@ in {
};
};
- # todo: race condition, do this after download user has been created
- system.activationScripts."download-dir-chmod" = ''
- for i in finished watch; do
- if test ! -d $i;then
- mkdir -p "${base-dir}/$i"
- chown rtorrent:download "${base-dir}/$i"
- chmod 775 "${base-dir}/$i"
- fi
- done
- '';
-
users.extraGroups = {
download = {
gid = lib.mkDefault (genid "download");
@@ -57,15 +45,17 @@ in {
rutorrent.enable = true;
enableXMLRPC = true;
listenPort = peer-port;
- downloadDir = base-dir + "/finished";
- watchDir = base-dir + "/watch";
+ downloadDir = config.makefu.dl-dir;
# dump old torrents into watch folder to have them re-added
};
+ services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; };
+
networking.firewall.extraCommands = ''
iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
'';
networking.firewall.allowedTCPPorts = [ peer-port ];
networking.firewall.allowedUDPPorts = [ peer-port ];
+ state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded
}
diff --git a/makefu/2configs/virtualisation/virtualbox.nix b/makefu/2configs/virtualisation/virtualbox.nix
index 30de6e44a..e90cc1e8d 100644
--- a/makefu/2configs/virtualisation/virtualbox.nix
+++ b/makefu/2configs/virtualisation/virtualbox.nix
@@ -1,26 +1,9 @@
{ config, lib, pkgs, ... }:
-let
- mainUser = config.krebs.build.user;
- vboxguestpkg = lib.stdenv.mkDerivation rec {
- name = "Virtualbox-Extensions-${version}-${rev}";
- version = "5.0.20";
- rev = "106931";
- src = pkgs.fetchurl {
- url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
- sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
- };
- };
-in {
+{
virtualisation.virtualbox.host.enable = true;
nixpkgs.config.virtualbox.enableExtensionPack = true;
virtualisation.virtualbox.host.enableHardening = false;
- users.extraGroups.vboxusers.members = [ "${mainUser.name}" ];
- nixpkgs.config.packageOverrides = super: {
- boot.kernelPackages.virtualbox = super.boot.kernelPackages.virtualbox.override {
- buildInputs = super.boot.kernelPackages.virtualBox.buildInputs
- ++ [ vboxguestpkg ];
- };
- };
+ users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ];
}
diff --git a/makefu/5pkgs/4nxci/default.nix b/makefu/5pkgs/_4nxci/default.nix
similarity index 55%
rename from makefu/5pkgs/4nxci/default.nix
rename to makefu/5pkgs/_4nxci/default.nix
index 3aba3be45..dafa37ff6 100644
--- a/makefu/5pkgs/4nxci/default.nix
+++ b/makefu/5pkgs/_4nxci/default.nix
@@ -1,33 +1,31 @@
-{ stdenv, lib, fetchFromGitHub, mbedtls, python2 }:
+{ stdenv, lib, fetchFromGitHub, mbedtls, python2, perl }:
let
-
- mymbedtls = lib.overrideDerivation mbedtls (old: rec {
- name = "mbedtls-${version}";
- version = "2.13.0";
- src = fetchFromGitHub {
- owner = "ARMmbed";
- repo = "mbedtls";
- rev = name;
- sha256 = "1257kp7yxkwwbx5v14kmrmgk1f9zagiddg5alm4wbj0pmgbrm14j";
- };
- buildInputs = old.buildInputs ++ [ python2 ];
- postConfigure = ''
- perl scripts/config.pl set MBEDTLS_CMAC_C
- '';
- doCheck = false;
-
- });
-in stdenv.mkDerivation rec {
- name = "4nxci-${version}";
- version = "1.30";
-
+ version = "1.35";
src = fetchFromGitHub {
owner = "The-4n";
repo = "4NXCI";
rev = "v${version}";
- sha256 = "0nrd19z88iahxcdx468lzgxlvkl65smwx8f9s19431cszyhvpxyh";
+ sha256 = "0yq0irxzi4wi71ajw8ld01zfpkrgknpq7g3m76pbnwmdzkm7dra6";
};
+ mymbedtls = stdenv.mkDerivation {
+ name = "mbedtls-${version}";
+ version = "2.6.1";
+ doCheck = false;
+ inherit src;
+ buildInputs = [ perl ];
+ phases = [ "unpackPhase" "buildPhase" "installPhase" ];
+ makeFlags = [ "DESTDIR=$(out)" ];
+ buildPhase = ''
+ cp config.mk.template config.mk
+ cd mbedtls
+ make
+ '';
+ };
+in stdenv.mkDerivation rec {
+ name = "4nxci-${version}";
+
+ inherit src version;
buildPhase = ''
cp config.mk.template config.mk
sed -i 's#\(INCLUDE =\).*#\1${mymbedtls}/include#' Makefile
diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg
index 12d357913..11f9f59b8 100644
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@@ -572,9 +572,9 @@ local os = {
do
local cmds =
{
- "@networkmanagerapplet@/bin/nm-applet",
- "@blueman@/bin/blueman-applet",
- "@clipit@/bin/clipit"
+ -- "@networkmanagerapplet@/bin/nm-applet",
+ -- "@blueman@/bin/blueman-applet",
+ -- "@clipit@/bin/clipit"
}
for _,i in pairs(cmds) do
diff --git a/makefu/5pkgs/cozy-audiobooks/default.nix b/makefu/5pkgs/cozy-audiobooks/default.nix
deleted file mode 100644
index 870fa8ce2..000000000
--- a/makefu/5pkgs/cozy-audiobooks/default.nix
+++ /dev/null
@@ -1,95 +0,0 @@
-{ stdenv, fetchFromGitHub
-, ninja
-, boost
-, meson
-, pkgconfig
-, wrapGAppsHook
-, appstream-glib
-, desktop-file-utils
-, gtk3
-, glib
-, gst_all_1
-, gobjectIntrospection
-, python3Packages
-, file
-, cairo , sqlite , gettext
-, gnome3
-}:
-
-let
- peewee = with python3Packages; buildPythonPackage rec {
- # https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/python-peewee
- pname = "peewee";
- version = "3.6.4";
- src = fetchPypi {
- inherit pname version;
- sha256 = "1fi4z9n86ri79gllwav0gv3hmwipzmkvivzfyszfqn9fi5zpp3ak";
- };
- doCheck = false;
-
- checkPhase = ''
- python runtests.py
- '';
-
- buildInputs = [
- cython
- sqlite
- # psycopg2
- # mysql-connector
- ];
- meta.license = stdenv.lib.licenses.mit;
- };
-in
-stdenv.mkDerivation rec {
- name = "cozy-${version}";
- version = "0.6.0";
-
- src = fetchFromGitHub {
- owner = "geigi";
- repo = "cozy";
- rev = version;
- sha256 = "1afl3qsn9h4k8fgp63z0ab9p5ashrg3g936a9rh3i9qydv6s3srd";
- };
-
- postPatch = ''
- chmod +x data/meson_post_install.py
- patchShebangs data/meson_post_install.py
