diff options
| author | tv <tv@krebsco.de> | 2018-07-17 20:22:52 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2018-07-17 20:22:52 +0200 |
| commit | 3dedfb8de4dc7e741f4db5310739884fba68b5bd (patch) | |
| tree | 25e2955462d2998afe04356128f9d464d1b40b52 | |
| parent | 75aa3b118b6c74b2e87ccf7e3da53aa06fa7d569 (diff) | |
| parent | 74698c904460db569a3c6c8355c0b25a94c98800 (diff) | |
Merge remote-tracking branch 'prism/master'
55 files changed, 1028 insertions, 172 deletions
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index c5f8101ea..371a7052d 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -11,8 +11,22 @@ <stockholm/jeschli/2configs/xserver> ]; - boot.loader.systemd-boot.enable = true; +# boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot"; + boot.loader.grub = { + devices = [ "nodev" ]; + efiSupport = true; + enable = true; + extraEntries = '' + menuentry "Debian" { + insmod ext2 + insmod chain + chainloader /EFI/debian/grubx64.efi + } + ''; + version = 2; + }; jeschliFontSize = 20; @@ -56,7 +70,6 @@ sqlite # internet thunderbird - hipchat chromium google-chrome # programming languages @@ -78,6 +91,7 @@ texlive.combined.scheme-full pandoc redis + vagrant # document viewer zathura ]; @@ -92,14 +106,25 @@ services.printing.enable = true; services.printing.drivers = [ pkgs.postscript-lexmark ]; - # Enable the X11 windowing system. - services.xserver.videoDrivers = [ "nvidia" ]; + services.redis.enable = true; + + services.xserver = { + + desktopManager.session = lib.mkForce []; + + enable = true; + display = 11; + tty = 11; + + dpi = 200; + + videoDrivers = [ "nvidia" ]; + synaptics = { + enable = false; + }; + + }; -# services.xserver.windowManager.xmonad.enable = true; -# services.xserver.windowManager.xmonad.enableContribAndExtras = true; -# services.xserver.displayManager.sddm.enable = true; -# services.xserver.dpi = 100; -# fonts.fontconfig.dpi = 100; users.extraUsers.jeschli = { isNormalUser = true; diff --git a/jeschli/1systems/bln/dcso-vpn.nix b/jeschli/1systems/bln/dcso-vpn.nix new file mode 100644 index 000000000..0a5623bf0 --- /dev/null +++ b/jeschli/1systems/bln/dcso-vpn.nix @@ -0,0 +1,44 @@ +with import <stockholm/lib>; +{ ... }: + +{ + + users.extraUsers = { + dcsovpn = rec { + name = "dcsovpn"; + uid = genid "dcsovpn"; + description = "user for running dcso openvpn"; + home = "/home/${name}"; + }; + }; + + users.extraGroups.dcsovpn.gid = genid "dcsovpn"; + + services.openvpn.servers = { + dcso = { + config = '' + client + dev tun + tun-mtu 1356 + mssfix + proto udp + float + remote 217.111.55.41 1194 + nobind + user dcsovpn + group dcsovpn + persist-key + persist-tun + ca ${toString <secrets/dcsovpn/ca.pem>} + cert ${toString <secrets/dcsovpn/cert.pem>} + key ${toString <secrets/dcsovpn/cert.key>} + verb 3 + mute 20 + auth-user-pass ${toString <secrets/dcsovpn/login.txt>} + route-method exe + route-delay 2 + ''; + updateResolvConf = true; + }; + }; +} diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 49f439a06..5a6ad7652 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -1,5 +1,5 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { imports = [ <stockholm/jeschli> @@ -8,6 +8,7 @@ <stockholm/jeschli/2configs/emacs.nix> <stockholm/jeschli/2configs/xdg.nix> <stockholm/jeschli/2configs/xserver> + <stockholm/jeschli/2configs/virtualbox.nix> ]; krebs.build.host = config.krebs.hosts.brauerei; @@ -24,9 +25,10 @@ preLVM = true; allowDiscards = true; } ]; - # networking.hostName = "nixos"; +# networking.hostName = "brauerei"; # Define your hostname. - networking.wireless.enable = true; +# networking.wireless.enable = true; + networking.networkmanager.enable = true; # Enables wireless support via wpa_supplicant. # Select internationalisation properties. # i18n = { @@ -66,12 +68,25 @@ chromium google-chrome # programming languages + elixir + elmPackages.elm exercism go gcc ghc python35 python35Packages.pip + (vagrant.override { + bundlerEnv = bundlerEnv.override { + bundler = bundler.overrideAttrs (old: { + name = "bundler-1.16.1"; + src = fetchurl { + url = "https://rubygems.org/gems/bundler-1.16.1.gem"; + sha256 = "1s2nq4qnffxg3kwrk7cnwxcvfihlhxm9absl2l6d3qckf3sy1f22"; + }; + }); + }; + }) # go tools golint gotools @@ -84,6 +99,7 @@ jetbrains.webstorm jetbrains.goland # document viewer + evince zathura # xorg xorg.xbacklight @@ -100,33 +116,29 @@ # Enable the OpenSSH daemon. services.openssh.enable = true; - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; + services.xserver = { - # Enable CUPS to print documents. - # services.printing.enable = true; + # Don't install feh into systemPackages + # refs <nixpkgs/nixos/modules/services/x11/desktop-managers> + desktopManager.session = lib.mkForce []; - # Enable the X11 windowing system. - # services.xserver.enable = true; - # services.xserver.layout = "us"; - # services.xserver.xkbOptions = "eurosign:e"; + enable = true; + display = 11; + tty = 11; + + dpi = 96; - # Enable touchpad support. - # services.xserver.libinput.enable = true; +# videoDrivers = [ "nvidia" ]; + synaptics = { + enable = true; + twoFingerScroll = true; + accelFactor = "0.035"; + }; + }; - # Enable the KDE Desktop Environment. - # services.xserver.displayManager.sddm.enable = true; - # services.xserver.desktopManager.plasma5.enable = true; - # services.xserver.displayManager.sddm.enable = true; - # services.xserver.windowManager.xmonad.enable = true; - # services.xserver.windowManager.xmonad.enableContribAndExtras = true; - # - # Define a user account. Don't forget to set a password with ‘passwd’. users.extraUsers.jeschli = { # TODO: define as krebs.users isNormalUser = true; + extraGroups = ["docker" "vboxusers"]; uid = 1000; }; users.extraUsers.jamie = { diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix index c13113f1c..586016f60 100644 --- a/jeschli/2configs/vim.nix +++ b/jeschli/2configs/vim.nix @@ -11,16 +11,24 @@ let sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7"; }; }; - customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { - name = "vim-jsx"; - src = pkgs.fetchFromGitHub { - owner = "mxw"; - repo = "vim-jsx"; - rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; - sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; - }; - }; - + customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { + name = "vim-jsx"; + src = pkgs.fetchFromGitHub { + owner = "mxw"; + repo = "vim-jsx"; + rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + }; + }; + customPlugins.vim-fileline = pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchFromGitHub { + owner = "bogado"; + repo = "file-line"; + rev = "1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; + }; in { environment.systemPackages = [ (pkgs.vim_configurable.customize { @@ -33,6 +41,8 @@ in { setStatements = '' set autowrite set clipboard=unnamedplus + set listchars=trail:¶ + set mouse=a set nocompatible set path+=** set ruler @@ -40,7 +50,6 @@ in { set undofile "turn on the feature set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o set wildmenu - set listchars=trail:¶ ''; remapStatements = '' imap jk <Esc> @@ -91,13 +100,14 @@ in { { names = [ "ctrlp" "easymotion" + "elm-vim" + "vim-fileline" "molokai" "nerdtree" "snipmate" "surround" "Syntastic" "undotree" - "elm-vim" ]; } { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } diff --git a/jeschli/2configs/xserver/default.nix b/jeschli/2configs/xserver/default.nix index 748d12258..ec3977c7e 100644 --- a/jeschli/2configs/xserver/default.nix +++ b/jeschli/2configs/xserver/default.nix @@ -34,26 +34,6 @@ in { }; }; - services.xserver = { - - # Don't install feh into systemPackages - # refs <nixpkgs/nixos/modules/services/x11/desktop-managers> - desktopManager.session = mkForce []; - - enable = true; - display = 11; - tty = 11; - - dpi = 200; - - videoDrivers = [ "nvidia" ]; - synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - }; - }; - systemd.services.display-manager.enable = false; systemd.services.xmonad = { diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix index 60dbbc50c..5aa3c2f96 100644 --- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix +++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix @@ -90,7 +90,7 @@ mainNoArgs = do , startupHook = do setWMName "LG3D" whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) - (\path -> forkFile path [] Nothing) + (\path -> forkFile path [] Nothing) <+> setWMName "LG3D" , normalBorderColor = "#1c1c1c" , focusedBorderColor = "#f000b0" , handleEventHook = handleShutdownEvent @@ -130,13 +130,16 @@ spawnTermAt ws = do let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env forkFile urxvtcPath [] (Just env') + myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ()) myKeys conf = Map.fromList $ [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) , ((_4S , xK_c ), kill) - , ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing) - + , ((_4 , xK_p ), spawn "${pkgs.writeDash "my-dmenu" '' + export PATH=$PATH:${pkgs.dmenu}/bin + exec dmenu_run "$@" + ''}") , ((_4 , xK_x ), chooseAction spawnTermAt) , ((_4C , xK_x ), spawnRootTerm) diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix index dca00a206..b87aef5a3 100644 --- a/krebs/1systems/onebutton/config.nix +++ b/krebs/1systems/onebutton/config.nix @@ -16,6 +16,36 @@ services.nixosManual.enable = false; services.journald.extraConfig = "SystemMaxUse=50M"; } + { + systemd.services.mpc-booter = let + mpc = "${pkgs.mpc_cli}/bin/mpc -h mpd.shack -p 6600"; + url = "http://lassul.us:8000/radio.ogg"; + say = pkgs.writeDash "say" '' + tmpfile=$(${pkgs.coreutils}/bin/mktemp) + echo "$@" > $tmpfile + ${pkgs.curl}/bin/curl -i -H "content-type: text/plain" -X POST -d "@$tmpfile" gobbelz.shack/say/ + rm "$tmpfile" + ''; + in { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + serviceConfig = { + RemainAfterExit = "yes"; + Type = "oneshot"; + ExecStart = pkgs.writeDash "mpc-boot" '' + until ${mpc} stats;do + echo "waiting for mpd.shack to appear" + sleep 1 + done + ${say} "Willkommen im Shack wertes Mitglied" + + ${say} "Lassulus Super Radio wurde gestartet" + ${mpc} add ${url} + ${mpc} play + ''; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.onebutton; # NixOS wants to enable GRUB by default diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix index 8f25881c9..6842bfaab 100644 --- a/krebs/1systems/onebutton/source.nix +++ b/krebs/1systems/onebutton/source.nix @@ -4,7 +4,7 @@ let nixpkgs = pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; - rev = "6c064e6b"; # only binary cache for unstable arm6 + rev = "nixos-unstable"; # only binary cache for unstable arm6 sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; }; in import <stockholm/krebs/source.nix> { diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 04b1c999f..62a5f9ab5 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -63,6 +63,7 @@ in grab_repo = steps.Git( repourl=stockholm_repo, mode='full', + submodules=True, ) ''; builder = { diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix index fa51b84f0..2e63f1385 100644 --- a/krebs/2configs/reaktor-krebs.nix +++ b/krebs/2configs/reaktor-krebs.nix @@ -13,6 +13,9 @@ with import <stockholm/lib>; }; plugins = with pkgs.ReaktorPlugins; [ sed-plugin + task-add + task-delete + task-list ] ++ (attrValues (todo "agenda")) ; diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index a938f8ec9..e6eb3d287 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -174,5 +174,8 @@ in { mail = "spam@krebsco.de"; pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwuAZB3wtAvBJFYh+gWdyGaZU4mtqM2dFXmh2rORlbXeh02msu1uv07ck1VKkQ4LgvCBcBsAOeVa1NTz99eLqutwgcqMCytvRNUCibcoEWwHObsK53KhDJj+zotwlFhnPPeK9+EpOP4ngh/tprJikttos5BwBwe2K+lfiid3fmVPZcTTYa77nCwijimMvWEx6CEjq1wiXMUc4+qcEn8Swbwomz/EEQdNE2hgoC3iMW9RqduTFdIJWnjVi0KaxenX9CvQRGbVK5SSu2gwzN59D/okQOCP6+p1gL5r3QRHSLSSRiEHctVQTkpKOifrtLZGSr5zArEmLd/cOVyssHQPCX repo-sync@wolf''; }; + buildbotSlave = { + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7cre2crQMI6O4XtIfIiGl1GUqIi060fJlOQJgG0/NH"; + }; }; } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index fd74983fa..e2322e171 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -66,6 +66,7 @@ with import <stockholm/lib>; ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index d7a750c6e..c5404f96d 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -520,6 +520,38 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; + nextgum = rec { + ci = true; + cores = 8; + nets = rec { + internet = { + ip4.addr = "144.76.26.247"; + ip6.addr = "2a01:4f8:191:12f6::2"; + aliases = [ + "nextgum.i" + ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.0.213"; + ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3"; + aliases = [ + "nextgum.