makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'nextgum/master'

Browse source
This commit is contained in:
lassulus 2018-11-10 19:42:46 +01:00
parent 0028e3dde3 254e9e62b9
commit eff97662c0
91 changed files with 1004 additions and 2346 deletions

2
krebs/2configs/ircd.nix
View file

@ -5,7 +5,7 @@
6667 6669 6667 6669
]; ];
services.charybdis = { krebs.charybdis = {
enable = true; enable = true;
motd = '' motd = ''
hello hello

110
krebs/3modules/charybdis.nix Normal file
View file

@ -0,0 +1,110 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkEnableOption mkIf mkOption singleton types;
inherit (pkgs) coreutils charybdis;
cfg = config.krebs.charybdis;
configFile = pkgs.writeText "charybdis.conf" ''
${cfg.config}
'';
in
{
###### interface
options = {
krebs.charybdis = {
enable = mkEnableOption "Charybdis IRC daemon";
config = mkOption {
type = types.string;
description = ''
Charybdis IRC daemon configuration file.
'';
};
statedir = mkOption {
type = types.string;
default = "/var/lib/charybdis";
description = ''
Location of the state directory of charybdis.
'';
};
user = mkOption {
type = types.string;
default = "ircd";
description = ''
Charybdis IRC daemon user.
'';
};
group = mkOption {
type = types.string;
default = "ircd";
description = ''
Charybdis IRC daemon group.
'';
};
motd = mkOption {
type = types.nullOr types.lines;
default = null;
description = ''
Charybdis MOTD text.
Charybdis will read its MOTD from /etc/charybdis/ircd.motd .
If set, the value of this option will be written to this path.
'';
};
};
};
###### implementation
config = mkIf cfg.enable (lib.mkMerge [
{
users.users = singleton {
name = cfg.user;
description = "Charybdis IRC daemon user";
uid = config.ids.uids.ircd;
group = cfg.group;
};
users.groups = singleton {
name = cfg.group;
gid = config.ids.gids.ircd;
};
systemd.services.charybdis = {
description = "Charybdis IRC daemon";
wantedBy = [ "multi-user.target" ];
environment = {
BANDB_DBPATH = "${cfg.statedir}/ban.db";
};
serviceConfig = {
ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}";
Group = cfg.group;
User = cfg.user;
PermissionsStartOnly = true; # preStart needs to run with root permissions
};
preStart = ''
${coreutils}/bin/mkdir -p ${cfg.statedir}
${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir}
'';
};
}
(mkIf (cfg.motd != null) {
environment.etc."charybdis/ircd.motd".text = cfg.motd;
})
]);
}

2
krebs/3modules/default.nix
View file

@ -14,6 +14,7 @@ let
./buildbot/master.nix ./buildbot/master.nix
./buildbot/slave.nix ./buildbot/slave.nix
./build.nix ./build.nix
./charybdis.nix
./ci.nix ./ci.nix
./current.nix ./current.nix
./exim.nix ./exim.nix
@ -111,7 +112,6 @@ let
{ krebs = import ./krebs { inherit config; }; } { krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; } { krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; } { krebs = import ./makefu { inherit config; }; }
{ krebs = import ./nin { inherit config; }; }
{ krebs = import ./tv { inherit config; }; } { krebs = import ./tv { inherit config; }; }
{ {
krebs.dns.providers = { krebs.dns.providers = {

100
krebs/3modules/makefu/default.nix
View file

@ -494,6 +494,8 @@ in {
ip6.addr = "42:f9f0::10"; ip6.addr = "42:f9f0::10";
aliases = [ aliases = [
"omo.r" "omo.r"
"dcpp.omo.r"
"torrent.omo.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -554,7 +556,7 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
}; };
nextgum = rec { gum = rec {
ci = true; ci = true;
extraZones = { extraZones = {
"krebsco.de" = '' "krebsco.de" = ''
@ -563,6 +565,23 @@ in {
graph IN A ${nets.internet.ip4.addr} graph IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr}
iso.euer IN A ${nets.internet.ip4.addr} iso.euer IN A ${nets.internet.ip4.addr}
wg.euer IN A ${nets.internet.ip4.addr}
photostore IN A ${nets.internet.ip4.addr}
o.euer IN A ${nets.internet.ip4.addr}
mon.euer IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
pigstarter IN A ${nets.internet.ip4.addr}
cgit.euer IN A ${nets.internet.ip4.addr}
git.euer IN A ${nets.internet.ip4.addr}
euer IN A ${nets.internet.ip4.addr}
share.euer IN A ${nets.internet.ip4.addr}
gum IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr}
dl.euer IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
io IN NS gum.krebsco.de.
''; '';
}; };
cores = 8; cores = 8;
@ -571,6 +590,7 @@ in {
ip4.addr = "144.76.26.247"; ip4.addr = "144.76.26.247";
ip6.addr = "2a01:4f8:191:12f6::2"; ip6.addr = "2a01:4f8:191:12f6::2";
aliases = [ aliases = [
"gum.i"
"nextgum.i" "nextgum.i"
]; ];
}; };
@ -594,6 +614,16 @@ in {
"stats.makefu.r" "stats.makefu.r"
"backup.makefu.r" "backup.makefu.r"
"dcpp.nextgum.r" "dcpp.nextgum.r"
"gum.r"
"cgit.gum.r"
"o.gum.r"
"tracker.makefu.r"
"search.makefu.r"
"wiki.makefu.r"
"wiki.gum.r"
"blog.makefu.r"
"blog.gum.r"
"dcpp.gum.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -609,73 +639,7 @@ in {
}; };
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
}; };
gum = rec {
ci = true;
cores = 2;
extraZones = {
"krebsco.de" = ''
share.euer IN A ${nets.internet.ip4.addr}
mattermost.euer IN A ${nets.internet.ip4.addr}
gum IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr}
pigstarter IN A ${nets.internet.ip4.addr}
cgit.euer IN A ${nets.internet.ip4.addr}
euer IN A ${nets.internet.ip4.addr}
o.euer IN A ${nets.internet.ip4.addr}
git.euer IN A ${nets.internet.ip4.addr}
dl.euer IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
mon.euer IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
photostore IN A ${nets.internet.ip4.addr}
io IN NS gum.krebsco.de.
'';
};
nets = rec {
internet = {
ip4.addr = "185.194.143.140";
ip6.addr = "2a03:4000:1c:43f::1";
aliases = [
"gum.i"
];
};
retiolum = {
via = internet;
ip4.addr = "10.243.0.211";
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
aliases = [
"gum.r"
"cgit.gum.r"
"o.gum.r"
"tracker.makefu.r"
"search.makefu.r"
"wiki.makefu.r"
"wiki.gum.r"
"blog.makefu.r"
"blog.gum.r"
"dcpp.gum.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
# configured manually
# ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
shoney = rec { shoney = rec {
ci = true; ci = true;
cores = 1; cores = 1;

111
krebs/3modules/nin/default.nix
View file

@ -1,111 +0,0 @@
{ config, ... }:
with import <stockholm/lib>;
{
hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.nin;
ci = true;
}) {
hiawatha = {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.132.96";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
aliases = [
"hiawatha.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
};
axon= {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.134.66";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
aliases = [
"axon.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
/F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
};
onondaga = {
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.132.55";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
aliases = [
"onondaga.r"
"cgit.onondaga.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR
OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu
htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH
xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO
kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn
hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO";
};
};
users = {
nin = {
mail = "nin@axon.r";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
};
nin_h = {
mail = "nin@hiawatha.r";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
};
};
}

8
lass/1systems/prism/config.nix
View file

@ -57,13 +57,6 @@ with import <stockholm/lib>;
config.krebs.users.makefu.pubkey config.krebs.users.makefu.pubkey
]; ];
}; };
users.users.nin = {
uid = genid "nin";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
];
};
users.extraUsers.dritter = { users.extraUsers.dritter = {
uid = genid "dritter"; uid = genid "dritter";
isNormalUser = true; isNormalUser = true;
@ -119,7 +112,6 @@ with import <stockholm/lib>;
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey config.krebs.users.lass.pubkey
config.krebs.users.nin.pubkey
]; ];
}; };
autoStart = true; autoStart = true;

140
makefu/1systems/gum/config.nix
View file

@ -8,16 +8,21 @@ in {
imports = [ imports = [
<stockholm/makefu> <stockholm/makefu>
./hardware-config.nix ./hardware-config.nix
{
users.users.lass = {
uid = 9002;
isNormalUser = true;
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
makefu.pubkey
];
};
}
<stockholm/makefu/2configs/headless.nix> <stockholm/makefu/2configs/headless.nix>
# <stockholm/makefu/2configs/smart-monitor.nix> # <stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
<stockholm/makefu/2configs/backup.nix>
# <stockholm/makefu/2configs/mattermost-docker.nix>
# <stockholm/makefu/2configs/disable_v6.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
# Security # Security
<stockholm/makefu/2configs/sshd-totp.nix> <stockholm/makefu/2configs/sshd-totp.nix>
@ -26,83 +31,90 @@ in {
<stockholm/makefu/2configs/tools/dev.nix> <stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/sec.nix> <stockholm/makefu/2configs/tools/sec.nix>
<stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/mosh.nix>
# <stockholm/makefu/2configs/gui/xpra.nix>
# networking
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
#<stockholm/makefu/2configs/dnscrypt/server.nix>
<stockholm/makefu/2configs/iodined.nix>
# <stockholm/makefu/2configs/backup.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
# ci
# <stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
<stockholm/makefu/2configs/shack/gitlab-runner>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/taskd.nix>
# services # services
<stockholm/makefu/2configs/share/gum.nix> <stockholm/makefu/2configs/sabnzbd.nix>
# <stockholm/makefu/2configs/sabnzbd.nix> <stockholm/makefu/2configs/mail/mail.euer.nix>
<stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/mosh.nix>
# <stockholm/makefu/2configs/retroshare.nix>
# network # sharing
<stockholm/makefu/2configs/share/gum.nix>
<stockholm/makefu/2configs/torrent.nix>
#<stockholm/makefu/2configs/retroshare.nix>
## <stockholm/makefu/2configs/ipfs.nix>
#<stockholm/makefu/2configs/syncthing.nix>
{ # ncdc
environment.systemPackages = [ pkgs.ncdc ];
networking.firewall = {
allowedUDPPorts = [ 51411 ];
allowedTCPPorts = [ 51411 ];
};
}
# <stockholm/makefu/2configs/opentracker.nix>
## network
<stockholm/makefu/2configs/vpn/openvpn-server.nix> <stockholm/makefu/2configs/vpn/openvpn-server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix> # <stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix> <stockholm/makefu/2configs/dnscrypt/server.nix>
<stockholm/makefu/2configs/binary-cache/server.nix>
<stockholm/makefu/2configs/backup/server.nix>
<stockholm/makefu/2configs/iodined.nix> <stockholm/makefu/2configs/iodined.nix>
<stockholm/makefu/2configs/bitlbee.nix>
<stockholm/makefu/2configs/wireguard/server.nix>
# buildbot # Removed until move: no extra mails
<stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/urlwatch>
# Removed until move: avoid letsencrypt ban
## Web ### Web
<stockholm/makefu/2configs/nginx/share-download.nix> #<stockholm/makefu/2configs/nginx/share-download.nix>
<stockholm/makefu/2configs/nginx/euer.test.nix> #<stockholm/makefu/2configs/nginx/euer.test.nix>
<stockholm/makefu/2configs/nginx/euer.mon.nix> <stockholm/makefu/2configs/nginx/euer.mon.nix>
<stockholm/makefu/2configs/nginx/euer.wiki.nix> <stockholm/makefu/2configs/nginx/euer.wiki.nix>
<stockholm/makefu/2configs/nginx/euer.blog.nix> <stockholm/makefu/2configs/nginx/euer.blog.nix>
# <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix> ## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/public_html.nix> #<stockholm/makefu/2configs/nginx/public_html.nix>
<stockholm/makefu/2configs/nginx/update.connector.one.nix> #<stockholm/makefu/2configs/nginx/update.connector.one.nix>
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/iso.euer.nix>
<stockholm/makefu/2configs/shack/events-publisher>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
# <stockholm/makefu/2configs/deployment/graphs.nix> <stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix> <stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/boot-euer.nix> <stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix> <stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
{
services.taskserver.enable = true;
services.taskserver.fqdn = config.krebs.build.host.name;
services.taskserver.listenHost = "::";
services.taskserver.organisations.home.users = [ "makefu" ];
networking.firewall.extraCommands = ''
iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
'';
}
# <stockholm/makefu/2configs/ipfs.nix>
<stockholm/makefu/2configs/syncthing.nix>
# <stockholm/makefu/2configs/opentracker.nix>
<stockholm/makefu/2configs/dcpp/hub.nix>
<stockholm/makefu/2configs/dcpp/client.nix>
<stockholm/makefu/2configs/stats/client.nix> <stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/logging/client.nix> # <stockholm/makefu/2configs/logging/client.nix>
# Temporary: # sharing
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
<stockholm/makefu/2configs/dcpp/hub.nix>
## Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix> # <stockholm/makefu/2configs/temp/rst-issue.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix> <stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
#{ # krebs infrastructure services
# services.dockerRegistry.enable = true; <stockholm/makefu/2configs/stats/server.nix>
# networking.firewall.allowedTCPPorts = [ 8443 ];
# services.nginx.virtualHosts."euer.krebsco.de" = {
# forceSSL = true;
# enableACME = true;
# extraConfig = ''
# client_max_body_size 1000M;
# '';
# locations."/".proxyPass = "http://localhost:5000";
# };
#}
<stockholm/makefu/2configs/wireguard/server.nix>
{ # iperf3
networking.firewall.allowedUDPPorts = [ 5201 ];
networking.firewall.allowedTCPPorts = [ 5201 ];
}
]; ];
makefu.dl-dir = "/var/download"; makefu.dl-dir = "/var/download";
@ -120,9 +132,7 @@ in {
ListenAddress = ${external-ip} 21031 ListenAddress = ${external-ip} 21031
''; '';
connectTo = [ connectTo = [
"muhbaasu" "tahoe" "flap" "wry" "prism" "ni" "enklave" "dishfire" "echelon" "hotdog"
"ni"
"fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
]; ];
}; };
@ -137,10 +147,11 @@ in {
environment.systemPackages = with pkgs;[ environment.systemPackages = with pkgs;[
weechat weechat
bepasty-client-cli bepasty-client-cli
get
tmux tmux
]; ];
# Hardware
# Network # Network
networking = { networking = {
firewall = { firewall = {
@ -179,4 +190,5 @@ in {
}; };
users.users.makefu.extraGroups = [ "download" "nginx" ]; users.users.makefu.extraGroups = [ "download" "nginx" ];
boot.tmpOnTmpfs = true; boot.tmpOnTmpfs = true;
state = [ "/home/makefu/.weechat" ];
} }