- substituteInPlace cozy/magic/magic.py --replace "ctypes.util.find_library('magic')" "'${file}/lib/libmagic${stdenv.hostPlatform.extensions.sharedLibrary}'"
- '';
- postInstall = ''
- wrapProgram $out/bin/com.github.geigi.cozy \
- --prefix PYTHONPATH : "$PYTHONPATH:$(toPythonPath $out)"
-
- '';
- wrapPrefixVariables = [ "PYTHONPATH" ];
-
-
- nativeBuildInputs = [
- meson ninja pkgconfig
- wrapGAppsHook
- appstream-glib
- desktop-file-utils
- gobjectIntrospection
-
- ];
- buildInputs = with gst_all_1; [ gtk3 glib
- gstreamer gst-plugins-good gst-plugins-ugly gst-plugins-base cairo gettext
- gnome3.defaultIconTheme gnome3.gsettings-desktop-schemas
- ]
- ++ (with python3Packages; [
- python gst-python pygobject3 dbus-python mutagen peewee magic
-
- ]);
-
- checkPhase = ''
- ninja test
- '';
-
- meta = with stdenv.lib; {
- description = ''
- A modern audio book player for Linux using GTK+ 3
- '';
- maintainers = [ maintainers.makefu ];
- license = licenses.mit;
- };
-}
diff --git a/makefu/5pkgs/custom/inkscape/dxf_fix.patch b/makefu/5pkgs/custom/inkscape/dxf_fix.patch
deleted file mode 100644
index b7b491d4e..000000000
--- a/makefu/5pkgs/custom/inkscape/dxf_fix.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- ./share/extensions/dxf_outlines.py 2017-10-08 17:28:45.553368917 +0200
-+++ ./share/extensions/dxf_outlines.py.new 2017-10-08 17:29:20.172554152 +0200
-@@ -341,7 +341,7 @@
- if not scale:
- scale = 25.4/96 # if no scale is specified, assume inch as baseunit
- scale /= self.unittouu('1px')
-- h = self.unittouu(self.document.getroot().xpath('@height', namespaces=inkex.NSS)[0])
-+ h = self.unittouu(self.documentHeight())
- self.groupmat = [[[scale, 0.0, 0.0], [0.0, -scale, h*scale]]]
- doc = self.document.getroot()
- self.process_group(doc)
-
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 390aabd73..6e86f4264 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -30,9 +30,6 @@ in {
qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { };
inherit (callPackage ./devpi {}) devpi-web ;
nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {};
- inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: {
- patches = [ ./custom/inkscape/dxf_fix.patch ];
- });
}
// (mapAttrs (_: flip callPackage {})
diff --git a/makefu/5pkgs/esniper/default.nix b/makefu/5pkgs/esniper/default.nix
deleted file mode 100644
index a6aac5748..000000000
--- a/makefu/5pkgs/esniper/default.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ stdenv, fetchurl , openssl, curl, coreutils, gawk, bash, which }:
-
-stdenv.mkDerivation rec {
- name = "${pname}-2-35-0";
- pname = "esniper";
- version = "2.35.0";
- src = fetchurl {
- url = "mirror://sourceforge/${pname}/${name}.tgz";
- sha256 = "04iwjb42lw90c03125bjdpnm0fp78dmwf2j35r7mah0nwcrlagd9";
- };
-
-
- buildInputs = [ openssl curl ];
-
- # Add support for CURL_CA_BUNDLE variable.
- # Fix <http://sourceforge.net/p/esniper/bugs/648/>.
- patches = [ ./find-ca-bundle.patch ];
-
- postInstall = ''
- sed <"frontends/snipe" >"$out/bin/snipe" \
- -e "2i export PATH=\"$out/bin:${stdenv.lib.makeBinPath [ coreutils gawk bash which ]}:\$PATH\""
- chmod 555 "$out/bin/snipe"
- '';
-
- meta = with stdenv.lib; {
- description = "Simple, lightweight tool for sniping eBay auctions";
- homepage = http://esniper.sourceforge.net;
- license = licenses.gpl2;
- maintainers = with maintainers; [ lovek323 peti ];
- platforms = platforms.all;
- };
-}
diff --git a/makefu/5pkgs/esniper/find-ca-bundle.patch b/makefu/5pkgs/esniper/find-ca-bundle.patch
deleted file mode 100644
index e4df272a0..000000000
--- a/makefu/5pkgs/esniper/find-ca-bundle.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -ubr '--exclude=*.o' esniper-2-27-0-orig/http.c esniper-2-27-0-patched/http.c
---- esniper-2-27-0-orig/http.c 2012-02-06 22:04:06.000000000 +0100
-+++ esniper-2-27-0-patched/http.c 2012-07-27 10:54:20.893054646 +0200
-@@ -200,6 +200,9 @@
- int
- initCurlStuff(void)
- {
-+ /* Path to OpenSSL bundle file. */
-+ const char *ssl_capath=NULL;
-+
- /* list for custom headers */
- struct curl_slist *slist=NULL;
-
-@@ -241,6 +244,12 @@
- if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_COOKIEFILE, "")))
- return initCurlStuffFailed();
-
-+ /* If the environment variable CURL_CA_BUNDLE is set, pass through its
-+ * contents to curl. */
-+ if ((ssl_capath = getenv("CURL_CA_BUNDLE")))
-+ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_CAINFO, ssl_capath)))
-+ return initCurlStuffFailed();
-+
- slist = curl_slist_append(slist, "Accept: text/*");
- slist = curl_slist_append(slist, "Accept-Language: en");
- slist = curl_slist_append(slist, "Accept-Charset: iso-8859-1,*,utf-8");
diff --git a/makefu/5pkgs/ifdnfc/default.nix b/makefu/5pkgs/ifdnfc/default.nix
deleted file mode 100644
index cc7956c8c..000000000
--- a/makefu/5pkgs/ifdnfc/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ stdenv, fetchFromGitHub , pkgconfig
-, pcsclite
-, autoreconfHook
-, libnfc
-}:
-
-stdenv.mkDerivation rec {
- name = "ifdnfc-${version}";
- version = "2016-03-01";
-
- src = fetchFromGitHub {
- owner = "nfc-tools";
- repo = "ifdnfc";
- rev = "0e48e8e";
- sha256 = "1cxnvhhlcbm8h49rlw5racspb85fmwqqhd3gzzpzy68vrs0b37vg";
- };
- nativeBuildInputs = [ pkgconfig autoreconfHook ];
- buildInputs = [ pcsclite libnfc ];
-
- configureFlags = [ "--prefix=$(out)" ];
- makeFlags = [ "DESTDIR=/" "usbdropdir=$(out)/pcsc/drivers" ];
-
- meta = with stdenv.lib; {
- description = "PC/SC IFD Handler based on libnfc";
- long_description =
- '' libnfc Interface Plugin to be used in <code>services.pcscd.plugins</code>.
