summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2019-01-16 11:20:14 +0100
committertv <tv@krebsco.de>2019-01-16 11:20:14 +0100
commit6cef97deb3a96731a4737f05513e2e5855f60685 (patch)
treec21b0eef944b80adecb7d95aa79ba4a475ef6dd1 /lass
parent2d2ab95f0707209c4c248d43cb57877a50a37991 (diff)
parenta1d9c22bbd8eff9198f378e9007ddf4cb9ee2e5c (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/blue/source.nix15
-rw-r--r--lass/1systems/daedalus/config.nix4
-rw-r--r--lass/1systems/mors/config.nix2
-rw-r--r--lass/1systems/prism/config.nix31
-rw-r--r--lass/1systems/prism/physical.nix10
-rw-r--r--lass/2configs/baseX.nix1
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/gc.nix2
-rw-r--r--lass/2configs/mail.nix2
-rw-r--r--lass/2configs/nfs-dl.nix7
-rw-r--r--lass/2configs/websites/domsen.nix14
-rw-r--r--lass/2configs/websites/lassulus.nix6
-rw-r--r--lass/2configs/websites/sqlBackup.nix4
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/mysql-backup.nix16
-rw-r--r--lass/3modules/xserver/default.nix103
-rw-r--r--lass/3modules/xserver/xserver.conf.nix40
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix7
18 files changed, 95 insertions, 171 deletions
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index 8f748ab8f..a32c3a829 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -1,11 +1,14 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
- file = toString (pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
- sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
- });
+ derivation = ''
+ with import <nixpkgs> {};
+ pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}";
+ sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}";
+ }
+ '';
};
}
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index 305b3f70e..e28fbf2f8 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -6,9 +6,8 @@ with import <stockholm/lib>;
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/games.nix>
- <stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/backup.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
{
# bubsy config
users.users.bubsy = {
@@ -72,6 +71,7 @@ with import <stockholm/lib>;
#remote control
environment.systemPackages = with pkgs; [
x11vnc
+ torbrowser
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 46cdbbb66..b6565dc6a 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -35,6 +35,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/print.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
@@ -147,6 +148,7 @@ with import <stockholm/lib>;
OnCalendar = "00:37";
};
+ nixpkgs.config.android_sdk.accept_license = true;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true;
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 6c454b4ac..df2778bef 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -82,6 +82,13 @@ with import <stockholm/lib>;
];
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
};
+ users.users.kmein = {
+ uid = genid_uint31 "kmein";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.kmein.pubkey
+ ];
+ };
}
{
#hotdog
@@ -309,7 +316,7 @@ with import <stockholm/lib>;
{ precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
- { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; }
+ { v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; }
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
];
services.dnsmasq = {
@@ -390,6 +397,28 @@ with import <stockholm/lib>;
ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
chown download: /var/download/finished
'';
+
+ fileSystems."/export/download" = {
+ device = "/var/lib/containers/yellow/var/download";
+ options = [ "bind" ];
+ };
+ services.nfs.server = {
+ enable = true;
+ exports = ''
+ /export 42::/16(insecure,ro,crossmnt)
+ '';
+ lockdPort = 4001;
+ mountdPort = 4002;
+ statdPort = 4000;
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
+ ];
}
];
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 116bdb92f..a2b5efb29 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -40,6 +40,16 @@
fsType = "zfs";
};
+ fileSystems."/var/lib/nextcloud" = {
+ device = "tank/nextcloud";
+ fsType = "zfs";
+ };
+
+ fileSystems."/var/lib/libvirt" = {
+ device = "tank/libvirt";
+ fsType = "zfs";
+ };
+
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 1b6a1d593..b8a0a9f2a 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -79,7 +79,6 @@ in {
taskwarrior
termite
xclip
- xephyrify
xorg.xbacklight
xorg.xhost
xsel
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 1acfe5056..f487a9910 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -95,6 +95,7 @@ with import <stockholm/lib>;