77
makefu/1systems/gum/hardware-config.nix
View file

@ -1,26 +1,24 @@
{ config, ... }: { config, ... }:
let let
external-mac = "2a:c5:6e:d2:fc:7f"; external-mac = "50:46:5d:9f:63:6b";
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
external-gw = "185.194.140.1"; sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
external-gw = "144.76.26.225";
# single partition, label "nixos" # single partition, label "nixos"
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
# static # static
external-ip = config.krebs.build.host.nets.internet.ip4.addr; external-ip = "144.76.26.247";
external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; external-ip6 = "2a01:4f8:191:12f6::2";
external-gw6 = "fe80::1"; external-gw6 = "fe80::1";
external-netmask = 22; external-netmask = 27;
external-netmask6 = 64; external-netmask6 = 64;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
ext-if = "et0"; # gets renamed on the fly ext-if = "et0"; # gets renamed on the fly
in { in {
imports = [ imports = [
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
]; ];
makefu.server.primary-itf = ext-if; makefu.server.primary-itf = ext-if;
services.udev.extraRules = '' services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
@ -40,7 +38,62 @@ in {
defaultGateway = external-gw; defaultGateway = external-gw;
}; };
boot.kernelParams = [ ]; boot.kernelParams = [ ];
boot.loader.grub.device = main-disk; boot.loader.grub.enable = true;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; boot.loader.grub.version = 2;
boot.kernelModules = [ "kvm-intel" ]; boot.loader.grub.devices = [ main-disk ];
boot.initrd.kernelModules = [ "dm-raid" ];
boot.initrd.availableKernelModules = [
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
boot.kernelModules = [ "kvm-intel" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
device = "/dev/mapper/nixos-root";
fsType = "ext4";
};
fileSystems."/var/lib" = {
device = "/dev/mapper/nixos-lib";
fsType = "ext4";
};
fileSystems."/var/download" = {
device = "/dev/mapper/nixos-download";
fsType = "ext4";
};
fileSystems."/var/lib/borgbackup" = {
device = "/dev/mapper/nixos-backup";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/sda2";
fsType = "vfat";
};
# parted -s -a optimal "$disk" \
# mklabel gpt \
# mkpart no-fs 0 1024KiB \
# set 1 bios_grub on \
# mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
# mkpart primary 1025MiB 100%
# parted -s -a optimal "/dev/sdb" \
# mklabel gpt \
# mkpart primary 1M 100%
#mkfs.vfat /dev/sda2
#pvcreate /dev/sda3
#pvcreate /dev/sdb1
#vgcreate nixos /dev/sda3 /dev/sdb1
#lvcreate -L 120G -m 1 -n root nixos
#lvcreate -L 50G -m 1 -n lib nixos
#lvcreate -L 100G -n download nixos
#lvcreate -L 100G -n backup nixos
#mkfs.ext4 /dev/mapper/nixos-root
#mkfs.ext4 /dev/mapper/nixos-lib
#mkfs.ext4 /dev/mapper/nixos-download
#mkfs.ext4 /dev/mapper/nixos-borgbackup
#mount /dev/mapper/nixos-root /mnt
#mkdir /mnt/boot
#mount /dev/sda2 /mnt/boot
#mkdir -p /mnt/var/src
#touch /mnt/var/src/.populate
} }

11
makefu/1systems/gum/rescue.txt Normal file
View file

@ -0,0 +1,11 @@
mount /dev/mapper/nixos-root /mnt
mount /dev/sda2 /mnt/boot
chroot-prepare /mnt
chroot /mnt /bin/sh
journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub)
export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild

2
makefu/1systems/gum/source.nix
View file

@ -1,5 +1,5 @@
{ {
name="gum"; name="nextgum";
torrent = true; torrent = true;
clever_kexec = true; clever_kexec = true;
} }

253
makefu/1systems/nextgum/config.nix
View file

@ -1,253 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
ext-if = config.makefu.server.primary-itf;
in {
imports = [
<stockholm/makefu>
./hardware-config.nix
./transfer-config.nix
<stockholm/makefu/2configs/headless.nix>
# <stockholm/makefu/2configs/smart-monitor.nix>
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
# Tools
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/sec.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/mosh.nix>
<stockholm/makefu/2configs/gui/xpra.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
<stockholm/makefu/2configs/backup.nix>
# <stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
# services
<stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/mail/mail.euer.nix>
# sharing
<stockholm/makefu/2configs/share/gum.nix>
<stockholm/makefu/2configs/torrent.nix>
#<stockholm/makefu/2configs/retroshare.nix>
## <stockholm/makefu/2configs/ipfs.nix>
#<stockholm/makefu/2configs/syncthing.nix>
{ # ncdc
environment.systemPackages = [ pkgs.ncdc ];
networking.firewall = {
allowedUDPPorts = [ 51411 ];
allowedTCPPorts = [ 51411 ];
};
}
# <stockholm/makefu/2configs/opentracker.nix>
## network
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix>
<stockholm/makefu/2configs/binary-cache/server.nix>
<stockholm/makefu/2configs/iodined.nix>
<stockholm/makefu/2configs/bitlbee.nix>
## buildbot
<stockholm/makefu/2configs/remote-build/slave.nix>
# Removed until move: no extra mails
<stockholm/makefu/2configs/urlwatch>
# Removed until move: avoid double-update of domain
# <stockholm/makefu/2configs/hub.nix>
# Removed until move: avoid letsencrypt ban
### Web
#<stockholm/makefu/2configs/nginx/share-download.nix>
#<stockholm/makefu/2configs/nginx/euer.test.nix>
#<stockholm/makefu/2configs/nginx/euer.mon.nix>
#<stockholm/makefu/2configs/nginx/euer.wiki.nix>
#<stockholm/makefu/2configs/nginx/euer.blog.nix>
## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
#<stockholm/makefu/2configs/nginx/public_html.nix>
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
#<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/iso.euer.nix>
<stockholm/makefu/2configs/deployment/events-publisher>
#<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
#<stockholm/makefu/2configs/deployment/graphs.nix>
#<stockholm/makefu/2configs/deployment/owncloud.nix>
#<stockholm/makefu/2configs/deployment/boot-euer.nix>
#<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
{
services.taskserver.enable = true;
services.taskserver.fqdn = config.krebs.build.host.name;
services.taskserver.listenHost = "::";
services.taskserver.organisations.home.users = [ "makefu" ];
networking.firewall.extraCommands = ''
iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
'';
}
<stockholm/makefu/2configs/stats/client.nix>
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
# <stockholm/makefu/2configs/logging/client.nix>
## Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
#{
# services.dockerRegistry.enable = true;
# networking.firewall.allowedTCPPorts = [ 8443 ];
# services.nginx.virtualHosts."euer.krebsco.de" = {
# forceSSL = true;
# enableACME = true;
# extraConfig = ''
# client_max_body_size 1000M;
# '';
# locations."/".proxyPass = "http://localhost:5000";
# };
#}
{ # wireguard server
# opkg install wireguard luci-proto-wireguard
# TODO: networking.nat
# boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
# conf.all.proxy_arp =1
networking.firewall = {
allowedUDPPorts = [ 51820 ];
extraCommands = ''
iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
'';
};
networking.wireguard.interfaces.wg0 = {
ips = [ "10.244.0.1/24" ];
listenPort = 51820;
privateKeyFile = (toString <secrets>) + "/wireguard.key";
allowedIPsAsRoutes = true;
peers = [
{
# x
allowedIPs = [ "10.244.0.2/32" ];
publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
}
{
# vbob
allowedIPs = [ "10.244.0.3/32" ];
publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
}
{
# x-test
allowedIPs = [ "10.244.0.4/32" ];
publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
}
{
# work-router
allowedIPs = [ "10.244.0.5/32" ];
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
}
{
# workr
allowedIPs = [ "10.244.0.6/32" ];
publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
}
];
};
}
{ # iperf3
networking.firewall.allowedUDPPorts = [ 5201 ];
networking.firewall.allowedTCPPorts = [ 5201 ];
}
# krebs infrastructure services
<stockholm/makefu/2configs/stats/server.nix>
];
makefu.dl-dir = "/var/download";
services.openssh.hostKeys = [
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
###### stable
services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
krebs.build.host = config.krebs.hosts.gum;
krebs.tinc.retiolum = {
extraConfig = ''
ListenAddress = ${external-ip} 53
ListenAddress = ${external-ip} 655
ListenAddress = ${external-ip} 21031
'';
connectTo = [
"muhbaasu" "tahoe" "flap" "wry"
"ni"
"fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
];
};
# access
users.users = {
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
};
# Chat
environment.systemPackages = with pkgs;[
weechat
bepasty-client-cli
tmux
];
# Hardware
# Network
networking = {
firewall = {
allowPing = true;
logRefusedConnections = false;
allowedTCPPorts = [
# smtp
25
# http
80 443
# httptunnel
8080 8443
# tinc
655
# tinc-shack
21032
# tinc-retiolum
21031
# taskserver
53589
# temp vnc
18001
# temp reverseshell
31337
];
allowedUDPPorts = [
# tinc
655 53
# tinc-retiolum
21031
# tinc-shack
21032
];
};
nameservers = [ "8.8.8.8" ];
};
users.users.makefu.extraGroups = [ "download" "nginx" ];
boot.tmpOnTmpfs = true;
}

99
makefu/1systems/nextgum/hardware-config.nix
View file

@ -1,99 +0,0 @@
{ config, ... }:
let
external-mac = "50:46:5d:9f:63:6b";
main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
external-gw = "144.76.26.225";
# single partition, label "nixos"
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
# static
external-ip = "144.76.26.247";
external-ip6 = "2a01:4f8:191:12f6::2";
external-gw6 = "fe80::1";
external-netmask = 27;
external-netmask6 = 64;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
ext-if = "et0"; # gets renamed on the fly
in {
imports = [
];
makefu.server.primary-itf = ext-if;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
'';
networking = {
interfaces."${ext-if}" = {
ipv4.addresses = [{
address = external-ip;
prefixLength = external-netmask;
}];
ipv6.addresses = [{
address = external-ip6;
prefixLength = external-netmask6;
}];
};
defaultGateway6 = external-gw6;
defaultGateway = external-gw;
};
boot.kernelParams = [ ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ main-disk ];
boot.initrd.kernelModules = [ "dm-raid" ];
boot.initrd.availableKernelModules = [
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
boot.kernelModules = [ "kvm-intel" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
device = "/dev/mapper/nixos-root";
fsType = "ext4";
};
fileSystems."/var/lib" = {
device = "/dev/mapper/nixos-lib";
fsType = "ext4";
};
fileSystems."/var/download" = {
device = "/dev/mapper/nixos-download";
fsType = "ext4";
};
fileSystems."/var/lib/borgbackup" = {
device = "/dev/mapper/nixos-backup";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/sda2";
fsType = "vfat";
};
# parted -s -a optimal "$disk" \
# mklabel gpt \
# mkpart no-fs 0 1024KiB \
# set 1 bios_grub on \
# mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
# mkpart primary 1025MiB 100%
# parted -s -a optimal "/dev/sdb" \
# mklabel gpt \
# mkpart primary 1M 100%
#mkfs.vfat /dev/sda2
#pvcreate /dev/sda3
#pvcreate /dev/sdb1
#vgcreate nixos /dev/sda3 /dev/sdb1
#lvcreate -L 120G -m 1 -n root nixos
#lvcreate -L 50G -m 1 -n lib nixos
#lvcreate -L 100G -n download nixos
#lvcreate -L 100G -n backup nixos
#mkfs.ext4 /dev/mapper/nixos-root
#mkfs.ext4 /dev/mapper/nixos-lib
#mkfs.ext4 /dev/mapper/nixos-download
#mkfs.ext4 /dev/mapper/nixos-borgbackup
#mount /dev/mapper/nixos-root /mnt
#mkdir /mnt/boot
#mount /dev/sda2 /mnt/boot
#mkdir -p /mnt/var/src
#touch /mnt/var/src/.populate
}

5
makefu/1systems/nextgum/source.nix
View file

@ -1,5 +0,0 @@
{
name="nextgum";
torrent = true;
clever_kexec = true;
}

7
makefu/1systems/nextgum/transfer-config.nix
View file

@ -1,7 +0,0 @@
{ config, lib, ... }:
# configuration which is only required for the time of the transfer
{
krebs.tinc.retiolum.connectTo = [ "gum" ];
krebs.build.host = lib.mkForce config.krebs.hosts.nextgum;
}