- It provides support for all readers which are not supported by ccid but by libnfc.
-
- For activating your reader you need to run
- <code>ifdnfc-activate yes<code> with this package in your
- <code>environment.systemPackages</code>
-
- To use your reader you may need to blacklist your reader kernel modules:
- <code>boot.blacklistedKernelModules = [ "pn533" "pn533_usb" "nfc" ];</code>
-
- Supports the pn533 smart-card reader chip which is for example used in
- the SCM SCL3711.
- '';
- homepage = https://github.com/nfc-tools/ifdnfc;
- license = licenses.gpl3;
- platforms = platforms.linux;
- maintainers = with maintainers; [ makefu ];
- };
-}
-
diff --git a/makefu/5pkgs/jd-gui/default.nix b/makefu/5pkgs/jd-gui/default.nix
deleted file mode 100644
index adefd80dd..000000000
--- a/makefu/5pkgs/jd-gui/default.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ stdenv, lib, pkgs, fetchurl, jre, makeWrapper, unzip }:
-stdenv.mkDerivation rec {
- name = "${packageName}-${version}";
- packageName = "jd-gui";
- version = "1.4.0";
-
- src = fetchurl {
- url = "https://github.com/java-decompiler/jd-gui/releases/download/v${version}/${name}.jar";
- sha256 = "0rvbplkhafb6s9aiwgcq4ffz4bvzyp7q511pd46hx4ahhzfg7lmx";
- };
-
- nativeBuildInputs = [ makeWrapper unzip ];
-
- phases = [ "installPhase" ];
-
- installPhase = ''
- f=$out/lib/jd-gui/
- bin=$out/bin
- name=$(basename $src)
- mkdir -p $f $bin
-
- # fixup path to java
- cp $src $f
- cat > $bin/jd-gui <<EOF
- #!/bin/sh
- exec ${pkgs.jre}/bin/java -jar $f/$name \$@
- EOF
- chmod +x $bin/jd-gui
- '';
-
- meta = {
- homepage = https://github.com/java-decompiler/jd-gui;
- description = "A standalone Java Decompiler GUI";
- license = lib.licenses.gpl3;
- };
-}
diff --git a/makefu/5pkgs/mcomix/default.nix b/makefu/5pkgs/mcomix/default.nix
deleted file mode 100644
index 7fb9cd375..000000000
--- a/makefu/5pkgs/mcomix/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ pkgs, lib ,python2Packages, fetchurl, gtk3}:
-python2Packages.buildPythonPackage rec {
- name = "mcomix-${version}";
- version = "1.2.1";
-
- src = fetchurl {
- url = "mirror://sourceforge/mcomix/${name}.tar.bz2";
- sha256 = "0fzsf9pklhfs1rzwzj64c0v30b74nk94p93h371rpg45qnfiahvy";
- };
-
- propagatedBuildInputs = with python2Packages;
- [ python2Packages.pygtk gtk3 python2Packages.pillow ];
-
- # for module in sys.modules.itervalues():
- # RuntimeError: dictionary changed size during iteration
- doCheck = false;
-
- meta = {
- homepage = https://github.com/pyload/pyload;
- description = "Free and Open Source download manager written in Python";
- license = lib.licenses.gpl3;
- maintainers = with lib.maintainers; [ makefu ];
- };
-}
diff --git a/makefu/5pkgs/ns-atmosphere-programmer/default.nix b/makefu/5pkgs/ns-atmosphere-programmer/default.nix
new file mode 100644
index 000000000..1e1cb1d86
--- /dev/null
+++ b/makefu/5pkgs/ns-atmosphere-programmer/default.nix
@@ -0,0 +1,36 @@
+{ stdenv, fetchzip
+, makeWrapper
+, autoPatchelfHook
+, xlibs
+, gnome3
+, libpng12
+}:
+stdenv.mkDerivation rec {
+ name = "ns-atmosphere-programmer-${version}";
+ version = "0.1";
+
+ src = fetchzip {
+ url = "http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-linux-v01.zip";
+ sha256 = "0g2fxbirgi0lm0mi69cmknqj7626fxjkwn98bqx5pcalxplww8k0";
+ };
+
+ buildInputs = with xlibs; [ libX11 libXxf86vm libSM gnome3.gtk libpng12 ];
+ nativeBuildInputs = [ autoPatchelfHook makeWrapper ];
+
+ installPhase = ''
+ install -D -m755 NS-Atmosphere-Programmer-Linux-v0.1/NS-Atmosphere $out/bin/NS-Atmosphere
+ wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
+--suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share'
+ '';
+
+ dontStrip = true;
+
+ meta = with stdenv.lib; {
+ description = "Payload programmer for ns-atmosphere injector";
+ homepage = http://www.ns-atmosphere.com;
+ maintainers = [ maintainers.makefu ];
+ platforms = platforms.linux;
+ license = with licenses; [ unfree ];
+ };
+
+}
diff --git a/makefu/5pkgs/switch-launcher/default.nix b/makefu/5pkgs/switch-launcher/default.nix
new file mode 100644
index 000000000..cc7905a31
--- /dev/null
+++ b/makefu/5pkgs/switch-launcher/default.nix
@@ -0,0 +1,24 @@
+{ lib, pkgs, python3Packages, ... }:
+
+with python3Packages; buildPythonPackage rec {
+ name = "nodemcu-uploader-${version}";
+ version = "0.1.0";
+
+ src = pkgs.fetchFromGitHub {
+ owner = "ksmit799";
+ repo = "switch-launcher";
+ rev = version;
+ sha256 = "0j24dwiqqjiks59s8gilnplsls130mp1jssg2rpjrvj0jg0w52zz";
+ };
+
+
+ propagatedBuildInputs = [
+ pyusb
+ ];
+
+ meta = {
+ homepage = https://github.com/ksmit799/switch-launcher;
+ description = "Desktop switch payload launcher based on a modified reswitched injector";
+ license = lib.licenses.bsd3;
+ };
+}
diff --git a/makefu/5pkgs/targetcli/default.nix b/makefu/5pkgs/targetcli/default.nix
new file mode 100644