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8 + aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO + npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh + 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF + 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN + VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; + }; gum = rec { ci = true; diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index 2df76fb2f..db578c457 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -121,26 +121,56 @@ rec { pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$"; path = with pkgs; [ curl perl ]; script = pkgs.writePython3 "url-title" [ "beautifulsoup4" "lxml" ] '' + import cgi import sys import urllib.request from bs4 import BeautifulSoup try: - soup = BeautifulSoup(urllib.request.urlopen(sys.argv[1]), "lxml") - title = soup.find('title').string - - if title: - if len(title) > 512: - print('message to long, skipped') - elif len(title.split('\n')) > 5: - print('to many lines, skipped') - else: - print(title) + req = urllib.request.Request(sys.argv[1]) + req.add_header('user-agent', 'Reaktor-url-title') + resp = urllib.request.urlopen(req) + if resp.headers['content-type'].find('text/html') >= 0: + soup = BeautifulSoup(resp.read(16000), "lxml") + title = soup.find('title').string + + if len(title.split('\n')) > 5: + title = '\n'.join(title.split('\n')[:5]) + + print(title[:450]) + else: + cd_header = resp.headers['content-disposition'] + print(cgi.parse_header(cd_header)[1]['filename']) except: # noqa: E722 pass ''; }); + taskrcFile = builtins.toFile "taskrc" '' + confirmation=no + ''; + + task-add = buildSimpleReaktorPlugin "task-add" { + pattern = "^task-add: (?P<args>.*)$$"; + script = pkgs.writeDash "task-add" '' + ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} add "$*" + ''; + }; + + task-list = buildSimpleReaktorPlugin "task-list" { + pattern = "^task-list"; + script = pkgs.writeDash "task-list" '' + ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} list + ''; + }; + + task-delete = buildSimpleReaktorPlugin "task-delete" { + pattern = "^task-remove: (?P<args>.*)$$"; + script = pkgs.writeDash "task-delete" '' + ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} delete "$*" + ''; + }; + todo = name: { add = buildSimpleReaktorPlugin "${name}-add" { pattern = "^${name}-add: (?P<args>.*)$$"; diff --git a/krebs/5pkgs/simple/cholerab/default.nix b/krebs/5pkgs/simple/cholerab/default.nix new file mode 100644 index 000000000..94514fe44 --- /dev/null +++ b/krebs/5pkgs/simple/cholerab/default.nix @@ -0,0 +1,7 @@ +{ fetchgit, callPackage }: let + src = fetchgit { + url = "https://github.com/krebs/cholerab"; + rev = "25d7ef051d6fc74d99b155e768b3c650296a230c"; + sha256 = "1pymw7v2ql42iq825ccx98s4fp9jsz5b2hjr1qad6bamfc6i7yy9"; + }; +in callPackage src {} diff --git a/krebs/5pkgs/simple/ftb/default.nix b/krebs/5pkgs/simple/ftb/default.nix index c2e83c9f4..ab7d6e651 100644 --- a/krebs/5pkgs/simple/ftb/default.nix +++ b/krebs/5pkgs/simple/ftb/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl , jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm , openjdk -, mesa, openal +, mesa_glu, openal , useAlsa ? false, alsaOss ? null }: with stdenv.lib; @@ -26,7 +26,7 @@ stdenv.mkDerivation { #!${stdenv.shell} export _JAVA_AWT_WM_NONREPARENTING=1 - export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]} + export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa_glu openal ]} ${if useAlsa then "${alsaOss}/bin/aoss" else "" } \ ${jre}/bin/java -jar $out/ftb.jar EOF diff --git a/krebs/5pkgs/simple/thesauron/default.nix b/krebs/5pkgs/simple/thesauron/default.nix deleted file mode 100644 index d543319f2..000000000 --- a/krebs/5pkgs/simple/thesauron/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ fetchgit, callPackage }: let - src = fetchgit { - url = "https://github.com/krebs/thesauron"; - rev = "8ac22588cf2c20465e3c9348e7ce04885599c2a5"; - "sha256"= "1ivkjl235dnm5aaqqvarnxkz7zh0gvah22b0fqwlsflrcd5wmgva"; - }; -in callPackage src {} diff --git a/krebs/krops.nix b/krebs/krops.nix index 97cd6a939..861f2d323 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -12,7 +12,7 @@ krebs-source = { nixpkgs.git = { - ref = "7295e175bf6c6e8aa54f1b4d99256ee95d13d385"; + ref = "56fad146a12a6f934d1d5ef875eb729be1b19129"; url = https://github.com/NixOS/nixpkgs; }; stockholm.file = toString ../.; diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix index 64c179e67..6a8040c9d 100644 --- a/lass/1systems/cabal/config.nix +++ b/lass/1systems/cabal/config.nix @@ -8,11 +8,6 @@ <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/exim-retiolum.nix> <stockholm/lass/2configs/baseX.nix> - <stockholm/lass/2configs/browsers.nix> - <stockholm/lass/2configs/programs.nix> - <stockholm/lass/2configs/fetchWallpaper.nix> - <stockholm/lass/2configs/games.nix> - <stockholm/lass/2configs/bitcoin.nix> <stockholm/lass/2configs/AP.nix> <stockholm/lass/2configs/blue-host.nix> ]; diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index bd7f75c3e..5657742a6 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -71,6 +71,9 @@ with import <stockholm/lib>; hashPassword thunderbird dpass + + # we want tensorflow! (with GPU acceleration) + python3Packages.tensorflowWithCuda ]; users.users = { diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 97e69146e..ad4f8a504 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -29,6 +29,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/c-base.nix> <stockholm/lass/2configs/br.nix> <stockholm/lass/2configs/ableton.nix> + <stockholm/lass/2configs/starcraft.nix> <stockholm/lass/2configs/dunst.nix> <stockholm/lass/2configs/rtl-sdr.nix> <stockholm/lass/2configs/backup.nix> @@ -54,6 +55,7 @@ with import <stockholm/lib>; services.nginx = { enable = true; virtualHosts.default = { + default = true; serverAliases = [ "localhost" "${config.krebs.build.host.name}" @@ -79,9 +81,6 @@ with import <stockholm/lib>; client.enable = true; }; } - { - services.mongodb.enable = true; - } ]; krebs.build.host = config.krebs.hosts.mors; @@ -179,4 +178,9 @@ with import <stockholm/lib>; }; }); virtualisation.libvirtd.enable = true; + + services.earlyoom = { + enable = true; + freeMemThreshold = 5; + }; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 9a0bb49e9..6be45d38d 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -195,6 +195,16 @@ with import <stockholm/lib>; jeschli-bolide jeschli-brauerei ]; + repo = [ config.krebs.git.repos.xmonad-stockholm ]; + perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ]; + } + { + user = with config.krebs.users; [ + jeschli + jeschli-bln + jeschli-bolide + jeschli-brauerei + ]; repo = [ config.krebs.git.repos.stockholm ]; perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ]; } @@ -281,6 +291,18 @@ with import <stockholm/lib>; ]; } { + services.nginx = { + enable = true; + virtualHosts."radio.lassul.us" = { + forceSSL = true; + enableACME = true; + locations."