43
makefu/1systems/omo/config.nix
View file

@ -8,11 +8,11 @@ let
in { in {
imports = imports =
[ [
#./hw/omo.nix ./hw/omo.nix
./hw/tsp.nix #./hw/tsp.nix
<stockholm/makefu> <stockholm/makefu>
<stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/backup.nix> <stockholm/makefu/2configs/backup/state.nix>
<stockholm/makefu/2configs/exim-retiolum.nix> <stockholm/makefu/2configs/exim-retiolum.nix>
# <stockholm/makefu/2configs/smart-monitor.nix> # <stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/mail-client.nix> <stockholm/makefu/2configs/mail-client.nix>
@ -25,6 +25,22 @@ in {
#<stockholm/makefu/2configs/graphite-standalone.nix> #<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix> #<stockholm/makefu/2configs/share-user-sftp.nix>
<stockholm/makefu/2configs/share/omo.nix> <stockholm/makefu/2configs/share/omo.nix>
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
{ krebs.airdcpp.dcpp.shares = let
d = path: "/media/cryptX/${path}";
in {
emu.path = d "emu";
audiobooks.path = lib.mkForce (d "audiobooks");
incoming.path = lib.mkForce (d "torrent");
anime.path = d "anime";
};
krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp";
}
{
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
#services.sabnzbd.enable = true;
#systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
}
# <stockholm/makefu/2configs/share/omo-timemachine.nix> # <stockholm/makefu/2configs/share/omo-timemachine.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix>
@ -41,12 +57,22 @@ in {
<stockholm/makefu/2configs/stats/arafetch.nix> <stockholm/makefu/2configs/stats/arafetch.nix>
# services # services
<stockholm/makefu/2configs/syncthing.nix> {
services.nginx.enable = true;
networking.firewall.allowedTCPPorts = [ 80 ];
}
# <stockholm/makefu/2configs/syncthing.nix>
<stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/deployment/google-muell.nix> <stockholm/makefu/2configs/deployment/google-muell.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix> <stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/bluetooth-mpd.nix> <stockholm/makefu/2configs/bluetooth-mpd.nix>
<stockholm/makefu/2configs/deployment/homeautomation> <stockholm/makefu/2configs/deployment/homeautomation>
{
makefu.ps3netsrv = {
enable = true;
servedir = "/media/cryptX/emu/ps3";
};
}
{ {
hardware.pulseaudio.systemWide = true; hardware.pulseaudio.systemWide = true;
makefu.mpd.musicDirectory = "/media/cryptX/music"; makefu.mpd.musicDirectory = "/media/cryptX/music";
@ -74,7 +100,7 @@ in {
krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) { krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) {
downloadDir = lib.mkForce "/media/cryptX/torrent"; downloadDir = lib.mkForce "/media/cryptX/torrent";
extraConfig = '' extraConfig = ''
upload_rate = 200 upload_rate = 500
''; '';
}; };
users.groups.share = { users.groups.share = {
@ -83,14 +109,7 @@ in {
}; };
networking.firewall.trustedInterfaces = [ primaryInterface ]; networking.firewall.trustedInterfaces = [ primaryInterface ];
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
makefu.ps3netsrv = {
enable = true;
servedir = "/media/cryptX/emu/ps3";
};
users.users.misa = { users.users.misa = {
uid = 9002; uid = 9002;

30
makefu/1systems/wbob/config.nix
View file

@ -11,10 +11,10 @@ in {
<stockholm/makefu> <stockholm/makefu>
<stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/tools/core.nix> <stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/disable_v6.nix> # <stockholm/makefu/2configs/disable_v6.nix>
# <stockholm/makefu/2configs/tools/core-gui.nix> <stockholm/makefu/2configs/tools/core-gui.nix>
# <stockholm/makefu/2configs/tools/extra-gui.nix> <stockholm/makefu/2configs/tools/extra-gui.nix>
# <stockholm/makefu/2configs/tools/media.nix> <stockholm/makefu/2configs/tools/media.nix>
<stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix> <stockholm/makefu/2configs/mqtt.nix>
@ -33,9 +33,6 @@ in {
<stockholm/makefu/2configs/share/wbob.nix> <stockholm/makefu/2configs/share/wbob.nix>
<stockholm/makefu/2configs/bluetooth-mpd.nix> <stockholm/makefu/2configs/bluetooth-mpd.nix>
{
users.users.makefu.extraGroups = [ "pulse" ];
}
# Sensors # Sensors
<stockholm/makefu/2configs/stats/telegraf> <stockholm/makefu/2configs/stats/telegraf>
@ -46,10 +43,11 @@ in {
<stockholm/makefu/2configs/deployment/led-fader.nix> <stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/hw/mceusb.nix> <stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix> # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
{ environment.systemPackages = [ pkgs.vlc ]; }
<stockholm/makefu/2configs/deployment/bureautomation> <stockholm/makefu/2configs/deployment/bureautomation>
<stockholm/makefu/2configs/deployment/bureautomation/mpd.nix>
<stockholm/makefu/2configs/deployment/bureautomation/hass.nix> <stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
(let (let
collectd-port = 25826; collectd-port = 25826;
@ -174,20 +172,4 @@ in {
fsType = "ext4"; fsType = "ext4";
}; };
}; };
# DualHead on NUC
# TODO: update synergy package with these extras (username)
# TODO: add crypto layer
systemd.services."synergy-client" = {
environment.DISPLAY = ":0";
serviceConfig.User = user;
};
services.synergy = {
client = {
enable = true;
screenName = "wbob";
serverAddress = "x.r";
};
};
} }

28
makefu/1systems/x/config.nix
View file

@ -15,7 +15,7 @@
<stockholm/makefu/2configs/extra-fonts.nix> <stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix> <stockholm/makefu/2configs/tools/all.nix>
<stockholm/makefu/2configs/laptop-backup.nix> <stockholm/makefu/2configs/backup/state.nix>
# <stockholm/makefu/2configs/dnscrypt/client.nix> # <stockholm/makefu/2configs/dnscrypt/client.nix>
<stockholm/makefu/2configs/avahi.nix> <stockholm/makefu/2configs/avahi.nix>
@ -74,6 +74,7 @@
<stockholm/makefu/2configs/hw/network-manager.nix> <stockholm/makefu/2configs/hw/network-manager.nix>
<stockholm/makefu/2configs/hw/stk1160.nix> <stockholm/makefu/2configs/hw/stk1160.nix>
<stockholm/makefu/2configs/hw/irtoy.nix> <stockholm/makefu/2configs/hw/irtoy.nix>
<stockholm/makefu/2configs/hw/switch.nix>
<stockholm/makefu/2configs/hw/bluetooth.nix> <stockholm/makefu/2configs/hw/bluetooth.nix>
# <stockholm/makefu/2configs/hw/rad1o.nix> # <stockholm/makefu/2configs/hw/rad1o.nix>
<stockholm/makefu/2configs/hw/smartcard.nix> <stockholm/makefu/2configs/hw/smartcard.nix>
@ -83,11 +84,11 @@
# Security # Security
<stockholm/makefu/2configs/sshd-totp.nix> <stockholm/makefu/2configs/sshd-totp.nix>
{ { programs.adb.enable = true; }
programs.adb.enable = true;
}
# temporary # temporary
{ services.redis.enable = true; }
<stockholm/makefu/2configs/pyload.nix> <stockholm/makefu/2configs/pyload.nix>
# <stockholm/makefu/2configs/dcpp/airdcpp.nix>
# <stockholm/makefu/2configs/nginx/rompr.nix> # <stockholm/makefu/2configs/nginx/rompr.nix>
# <stockholm/makefu/2configs/lanparty/lancache.nix> # <stockholm/makefu/2configs/lanparty/lancache.nix>
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix> # <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
@ -121,13 +122,11 @@
]; ];
makefu.server.primary-itf = "wlp3s0"; makefu.server.primary-itf = "wlp3s0";
makefu.full-populate = true;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
# configure pulseAudio to provide a HDMI sink as well # configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
networking.firewall.allowedUDPPorts = [ 665 26061 ]; networking.firewall.allowedUDPPorts = [ 665 26061 ];
networking.firewall.trustedInterfaces = [ "vboxnet0" ]; networking.firewall.trustedInterfaces = [ "vboxnet0" ];
@ -144,14 +143,25 @@
# avoid full boot dir # avoid full boot dir
boot.loader.grub.configurationLimit = 3; boot.loader.grub.configurationLimit = 3;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; environment.systemPackages = [ pkgs.passwdqc-utils ];
# environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; }; # environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
state = [ state = [
"/home/makefu/stockholm" "/home/makefu/stockholm"
"/home/makefu/backup/borgun" "/home/makefu/.ssh/"
"/home/makefu/.mail/" "/home/makefu/.zsh_history"
"/home/makefu/.bash_history"
"/home/makefu/.zshrc"
"/home/makefu/bin"
"/home/makefu/.gnupg"
"/home/makefu/.imapfilter"
"/home/makefu/.mutt"
"/home/makefu/docs"
"/home/makefu/.password-store"
"/home/makefu/.secrets-pass"
"/home/makefu/autosync/Database.kdb"
]; ];
services.syncthing.user = lib.mkForce "makefu"; services.syncthing.user = lib.mkForce "makefu";
services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/"; services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
} }

52
makefu/2configs/backup.nix
View file

@ -1,52 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
# preparation:
# mkdir -p defaultBackupDir/host.name/src
# as root on omo:
# ssh-copy-id root@src
startAt = "0,6,12,18:00";
defaultBackupServer = config.krebs.hosts.omo;
defaultBackupDir = "/home/backup";
defaultPull = host: src: {
method = "pull";
src = {
inherit host;
path = src;
};
dst = {
host = defaultBackupServer;
path = "${defaultBackupDir}/${host.name}${src}";
};
startAt = "0,6,12,18:00";
snapshots = {
hourly = { format = "%Y-%m-%dT%H"; retain = 4; };
daily = { format = "%Y-%m-%d"; retain = 7; };
weekly = { format = "%YW%W"; retain = 4; };
monthly = { format = "%Y-%m"; retain = 12; };
yearly = { format = "%Y"; };
};
};
in {
krebs.backup.plans = {
# wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )//
{
dst.path = "/media/cryptX/backup/gum/var-download";
dst.host = defaultBackupServer;
startAt = "19:00";
};
gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )//
{
dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de";
dst.host = defaultBackupServer;
startAt = "05:00";
};
# wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/";
};
environment.systemPackages = [
pkgs.borgbackup
];
}

11
makefu/2configs/backup/server.nix Normal file
View file

@ -0,0 +1,11 @@
{lib, ... }:
let
hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh );
in {
# TODO: for all enabled machines
services.borgbackup.repos = lib.genAttrs hosts (host: {
authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ];
path = "/var/lib/borgbackup/${host}";
user = "borg-${host}";
}) ;
}

1
makefu/2configs/backup/ssh/gum.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x

1
makefu/2configs/backup/ssh/nextgum.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x

1
makefu/2configs/backup/ssh/omo.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x

1
makefu/2configs/backup/ssh/x.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x

25
makefu/2configs/backup/state.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, ... }:
# back up all state
let
sec = toString <secrets>;
sshkey = sec + "/borg.priv";
phrase = sec + "/borg.pw";
in
{
services.borgbackup.jobs.state = {
repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:.";
paths = config.state;
encryption = {
mode = "repokey";
passCommand = "cat ${phrase}";
};
environment.BORG_RSH = "ssh -i ${sshkey}";
prune.keep =
{ daily = 7;
weekly = 4;
monthly = -1; # Keep at least one archive for each month
};
compression = "auto,lzma";
startAt = "daily";
};
}

5
makefu/2configs/bepasty-dual.nix
View file

@ -32,6 +32,11 @@ in {
"paste.${config.krebs.build.host.name}" "paste.${config.krebs.build.host.name}"
"paste.r" "paste.r"
]; ];
extraConfig = ''
if ( $server_addr = "${external-ip}" ) {
return 403;
}
'';
}; };
defaultPermissions = "admin,list,create,read,delete"; defaultPermissions = "admin,list,create,read,delete";
secretKeyFile = secKey; secretKeyFile = secKey;

2
makefu/2configs/bluetooth-mpd.nix
View file

@ -57,6 +57,8 @@ in {
load-module module-filter-heuristics load-module module-filter-heuristics
load-module module-filter-apply load-module module-filter-apply
load-module module-switch-on-connect load-module module-switch-on-connect
load-module module-equalizer-sink
load-module module-dbus-protocol
#load-module module-bluez5-device #load-module module-bluez5-device
#load-module module-bluez5-discover #load-module module-bluez5-discover
''; '';

3
makefu/2configs/dcpp/airdcpp.nix
View file

@ -44,5 +44,6 @@
''; '';
}; };
state = map (f: "${config.krebs.airdcpp.stateDir}/${f}")
[ "Favorites.xml" "DCPlusPlus.xml" "WebServer.xml" "Recents.xml" "IgnoredUsers.xml" ];
} }