index 000000000..927c34c5a
--- /dev/null
+++ b/makefu/5pkgs/targetcli/default.nix
@@ -0,0 +1,64 @@
+{ pkgs, fetchFromGitHub, ... }:
+with pkgs.python2Packages;
+let
+ version = "2.1";
+ rtslib = buildPythonPackage rec {
+ pname = "rtslib";
+ inherit version;
+ src = fetchFromGitHub {
+ owner = "datera";
+ repo = "rtslib";
+ rev = version;
+ sha256 = "1d58k9i4xigfqgycyismsqzkz65ssjdri2v9fg0wpica1klyyv22";
+ };
+ propagatedBuildInputs = [ ipaddr netifaces configobj ];
+ };
+ configshell = buildPythonPackage rec {
+ pname = "configshell";
+ version = "1.6";
+ src = fetchFromGitHub {
+ owner = "datera";
+ repo = "configshell";
+ rev = version;
+ sha256 = "14n7xbcaicsvwajv1aihz727dlkn6zfaqjbnn7mcpns83c2hms7y";
+ };
+ propagatedBuildInputs = [ pyparsing ];
+ };
+
+ tcm-py = buildPythonPackage rec {
+ pname = "tcm-py";
+ version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
+ src = fetchFromGitHub {
+ owner = "datera";
+ repo = "lio-utils";
+ rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
+ sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0";
+ } + "/tcm-py";
+ propagatedBuildInputs = [ ];
+ };
+
+ lio-py = buildPythonPackage rec {
+ pname = "lio-py";
+ version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
+ src = fetchFromGitHub {
+ owner = "datera";
+ repo = "lio-utils";
+ rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
+ sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0";
+ } + "/lio-py";
+ propagatedBuildInputs = [ ];
+ };
+
+in buildPythonApplication rec {
+ pname = "targetcli";
+ inherit version;
+
+ propagatedBuildInputs = [ rtslib configshell lio-py tcm-py ];
+
+ src = fetchFromGitHub {
+ owner = "datera";
+ repo = "targetcli";
+ rev = version;
+ sha256 = "10nax7761g93qzky01y3hra8i4s11cgyy9w5w6l8781lj21lgi3d";
+ };
+}
diff --git a/makefu/5pkgs/zj-58/default.nix b/makefu/5pkgs/zj-58/default.nix
deleted file mode 100644
index 6eda84959..000000000
--- a/makefu/5pkgs/zj-58/default.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{stdenv, fetchFromGitHub, cups}:
-
-stdenv.mkDerivation rec {
- name = "cups-zj58-2018-02-22";
-
- src = fetchFromGitHub {
- owner = "klirichek";
- repo = "zj-58";
- rev = "e4212cd";
- sha256 = "1w2qkspm4qqg5h8n6gmakzhiww7gag64chvy9kf89xsl3wsyp6pi";
- };
-
- buildInputs = [cups];
-
- installPhase = ''
- mkdir -p $out/lib/cups/filter
-
- cp rastertozj $out/lib/cups/filter
-
-
- mkdir -p $out/share/cups/model/zjiang
- cp ZJ-58.ppd $out/share/cups/model/zjiang/
- '';
-
- meta = {
- description = "CUPS filter for thermal printer Zjiang ZJ-58";
- homepage = https://github.com/klirichek/zj-58;
- platforms = stdenv.lib.platforms.linux;
- };
-}
diff --git a/makefu/krops.nix b/makefu/krops.nix
index 27b7b04ef..2b43d541d 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -69,7 +69,7 @@
(lib.mkIf ( host-src.home-manager ) {
home-manager.git = {
url = https://github.com/rycee/home-manager;
- ref = "6eea2a4";
+ ref = "f947faf";
};
})
];
diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json
index f39bb6688..c5cd0ac30 100644
--- a/makefu/nixpkgs.json
+++ b/makefu/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/makefu/nixpkgs",
- "rev": "8f991294288b27b9dec05cc1e07ec6a360bb39c8",
- "date": "2018-08-06T14:29:01+02:00",
- "sha256": "0zan8kdjk1pwdzm1rwc3ka87k11j0zmw4mdnj70r6pm38x2fa9n6",
+ "rev": "86fb1e9ae6ba6dfedc814b82abd8db5cfa4f4687",
+ "date": "2018-10-07T23:33:42+02:00",
+ "sha256": "015yxs3qj299mgqfmz5vgszj2gxqwazifsdsjw6xadris3ri41d3",
"fetchSubmodules": true
}
diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix
deleted file mode 100644
index 0967ef424..000000000
--- a/nin/0tests/dummysecrets/hashedPasswords.nix
+++ /dev/null
@@ -1 +0,0 @@
-{}
diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519
deleted file mode 100644
index e69de29bb..000000000
diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix
deleted file mode 100644
index 5e81afdbd..000000000
--- a/nin/1systems/axon/config.nix
+++ /dev/null
@@ -1,132 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- imports = [
- <stockholm/nin>
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- #../2configs/copyq.nix
- <stockholm/nin/2configs/ableton.nix>
- <stockholm/nin/2configs/games.nix>
- <stockholm/nin/2configs/git.nix>
- <stockholm/nin/2configs/retiolum.nix>
- <stockholm/nin/2configs/termite.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.axon;
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/pool/root";
- fsType = "ext4";
- };
-
- fileSystems."/tmp" =
- { device = "tmpfs";
- fsType = "tmpfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/sda1";
- fsType = "ext2";
- };
-
- boot.initrd.luks.devices.crypted.device = "/dev/sda2";
- boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda";
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-
- # Enable CUPS to print documents.