/".extraConfig = '' + proxy_pass http://localhost:8000; + ''; + }; + }; + } + { lass.nichtparasoup.enable = true; services.nginx = { enable = true; @@ -293,21 +315,6 @@ with import <stockholm/lib>; }; }; } - { #weechat port forwarding to blue - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 9998"; target = "ACCEPT";} - ]; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.prism.nets.internet.ip4.addr} -p tcp --dport 9998"; target = "DNAT --to-destination ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}:9999"; } - ]; - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "ACCEPT"; } - { v6 = false; precedence = 1000; predicate = "-s ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.POSTROUTING.rules = [ - { v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; } - ]; - } { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p udp --dport 51820"; target = "ACCEPT"; } @@ -341,9 +348,21 @@ with import <stockholm/lib>; { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} ]; } + { + services.murmur.enable = true; + services.murmur.registerName = "lassul.us"; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} + ]; + + } ]; krebs.build.host = config.krebs.hosts.prism; # workaround because grub store paths are broken boot.copyKernels = true; + services.earlyoom = { + enable = true; + freeMemThreshold = 5; + }; } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index afdefaa45..7d04827f0 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -71,8 +71,10 @@ in { ag bank cabal2nix + cholerab dic dmenu + font-size gi gitAndTools.qgit git-preview @@ -81,6 +83,7 @@ in { mpv-poll much ncdu + nix-index nix-repl nmap pavucontrol @@ -91,7 +94,6 @@ in { sxiv taskwarrior termite - thesauron timewarrior xclip xephyrify diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 657234bc1..83c235f3e 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -5,6 +5,7 @@ with import <stockholm/lib>; imports = [ <stockholm/lass/2configs/container-networking.nix> ]; + systemd.services."container@blue".reloadIfChanged = mkForce false; containers.blue = { config = { ... }: { environment.systemPackages = [ pkgs.git ]; diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 3030d8faf..272169e92 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -90,7 +90,7 @@ in { } ( createQuteUser "qb" [ "audio" ] 20 ) ( createFirefoxUser "ff" [ "audio" ] 10 ) - ( createChromiumUser "cr" [ "audio" ] 9 ) + ( createChromiumUser "cr" [ "audio" "video" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) ( createChromiumUser "wk" [ "audio" ] 0 ) ( createChromiumUser "fb" [ "audio" ] 0 ) diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix index b985b67b3..4d8d308fb 100644 --- a/lass/2configs/dcso-dev.nix +++ b/lass/2configs/dcso-dev.nix @@ -9,7 +9,7 @@ in { dev = { name = "dev"; uid = genid "dev"; - extraGroups = [ "docker" ]; + extraGroups = [ "docker" "vboxusers" ]; description = "user for collaborative development"; home = "/home/dev"; useDefaultShell = true; @@ -17,6 +17,7 @@ in { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey config.krebs.users.lass-android.pubkey + config.krebs.users.lass-mors.pubkey config.krebs.users.jeschli-bln.pubkey config.krebs.users.jeschli-brauerei.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost" @@ -54,10 +55,21 @@ in { krebs.per-user.dev.packages = [ pkgs.go ]; + environment.variables.GOPATH = "$HOME/go"; security.sudo.extraConfig = '' ${mainUser.name} ALL=(dev) NOPASSWD: ALL ''; - services.minio.enable = true; + networking.interfaces.et0.ipv4.addresses = [ + { address = "10.99.23.1"; prefixLength = 24; } + ]; + virtualisation.docker.enable = true; + environment.etc."docker/daemon.json".source = pkgs.writeText "daemon.json" '' + { + "bip": "172.25.0.1/16" + } + ''; + services.rabbitmq.enable = true; + services.postgresql.enable = true; } diff --git a/lass/2configs/dunst.nix b/lass/2configs/dunst.nix index 6d3d839bc..18a22e1da 100644 --- a/lass/2configs/dunst.nix +++ b/lass/2configs/dunst.nix @@ -188,21 +188,21 @@ let foreground = "#3B7C87" background = "#191311" #background = "#2B313C" - timeout = 0 + timeout = 1 [urgency_normal] frame_color = "#5B8234" foreground = "#5B8234" background = "#191311" #background = "#2B313C" - timeout = 0 + timeout = 1 [urgency_critical] frame_color = "#B7472A" foreground = "#B7472A" background = "#191311" #background = "#2B313C" - timeout = 0 + timeout = 1 # Every section that isn't one of the above is interpreted as a rules to diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 371f20885..db6bda005 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -83,6 +83,7 @@ with import <stockholm/lib>; { from = "elitedangerous@lassul.us"; to = lass.mail; } { from = "boardgamegeek@lassul.us"; to = lass.mail; } { from = "qwertee@lassul.us"; to = lass.mail; } + { from = "zazzle@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 72cfd5e75..829e62269 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -30,6 +30,14 @@ let rules = concatMap make-rules (attrValues repos); public-repos = mapAttrs make-public-repo { + cholerab = { + cgit.desc = "krebs thesauron & enterprise-patterns"; + cgit.section = "documentation"; + }; + disko = { + cgit.desc = "take a description of your disk layout and produce a format script"; + cgit.section = "software"; + }; news = { cgit.desc = "take a rss feed and a timeout and print it to stdout"; cgit.section = "software"; @@ -61,6 +69,10 @@ let cgit.desc = "krebs deployment"; cgit.section = "software"; }; + xmonad-stockholm = { + cgit.desc = "krebs xmonad modules"; + cgit.section = "configuration"; + }; } // mapAttrs make-public-repo-silent { nixos-aws = { collaborators = [ { diff --git a/lass/2configs/logf.nix b/lass/2configs/logf.nix index 24b806efa..f141a94f5 100644 --- a/lass/2configs/logf.nix +++ b/lass/2configs/logf.nix @@ -11,7 +11,7 @@ let cloudkrebs = "119"; }; urgent = [ - "\\blass@mors\\b" + "\\blass@blue\\b" ]; in { environment.systemPackages = [ diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 0ce147acd..86877df7a 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -100,6 +100,12 @@ with import <stockholm/lib>; exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline' ''; }) + (buildSimpleReaktorPlugin "shrug" { + pattern = "^!shrug$"; + script = pkgs.writeDash "shrug" '' + exec echo '¯\_(ツ)_/¯' + ''; + }) ]; }; } diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 615f5a728..6a07172fe 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -27,6 +27,7 @@ let user = with config.krebs.users; [ config.krebs.users."