159
makefu/2configs/deployment/bureautomation/hass.nix
View file

@ -11,6 +11,11 @@ let
payload_available= "Online"; payload_available= "Online";
payload_not_available= "Offline"; payload_not_available= "Offline";
}; };
tasmota_stecki = name: topic:
( tasmota_plug name topic) //
{ state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
};
espeasy_dht22 = name: [ espeasy_dht22 = name: [
{ platform = "mqtt"; { platform = "mqtt";
name = "${name} DHT22 Temperature"; name = "${name} DHT22 Temperature";
@ -38,9 +43,6 @@ let
}; };
in { in {
networking.firewall.allowedTCPPorts = [ 8123 ]; networking.firewall.allowedTCPPorts = [ 8123 ];
nixpkgs.config.permittedInsecurePackages = [
"homeassistant-0.65.5"
];
services.home-assistant = { services.home-assistant = {
enable = true; enable = true;
@ -48,6 +50,9 @@ in {
homeassistant = { homeassistant = {
name = "Bureautomation"; name = "Bureautomation";
time_zone = "Europe/Berlin"; time_zone = "Europe/Berlin";
latitude = "48.8265";
longitude = "9.0676";
elevation = 303;
}; };
mqtt = { mqtt = {
@ -72,7 +77,7 @@ in {
switch = [ switch = [
(tasmota_plug "Bauarbeiterlampe" "plug") (tasmota_plug "Bauarbeiterlampe" "plug")
(tasmota_plug "Blitzdings" "plug2") (tasmota_plug "Blitzdings" "plug2")
(tasmota_plug "Fernseher" "plug3") (tasmota_stecki "Fernseher" "fernseher")
(tasmota_plug "Pluggy" "plug4") (tasmota_plug "Pluggy" "plug4")
]; ];
binary_sensor = [ binary_sensor = [
@ -96,26 +101,140 @@ in {
sensorid = "5341"; sensorid = "5341";
monitored_conditions = [ "P1" "P2" ]; monitored_conditions = [ "P1" "P2" ];
} }
{ platform = "influxdb";
queries = [ { platform = "darksky";
{ name = "mean value of feinstaub P1"; api_key = lib.removeSuffix "\n"
where = '' "node" = 'esp8266-1355142' ''; (builtins.readFile <secrets/hass/darksky.apikey>);
measurement = "feinstaub"; language = "de";
database = "telegraf"; monitored_conditions = [ "summary" "icon"
field = "P1"; "nearest_storm_distance" "precip_probability"
} "precip_intensity"
{ name = "mean value of feinstaub P2"; "temperature" # "temperature_high" "temperature_low"
where = '' "node" = 'esp8266-1355142' ''; "apparent_temperature"
measurement = "feinstaub"; "hourly_summary" # next 24 hours text
database = "telegraf"; "minutely_summary"
field = "P2"; "humidity"
} "pressure"
]; "uv_index" ];
units = "si" ;
update_interval = {
days = 0;
hours = 0;
minutes = 30;
seconds = 0;
};
}
#{ platform = "influxdb";
# queries = [
# { name = "mean value of feinstaub P1";
# where = '' "node" = 'esp8266-1355142' '';
# measurement = "feinstaub";
# database = "telegraf";
# field = "P1";
# }
# { name = "mean value of feinstaub P2";
# where = '' "node" = 'esp8266-1355142' '';
# measurement = "feinstaub";
# database = "telegraf";
# field = "P2";
# }
# ];
#}
];
camera = [
{ name = "Baumarkt";
platform = "generic";
still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt
}
{ name = "Autobahn Heilbronn";
platform = "generic";
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ;
}
{ name = "Autobahn Singen";
platform = "generic";
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ;
} }
]; ];
frontend = { }; frontend = { };
http = { }; http = { };
feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; conversation = {};
history = {};
logbook = {};
tts = [ { platform = "google";} ];
recorder = {};
group =
{ default_view =
{ view = "yes";
entities = [
"group.sensors"
"group.outside"
"group.switches"
"group.automation"
"group.camera"
];
};
automation = [
"automation.turn_off_fernseher_10_minutes_after_last_movement"
];
switches = [
"switch.bauarbeiterlampe"
"switch.blitzdings"
"switch.fernseher"
"switch.pluggy"
];
camera = [
"camera.Baumarkt"
"camera.Autobahn_Heilbronn"
"camera.Autobahn_Singen"
];
sensors = [
"binary_sensor.motion"
"sensor.easy2_dht22_humidity"
"sensor.easy2_dht22_temperature"
];
outside = [
"sensor.ditzingen_pm10"
"sensor.ditzingen_pm25"
"sensor.dark_sky_temperature"
"sensor.dark_sky_humidity"
"sensor.dark_sky_pressure"
"sensor.dark_sky_hourly_summary"
"sensor.dark_sky_minutely_summary"
];
};
# only for automation
# feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
automation = [
{ alias = "Turn on Fernseher on movement";
trigger = {
platform = "state";
entity_id = "binary_sensor.motion";
to = "on";
};
action = {
service= "homeassistant.turn_on";
entity_id= "switch.fernseher";
};
}
{ alias = "Turn off Fernseher 10 minutes after last movement";
trigger = {
platform = "state";
entity_id = "binary_sensor.motion";
to = "off";
for.minutes = 10;
};
action = {
service= "homeassistant.turn_off";
entity_id= "switch.fernseher";
};
condition = [{
condition = "time";
before = "06:30:00"; #only turn off between 6:30 and 18:00
after = "18:00:00";
weekday = [ "mon" "tue" "wed" "thu" "fri" ];
}];
}
];
}; };
}; };
} }

67
makefu/2configs/deployment/bureautomation/home.nix
View file

@ -1,67 +0,0 @@
{ pkgs, lib, ... }:
let
firetv = "192.168.1.238";
in {
systemd.services.firetv = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody";
ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
};
};
services.home-assistant = {
#panel_iframe:
#configurator:
# title: Configurator
# icon: mdi:wrench
# url: http://hassio.local:3218
# sensor:
# - platform: random
enable = true;
config = {
homeassistant = {
name = "Bureautomation";
time_zone = "Europe/Berlin";
};
panel_iframe = {
euer_blog = {
title = "Euer Blog";
icon = "mdi:wrench";
url = "https://euer.krebsco.de";
};
};
media_player = [
{ platform = "kodi";
host = firetv;
}
{ platform = "firetv";
# assumes python-firetv running
}
];
sensor = [
{
platform = "luftdaten";
name = "Shack 1";
sensorid = "50";
monitored_conditions = [ "P1" "P2" ];
}
{
platform = "luftdaten";
name = "Shack 2";
sensorid = "658";
monitored_conditions = [ "P1" "P2" ];
}
{
platform = "luftdaten";
name = "Ditzingen";
sensorid = "5341";
monitored_conditions = [ "P1" "P2" ];
}
{ platform = "random"; }
];
frontend = { };
http = { };
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
};
};
}

9
makefu/2configs/deployment/bureautomation/mpd.nix Normal file
View file

@ -0,0 +1,9 @@
{lib,pkgs, ... }:
{
systemd.services."ympd-wbob" = {
description = "mpd ";
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host localhost --port 6600 --webport 8866 --user nobody";
};
}

5
makefu/2configs/deployment/graphs.nix
View file

@ -6,11 +6,6 @@ let
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
hn = config.krebs.build.host.name; hn = config.krebs.build.host.name;
in { in {
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
if ( $server_addr = "${external-ip}" ) {
return 403;
}
'';
krebs.tinc_graphs = { krebs.tinc_graphs = {
enable = true; enable = true;
nginx = { nginx = {

177
makefu/2configs/deployment/homeautomation/default.nix
View file

@ -1,9 +1,60 @@
{ pkgs, config, ... }: { pkgs, lib, config, ... }:
# Ideas: # Ideas:
## wake-on-lan server ## wake-on-lan server
## ##
let let
tasmota_rgb = name: topic:
# LED WS2812b
# effect_state_topic: "stat/led/Scheme"
# effect_command_topic: "cmnd/led/Scheme"
# effect_value_template: "{{ value_json.Scheme }}"
{ platform = "mqtt";
inherit name;
retain = false;
qos = 1;
optimistic = false;
# state
# TODO: currently broken, will not use the custom state topic
#state_topic = "/ham/${topic}/stat/POWER";
state_topic = "/ham/${topic}/stat/POWER";
command_topic = "/ham/${topic}/cmnd/POWER";
availability_topic = "/ham/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
# brightness
brightness_state_topic = "/ham/${topic}/stat/Dimmer";
brightness_command_topic = "/ham/${topic}/cmnd/Dimmer";
brightness_value_template = "{{ value_json.Dimmer }}";
brightness_scale = 100;
# color
rgb_state_topic = "/ham/${topic}/stat/Color";
rgb_command_topic = "/ham/${topic}/cmnd/Color2";
rgb_command_mode = "hex";
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
# effects
effect_state_topic = "/ham/${topic}/stat/Scheme";
effect_command_topic = "/ham/${topic}/cmnd/Scheme";
effect_value_template = "{{ value_json.Scheme }}";
effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ];
};
# switchmode 1 - also toggle power
# switchtopic flurlicht
tasmota_motion = name: topic:
{ platform = "mqtt";
device_class = "motion";
inherit name;
# TODO: currently broken, will not use the custom state topic
state_topic = "/ham/${topic}/stat/POWER";
payload_on = "ON";
payload_off = "OFF";
availability_topic = "/ham/${topic}/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
};
firetv = "192.168.1.238"; firetv = "192.168.1.238";
tasmota_plug = name: topic: tasmota_plug = name: topic:
{ platform = "mqtt"; { platform = "mqtt";
@ -36,20 +87,31 @@ let
unit_of_measurement = "hPa"; unit_of_measurement = "hPa";
} }
]; ];
tasmota_am2301 = name: topic:
[ { platform = "mqtt";
name = "${name} Temperatur";
state_topic = "/ham/${topic}/tele/SENSOR";
value_template = "{{ value_json.AM2301.Temperature }}";
unit_of_measurement = "°C";
}
{ platform = "mqtt";
name = "${name} Luftfeuchtigkeit";
state_topic = "/ham/${topic}/tele/SENSOR";
value_template = "{{ value_json.AM2301.Humidity }}";
unit_of_measurement = "%";
}
];
in { in {
imports = [ imports = [
./mqtt.nix ./mqtt.nix
]; ];
systemd.services.firetv = { #systemd.services.firetv = {
wantedBy = [ "multi-user.target" ]; # wantedBy = [ "multi-user.target" ];
serviceConfig = { # serviceConfig = {
User = "nobody"; # User = "nobody";
ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; # ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
}; # };
}; #};
nixpkgs.config.permittedInsecurePackages = [
"homeassistant-0.65.5"
];
services.home-assistant = { services.home-assistant = {
config = { config = {
homeassistant = { homeassistant = {
@ -58,7 +120,7 @@ in {
longitude = "9.2478"; longitude = "9.2478";
elevation = 247; elevation = 247;
}; };
discovery = {}; #discovery = {};
conversation = {}; conversation = {};
history = {}; history = {};
logbook = {}; logbook = {};
@ -71,16 +133,16 @@ in {
{ platform = "kodi"; { platform = "kodi";
host = firetv; host = firetv;
} }
{ platform = "firetv"; #{ platform = "firetv";
# assumes python-firetv running # # assumes python-firetv running
} #}
]; ];
mqtt = { mqtt = {
broker = "localhost"; broker = "localhost";
port = 1883; port = 1883;
client_id = "home-assistant"; client_id = "home-assistant";
username = "hass"; username = "hass";
password = builtins.readFile <secrets/mqtt/hass>; password = lib.removeSuffix "\n" (builtins.readFile <secrets/mqtt/hass>);
keepalive = 60; keepalive = 60;
protocol = 3.1; protocol = 3.1;
birth_message = { birth_message = {
@ -96,43 +158,100 @@ in {
retain = true; retain = true;
}; };
}; };
binary_sensor = [
(tasmota_motion "Flur Bewegung" "flurlicht")
];
sensor = [ sensor = [
{ platform = "speedtest"; # broken
monitored_conditions = [ "ping" "download" "upload" ]; #{ platform = "speedtest";
} # monitored_conditions = [ "ping" "download" "upload" ];
#}
{ platform = "luftdaten"; { platform = "luftdaten";
name = "Ditzingen"; name = "Wangen";
sensorid = "663"; sensorid = "663";
monitored_conditions = [ "P1" "P2" ]; monitored_conditions = [ "P1" "P2" ];
} }
# https://www.home-assistant.io/cookbook/automation_for_rainy_days/ # https://www.home-assistant.io/cookbook/automation_for_rainy_days/
{ platform = "darksky"; { platform = "darksky";
api_key = "c73619e6ea79e553a585be06aacf3679"; api_key = lib.removeSuffix "\n"
(builtins.readFile <secrets/hass/darksky.apikey>);
language = "de"; language = "de";
monitored_conditions = [ "summary" "icon" monitored_conditions = [ "summary" "icon"
"nearest_storm_distance" "precip_probability" "nearest_storm_distance" "precip_probability"
"precip_intensity" "precip_intensity"
"temperature" # "temperature_high" "temperature_low" "temperature"
"apparent_temperature"
"hourly_summary" "hourly_summary"
"humidity"
"pressure"
"uv_index" ]; "uv_index" ];
units = "si" ; units = "si" ;
update_interval = { update_interval = {
days = 0; days = 0;
hours = 0; hours = 0;
minutes = 10; minutes = 30;
seconds = 0; seconds = 0;
}; };
} }
] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer"); ]
++ (tasmota_bme "Schlafzimmer" "schlafzimmer")
++ (tasmota_am2301 "Arbeitszimmer" "arbeitszimmer");
frontend = { }; frontend = { };
#group = [ group =
# { default_view = { view = "yes"; entities = [ { default_view =
# "sensor.luftdaten" { view = "yes";
# ]} entities = [
#]; "group.flur"
"group.schlafzimmer"
"group.draussen"
"group.wohnzimmer"
"group.arbeitszimmer"
];
};
flur = [
"light.flurlicht"
"binary_sensor.flur_bewegung"
];
wohnzimmer = [
"media_player.kodi"
];
draussen = [
"sensor.dark_sky_temperature"
"sensor.dark_sky_hourly_summary"
"sensor.wangen_pm10"
"sensor.wangen_pm25"
];
schlafzimmer = [
"sensor.schlafzimmer_temperatur"
"sensor.schlafzimmer_luftdruck"
"sensor.schlafzimmer_luftfeuchtigkeit"
"switch.lichterkette_schlafzimmer"
];
arbeitszimmer = [
"switch.strom_staubsauger"
"sensor.arbeitszimmer_temperatur"
"sensor.arbeitszimmer_luftfeuchtigkeit"
];
};
http = { }; http = { };
switch = [ switch = [
(tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer") (tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer")
(tasmota_plug "Strom Staubsauger" "arbeitszimmer")
];
light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ];
automation = [
{ alias = "Staubsauger Strom aus nach 6h";
trigger = {
platform = "state";
entity_id = "switch.strom_staubsauger";
to = "on";
for.hours = 6;
};
action = {
service= "homeassistant.turn_off";
entity_id= "switch.strom_staubsauger";
};
}
]; ];
}; };
enable = true; enable = true;