- # services.printing.enable = true;
-
- # nin config
- time.timeZone = "Europe/Berlin";
- services.xserver = {
- enable = true;
-
- displayManager.lightdm.enable = true;
- };
-
- networking.networkmanager.enable = true;
- #networking.wireless.enable = true;
-
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
-
- hardware.bluetooth.enable = true;
-
- hardware.opengl.driSupport32Bit = true;
-
- #nixpkgs.config.steam.java = true;
-
- environment.systemPackages = with pkgs; [
- atom
- chromium
- firefox
- git
- htop
- keepassx
- lmms
- networkmanagerapplet
- openvpn
- python
- ruby
- steam
- taskwarrior
- thunderbird
- vim
- virtmanager
- ];
-
- nixpkgs.config = {
-
- allowUnfree = true;
-
- };
-
- #services.logind.extraConfig = "HandleLidSwitch=ignore";
-
- services.xserver.synaptics = {
- enable = true;
- };
-
- services.xserver.displayManager.sessionCommands = ''
- ${pkgs.xorg.xhost}/bin/xhost + local:
- '';
-
- services.xserver.desktopManager.xfce = let
- xbindConfig = pkgs.writeText "xbindkeysrc" ''
- "${pkgs.pass}/bin/passmenu --type"
- Control + p
- '';
- in {
- enable = true;
- extraSessionCommands = ''
- ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
- '';
- };
-
- # The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "17.03";
-
-}
diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix
deleted file mode 100644
index a09eed958..000000000
--- a/nin/1systems/hiawatha/config.nix
+++ /dev/null
@@ -1,126 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- imports = [
- <stockholm/nin>
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- #../2configs/copyq.nix
- <stockholm/nin/2configs/games.nix>
- <stockholm/nin/2configs/git.nix>
- <stockholm/nin/2configs/retiolum.nix>
- <stockholm/nin/2configs/termite.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.hiawatha;
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e";
- fsType = "ext4";
- };
-
- fileSystems."/tmp" =
- { device = "tmpfs";
- fsType = "tmpfs";
- };
-
- fileSystems."/home" =
- { device = "/dev/fam/home";
- };
-
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010";
- fsType = "ext2";
- };
-
- boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
- boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda";
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-
- # Enable CUPS to print documents.
- # services.printing.enable = true;
-
- fileSystems."/home/nin/.local/share/Steam" = {
- device = "/dev/fam/steam";
- };
-
- # nin config
- time.timeZone = "Europe/Berlin";
- services.xserver.enable = true;
-
- networking.networkmanager.enable = true;
- #networking.wireless.enable = true;
-
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
-
- hardware.bluetooth.enable = true;
-
- hardware.opengl.driSupport32Bit = true;
-
- #nixpkgs.config.steam.java = true;
-
- environment.systemPackages = with pkgs; [
- firefox
- git
- lmms
- networkmanagerapplet
- python
- steam
- thunderbird
- vim
- virtmanager
- ];
-
- nixpkgs.config = {
-
- allowUnfree = true;
-
- };
-
- #services.logind.extraConfig = "HandleLidSwitch=ignore";
-
- services.xserver.synaptics = {
- enable = true;
- };
-
-
- services.xserver.desktopManager.xfce = let
- xbindConfig = pkgs.writeText "xbindkeysrc" ''
- "${pkgs.pass}/bin/passmenu --type"
- Control + p
- '';
- in {
- enable = true;
- extraSessionCommands = ''
- ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
- '';
- };
-
- # The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "17.03";
-
-}
diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix
deleted file mode 100644
index 3cd0773ae..000000000
--- a/nin/1systems/onondaga/config.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- <stockholm/nin>
- <stockholm/nin/2configs/retiolum.nix>
- <stockholm/nin/2configs/weechat.nix>
- <stockholm/nin/2configs/git.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.onondaga;
-
- boot.isContainer = true;
- networking.useDHCP = false;
-
- time.timeZone = "Europe/Amsterdam";
-
- services.openssh.enable = true;
-}
diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix
deleted file mode 100644
index 343a9089d..000000000
--- a/nin/2configs/ableton.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, pkgs, ... }: let
- mainUser = config.users.extraUsers.nin;
-in {
- users.users= {
- ableton = {
- isNormalUser = true;
- extraGroups = [
- "audio"
- "video"
- ];
- packages = [
- pkgs.wine
- pkgs.winetricks
- ];
- };
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(ableton) NOPASSWD: ALL
- '';
-}
diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix
deleted file mode 100644
index 0616c4025..000000000
--- a/nin/2configs/copyq.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-let
- copyqConfig = pkgs.writeDash "copyq-config" ''
- ${pkgs.copyq}/bin/copyq config check_clipboard true
- ${pkgs.copyq}/bin/copyq config check_selection true
- ${pkgs.copyq}/bin/copyq config copy_clipboard true
- ${pkgs.copyq}/bin/copyq config copy_selection true
-
- ${pkgs.copyq}/bin/copyq config activate_closes true
- ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
- ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
- ${pkgs.copyq}/bin/copyq config disable_tray true
- ${pkgs.copyq}/bin/copyq config hide_tabs true
- ${pkgs.copyq}/bin/copyq config hide_toolbar true
- ${pkgs.copyq}/bin/copyq config item_popup_interval true
- ${pkgs.copyq}/bin/copyq config maxitems 1000
- ${pkgs.copyq}/bin/copyq config move true
- ${pkgs.copyq}/bin/copyq config text_wrap true
- '';
-in {
- systemd.user.services.copyq = {
- after = [ "graphical.target" ];