${config.networking.hostName}-repo-sync" lass + lass-mors lass-shodan ]; repo = [ repo ]; @@ -136,5 +137,6 @@ in { (sync-retiolum "stockholm") (sync-retiolum "wai-middleware-time") (sync-retiolum "xmonad-stockholm") + (sync-retiolum "nix-writers") ]; } diff --git a/lass/2configs/starcraft.nix b/lass/2configs/starcraft.nix new file mode 100644 index 000000000..742b877e8 --- /dev/null +++ b/lass/2configs/starcraft.nix @@ -0,0 +1,53 @@ +{ config, pkgs, ... }: let + mainUser = config.users.extraUsers.mainUser; + newWine = pkgs.wineStaging; + #newWine = pkgs.wineStaging.overrideAttrs (old: { + # name = "wine-3.7"; + # buildInputs = old.buildInputs ++ [ + # pkgs.libuuid.bin + # pkgs.autoconf.out + # ]; + # src = pkgs.fetchurl { + # url = "https://dl.winehq.org/wine/source/3.x/wine-3.7.tar.xz"; + # sha256 = "1drbzk3y0m14lkq3vzwwkvain5shykgcbmyzh6gcb5r4sxh3givn"; + # }; + # postPatch = old.postPatch or "" + '' + # patchShebangs tools + # cp -r ${pkgs.fetchFromGitHub { + # sha256 = "0kam73jqhah7bzji5csxxhhfdp6byhzpcph6xnzjqz2aic5xk7xi"; + # owner = "wine-staging"; + # repo = "wine-staging"; + # rev = "v3.7"; + # }}/patches . + # chmod +w patches + # cd patches + # patchShebangs gitapply.sh + # ./patchinstall.sh DESTDIR="$PWD/.." --all + # cd .. + # ''; + + #}); + #newWine = (import (builtins.fetchGit { + # url = "https://github.com/NixOS/nixpkgs"; + # rev = "696c6bed4e8e2d9fd9b956dea7e5d49531e9d13f"; + #}) {}).wineStaging; +in { + users.users= { + starcraft = { + isNormalUser = true; + extraGroups = [ + "audio" + "video" + ]; + packages = [ + newWine + pkgs.winetricks + pkgs.mpg123 + ]; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(starcraft) NOPASSWD: ALL + ''; +} + diff --git a/lass/2configs/urxvt.nix b/lass/2configs/urxvt.nix index fc4537140..90d28d650 100644 --- a/lass/2configs/urxvt.nix +++ b/lass/2configs/urxvt.nix @@ -5,7 +5,7 @@ with import <stockholm/lib>; services.urxvtd.enable = true; krebs.xresources.resources.urxvt = '' - URxvt*SaveLines: 4096 + URxvt*SaveLines: 1000000 URxvt*scrollBar: false URxvt*urgentOnBell: true URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select @@ -19,6 +19,12 @@ with import <stockholm/lib>; URxvt.keysym.M-Escape: perl:keyboard-select:activate URxvt.keysym.M-s: perl:keyboard-select:search + URxvt.keysym.M-F1: command:\033]710;-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1\007\033]711;-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1\007 + URxvt.keysym.M-F2: command:\033]710;xft:Monospace:size=15\007\033]711;xft:Monospace:size=15:bold\007 + URxvt.keysym.M-F3: command:\033]710;xft:Monospace:size=20\007\033]711;xft:Monospace:size=20:bold\007 + URxvt.keysym.M-F4: command:\033]710;xft:Monospace:size=25\007\033]711;xft:Monospace:size=25:bold\007 + URxvt.keysym.M-F5: command:\033]710;xft:Monospace:size=30\007\033]711;xft:Monospace:size=30:bold\007 + URxvt.intensityStyles: false URxvt*background: #000000 diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 6014fd082..823d9a8ca 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -2,6 +2,12 @@ with import <stockholm/lib>; let + unstable_nixpkgs = import (pkgs.fetchFromGitHub { + owner = "NixOS"; + repo = "nixpkgs"; + rev = "a8c71037e041725d40fbf2f3047347b6833b1703"; + sha256 = "1z4cchcw7qgjhy0x6mnz7iqvpswc2nfjpdynxc54zpm66khfrjqw"; + }) {}; out = { environment.systemPackages = [ (hiPrio vim) @@ -9,6 +15,10 @@ let (pkgs.writeDashBin "govet" '' go vet "$@" '') + (hiPrio (unstable_nixpkgs.python3.withPackages (ps: [ + ps.python-language-server + ps.pyls-isort + ]))) ]; environment.etc.vimrc.source = vimrc; @@ -68,11 +78,17 @@ let au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile "Syntastic config - let g:syntastic_python_checkers=['flake8'] - let g:syntastic_python_flake8_post_args='--ignore=E501' + "let g:syntastic_python_checkers=['flake8'] + "let g:syntastic_python_flake8_post_args='--ignore=E501' - let g:go_metalinter_autosave = 1 - let g:go_metalinter_deadline = "10s" + nnoremap <F5> :call LanguageClient_contextMenu()<CR> + set hidden + let g:LanguageClient_serverCommands = { + \ 'python': ['pyls'], + \ 'go': ['~/go/bin/go-langserver'] + \ } + + let g:LanguageClient_diagnosticsDisplay = { 2: { "signText": "W" } } nmap <esc>q :buffer nmap <M-q> :buffer @@ -115,9 +131,11 @@ let extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ pkgs.vimPlugins.ack-vim pkgs.vimPlugins.Gundo - pkgs.vimPlugins.Syntastic + #pkgs.vimPlugins.Syntastic pkgs.vimPlugins.undotree pkgs.vimPlugins.vim-go + pkgs.vimPlugins.fzf-vim + unstable_nixpkgs.vimPlugins.LanguageClient-neovim (pkgs.vimUtils.buildVimPlugin { name = "file-line-1.0"; src = pkgs.fetchFromGitHub { diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index 8171def2d..cfb835d78 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -15,7 +15,7 @@ in { description = "user for running VirtualBox"; home = "/home/virtual"; useDefaultShell = true; - extraGroups = [ "vboxusers" "audio" ]; + extraGroups = [ "vboxusers" "audio" "video" ]; createHome = true; }; }; diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index e4f50e2d1..d19f534fe 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -119,6 +119,7 @@ in { { from = "ms@ubikmedia.eu"; to = "ms"; } { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } { from = "akayguen@freemonkey.art"; to ="akayguen"; } + { from = "bui@freemonkey.art"; to ="bui"; } { from = "testuser@lassul.us"; to = "testuser"; } { from = "testuser@ubikmedia.eu"; to = "testuser"; } @@ -183,5 +184,12 @@ in { createHome = true; }; + users.users.bui = { + uid = genid_signed "bui"; + home = "/home/bui"; + useDefaultShell = true; + createHome = true; + }; + } diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 53f1eea5c..f60a66952 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -66,6 +66,22 @@ in { locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; + locations."/urlaubyay2018".extraConfig = '' + autoindex on; + alias /srv/http/lassul.us-media/india2018; + auth_basic "Restricted Content"; + auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' + paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 + ''}; + ''; + locations."/heilstadt".extraConfig = '' + autoindex on; + alias /srv/http/lassul.us-media/grabowsee2018; + auth_basic "Restricted Content"; + auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' + c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 + ''}; + ''; # TODO make this work! locations."