1
makefu/2configs/git/cgit-retiolum.nix
View file

@ -41,6 +41,7 @@ let
autosync = { }; autosync = { };
fenkins = { }; fenkins = { };
pass = { }; pass = { };
secrets = { };
}; };
connector-repos = mapAttrs make-priv-repo { connector-repos = mapAttrs make-priv-repo {

4
makefu/2configs/gui/base.nix
View file

@ -66,7 +66,7 @@ in
cat |derp <<EOF cat |derp <<EOF
XTerm*background: black XTerm*background: black
XTerm*foreground: white XTerm*foreground: white
XTerm*FaceName : xft:xos4 Terminus:pixelsize=11 XTerm*FaceName : xft:Terminus:pixelsize=12
URxvt*termName: rxvt URxvt*termName: rxvt
URxvt*saveLines: 10000 URxvt*saveLines: 10000
@ -78,7 +78,7 @@ in
URxvt.background: black URxvt.background: black
URxvt.urgentOnBell: true URxvt.urgentOnBell: true
URxvt.visualBell: false URxvt.visualBell: false
URxvt.font : xft:xos4 Terminus:size=11 URxvt.font : xft:Terminus:size=12
! blue ! blue

32
makefu/2configs/gui/wbob-kiosk.nix
View file

@ -4,22 +4,38 @@
imports = [ imports = [
./base.nix ./base.nix
]; ];
users.users.makefu.packages = [ pkgs.chromium ]; users.users.makefu = {
packages = [ pkgs.chromium ];
extraGroups = [ "audio" "pulse" ];
};
services.xserver = { services.xserver = {
layout = lib.mkForce "de";
xkbVariant = lib.mkForce "";
windowManager = lib.mkForce { windowManager = lib.mkForce {
awesome.enable = false; awesome.enable = false;
default = "none"; default = "none";
}; };
desktopManager.xfce.enable = true; desktopManager.xfce = {
extraSessionCommands = ''
${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms
${pkgs.xlibs.xrandr}/bin/xrandr --output HDMI2 --right-of HDMI1
'';
enable = true;
};
# xrandrHeads = [ "HDMI1" "HDMI2" ]; # xrandrHeads = [ "HDMI1" "HDMI2" ];
# prevent screen from turning off, disable dpms # prevent screen from turning off, disable dpms
displayManager.sessionCommands = ''
xset -display :0 s off -dpms
xrandr --output HDMI2 --right-of HDMI1
'';
}; };
systemd.services.xset-off = {
after = [ "display-manager.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms";
RemainAfterExit = "yes";
TimeoutSec = "5s";
RestartSec="5s";
Restart = "on-failure";
};
};
} }

8
makefu/2configs/home-manager/cli.nix
View file

@ -1,12 +1,18 @@
{ {pkgs, ... }: {
home-manager.users.makefu = { home-manager.users.makefu = {
services.gpg-agent = { services.gpg-agent = {
enable = true;
defaultCacheTtl = 900; defaultCacheTtl = 900;
maxCacheTtl = 7200; maxCacheTtl = 7200;
defaultCacheTtlSsh = 3600; defaultCacheTtlSsh = 3600;
maxCacheTtlSsh = 86400; maxCacheTtlSsh = 86400;
enableSshSupport = true; enableSshSupport = true;
enableScDaemon = true;
}; };
programs.fzf.enable = true; # alt-c programs.fzf.enable = true; # alt-c
}; };
services.udev.packages = [
pkgs.libu2f-host
pkgs.yubikey-personalization
];
} }

3
makefu/2configs/home-manager/default.nix
View file

@ -4,4 +4,7 @@
]; ];
home-manager.users.makefu = { home-manager.users.makefu = {
}; };
environment.variables = {
GTK_DATA_PREFIX = "/run/current-system/sw";
};
} }

52
makefu/2configs/home-manager/desktop.nix
View file

@ -1,31 +1,43 @@
{pkgs, ... }: { { pkgs, lib, ... }:
{
home-manager.users.makefu = { home-manager.users.makefu = {
programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
programs.firefox.enable = true;
services.network-manager-applet.enable = true; services.network-manager-applet.enable = true;
systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
services.blueman-applet.enable = true; services.blueman-applet.enable = true;
services.pasystray.enable = true; services.pasystray.enable = true;
systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) );
systemd.user.services.network-manager-applet.Service.Environment = '' programs.chromium = {
XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache enable = true;
''; extensions = [
systemd.user.services.clipit = { "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
Unit = { "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
Description = "clipboard manager"; # "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold
After = [ "graphical-session-pre.target" ]; "fpnmgdkabkmnadcjpehmlllkndpkmiak" # wayback machine
PartOf = [ "graphical-session.target" ]; "gcknhkkoolaabfmlnjonogaaifnjlfnp" # foxyproxy
"abkfbakhjpmblaafnpgjppbmioombali" # memex
"kjacjjdnoddnpbbcjilcajfhhbdhkpgk" # forest
];
}; };
Install = { systemd.user.services.clipit = {
WantedBy = [ "graphical-session.target" ]; Unit = {
}; Description = "clipboard manager";
After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ];
};
Service = { Install = {
Environment = '' WantedBy = [ "graphical-session.target" ];
XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache };
'';
ExecStart = "${pkgs.clipit}/bin/clipit"; Service = {
Restart = "on-abort"; Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
ExecStart = "${pkgs.clipit}/bin/clipit";
Restart = "on-abort";
};
}; };
}; };
};
} }

3
makefu/2configs/home-manager/mail.nix
View file

@ -1,5 +1,6 @@
{ {
home-manager.users.makefu = { home-manager.users.makefu = {
accounts.email.maildirBasePath = "/home/makefu/Mail";
accounts.email.accounts.syntaxfehler = { accounts.email.accounts.syntaxfehler = {
address = "felix.richter@syntax-fehler.de"; address = "felix.richter@syntax-fehler.de";
userName = "Felix.Richter@syntax-fehler.de"; userName = "Felix.Richter@syntax-fehler.de";
@ -27,7 +28,7 @@
}; };
primary = true; primary = true;
realName = "Felix Richter"; realName = "Felix Richter";
passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg"; passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.gnupg/mail/syntax-fehler.gpg";
}; };
programs.offlineimap.enable = true; programs.offlineimap.enable = true;
programs.offlineimap.extraConfig = { programs.offlineimap.extraConfig = {

5
makefu/2configs/hw/bluetooth.nix
View file

@ -1,9 +1,7 @@
{ pkgs, ... }: { pkgs, ... }:
{ # bluetooth+pulse config { # bluetooth+pulse config
# for blueman-applet # for blueman-applet
users.users.makefu.packages = [ users.users.makefu.packages = [ pkgs.blueman ];
pkgs.blueman
];
hardware.pulseaudio = { hardware.pulseaudio = {
enable = true; enable = true;
package = pkgs.pulseaudioFull; package = pkgs.pulseaudioFull;
@ -39,4 +37,5 @@
Enable=Source,Sink,Media,Socket Enable=Source,Sink,Media,Socket
''; '';
}; };
services.dbus.packages = [ pkgs.blueman ];
} }

3
makefu/2configs/hw/network-manager.nix
View file

@ -27,4 +27,7 @@
powersave = true; powersave = true;
scanRandMacAddress = true; scanRandMacAddress = true;
}; };
state = [
"/etc/NetworkManager/system-connections" #NM stateful config files
];
} }

10
makefu/2configs/hw/switch.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, lib, pkgs, ... }:
{
users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "plugdev" ];
services.udev.extraRules = ''
SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev"
'';
}

12
makefu/2configs/laptop-backup.nix
View file

@ -1,12 +0,0 @@
{config, lib, pkgs, ... }:
{
systemd.user.services.duply-secrets = {
description = "run daily secrets backup";
startAt = "daily";
serviceConfig = {
Type = "oneshot";
ExecStart = "{pkgs.duply}/bin/duply omo-secrets backup";
};
};
}

1
makefu/2configs/nginx/euer.blog.nix
View file

@ -39,4 +39,5 @@ in {
}; };
}; };
}; };
state = [ base-dir ];
} }

1
makefu/2configs/nginx/euer.wiki.nix
View file

@ -21,6 +21,7 @@ let
tw-pass-file = "${sec}/tw-pass.ini"; tw-pass-file = "${sec}/tw-pass.ini";
in { in {
state = [ base-dir ];
services.phpfpm = { services.phpfpm = {
# phpfpm does not have an enable option # phpfpm does not have an enable option
poolConfigs = { poolConfigs = {

10
makefu/2configs/printer.nix
View file

@ -5,11 +5,11 @@ let
in { in {
services.printing = { services.printing = {
enable = true; enable = true;
drivers = [ drivers = with pkgs; [
pkgs.samsungUnifiedLinuxDriver samsungUnifiedLinuxDriver
pkgs.cups-dymo # dymo labelwriter cups-dymo # dymo labelwriter
pkgs.foo2zjs # magicolor 1690mf foo2zjs # magicolor 1690mf
pkgs.zj-58 cups-zj-58
]; ];
}; };

19
makefu/2configs/rtorrent.nix
View file

@ -1,19 +0,0 @@
_:
let
listenPort = 60123;
xml-port = 5000;
authfile = <torrent-secrets/authfile>;
in {
makefu.rtorrent = {
enable = true;
web = {
enable = true;
enableAuth = true;
inherit authfile;
};
rutorrent.enable = true;
enableXMLRPC = true;
logLevel = "debug";
inherit listenPort;
};
}

4
makefu/2configs/deployment/events-publisher/default.nix → makefu/2configs/shack/events-publisher/default.nix
View file

@ -2,8 +2,8 @@
with import <stockholm/lib>; with import <stockholm/lib>;
let let
shack-announce = pkgs.callPackage (builtins.fetchTarball { shack-announce = pkgs.callPackage (builtins.fetchTarball {
url = "https://github.com/makefu/events-publisher/archive/c5218195e6afdc646cb7682d8f355a7ec2b90716.tar.gz"; url = "https://github.com/makefu/events-publisher/archive/670f4d7182a41b6763296e301612499d2986f213.tar.gz";
sha256 = "0xk74q7gah3l5zy3bkvih3k9fr1hclvf71rm3ixcmslhicl7khav"; sha256 = "1yf9cb08v4rc6x992yx5lcyn62sm3p8i2b48rsmr4m66xdi4bpnd";
}) {} ; }) {} ;
home = "/var/lib/shackannounce"; home = "/var/lib/shackannounce";
user = "shackannounce"; user = "shackannounce";

31
makefu/2configs/shack/gitlab-runner/default.nix Normal file
View file

@ -0,0 +1,31 @@
{
systemd.services.gitlab-runner.path = [
"/run/wrappers" # /run/wrappers/bin/su
"/" # /bin/sh
];
services.gitlab-runner = {
enable = true;
configOptions =
{ concurrent = 1;
runners = [
{ builds_dir = "";
#docker =
#{ cache_dir = "";
# disable_cache = true;
# host = ""; image = "nixos/nix:2.1.3";
# privileged = true;
#};
#executor = "docker";
# name = "docker-nix";
name = "gum-shell";
executor = "shell";
environment = [ "PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" ];
# generate via `gitlab-runner register`
token = import <secrets/shackspace-gitlab-ci-token.nix>;
url = "https://git.shackspace.de/";
}
];
};
};
}

2
makefu/2configs/stats/arafetch.nix
View file

@ -27,12 +27,14 @@ in {
systemd.services.arafetch = { systemd.services.arafetch = {
startAt = "Mon,Wed,Fri 09:15:00"; startAt = "Mon,Wed,Fri 09:15:00";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
environment = { environment = {
OUTDIR = home; OUTDIR = home;
}; };
path = [ pkg pkgs.git pkgs.wget ]; path = [ pkg pkgs.git pkgs.wget ];
serviceConfig = { serviceConfig = {
User = "arafetch"; User = "arafetch";
Restart = "always";
WorkingDirectory = home; WorkingDirectory = home;
PrivateTmp = true; PrivateTmp = true;
ExecStart = pkgs.writeDash "start-weekrun" '' ExecStart = pkgs.writeDash "start-weekrun" ''

11
makefu/2configs/taskd.nix Normal file
View file

@ -0,0 +1,11 @@
{config, ... }:
{
services.taskserver.enable = true;
services.taskserver.fqdn = config.krebs.build.host.name;
services.taskserver.listenHost = "::";
services.taskserver.organisations.home.users = [ "makefu" ];
networking.firewall.extraCommands = ''
iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
'';
}

2
makefu/2configs/tools/android-pentest.nix
View file

@ -9,7 +9,7 @@
dex2jar dex2jar
apktool apktool
jd-gui jd-gui
android-studio # android-studio
jdk jdk
jre jre
openssl openssl

2
makefu/2configs/tools/desktop.nix
View file

@ -3,7 +3,7 @@
{ {
users.users.makefu.packages = with pkgs; [ users.users.makefu.packages = with pkgs; [
taskwarrior taskwarrior
pass (pass.withExtensions (ext: [ ext.pass-otp ]))
gopass gopass
mutt mutt
weechat weechat