- wants = [ "graphical.target" ];
- wantedBy = [ "default.target" ];
- environment = {
- DISPLAY = ":0";
- };
- serviceConfig = {
- SyslogIdentifier = "copyq";
- ExecStart = "${pkgs.copyq}/bin/copyq";
- ExecStartPost = copyqConfig;
- Restart = "always";
- RestartSec = "2s";
- StartLimitBurst = 0;
- };
- };
-}
diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix
deleted file mode 100644
index 62f499a2d..000000000
--- a/nin/2configs/default.nix
+++ /dev/null
@@ -1,173 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-{
- imports = [
- ../2configs/vim.nix
- <stockholm/krebs/2configs/binary-cache/nixos.nix>
- <stockholm/krebs/2configs/binary-cache/prism.nix>
- {
- users.extraUsers =
- mapAttrs (_: h: { hashedPassword = h; })
- (import <secrets/hashedPasswords.nix>);
- }
- {
- users.users = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.nin.pubkey
- config.krebs.users.nin_h.pubkey
- ];
- };
- nin = {
- name = "nin";
- uid = 1337;
- home = "/home/nin";
- group = "users";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- "audio"
- "fuse"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.nin.pubkey
- config.krebs.users.nin_h.pubkey
- ];
- };
- };
- }
- {
- environment.variables = {
- NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
- };
- }
- (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
- environment.variables = {
- CURL_CA_BUNDLE = ca-bundle;
- GIT_SSL_CAINFO = ca-bundle;
- SSL_CERT_FILE = ca-bundle;
- };
- })
- ];
-
- networking.hostName = config.krebs.build.host.name;
- nix.maxJobs = config.krebs.build.host.cores;
-
- krebs = {
- enable = true;
- search-domain = "r";
- build = {
- user = config.krebs.users.nin;
- };
- };
-
- nix.useSandbox = true;
-
- users.mutableUsers = false;
-
- services.timesyncd.enable = true;
-
- #why is this on in the first place?
- services.nscd.enable = false;
-
- boot.tmpOnTmpfs = true;
- # see tmpfiles.d(5)
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -"
- ];
-
- # multiple-definition-problem when defining environment.variables.EDITOR
- environment.extraInit = ''
- EDITOR=vim
- '';
-
- nixpkgs.config.allowUnfree = true;
-
- environment.shellAliases = {
- gs = "git status";
- };
-
- environment.systemPackages = with pkgs; [
- #stockholm
- git
- gnumake
- jq
- proot
- pavucontrol
- populate
- p7zip
- termite
- unzip
- unrar
- hashPassword
- ];
-
- programs.bash = {
- enableCompletion = true;
- interactiveShellInit = ''
- HISTCONTROL='erasedups:ignorespace'
- HISTSIZE=65536
- HISTFILESIZE=$HISTSIZE
-
- shopt -s checkhash
- shopt -s histappend histreedit histverify
- shopt -s no_empty_cmd_completion
- complete -d cd
- '';
- promptInit = ''
- if test $UID = 0; then
- PS1='\[\033[1;31m\]$PWD\[\033[0m\] '
- elif test $UID = 1337; then
- PS1='\[\033[1;32m\]$PWD\[\033[0m\] '
- else
- PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] '
- fi
- if test -n "$SSH_CLIENT"; then
- PS1='\[\033[35m\]\h'" $PS1"
- fi
- '';
- };
-
- services.openssh = {
- enable = true;
- hostKeys = [
- # XXX bits here make no science
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- krebs.iptables = {
- enable = true;
- tables = {
- nat.PREROUTING.rules = [
- { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
- { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
- ];
- nat.OUTPUT.rules = [
- { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
- ];
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = [
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
- { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
- { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
- { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
- { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
- { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
- { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
- ];
- };
- };
-
- networking.dhcpcd.extraConfig = ''
- noipv4ll
- '';
-}
diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix
deleted file mode 100644
index aed4a9f48..000000000
--- a/nin/2configs/git.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
-
- out = {
- services.nginx.enable = true;
- krebs.git = {
- enable = true;
- cgit = {
- settings = {
- root-title = "public repositories at ${config.krebs.build.host.name}";
- root-desc = "keep calm and engage";
- };
- };
- repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
- rules = rules;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
-
- repos = public-repos;
-
- rules = concatMap make-rules (attrValues repos);
-
- public-repos = mapAttrs make-public-repo {
- stockholm = {
- cgit.desc = "take all the computers hostage, they'll love you!";
- };
- };
-
- make-public-repo = name: { cgit ? {}, ... }: {
- inherit cgit name;
- public = true;
- };
-
- make-rules =
- with git // config.krebs.users;
- repo:
- singleton {
- user = [ nin nin_h ];
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
- optional repo.public {
- user = attrValues config.krebs.users;
- repo = [ repo ];
- perm = fetch;
- } ++
- optional (length (repo.collaborators or []) > 0) {
- user = repo.collaborators;
- repo = [ repo ];
- perm = fetch;
- };
-
-in out
diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix
deleted file mode 100644
index b078dbd53..000000000
--- a/nin/2configs/im.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-{
- environment.systemPackages = with pkgs; [
- (pkgs.writeDashBin "im" ''
- export PATH=${makeSearchPath "bin" (with pkgs; [
- tmux
- gnugrep
- weechat
- ])}
- ssh chat@onondaga