= /ddate".extraConfig = let script = pkgs.writeBash "test" '' diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 816449c14..a807f7160 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -194,7 +194,7 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - addSSL = true; + forceSSL = true; serverAliases = domains; extraConfig = '' root /srv/http/${domain}/; diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index dd82b34eb..71a5cdda9 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -17,6 +17,7 @@ in { createHome = true; packages = [ pkgs.wine + pkgs.winetricks ]; }; }; diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 4c0023a76..8f5f05bc2 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -41,6 +41,10 @@ with import <stockholm/lib>; type = types.path; default = pkgs.writeScript "echo_lol" "echo lol"; }; + vglrun = mkOption { + type = types.bool; + default = false; + }; wm = mkOption { #TODO find type type = types.string; @@ -116,9 +120,11 @@ with import <stockholm/lib>; ${pkgs.coreutils}/bin/kill $WM_PID ${pkgs.coreutils}/bin/kill $XEPHYR_PID ''; - sudo_ = pkgs.writeDash "${cfg.name}-sudo" '' + sudo_ = pkgs.writeDash "${cfg.name}-sudo" (if cfg.vglrun then '' /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@" - ''; + '' else '' + /var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@" + ''); vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" '' DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@" ''; diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 7180f2a69..694f3c033 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -48,7 +48,8 @@ import XMonad.Util.EZConfig (additionalKeysP) import XMonad.Util.NamedWindows (getName) import XMonad.Util.Run (safeSpawn) -import XMonad.Stockholm.Shutdown +import XMonad.Stockholm.Shutdown (handleShutdownEvent, sendShutdownEvent) +import XMonad.Stockholm.Pager (defaultWindowColors, pager, MatchMethod(MatchPrefix), PagerConfig(..)) data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show) @@ -129,8 +130,8 @@ myKeyMap = , ("M4-f", floatNext True) , ("M4-b", sendMessage ToggleStruts) - , ("M4-v", withWorkspace autoXPConfig (windows . W.greedyView)) - , ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift)) + , ("M4-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) ) + , ("M4-S-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) ) , ("M4-C-v", withWorkspace autoXPConfig (windows . copy)) , ("M4-m", withFocused minimizeWindow) @@ -183,6 +184,21 @@ infixAutoXPConfig = autoXPConfig { searchPredicate = isInfixOf } +pagerConfig :: PagerConfig +pagerConfig = def + { pc_font = myFont + , pc_cellwidth = 64 + , pc_matchmethod = MatchPrefix + , pc_windowColors = windowColors + } + where + windowColors _ _ _ True _ = ("#ef4242","#ff2323") + windowColors wsf m c u wf = do + let y = defaultWindowColors wsf m c u wf + if m == False && wf == True + then ("#402020", snd y) + else y + gridConfig :: GSConfig WorkspaceId gridConfig = def { gs_cellwidth = 100 @@ -191,6 +207,10 @@ gridConfig = def , gs_navigate = navNSearch , gs_font = myFont } + +allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] +allWorkspaceNames ws = + return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws] ''; }; } diff --git a/makefu/0tests/data/secrets/nsupdate-hub.nix b/makefu/0tests/data/secrets/nsupdate-hub.nix new file mode 100644 index 000000000..e76c0e87e --- /dev/null +++ b/makefu/0tests/data/secrets/nsupdate-hub.nix @@ -0,0 +1 @@ +{ "lol" = "wut"; } diff --git a/makefu/0tests/data/secrets/uhub.sql b/makefu/0tests/data/secrets/uhub.sql new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/secrets/uhub.sql diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 9b6d9d571..998ecd0fb 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -2,28 +2,13 @@ with import <stockholm/lib>; let - # hw-specific - external-mac = "2a:c5:6e:d2:fc:7f"; - main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; - external-gw = "185.194.140.1"; - # single partition, label "nixos" - # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate - - - # static external-ip = config.krebs.build.host.nets.internet.ip4.addr; - external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; - external-gw6 = "fe80::1"; - external-netmask = 22; - external-netmask6 = 64; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - ext-if = "et0"; # gets renamed on the fly + ext-if = config.makefu.server.primary-itf; in { imports = [ <stockholm/makefu> - <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + ./hardware-config.nix <stockholm/makefu/2configs/headless.nix> - <stockholm/makefu/2configs/fs/single-partition-ext4.nix> # <stockholm/makefu/2configs/smart-monitor.nix> <stockholm/makefu/2configs/git/cgit-retiolum.nix> @@ -49,6 +34,7 @@ in { # <stockholm/makefu/2configs/sabnzbd.nix> <stockholm/makefu/2configs/torrent.nix> <stockholm/makefu/2configs/mosh.nix> + # <stockholm/makefu/2configs/retroshare.nix> # network <stockholm/makefu/2configs/vpn/openvpn-server.nix> @@ -90,6 +76,15 @@ in { <stockholm/makefu/2configs/syncthing.nix> # <stockholm/makefu/2configs/opentracker.nix> + <stockholm/makefu/2configs/hub.nix> + { # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; + } + <stockholm/makefu/2configs/stats/client.nix> # <stockholm/makefu/2configs/logging/client.nix> @@ -187,7 +182,6 @@ in { ]; }; - makefu.server.primary-itf = ext-if; # access users.users = { @@ -200,6 +194,7 @@ in { weechat bepasty-client-cli get + tmux ]; services.bitlbee = { enable = true; @@ -207,15 +202,8 @@ in { }; # Hardware - boot.loader.grub.device = main-disk; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; # Network - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - boot.kernelParams = [ ]; networking = { firewall = { allowPing = true; @@ -249,19 +237,8 @@ in { 21032 ]; }; - interfaces."${ext-if}" = { - ip4 = [{ - address = external-ip; - prefixLength = external-netmask; - }]; - ip6 = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; - }; - defaultGateway6 = external-gw6; - defaultGateway = external-gw; nameservers = [ "8.8.8.8" ]; }; - + users.users.makefu.extraGroups = [ "download" "nginx" ]; + boot.tmpOnTmpfs = true; } diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix new file mode 100644 index 000000000..a40709169 --- /dev/null +++ b/makefu/1systems/gum/hardware-config.nix @@ -0,0 +1,46 @@ +{ config, ... }: +let + external-mac = "2a:c5:6e:d2:fc:7f"; + main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + external-gw = "185.194.140.1"; + # single partition, label "nixos" + # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate + + + # static + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; + external-gw6 = "fe80::1"; + external-netmask = 22; + external-netmask6 = 64; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + ext-if = "et0"; # gets renamed on the fly +in { + imports = [ + <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + <stockholm/makefu/2configs/fs/single-partition-ext4.nix> + ]; + + makefu.server.primary-itf = ext-if; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" + ''; + networking = { + interfaces."