1
makefu/2configs/tools/extra-gui.nix
View file

@ -6,7 +6,6 @@
gimp gimp
inkscape inkscape
libreoffice libreoffice
quodlibet
# skype # skype
synergy synergy
tdesktop tdesktop

4
makefu/2configs/tools/media.nix
View file

@ -7,10 +7,12 @@
vlc vlc
mumble mumble
mplayer mplayer
quodlibet quodlibet # exfalso
plowshare plowshare
streamripper streamripper
youtube-dl youtube-dl
pulseeffects
]; ];
} }

2
makefu/2configs/tools/mobility.nix
View file

@ -7,6 +7,8 @@
rclone rclone
exfat exfat
(pkgs.callPackage ./secrets.nix {}) (pkgs.callPackage ./secrets.nix {})
opensc pcsctools libu2f-host
]; ];
# boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];

2
makefu/2configs/tools/secrets.nix
View file

@ -1,7 +1,7 @@
{ pass, write, writeDash, ... }: { pass, write, writeDash, ... }:
write "secrets" { write "secrets" {
"/bin/secrets".link = writeDash "brain" '' "/bin/secrets".link = writeDash "secrets" ''
PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \
exec ${pass}/bin/pass $@ exec ${pass}/bin/pass $@
''; '';

20
makefu/2configs/torrent.nix
View file

@ -3,12 +3,11 @@
with import <stockholm/lib>; with import <stockholm/lib>;
let let
daemon-user = "tor";
basicAuth = import <torrent-secrets/auth.nix>; basicAuth = import <torrent-secrets/auth.nix>;
peer-port = 51412; peer-port = 51412;
web-port = 8112; web-port = 8112;
daemon-port = 58846; daemon-port = 58846;
base-dir = config.makefu.dl-dir; base-dir = config.krebs.rtorrent.workDir;
in { in {
users.users = { users.users = {
@ -23,17 +22,6 @@ in {
}; };
}; };
# todo: race condition, do this after download user has been created
system.activationScripts."download-dir-chmod" = ''
for i in finished watch; do
if test ! -d $i;then
mkdir -p "${base-dir}/$i"
chown rtorrent:download "${base-dir}/$i"
chmod 775 "${base-dir}/$i"
fi
done
'';
users.extraGroups = { users.extraGroups = {
download = { download = {
gid = lib.mkDefault (genid "download"); gid = lib.mkDefault (genid "download");
@ -57,15 +45,17 @@ in {
rutorrent.enable = true; rutorrent.enable = true;
enableXMLRPC = true; enableXMLRPC = true;
listenPort = peer-port; listenPort = peer-port;
downloadDir = base-dir + "/finished"; downloadDir = config.makefu.dl-dir;
watchDir = base-dir + "/watch";
# dump old torrents into watch folder to have them re-added # dump old torrents into watch folder to have them re-added
}; };
services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; };
networking.firewall.extraCommands = '' networking.firewall.extraCommands = ''
iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
''; '';
networking.firewall.allowedTCPPorts = [ peer-port ]; networking.firewall.allowedTCPPorts = [ peer-port ];
networking.firewall.allowedUDPPorts = [ peer-port ]; networking.firewall.allowedUDPPorts = [ peer-port ];
state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded
} }

21
makefu/2configs/virtualisation/virtualbox.nix
View file

@ -1,26 +1,9 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let {
mainUser = config.krebs.build.user;
vboxguestpkg = lib.stdenv.mkDerivation rec {
name = "Virtualbox-Extensions-${version}-${rev}";
version = "5.0.20";
rev = "106931";
src = pkgs.fetchurl {
url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
};
};
in {
virtualisation.virtualbox.host.enable = true; virtualisation.virtualbox.host.enable = true;
nixpkgs.config.virtualbox.enableExtensionPack = true; nixpkgs.config.virtualbox.enableExtensionPack = true;
virtualisation.virtualbox.host.enableHardening = false; virtualisation.virtualbox.host.enableHardening = false;
users.extraGroups.vboxusers.members = [ "${mainUser.name}" ]; users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ];
nixpkgs.config.packageOverrides = super: {
boot.kernelPackages.virtualbox = super.boot.kernelPackages.virtualbox.override {
buildInputs = super.boot.kernelPackages.virtualBox.buildInputs
++ [ vboxguestpkg ];
};
};
} }

44
makefu/5pkgs/4nxci/default.nix → makefu/5pkgs/_4nxci/default.nix
View file

@ -1,33 +1,31 @@
{ stdenv, lib, fetchFromGitHub, mbedtls, python2 }: { stdenv, lib, fetchFromGitHub, mbedtls, python2, perl }:
let let
version = "1.35";
mymbedtls = lib.overrideDerivation mbedtls (old: rec {
name = "mbedtls-${version}";
version = "2.13.0";
src = fetchFromGitHub {
owner = "ARMmbed";
repo = "mbedtls";
rev = name;
sha256 = "1257kp7yxkwwbx5v14kmrmgk1f9zagiddg5alm4wbj0pmgbrm14j";
};
buildInputs = old.buildInputs ++ [ python2 ];
postConfigure = ''
perl scripts/config.pl set MBEDTLS_CMAC_C
'';
doCheck = false;
});
in stdenv.mkDerivation rec {
name = "4nxci-${version}";
version = "1.30";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "The-4n"; owner = "The-4n";
repo = "4NXCI"; repo = "4NXCI";
rev = "v${version}"; rev = "v${version}";
sha256 = "0nrd19z88iahxcdx468lzgxlvkl65smwx8f9s19431cszyhvpxyh"; sha256 = "0yq0irxzi4wi71ajw8ld01zfpkrgknpq7g3m76pbnwmdzkm7dra6";
}; };
mymbedtls = stdenv.mkDerivation {
name = "mbedtls-${version}";
version = "2.6.1";
doCheck = false;
inherit src;
buildInputs = [ perl ];
phases = [ "unpackPhase" "buildPhase" "installPhase" ];
makeFlags = [ "DESTDIR=$(out)" ];
buildPhase = ''
cp config.mk.template config.mk
cd mbedtls
make
'';
};
in stdenv.mkDerivation rec {
name = "4nxci-${version}";
inherit src version;
buildPhase = '' buildPhase = ''
cp config.mk.template config.mk cp config.mk.template config.mk
sed -i 's#\(INCLUDE =\).*#\1${mymbedtls}/include#' Makefile sed -i 's#\(INCLUDE =\).*#\1${mymbedtls}/include#' Makefile

6
makefu/5pkgs/awesomecfg/full.cfg
View file

@ -572,9 +572,9 @@ local os = {
do do
local cmds = local cmds =
{ {
"@networkmanagerapplet@/bin/nm-applet", -- "@networkmanagerapplet@/bin/nm-applet",
"@blueman@/bin/blueman-applet", -- "@blueman@/bin/blueman-applet",
"@clipit@/bin/clipit" -- "@clipit@/bin/clipit"
} }
for _,i in pairs(cmds) do for _,i in pairs(cmds) do

95
makefu/5pkgs/cozy-audiobooks/default.nix
View file

@ -1,95 +0,0 @@
{ stdenv, fetchFromGitHub
, ninja
, boost
, meson
, pkgconfig
, wrapGAppsHook
, appstream-glib
, desktop-file-utils
, gtk3
, glib
, gst_all_1
, gobjectIntrospection
, python3Packages
, file
, cairo , sqlite , gettext
, gnome3
}:
let
peewee = with python3Packages; buildPythonPackage rec {
# https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/python-peewee
pname = "peewee";
version = "3.6.4";
src = fetchPypi {
inherit pname version;
sha256 = "1fi4z9n86ri79gllwav0gv3hmwipzmkvivzfyszfqn9fi5zpp3ak";
};
doCheck = false;
checkPhase = ''
python runtests.py
'';
buildInputs = [
cython
sqlite
# psycopg2
# mysql-connector
];
meta.license = stdenv.lib.licenses.mit;
};
in
stdenv.mkDerivation rec {
name = "cozy-${version}";
version = "0.6.0";
src = fetchFromGitHub {
owner = "geigi";
repo = "cozy";
rev = version;
sha256 = "1afl3qsn9h4k8fgp63z0ab9p5ashrg3g936a9rh3i9qydv6s3srd";
};
postPatch = ''
chmod +x data/meson_post_install.py
patchShebangs data/meson_post_install.py
substituteInPlace cozy/magic/magic.py --replace "ctypes.util.find_library('magic')" "'${file}/lib/libmagic${stdenv.hostPlatform.extensions.sharedLibrary}'"
'';
postInstall = ''
wrapProgram $out/bin/com.github.geigi.cozy \
--prefix PYTHONPATH : "$PYTHONPATH:$(toPythonPath $out)"
'';
wrapPrefixVariables = [ "PYTHONPATH" ];
nativeBuildInputs = [
meson ninja pkgconfig
wrapGAppsHook
appstream-glib
desktop-file-utils
gobjectIntrospection
];
buildInputs = with gst_all_1; [ gtk3 glib
gstreamer gst-plugins-good gst-plugins-ugly gst-plugins-base cairo gettext
gnome3.defaultIconTheme gnome3.gsettings-desktop-schemas
]
++ (with python3Packages; [
python gst-python pygobject3 dbus-python mutagen peewee magic
]);
checkPhase = ''
ninja test
'';
meta = with stdenv.lib; {
description = ''
A modern audio book player for Linux using GTK+ 3
'';
maintainers = [ maintainers.makefu ];
license = licenses.mit;
};
}

12
makefu/5pkgs/custom/inkscape/dxf_fix.patch
View file

@ -1,12 +0,0 @@
--- ./share/extensions/dxf_outlines.py 2017-10-08 17:28:45.553368917 +0200
+++ ./share/extensions/dxf_outlines.py.new 2017-10-08 17:29:20.172554152 +0200
@@ -341,7 +341,7 @@
if not scale:
scale = 25.4/96 # if no scale is specified, assume inch as baseunit
scale /= self.unittouu('1px')
- h = self.unittouu(self.document.getroot().xpath('@height', namespaces=inkex.NSS)[0])
+ h = self.unittouu(self.documentHeight())
self.groupmat = [[[scale, 0.0, 0.0], [0.0, -scale, h*scale]]]
doc = self.document.getroot()
self.process_group(doc)

3
makefu/5pkgs/default.nix
View file

@ -30,9 +30,6 @@ in {
qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { }; qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { };
inherit (callPackage ./devpi {}) devpi-web ; inherit (callPackage ./devpi {}) devpi-web ;
nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {}; nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {};
inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: {
patches = [ ./custom/inkscape/dxf_fix.patch ];
});
} }
// (mapAttrs (_: flip callPackage {}) // (mapAttrs (_: flip callPackage {})

32
makefu/5pkgs/esniper/default.nix
View file

@ -1,32 +0,0 @@
{ stdenv, fetchurl , openssl, curl, coreutils, gawk, bash, which }:
stdenv.mkDerivation rec {
name = "${pname}-2-35-0";
pname = "esniper";
version = "2.35.0";
src = fetchurl {
url = "mirror://sourceforge/${pname}/${name}.tgz";
sha256 = "04iwjb42lw90c03125bjdpnm0fp78dmwf2j35r7mah0nwcrlagd9";
};
buildInputs = [ openssl curl ];
# Add support for CURL_CA_BUNDLE variable.
# Fix <http://sourceforge.net/p/esniper/bugs/648/>.
patches = [ ./find-ca-bundle.patch ];
postInstall = ''
sed <"frontends/snipe" >"$out/bin/snipe" \
-e "2i export PATH=\"$out/bin:${stdenv.lib.makeBinPath [ coreutils gawk bash which ]}:\$PATH\""
chmod 555 "$out/bin/snipe"
'';
meta = with stdenv.lib; {
description = "Simple, lightweight tool for sniping eBay auctions";
homepage = http://esniper.sourceforge.net;
license = licenses.gpl2;
maintainers = with maintainers; [ lovek323 peti ];
platforms = platforms.all;
};
}

26
makefu/5pkgs/esniper/find-ca-bundle.patch
View file

@ -1,26 +0,0 @@
diff -ubr '--exclude=*.o' esniper-2-27-0-orig/http.c esniper-2-27-0-patched/http.c
--- esniper-2-27-0-orig/http.c 2012-02-06 22:04:06.000000000 +0100
+++ esniper-2-27-0-patched/http.c 2012-07-27 10:54:20.893054646 +0200
@@ -200,6 +200,9 @@
int
initCurlStuff(void)
{
+ /* Path to OpenSSL bundle file. */
+ const char *ssl_capath=NULL;
+
/* list for custom headers */
struct curl_slist *slist=NULL;
@@ -241,6 +244,12 @@
if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_COOKIEFILE, "")))
return initCurlStuffFailed();
+ /* If the environment variable CURL_CA_BUNDLE is set, pass through its
+ * contents to curl. */
+ if ((ssl_capath = getenv("CURL_CA_BUNDLE")))
+ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_CAINFO, ssl_capath)))
+ return initCurlStuffFailed();
+
slist = curl_slist_append(slist, "Accept: text/*");
slist = curl_slist_append(slist, "Accept-Language: en");
slist = curl_slist_append(slist, "Accept-Charset: iso-8859-1,*,utf-8");