- if tmux list-sessions -F\#S | grep -q '^im''$'; then
- exec tmux attach -t im
- else
- exec tmux new -s im weechat
- fi
- '')
- ];
-}
diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix
deleted file mode 100644
index 821e3cc00..000000000
--- a/nin/2configs/retiolum.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ ... }:
-
-{
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
- { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
- ];
- };
- };
-
- krebs.tinc.retiolum = {
- enable = true;
- connectTo = [
- "prism"
- "pigstarter"
- "gum"
- "flap"
- ];
- };
-
- nixpkgs.config.packageOverrides = pkgs: {
- tinc = pkgs.tinc_pre;
- };
-}
diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix
deleted file mode 100644
index 621dfae82..000000000
--- a/nin/2configs/skype.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.nin;
- inherit (import <stockholm/lib>) genid;
-
-in {
- users.extraUsers = {
- skype = {
- name = "skype";
- uid = genid "skype";
- description = "user for running skype";
- home = "/home/skype";
- useDefaultShell = true;
- extraGroups = [ "audio" "video" ];
- createHome = true;
- };
- };
-
- krebs.per-user.skype.packages = [
- pkgs.skype
- ];
-
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(skype) NOPASSWD: ALL
- '';
-}
diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix
deleted file mode 100644
index 942446b01..000000000
--- a/nin/2configs/termite.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- environment.systemPackages = [
- pkgs.termite
- ];
-
- krebs.per-user.nin.packages = let
- termitecfg = pkgs.writeTextFile {
- name = "termite-config";
- destination = "/etc/xdg/termite/config";
- text = ''
- [colors]
- foreground = #d0d7d0
- background = #000000
- '';
- };
- in [
- termitecfg
- ];
-
-}
diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix
deleted file mode 100644
index 7b5d37611..000000000
--- a/nin/2configs/vim.nix
+++ /dev/null
@@ -1,355 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- out = {
- environment.systemPackages = [
- vim
- pkgs.pythonPackages.flake8
- ];
-
- environment.etc.vimrc.source = vimrc;
-
- environment.variables.EDITOR = mkForce "vim";
- environment.variables.VIMINIT = ":so /etc/vimrc";
- };
-
- vimrc = pkgs.writeText "vimrc" ''
- set nocompatible
-
- set autoindent
- set backspace=indent,eol,start
- set backup
- set backupdir=${dirs.backupdir}/
- set directory=${dirs.swapdir}//
- set hlsearch
- set incsearch
- set laststatus=2
- set mouse=a
- set noruler
- set pastetoggle=<INS>
- set runtimepath=${extra-runtimepath},$VIMRUNTIME
- set shortmess+=I
- set showcmd
- set showmatch
- set ttimeoutlen=0
- set undodir=${dirs.undodir}
- set undofile
- set undolevels=1000000
- set undoreload=1000000
- set viminfo='20,<1000,s100,h,n${files.viminfo}
- set visualbell
- set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
- set wildmenu
- set wildmode=longest,full
-
- set et ts=2 sts=2 sw=2
-
- filetype plugin indent on
-
- set t_Co=256
- colorscheme hack
- syntax on
-
- au Syntax * syn match Garbage containedin=ALL /\s\+$/
- \ | syn match TabStop containedin=ALL /\t\+/
- \ | syn keyword Todo containedin=ALL TODO
-
- au BufRead,BufNewFile *.hs so ${hs.vim}
-
- au BufRead,BufNewFile *.nix so ${nix.vim}
-
- au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
-
- "Syntastic config
- let g:syntastic_python_checkers=['flake8']
-
- nmap <esc>q :buffer
- nmap <M-q> :buffer
-
- cnoremap <C-A> <Home>
-
- noremap <C-c> :q<cr>
- vnoremap < <gv
- vnoremap > >gv
-
- nnoremap <esc>[5^ :tabp<cr>
- nnoremap <esc>[6^ :tabn<cr>
- nnoremap <esc>[5@ :tabm -1<cr>
- nnoremap <esc>[6@ :tabm +1<cr>
-
- nnoremap <f1> :tabp<cr>
- nnoremap <f2> :tabn<cr>
- inoremap <f1> <esc>:tabp<cr>
- inoremap <f2> <esc>:tabn<cr>
-
- " <C-{Up,Down,Right,Left>
- noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
- noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
- noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
- noremap <esc>Od <nop> | noremap! <esc>Od <nop>
- " <[C]S-{Up,Down,Right,Left>
- noremap <esc>[a <nop> | noremap! <esc>[a <nop>
- noremap <esc>[b <nop> | noremap! <esc>[b <nop>
- noremap <esc>[c <nop> | noremap! <esc>[c <nop>
- noremap <esc>[d <nop> | noremap! <esc>[d <nop>
- vnoremap u <nop>
- '';
-
- extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
- pkgs.vimPlugins.Syntastic
- pkgs.vimPlugins.undotree
- pkgs.vimPlugins.airline
- (pkgs.vimUtils.buildVimPlugin {
- name = "file-line-1.0";
- src = pkgs.fetchgit {
- url = git://github.com/bogado/file-line;
- rev = "refs/tags/1.0";
- sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
- };
- })
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "hack";
- in {
- name = "vim-color-${name}-1.0.2";
- destination = "/colors/${name}.vim";
- text = /* vim */ ''
- set background=dark
- hi clear
- if exists("syntax_on")
- syntax clear
- endif
-
- let colors_name = ${toJSON name}
-
- hi Normal ctermbg=235
- hi Comment ctermfg=242
- hi Constant ctermfg=062
- hi Identifier ctermfg=068
- hi Function ctermfg=041
- hi Statement ctermfg=167
- hi PreProc ctermfg=167
- hi Type ctermfg=041
- hi Delimiter ctermfg=251
- hi Special ctermfg=062
-
- hi Garbage ctermbg=088
- hi TabStop ctermbg=016
- hi Todo ctermfg=174 ctermbg=NONE
-
- hi NixCode ctermfg=148
- hi NixData ctermfg=149
- hi NixQuote ctermfg=150
-
- hi diffNewFile ctermfg=207
- hi diffFile ctermfg=207
- hi diffLine ctermfg=207
- hi diffSubname ctermfg=207
- hi diffAdded ctermfg=010
- hi diffRemoved ctermfg=009
- '';
- })))
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "vim";