{ from = "lesswrong@lassul.us"; to = lass.mail; }
{ from = "nordvpn@lassul.us"; to = lass.mail; }
{ from = "csv-direct@lassul.us"; to = lass.mail; }
+ { from = "nintendo@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix
index c5073e384..a1bb26049 100644
--- a/lass/2configs/gc.nix
+++ b/lass/2configs/gc.nix
@@ -3,6 +3,6 @@
with import <stockholm/lib>;
{
nix.gc = {
- automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer);
+ automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer);
};
}
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 21b9d7b49..3c19fe061 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -51,7 +51,7 @@ let
eloop = [ "to:eloop.org" ];
github = [ "to:github@lassul.us" ];
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
- india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ];
+ india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" "to:hackbeach@mail.hackbeach.in" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
lugs = [ "to:lugs@lug-s.org" ];
meetup = [ "to:meetup@lassul.us" ];
diff --git a/lass/2configs/nfs-dl.nix b/lass/2configs/nfs-dl.nix
new file mode 100644
index 000000000..abbcc1d42
--- /dev/null
+++ b/lass/2configs/nfs-dl.nix
@@ -0,0 +1,7 @@
+{
+ fileSystems."/mnt/prism" = {
+ device = "prism.w:/export";
+ fsType = "nfs";
+ };
+}
+
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 25dac0ac4..223fc73ba 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -88,6 +88,20 @@ in {
file_uploads = on
'';
+ services.nextcloud = {
+ enable = true;
+ hostName = "o.xanf.org";
+ config = {
+ adminpassFile = toString <secrets> + "/nextcloud_pw";
+ };
+ #https = true;
+ nginx.enable = true;
+ };
+ services.nginx.virtualHosts."o.xanf.org" = {
+ enableACME = true;
+ forceSSL = true;
+ };
+
# MAIL STUFF
# TODO: make into its own module
services.dovecot2 = {
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 17af0d00d..27cadd100 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -63,6 +63,9 @@ in {
locations."= /retiolum.hosts".extraConfig = ''
alias ${pkgs.retiolum-hosts};
'';
+ locations."= /wireguard-key".extraConfig = ''
+ alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};
+ '';
locations."/tinc".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external;
'';
@@ -98,6 +101,9 @@ in {
locations."/pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
'';
+ locations."/pub1".extraConfig = ''
+ alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
+ '';
};
security.acme.certs."cgit.lassul.us" = {
diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix
index 897e35e61..10a6e4643 100644
--- a/lass/2configs/websites/sqlBackup.nix
+++ b/lass/2configs/websites/sqlBackup.nix
@@ -20,9 +20,7 @@
lass.mysqlBackup = {
enable = true;
- config.all = {
- password = toString (<secrets/mysql_rootPassword>);
- };
+ config.all = {};
};
}
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 2cf6a66b9..613c7c8ac 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -14,6 +14,5 @@ _:
./umts.nix
./usershadow.nix
./xjail.nix
- ./xserver
];
}
diff --git a/lass/3modules/mysql-backup.nix b/lass/3modules/mysql-backup.nix
index d2ae67171..516f96c34 100644
--- a/lass/3modules/mysql-backup.nix
+++ b/lass/3modules/mysql-backup.nix
@@ -41,7 +41,7 @@ let
};
location = mkOption {
type = str;
- default = "/bku/sql_dumps";
+ default = "/backups/sql_dumps";
};
};
}));
@@ -51,11 +51,9 @@ let
imp = {
- #systemd.timers =
- # mapAttrs (_: plan: {
- # wantedBy = [ "timers.target" ];
- # timerConfig = plan.timerConfig;
- #}) cfg.config;
+ services.mysql.ensureUsers = [
+ { ensurePermissions = { "*.*" = "ALL"; }; name = "root"; }
+ ];
systemd.services =
mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" {
@@ -75,8 +73,10 @@ let
start = plan: let
- backupScript = plan: db:
- "mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz";
+ backupScript = plan: db: ''
+ mkdir -p ${plan.location}
+ mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz
+ '';
in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" ''
${concatMapStringsSep "\n" (backupScript plan) plan.databases}
diff --git a/lass/3modules/xserver/default.nix b/lass/3modules/xserver/default.nix
deleted file mode 100644
index cdd80857a..000000000
--- a/lass/3modules/xserver/default.nix
+++ /dev/null
@@ -1,103 +0,0 @@
-{ config, pkgs, ... }@args:
-with import <stockholm/lib>;
-let
-
- out = {
- options.lass.xserver = api;
- config = mkIf cfg.enable imp;
- };
-