45
makefu/5pkgs/ifdnfc/default.nix
View file

@ -1,45 +0,0 @@
{ stdenv, fetchFromGitHub , pkgconfig
, pcsclite
, autoreconfHook
, libnfc
}:
stdenv.mkDerivation rec {
name = "ifdnfc-${version}";
version = "2016-03-01";
src = fetchFromGitHub {
owner = "nfc-tools";
repo = "ifdnfc";
rev = "0e48e8e";
sha256 = "1cxnvhhlcbm8h49rlw5racspb85fmwqqhd3gzzpzy68vrs0b37vg";
};
nativeBuildInputs = [ pkgconfig autoreconfHook ];
buildInputs = [ pcsclite libnfc ];
configureFlags = [ "--prefix=$(out)" ];
makeFlags = [ "DESTDIR=/" "usbdropdir=$(out)/pcsc/drivers" ];
meta = with stdenv.lib; {
description = "PC/SC IFD Handler based on libnfc";
long_description =
'' libnfc Interface Plugin to be used in <code>services.pcscd.plugins</code>.
It provides support for all readers which are not supported by ccid but by libnfc.
For activating your reader you need to run
<code>ifdnfc-activate yes<code> with this package in your
<code>environment.systemPackages</code>
To use your reader you may need to blacklist your reader kernel modules:
<code>boot.blacklistedKernelModules = [ "pn533" "pn533_usb" "nfc" ];</code>
Supports the pn533 smart-card reader chip which is for example used in
the SCM SCL3711.
'';
homepage = https://github.com/nfc-tools/ifdnfc;
license = licenses.gpl3;
platforms = platforms.linux;
maintainers = with maintainers; [ makefu ];
};
}

36
makefu/5pkgs/jd-gui/default.nix
View file

@ -1,36 +0,0 @@
{ stdenv, lib, pkgs, fetchurl, jre, makeWrapper, unzip }:
stdenv.mkDerivation rec {
name = "${packageName}-${version}";
packageName = "jd-gui";
version = "1.4.0";
src = fetchurl {
url = "https://github.com/java-decompiler/jd-gui/releases/download/v${version}/${name}.jar";
sha256 = "0rvbplkhafb6s9aiwgcq4ffz4bvzyp7q511pd46hx4ahhzfg7lmx";
};
nativeBuildInputs = [ makeWrapper unzip ];
phases = [ "installPhase" ];
installPhase = ''
f=$out/lib/jd-gui/
bin=$out/bin
name=$(basename $src)
mkdir -p $f $bin
# fixup path to java
cp $src $f
cat > $bin/jd-gui <<EOF
#!/bin/sh
exec ${pkgs.jre}/bin/java -jar $f/$name \$@
EOF
chmod +x $bin/jd-gui
'';
meta = {
homepage = https://github.com/java-decompiler/jd-gui;
description = "A standalone Java Decompiler GUI";
license = lib.licenses.gpl3;
};
}

24
makefu/5pkgs/mcomix/default.nix
View file

@ -1,24 +0,0 @@
{ pkgs, lib ,python2Packages, fetchurl, gtk3}:
python2Packages.buildPythonPackage rec {
name = "mcomix-${version}";
version = "1.2.1";
src = fetchurl {
url = "mirror://sourceforge/mcomix/${name}.tar.bz2";
sha256 = "0fzsf9pklhfs1rzwzj64c0v30b74nk94p93h371rpg45qnfiahvy";
};
propagatedBuildInputs = with python2Packages;
[ python2Packages.pygtk gtk3 python2Packages.pillow ];
# for module in sys.modules.itervalues():
# RuntimeError: dictionary changed size during iteration
doCheck = false;
meta = {
homepage = https://github.com/pyload/pyload;
description = "Free and Open Source download manager written in Python";
license = lib.licenses.gpl3;
maintainers = with lib.maintainers; [ makefu ];
};
}

36
makefu/5pkgs/ns-atmosphere-programmer/default.nix Normal file
View file

@ -0,0 +1,36 @@
{ stdenv, fetchzip
, makeWrapper
, autoPatchelfHook
, xlibs
, gnome3
, libpng12
}:
stdenv.mkDerivation rec {
name = "ns-atmosphere-programmer-${version}";
version = "0.1";
src = fetchzip {
url = "http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-linux-v01.zip";
sha256 = "0g2fxbirgi0lm0mi69cmknqj7626fxjkwn98bqx5pcalxplww8k0";
};
buildInputs = with xlibs; [ libX11 libXxf86vm libSM gnome3.gtk libpng12 ];
nativeBuildInputs = [ autoPatchelfHook makeWrapper ];
installPhase = ''
install -D -m755 NS-Atmosphere-Programmer-Linux-v0.1/NS-Atmosphere $out/bin/NS-Atmosphere
wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
--suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share'
'';
dontStrip = true;
meta = with stdenv.lib; {
description = "Payload programmer for ns-atmosphere injector";
homepage = http://www.ns-atmosphere.com;
maintainers = [ maintainers.makefu ];
platforms = platforms.linux;
license = with licenses; [ unfree ];
};
}

24
makefu/5pkgs/switch-launcher/default.nix Normal file
View file

@ -0,0 +1,24 @@
{ lib, pkgs, python3Packages, ... }:
with python3Packages; buildPythonPackage rec {
name = "nodemcu-uploader-${version}";
version = "0.1.0";
src = pkgs.fetchFromGitHub {
owner = "ksmit799";
repo = "switch-launcher";
rev = version;
sha256 = "0j24dwiqqjiks59s8gilnplsls130mp1jssg2rpjrvj0jg0w52zz";
};
propagatedBuildInputs = [
pyusb
];
meta = {
homepage = https://github.com/ksmit799/switch-launcher;
description = "Desktop switch payload launcher based on a modified reswitched injector";
license = lib.licenses.bsd3;
};
}

64
makefu/5pkgs/targetcli/default.nix Normal file
View file

@ -0,0 +1,64 @@
{ pkgs, fetchFromGitHub, ... }:
with pkgs.python2Packages;
let
version = "2.1";
rtslib = buildPythonPackage rec {
pname = "rtslib";
inherit version;
src = fetchFromGitHub {
owner = "datera";
repo = "rtslib";
rev = version;
sha256 = "1d58k9i4xigfqgycyismsqzkz65ssjdri2v9fg0wpica1klyyv22";
};
propagatedBuildInputs = [ ipaddr netifaces configobj ];
};
configshell = buildPythonPackage rec {
pname = "configshell";
version = "1.6";
src = fetchFromGitHub {
owner = "datera";
repo = "configshell";
rev = version;
sha256 = "14n7xbcaicsvwajv1aihz727dlkn6zfaqjbnn7mcpns83c2hms7y";
};
propagatedBuildInputs = [ pyparsing ];
};
tcm-py = buildPythonPackage rec {
pname = "tcm-py";
version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
src = fetchFromGitHub {
owner = "datera";
repo = "lio-utils";
rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0";
} + "/tcm-py";
propagatedBuildInputs = [ ];
};
lio-py = buildPythonPackage rec {
pname = "lio-py";
version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
src = fetchFromGitHub {
owner = "datera";
repo = "lio-utils";
rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0";
} + "/lio-py";
propagatedBuildInputs = [ ];
};
in buildPythonApplication rec {
pname = "targetcli";
inherit version;
propagatedBuildInputs = [ rtslib configshell lio-py tcm-py ];
src = fetchFromGitHub {
owner = "datera";
repo = "targetcli";
rev = version;
sha256 = "10nax7761g93qzky01y3hra8i4s11cgyy9w5w6l8781lj21lgi3d";
};
}

30
makefu/5pkgs/zj-58/default.nix
View file

@ -1,30 +0,0 @@
{stdenv, fetchFromGitHub, cups}:
stdenv.mkDerivation rec {
name = "cups-zj58-2018-02-22";
src = fetchFromGitHub {
owner = "klirichek";
repo = "zj-58";
rev = "e4212cd";
sha256 = "1w2qkspm4qqg5h8n6gmakzhiww7gag64chvy9kf89xsl3wsyp6pi";
};
buildInputs = [cups];
installPhase = ''
mkdir -p $out/lib/cups/filter
cp rastertozj $out/lib/cups/filter
mkdir -p $out/share/cups/model/zjiang
cp ZJ-58.ppd $out/share/cups/model/zjiang/
'';
meta = {
description = "CUPS filter for thermal printer Zjiang ZJ-58";
homepage = https://github.com/klirichek/zj-58;
platforms = stdenv.lib.platforms.linux;
};
}

2
makefu/krops.nix
View file

@ -69,7 +69,7 @@
(lib.mkIf ( host-src.home-manager ) { (lib.mkIf ( host-src.home-manager ) {
home-manager.git = { home-manager.git = {
url = https://github.com/rycee/home-manager; url = https://github.com/rycee/home-manager;
ref = "6eea2a4"; ref = "f947faf";
}; };
}) })
]; ];

6
makefu/nixpkgs.json
View file

@ -1,7 +1,7 @@
{ {
"url": "https://github.com/makefu/nixpkgs", "url": "https://github.com/makefu/nixpkgs",
"rev": "8f991294288b27b9dec05cc1e07ec6a360bb39c8", "rev": "86fb1e9ae6ba6dfedc814b82abd8db5cfa4f4687",
"date": "2018-08-06T14:29:01+02:00", "date": "2018-10-07T23:33:42+02:00",
"sha256": "0zan8kdjk1pwdzm1rwc3ka87k11j0zmw4mdnj70r6pm38x2fa9n6", "sha256": "015yxs3qj299mgqfmz5vgszj2gxqwazifsdsjw6xadris3ri41d3",
"fetchSubmodules": true "fetchSubmodules": true
} }

1
nin/0tests/dummysecrets/hashedPasswords.nix
View file

@ -1 +0,0 @@
{}

0
nin/0tests/dummysecrets/ssh.id_ed25519
View file

132
nin/1systems/axon/config.nix
View file

@ -1,132 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
with lib;
{
imports = [
<stockholm/nin>
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
#../2configs/copyq.nix
<stockholm/nin/2configs/ableton.nix>
<stockholm/nin/2configs/games.nix>
<stockholm/nin/2configs/git.nix>
<stockholm/nin/2configs/retiolum.nix>
<stockholm/nin/2configs/termite.nix>
];
krebs.build.host = config.krebs.hosts.axon;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/pool/root";
fsType = "ext4";
};
fileSystems."/tmp" =
{ device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "ext2";
};
boot.initrd.luks.devices.crypted.device = "/dev/sda2";
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda";
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
# nin config
time.timeZone = "Europe/Berlin";
services.xserver = {
enable = true;
displayManager.lightdm.enable = true;
};
networking.networkmanager.enable = true;
#networking.wireless.enable = true;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
hardware.bluetooth.enable = true;
hardware.opengl.driSupport32Bit = true;
#nixpkgs.config.steam.java = true;
environment.systemPackages = with pkgs; [
atom
chromium
firefox
git
htop
keepassx
lmms
networkmanagerapplet
openvpn
python
ruby
steam
taskwarrior
thunderbird
vim
virtmanager
];
nixpkgs.config = {
allowUnfree = true;
};
#services.logind.extraConfig = "HandleLidSwitch=ignore";
services.xserver.synaptics = {
enable = true;
};
services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xhost}/bin/xhost + local:
'';
services.xserver.desktopManager.xfce = let
xbindConfig = pkgs.writeText "xbindkeysrc" ''
"${pkgs.pass}/bin/passmenu --type"
Control + p
'';
in {
enable = true;
extraSessionCommands = ''
${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
'';
};
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
}

126
nin/1systems/hiawatha/config.nix
View file

@ -1,126 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
with lib;
{
imports = [
<stockholm/nin>
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
#../2configs/copyq.nix
<stockholm/nin/2configs/games.nix>
<stockholm/nin/2configs/git.nix>
<stockholm/nin/2configs/retiolum.nix>
<stockholm/nin/2configs/termite.nix>
];
krebs.build.host = config.krebs.hosts.hiawatha;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e";
fsType = "ext4";
};
fileSystems."/tmp" =
{ device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/home" =
{ device = "/dev/fam/home";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010";
fsType = "ext2";
};
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda";
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
fileSystems."/home/nin/.local/share/Steam" = {
device = "/dev/fam/steam";
};
# nin config
time.timeZone = "Europe/Berlin";
services.xserver.enable = true;
networking.networkmanager.enable = true;
#networking.wireless.enable = true;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
hardware.bluetooth.enable = true;
hardware.opengl.driSupport32Bit = true;
#nixpkgs.config.steam.java = true;
environment.systemPackages = with pkgs; [
firefox
git
lmms
networkmanagerapplet
python
steam
thunderbird
vim
virtmanager
];
nixpkgs.config = {
allowUnfree = true;
};
#services.logind.extraConfig = "HandleLidSwitch=ignore";
services.xserver.synaptics = {
enable = true;
};
services.xserver.desktopManager.xfce = let
xbindConfig = pkgs.writeText "xbindkeysrc" ''
"${pkgs.pass}/bin/passmenu --type"
Control + p
'';
in {
enable = true;
extraSessionCommands = ''
${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
'';
};
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
}

23
nin/1systems/onondaga/config.nix
View file

@ -1,23 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/nin>
<stockholm/nin/2configs/retiolum.nix>
<stockholm/nin/2configs/weechat.nix>
<stockholm/nin/2configs/git.nix>
];
krebs.build.host = config.krebs.hosts.onondaga;
boot.isContainer = true;
networking.useDHCP = false;
time.timeZone = "Europe/Amsterdam";
services.openssh.enable = true;
}

20
nin/2configs/ableton.nix
View file

@ -1,20 +0,0 @@
{ config, pkgs, ... }: let
mainUser = config.users.extraUsers.nin;
in {
users.users= {
ableton = {
isNormalUser = true;
extraGroups = [
"audio"
"video"
];
packages = [
pkgs.wine
pkgs.winetricks
];
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(ableton) NOPASSWD: ALL
'';
}