${ext-if}" = { + ipv4.addresses = [{ + address = external-ip; + prefixLength = external-netmask; + }]; + ipv6.addresses = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; + }; + defaultGateway6 = external-gw6; + defaultGateway = external-gw; + }; + boot.kernelParams = [ ]; + boot.loader.grub.device = main-disk; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; +} diff --git a/makefu/1systems/kexec/config.nix b/makefu/1systems/kexec/config.nix new file mode 100644 index 000000000..5bf19f978 --- /dev/null +++ b/makefu/1systems/kexec/config.nix @@ -0,0 +1,25 @@ +{ config, pkgs, lib, ... }: + +with import <stockholm/lib>; +{ + imports = [ + <stockholm/makefu> + # <stockholm/makefu/2configs/tools/core.nix> + <nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix> + <clever_kexec/kexec/kexec.nix> + ]; + # cd ~/stockholm ; nix-build '<nixpkgs/nixos>' -A config.system.build.kexec_tarball -j 4 -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso + + krebs.build.host = config.krebs.hosts.iso; + krebs.hidden-ssh.enable = true; + environment.extraInit = '' + EDITOR=vim + ''; + services.openssh = { + enable = true; + hostKeys = [ + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; +} diff --git a/makefu/1systems/kexec/source.nix b/makefu/1systems/kexec/source.nix new file mode 100644 index 000000000..e200dbfd2 --- /dev/null +++ b/makefu/1systems/kexec/source.nix @@ -0,0 +1,3 @@ +import <stockholm/makefu/source.nix> { + name="iso"; +} diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix new file mode 100644 index 000000000..93171d23a --- /dev/null +++ b/makefu/1systems/nextgum/config.nix @@ -0,0 +1,248 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + ext-if = config.makefu.server.primary-itf; +in { + imports = [ + <stockholm/makefu> + ./hardware-config.nix + ./transfer-config.nix + <stockholm/makefu/2configs/headless.nix> + # <stockholm/makefu/2configs/smart-monitor.nix> + + # Security + <stockholm/makefu/2configs/sshd-totp.nix> + + # Tools + <stockholm/makefu/2configs/tools/core.nix> + <stockholm/makefu/2configs/tools/dev.nix> + <stockholm/makefu/2configs/tools/sec.nix> + <stockholm/makefu/2configs/vim.nix> + <stockholm/makefu/2configs/zsh-user.nix> + <stockholm/makefu/2configs/mosh.nix> + + <stockholm/makefu/2configs/git/cgit-retiolum.nix> + <stockholm/makefu/2configs/backup.nix> + <stockholm/makefu/2configs/exim-retiolum.nix> + <stockholm/makefu/2configs/tinc/retiolum.nix> + # services + <stockholm/makefu/2configs/sabnzbd.nix> + + # sharing + <stockholm/makefu/2configs/share/gum.nix> + <stockholm/makefu/2configs/torrent.nix> + #<stockholm/makefu/2configs/retroshare.nix> + ## <stockholm/makefu/2configs/ipfs.nix> + #<stockholm/makefu/2configs/syncthing.nix> + { # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; + } + # <stockholm/makefu/2configs/opentracker.nix> + + ## network + <stockholm/makefu/2configs/vpn/openvpn-server.nix> + # <stockholm/makefu/2configs/vpn/vpnws/server.nix> + <stockholm/makefu/2configs/dnscrypt/server.nix> + <stockholm/makefu/2configs/iodined.nix> + + ## buildbot + <stockholm/makefu/2configs/remote-build/slave.nix> + + # Removed until move: no extra mails + # <stockholm/makefu/2configs/urlwatch> + # Removed until move: avoid double-update of domain + # <stockholm/makefu/2configs/hub.nix> + # Removed until move: avoid letsencrypt ban + ### Web + #<stockholm/makefu/2configs/nginx/share-download.nix> + #<stockholm/makefu/2configs/nginx/euer.test.nix> + #<stockholm/makefu/2configs/nginx/euer.mon.nix> + #<stockholm/makefu/2configs/nginx/euer.wiki.nix> + #<stockholm/makefu/2configs/nginx/euer.blog.nix> + ## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix> + #<stockholm/makefu/2configs/nginx/public_html.nix> + #<stockholm/makefu/2configs/nginx/update.connector.one.nix> + #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> + + #<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> + #<stockholm/makefu/2configs/deployment/graphs.nix> + #<stockholm/makefu/2configs/deployment/owncloud.nix> + #<stockholm/makefu/2configs/deployment/boot-euer.nix> + #<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix> + + { + services.taskserver.enable = true; + services.taskserver.fqdn = config.krebs.build.host.name; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.home.users = [ "makefu" ]; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ''; + } + + + <stockholm/makefu/2configs/stats/client.nix> + # <stockholm/makefu/2configs/logging/client.nix> + + ## Temporary: + # <stockholm/makefu/2configs/temp/rst-issue.nix> + <stockholm/makefu/2configs/virtualisation/docker.nix> + <stockholm/makefu/2configs/virtualisation/libvirt.nix> + + #{ + # services.dockerRegistry.enable = true; + # networking.firewall.allowedTCPPorts = [ 8443 ]; + + # services.nginx.virtualHosts."euer.krebsco.de" = { + # forceSSL = true; + # enableACME = true; + # extraConfig = '' + # client_max_body_size 1000M; + # ''; + # locations."/".proxyPass = "http://localhost:5000"; + # }; + #} + { # wireguard server + + # opkg install wireguard luci-proto-wireguard + + # TODO: networking.nat + + # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + # conf.all.proxy_arp =1 + networking.firewall = { + allowedUDPPorts = [ 51820 ]; + extraCommands = '' + iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE + ''; + }; + + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.1/24" ]; + listenPort = 51820; + privateKeyFile = (toString <secrets>) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # x + allowedIPs = [ "10.244.0.2/32" ]; + publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + } + { + # vbob + allowedIPs = [ "10.244.0.3/32" ]; + publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } + { + # workr + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } + ]; + }; + } + { # iperf3 + networking.firewall.allowedUDPPorts = [ 5201 ]; + networking.firewall.allowedTCPPorts = [ 5201 ]; + } + + ]; + makefu.dl-dir = "/var/download"; + + services.openssh.hostKeys = [ + { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; } + { path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ]; + ###### stable + services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; + krebs.build.host = config.krebs.hosts.gum; + + krebs.tinc.retiolum = { + extraConfig = '' + ListenAddress = ${external-ip} 53 + ListenAddress = ${external-ip} 655 + ListenAddress = ${external-ip} 21031 + ''; + connectTo = [ + "muhbaasu" "tahoe" "flap" "wry" + "ni" + "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs" + ]; + }; + + + # access + users.users = { + root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; + makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; + }; + + # Chat + environment.systemPackages = with pkgs;[ + weechat + bepasty-client-cli + get + tmux + ]; + services.bitlbee = { + enable = true; + libpurple_plugins = [ pkgs.telegram-purple ]; + }; + + # Hardware + + # Network + networking = { + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # httptunnel + 8080 8443 + # tinc + 655 + # tinc-shack + 21032 + # tinc-retiolum + 21031 + # taskserver + 53589 + # temp vnc + 18001 + # temp reverseshell + 31337 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + # tinc-retiolum + 21031 + # tinc-shack + 21032 + ]; + }; + nameservers = [ "8.8.8.8" ]; + }; + users.users.makefu.extraGroups = [ "download" "nginx" ]; + boot.tmpOnTmpfs = true; +} diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix new file mode 100644 index 000000000..36fea6544 --- /dev/null +++ b/makefu/1systems/nextgum/hardware-config.nix @@ -0,0 +1,80 @@ +{ config, ... }: +let + external-mac = "50:46:5d:9f:63:6b"; + main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS"; + sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS"; + external-gw = "144.76.26.225"; + # single partition, label "nixos" + # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate + + + # static + external-ip = "144.76.26.247"; + external-ip6 = "2a01:4f8:191:12f6::2"; + external-gw6 = "fe80::1"; + external-netmask = 27; + external-netmask6 = 64; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + ext-if = "et0"; # gets renamed on the fly +in { + imports = [ + ]; + makefu.server.primary-itf = ext-if; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" + ''; + networking = { + interfaces."${ext-if}" = { + ipv4.addresses = [{ + address = external-ip; + prefixLength = external-netmask; + }]; + ipv6.addresses = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; + }; + defaultGateway6 = external-gw6; + defaultGateway = external-gw; + }; + boot.kernelParams = [ ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.devices = [ main-disk ]; + boot.initrd.availableKernelModules = [ + "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" + "xhci_pci" "ehci_pci" "ahci" "sd_mod" + ]; + boot.kernelModules = [ "kvm-intel" ]; + hardware.enableRedistributableFirmware = true; + fileSystems."/" = { + device = "/dev/mapper/nixos-root"; + fsType = "ext4"; + }; + fileSystems."/boot" = { + device = "/dev/sda2"; + fsType = "vfat"; + }; + # parted -s -a optimal "$disk" \ + # mklabel gpt \ + # mkpart no-fs 0 1024KiB \ + # set 1 bios_grub on \ + # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ + # mkpart primary 1025MiB 100% + # parted -s -a optimal "/dev/sdb" \ + # mklabel gpt \ + # mkpart primary 1M 100% + + #mkfs.vfat /dev/sda2 + #pvcreate /dev/sda3 + #pvcreate /dev/sdb1 + #vgcreate nixos /dev/sda3 /dev/sdb1 + #lvcreate -L 120G -n root nixos + #mkfs.ext4 /dev/mapper/nixos-root + #mount /dev/mapper/nixos-root /mnt + #mkdir /mnt/boot + #mount /dev/sda2 /mnt/boot + #mkdir -p /mnt/var/src + #touch /mnt/var/src/.populate + +} diff --git a/makefu/1systems/nextgum/source.nix b/makefu/1systems/nextgum/source.nix new file mode 100644 index 000000000..413889c47 --- /dev/null +++ b/makefu/1systems/nextgum/source.nix @@ -0,0 +1,5 @@ +import <stockholm/makefu/source.nix> { + name="nextgum"; + torrent = true; + clever_kexec = true; +} diff --git a/makefu/1systems/nextgum/transfer-config.nix b/makefu/1systems/nextgum/transfer-config.nix new file mode 100644 index 000000000..92df60195 --- /dev/null +++ b/makefu/1systems/nextgum/transfer-config.nix @@ -0,0 +1,7 @@ +{ config, lib, ... }: +# configuration which is only required for the time of the transfer +{ + krebs.tinc.retiolum.connectTo = [ "gum" ]; + krebs.build.host = lib.mkForce config.krebs.hosts.nextgum; +} + diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index c209b83f6..61182f6c3 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -38,6 +38,7 @@ let priv-repos = mapAttrs make-priv-repo { autosync = { }; + fenkins = { }; pass = { }; }; diff --git a/makefu/2configs/hub.nix b/makefu/2configs/hub.nix new file mode 100644 index 000000000..a121157d4 --- /dev/null +++ b/makefu/2configs/hub.nix @@ -0,0 +1,102 @@ +{ config, lib, pkgs, ... }: + +# search also generates ddclient entries for all other logs + +with import <stockholm/lib>; +let + ddclientUser = "ddclient"; + sec = toString <secrets>; + nsupdate = import "${sec}/nsupdate-hub.nix"; + stateDir = "/var/spool/ddclient"; + cfg = "${stateDir}/cfg"; + ext-if = config.makefu.server.primary-itf; + ddclientPIDFile = "${stateDir}/ddclient.pid"; + + # TODO: correct cert generation requires a `real` internet ip address + + gen-cfg = dict: '' + ssl=yes + cache=${stateDir}/ddclient.cache + pid=${ddclientPIDFile} + ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' + + protocol=dyndns2 + use=web, web=http://ipv4.nsupdate.info/myip + ssl=yes + server=ipv4.nsupdate.info + login=${user} + password='${pass}' + ${user} + + '') dict)} + ''; + +in { + users.extraUsers = singleton { + name = ddclientUser; + uid = genid "ddclient"; + description = "ddclient daemon user"; + home = stateDir; + createHome = true; + }; + + systemd.services = { + redis.serviceConfig.LimitNOFILE=10032; + ddclient-nsupdate-uhub = { + wantedBy = [ "multi-user.target" ]; + after = [ "ip-up.target" ]; + serviceConfig = { + Type = "forking"; + User = ddclientUser; + PIDFile = ddclientPIDFile; + ExecStartPre = pkgs.writeDash "init-nsupdate" '' + cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} + chmod 700 ${cfg} + ''; + ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; + }; + }; + }; + + networking.firewall.extraCommands = '' + iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511 + ''; + systemd.services.uhub.serviceConfig = { + PrivateTmp = true; + PermissionsStartOnly = true; + ExecStartPre = pkgs.writeDash "uhub-pre" '' + cp ${toString <secrets/wildcard.krebsco.de.crt>} /tmp/uhub.crt + cp ${toString <secrets/wildcard.krebsco.de.key>} /tmp/uhub.key + cp ${toString <secrets/uhub.sql>} /tmp/uhub.sql + chown uhub /tmp/* + ''; + + }; + services.uhub = { + enable = true; + port = 1511; + enableTLS = true; + hubConfig = '' + hub_name = "krebshub" + tls_certificate = /tmp/uhub.crt + tls_private_key = /tmp/uhub.key + registered_users_only = true + ''; + plugins = { + welcome = { + enable = true; + motd = "shareit"; + rules = "1. Don't be an asshole"; + }; + history = { + enable = true; + }; + authSqlite = { + enable = true; + file = "/tmp/uhub.sql"; + }; + + }; + }; + networking.firewall.allowedTCPPorts = [ 411 1511 ]; +} diff --git a/makefu/source.nix b/makefu/source.nix index ecc4dddf0..fac1c0282 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -24,9 +24,11 @@ let ]; }; # TODO: automate updating of this ref + cherry-picks - ref = "60b6ab055ad"; # nixos-18.03 @ 2018-05-31 + ref = "14946ec63a1"; # nixos-18.03 @ 2018-05-31 # + do_sqlite3 ruby: 55a952be5b5 # + exfat-nofuse bump: ee6a5296a35 + # + uhub/sqlite: 5dd7610401747 + # + forecastio: f27584df02337 in evalSource (toString _file) [ |