- user = config.krebs.build.user;
-
- cfg = config.lass.xserver;
- xcfg = config.services.xserver;
- api = {
- enable = mkEnableOption "lass xserver";
- };
- imp = {
-
- services.xserver = {
- enable = true;
- display = 11;
- tty = 11;
- };
-
- systemd.services.display-manager.enable = false;
-
- systemd.services.xmonad = {
- wantedBy = [ "multi-user.target" ];
- requires = [ "xserver.service" ];
- environment = {
- DISPLAY = ":${toString xcfg.display}";
-
- XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
- ${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
- ${xcfg.displayManager.sessionCommands}
- if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
- exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
- fi
- export DBUS_SESSION_BUS_ADDRESS
- ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
- wait
- '';
-
- XMONAD_DATA_DIR = "/tmp";
- };
- serviceConfig = {
- SyslogIdentifier = "xmonad";
- ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
- ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
- User = user.name;
- WorkingDirectory = user.home;
- };
- };
-
- systemd.services.xserver = {
- after = [
- "systemd-udev-settle.service"
- "local-fs.target"
- "acpid.service"
- ];
- reloadIfChanged = true;
- environment = {
- XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
- XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
- LD_LIBRARY_PATH = concatStringsSep ":" (
- [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
- ++ concatLists (catAttrs "libPath" xcfg.drivers));
- };
- serviceConfig = {
- SyslogIdentifier = "xserver";
- ExecReload = "${pkgs.coreutils}/bin/echo NOP";
- ExecStart = toString [
- "${pkgs.xorg.xorgserver}/bin/X"
- ":${toString xcfg.display}"
- "vt${toString xcfg.tty}"
- "-config ${import ./xserver.conf.nix args}"
- "-logfile /dev/null -logverbose 0 -verbose 3"
- "-nolisten tcp"
- "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
- (optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
- ];
- User = user.name;
- };
- };
- krebs.xresources.resources.dpi = ''
- ${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"}
- '';
- systemd.services.urxvtd = {
- wantedBy = [ "multi-user.target" ];
- reloadIfChanged = true;
- serviceConfig = {
- SyslogIdentifier = "urxvtd";
- ExecReload = "${pkgs.coreutils}/bin/echo NOP";
- ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd";
- Restart = "always";
- RestartSec = "2s";
- StartLimitBurst = 0;
- User = user.name;
- };
- };
- };
-
-in out
diff --git a/lass/3modules/xserver/xserver.conf.nix b/lass/3modules/xserver/xserver.conf.nix
deleted file mode 100644
index 6f34e0150..000000000
--- a/lass/3modules/xserver/xserver.conf.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
- cfg = config.services.xserver;
-in
-
-pkgs.stdenv.mkDerivation {
- name = "xserver.conf";
-
- xfs = optionalString (cfg.useXFS != false)
- ''FontPath "${toString cfg.useXFS}"'';
-
- inherit (cfg) config;
-
- buildCommand =
- ''
- echo 'Section "Files"' >> $out
- echo $xfs >> $out
-
- for i in ${toString config.fonts.fonts}; do
- if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
- for j in $(find $i -name fonts.dir); do
- echo " FontPath \"$(dirname $j)\"" >> $out
- done
- fi
- done
-
- for i in $(find ${toString cfg.modules} -type d); do
- if test $(echo $i/*.so* | wc -w) -ne 0; then
- echo " ModulePath \"$i\"" >> $out
- fi
- done
-
- echo 'EndSection' >> $out
-
- echo "$config" >> $out
- '';
-}
diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index 79e6416e1..483e37bc8 100644
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -11,10 +11,7 @@ pkgs.writeHaskellPackage "xmonad-lass" {
"xmonad-stockholm"
];
text = /* haskell */ ''
-{-# LANGUAGE DeriveDataTypeable #-} -- for XS
-{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
{-# LANGUAGE LambdaCase #-}
-{-# LANGUAGE ScopedTypeVariables #-}
module Main where
@@ -28,7 +25,7 @@ import System.Environment (getArgs, lookupEnv)
import System.Exit (exitFailure)
import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile)
-import XMonad.Actions.CopyWindow (copy, kill1)
+import XMonad.Actions.CopyWindow (copy, copyToAll, kill1)
import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
import XMonad.Actions.DynamicWorkspaces (withWorkspace)
@@ -149,6 +146,8 @@ myKeyMap =
, ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
+ , ("M4-<F2>", windows copyToAll)
+
, ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" ''
export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"