38
nin/2configs/copyq.nix
View file

@ -1,38 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
copyqConfig = pkgs.writeDash "copyq-config" ''
${pkgs.copyq}/bin/copyq config check_clipboard true
${pkgs.copyq}/bin/copyq config check_selection true
${pkgs.copyq}/bin/copyq config copy_clipboard true
${pkgs.copyq}/bin/copyq config copy_selection true
${pkgs.copyq}/bin/copyq config activate_closes true
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
${pkgs.copyq}/bin/copyq config disable_tray true
${pkgs.copyq}/bin/copyq config hide_tabs true
${pkgs.copyq}/bin/copyq config hide_toolbar true
${pkgs.copyq}/bin/copyq config item_popup_interval true
${pkgs.copyq}/bin/copyq config maxitems 1000
${pkgs.copyq}/bin/copyq config move true
${pkgs.copyq}/bin/copyq config text_wrap true
'';
in {
systemd.user.services.copyq = {
after = [ "graphical.target" ];
wants = [ "graphical.target" ];
wantedBy = [ "default.target" ];
environment = {
DISPLAY = ":0";
};
serviceConfig = {
SyslogIdentifier = "copyq";
ExecStart = "${pkgs.copyq}/bin/copyq";
ExecStartPost = copyqConfig;
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
};
};
}

173
nin/2configs/default.nix
View file

@ -1,173 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
../2configs/vim.nix
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
(import <secrets/hashedPasswords.nix>);
}
{
users.users = {
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
config.krebs.users.nin_h.pubkey
];
};
nin = {
name = "nin";
uid = 1337;
home = "/home/nin";
group = "users";
createHome = true;
useDefaultShell = true;
extraGroups = [
"audio"
"fuse"
];
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
config.krebs.users.nin_h.pubkey
];
};
};
}
{
environment.variables = {
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
};
}
(let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
environment.variables = {
CURL_CA_BUNDLE = ca-bundle;
GIT_SSL_CAINFO = ca-bundle;
SSL_CERT_FILE = ca-bundle;
};
})
];
networking.hostName = config.krebs.build.host.name;
nix.maxJobs = config.krebs.build.host.cores;
krebs = {
enable = true;
search-domain = "r";
build = {
user = config.krebs.users.nin;
};
};
nix.useSandbox = true;
users.mutableUsers = false;
services.timesyncd.enable = true;
#why is this on in the first place?
services.nscd.enable = false;
boot.tmpOnTmpfs = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
EDITOR=vim
'';
nixpkgs.config.allowUnfree = true;
environment.shellAliases = {
gs = "git status";
};
environment.systemPackages = with pkgs; [
#stockholm
git
gnumake
jq
proot
pavucontrol
populate
p7zip
termite
unzip
unrar
hashPassword
];
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
HISTSIZE=65536
HISTFILESIZE=$HISTSIZE
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
'';
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]$PWD\[\033[0m\] '
elif test $UID = 1337; then
PS1='\[\033[1;32m\]$PWD\[\033[0m\] '
else
PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] '
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
fi
'';
};
services.openssh = {
enable = true;
hostKeys = [
# XXX bits here make no science
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
krebs.iptables = {
enable = true;
tables = {
nat.PREROUTING.rules = [
{ predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
];
nat.OUTPUT.rules = [
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
];
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
];
};
};
networking.dhcpcd.extraConfig = ''
noipv4ll
'';
}

60
nin/2configs/git.nix
View file

@ -1,60 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
out = {
services.nginx.enable = true;
krebs.git = {
enable = true;
cgit = {
settings = {
root-title = "public repositories at ${config.krebs.build.host.name}";
root-desc = "keep calm and engage";
};
};
repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
rules = rules;
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
];
};
repos = public-repos;
rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo {
stockholm = {
cgit.desc = "take all the computers hostage, they'll love you!";
};
};
make-public-repo = name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
};
make-rules =
with git // config.krebs.users;
repo:
singleton {
user = [ nin nin_h ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
user = attrValues config.krebs.users;
repo = [ repo ];
perm = fetch;
} ++
optional (length (repo.collaborators or []) > 0) {
user = repo.collaborators;
repo = [ repo ];
perm = fetch;
};
in out

19
nin/2configs/im.nix
View file

@ -1,19 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
environment.systemPackages = with pkgs; [
(pkgs.writeDashBin "im" ''
export PATH=${makeSearchPath "bin" (with pkgs; [
tmux
gnugrep
weechat
])}
ssh chat@onondaga
if tmux list-sessions -F\#S | grep -q '^im''$'; then
exec tmux attach -t im
else
exec tmux new -s im weechat
fi
'')
];
}

28
nin/2configs/retiolum.nix
View file

@ -1,28 +0,0 @@
{ ... }:
{
krebs.iptables = {
tables = {
filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
{ predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
];
};
};
krebs.tinc.retiolum = {
enable = true;
connectTo = [
"prism"
"pigstarter"
"gum"
"flap"
];
};
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
}

27
nin/2configs/skype.nix
View file

@ -1,27 +0,0 @@
{ config, lib, pkgs, ... }:
let
mainUser = config.users.extraUsers.nin;
inherit (import <stockholm/lib>) genid;
in {
users.extraUsers = {
skype = {
name = "skype";
uid = genid "skype";
description = "user for running skype";
home = "/home/skype";
useDefaultShell = true;
extraGroups = [ "audio" "video" ];
createHome = true;
};
};
krebs.per-user.skype.packages = [
pkgs.skype
];
security.sudo.extraConfig = ''
${mainUser.name} ALL=(skype) NOPASSWD: ALL
'';
}

22
nin/2configs/termite.nix
View file

@ -1,22 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = [
pkgs.termite
];
krebs.per-user.nin.packages = let
termitecfg = pkgs.writeTextFile {
name = "termite-config";
destination = "/etc/xdg/termite/config";
text = ''
[colors]
foreground = #d0d7d0
background = #000000
'';
};
in [
termitecfg
];
}

355
nin/2configs/vim.nix
View file

@ -1,355 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
out = {
environment.systemPackages = [
vim
pkgs.pythonPackages.flake8
];
environment.etc.vimrc.source = vimrc;
environment.variables.EDITOR = mkForce "vim";
environment.variables.VIMINIT = ":so /etc/vimrc";
};
vimrc = pkgs.writeText "vimrc" ''
set nocompatible
set autoindent
set backspace=indent,eol,start
set backup
set backupdir=${dirs.backupdir}/
set directory=${dirs.swapdir}//
set hlsearch
set incsearch
set laststatus=2
set mouse=a
set noruler
set pastetoggle=<INS>
set runtimepath=${extra-runtimepath},$VIMRUNTIME
set shortmess+=I
set showcmd
set showmatch
set ttimeoutlen=0
set undodir=${dirs.undodir}
set undofile
set undolevels=1000000
set undoreload=1000000
set viminfo='20,<1000,s100,h,n${files.viminfo}
set visualbell
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
set wildmenu
set wildmode=longest,full
set et ts=2 sts=2 sw=2
filetype plugin indent on
set t_Co=256
colorscheme hack
syntax on
au Syntax * syn match Garbage containedin=ALL /\s\+$/
\ | syn match TabStop containedin=ALL /\t\+/
\ | syn keyword Todo containedin=ALL TODO
au BufRead,BufNewFile *.hs so ${hs.vim}
au BufRead,BufNewFile *.nix so ${nix.vim}
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
"Syntastic config
let g:syntastic_python_checkers=['flake8']
nmap <esc>q :buffer
nmap <M-q> :buffer
cnoremap <C-A> <Home>
noremap <C-c> :q<cr>
vnoremap < <gv
vnoremap > >gv
nnoremap <esc>[5^ :tabp<cr>
nnoremap <esc>[6^ :tabn<cr>
nnoremap <esc>[5@ :tabm -1<cr>
nnoremap <esc>[6@ :tabm +1<cr>
nnoremap <f1> :tabp<cr>
nnoremap <f2> :tabn<cr>
inoremap <f1> <esc>:tabp<cr>
inoremap <f2> <esc>:tabn<cr>
" <C-{Up,Down,Right,Left>
noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
noremap <esc>Od <nop> | noremap! <esc>Od <nop>
" <[C]S-{Up,Down,Right,Left>
noremap <esc>[a <nop> | noremap! <esc>[a <nop>
noremap <esc>[b <nop> | noremap! <esc>[b <nop>
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
vnoremap u <nop>
'';
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
pkgs.vimPlugins.Syntastic
pkgs.vimPlugins.undotree
pkgs.vimPlugins.airline
(pkgs.vimUtils.buildVimPlugin {
name = "file-line-1.0";
src = pkgs.fetchgit {
url = git://github.com/bogado/file-line;
rev = "refs/tags/1.0";
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
};
})
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "hack";
in {
name = "vim-color-${name}-1.0.2";
destination = "/colors/${name}.vim";
text = /* vim */ ''
set background=dark
hi clear
if exists("syntax_on")
syntax clear
endif
let colors_name = ${toJSON name}
hi Normal ctermbg=235
hi Comment ctermfg=242
hi Constant ctermfg=062
hi Identifier ctermfg=068
hi Function ctermfg=041
hi Statement ctermfg=167
hi PreProc ctermfg=167
hi Type ctermfg=041
hi Delimiter ctermfg=251
hi Special ctermfg=062
hi Garbage ctermbg=088
hi TabStop ctermbg=016
hi Todo ctermfg=174 ctermbg=NONE
hi NixCode ctermfg=148
hi NixData ctermfg=149
hi NixQuote ctermfg=150
hi diffNewFile ctermfg=207
hi diffFile ctermfg=207
hi diffLine ctermfg=207
hi diffSubname ctermfg=207
hi diffAdded ctermfg=010
hi diffRemoved ctermfg=009
'';
})))
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "vim";
in {
name = "vim-syntax-${name}-1.0.0";
destination = "/syntax/${name}.vim";
text = /* vim */ ''
${concatMapStringsSep "\n" (s: /* vim */ ''
syn keyword vimColor${s} ${s}
\ containedin=ALLBUT,vimComment,vimLineComment
hi vimColor${s} ctermfg=${s}
'') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
'';
})))
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "showsyntax";
in {
name = "vim-plugin-${name}-1.0.0";
destination = "/plugin/${name}.vim";
text = /* vim */ ''
if exists('g:loaded_showsyntax')
finish
endif
let g:loaded_showsyntax = 0
fu! ShowSyntax()
let id = synID(line("."), col("."), 1)
let name = synIDattr(id, "name")
let transName = synIDattr(synIDtrans(id),"name")
if name != transName
let name .= " (" . transName . ")"
endif
echo "Syntax: " . name
endfu
command! -n=0 -bar ShowSyntax :call ShowSyntax()
'';
})))
];
dirs = {
backupdir = "$HOME/.cache/vim/backup";
swapdir = "$HOME/.cache/vim/swap";
undodir = "$HOME/.cache/vim/undo";
};
files = {
viminfo = "$HOME/.cache/vim/info";
};
mkdirs = let
dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
in assert out != ""; out;
alldirs = attrValues dirs ++ map dirOf (attrValues files);
in unique (sort lessThan alldirs);
vim = pkgs.writeDashBin "vim" ''
set -efu
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
exec ${pkgs.vim}/bin/vim "$@"
'';
hs.vim = pkgs.writeText "hs.vim" ''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
hi link ConId Identifier
hi link VarId Identifier
hi link hsDelimiter Delimiter
'';
nix.vim = pkgs.writeText "nix.vim" ''
setf nix
" Ref <nix/src/libexpr/lexer.l>
syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
syn match NixINT /\<[0-9]\+\>/
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
syn region NixSTRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
syn region NixIND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
syn match NixOther /[():/;=.,?\[\]]/
syn match NixCommentMatch /\(^\|\s\)#.*/
syn region NixCommentRegion start="/\*" end="\*/"
hi link NixCode Statement
hi link NixData Constant
hi link NixComment Comment
hi link NixCommentMatch NixComment
hi link NixCommentRegion NixComment
hi link NixID NixCode
hi link NixINT NixData
hi link NixPATH NixData
hi link NixHPATH NixData
hi link NixSPATH NixData
hi link NixURI NixData
hi link NixSTRING NixData
hi link NixIND_STRING NixData
hi link NixEnter NixCode
hi link NixOther NixCode
hi link NixQuote NixData
syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
syn cluster nix_ind_strings contains=NixIND_STRING
syn cluster nix_strings contains=NixSTRING
${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
startAlts = filter isString [
''/\* ${lang} \*/''
extraStart
];
sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
in /* vim */ ''
syn include @nix_${lang}_syntax syntax/${lang}.vim
unlet b:current_syntax
syn match nix_${lang}_sigil
\ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
\ transparent
syn region nix_${lang}_region_STRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn region nix_${lang}_region_IND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn cluster nix_ind_strings
\ add=nix_${lang}_region_IND_STRING
syn cluster nix_strings
\ add=nix_${lang}_region_STRING
syn cluster nix_has_dollar_curly
\ add=@nix_${lang}_syntax
'') {
c = {};
cabal = {};
haskell = {};
sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
vim.extraStart =
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
})}
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
syn clear shVarAssign
syn region nixINSIDE_DOLLAR_CURLY
\ matchgroup=NixEnter
\ start="[$]{"
\ end="}"
\ contains=TOP
\ containedin=@nix_has_dollar_curly
\ transparent
syn region nix_inside_curly
\ matchgroup=NixEnter
\ start="{"
\ end="}"
\ contains=TOP
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
\ transparent
syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
\ containedin=@nix_ind_strings
\ contained
syn match NixQuote /\\./he=s+1
\ containedin=@nix_strings
\ contained
syn sync fromstart
let b:current_syntax = "nix"
set isk=@,48-57,_,192-255,-,'
set bg=dark
'';
in
out

21
nin/2configs/weechat.nix
View file

@ -1,21 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (import <stockholm/lib>) genid;
in {
krebs.per-user.chat.packages = with pkgs; [
mosh
weechat
tmux
];
users.extraUsers.chat = {
home = "/home/chat";
uid = genid "chat";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
];
};
}

7
nin/default.nix
View file

@ -1,7 +0,0 @@
_:
{
imports = [
../krebs
./2configs
];
}