- in {
- name = "vim-syntax-${name}-1.0.0";
- destination = "/syntax/${name}.vim";
- text = /* vim */ ''
- ${concatMapStringsSep "\n" (s: /* vim */ ''
- syn keyword vimColor${s} ${s}
- \ containedin=ALLBUT,vimComment,vimLineComment
- hi vimColor${s} ctermfg=${s}
- '') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
- '';
- })))
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "showsyntax";
- in {
- name = "vim-plugin-${name}-1.0.0";
- destination = "/plugin/${name}.vim";
- text = /* vim */ ''
- if exists('g:loaded_showsyntax')
- finish
- endif
- let g:loaded_showsyntax = 0
-
- fu! ShowSyntax()
- let id = synID(line("."), col("."), 1)
- let name = synIDattr(id, "name")
- let transName = synIDattr(synIDtrans(id),"name")
- if name != transName
- let name .= " (" . transName . ")"
- endif
- echo "Syntax: " . name
- endfu
-
- command! -n=0 -bar ShowSyntax :call ShowSyntax()
- '';
- })))
- ];
-
- dirs = {
- backupdir = "$HOME/.cache/vim/backup";
- swapdir = "$HOME/.cache/vim/swap";
- undodir = "$HOME/.cache/vim/undo";
- };
- files = {
- viminfo = "$HOME/.cache/vim/info";
- };
-
- mkdirs = let
- dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
- in assert out != ""; out;
- alldirs = attrValues dirs ++ map dirOf (attrValues files);
- in unique (sort lessThan alldirs);
-
- vim = pkgs.writeDashBin "vim" ''
- set -efu
- (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
- exec ${pkgs.vim}/bin/vim "$@"
- '';
-
-
- hs.vim = pkgs.writeText "hs.vim" ''
- syn region String start=+\[[[:alnum:]]*|+ end=+|]+
-
- hi link ConId Identifier
- hi link VarId Identifier
- hi link hsDelimiter Delimiter
- '';
-
- nix.vim = pkgs.writeText "nix.vim" ''
- setf nix
-
- " Ref <nix/src/libexpr/lexer.l>
- syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
- syn match NixINT /\<[0-9]\+\>/
- syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
- syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
- syn region NixSTRING
- \ matchgroup=NixSTRING
- \ start='"'
- \ skip='\\"'
- \ end='"'
- syn region NixIND_STRING
- \ matchgroup=NixIND_STRING
- \ start="'''"
- \ skip="'''\('\|[$]\|\\[nrt]\)"
- \ end="'''"
-
- syn match NixOther /[():/;=.,?\[\]]/
-
- syn match NixCommentMatch /\(^\|\s\)#.*/
- syn region NixCommentRegion start="/\*" end="\*/"
-
- hi link NixCode Statement
- hi link NixData Constant
- hi link NixComment Comment
-
- hi link NixCommentMatch NixComment
- hi link NixCommentRegion NixComment
- hi link NixID NixCode
- hi link NixINT NixData
- hi link NixPATH NixData
- hi link NixHPATH NixData
- hi link NixSPATH NixData
- hi link NixURI NixData
- hi link NixSTRING NixData
- hi link NixIND_STRING NixData
-
- hi link NixEnter NixCode
- hi link NixOther NixCode
- hi link NixQuote NixData
-
- syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
- syn cluster nix_ind_strings contains=NixIND_STRING
- syn cluster nix_strings contains=NixSTRING
-
- ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
- startAlts = filter isString [
- ''/\* ${lang} \*/''
- extraStart
- ];
- sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
- in /* vim */ ''
- syn include @nix_${lang}_syntax syntax/${lang}.vim
- unlet b:current_syntax
-
- syn match nix_${lang}_sigil
- \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
- \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
- \ transparent
-
- syn region nix_${lang}_region_STRING
- \ matchgroup=NixSTRING
- \ start='"'
- \ skip='\\"'
- \ end='"'
- \ contained
- \ contains=@nix_${lang}_syntax
- \ transparent
-
- syn region nix_${lang}_region_IND_STRING
- \ matchgroup=NixIND_STRING
- \ start="'''"
- \ skip="'''\('\|[$]\|\\[nrt]\)"
- \ end="'''"
- \ contained
- \ contains=@nix_${lang}_syntax
- \ transparent
-
- syn cluster nix_ind_strings
- \ add=nix_${lang}_region_IND_STRING
-
- syn cluster nix_strings
- \ add=nix_${lang}_region_STRING
-
- syn cluster nix_has_dollar_curly
- \ add=@nix_${lang}_syntax
- '') {
- c = {};
- cabal = {};
- haskell = {};
- sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
- vim.extraStart =
- ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
- })}
-
- " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
- syn clear shVarAssign
-
- syn region nixINSIDE_DOLLAR_CURLY
- \ matchgroup=NixEnter
- \ start="[$]{"
- \ end="}"
- \ contains=TOP
- \ containedin=@nix_has_dollar_curly
- \ transparent
-
- syn region nix_inside_curly
- \ matchgroup=NixEnter
- \ start="{"
- \ end="}"
- \ contains=TOP
- \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
- \ transparent
-
- syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
- \ containedin=@nix_ind_strings
- \ contained
-
- syn match NixQuote /\\./he=s+1
- \ containedin=@nix_strings
- \ contained
-
- syn sync fromstart
-
- let b:current_syntax = "nix"
-
- set isk=@,48-57,_,192-255,-,'
- set bg=dark
- '';
-in
-out
diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix
deleted file mode 100644
index 6c0fb313e..000000000
--- a/nin/2configs/weechat.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- inherit (import <stockholm/lib>) genid;
-in {
- krebs.per-user.chat.packages = with pkgs; [
- mosh
- weechat
- tmux
- ];
-
- users.extraUsers.chat = {
- home = "/home/chat";
- uid = genid "chat";
- useDefaultShell = true;
- createHome = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.nin.pubkey
- ];
- };
-}
diff --git a/nin/default.nix b/nin/default.nix
deleted file mode 100644
index c31d6d949..000000000
--- a/nin/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-_:
-{
- imports = [
- ../krebs
- ./2configs
- ];
-}